Which of the following OSPF components is associated with the neighbor table?

Adjacency database

Which of the following OSPF components is responsible for computing the cost of each route?
Dijkstra's algorithm

Which of the following OSPF components is associated with the topology table?
Link-State database

Which of the following OSPF components is associated with the routing table?

Forwarding database

What is the correct order in the steps for Link-State operation?

1. Establish Neighbor Adjacencies

2. Exchange Link-State Advertisements
3. Build the Topology Table
4. Execute the SPF Algorithm
5. Choose the Best Route

Which of the following OSPF packets contains an abbreviated list of the LSDB of the sending router?
Type 2: DBD packet

Which of the following OSPF packets is used by routers to announce new information?

Type 4: LSU packet

Which of the following OSPF packets is used by routers to request more information?

Type 3: LSR packet

Which of the following OSPF packets is responsible for establishing and maintaining adjacency with
other OSPF routers?

Type 1: Hello packet

Which of the following OSPF packets is used to confirm receipt of an LSA?

Type 5: LSAck packet
Which of the following is used with the Hello Packet to uniquely identify the originating router?

Router ID

During this OSPF state on multiaccess networks, the routers elect a Designated Router (DR) and a
Backup Designated Router (BDR).

Two-Way State

During this OSPF state, routers send each other DBD packets.
Exchange State

An OSPF router enters this state when it has received a Hello packet from a neighbor, containing the
sending Router ID.
Init State

During this OSPF state on point-to-point networks, the routers decide which router initiates the
exchange of DBD packets.

ExStart State

During this OSPF state, routers have converged link-state databases.

Full State

During this OSPF state, no Hello packets are received.

Down State

During this OSPF state, routes are processed using the SPF algorithm.

Loading State

What is a function of OSPF hello packets?

To discover neighbors and build adjacencies between them

Which OPSF packet contains the different types of link-state advertisements?

LSU
What does an OSPF area contain?

Routers that have the same link-state information in their LSDBs

A router is participating in an OSPFv2 domain. What will always happen if the dead interval expires
before the router receives a hello packet from an adjacent DROTHER OSPF router?

OSPF will remove that neighbor from the router link-state database.

What is a feature of the OSPF routing protocol?

It scales well in both small and large networks.

What is used to create the OSPF neighbor table?

Adjacency database

What is identical on all OSPF routers within a single area?

Link-state database

What function is performed by the OSPF designated router?

Dissemination of LSAs

What are two reasons for creating an OSPF network with multiple areas?
To reduce SPF calculations

To reduce use of memory and processor resources

At which OSPF state are neighbor routers converged and able to exchange routing updates?

Full

The OSPF hello timer has been set to 15 seconds on a router in a point-to-point network. By default,
what is the dead interval on this router?
60 seconds
What happens immediately after two OSPF routers have exchanged hello packets and have formed
a neighbor adjacency?

They exchange abbreviated lists of their LSDBs

Which statement is correct about multiarea OSPF?

Arranging routers into areas partitions a large autonomous system in order to lighten the load on
routers.

True or False? In the router ospf process-id command, the process ID value, which can any
number between 1 and 65,535, is globally significant. It must be the same on all routers in the OSPF
area. False

Which of the following applies to the router ID? (Choose two)

The router id is used to determine the DR

The router id uniquely identifies the router

Which of the following is the order of precedence for choosing the router ID?

Router ID

Highest Ipv4 loopback address

Highest active configured Ipv4 address

Which criterion is preferred by the router to choose a router ID?

The router-id

Which wildcard mask would be used to advertise the 192.168.5.96/27 network as part of an OSPF
configuration?
0.0.0.31
The following three networks are directly connected to an OSPF router; 192.168.0.0/24,
192.168.1.0/24, and 192.168.2.0/24. Which OSPF network command would advertise only the
192.168.1.0 network to neighbors?

Network 192.168.1.0 0.0.0.255 area 0

Which three parameters should match in order for a pair of routers to form an adjacency when
running OSPFv2? (Choose three.)
OSPFv2 type of network

Hello timer

Subnet mask

What are two features of the OSPF routing protocol? (Choose two.)

Calculates its metric using bandwidth

Uses Dijkstra’s algorithm to build the SPF tree

A router with two LAN interfaces, two WAN interfaces, and one configured loopback interface is
operating with OSPF as its routing protocol. What does the router OSPF process use to assign the
router ID?

The loopback interface Ip address

Which verification command would identify the specific interfaces on a router that were configured
with the passive-interface command?

Show ip protocols

Which command, if applied on an OSPF router, would give a Gigabit Ethernet interface a lower cost
than a Fast Ethernet interface?

Auto-cost reference-bandwidth 1000

A network administrator has just changed the router ID on a router that is working in an OSPFv2
environment. What should the administrator do to reset the adjacencies and use the new router ID?

Issue the clear ip ospf process priviledge mode command.

Which command can be used to view the OSPF hello and dead time intervals?

Show ip ospf interface

What does the SPF algorithm consider to be the best path to a network?
The path that includes the fastest cumulative bandwidth links.

What is one use of the router ID in OSPF routing?

The router id can be used to break a tie in the election process.

What is the first criterion used by OPSF routers to elect a DR?

Highest priority

Which command could be used on a router to ensure that an OSPF adjacency is formed with
another router?
Show ip ospf neighbor

A router in an OSPF enterprise network has a default static route that has been configured via the
interface that connects to the ISP. Which command would the network administrator apply on this
router so that other routers in the OSPF network will use this default route?

Default-information originate

Which security term is used to describe anything of value to the organization? It includes people,
equipment, resources, and data.

Asset

Which security term is used to describe a weakness in a system, or its design, that could be
exploited by a threat?

Vulnerability

Which security term is used to describe a potential danger to a company’s assets, data, or network
functionality?
Threat

Which security term is used to describe a mechanism that takes advantage of a vulnerability?

Exploit
Which security term is used to describe the counter-measure for a potential threat or risk?

Mitigation

Which security term is used to describe the likelihood of a threat to exploit the vulnerability of an
asset, with the aim of negatively affecting an organization?
Risk

Which type of hacker is described in the scenario: After hacking into ATM machines remotely using
a laptop, I worked with ATM manufacturers to resolve the security vulnerabilities that I discovered.
Gray Hat

Which type of hacker is described in the scenario: From my laptop, I transferred $10 million to my
bank account using victim account numbers and PINs after viewing recordings of victims entering
the numbers.

Black Hat
Which type of hacker is described in the scenario: My job is to identify weaknesses in my company’s
network .

White Hat
Which type of hacker is described in the scenario: I used malware to compromise several corporate
systems to steal credit card information. I then sold that information to the highest bidder.
Black Hat

Which type of hacker is described in the scenario: During my research for security exploits, I
stumbled across a security vulnerability on a corporate network that I am authorized to access.

White Hat
Which type of hacker is described in the scenario It is my job to work with technology companies to
fix a flaw with DNS.
White Hat

Which penetration testing tool uses algorithm schemes to encode the data, which then prevents
access to the data?
Encryption Tools

Which penetration testing tool is used by black hats to reverse engineer binary files when writing
exploits? They are also used by white hats when analyzing malware.

Debuggers

Which penetration testing tool is used to probe and test a firewall’s robustness?
Packet Crafting Tools

Which penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing
in a computer?

Forensic Tools
Which penetration testing tool identifies whether a remote host is susceptible to a security attack?

Vulnerability Exploitation Tools

Which malware executes arbitrary code and installs copies of itself in the memory of the infected
computer? The main purpose of this malware is to automatically replicate from system to system
across the network.
Worm

Which malware is non-self-replicating type of malware? It often contains malicious code that is
designed to look like something else, such as a legitimate application or file. It attacks the device
from within.

Trojan Horse

Which malware is used to gather information about a user and then, without the user's consent,
sends the information to another entity?

Spyware

Which malware typically displays annoying pop-ups to generate revenue for its author?
Adware

Which malware attempts to convince people to divulge sensitive information?

Phishing
Which malware is installed on a compromised system and provides privileged access to the threat
actor?
Rootkit
Which malware denies access to the infected computer system and demands payment before the
restriction is removed?

Ransomware
What type of attack is tailgating?

Social Engineering
What type of attack is a password attack?

Access
What type of attack is port scanning?

Reconnaissance

What type of attack is man-in-the-middle?

Access

What type of attack is address spoofing?

Access

Which attack is being used when threat actors position themselves between a source and
destination to transparently monitor, capture, and control the communication?

MiTM attack

Which attack is being used when threat actors gain access to the physical network, and then use an
MiTM attack to capture and manipulate a legitimate user’s traffic?

Session Hijacking

Which attack is being used when threat actors initiate a simultaneous, coordinated attack from
multiple source machines?

Amplification and Reflection Attacks

Which attack is being used when threat actors use pings to discover subnets and hosts on a
protected network, to generate flood attacks, and to alter host routing tables?

ICMP attack

Which attack being used is when a threat actor creates packets with false source IP address
information to either hide the identity of the sender, or to pose as another legitimate user?

Address Spoofing Attack

Which attack exploits the three-way handshake?

TCP SYN Flood attack

Which attack uses a four-way exchange to close the connection using a pair of FIN and ACK
segments from each endpoint?

TCP reset attack

Which attack is being used when the threat actor spoofs the IP address of one host, predicts the
next sequence number, and sends an ACK to the other host?

TCP session hijacking

A program sweeps through all the known ports on a server and sends ICMP echo requests to each
closed port. This causes the server to reply with numerous ICMP port unreachable messages.
Which attack is this?

UDP flood attack

Which network security device ensures that internal traffic can go out and come back, but external
traffic cannot initiate connections to inside hosts?

ASA Firewall

Which network security device contains a secure database of who is authorized to access and
manage network devices?

AAA Server

Which network security device filters known and suspicious internet malware sites?

ESA/WSA

Which network security device is used to provide secure services with corporate sites and remote
access support for remote users using secure encrypted tunnels?

VPN
 Which network security device monitors incoming and outgoing traffic looking for malware, network
attack signatures, and if it recognizes a threat, it can immediately stop it?

IPS

Which encryption method repeats an algorithm process three times and is considered very
trustworthy when implemented using very short key lifetimes?

Triple DES

Which encryption method encrypts plaintext one byte or one bit at a time?

Stream Cipher

Which encryption method uses the same key to encrypt and decrypt data?

Symmetric

Which encryption method is a stream cipher and is used to secure web traffic in SSL and TLS?

Rivest Cipher

The IT department is reporting that a company web server is receiving an abnormally high number of
web page requests from different locations simultaneously. Which type of security attack is
occurring?

DDOS

What causes a buffer overflow?

 attempting to write more data to a memory location than that location can
hold

Which objective of secure communications is achieved by encrypting data?

Confidentiality

What type of malware has the primary objective of spreading across the network?

Worm

Which algorithm can ensure data confidentiality?

AES

What three items are components of the CIA triad?

Integrity

Availability

Confidentiality

Which cyber attack involves a coordinated attack from a botnet of zombie computers?

DDos

What specialized network device is responsible for enforcing access control policies between
networks?

Firewall

To which category of security attacks does man-in-the-middle belong?

Access

What is the role of an IPS?

To detect pattern of malicious by the use of signature files

Which type of DNS attack involves the cybercriminal compromising a parent domain and creating
multiple subdomains to be used during the attacks?

Shadowing

Which two types of hackers are typically classified as grey hat hackers?

Hackavists

Vulnerability brokers

What is a significant characteristic of virus malware?

A virus is triggered by an event on the host system

A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is
no scheduled cleaning for that day. What type of attack was just prevented?
Social Engineering

Which statement about the operation of a standard ACL is incorrect?

If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit
permit ACE automatically applied to all ACLs.
Which wildcard mask would permit only host 10.10.10.1?
0.0.0.0

Which wildcard mask would permit only hosts from the 10.10.0.0/16 network?
0.0.255.255

Which wildcard mask would permit all hosts?

255.255.255.255

Which wildcard mask would permit all hosts from the 192.168.10.0/24 network?
0.0.0.255

What are the permit or deny statements in an ACL called?

Access control entries

Which packet filtering statement is true?

Standard ACLs filter at Layer 3 only

Which statement about the operation of a standard ACL is incorrect?

If there are no matching ACEs in the ACL, the packet is forward because there is an implicit
permit ACE automatically applied to all ACLs.

How many total ACLs (both IPv4 and IPv6) can be configured on an interface?
4
Which of the following is an ACL best practice?

Write the ACL before configuring it on a router.

ACLs number 1 to 99, or 1300 to 1999 are standard ACLs while ACLs number 100 to 199, or 2000
to 2699 are extended ACLs.

Which ACL is capable of filtering based on TCP port number?

Extended ACL

Which statement about ACLs is true?

Name ACL can be standard or extended

Where should a standard ACL be placed?

Standard ACLs should be placed as close to the destination as possible.

Where should an extended ACL be placed?

Extended ACLs should be located as close to the source as possible.
Which two conditions would cause a router to drop a packet? (Choose two.)
The packet source address does not match the source as permitted in a standard inbound
ACE.

No routing table entry exists for the packet destination, but the packet matches a permitted
address in an outbound ACL.

A network administrator configures an ACL with the command R1(config)# access-list 1 permit
172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.)

172.16.0.255
172.16.15.36

Which two statements describe appropriate general guidelines for configuring and applying ACLs?
(Choose two.)

If an ACL contains no permit statements, all traffic is denied by default.

The most specific ACL statements should be entered first because of the top-down
sequential nature of ACLs.

What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
access-list 10 permit 192.168.16.0 0.0.3.255

Which three statements describe ACL processing of packets? (Choose three.)

An implicit deny any rejects any packet that does not match any ACE.
A packet can either be rejected or forwarded as directed by the ACE that is matched.
Each statement is checked only until a match is detected or until the end of the ACE list.

A network administrator is configuring an ACL to restrict access to certain servers in the data
center. The intent is to apply the ACL to the interface connected to the data center LAN. What
happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the
outbound direction?
The ACL does not perform as designed

Which scenario would cause an ACL misconfiguration and deny all traffic?
Apply an ACL that has all deny ACE statements.

In applying an ACL to a router interface, which traffic is designated as outbound?

Traffic that is leaving the router and going toward the destination host

When creating an ACL, which keyword should be used to document and interpret the purpose of
the ACL statement on a Cisco device?
Remark

Which location is recommended for extended numbered or extended named ACLs?

A location as close to the source of traffic as possible
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a
wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.120.167.255

A college student is studying for the Cisco CCENT certification and is visualizing extended access
lists. Which three keywords could immediately follow the keywords permit or deny as part of an
extended access list? (Choose three.)
Tcp
Udp
Icmp

If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to
best practice?
Permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap

Which operator is used in an ACL statement to match packets of a specific application?

eq

The computers used by the network administrators for a school are on the 10.7.0.0/27 network.
Which two commands are needed at a minimum to apply an ACL that will ensure that only devices
that are used by the network administrators will be allowed Telnet access to the routers? (Choose
two.)
Access-class 5 in
Access-list 5 permit 10.7.0.0 0.0.0.31

Consider the configured access list.

R1# show access-lists

extended IP access list 100
deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet
deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet
permit ip any any (15 matches)

What are two characteristics of this access list? (Choose two.)

The access-list has been applied to an interface

Any device of the 10.1.1.0/24 network(except the 10.1.1.2 device) can telnet to the router that
has the IP address 10.1.1.1 assigned.

Which command will verify the number of packets that are permitted or denied by an ACL that
restricts SSH access?
Show access-lists
Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300
and destined to host 192.168.30.10?
Access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www

When configuring router security, which statement describes the most effective way to use ACLs to
control Telnet traffic that is destined to the router itself?
The ACL should be applied to all vty lines in the in direction to prevent an unwanted user
from connecting to an unsecured port.

What packets would match the access control list statement that is shown below?
access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22

SSH traffic from the 172.16.0.0 network to any destination network

Consider the access list command applied outbound on a router serial interface.

access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply

What is the effect of applying this access list command?

No traffic will be allowed outbound on the serial interface

Consider the following output for an ACL that has been applied to a router via the access-class
in command. What can a network administrator determine from the output that is shown?

R1# <output omitted>

Standard IP access list 2
10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (1 match)

Two devices were able to use SSH or Telnet to gain access to the router.

Which two commands will configure a standard ACL? (Choose two.)

Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0

Router(config)# access-list 35 permit host 172.31.22.7

To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an
outside interface?

Echo reply
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the
192.168.0.0/16 network? (Choose two.)

Access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255

Access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255

An administrator has configured an access list on R1 to allow SSH administrative access from host
172.16.1.100. Which command correctly applies the ACL?

R1(config-line)#access-class 1 in

True or False? A side effect of NAT is that it hides the inside local IP address of a host from the
outside network.

True

True or False? With NAT overload, each inside local IP address is translated to a unique inside
global IP address on a one-for-one basis.

False

True or False? The use of NAT makes end-to-end traceability between source and destination
easier.

False

True or False? Tunneling protocols such as IPsec do not work well through NAT.

True

Which two statements accurately describe an advantage or a disadvantage when deploying NAT for
IPv4 in a network? (Choose two.)

NAT provides a solution to slow down the IPv4 address depletion.

NAT introduces problems for some applications that require end-to-end connectivity.
A network administrator wants to examine the active NAT translations on a border router. Which
command would perform the task?
Router# show ip nat translations

What are two tasks to perform when configuring static NAT? (Choose two.)
Create a mapping between the inside local and outside local addresses.

Identify the participating interfaces as inside or outside interfaces.

What is a disadvantage of NAT?
There is no end-to-end addressing

What is one advantage of using NAT at the edge of the network?

Changing ISPs is simpler because the devices on the inside network do not have to be
configured with new addresses when the outside address changes.

Which two statements accurately describe an advantage or a disadvantage when deploying NAT for
IPv4 in a network? (Choose two.)
NAT provides a solution to slow down the IPV4 address depletion

NAT introduces problems for some applications that require end-to-end connectivity.

What are two tasks to perform when configuring static NAT? (Choose two.)
Create a mapping between the inside local and outside local addresses.

Identify the participating interfaces as inside or outside interfaces.

What is one advantage of using NAT at the edge of the network?
Changing ISPs is simpler because the devices on the inside network do not have to be
configured with new addresses when the outside address changes.

What benefit does NAT64 provide?

It allows sites to connect IPv6 hosts to an IPv4 network by translating the IPv6 addresses to
IPv4 addresses.

What address translation is performed by static NAT?

An inside local address is translated to a specified inside global address.

Using NAT terminology, what is the address of the source host on a private network as seen from
inside the network?
Inside local

Which statement accurately describes dynamic NAT?

It provides an automated mapping of inside local to inside global IP addresses.
Why is NAT not needed in IPv6?

Any host or user can get a public IPv6 network address because the number of available IPv6
addresses is extremely large.

A company designs its network so that the PCs in the internal network are assigned IP addresses
from DHCP servers, and the packets that are sent to the Internet are translated through a NAT-
enabled router. What type of NAT enables the router to populate the translation table from a pool of
unique public addresses, as the PCs send packets through the router to the Internet?

Dynamic NAT

What is a security feature of using NAT on a network?

Allows internal IP addresses to be concealed from external users

When dynamic NAT without overloading is being used, what happens if seven users attempt to
access a public server on the Internet when only six addresses are available in the NAT pool?

The request to the server for the seventh user fails

A company has been assigned the 203.0.113.0/27 block of IP addresses by the ISP. The company
has over 6000 internal devices. What type of NAT would be most appropriate for the employee
workstations of the company?

Dynamic NAT overload using the pool of addresses

Which version of NAT allows many hosts inside a private network to simultaneously use a single
inside global address for connecting to the Internet?

PAT
Which two options describe a WAN? (Choose two.)

A WAN provides networking services over large geographical areas

WAN services are provided for a fee.

Which topology type describes the virtual connection between source to destination?

Logical topology
Which type of WAN network design is the most fault-tolerant?

Fully meshed topology

Which is a type of WAN carrier connection that provides redundancy?

Dual-carrier WAN connection

Which two statements about the WAN OSI Layer 1 are true? (Choose two.)

It describes the electrical, mechanical, and operational components needed to transmit bits.

It includes protocols such as SDH, SONET, and DWDM.

Which WAN term defines the point where the subscriber connects to the service providers network.

Point-of-Presence(POP)
Which two devices operate in a similar manner to the voiceband modem but use higher broadband
frequencies and transmission speeds. (Choose two.)

Cable Modem

DSL Modem
Which communication method is used in all WAN connections?

Serial
Which two WAN connectivity options are circuit-switched technologies? (Choose two.)

ISDN

PSTN
Which two WAN connectivity options are packet-switched technologies? (Choose two.)

Ethernet WAN

Frame Relay
Which service provider fiber-optic technology increases the data-carrying capacity using different
wavelengths?

DWDM
Which traditional WAN connectivity option uses T-Carrier or E-Carrier lines?

Leased lines
Which two traditional WAN connectivity options are circuit-switched? (Choose two.)
ISDN
PSTN
Which two traditional WAN connectivity options are packet-switched? (Choose two.)

ATM
Frame Relay

Which WAN connectivity option is based on Ethernet LAN technology?

Metro Ethernet
Which is a service provider WAN solution that uses labels to direct the flow of packets through the
provider network?
MPLS
A company is expanding its business to other countries. All branch offices must remain connected to
corporate headquarters at all times. Which network technology is required to support this scenario?

WAN
What is the recommended technology to use over a public WAN infrastructure when a branch office
is connected to the corporate site?
VPN

Which medium do service providers use to transmit data over WAN connections with SONET, SDH,
and DWDM?

Fiber optic
Which statement describes a characteristic of a WAN?

WAN networks are owned by service providers

Which type of network would be used by a company to connect locations across the country?
WAN
A small company with 10 employees uses a single LAN to share information between computers.
Which type of connection to the Internet would be appropriate for this company?

A broadband service, such as DSL, through their local service provider

To which two layers of the OSI model do WAN technologies provide services? (Choose two.)

Physical layer

Data link layer

A customer needs a metropolitan area WAN connection that provides high-speed, dedicated
bandwidth between two sites. Which type of WAN connection would best fulfill this need?

Ethernet WAN

An intercity bus company wants to offer constant Internet connectivity to the users traveling on the
buses. Which two types of WAN infrastructure would meet the requirements? (Choose two.)
Public infrastructure

Cellular
An enterprise has four branches. The headquarters needs full connectivity to all branches. The
branches do not need to be connected directly to each other. Which WAN topology is most suitable?
Hub and spoke

What is a characteristic of a WAN?

WAN service providers include carries such as a telephone network or satellite service.

What are two common types of circuit-switched WAN technologies? (Choose two.)

PSTN
ISDN

A new corporation needs a data network that must meet certain requirements. The network must
provide a low cost connection to sales people dispersed over a large geographical area. Which two
types of WAN infrastructure would meet the requirements? (Choose two.)
Public infrastructure

Internet
Which VPN benefit allows an enterprise to easily add more users to the network?

Scalability

Which VPN benefit allows an enterprise to increase the bandwidth for remote sites without
necessarily adding more equipment or WAN links?
Cost Savings

Which VPN benefit uses advanced encryption and authentication protocols to protect data from
unauthorized access?

Security
Which type of VPN is used to connect a mobile user?

Remote-access
Which VPN solutions are typically managed by an enterprise? (Choose three)

IPsec
SSL
DMVPN
What type of VPN can be established with a web browser using HTTPS?
Clientless VPN

Which feature describes SSL VPNs?

Only requires a web browser on a host

What type of protocol is GRE?

Carrier protocol
What type of VPN enables an enterprise to rapidly scale secure access across the organization?

DMVPN
What type of VPN enables an enterprise to emulate an Ethernet multiaccess LAN with remote sites?

MPLS VPN

IPsec can protect traffic in which OSI Layers? (Choose four.)

Layer 4
Layer 5

Layer 6
Layer 7
Which IPsec function uses pre-shared passwords, digital certificates, or RSA certificates?
Authentication
True or False: The IPsec framework must be updated each time a new standard is developed.

False
Which choices are available for the IPsec Protocol function in the IPsec framework? (Choose two.)

AH

ESP
Which choices are available for the Confidentiality function in the IPsec framework? (Choose three.)

3DES
AES

SEAL
Which choices are available for the Integrity function in the IPsec framework? (Choose two.)

MD5
SHA
Which choices are available for the Authentication function in the IPsec framework? (Choose two.)
PSK
RSA

Which Diffie-Hellman group choices are no longer recommended?

DH groups 1,2, and 5

Which two statements describe a remote access VPN? (Choose two.)

It is used to connect individual hosts securely to a company network over the Internet.
It may require VPN client software on hosts.

The use of 3DES within the IPsec framework is an example of which of the five IPsec building
blocks?
Confidentiality
Which type of VPN may require the Cisco VPN Client software?

Remote access VPN

Which technique is necessary to ensure a private transfer of data using a VPN?

Encryption

What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.)

Spoke-to-spoke
Hub-to-spoke

What are two reasons a company would use a VPN? (Choose two.)
To connect remote users to the network

To allow suppliers to access the network

True or False?
All VPNs securely transmit clear text across the Internet.

False
Which solution allows workers to telecommute effectively and securely?

Remote-access VPN
Which VPN type is a service provider managed VPN?

Layer 3 MPLS VPN

Which IPsec framework protocol provides data integrity and data authentication, but does not
provide data confidentiality?

AH

What algorithm is used to provide data integrity of a message through the use of a calculated hash
value?
HMAC
Which statement describes the effect of key length in deterring an attacker from hacking through an
encryption key?

The longer the key, the more key possibilities exist.

What is a type of VPN that is generally transparent to the end user?

Site-to-site
CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Search the site 

Menu 

CCNA 3 v7 Modules 1 – 2: OSPF Concepts

and Configuration Exam Answers
 Dec 22, 2019 |
 Last Updated on Sep 23, 2020 |

 CCNA v7 Course #3 |
 45 Comments

 Share  Tweet  Share  Pin it

How to find: Press “Ctrl + F” in the browser and fill in

whatever wording is in the question to find that
question/answer.
CCNA v7.0 Exam Answers

NOTE: If you have the new question on this test, please CCNA 1 – v7 CCNA 2 – v7

comment Question and Multiple-Choice list in form

CCNA 3 – v7
below this article. We will update answers for you in the
shortest time. Thank you! We truly value your 
contribution to the website. Modules 1 – 3: Basic

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Network Connectivity and

Communications Exam
Enterprise Networking, Security, and Automation ( Answers
Version 7.00) – Modules 1 – 2: OSPF Concepts and Modules 4 – 7: Ethernet
Configuration Exam Concepts Exam Answers

1. What is a function of OSPF hello packets? Modules 8 – 10:

to send specifically requested link-state records Communicating Between

to discover neighbors and build adjacencies between Networks Exam Answers

them Modules 11 – 13: IP

to ensure database synchronization between routers Addressing Exam Answers
to request specific link-state records from neighbor routers
Modules 14 – 15: Network
2. Which OPSF packet contains the different types of link-
Application Communications
state advertisements?
Exam Answers
hello
DBD Modules 16 – 17: Building
LSR and Securing a Small
LSU Network Exam Answers
LSAck
[PT Skills] Practice PT
3. Which three statements describe features of the OSPF Skills Assessment (PTSA)
topology table? (Choose three.)
[Hands on Skills] CCNAv7
It is a link-state database that represents the network
ITN Skills Assessment
topology.
Its contents are the result of running the SPF algorithm. ITNv7 Practice Final Exam
When converged, all routers in an area have identical
topology tables. CCNA 1 v7 FINAL Exam
The topology table contains feasible successor routes. Answers
The table can be viewed via the show ip ospf database
command.
After convergence, the table only contains the lowest cost
route entries for all known networks.
4. What does an OSPF area contain? Share your Buy me a
routers that share the same router ID Donate
routers whose SPF trees are identical
routers that have the same link-state information in their
LSDBs
routers that share the same process ID Recent Comments
5. What is used to facilitate hierarchical routing in OSPF? RAHMA on CCIE/CCNP 350-401
the use of multiple areas ENCOR Dumps Full Questions with

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

frequent SPF calculations VCE & PDF

autosummarization Kitty on CCIE/CCNP 350-401
the election of designated routers ENCOR Dumps Full Questions with
VCE & PDF
Joe Boy on CCNA 2 v7.0 Final
Explanation: OSPF supports the concept of areas to Exam Answers Full – Switching,
prevent larger routing tables, excessive SPF calculations, Routing and Wireless Essentials
and large LSDBs. Only routers within an area share link- Trevor Kretzmann on CCNA 200-
state information. This allows OSPF to scale in a hierarchical 301 Dumps Full Questions – Exam
fashion with all areas that connect to a backbone area. Study Guide & Free
NT10 on CCNA 200-301 Dumps
Full Questions – Exam Study Guide
6. Which OSPF data structure is identical on all OSPF routers
& Free
that share the same area?
forwarding database
[Cert] CCNA 200-301 Exam
link-state database
adjacency database
routing table

Explanation: Regardless of which OSPF area a router

resides in, the adjacency database, routing table, and
forwarding database are unique for each router. The link-
state database lists information about all other routers within
an area and is identical across all OSPF routers participating
in that area.

7. Which step does an OSPF-enabled router take

immediately after establishing an adjacency with another
router?
builds the topology table
exchanges link-state advertisements
chooses the best path
executes the SPF algorithm

Explanation: The OSPF operation steps are as follows:

1. Establish neighbor adjacencies
2. Exchange link-state advertisements
3. Build the topology table
4. Execute the SPF algorithm
5. Choose the best route

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

8. A network engineer has manually configured the hello

interval to 15 seconds on an interface of a router that is
running OSPFv2. By default, how will the dead interval on
the interface be affected?
The dead interval will not change from the default value.
The dead interval will now be 30 seconds.
The dead interval will now be 60 seconds.
The dead interval will now be 15 seconds.

Explanation: Cisco IOS automatically modifies the dead

interval to four times the hello interval.

9. Refer to the exhibit. A network administrator has

configured the OSPF timers to the values that are shown in
the graphic. What is the result of having those manually
configured timers?

R1 automatically adjusts its own timers to match the R2

timers.
The R1 dead timer expires between hello packets from
R2.
The hello timer on R2 expires every ten seconds.
The neighbor adjacency has formed.

Explanation: The dead timer (20 seconds) on R1 expires

before the next hello packet from R2 (25 seconds).

10. To establish a neighbor adjacency two OSPF routers will

exchange hello packets. Which two values in the hello
packets must match on both routers? (Choose two.)
dead interval
router priority
list of neighbors

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

router ID
hello interval

Explanation: The hello and dead interval timers contained

in a hello packet must be the same on neighboring routers in
order to form an adjacency.

11. What is the default router priority value for all Cisco
OSPF routers?
0
1
10
255

Explanation: The router priority value is used in a DR/BDR

election. The default priority for all OSPF routers is 1 but it
can be manually altered to any value 0 to 255.

12. Which type of OSPFv2 packet contains an abbreviated

list of the LSDB of a sending router and is used by receiving
routers to check against the local LSDB?
database description
link-state update
link-state request
link-state acknowledgment

Explanation: The database description (DBD) packet

contains an abbreviated list of the LSDB sent by a
neighboring router and is used by receiving routers to check
against the local LSDB.

13. In an OSPF network when are DR and BDR elections

required?
when the two adjacent neighbors are interconnected over a
point-to-point link
when all the routers in an OSPF area cannot form
adjacencies
when the routers are interconnected over a common

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Ethernet network
when the two adjacent neighbors are in two different
networks

Explanation: When the routers are interconnected over a

common Ethernet network, then a designated router (DR)
and a backup DR (BDR) must be elected.

14. When an OSPF network is converged and no network

topology change has been detected by a router, how often
will LSU packets be sent to neighboring routers?
every 5 minutes
every 10 minutes
every 30 minutes
every 60 minutes

Explanation: After all LSRs have been satisfied for a given

router, the adjacent routers are considered synchronized
and in a full state. Updates (LSUs) are sent to neighbors
only under the following conditions:
when a network topology change is detected
(incremental updates)
every 30 minutes

15. What will an OSPF router prefer to use first as a router

ID?
a loopback interface that is configured with the highest IP
address on the router
any IP address that is configured using the router-id
command
the highest active interface IP that is configured on the router
the highest active interface that participates in the routing
process because of a specifically configured network statement

Explanation: The first preference for an OSPF router ID is

an explicitly configured 32-bit address. This address is not
included in the routing table and is not defined by the
network command. If a router ID that is configured through
the router-id command is not available, OSPF routers next

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

use the highest IP address available on a loopback interface,

as loopbacks used as router IDs are also not routable
addresses. Lacking either of these alternatives, an OSPF
router will use the highest IP address from its active physical
interfaces.

16. What are the two purposes of an OSPF router ID?

(Choose two.)
to uniquely identify the router within the OSPF domain
to facilitate router participation in the election of the
designated router
to enable the SPF algorithm to determine the lowest cost
path to remote networks
to facilitate the establishment of network convergence
to facilitate the transition of the OSPF neighbor state to Full

Explanation: OSPF router ID does not contribute to SPF

algorithm calculations, nor does it facilitate the transition of
the OSPF neighbor state to Full. Although the router ID is
contained within OSPF messages when router adjacencies
are being established, it has no bearing on the actual
convergence process.

17. Refer to the exhibit. If no router ID was manually

configured, what would router Branch1 use as its OSPF
router ID?

10.0.0.1
10.1.0.1

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

192.168.1.100
209.165.201.1

Explanation: In OSPFv2, a Cisco router uses a three-tier

method to derive its router ID. The first choice is the
manually configured router ID with the router-id command.
If the router ID is not manually configured, the router will
choose the highest IPv4 address of the configured loopback
interfaces. Finally if no loopback interfaces are configured,
the router chooses the highest active IPv4 address of its
physical interfaces.

18. A network technician issues the following commands

when configuring a router:

R1(config)# router ospf 11

R1(config-router)# network 10.10.10.0
0.0.0.255 area 0

What does the number 11 represent?

the OSPF process ID on R1
the cost of the link to R1
the autonomous system number to which R1 belongs
the administrative distance that is manually assigned to R1
the area number where R1 is located

Explanation: There is no autonomous system number to

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

configure on OSPF. The area number is located at the end

of the network statement. The cost of a link can be modified
in the interface configuration mode. The process ID is local
to the router.

19. An OSPF router has three directly connected networks;

172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF
network command would advertise only the 172.16.1.0
network to neighbors?
router(config-router)# network 172.16.1.0 0.0.255.255 area 0
router(config-router)# network 172.16.0.0 0.0.15.255 area 0
router(config-router)# network 172.16.1.0 255.255.255.0
area 0
router(config-router)# network 172.16.1.0 0.0.0.0 area 0

Explanation: To advertise only the 172.16.1.0/16 network

the wildcard mask used in the network command must
match the first 16-bits exactly. To match bits exactly, a
wildcard mask uses a binary zero. This means that the first
16-bits of the wildcard mask must be zero. The low order 16-
bits can all be set to 1.

20. Refer to the exhibit. Which three statements describe the

results of the OSPF election process of the topology that is
shown in the exhibit? (Choose three.)

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

R3 will be elected BDR.

The R4 FastEthernet 0/0 priority is 128.
The R4 router ID is 172.16.1.1.
R1 will be elected BDR.
The router ID on R2 is the loopback interface.
R2 will be elected DR.

Explanation: R2 will be elected DR because it has the

highest priority of 255, all of the others have a priority of 1.
R3 will be elected BDR because it has the numerically
highest router-ID of 192.168.1.4. The R4 router-ID is
172.16.1.1 because it is the IPv4 address attached to the
loopback 0 interface.

21. Refer to the exhibit. If the switch reboots and all routers
have to re-establish OSPF adjacencies, which routers will
become the new DR and BDR?

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Router R4 will become the DR and router R1 will become

the BDR.
Router R2 will become the DR and router R3 will become the
BDR.
Router R1 will become the DR and router R2 will become the
BDR.
Router R4 will become the DR and router R3 will become the
BDR.

Explanation: OSPF elections of a DR are based on the

following in order of precedence:
highest pritority from 1 -255 (0 = never a DR)
highest router ID
highest IP address of a loopback or active interface in
the absence of a manually configured router ID. Loopback
IP addresses take higher precedence than other
interfaces.
In this case routers R4 and R1 have the highest router
priority. Between the two, R3 has the higher router ID.
Therefore, R4 will become the DR and R1 will become the
BDR.

22. By default, what is the OSPF cost for any link with a
bandwidth of 100 Mb/s or greater?
100000000

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

10000
1
100

Explanation: OSPF uses the formula: Cost = 100,000,000 /

bandwidth. Because OSPF will only use integers as cost,
any bandwidth of 100 Mb/s or greater will all equal a cost of
1.

23. Refer to the exhibit. What is the OSPF cost to reach the
router A LAN 172.16.1.0/24 from B?

782
74
128
65

Explanation: The formula used to calculate the OSPF cost

is as follows:
Cost = reference bandwidth / interface bandwidth
The default reference bandwidth is 10^8 (100,000,000);
therefore, the formula is
Cost = 100,000,000 bps / interface bandwidth in bps
Thus the cost to reach the A LAN 172.16.1.0/24 from B is as
follows:

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Serial link (1544 Kbps) from B to A cost => 100,000,000 /

1,544,000 = 64
Gigabit Ethernet link on A cost => 100,000,000 /
1,000,000,000 = 1
Total cost to reach 172.16.1.0/24 = 64 + 1 = 65

24. Refer to the exhibit. On which router or routers would a

default route be statically configured in a corporate
environment that uses single area OSPF as the routing
protocol?

R0-A
ISP, R0-A, R0-B, and R0-C
ISP
R0-B and R0-C
ISP and R0-A
R0-A, R0-B, and R0-C

Explanation: The default route is applied to the router that

connects to the Internet, or R0-A. R0-A then distributes that
default route using the OSPF routing protocol.

25. What command would be used to determine if a routing

protocol-initiated relationship had been made with an
adjacent router?
ping
show ip ospf neighbor

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

show ip interface brief

show ip protocols

Explanation: While the show ip interface brief and ping

commands can be used to determine if Layer 1, 2, and 3
connectivity exists, neither command can be used to
determine if a particular OSPF or EIGRP-initiated
relationship has been made. The show ip protocols
command is useful in determining the routing parameters
such as timers, router ID, and metric information associated
with a specific routing protocol. The show ip ospf neighbor
command shows if two adjacent routers have exchanged
OSPF messages in order to form a neighbor relationship.

26. Refer to the exhibit. Which command did an

administrator issue to produce this output?

R1# show ip ospf interface serial0/0/1

R1# show ip route ospf
R1# show ip ospf
R1# show ip ospf neighbor
27. Which command is used to verify that OSPF is enabled
and also provides a list of the networks that are being
advertised by the network?​
show ip interface brief
show ip ospf interface
show ip protocols

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

show ip route ospf

Explanation: The command show ip ospf interface verifies

the active OSPF interfaces. The command show ip
interface brief is used to check that the interfaces are
operational. The command show ip route ospf displays the
entries that are learned via OSPF in the routing table. The
command show ip protocols checks that OSPF is enabled
and lists the networks that are advertised.

28. Refer to the exhibit. A network administrator has

configured OSPFv2 on the two Cisco routers but PC1 is
unable to connect to PC2. What is the most likely problem?

Interface Fa0/0 has not been activated for OSPFv2 on

router R2.
Interface Fa0/0 is configured as a passive-interface on router
R2.
Interface S0/0 is configured as a passive-interface on router
R2.
Interface s0/0 has not been activated for OSPFv2 on router
R2.

Explanation: If a LAN network is not advertised using

OSPFv2, a remote network will not be reachable. The output

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

displays a successful neighbor adjacency between router R1

and R2 on the interface S0/0 of both routers.

29. What is the recommended Cisco best practice for

configuring an OSPF-enabled router so that each router can
be easily identified when troubleshooting routing issues?
Configure a value using the router-id command.
Use the highest active interface IP address that is configured
on the router.
Use a loopback interface configured with the highest IP
address on the router.
Use the highest IP address assigned to an active interface
participating in the routing process.

Explanation: A Cisco router is assigned a router ID to

uniquely identify it. It can be automatically assigned and take
the value of the highest configured IP address on any
interface, the value of a specifically-configured loopback
address, or the value assigned (which is in the exact form of
an IP address) using the router-id command. Cisco
recommends using the router-id command.

30. Which step in the link-state routing process is described

by a router running an algorithm to determine the best path
to each destination?
load balancing equal-cost paths
declaring a neighbor to be inaccessible
choosing the best route
executing the SPF algorithm
31. An administrator is configuring single-area OSPF on a
router. One of the networks that must be advertised is
192.168.223.0 255.255.254.0. What wildcard mask would the
administrator use in the OSPF network statement?
0.0.1.255
0.0.7.255
0.0.15.255
0.0.31.255
32. What is the format of the router ID on an OSPF-enabled
router?

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

a unique router host name that is configured on the router

a unique phrase with no more than 16 characters
a 32-bit number formatted like an IPv4 address
an 8-bit number with a decimal value between 0 and 255
a character string with no space

Explanation: A router ID is a 32-bit number formatted like

an IPv4 address and assigned in order to uniquely identify a
router among OSPF peers.

33. Question as presented:

DUAL is the algorithm used by EIGRP. In multiarea OSPF, OSPF
is implemented using multiple areas, and all of them must be
connected to the backbone area.
34. After modifying the router ID on an OSPF router, what is
the preferred method to make the new router ID effective?
HQ# copy running-config startup-config
HQ# resume
HQ# clear ip route *
HQ# clear ip ospf process

Explanation: To modify a router-id on an OSPF-enabled

router, it is necessary to reset the OSPF routing process by
entering either the clear ip ospf process command or the
reload command.

35. In an OSPFv2 configuration, what is the effect of entering

the command network 192.168.1.1 0.0.0.0 area 0?
It allows all 192.168.1.0 networks to be advertised.
It tells the router which interface to turn on for the OSPF
routing process.
It changes the router ID of the router to 192.168.1.1.
It enables OSPF on all interfaces on the router.

Explanation: Entering the command network 192.168.1.1

0.0.0.0 area 0 will turn on only the interface with that IP
address for OSPF routing. It does not change the router ID.
Instead, OSPF will use the network that is configured on that
interface.

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

36. What is the reason for a network engineer to alter the

default reference bandwidth parameter when configuring
OSPF?
to force that specific link to be used in the destination route
to more accurately reflect the cost of links greater than
100 Mb/s
to enable the link for OSPF routing
to increase the speed of the link

Explanation: By default, Fast Ethernet, Gigabit, and 10

Gigabit Ethernet interfaces all have a cost of 1. Altering the
default reference bandwidth alters the cost calculation,
allowing each speed to be more accurately reflected in the
cost.

37. Open the PT Activity. Perform the tasks in the activity

instructions and then answer the question.

Which task has to be performed on Router 1 for it to

establish an OSPF adjacency with Router 2?
Issue the clear ip ospf process command.
Change the subnet mask of interface FastEthernet 0/0 to
255.255.255.0.
Remove the passive interface command from interface
FastEthernet 0/0.
Add the network 10.0.1.0 0.0.0.255 area 0 command to the
OSPF process.

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

This content is locked!

Please support us, use one of the buttons below to unlock the
content.

Explanation: Each interface on the link connecting the

OSPF routers must be in the same subnet for an adjacency
to be established. The IP address subnet mask on
FastEthernet interface 0/0 must be changed to
255.255.255.0. The FastEthernet interface 0/0 is not
passive. The 10.0.1.0/24 network is only connected to
Router2 so should not be advertised by Router1. The clear
ip ospf process command will start the OPSF process on
Router1 but will not cause an adjacency to be established if
the subnet mask mismatch on the connecting interfaces still
exists.

38. Match the description to the term. (Not all options are
used.)

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

39. What is a benefit of multiarea OSPF routing?

Topology changes in one area do not cause SPF
recalculations in other areas.
Routers in all areas share the same link-state database and
have a complete picture of the entire network.
A backbone area is not required.
Automatic route summarization occurs by default between
areas.

Explanation: With multiarea OSPF, only routers within an

area share the same link-state database. Changes to the
network topology in one area do not impact other areas,
which reduces the number of SPF algorithm calculations and
the of link-state databases.

40. Match the OSPF state with the order in which it occurs.
(Not all options are used.)

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

41. What indicates to a link-state router that a neighbor is

unreachable?
if the router no longer receives hello packets
if the router receives an update with a hop count of 16
if the router receives an LSP with previously learned
information
if the router no longer receives routing updates

Explanation: OSPF routers send hello packets to monitor

the state of a neighbor. When a router stops receiving hello
packets from a neighbor, that neighbor is considered
unreachable and the adjacency is broken.

42. Which three OSPF states are involved when two routers
are forming an adjacency? (Choose three.)
Exchange
Init
ExStart
Two-way
Loading
Down

Explanation: OSPF operation progresses through 7 states

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

for establishing neighboring router adjacency, exchanging

routing information, calculating the best routes, and reaching
convergence. The Down, Init, and Two-way states are
involved in the phase of neighboring router adjacency
establishment.

43. Refer to the exhibit. Suppose that routers B, C, and D

have a default priority, and router A has a priority 0. Which
conclusion can be drawn from the DR/BDR election
process?​

CCNA 3 v7 Modules 1 – 2: OSPF Concepts and Configuration

Exam

If the priority of router C is changed to 255, then it will

become the DR.
Router A will become the DR and router D will become the
BDR.​
If the DR fails, the new DR will be router B.
If a new router with a higher priority is added to this network,
it will become the DR.

Explanation: If the priority is set to 0, the router is not

capable of becoming the DR, so router A cannot be the DR.
OSPF DR and BDR elections are not preemptive. If a new
router with a higher priority or higher router ID is added to
the network after the DR and BDR election, the newly added
router does not take over the DR or the BDR role.​

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

44. An administrator is configuring single-area OSPF on a

router. One of the networks that must be advertised is
64.102.0.0 255.255.255.128. What wildcard mask would the
administrator use in the OSPF network statement?
0.0.31.255
0.0.0.63
0.0.63.255
0.0.0.127
45. Which command will a network engineer issue to verify
the configured hello and dead timer intervals on a point-to-
point WAN link between two routers that are running
OSPFv2?
show ipv6 ospf interface serial 0/0/0
show ip ospf neighbor
show ip ospf interface fastethernet 0/1
show ip ospf interface serial 0/0/0

The show ip ospf interface serial 0/0/0 command will display

the configured hello and dead timer intervals on a point-to-
point serial WAN link between two OSPFv2 routers. The
show ipv6 ospf interface serial 0/0/0 command will display
the configured hello and dead timer intervals on a point-to-
point serial link between two OSPFv3 routers. The show ip
ospf interface fastethernet 0/1 command will display the
configured hello and dead timer intervals on a multiaccess
link between two (or more) OSPFv2 routers. The show ip
ospf neighbor command will display the dead interval
elapsed time since the last hello message was received, but
does not show the configured value of the timer.

46. An administrator is configuring single-area OSPF on a

router. One of the networks that must be advertised is
128.107.0.0 255.255.255.192. What wildcard mask would the
administrator use in the OSPF network statement?
0.0.63.255
0.0.0.63
0.0.0.3
0.0.0.7
47. Match each OSPF packet type to how it is used by a

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

router. (Not all options are used.)

47. Which step in the link-state routing process is described

by a router building a link-state database based on received
LSAs?
building the topology table
49. An administrator is configuring single-area OSPF on a
router. One of the networks that must be advertised is
198.19.0.0 255.255.252.0. What wildcard mask would the
administrator use in the OSPF network statement?
0.0.63.255
0.0.3.255
0.0.31.255
0.0.0.255
50. An administrator is configuring single-area OSPF on a
router. One of the networks that must be advertised is
128.107.0.0 255.255.252.0. What wildcard mask would the
administrator use in the OSPF network statement?

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

0.0.3.255
0.0.0.7
0.0.0.3
0.0.63.255
51. Which step in the link-state routing process is described
by a router flooding link-state and cost information about
each directly connected link?
building the topology table
selecting the router ID
exchanging link-state advertisements
injecting the default route
52. Which step in the link-state routing process is described
by a router sending Hello packets out all of the OSPF-
enabled interfaces?
electing the designated router
establishing neighbor adjacencies
injecting the default route
exchanging link-state advertisements
53. An administrator is configuring single-area OSPF on a
router. One of the networks that must be advertised is
64.100.0.0 255.255.255.0. What wildcard mask would the
administrator use in the OSPF network statement?
0.0.0.31
0.0.0.255
0.0.0.63
0.0.0.127
54. Which step in the link-state routing process is described
by a router inserting best paths into the routing table?
declaring a neighbor to be inaccessible
executing the SPF algorithm
load balancing equal-cost paths
choosing the best route
55. What type of address is 64.101.198.197?
public
private

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Related Articles

Join the discussion

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

bullet {{}} 

45 COMMENTS

hussain

25 days ago

A network technician issues the following commands when configuring a

router: 
R1(config)# router ospf 11 
R1(config-router)# network 10.10.10.0 0.0.0.255 area 0 

What does the number 11 represent?

Reply
View Replies (1) 

Nuggets

2 months ago

Dose all the question will be on CCNA 200-301 exam?

Sorry for the question juts want to verify,
Thank you Admin.

Reply
View Replies (1) 

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Rudolf

3 months ago

After modifying the router ID on an OSPF router, what is the preferred

method to make the new router ID effective?

HQ# resume
HQ# clear ip ospf process
HQ# copy running-config startup-config
HQ# clear ip route *

Reply

Rudolf

3 months ago

In an OSPFv2 configuration, what is the effect of entering the

command network 192.168.1.1 0.0.0.0 area 0 ?

It enables OSPF on all interfaces on the router.

It allows all 192.168.1.0 networks to be advertised.
It changes the router ID of the router to 192.168.1.1.
It tells the router which interface to turn on for the OSPF routing
process.

Reply
View Replies (2) 

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Judy

4 months ago

An administrator is configuring single-area OSPF on a router. One of the

networks that must be advertised is 64.100.0.0 255.255.255.0. What
wildcard mask would the administrator use in the OSPF network
statement?

0.0.0.31
0.0.0.255
0.0.0.63
0.0.0.127

Reply
View Replies (1) 

Judy

4 months ago

In an OSPFv2 configuration, what is the effect of entering the

command network 192.168.1.1 0.0.0.0 area 0 ?

It changes the router ID of the router to 192.168.1.1.

It allows all 192.168.1.0 networks to be advertised.
It enables OSPF on all interfaces on the router.
It tells the router which interface to turn on for the OSPF routing
process.

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Reply
View Replies (1) 

Chera Robinson Constantin


4 months ago

Which step in the link-state routing process is described by a router

sending Hello packets out all of the OSPF-enabled interfaces?

electing the designated router

exchanging link-state advertisements
injecting the default route
establishing neighbor adjacencies

 
 

Reply

Mandala

4 months ago

By default, what is the OSPF cost for any link with a bandwidth of 100
Mb/s or greater?

100000000
1
100
10000

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Reply

Tiago

4 months ago

Which step in the link-state routing process is described by a router

sending Hello packets out all of the OSPF-enabled interfaces?

electing the designated router

establishing neighbor adjacencies
injecting the default route
exchanging link-state advertisements

 Last edited 4 months ago by Tiago

Reply

Jonathan Cueva

4 months ago

Which step in the link-state routing process is described by a router

inserting best paths into the routing table?
-declaring a neighbor to be inaccessible
-executing the SPF algorithm
-load balancing equal-cost paths
-choosing the best route (ANSWER)

Reply

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Tms

4 months ago

I have question
Which two step in the link-state routing process is described by a router
flooding link-state and cost information about each directly connected link
?
– establish neighbor adjacencies
– exchange link -state advertisements
– electing the designated router
– injecting the default route

Reply

Anon

5 months ago

What type of address is 64.101.198.197?

public

private

Reply

Victor

5 months ago

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

1. Which step in the link-state routing process is described by a router

flooding link-state
and cost information about each directly connected link?

• building the topology table

• exchanging link-state advertisements
• selecting the router ID
• injecting the default route

Reply

Olu

6 months ago

hi, do you advice me to study all the dumps, i.e previous versions and the
recent 200-301 questions when reading for my ccna and how similar to
actual questions. Thanks.

Reply

new question

6 months ago

Which step in the link-state routing process is described by a router

sending Hello packets out all of the OSPF-enabled interfaces?

electing the designated router

-> establishing neighbor adjacencies

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

injecting the default route

exchanging link-state advertisements
Navigation

Reply

Ashes

6 months ago

Which step in the link-state routing process is described by a router

flooding link-state and cost information about each directly connected
link?

* establishing neighbor adjacencies

* electing the designated router
* injecting the default route
* exchanging link-state advertisements

Reply

daa

6 months ago

Which step in the link-state routing process is described by a router

flooding link-state and cost information about each directly connected
link?

* building the topology table

* injecting the default route
* exchanging link-state advertisements

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

* selecting the router ID

Reply

usman

6 months ago

Which step in the link-state routing process is described by a router

building a link-state database based on received LSAs?

Reply
View Replies (2) 

Cake

6 months ago

**New Question**
Match each OSPF packet type to how it is used by a router. (Not all
options are used.)
https://imgur.com/jsq8FrG

**Wrong Answer**
An OSPF router has three directly connected networks; 172.16.0.0/16,
172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would
advertise only the 172.16.1.0 network to neighbors?

O router(config-router)# network 172.16.1.0 255.255.255.0 area 0

X router(config-router)# network 172.16.1.0 0.0.255.255 area 0

I agree with Mike(1) that it should be 0.0.0.255 but they must have gotten
the subnet mask and wildcard mask mixed up when they put answer in.

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

(1)https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-
configuration-exam-answers.html#comment-42876

Reply
View Replies (1) 

vishal

6 months ago

new question
Match each OSPF packet type to how it is used by a router. (Not all
options are used.)

establish and maintain adjacencies

advertise new information

confirm receipt of an update

compare local topology to that sent by another router

query another router for additional information

Reply

Rob

7 months ago

Does anyone know where to download the PKA file for Q37? Or does
anyone have a screenshot of what the PT Activity is?

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Reply
View Replies (2) 

Rob

7 months ago

Does any one have the full details for Q33? It appears to be only part of
the Question.

Reply

Bogdan

8 months ago

An administrator is configuring single-area OSPF on a router. One of the

networks that must be advertised is 128.107.0.0 255.255.252.0. What
wildcard mask would the administrator use in the OSPF network
statement?

0.0.3.255

0.0.0.7

0.0.0.3

0.0.63.255

Reply
View Replies (2) 

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

Marius Maripuu

8 months ago

I think the number 19 is showing wrong answer. According to the

explanation in green, the correct answer should be: router(config-router)#
network 172.16.1.0 0.0.255.255 area 0

Reply
View Replies (2) 

K678

8 months ago

An administrator is configuring single-area OSPF on a router. One of the

networks that must be advertised is 128.107.0.0 255.255.255.192. What
wildcard mask would the administrator use in the OSPF network
statement?

0.0.63.255
0.0.0.63 answer
0.0.0.3
0.0.0.7

Reply
View Replies (1) 

scooter

8 months ago

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

I had the following question not seen above:

Which command will a network engineer issue to verify the configured

hello and dead timer intervals on a point-to-point WAN link between two
routers that are running OSPFv2?
X show ip ospf interface serial 0/0/0
show ipv6 ospf interface serial 0/0/0
show ip ospf interface fastethernet 0/1
show ip ospf neighbor

-1

Reply
View Replies (1) 

Dave

8 months ago

Some questions you guys missed. There were a decent amount of other
questions not listed but I got those correct.

Which step in the link-state routing process is described by a router

building a link-state database based on received LSAs?

building the topology table

Which three OSPF states are involved when two routers are forming an
adjacency? (Choose three.)

Init
Two-way
Down

Reply
View Replies (1) 

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers

ITExamAnswers.net Copyright © 2020. Privacy Policy | Contact

https://itexamanswers.net/ccna-3-v7-modules-1-2-ospf-concepts-and-configuration-exam-answers.html[16/10/2020 1:28:57 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Search the site 

Menu 

CCNA 3 v7 Modules 3 – 5: Network Security

Exam Answers
 Dec 22, 2019 |
 Last Updated on Sep 23, 2020 |

 CCNA v7 Course #3 |
 40 Comments

 Share  Tweet  Share  Pin it

How to find: Press “Ctrl + F” in the browser and fill in

whatever wording is in the question to find that
question/answer.
CCNA v7.0 Exam Answers

NOTE: If you have the new question on this test, please CCNA 1 – v7 CCNA 2 – v7

comment Question and Multiple-Choice list in form

CCNA 3 – v7
below this article. We will update answers for you in the
shortest time. Thank you! We truly value your 
contribution to the website. Modules 1 – 3: Basic

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Network Connectivity and

Communications Exam
Enterprise Networking, Security, and Automation ( Answers
Version 7.00) – Modules 3 – 5: Network Security Exam Modules 4 – 7: Ethernet
Concepts Exam Answers
1. The IT department is reporting that a company web server
is receiving an abnormally high number of web page Modules 8 – 10:
requests from different locations simultaneously. Which type Communicating Between
of security attack is occurring? Networks Exam Answers
adware
Modules 11 – 13: IP
DDoS
Addressing Exam Answers
phishing
social engineering Modules 14 – 15: Network
spyware Application Communications
2. What causes a buffer overflow? Exam Answers

launching a security countermeasure to mitigate a Trojan Modules 16 – 17: Building

horse and Securing a Small
downloading and installing too many software updates at one Network Exam Answers
time
attempting to write more data to a memory location than [PT Skills] Practice PT
that location can hold Skills Assessment (PTSA)
sending too much information to two or more interfaces of the
[Hands on Skills] CCNAv7
same device, thereby causing dropped packets
ITN Skills Assessment
sending repeated connections such as Telnet to a particular
device, thus denying other data sources ITNv7 Practice Final Exam
3. Which objective of secure communications is achieved by
CCNA 1 v7 FINAL Exam
encrypting data?
Answers
authentication
availability
confidentiality
integrity
4. What type of malware has the primary objective of Share your Buy me a
spreading across the network?
worm Donate
virus
Trojan horse
botnet
Recent Comments
5. What commonly motivates cybercriminals to attack
RAHMA on CCIE/CCNP 350-401
networks as compared to hactivists or state-sponsored
ENCOR Dumps Full Questions with

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

hackers? VCE & PDF

financial gain Kitty on CCIE/CCNP 350-401
fame seeking ENCOR Dumps Full Questions with
status among peers VCE & PDF
political reasons Joe Boy on CCNA 2 v7.0 Final
Exam Answers Full – Switching,
Routing and Wireless Essentials
Explanation: Cybercriminals are commonly motivated by
Trevor Kretzmann on CCNA 200-
money. Hackers are known to hack for status.
301 Dumps Full Questions – Exam
Cyberterrorists are motivated to commit cybercrimes for Study Guide & Free
religious or political reasons.
NT10 on CCNA 200-301 Dumps
Full Questions – Exam Study Guide
6. Which type of hacker is motivated to protest against & Free
political and social issues?
hacktivist [Cert] CCNA 200-301 Exam
cybercriminal
script kiddie
vulnerability broker

Explanation: Hackers are categorized by motivating factors.

Hacktivists are motivated by protesting political and social
issues.

7. What is a ping sweep?

a query and response protocol that identifies information
about a domain, including the addresses that are assigned to
that domain.
a scanning technique that examines a range of TCP or UDP
port numbers on a host to detect listening services.
a software application that enables the capture of all network
packets that are sent across a LAN.
a network scanning technique that indicates the live
hosts in a range of IP addresses.

Explanation: A ping sweep is a tool that is used during a

reconnaissance attack. Other tools that might be used during
this type of attack include a ping sweep, port scan, or
Internet information query. A reconnaissance attack is used
to gather information about a particular network, usually in
preparation for another type of network attack.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

8. In what type of attack is a cybercriminal attempting to

prevent legitimate users from accessing network services?
address spoofing
MITM
session hijacking
DoS

Explanation: In a DoS or denial-of-service attack, the goal

of the attacker is to prevent legitimate users from accessing
network services.

9. Which requirement of secure communications is ensured

by the implementation of MD5 or SHA hash generating
algorithms?​
nonrepudiation
authentication
integrity
confidentiality

Explanation: Integrity is ensured by implementing either

MD5 or SHA hash generating algorithms. Many modern

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

networks ensure authentication with protocols, such as

HMAC. Data confidentiality is ensured through symmetric
encryption algorithms, including DES, 3DES, and AES. Data
confidentiality can also be ensured using asymmetric
algorithms, including RSA and PKI.​

10. If an asymmetric algorithm uses a public key to encrypt

data, what is used to decrypt it?
a digital certificate
a different public key
a private key
DH

Explanation: When an asymmetric algorithm is used, public

and private keys are used for the encryption. Either key can
be used for encryption, but the complementary matched key
must be used for the decryption. For example if the public
key is used for encryption, then the private key must be used
for the decryption.

11. Refer to the exhibit. Which two ACLs would permit only
the two LAN networks attached to R1 to access the network
that connects to R2 G0/1 interface? (Choose two.)

access-list 1 permit 192.168.10.0 0.0.0.127

access-list 2 permit host 192.168.10.9
access-list 2 permit host 192.168.10.69
access-list 5 permit 192.168.10.0 0.0.0.63

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

access-list 5 permit 192.168.10.64 0.0.0.63

access-list 3 permit 192.168.10.128 0.0.0.63
access-list 4 permit 192.168.10.0 0.0.0.255

Explanation: The permit 192.168.10.0 0.0.0.127 command

ignores bit positions 1 through 7, which means that
addresses 192.168.10.0 through 192.168.10.127 are
allowed through. The two ACEs of permit 192.168.10.0
0.0.0.63 and permit 192.168.10.64 0.0.0.63 allow the same
address range through the router.

12. Which two packet filters could a network administrator

use on an IPv4 extended ACL? (Choose two.)
destination UDP port number
computer type
destination MAC address
ICMP message type
source TCP hello address

Explanation: Extended access lists commonly filter on

source and destination IPv4 addresses and TCP or UDP
port numbers. Additional filtering can be provided for
protocol types.

13. What type of ACL offers greater flexibility and control

over network access?
numbered standard
named standard
extended
flexible

Explanation: The two types of ACLs are standard and

extended. Both types can be named or numbered, but
extended ACLs offer greater flexibility.

14. What is the quickest way to remove a single ACE from a

named ACL?
Use the no keyword and the sequence number of the

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

ACE to be removed.
Copy the ACL into a text editor, remove the ACE, then copy
the ACL back into the router.
Create a new ACL with a different number and apply the new
ACL to the router interface.
Use the no access-list command to remove the entire ACL,
then recreate it without the ACE.

Explanation: Named ACL ACEs can be removed using the

no command followed by the sequence number.

15. Refer to the exhibit. A network administrator is

configuring a standard IPv4 ACL. What is the effect after the
command no access-list 10 is entered?

ACL 10 is removed from both the running configuration and

the interface Fa0/1.
ACL 10 is removed from the running configuration.
ACL 10 is disabled on Fa0/1.
ACL 10 will be disabled and removed after R1 restarts.

Explanation: The R1(config)# no access-list <access-list

number> command removes the ACL from the running-
config immediately. However, to disable an ACL on an
interface, the command R1(config-if)# no ip access-group
should be entered.

16. Refer to the exhibit. A network administrator has

configured ACL 9 as shown. Users on the 172.31.1.0 /24
network cannot forward traffic through router CiscoVille.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

What is the most likely cause of the traffic failure?

The established keyword is not specified.

The sequence of the ACEs is incorrect.
The port number for the traffic has not been identified with the
eq keyword.
The permit statement specifies an incorrect wildcard mask.

Explanation: When verifying an ACL, the statements are

always listed in a sequential order. Even though there is an
explicit permit for the traffic that is sourced from network
172.31.1.0 /24, it is being denied due to the previously
implemented ACE of CiscoVille(config)# access-list 9
deny 172.31.0.0 0.0.255.255. The sequence of the ACEs
must be modified to permit the specific traffic that is sourced
from network 172.31.1.0 /24 and then to deny 172.31.0.0
/16.

17. A network administrator needs to configure a standard

ACL so that only the workstation of the administrator with
the IP address 192.168.15.23 can access the virtual terminal
of the main router. Which two configuration commands can
achieve the task? (Choose two.)
Router1(config)# access-list 10 permit 192.168.15.23
0.0.0.0
Router1(config)# access-list 10 permit 192.168.15.23
0.0.0.255
Router1(config)# access-list 10 permit 192.168.15.23
255.255.255.255
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23
255.255.255.0

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Explanation: To permit or deny one specific IP address,

either the wildcard mask 0.0.0.0 (used after the IP address)
or the wildcard mask keyword host (used before the IP
address) can be used.

18. Refer to the exhibit. Which command would be used in a

standard ACL to allow only devices on the network attached
to R2 G0/0 interface to access the networks attached to R1?

access-list 1 permit 192.168.10.128 0.0.0.63

access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.10.96 0.0.0.31
access-list 1 permit 192.168.10.0 0.0.0.63

Explanation: Standard access lists only filter on the source

IP address. In the design, the packets would be coming from
the 192.168.10.96/27 network (the R2 G0/0 network). The
correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31.

19. A network administrator is writing a standard ACL that

will deny any traffic from the 172.16.0.0/16 network, but
permit all other traffic. Which two commands should be
used? (Choose two.)
Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
Router(config)# access-list 95 permit any
Router(config)# access-list 95 host 172.16.0.0
Router(config)# access-list 95 deny 172.16.0.0
0.0.255.255

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Router(config)# access-list 95 172.16.0.0 255.255.255.255

Router(config)# access-list 95 deny any

Explanation: To deny traffic from the 172.16.0.0/16

network, the access-list 95 deny 172.16.0.0 0.0.255.255
command is used. To permit all other traffic, the access-list
95 permit any statement is added.

20. Refer to the exhibit. An ACL was configured on R1 with

the intention of denying traffic from subnet 172.16.4.0/24 into
subnet 172.16.3.0/24. All other traffic into subnet
172.16.3.0/24 should be permitted. This standard ACL was
then applied outbound on interface Fa0/0. Which conclusion
can be drawn from this configuration?​

The ACL should be applied outbound on all interfaces of R1.

The ACL should be applied to the FastEthernet 0/0 interface
of R1 inbound to accomplish the requirements.
All traffic will be blocked, not just traffic from the
172.16.4.0/24 subnet.
Only traffic from the 172.16.4.0/24 subnet is blocked, and all
other traffic is allowed.​
An extended ACL must be used in this situation.

Explanation: Because of the implicit deny at the end of all

ACLs, the access-list 1 permit any command must be
included to ensure that only traffic from the 172.16.4.0/24
subnet is blocked and that all other traffic is allowed.​

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

21. Refer to the exhibit. A network administrator needs to

add an ACE to the TRAFFIC-CONTROL ACL that will deny IP
traffic from the subnet 172.23.16.0/20. Which ACE will meet
this requirement?

30 deny 172.23.16.0 0.0.15.255

15 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.255.255

Explanation: The only filtering criteria specified for a

standard access list is the source IPv4 address. The wild
card mask is written to identify what parts of the address to
match, with a 0 bit, and what parts of the address should be
ignored, which a 1 bit. The router will parse the ACE entries
from lowest sequence number to highest. If an ACE must be
added to an existing access list, the sequence number
should be specified so that the ACE is in the correct place
during the ACL evaluation process.

22. Refer to the exhibit. A network administrator configures

an ACL on the router. Which statement describes the result
of the configuration?

An SSH connection is allowed from a workstation with IP

172.16.45.16 to a device with IP 192.168.25.18.
An SSH connection is allowed from a workstation with IP
192.168.25.18 to a device with IP 172.16.45.16.
A Telnet connection is allowed from a workstation with IP
192.168.25.18 to a device with IP 172.16.45.16.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

A Telnet connection is allowed from a workstation with IP

172.16.45.16 to a device with IP 192.168.25.18.

Explanation: In an extended ACL, the first address is the

source IP address and the second one is the destination IP
address. TCP port number 22 is a well-known port number
reserved for SSH connections. Telnet connections use TCP
port number 23.

23. Refer to the exhibit. What can be determined from this

output?

The ACL is missing the deny ip any any ACE.

The ACL is only monitoring traffic destined for 10.23.77.101
from three specific hosts.
Because there are no matches for line 10, the ACL is not
working.
The router has not had any Telnet packets from
10.35.80.22 that are destined for 10.23.77.101.

Explanation: ACL entry 10 in MyACL matches any Telnet

packets between host 10.35.80.22 and 10.23.77.101. No
matches have occurred on this ACE as evidenced by the
lack of a “(xxx matches)” ACE. The deny ip any any ACE is
not required because there is an implicit deny ACE added to
every access control list. When no matches exist for an ACL,
it only means that no traffic has matched the conditions that
exist for that particular line. The ACL is monitoring traffic that
matches three specific hosts going to very specific
destination devices. All other traffic is not permitted by the
implicit deny ip any any ACE.

24. Refer to the exhibit. A network administrator wants to

permit only host 192.168.1.1 /24 to be able to access the
server 192.168.2.1 /24. Which three commands will achieve
this using best ACL placement practices? (Choose three.)

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

R2(config)# interface fastethernet 0/1

R2(config-if)# ip access-group 101 out
R2(config)# access-list 101 permit ip 192.168.1.0
255.255.255.0 192.168.2.0 255.255.255.0
R2(config-if)# ip access-group 101 in
R2(config)# access-list 101 permit ip any any
R2(config)# interface fastethernet 0/0
R2(config)# access-list 101 permit ip host 192.168.1.1
host 192.168.2.1

Explanation: An extended ACL is placed as close to the

source of the traffic as possible. In this case.it is placed in an
inbound direction on interface fa0/0 on R2 for traffic entering
the router from host with the IP address192.168.1.1 bound
for the server with the IP address192.168.2.1.

25. Consider the following access list.

access-list 100 permit ip host 192.168.10.1 any
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo
access-list 100 permit ip any any
Which two actions are taken if the access list is placed
inbound on a router Gigabit Ethernet port that has the IP
address 192.168.10.254 assigned? (Choose two.)
Only Layer 3 connections are allowed to be made from the
router to any other network device.
Devices on the 192.168.10.0/24 network are not allowed to
reply to any ping requests.
Devices on the 192.168.10.0/24 network can sucessfully
ping devices on the 192.168.11.0 network.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

A Telnet or SSH session is allowed from any device on

the 192.168.10.0 into the router with this access list
assigned.
Only the network device assigned the IP address
192.168.10.1 is allowed to access the router.

Explanation: The first ACE allows the 192.168.10.1 device

to do any TCP/IP-based transactions with any other
destination. The second ACE stops devices on the
192.168.10.0/24 network from issuing any pings to any other
location. Everything else is permitted by the third ACE.
Therefore, a Telnet/SSH session or ping reply is allowed
from a device on the 192.168.10.0/24 network.

26. Refer to the exhibit. The named ACL “Managers” already

exists on the router. What will happen when the network
administrator issues the commands that are shown in the
exhibit?

The commands are added at the end of the existing

Managers ACL.
The commands overwrite the existing Managers ACL.
The commands are added at the beginning of the existing
Managers ACL.
The network administrator receives an error that states that
the ACL already exists.
27. In which TCP attack is the cybercriminal attempting to
overwhelm a target host with half-open TCP connections?
port scan attack
SYN flood attack
session hijacking attack
reset attack

Explanation: In a TCP SYN flood attack, the attacker sends

to the target host a continuous flood of TCP SYN session
requests with a spoofed source IP address. The target host

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

responds with a TCP-SYN-ACK to each of the SYN session

requests and waits for a TCP ACK that will never arrive.
Eventually the target is overwhelmed with half-open TCP
connections.

28. Which protocol is attacked when a cybercriminal

provides an invalid gateway in order to create a man-in-the-
middle attack?
DHCP
DNS
ICMP
HTTP or HTTPS

Explanation: A cybercriminal could set up a rogue DHCP

server that provides one or more of the following:
Wrong default gateway that is used to create a man-in-
the-middle attack and allow the attacker to intercept data
Wrong DNS server that results in the user being sent to
a malicious website
Invalid default gateway IP address that results in a
denial of service attack on the DHCP client

29. Refer to the exhibit. An administrator has configured a

standard ACL on R1 and applied it to interface serial 0/0/0 in
the outbound direction. What happens to traffic leaving
interface serial 0/0/0 that does not match the configured ACL
statements?

The traffic is dropped.

The source IP address is checked and, if a match is not
found, traffic is routed out interface serial 0/0/1.
The resulting action is determined by the destination IP
address.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

The resulting action is determined by the destination IP

address and port number.

Explanation: Any traffic that does not match one of the

statements in an ACL has the implicit deny applied to it,
which means the traffic is dropped.

30. Refer to the exhibit. The Gigabit interfaces on both

routers have been configured with subinterface numbers
that match the VLAN numbers connected to them. PCs on
VLAN 10 should be able to print to the P1 printer on VLAN
12. PCs on VLAN 20 should print to the printers on VLAN 22.
What interface and in what direction should you place a
standard ACL that allows printing to P1 from data VLAN 10,
but stops the PCs on VLAN 20 from using the P1 printer?
(Choose two.)

inbound
R2 S0/0/1
R1 Gi0/1.12
outbound
R1 S0/0/0
R2 Gi0/1.20

Explanation: A standard access list is commonly placed as

close to the destination network as possible because access
control expressions in a standard ACL do not include
information about the destination network.
The destination in this example is printer VLAN 12 which has
router R1 Gigabit subinterface 0/1/.12 as its gateway. A

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

sample standard ACL that only allows printing from data

VLAN 10 (192.168.10.0/24), for example, and no other
VLAN would be as follows:

R1(config)# access-list 1 permit

192.168.10.0 0.0.0.255
R1(config)# access-list 1 deny any
R1(config)# interface gigabitethernet
0/1.12
R1(config-if)# ip access-group 1 out

31. Which statement describes a characteristic of standard

IPv4 ACLs?
They are configured in the interface configuration mode.
They can be configured to filter traffic based on both source
IP addresses and source ports.
They can be created with a number but not with a name.
They filter traffic based on source IP addresses only.

Explanation: A standard IPv4 ACL can filter traffic based on

source IP addresses only. Unlike an extended ACL, it cannot
filter traffic based on Layer 4 ports. However, both standard
and extended ACLs can be identified with either a number or
a name, and both are configured in global configuration
mode.

32. What is considered a best practice when configuring

ACLs on vty lines?
Place identical restrictions on all vty lines.
Remove the vty password since the ACL restricts access to
trusted users.
Apply the ip access-group command inbound.
Use only extended access lists.
33.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Refer to the exhibit. An administrator first configured an

extended ACL as shown by the output of the show access-
lists command. The administrator then edited this access-list
by issuing the commands below.

Router(config)# ip access-list extended 101

Router(config-ext-nacl)# no 20
Router(config-ext-nacl)# 5 permit tcp any any
eq 22
Router(config-ext-nacl)# 20 deny udp any any

Which two conclusions can be drawn from this new

configuration?​ (Choose two.)
TFTP packets will be permitted.​
Ping packets will be permitted.
Telnet packets will be permitted.
SSH packets will be permitted.
All TCP and UDP packets will be denied.​

Explanation: After the editing, the final configuration is as

follows:
Router# show access-lists
Extended IP access list 101
5 permit tcp any any eq ssh
10 deny tcp any any
20 deny udp any any
30 permit icmp any any
So, only SSH packets and ICMP packets will be permitted.​

34. Which set of access control entries would allow all users
on the 192.168.10.0/24 network to access a web server that is
located at 172.17.80.1, but would not allow them to use
Telnet?
access-list 103 deny tcp host 192.168.10.0 any eq 23

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

access-list 103 permit tcp host 192.168.10.1 eq 80

access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit 192.168.10.0 0.0.0.255 host
172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host
172.17.80.1 eq 80
access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

Explanation: For an extended ACL to meet these

requirements the following need to be included in the access
control entries:
identification number in the range 100-199 or 2000-2699
permit or deny parameter
protocol
source address and wildcard
destination address and wildcard
port number or name

35. What is the term used to describe a mechanism that

takes advantage of a vulnerability?
mitigation
exploit
vulnerability
threat
36. Refer to the exhibit. The network administrator has an IP
address of 192.168.11.10 and needs access to manage R1.
What is the best ACL type and placement to use in this
situation?

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

extended ACL outbound on R2 WAN interface towards the

internet
standard ACL inbound on R1 vty lines
extended ACLs inbound on R1 G0/0 and G0/1
extended ACL outbound on R2 S0/0/1

Explanation: Standard ACLs permit or deny packets based

only on the source IPv4 address. Because all traffic types
are permitted or denied, standard ACLs should be located as
close to the destination as possible.
Extended ACLs permit or deny packets based on the source
IPv4 address and destination IPv4 address, protocol type,
source and destination TCP or UDP ports and more.
Because the filtering of extended ACLs is so specific,
extended ACLs should be located as close as possible to the
source of the traffic to be filtered. Undesirable traffic is
denied close to the source network without crossing the
network infrastructure.

37. A technician is tasked with using ACLs to secure a

router. When would the technician use the any configuration
option or command?
to add a text entry for documentation purposes

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

to generate and send an informational message whenever

the ACE is matched
to identify any IP address
to identify one specific IP address
38. Which statement accurately characterizes the evolution
of threats to network security?
Internet architects planned for network security from the
beginning.
Early Internet users often engaged in activities that would
harm other users.
Internal threats can cause even greater damage than
external threats.
Threats have become less sophisticated while the technical
knowledge needed by an attacker has grown.

Explanation: Internal threats can be intentional or

accidental and cause greater damage than external threats
because the internal user has direct access to the internal
corporate network and corporate data.

39. A user receives a phone call from a person who claims to

represent IT services and then asks that user for
confirmation of username and password for auditing
purposes. Which security threat does this phone call
represent?
spam
social engineering
DDoS
anonymous keylogging

Explanation: Social engineering attempts to gain the

confidence of an employee and convince that person to
divulge confidential and sensitive information, such as
usernames and passwords. DDoS attacks, spam, and
keylogging are all examples of software based security
threats, not social engineering.

40. In what way are zombies used in security attacks?

They target specific individuals to gain corporate or personal

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

information.
They probe a group of machines for open ports to learn which
services are running.
They are maliciously formed code segments used to replace
legitimate applications.
They are infected machines that carry out a DDoS attack.

Explanation: Zombies are infected computers that make up

a botnet. The zombies are used to deploy a distributed
denial of service (DDoS) attack.

41. Which attack involves threat actors positioning

themselves between a source and destination with the intent
of transparently monitoring, capturing, and controlling the
communication?
man-in-the-middle attack
SYN flood attack
DoS attack
ICMP attack

Explanation: The man-in-the-middle attack is a common IP-

related attack where threat actors position themselves
between a source and destination to transparently monitor,
capture, and control the communication.

42. Which two keywords can be used in an access control

list to replace a wildcard mask or address and wildcard mask
pair? (Choose two.)
host
most
gt
some
any
all

Explanation: The host keyword is used when using a

specific device IP address in an ACL. For example, the deny
host 192.168.5.5 command is the same is the deny
192.168.5.5 0.0.0.0 command. The any keyword is used to

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

allow any mask through that meets the criteria. For example,
the permit any command is the same as permit 0.0.0.0
255.255.255.255 command.

43. Which statement describes a difference between the

operation of inbound and outbound ACLs?
Inbound ACLs are processed before the packets are
routed while outbound ACLs are processed after the
routing is completed.
In contrast to outbound ALCs, inbound ACLs can be used to
filter packets with multiple criteria.
On a network interface, more than one inbound ACL can be
configured but only one outbound ACL can be configured.
Inbound ACLs can be used in both routers and switches but
outbound ACLs can be used only on routers.

Explanation: With an inbound ACL, incoming packets are

processed before they are routed. With an outbound ACL,
packets are first routed to the outbound interface, then they
are processed. Thus processing inbound is more efficient
from the router perspective. The structure, filtering methods,
and limitations (on an interface, only one inbound and one
outbound ACL can be configured) are the same for both
types of ACLs.

44. What effect would the Router1(config-ext-nacl)# permit

tcp 172.16.4.0 0.0.0.255 any eq www command have when
implemented inbound on the f0/0 interface?
All TCP traffic is permitted, and all other traffic is denied.
Traffic originating from 172.16.4.0/24 is permitted to all
TCP port 80 destinations.
All traffic from 172.16.4.0/24 is permitted anywhere on any
port.
The command is rejected by the router because it is
incomplete.
45. Which ACE will permit a packet that originates from any
network and is destined for a web server at 192.168.1.1?
access-list 101 permit tcp any host 192.168.1.1 eq 80
access-list 101 permit tcp host 192.168.1.1 eq 80 any

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

access-list 101 permit tcp host 192.168.1.1 any eq 80

access-list 101 permit tcp any eq 80 host 192.168.1.1
46. Refer to the exhibit. A new network policy requires an
ACL denying FTP and Telnet access to a Corp file server
from all interns. The address of the file server is 172.16.1.15
and all interns are assigned addresses in the 172.18.200.0/24
network. After implementing the ACL, no one in the Corp
network can access any of the servers. What is the problem?

CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers

46

Inbound ACLs must be routed before they are processed.

The ACL is implicitly denying access to all the servers.
Named ACLs require the use of port numbers.
The ACL is applied to the interface using the wrong direction.

Explanation: Both named and numbered ACLs have an

implicit deny ACE at the end of the list. This implicit deny
blocks all traffic.

47. A technician is tasked with using ACLs to secure a

router. When would the technician use the access-class 20
in configuration option or command?
to secure administrative access to the router
to remove an ACL from an interface
to remove a configured ACL
to apply a standard ACL to an interface
48. What is the term used to describe the same pre-shared
key or secret key, known by both the sender and receiver to

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

encrypt and decrypt data?

symmetric encryption algorithm
data integrity
exploit
risk
49. Refer to the exhibit. Internet privileges for an employee
have been revoked because of abuse but the employee still
needs access to company resources. What is the best ACL
type and placement to use in this situation?

CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers 49

standard ACL inbound on R2 WAN interface connecting to

the internet
standard ACL outbound on R2 WAN interface towards
the internet
standard ACL inbound on R1 G0/0
standard ACL outbound on R1 G0/0

Explanation: – Standard ACLs permit or deny packets

based only on the source IPv4 address. Because all traffic
types are permitted or denied, standard ACLs should be
located as close to the destination as possible.
– Extended ACLs permit or deny packets based on the
source IPv4 address and destination IPv4 address, protocol

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

type, source and destination TCP or UDP ports and more.

Because the filtering of extended ACLs is so specific,
extended ACLs should be located as close as possible to the
source of the traffic to be filtered. Undesirable traffic is
denied close to the source network without crossing the
network infrastructure.

50. Refer to the exhibit. The student on the H1 computer

continues to launch an extended ping with expanded
packets at the student on the H2 computer. The school
network administrator wants to stop this behavior, but still
allow both students access to web-based computer
assignments. What would be the best plan for the network
administrator?

CCNA 3 v7 Modules 3 – 5: Network Security Exam

Answers 42

Apply an inbound standard ACL on R1 Gi0/0.

Apply an inbound extended ACL on R2 Gi0/1.
Apply an outbound extended ACL on R1 S0/0/1.
Apply an inbound extended ACL on R1 Gi0/0.
Apply an outbound standard ACL on R2 S0/0/1.

Explanation: This access list must be an extended ACL in

order to filter on specific source and destination host

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

addresses. Commonly, the best place for an extended ACL

is closest to the source, which is H1. Traffic from H1 travels
into the switch, then out of the switch into the R1 Gi0/0
interface. This Gi0/0 interface would be the best location for
this type of extended ACL. The ACL would be applied on the
inbound interface since the packets from H1 would be
coming into the R1 router.

51. A technician is tasked with using ACLs to secure a

router. When would the technician use the ‘ip access-group
101 in’ configuration option or command?
to apply an extended ACL to an interface
to secure management traffic into the router
to secure administrative access to the router
to display all restricted traffic
52. In which type of attack is falsified information used to
redirect users to malicious Internet sites?
DNS amplification and reflection
ARP cache poisoning
DNS cache poisoning
domain generation
53. What is a feature of an IPS?
It can stop malicious packets.
It is deployed in offline mode.
It has no impact on latency.
It is primarily focused on identifying possible incidents.
54. What is the term used to describe a potential danger to a
company’s assets, data, or network functionality?
vulnerability
threat
asset
exploit
55. Refer to the exhibit. Network 192.168.30.0/24 contains all
of the company servers. Policy dictates that traffic from the
servers to both networks 192.168.10.0 and 192.168.11.0 be
limited to replies for original requests. What is the best ACL
type and placement to use in this situation?

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

standard ACL inbound on R1 vty lines

extended ACLs inbound on R1 G0/0 and G0/1
extended ACL inbound on R3 G0/0
extended ACL inbound on R3 S0/0/1

Explanation: Standard ACLs permit or deny packets based

only on the source IPv4 address. Because all traffic types
are permitted or denied, standard ACLs should be located as
close to the destination as possible.
Extended ACLs permit or deny packets based on the source
IPv4 address and destination IPv4 address, protocol type,
source and destination TCP or UDP ports and more.
Because the filtering of extended ACLs is so specific,
extended ACLs should be located as close as possible to the
source of the traffic to be filtered. Undesirable traffic is
denied close to the source network without crossing the
network infrastructure.

56. What does the CLI prompt change to after entering the
command ip access-list standard aaa from global
configuration mode?
Router(config-line)#
Router(config-std-nacl)#

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Router(config)#
Router(config-router)#
Router(config-if)#
57. Refer to the exhibit. Many employees are wasting
company time accessing social media on their work
computers. The company wants to stop this access. What is
the best ACL type and placement to use in this situation?
extended ACL outbound on R2 WAN interface towards the
internet
standard ACL outbound on R2 WAN interface towards the
internet
standard ACL outbound on R2 S0/0/0
extended ACLs inbound on R1 G0/0 and G0/1
58. A technician is tasked with using ACLs to secure a
router. When would the technician use the 40 deny host
192.168.23.8 configuration option or command?
to remove all ACLs from the router
to create an entry in a numbered ACL
to apply an ACL to all router interfaces
to secure administrative access to the router
59. What is the best description of Trojan horse malware?
It is malware that can only be distributed over the Internet.
It appears as useful software but hides malicious code.
It is software that causes annoying but not fatal computer
problems.
It is the most easily detected form of malware.
60. What wild card mask will match networks 172.16.0.0
through 172.19.0.0?
0.0.3.255
0.252.255.255
0.3.255.255
0.0.255.255
60. What is the term used to describe gray hat hackers who
publicly protest organizations or governments by posting
articles, videos, leaking sensitive information, and
performing network attacks?
white hat hackers
grey hat hackers
hacktivists

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

state-sponsored hacker
61. Refer to the exhibit. The company has provided IP
phones to employees on the 192.168.10.0/24 network and the
voice traffic will need priority over data traffic. What is the
best ACL type and placement to use in this situation?

extended ACL inbound on R1 G0/0

extended ACL outbound on R2 WAN interface towards the
internet
extended ACL outbound on R2 S0/0/1
extended ACLs inbound on R1 G0/0 and G0/1

Explanation: Standard ACLs permit or deny packets based

only on the source IPv4 address. Because all traffic types
are permitted or denied, standard ACLs should be located as
close to the destination as possible.
Extended ACLs permit or deny packets based on the source
IPv4 address and destination IPv4 address, protocol type,
source and destination TCP or UDP ports and more.
Because the filtering of extended ACLs is so specific,
extended ACLs should be located as close as possible to the
source of the traffic to be filtered. Undesirable traffic is
denied close to the source network without crossing the
network infrastructure.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

62. A technician is tasked with using ACLs to secure a

router. When would the technician use the no ip access-list
101 configuration option or command?
to apply an ACL to all router interfaces
to secure administrative access to the router
to remove all ACLs from the router
to remove a configured ACL
63. What is the term used to describe unethical criminals
who compromise computer and network security for
personal gain, or for malicious reasons?
hacktivists
vulnerability broker
black hat hackers
script kiddies
64. What is the term used to describe a guarantee that the
message is not a forgery and does actually come from whom
it states?
origin authentication
mitigation
exploit
data non-repudiation
65. A technician is tasked with using ACLs to secure a
router. When would the technician use the ip access-group
101 in configuration option or command?
to secure administrative access to the router
to apply an extended ACL to an interface
to display all restricted traffic
to secure management traffic into the router
66. A technician is tasked with using ACLs to secure a
router. When would the technician use the remark
configuration option or command?
to generate and send an informational message whenever
the ACE is matched
to add a text entry for documentation purposes
to identify one specific IP address
to restrict specific traffic access through an interface
67. Refer to the exhibit. The company CEO demands that one
ACL be created to permit email traffic to the internet and

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

deny FTP access. What is the best ACL type and placement
to use in this situation?

extended ACL outbound on R2 WAN interface towards

the internet
standard ACL outbound on R2 S0/0/0
extended ACL inbound on R2 S0/0/0
standard ACL inbound on R2 WAN interface connecting to
the internet

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Related Articles

HUAWEI CONNECT
2020 - New Value
Together
Ad
agenda.events.huawei.com

CCNA 200-301 Dumps

Online Practice Test -
Full New Questions
itexamanswers.net

Join the discussion

bullet {{}} 

40 COMMENTS

hussain

25 days ago

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Refer to the exhibit. An administrator first configured an extended ACL as

shown by the output of the show access-lists command. The
administrator then edited this access-list by issuing the commands below. 
Router(config)# ip access-list extended 101 
Router(config-ext-nacl)# no 20 
Router(config-ext-nacl)# 5 permit tcp any any eq 22 
Router(config-ext-nacl)# 20 deny udp any any 
Which two conclusions can be drawn from this new configuration?​
(Choose two.) 

TFTP packets will be permitted.​

All TCP and UDP packets will be denied.​
SSH packets will be permitted.
Ping packets will be permitted.
Telnet packets will be permitted.

Reply

Mammon

2 months ago

Which security term is used to describe anything of value to the

organization? It includes people, equipment, resources, and data.
Vulnerability Exploit Asset Risk Which security term is used to describe a
weakness in a system, or its design, that could be exploited by a threat?
Vulnerability Asset Risk Mitigation Which security term is used to describe
a potential danger to a company’s assets, data, or network functionality?
Vulnerability Exploit Threat Risk Which security term is used to describe a
mechanism that takes advantage of a vulnerability? Exploit Threat Risk
Mitigation Which security term is used to describe the counter-
measure… Read more »

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Reply

cisco@gmail.com

3 months ago

Refer to the exhibit. The company CEO demands that one ACL be
created to permit email traffic to the internet and deny FTP access. What
is the best ACL type and placement to use in this situation?

extended ACL outbound on R2 WAN interface towards the internet

standard ACL outbound on R2 S0/0/0
extended ACL inbound on R2 S0/0/0
standard ACL inbound on R2 WAN interface connecting to the
internet

Reply
View Replies (3) 

AF

4 months ago

Question:
 
” A technician is tasked with using ACLs to secure a router. When would
the technician use the remark configuration option or command? “
 
Answers:
 
to generate and send an informational message whenever the ACE is
matched

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

to add a text entry for documentation purposes (This should be the

answer)
to identify one specific IP address
to restrict specific traffic access through an interface
 
 

Reply

hanslissi

4 months ago

A technician is tasked with using ACLs to secure a router. When would

the technician use the ip access-group 101 in configuration option or
command?

to secure administrative access to the router

to apply an extended ACL to an interface (ANSWER)
to display all restricted traffic
to secure management traffic into the router

Reply

Jonathan Cueva

4 months ago

A technician is tasked with using ACLs to secure a router. When would

the technician use the no ip access-list 101 configuration option or
command?

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

-to apply an ACL to all router interfaces

-to secure administrative access to the router
-to remove all ACLs from the router
-to remove a configured ACL (answer)

Reply
View Replies (1) 

Jonathan Cueva

4 months ago

What is the term used to describe unethical criminals who compromise

computer and network security for personal gain, or for malicious
reasons?
-hacktivists
-vulnerability broker
-black hat hackers (answer)
-script kiddies

Reply

Anon

5 months ago

What is the term used to describe a guarantee that the message is not a
forgery and does actually come from whom it states?

[X] origin authentication

mitigation

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

exploit

data non-repudiation

Reply
View Replies (2) 

Sely

5 months ago

A technician is tasked with using ACLs to secure a router. When would

the technician use the no ip access-list 101 configuration option or
command?

– to remove a configured ACL (this is the answer)

– to remove all ACLs from the router
– to secure administrative access to the router
– to apply an ACL to all router interfaces

Reply

Sely

5 months ago

What is the term used to describe a guarantee that the message is not a
forgery and does actually come from whom it states?
– origin authentication (this is the answer)
-data non-repudiation
-migration
-exploit

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Reply

Ashes

6 months ago

Refer to the exhibit. The company has provided IP phones to employees

on the 192.168.10.0/24 network and the voice traffic will need priority over
data traffic. What is the best ACL type and placement to use in this
situation?

pictures in the question number 49 and 36

extended ACL inbound on R1 G0/0

extended ACL inbound on R3 G0/0
standard ACL inbound on R1 vty lines
standard ACL inbound on R1 G0/1

Reply

unknown

6 months ago

Which statement accurately characterizes the evolution of threats to

network security?

Early Internet users often engaged in activities that would harm other
users.

Internet architects planned for network security from the beginning.

Internal threats can cause even greater damage than external threats.

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Threats have become less sophisticated while the technical knowledge

needed by an attacker has grown.

Reply
View Replies (1) 

vishal

6 months ago

What is the term used to describe gray hat hackers who publicly protest
organizations or governments by posting articles, videos, leaking sensitive
information, and performing network attacks?

Reply
View Replies (1) 

Veelesh

6 months ago

What is the best description of Trojan horse malware?

– It is malware that can only be distributed over the Internet.

– It is software that causes annoying but not fatal computer problems.
– It is the most easily detected form of malware.
– It appears as useful software but hides malicious code

Reply

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

View Replies (2) 

Anon

6 months ago

24. What is the best description of Trojan horse malware?

{ } It is software that causes annoying but not fatal computer problems.
{ } It is the most easily detected form of malware.
{ } It is malware that can only be distributed over the Internet.
{ x } It appears as useful software but hides malicious code.

Reply
View Replies (1) 

Robin

7 months ago

What is the best description of Trojan horse malware?

It is malware that can only be distributed over the Internet.

It appears as useful software but hides malicious code. (x)
It is software that causes annoying but not fatal computer problems.
It is the most easily detected form of malware.

Reply
View Replies (1) 

Bogdan

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers


8 months ago

What is the term used to describe gray hat hackers who publicly protest
organizations or governments by posting articles, videos, leaking sensitive
information, and performing network attacks?

script kiddies

grey hat hackers

hacktivists

white hat hackers

Reply
View Replies (2) 

Bogdan

8 months ago

What wild card mask will match networks 172.16.0.0 through 172.19.0.0?

0.0.3.255

0.252.255.255

{X} 0.3.255.255

0.0.255.255

Reply
View Replies (2) 

rfrco

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers


8 months ago

Additional questions not listed:

33 A technician is tasked with using ACLs to secure a router. When would

the technician use the ‘ip access-group 101 in’ configuration option or
command?

– to apply an extended ACL to an interface (Ans)

– to secure management traffic into the router
– to secure administrative access to the router
– to display all restricted traffic

22 In which type of attack is falsified information used to redirect users to

malicious Internet sites?

– DNS amplification and reflection

– ARP cache poisoning
– DNS cache poisoning (Ans)
– domain generation

Reply
View Replies (2) 

rfrco

8 months ago

The following questions were not listed: 11 What is a feature of an IPS? –

It can stop malicious packets. (Answer) – It is deployed in offline mode. –
It has no impact on latency. – It is primarily focused on identifying possible
incidents. 54 What is the term used to describe a potential danger to a
company’s assets, data, or network functionality? – vulnerability – threat
(Answer) – asset – exploit 56 Refer to the exhibit. Network
192.168.30.0/24 contains all of the company servers. Policy dictates that
traffic from the servers to both networks 192.168.10.0 and 192.168.11.0
be limited… Read more »

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers

Reply
View Replies (1) 

ITExamAnswers.net Copyright © 2020. Privacy Policy | Contact

https://itexamanswers.net/ccna-3-v7-modules-3-5-network-security-exam-answers.html[16/10/2020 1:31:43 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Search the site 

Menu 

CCNA 3 v7 Modules 6 – 8: WAN Concepts

Exam Answers
 Dec 22, 2019 |
 Last Updated on Oct 13, 2020 |
 CCNA v7 Course #3 |
 34 Comments

 Share  Tweet  Share  Pin it

How to find: Press “Ctrl + F” in the browser and fill in

whatever wording is in the question to find that
question/answer.
CCNA v7.0 Exam Answers

NOTE: If you have the new question on this test, please CCNA 1 – v7 CCNA 2 – v7

comment Question and Multiple-Choice list in form

CCNA 3 – v7
below this article. We will update answers for you in the
shortest time. Thank you! We truly value your 
contribution to the website. Modules 1 – 3: Basic

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Network Connectivity and

Communications Exam
Answers
1. Which two statements accurately describe an advantage
or a disadvantage when deploying NAT for IPv4 in a Modules 4 – 7: Ethernet
network? (Choose two.) Concepts Exam Answers
NAT improves packet handling.
Modules 8 – 10:
NAT adds authentication capability to IPv4.
Communicating Between
NAT will impact negatively on switch performance.
Networks Exam Answers
NAT causes routing tables to include more information.
NAT provides a solution to slow down the IPv4 address Modules 11 – 13: IP
depletion. Addressing Exam Answers
NAT introduces problems for some applications that
require end-to-end connectivity. Modules 14 – 15: Network
Application Communications
2. A network administrator wants to examine the active NAT
Exam Answers
translations on a border router. Which command would
perform the task? Modules 16 – 17: Building
Router# show ip nat translations and Securing a Small
Router# show ip nat statistics Network Exam Answers
Router# clear ip nat translations
[PT Skills] Practice PT
Router# debug ip nat translations
Skills Assessment (PTSA)
3. What are two tasks to perform when configuring static
NAT? (Choose two.) [Hands on Skills] CCNAv7
ITN Skills Assessment
Configure a NAT pool.
Create a mapping between the inside local and outside ITNv7 Practice Final Exam
local addresses.
Identify the participating interfaces as inside or outside CCNA 1 v7 FINAL Exam
interfaces. Answers
Define the inside global address on the server
Define the outside global address.
4. What is a disadvantage of NAT?
There is no end-to-end addressing. Share your Buy me a
The router does not need to alter the checksum of the IPv4
packets.​ Donate
The internal hosts have to use a single public IPv4 address
for external communication.
The costs of readdressing hosts can be significant for a
publicly addressed network.​ Recent Comments
5. Refer to the exhibit. From the perspective of R1, the NAT RAHMA on CCIE/CCNP 350-401
router, which address is the inside global address? ENCOR Dumps Full Questions with

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

VCE & PDF

Kitty on CCIE/CCNP 350-401
ENCOR Dumps Full Questions with
VCE & PDF
Joe Boy on CCNA 2 v7.0 Final
Exam Answers Full – Switching,
Routing and Wireless Essentials
Trevor Kretzmann on CCNA 200-
301 Dumps Full Questions – Exam
Study Guide & Free
192.168.0.10 NT10 on CCNA 200-301 Dumps
192.168.0.1 Full Questions – Exam Study Guide
209.165.200.225 & Free
209.165.200.254
[Cert] CCNA 200-301 Exam
Explanation: There are four types of addresses in NAT
terminology.
Inside local address
Inside global address
Outside local address
Outside global address
The inside global address of PC1 is the address that the ISP
sees as the source address of packets, which in this
example is the IP address on the serial interface of R1,
209.165.200.224.

6. Refer to the exhibit. Given the commands as shown, how

many hosts on the internal LAN off R1 can have
simultaneous NAT translations on R1?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

244
10
1
255

Explanation: The NAT configuration on R1 is static NAT

which translates a single inside IP address, 192.168.0.10
into a single public IP address, 209.165.200.255. If more
hosts need translation, then a NAT pool of inside global
address or overloading should be configured.

7. Refer to the exhibit. A network administrator has just

configured address translation and is verifying the
configuration. What three things can the administrator
verify? (Choose three.)

A standard access list numbered 1 was used as part of

the configuration process.
Three addresses from the NAT pool are being used by hosts.
Address translation is working.
One port on the router is not participating in the address
translation.
The name of the NAT pool is refCount.
Two types of NAT are enabled.

Explanation: The show ip nat statistics, show ip nat

translations, and debug ip nat commands are useful in
determining if NAT is working and and also useful in
troubleshooting problems that are associated with NAT. NAT
is working, as shown by the hits and misses count. Because
there are four misses, a problem might be evident. The
standard access list numbered 1 is being used and the

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

translation pool is named NAT as evidenced by the last line

of the output. Both static NAT and NAT overload are used as
seen in the Total translations line.

8. Refer to the exhibit. NAT is configured on RT1 and RT2.

The PC is sending a request to the web server. What IPv4
address is the source IP address in the packet between RT2
and the web server?

192.168.1.5
203.0.113.10
172.16.1.254
172.16.1.10
209.165.200.245
192.0.2.2

Explanation: Because the packet is between RT2 and the

web server, the source IP address is the inside global
address of PC, 209.165.200.245.

9. Refer to the exhibit. Based on the output that is shown,

what type of NAT has been implemented?

dynamic NAT with a pool of two public IP addresses

PAT using an external interface
static NAT with a NAT pool
static NAT with one entry

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Explanation: The output shows that there are two inside

global addresses that are the same but that have different
port numbers. The only time port numbers are displayed is
when PAT is being used. The same output would be
indicative of PAT that uses an address pool. PAT with an
address pool is appropriate when more than 4,000
simultaneous translations are needed by the company.

10. Refer to the exhibit. From the perspective of users

behind the NAT router, what type of NAT address is
209.165.201.1?

inside global
outside global
outside local
inside local

Explanation: From the perspective of users behind NAT,

inside global addresses are used by external users to reach
internal hosts. Inside local addresses are the addresses
assigned to internal hosts. Outside global addresses are the
addresses of destinations on the external network. Outside
local addresses are the actual private addresses of
destination hosts behind other NAT devices.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

11. Refer to the exhibit. Static NAT is being configured to

allow PC 1 access to the web server on the internal network.
What two addresses are needed in place of A and B to
complete the static NAT configuration? (Choose two.)

A = 209.165.201.2
A = 10.1.0.13
B = 209.165.201.7
B = 10.0.254.5
B = 209.165.201.1

Explanation: Static NAT is a one-to-one mapping between

an inside local address and an inside global address. By
using static NAT, external devices can initiate connections to
internal devices by using the inside global addresses. The
NAT devices will translate the inside global address to the
inside local address of the target host.

12. What is the purpose of the overload keyword in the ip nat

inside source list 1 pool NAT_POOL overload command?
It allows many inside hosts to share one or a few inside
global addresses.
It allows a list of internal hosts to communicate with a specific
group of external hosts.
It allows external hosts to initiate sessions with internal hosts.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

It allows a pool of inside global addresses to be used by

internal hosts.

Explanation: Dynamic NAT uses a pool of inside global

addresses that are assigned to outgoing sessions. If there
are more internal hosts than public addresses in the pool,
then an administrator can enable port address translation
with the addition of the overload keyword. With port address
translation, many internal hosts can share a single inside
global address because the NAT device will track the
individual sessions by Layer 4 port number.

13. Refer to the exhibit. Which source address is being used

by router R1 for packets being forwarded to the Internet?

10.6.15.2
209.165.202.141
198.51.100.3
209.165.200.225

Explanation: The source address for packets forwarded by

the router to the Internet will be the inside global address of
209.165.200.225. This is the address that the internal
addresses from the 10.6.15.0 network will be translated to by
NAT.

14. Refer to the exhibit. The NAT configuration applied to the

router is as follows:

ERtr(config)# access-list 1 permit 10.0.0.0

0.255.255.255
ERtr(config)# ip nat pool corp 209.165.201.6
209.165.201.30 netmask 255.255.255.224
ERtr(config)# ip nat inside source list 1
pool corp overload
ERtr(config)# ip nat inside source static

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

10.10.10.55 209.165.201.4
ERtr(config)# interface gigabitethernet 0/0
ERtr(config-if)# ip nat inside
ERtr(config-if)# interface serial 0/0/0
ERtr(config-if)# ip nat outside

Based on the configuration and the output shown, what can

be determined about the NAT status within the organization?

Static NAT is working, but dynamic NAT is not.

Dynamic NAT is working, but static NAT is not.
Not enough information is given to determine if both
static and dynamic NAT are working.
NAT is working.

Explanation: There is not enough information given

because the router might not be attached to the network yet,
the interfaces might not have IP addresses assigned yet, or
the command could have been issued in the middle of the
night. The output does match the given configuration, so no
typographical errors were made when the NAT commands
were entered.

15. Which situation describes data transmissions over a

WAN connection?
A network administrator in the office remotely accesses a
web server that is located in the data center at the edge of the
campus.
A manager sends an email to all employees in the
department with offices that are located in several buildings.
An employee prints a file through a networked printer that is

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

located in another building.

An employee shares a database file with a co-worker
who is located in a branch office on the other side of the
city.

Explanation: When two offices across a city are

communicating , it is most likely that the data transmissions
are over some type of WAN connection. Data
communications within a campus are typically over LAN
connections.

16. Which two technologies are categorized as private WAN

infrastructures? (Choose two.)
Frame Relay
VPN
MetroE
DSL
cable

Explanation: Private WAN technologies include leased

lines, dialup, ISDN, Frame Relay, ATM, Ethernet WAN (an
example is MetroE), MPLS, and VSAT.

17. Which network scenario will require the use of a WAN?

Employees need to connect to the corporate email server
through a VPN while traveling.
Employees need to access web pages that are hosted on the
corporate web servers in the DMZ within their building.
Employee workstations need to obtain dynamically assigned
IP addresses.
Employees in the branch office need to share files with the
headquarters office that is located in a separate building on the
same campus network.

Explanation: When traveling employees need to connect to

a corporate email server through a WAN connection, the
VPN will create a secure tunnel between an employee laptop
and the corporate network over the WAN connection.
Obtaining dynamic IP addresses through DHCP is a function

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

of LAN communication. Sharing files among separate

buildings on a corporate campus is accomplished through
the LAN infrastructure. A DMZ is a protected network inside
the corporate LAN infrastructure.

18. What are two hashing algorithms used with IPsec AH to

guarantee authenticity? (Choose two.)
SHA
RSA
DH
MD5
AES

Explanation: The IPsec framework uses various protocols

and algorithms to provide data confidentiality, data integrity,
authentication, and secure key exchange. Two popular
algorithms used to ensure that data is not intercepted and
modified (data integrity and authenticity) are MD5 and SHA.

19. What two algorithms can be part of an IPsec policy to

provide encryption and hashing to protect interesting traffic?
(Choose two.)
SHA
RSA
AES
DH
PSK

Explanation: The IPsec framework uses various protocols

and algorithms to provide data confidentiality, data integrity,
authentication, and secure key exchange. Two algorithms
that can be used within an IPsec policy to protect interesting
traffic are AES, which is an encryption protocol, and SHA,
which is a hashing algorithm.

20. Which VPN solution allows the use of a web browser to

establish a secure, remote-access VPN tunnel to the ASA?
client-based SSL
site-to-site using an ACL

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

clientless SSL
site-to-site using a preshared key

Explanation: When a web browser is used to securely

access the corporate network, the browser must use a
secure version of HTTP to provide SSL encryption. A VPN
client is not required to be installed on the remote host, so a
clientless SSL connection is used.

21. Which IPsec security function provides assurance that

the data received via a VPN has not been modified in transit?
integrity
authentication
confidentiality
secure key exchange

Explanation: Integrity is a function of IPsec and ensures

data arrives unchanged at the destination through the use of
a hash algorithm. Confidentiality is a function of IPsec and
utilizes encryption to protect data transfers with a key.
Authentication is a function of IPsec and provides specific
access to users and devices with valid authentication
factors. Secure key exchange is a function of IPsec and
allows two peers to maintain their private key confidentiality
while sharing their public key.

22. Which two types of VPNs are examples of enterprise-

managed remote access VPNs? (Choose two.)
clientless SSL VPN
client-based IPsec VPN
IPsec VPN
IPsec Virtual Tunnel Interface VPN
GRE over IPsec VPN

Explanation: Enterprise managed VPNs can be deployed in

two configurations:
Remote Access VPN – This VPN is created
dynamically when required to establish a secure
connection between a client and a VPN server. Remote

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

access VPNs include client-based IPsec VPNs and

clientless SSL VPNs.
Site-to-site VPN – This VPN is created when
interconnecting devices are preconfigured with information
to establish a secure tunnel. VPN traffic is encrypted only
between the interconnecting devices, and internal hosts
have no knowledge that a VPN is used. Site-to-site VPNs
include IPsec, GRE over IPsec, Cisco Dynamic Multipoint
(DMVPN), and IPsec Virtual Tunnel Interface (VTI) VPNs.

23. Which is a requirement of a site-to-site VPN?

It requires hosts to use VPN client software to encapsulate
traffic.
It requires the placement of a VPN server at the edge of the
company network.
It requires a VPN gateway at each end of the tunnel to
encrypt and decrypt traffic.
It requires a client/server architecture.

Explanation: Site-to-site VPNs are static and are used to

connect entire networks. Hosts have no knowledge of the
VPN and send TCP/IP traffic to VPN gateways. The VPN
gateway is responsible for encapsulating the traffic and
forwarding it through the VPN tunnel to a peer gateway at
the other end which decapsulates the traffic.

24. What is the function of the Diffie-Hellman algorithm

within the IPsec framework?
guarantees message integrity
allows peers to exchange shared keys
provides authentication
provides strong data encryption

Explanation: The IPsec framework uses various protocols

and algorithms to provide data confidentiality, data integrity,
authentication, and secure key exchange. DH (Diffie-
Hellman) is an algorithm used for key exchange. DH is a
public key exchange method that allows two IPsec peers to
establish a shared secret key over an insecure channel.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

25. What does NAT overloading use to track multiple internal

hosts that use one inside global address?
port numbers
IP addresses
autonomous system numbers
MAC addresses

Explanation: NAT overloading, also known as Port Address

Translation (PAT), uses port numbers to differentiate
between multiple internal hosts.

26. Question as presented:

Explanation: The inside local address is the private IP

address of the source or the PC in this instance. The inside
global address is the translated address of the source or the
address as seen by the outside device. Since the PC is
using the outside address of the R1 router, the inside global
address is 192.0.2.1. The outside addressing is simply the
address of the server or 203.0.113.5.

27. Refer to the exhibit. R1 is configured for static NAT. What

IP address will Internet hosts use to reach PC1?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

192.168.0.1
192.168.0.10
209.165.201.1
209.165.200.225

Explanation: In static NAT a single inside local address, in

this case 192.168.0.10, will be mapped to a single inside
global address, in this case 209.165.200.225. Internet hosts
will send packets to PC1 and use as a destination address
the inside global address 209.165.200.225.

28. Which type of VPN uses the public key infrastructure and
digital certificates?​
SSL VPN
GRE over IPsec
IPsec virtual tunnel interface
dynamic multipoint VPN
29. Which two WAN infrastructure services are examples of
private connections? (Choose two.)
cable
DSL
Frame Relay
T1/E1
wireless

Explanation: Private WANs can use T1/E1, T3/E3, PSTN,

ISDN, Metro Ethernet, MPLS, Frame Relay, ATM, or VSAT
technology.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

30. Which two statements about the relationship between

LANs and WANs are true? (Choose two.)
Both LANs and WANs connect end devices.
WANs are typically operated through multiple ISPs, but
LANs are typically operated by single organizations or
individuals.
WANs must be publicly-owned, but LANs can be owned by
either public or private entities.
WANs connect LANs at slower speed bandwidth than
LANs connect their internal end devices.​
LANs connect multiple WANs together.

Explanation: Although LANs and WANs can employ the

same network media and intermediary devices, they serve
very different areas and purposes. The administrative and
geographical scope of a WAN is larger than that of a LAN.
Bandwidth speeds are slower on WANs because of their
increased complexity. The Internet is a network of networks,
which can function under either public or private
management.

31. Which statement describes an important characteristic of

a site-to-site VPN?
It must be statically set up.
It is ideally suited for use by mobile workers.
It requires using a VPN client on the host PC.
After the initial connection is established, it can dynamically
change connection information.
It is commonly implemented over dialup and cable modem
networks.

Explanation: A site-to-site VPN is created between the

network devices of two separate networks. The VPN is static
and stays established. The internal hosts of the two
networks have no knowledge of the VPN.

32. How is “tunneling” accomplished in a VPN?

New headers from one or more VPN protocols
encapsulate the original packets.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

All packets between two hosts are assigned to a single

physical medium to ensure that the packets are kept private.
Packets are disguised to look like other types of traffic so that
they will be ignored by potential attackers.
A dedicated circuit is established between the source and
destination devices for the duration of the connection.

Explanation: Packets in a VPN are encapsulated with the

headers from one or more VPN protocols before being sent
across the third party network. This is referred to as
“tunneling”. These outer headers can be used to route the
packets, authenticate the source, and prevent unauthorized
users from reading the contents of the packets.

33. Which statement describes a VPN?

VPNs use open source virtualization software to create the
tunnel through the Internet.
VPNs use logical connections to create public networks
through the Internet.
VPNs use dedicated physical connections to transfer data
between remote users.
VPNs use virtual connections to create a private network
through a public network.

Explanation: A VPN is a private network that is created over

a public network. Instead of using dedicated physical
connections, a VPN uses virtual connections routed through
a public network between two network devices.

34. Open the PT Activity. Perform the tasks in the activity

instructions and then answer the question.
What problem is causing PC-A to be unable to communicate
with the Internet?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

The ip nat inside source command refers to the wrong

interface.
The NAT interfaces are not correctly assigned.
The static route should not reference the interface, but the
outside address instead.
The access list used in the NAT process is referencing the
wrong subnet.
This router should be configured to use static NAT instead of
PAT.

Explanation: The output of show ip nat statistics shows

that the inside interface is FastEthernet0/0 but that no
interface has been designated as the outside interface. This
can be fixed by adding the command ip nat outside to
interface Serial0/0/0.

35. What type of address is 64.100.190.189?

public
private
36. Which type of VPN routes packets through virtual tunnel
interfaces for encryption and forwarding?
MPLS VPN
IPsec virtual tunnel interface

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

dynamic multipoint VPN

GRE over IPsec
37. Match the scenario to the WAN solution. (Not all options
are used.)

38. Question as presented:

Refer to the exhibit. The PC is sending a packet to the Server

on the remote network. Router R1 is performing NAT
overload. From the perspective of the PC, match the NAT
address type with the correct IP address. (Not all options are
used.)

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

39. Refer to the exhibit. What has to be done in order to

complete the static NAT configuration on R1?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Interface Fa0/0 should be configured with the command no ip

nat inside.
Interface S0/0/0 should be configured with the command
ip nat outside.
R1 should be configured with the command ip nat inside
source static 209.165.200.200 192.168.11.11.
R1 should be configured with the command ip nat inside
source static 209.165.200.1 192.168.11.11.

Explanation: In order for NAT translations to work properly,

both an inside and outside interface must be configured for
NAT translation on the router.

40. In NAT terms, what address type refers to the globally

routable IPv4 address of a destination host on the Internet?
outside global
inside global
outside local
inside local

Explanation: From the perspective of a NAT device, inside

global addresses are used by external users to reach
internal hosts. Inside local addresses are the addresses
assigned to internal hosts. Outside global addresses are the
addresses of destinations on the external network. Outside
local addresses are the actual private addresses of
destination hosts behind other NAT devices.

41. Refer to the exhibit. Which two statements are correct

based on the output as shown in the exhibit? (Choose two.)

The output is the result of the show ip nat translations

command.
The host with the address 209.165.200.235 will respond
to requests by using a source address of 192.168.10.10.
The output is the result of the show ip nat statistics
command.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Traffic with the destination address of a public web server will

be sourced from the IP of 192.168.1.10.
The host with the address 209.165.200.235 will respond to
requests by using a source address of 209.165.200.235.

Explanation: The output displayed in the exhibit is the result

of the show ip nat translations command. Static NAT
entries are always present in the NAT table, while dynamic
entries will eventually time out.

42. Which circumstance would result in an enterprise

deciding to implement a corporate WAN?
when the enterprise decides to secure its corporate LAN
when its employees become distributed across many
branch locations
when the number of employees exceeds the capacity of the
LAN
when the network will span multiple buildings

Explanation: WANs cover a greater geographic area than

LANs do, so having employees distributed across many
locations would require the implementation of WAN
technologies to connect those locations. Customers will
access corporate web services via a public WAN that is
implemented by a service provider, not by the enterprise
itself. When employee numbers grow, the LAN has to
expand as well. A WAN is not required unless the
employees are in remote locations. LAN security is not
related to the decision to implement a WAN.

43. What is the function of the Hashed Message

Authentication Code (HMAC) algorithm in setting up an IPsec
VPN?
protects IPsec keys during session negotiation
authenticates the IPsec peers
creates a secure channel for key negotiation
guarantees message integrity

Explanation: The IPsec framework uses various protocols

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

and algorithms to provide data confidentiality, data integrity,

authentication, and secure key exchange. The Hashed
Message Authentication Code (HMAC) is a data integrity
algorithm that uses a hash value to guarantee the integrity of
a message.

44. What algorithm is used with IPsec to provide data

confidentiality?
Diffie-Hellman
SHA
MD5
RSA
AES

Explanation: The IPsec framework uses various protocols

and algorithms to provide data confidentiality, data integrity,
authentication, and secure key exchange. Two popular
algorithms that are used to ensure that data is not
intercepted and modified (data integrity) are MD5 and SHA.
AES is an encryption protocol and provides data
confidentiality. DH (Diffie-Hellman) is an algorithm that is
used for key exchange. RSA is an algorithm that is used for
authentication.

45. Which two technologies provide enterprise-managed

VPN solutions? (Choose two.)
remote access VPN
Frame Relay
Layer 2 MPLS VPN
site-to-site VPN
Layer 3 MPLS VPN

Explanation: VPNs can be managed and deployed as either

of two types:
Enterprise VPNs – Enterprise-managed VPNs are a
common solution for securing enterprise traffic across the
internet. Site-to-site and remote access VPNs are
examples of enterprise managed VPNs.
Service Provider VPNs – Service provider managed
VPNs are created and managed over the provider

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

network. Layer 2 and Layer 3 MPLS are examples of

service provider managed VPNs. Other legacy WAN
solutions include Frame Relay and ATM VPNs.

46. Question as presented:

Explanation: The inside local address is the private IP

address of the source or the PC in this instance. The inside
global address is the translated address of the source or the
address as seen by the outside device. Since the PC is
using the outside address of the R1 router, the inside global
address is 192.0.2.1. The outside addressing is simply the
address of the server or 203.0.113.5.

47. Refer to the exhibit. A network administrator is viewing

the output from the command show ip nat translations.
Which statement correctly describes the NAT translation that
is occurring on router RT2?​

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

The traffic from a source IPv4 address of 192.168.254.253

is being translated to 192.0.2.88 by means of static NAT.
The traffic from a source IPv4 address of 192.0.2.88 is being
translated by router RT2 to reach a destination IPv4 address of
192.168.254.253.
The traffic from a source IPv4 public address that originates
traffic on the internet would be able to reach private internal
IPv4 addresses​.
The traffic from a source IPv4 address of 192.168.2.20 is
being translated by router RT2 to reach a destination IPv4
address of 192.0.2.254.

Explanation: Because no outside local or outside global

address is referenced, the traffic from a source IPv4 address
of 192.168.254.253 is being translated to 192.0.2.88 by
using static NAT. In the output from the command show ip
nat translations, the inside local IP address of 192.168.2.20
is being translated into an outside IP address of 192.0.2.254
so that the traffic can cross the public network. A public IPv4
device can connect to the private IPv4 device
192.168.254.253 by targeting the destination IPv4 address
of 192.0.2.88.

48. What type of address is 10.100.126.126?

private
public
49. Which type of VPN connects using the Transport Layer
Security (TLS) feature?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

SSL VPN
MPLS VPN
IPsec virtual tunnel interface
dynamic multipoint VPN
50. Which two end points can be on the other side of an ASA
site-to-site VPN configured using ASDM? (Choose two.)
DSL switch
ISR router
another ASA
multilayer switch
Frame Relay switch
51. Which protocol creates a virtual point-to-point
connection to tunnel unencrypted traffic between Cisco
routers from a variety of protocols?
IKE
IPsec
OSPF
GRE
52. What is a disadvantage when both sides of a
communication use PAT?
End-to-end IPv4 traceability is lost.
The flexibility of connections to the Internet is reduced.
The security of the communication is negatively impacted.
Host IPv4 addressing is complicated.
53. What two addresses are specified in a static NAT
configuration?
the outside global and the outside local
the inside local and the outside global
the inside global and the outside local
the inside local and the inside global
54. A company is considering updating the campus WAN
connection. Which two WAN options are examples of the
private WAN architecture? (Choose two.)
municipal Wi-Fi
digital subscriber line
leased line
Ethernet WAN
cable

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

55. What type of address is 128.107.240.239?

Public
Private
56. Which type of VPN has both Layer 2 and Layer 3
implementations?
IPsec virtual tunnel interface
dynamic multipoint VPN
GRE over IPsec
MPLS VPN
57. Refer to the exhibit. A network administrator has
configured R2 for PAT. Why is the configuration incorrect?

NAT-POOL2 is bound to the wrong ACL

The ACL does not define the list of addresses to be
translated.
The overload keyword should not have been applied.
The static NAT entry is missing

Explain:
In the exhibit, NAT-POOL 2 is bound to ACL 100, but it
should be bound to the configured ACL 1. This will cause
PAT to fail. 100, but it should be bound to the configured
ACL 1. This will cause PAT to fail.

58. Match each component of a WAN connection to its

description. (Not all options are used.)

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

59. Which type of VPN allows multicast and broadcast traffic

over a secure site-to-site VPN?
dynamic multipoint VPN
SSL VPN
IPsec virtual tunnel interface
GRE over IPsec
60. Match the steps with the actions that are involved when
an internal host with IP address 192.168.10.10 attempts to
send a packet to and external server at the IP address
209.165.200.254 across a router R1 that running dynamic
NAT. (Not all options are used.)

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Place the options in the following order:

step 5 => R1 replaces the address 192.168.10.10 with a
translated inside global address.
step 2 => R1 checks the NAT configuration to determine if
this packet should be translated.
step 4 => R1 selects an available global address from the
dynamic address pool.
step 1 => The host sends packets that request a connection
to the server at the address 209.165.200.254
step 3 => If there is no translation entry for this IP address,
R1 determines that the source address 192.168.10.10 must be

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

translated
61. Which type of VPN involves passenger, carrier, and
transport protocols?
GRE over IPsec
dynamic multipoint VPN
MPLS VPN
IPsec virtual tunnel interface
62. Match the steps with the actions that are involved when
an internal host with IP address 192.168.10.10 attempts to
send a packet to an external server at the IP address
209.165.200.254 across a router R1 that is running dynamic
NAT. (Not all options are used.)

63. Refer to the exhibit. A network administrator is viewing

the output from the command show ip nat translations .
Which statement correctly describes the NAT translation that
is occurring on router RT2?​

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

The traffic from a source IPv4 public address that originates

traffic on the internet would be able to reach private internal
IPv4 addresses​.
The traffic from a source IPv4 address of 192.168.2.20 is
being translated by router RT2 to reach a destination IPv4
address of 192.0.2.254.
The traffic from a source IPv4 address of 192.168.254.253
is being translated to 192.0.2.88 by means of static NAT.
The traffic from a source IPv4 address of 192.0.2.88 is being
translated by router RT2 to reach a destination IPv4 address of
192.168.254.253.

Explain: Because no outside local or outside global address

is referenced, the traffic from a source IPv4 address of
192.168.254.253 is being translated to 192.0.2.88 by using
static NAT. In the output from the command show ip nat
translations , the inside local IP address of 192.168.2.20 is
being translated into an outside IP address of 192.0.2.254 so
that the traffic can cross the public network. A public IPv4
device can connect to the private IPv4 device
192.168.254.253 by targeting the destination IPv4 address
of 192.0.2.88.

64. What type of address is 10.131.48.7?

Private
Public
65. Which type of VPN supports multiple sites by applying
configurations to virtual interfaces instead of physical
interfaces?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

dynamic multipoint VPN

IPsec virtual tunnel interface
MPLS VPN
GRE over IPsec
66. Which type of VPN involves a nonsecure tunneling
protocol being encapsulated by IPsec?
dynamic multipoint VPN
SSL VPN
IPsec virtual tunnel interface
GRE over IPsec
67. What type of address is 10.19.6.7?
private
public
68. What type of address is 64.101.198.197?
public
private
69. What type of address is 64.101.198.107
public
private
70. What type of address is 10.100.34.34?
private
public
71. What type of address is 192.168.7.126?
Private.
Public
72. What type of address is 198.133.219.148?
Private.
Public
73. What is the function of the Hashed Message
Authentication Code (HMAC) algorithm in setting up an IPsec
VPN?
authenticates the IPsec peers
guarantees message integrity
protects IPsec keys during session negotiation
creates a secure channel for key negotiation

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Related Articles

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Join the discussion

bullet {{}} 

34 COMMENTS

Nick

5 days ago

What is the function of the Hashed Message Authentication Code (HMAC)

algorithm in setting up an IPsec VPN?

authenticates the IPsec peers

guarantees message integrity
protects IPsec keys during session negotiation
creates a secure channel for key negotiation

Reply

Elipipita

1 month ago

What type of address is 192.168.7.126?

Reply
View Replies (1) 

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Jason

1 month ago

What type of address is 198.133.219.148?

Private. 

Public  

Reply
View Replies (1) 

Alif

3 months ago

What type of address is 10.100.34.34?

*New question

Reply
View Replies (1) 

Mifta

3 months ago

What type of address is 64.101.198.197?

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

 public

 private

Reply

jkt

3 months ago

What type of address is 64.101.198.107

public

private

Public ??

Reply
View Replies (1) 

Maria

3 months ago

Que dos tecnologias proporcionan soluciones VPN administradas por la

empresa?
Layer 2 MPLS VPN
Layer 3 MPLS VPN
Retardo de fotograma
VPN de sitio a sitio
VPN de acceso remoto

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Reply
View Replies (1) 

luck

3 months ago

What type of address is 10.19.6.7?

private
public

Reply
View Replies (1) 

ReivaxHR

4 months ago

Which type of VPN supports multiple sites by applying configurations to

virtual interfaces instead of physical interfaces?
– dynamic multipoint VPN
– IPsec virtual tunnel interface (X)
– MPLS VPN
– GRE over IPsec

Reply

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Guest

4 months ago

Which type of VPN involves a nonsecure tunneling protocol being

encapsulated by IPsec?

dynamic multipoint VPN

SSL VPN
IPsec virtual tunnel interface
GRE over IPsec

Reply

Cheah

4 months ago

Refer to the exhibit. A network administrator is viewing the output from the
command show ip nat translations . Which statement correctly describes
the NAT translation that is occurring on router RT2?​ The traffic from a
source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88
by means of static NAT. The traffic from a source IPv4 address of
192.168.2.20 is being translated by router RT2 to reach a destination IPv4
address of 192.0.2.254. The traffic from a source IPv4 public address that
originates traffic on the internet would be able to reach private internal
IPv4 addresses​. The traffic from… Read more »

Reply

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Guest

5 months ago

Which type of VPN uses the public key infrastructure and digital
certificates?
( )IPsec virtual tunnel interface
( )GRE over IPsec
(*)SSL VPN
( )dynamic multipoint VPN

Reply

anon

5 months ago

uno mas pregunta

What type of address is 10.131.48.7?

Private (Answer)
Public

Reply

New questions

6 months ago

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Hello. Sending some missing questions: Match the steps with the actions
that are involved when an internal host with IP address 192.168.10.10
attempts to send a packet to and external server at the IP address
209.165.200.254 across a router R1 that running dynamic NAT. (Not all
options are used.) Screenshot. Please crop it before uploading: Refer to
the exhibit. The PC is sending a packet to the Server on the remote
network. Router R1 is performing NAT overload. From the perspective of
the PC, match the NAT address type with the correct IP address. (Not all
options are used.) Screenshot:… Read more »

Reply
View Replies (1) 

Ashes

6 months ago

Which type of VPN involves passenger, carrier, and transport protocols?

GRE over IPsec
dynamic multipoint VPN
MPLS VPN
IPsec virtual tunnel interface
Navigation

Reply

Guest

6 months ago

Match the steps with the actions that are involved when an internal host

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

with IP address 192.168.10.10 attempts to send a packet to and external

server at the IP address 209.165.200.254 across a router R1 that running
dynamic NAT. (Not all options are used.) Place the options in the following
order: step 5 => R1 replaces the address 192.168.10.10 with a translated
inside global address. step 2 => R1 checks the NAT configuration to
determine if this packet should be translated. step 4 => R1 selects an
available global address from the dynamic address pool. step 1 => The
host… Read more »

Reply

Guest

6 months ago

Which type of VPN allows multicast and broadcast traffic over a secure
site-to-site VPN?
() dynamic multipoint VPN
() SSL VPN
() IPsec virtual tunnel interface
(*) GRE over IPsec

Reply

Abdul Razzaq

6 months ago

What type of address is 128.107.240.239?

(1). Public
(2). Private

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

The answer is Public.

Reply

Guest

7 months ago

Which type of VPN has both Layer 2 and Layer 3 implementations?

IPsec virtual tunnel interface

dynamic multipoint VPN

GRE over IPsec

MPLS VPN

Reply
View Replies (1) 

Bogdan

8 months ago

Which two end points can be on the other side of an ASA site-to-site VPN
configured using ASDM? (Choose two.)

DSL switch

(X) ISR router

(X) another ASA

multilayer switch

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Frame Relay switch

Reply

Bogdan

8 months ago

Which protocol creates a virtual point-to-point connection to tunnel

unencrypted traffic between Cisco routers from a variety of protocols?

IKE

IPsec

OSPF

(X) GRE

Reply

Bogdan

8 months ago

What is a disadvantage when both sides of a communication use PAT?

End-to-end IPv4 traceability is lost.

The flexibility of connections to the Internet is reduced.

The security of the communication is negatively impacted.

Host IPv4 addressing is complicated.

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Reply
View Replies (2) 

Bogdan

8 months ago

What two addresses are specified in a static NAT configuration?

the outside global and the outside local

the inside local and the outside global

the inside global and the outside local

(X) the inside local and the inside global

Reply

Bogdan

8 months ago

A company is considering updating the campus WAN connection. Which

two WAN options are examples of the private WAN architecture? (Choose
two.)

municipal Wi-Fi

digital subscriber line

(x) leased line

(x) Ethernet WAN

cable

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers

Reply

ITExamAnswers.net Copyright © 2020. Privacy Policy | Contact

https://itexamanswers.net/ccna-3-v7-modules-6-8-wan-concepts-exam-answers.html[16/10/2020 1:32:49 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

This site uses cookies: Find out more. Okay, thanks

Okay, thanks

CCNA6.COM
Routing and Switching v7.0 Exam Answers

 Menu
Facebo

 Home  CCNA 3 v6.0  CCNA3 v6.0 Chapter 5 Exam Answers

Twitter

CCNA3
Pintere v6.0 Chapter 5 Exam Answers
CCNA 3 v6.0
11 July, 2017
 1 Comment
 admin
 CCNA 3, Chapter 5, scaling networks, v6.0
WhatsA

Gmail
0
SHARES

1. Which dynamic routing protocol was developed as an exterior gateway protocol

to interconnect different Internet providers?
BGP*

EIGRP

OSPF

RIP

2. In the context of routing protocols, what is a definition for time to convergence?

the amount of time a network administrator needs to configure a routing protocol in a small- to medium-sized
network

the capability to transport data, video, and voice over the same media

a measure of protocol configuration complexity

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

the amount of time for the routing tables to achieve a consistent state after a topology change*

3. An OSPF enabled router is processing learned routes to select best paths to reach
a destination network. What is the OSPF algorithm evaluating as the metric?
The amount of packet delivery time and slowest bandwidth.

The number of hops along the routing path.

The amount of traffic and probability of failure of links.

The cumulative bandwidth that is used along the routing path.*

4. What is the difference between interior and exterior routing protocols?

Exterior routing protocols are used only by large ISPs. Interior routing protocols are used by small ISPs.

Interior routing protocols are used to route on the Internet. Exterior routing protocols are used inside
organizations.

Exterior routing protocols are used to administer a single autonomous system. Interior routing protocols are
used to administer several domains.

Interior routing protocols are used to communicate within a single autonomous system. Exterior routing
protocols are used to communicate between multiple autonomous systems.*

5. What are two purposes of dynamic routing protocols? (Choose two.)

provide a default route to network hosts

discover remote networks*

provide network security

reduce network traffic

select best path to destination networks*

6. Which routing protocol is designed to use areas to scale large hierarchical

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

networks?
RIP

EIGRP

OSPF*

BGP

7. Which two routing protocols are classified as distance vector routing protocols?
(Choose two.)
OSPF

EIGRP*

BGP

IS-IS

RIP*

8. Refer to the exhibit.

A network administrator has configured RIPv2 in the given topology. Which path
would a packet take to get from the LAN that is connected to R1 to the LAN that is
connected to R7?

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

R1–R3–R4–R5–R6–R7

R1–R3–R2–R6–R7

R1–R3–R2–R6–R7

R1–R2–R6–R7*

9. Which routing protocol sends a routing update to neighboring routers every 30

seconds?
RIP*

EIGRP

OSPF

BGP

10. After a network topology change occurs, which distance vector routing protocol
can send an update message directly to a single neighboring router without
unnecessarily notifying other routers?
IS-IS

RIPv2

EIGRP*

OSPF

RIPv1

11. Which feature provides secure routing updates between RIPv2 neighbors?
unicast updates

routing protocol authentication*

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

keepalive messages

adjacency table

12. What is maintained within an EIGRP topology table?

all routes received from neighbors*

the hop count to all networks

the area ID of all neighbors

the state of all links on the network

13. A network administrator is researching routing protocols for implementation in

a critical network infrastructure. Which protocol uses the DUAL algorithm to
provide almost instantaneous convergence during a route failover?
EIGRP*

RIP

OSPF

BGP

14. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

OSPF is used in the network. Which path will be chosen by OSPF to send data
packets from Net A to Net B?
R1, R2, R5, R7

R1, R3, R5, R7*

R1, R3, R6, R7

R1, R4, R6, R7

R1, R3, R5, R6, R7

15. What are two features of the OSPF routing protocol? (Choose two.)
automatically summarizes networks at the classful boundaries

has an administrative distance of 100

calculates its metric using bandwidth*

uses Dijkstra’s algorithm to build the SPF tree*

used primarily as an EGP

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

16. Which two protocols are link-state routing protocols? (Choose two.)
RIP

OSPF*

EIGRP

BGP

IS-IS*

IGP

17. Which routing protocol uses link-state information to build a map of the
topology for computing the best path to each destination network?
OSPF*

EIGRP

RIP

RIPng

18. Which two requirements are necessary before a router configured with a link-
state routing protocol can build and send its link-state packets? (Choose two.)
The router has determined the costs associated with its active links.*

The router has built its link-state database.

The routing table has been refreshed.

The router has established its adjacencies.*

The router has constructed an SPF tree.

19. What happens when two link-state routers stop receiving hello packets from

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

neighbors?
They continue to operate as normal and are able to exchange packets.

They consider the neighbor to be unreachable and the adjacency is broken.*

They create a default route to the adjacent router.

They will flood their database tables to each other.

20. Which two events will trigger the sending of a link-state packet by a link-state
routing protocol? (Choose two.)
the router update timer expiring

a link to a neighbor router has become congested

a change in the topology*

the initial startup of the routing protocol process*

the requirement to periodically flood link-state packets to all neighbors

21. What is the first step taken by a newly configured OSPF router in the process of
reaching a state of convergence?
It builds the topological database.

It floods LSP packets to neighboring routers.

It learns about directly connected links in an active state.*

It exchanges hello messages with a neighboring router.

22. Which two components of an LSP enable an OSPF router to determine if the
LSP that is received contains newer information than what is in the current OSPF
router link-state database? (Choose two.)
query

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

sequence numbers*

acknowledgements

hellos

aging information*

23. Which statement is an incorrect description of the OSPF protocol?

Multiarea OSPF helps reduce the size of the link-state database.

OSPF builds a topological map of the network.

When compared with distance vector routing protocols, OSPF utilizes less memory and less CPU
processing power.*

OSPF has fast convergence.

24. What is a disadvantage of deploying OSPF in a large single area routing

environment?
OSPF uses multicast updates.

OSPF uses excessive LSP flooding.*

OSPF uses a topology database of alternate routes.

OSPF uses a metric of bandwidth and delay.

25. Match the features of link-state routing protocols to their advantages and
disadvantages. (Not all options are used.)

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

Advantage
event-driven updates

building a topological map

fast convergence

Disadvantage
bandwidth consumption

memory usage

CPU processing time

Facebook Twitter Pinterest Gmail PrintFriendly

RELATED
CCNA3 v6.0 Final Exam Answers CCNA3 v6.0 Chapter 10 Exam

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

100% Option A Answers

12 July, 2017  0 11 July, 2017  0

CCNA3 v6.0 Chapter 9 Exam CCNA3 v6.0 Chapter 6 Exam

Answers Answers

11 July, 2017  0 11 July, 2017  0

ABOUT THE AUTHOR

 ADMIN  EMAIL AUTHOR

ONE RESPONSE
MARY MARY 19 MARCH, 2019  Reply

13. A network engineer is researching dynamic routing protocols and how much time it
takes for a network to converge. What does it mean for a router to achieve convergence?
*the amount of time a network administrator needs to configure a routing protocol in a
small- to medium-sized network
*the capability to transport data, video, and voice over the same media
Correct Answer****the amount of time it takes a router to share information, calculate
best paths, and update the routing table***
*the capability to forward traffic between hosts on a local network

ADD A COMMENT

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

Your email address will not be published. Required fields are marked *

Name

Email

Website

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

SEARCH

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

Search 

FIND US ON FACEBOOK

CCNA6
1,523 likes

Like Page

Be the first of your friends to like this

CCNA V7.0 EXAM ANSWERS

CCNA 1 v7 CCNA 2 v7

CCNA 3 v7

CCNA 1 v7.0 Modules 1 – 3

CCNA 1 v7.0 Modules 4 – 7

CCNA 1 v7.0 Modules 8 – 10

CCNA 1 v7.0 Modules 11 – 13

CCNA 1 v7.0 Modules 14 – 15

CCNA 1 v7.0Modules 16 – 17

CCNA V6.0 ROUTING AND

SWITCHING

CCNA1 v6 CCNA2 v6

CCNA3 v6 CCNA4 v6

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

CCNA 1 v6 - Pretest Exam

CCNA 1 v6 - Chapter 1

CCNA 1 v6 - Chapter 2

CCNA 1 v6 - Chapter 3

CCNA 1 v6 - Chapter 4

CCNA 1 v6 - Chapter 5

CCNA 1 v6 - Chapter 6

CCNA 1 v6 Chapter 6 skill

CCNA 1 v6 - Chapter 7

CCNA 1 v6 - Chapter 8

CCNA 1 v6 - Chapter 9

CCNA 1 v6 - Chapter 10

CCNA 1 v6 - Chapter 11

CCNA 1 v6 - Practice Final

CCNA 1 v6 - Final Exam A

CCNA 1 v6 - Final Exam B

CCNA 1 v6 - Final Exam C

CCNA 1 v6 Final Packet Tracer Skill

Assessment

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 5 Exam Answers - CCNA6.COM

CCNA6.COM Copyright © 2020. CCNA6.COM 2020 CCNA v7.0 Study Materials

https://www.ccna6.com/ccna3-v6-0-chapter-5-exam-answers/[16/10/2020 1:43:21 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

This site uses cookies: Find out more. Okay, thanks

Okay, thanks

CCNA6.COM
Routing and Switching v7.0 Exam Answers

 Menu
Facebo

 Home  CCNA 3 v6.0  CCNA3 v6.0 Chapter 8 Exam Answers

Twitter

CCNA3
Pintere v6.0 Chapter 8 Exam Answers
CCNA 3 v6.0
11 July, 2017
 No Comments
 admin
 CCNA 3, Chapter 8, scaling networks, v6.0
WhatsA

Gmail
0
SHARES

1. What is used to create the OSPF neighbor table?

adjacency database*

link-state database

forwarding database

routing table

2. Which OSPF component is identical in all routers in an OSPF area after

convergence?
adjacency database

link-state database*

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

routing table

SPF tree

3. Which OPSF packet contains the different types of link-state advertisements?

hello

DBD

LSR

LSU*

LSAck

4. What happens immediately after two OSPF routers have exchanged hello packets
and have formed a neighbor adjacency?
They exchange DBD packets in order to advertise parameters such as hello and dead intervals.

They negotiate the election process if they are on a multiaccess network.

They request more information about their databases.

They exchange abbreviated lists of their LSDBs.*

5. What will an OSPF router prefer to use first as a router ID?

any IP address that is configured using the router-id command*

a loopback interface that is configured with the highest IP address on the router

the highest active interface IP that is configured on the router

the highest active interface that participates in the routing process because of a specifically configured network
statement

6. What are the two purposes of an OSPF router ID? (Choose two.)

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

to facilitate the establishment of network convergence

to uniquely identify the router within the OSPF domain*

to facilitate the transition of the OSPF neighbor state to Full

to facilitate router participation in the election of the designated router*

to enable the SPF algorithm to determine the lowest cost path to remote networks

7. By default, what is the OSPF cost for any link with a bandwidth of 100 Mb/s or
greater?
1*

100

10000

100000000

8. Which command should be used to check the OSPF process ID, the router ID,
networks the router is advertising, the neighbors the router is receiving updates
from, and the default administrative distance?
show ip protocols*

show ip ospf neighbor

show ip ospf

show ip ospf interface

9. What are two reasons that will prevent two routers from forming an OSPFv2
adjacency? (Choose two.)
a mismatched Cisco IOS version that is used

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

mismatched OSPF Hello or Dead timers*

mismatched subnet masks on the link interfaces*

use of private IP addresses on the link interfaces

one router connecting to a FastEthernet port on the switch and the other connecting to a GigabitEthernet port

10. Which three addresses could be used as the destination address for OSPFv3
messages? (Choose three.)
FE80::1*

FF02::5*

FF02::6*

FF02::A

FF02::1:2

2001:db8:cafe::1

11. A network administrator enters the command ipv6 router ospf 64 in global
configuration mode. What is the result of this command?
The router will be assigned an autonomous system number of 64.

The router will be assigned a router ID of 64.

The reference bandwidth will be set to 64 Mb/s.

The OSPFv3 process will be assigned an ID of 64.*

12. When a network engineer is configuring OSPFv3 on a router, which command

would the engineer issue immediately before configuring the router ID?
ipv6 ospf 10 area 0

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

ipv6 router ospf 10*

interface serial 0/0/1

clear ipv6 ospf process

13. Single area OSPFv3 has been enabled on a router via the ipv6 router ospf 20
command. Which command will enable this OSPFv3 process on an interface of that
router?
ipv6 ospf 0 area 0

ipv6 ospf 20 area 20

ipv6 ospf 0 area 20

ipv6 ospf 20 area 0*

14. What does a Cisco router use automatically to create link-local addresses on
serial interfaces when OSPFv3 is implemented?
the highest MAC address available on the router, the FE80::/10 prefix, and the EUI-48 process

the FE80::/10 prefix and the EUI-48 process

the MAC address of the serial interface, the FE80::/10 prefix, and the EUI-64 process

an Ethernet interface MAC address available on the router, the FE80::/10 prefix, and the EUI-64
process*

15. Which command will verify that a router that is running OSPFv3 has formed an
adjacency with other routers in its OSPF area?
show running-configuration

show ipv6 ospf neighbor*

show ipv6 route ospf

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

show ipv6 interface brief

16. Which command will provide information specific to OSPFv3 routes in the
routing table?
show ip route ospf

show ip route

show ipv6 route

show ipv6 route ospf*

17. Match the OSPF state with the order in which it occurs. (Not all options are
used.)

Place the options in the following order:

second state  -> Init state
– not scored –
seventh state  -> Full state
fifth state  ->  Exchange state
first state  ->  Down state
fourth state  ->  Exstart state

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

– not scored –
third state  ->  Two-way state
sixth state  ->  Loading state

18. Match each OSPF packet type to how it is used by a router. (Not all options are
used.)

establish and maintain adjacencies = hello packet

advertise new information = link-state update packet

compare local topology to that sent by another router = database description packet

query another router for additional information = link-state request packet

19. By order of precedence, match the selection of router ID for an OSPF-enable

router to the possible router ID options. (Not all option are used.)

loopback interface address 10.1.1.1 = Third precedence

Serial interface IP address 192.168.10.1 = Fourth precedence

Configured router ID 1.1.1.1 = First precedence

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

Loopback interface IP address 172.16.1.1 = Second precedence

20. Match the information to the command that is used to obtain the information.
(Not all options are used.)

show ip ospf neighbor = Neighbor ID of 3.3.3.3

show ip ospf = Routing Process “ospf 10” with ID 1.1.1.1

show ip protocols = Routing Protocol is “ospf 10”

show interface serial 0/0/0 = BW 1544 Kbit/sec

21. Fill in the blank.

OSPF uses “cost” as a metric.

22. Fill in the blank.

The election of a DR and a BDR takes place on “multiaccess” networks, such as Ethernet networks.

23. Open the PT Activity. Perform the tasks in the activity instructions and then
complete the task.

What message is displayed on http://www.ciscoville.com?

Finished!

Completion!*

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

Success!

Converged!

Facebook Twitter Pinterest Gmail PrintFriendly

RELATED
CCNA3 v6.0 Chapter 2 Exam CCNA3 v6.0 Final Exam Answers
Answers 100% Option A

11 July, 2017  1 12 July, 2017  0

CCNA3 v6.0 Final Exam Answers CCNA3 v6.0 Chapter 6 Exam

100% Option B Answers

12 July, 2017  0 11 July, 2017  0

ABOUT THE AUTHOR

 ADMIN  EMAIL AUTHOR

ADD A COMMENT

Your email address will not be published. Required fields are marked *

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

Name

Email

Website

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

SEARCH

Search 

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

FIND US ON FACEBOOK

CCNA6
1,523 likes

Like Page

Be the first of your friends to like this

CCNA V7.0 EXAM ANSWERS

CCNA 1 v7 CCNA 2 v7

CCNA 3 v7

CCNA 1 v7.0 Modules 1 – 3

CCNA 1 v7.0 Modules 4 – 7

CCNA 1 v7.0 Modules 8 – 10

CCNA 1 v7.0 Modules 11 – 13

CCNA 1 v7.0 Modules 14 – 15

CCNA 1 v7.0Modules 16 – 17

CCNA V6.0 ROUTING AND

SWITCHING

CCNA1 v6 CCNA2 v6

CCNA3 v6 CCNA4 v6

CCNA 1 v6 - Pretest Exam

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

CCNA 1 v6 - Chapter 1

CCNA 1 v6 - Chapter 2

CCNA 1 v6 - Chapter 3

CCNA 1 v6 - Chapter 4

CCNA 1 v6 - Chapter 5

CCNA 1 v6 - Chapter 6

CCNA 1 v6 Chapter 6 skill

CCNA 1 v6 - Chapter 7

CCNA 1 v6 - Chapter 8

CCNA 1 v6 - Chapter 9

CCNA 1 v6 - Chapter 10

CCNA 1 v6 - Chapter 11

CCNA 1 v6 - Practice Final

CCNA 1 v6 - Final Exam A

CCNA 1 v6 - Final Exam B

CCNA 1 v6 - Final Exam C

CCNA 1 v6 Final Packet Tracer Skill

Assessment

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 8 Exam Answers - CCNA6.COM

CCNA6.COM Copyright © 2020. CCNA6.COM 2020 CCNA v7.0 Study Materials

https://www.ccna6.com/ccna3-v6-0-chapter-8-exam-answers/[16/10/2020 1:36:46 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

This site uses cookies: Find out more. Okay, thanks

Okay, thanks

CCNA6.COM
Routing and Switching v7.0 Exam Answers

 Menu
Facebo

 Home  CCNA 3 v6.0  CCNA3 v6.0 Chapter 9 Exam Answers

Twitter

CCNA3
Pintere v6.0 Chapter 9 Exam Answers
CCNA 3 v6.0
11 July, 2017
 No Comments
 admin
 CCNA 3, Chapter 9, scaling networks, v6.0
WhatsA

Gmail
0
SHARES

1. What are two reasons for creating an OSPF network with multiple areas?
(Choose two.)
to provide areas in the network for routers that are not running OSPF

to ensure that an area is used to connect the network to the Internet

to reduce SPF calculations*

to reduce use of memory and processor resources*

to simplify configuration

2. What is used to facilitate hierarchical routing in OSPF?

autosummarization 

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

the use of multiple areas*

frequent SPF calculations

the election of designated routers

3. Which two statements correctly describe OSPF type 3 LSAs? (Choose two.)
Type 3 LSAs are known as autonomous system external LSA entries.​

Type 3 LSAs are generated without requiring a full SPF calculation.​*

Type 3 LSAs are used for routes to networks outside the OSPF autonomous system​.

Type 3 LSAs are known as router link entries​.

Type 3 LSAs are used to update routes between OSPF areas.*

4. Which characteristic describes both ABRs and ASBRs that are implemented in a
multiarea OSPF network?
They usually have many local networks attached.

They both run multiple routing protocols simultaneously.

They are required to perform any summarization or redistribution tasks.*

They are required to reload frequently and quickly in order to update the LSDB.

5. What type of OSPF LSA is originated by ASBR routers to advertise external

routes?
type 1

type 2

type 3

type 5*

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

6. What OSPF LSA type is used to inform routers of the router ID of the DR in each
multiaccess network in an OSPF area?
type 1

type 2*

type 3

type 4

7. Refer to the exhibit.

Which two statements are correct? (Choose two.)

The entry for 172.16.200.1 represents a loopback interface.

The routing table contains routes from multiple areas.*

To reach network 172.16.2.0, traffic will travel through the GigabitEthernet0/0 interface.

The routing table contains two intra-area routes.

To reach network 192.168.1.0, traffic will exit via the Serial0/0/0 interface​.*

8. What routing table descriptor is used to identify OSPF summary networks that
originate from an ABR?
O

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

O IA*

O E1

O E2

9. A network administrator is verifying a multi-area OSPF configuration by

checking the routing table on a router in area 1. The administrator notices a route
to a network that is connected to a router in area 2. Which code appears in front of
this route in the routing table within area 1?
C

O E2

O IA*

10. Refer to the exhibit.

What can be concluded about network 192.168.4.0 in the R2 routing table?

The network was learned from a router within the same area as R2.*

The network was learned through summary LSAs from an ABR.

The network can be reached through the GigabitEthernet0/0 interface.

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

This network should be used to forward traffic toward external networks.

11. Which three steps in the design and implementation of a multiarea OSPF
network are considered planning steps? (Choose three.)
Verify OSPF.

Configure OSPF.

Define the OSPF parameters.*

Gather the required parameters.*

Troubleshoot the configurations.

Define the network requirements.*

12. Which two networks are part of the summary route 192.168.32.0/22? (Choose
two.)
192.168.31.0/24

192.168.33.0/24*

192.168.37.0/24

192.168.35.0/24*

192.168.36.0/24

192.168.38.0/24

13. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

What is indicated by the O IA in the router output?

The route was manually configured.

The route was learned from within the area.

The route was learned from outside the internetwork.

The route was learned from another area.*

14. Refer to the exhibit.

A network administrator has been asked to summarize the networks shown in the
exhibit as part of a multiarea OSPF implementation. All addresses are using a
subnet mask of 255.255.255.0. What is the correct summarization for these eight
networks?
10.0.4.0 255.255.0.0

10.0.0.0 255.255.240.0*

10.0.4.0 255.255.248.0

10.0.8.0 255.255.248.0

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

15. The network administrator has been asked to summarize the routes for a new
OSPF area. The networks to be summarized are 172.16.8.0, 172.16.10.0, and
172.16.12.0 with subnet masks of 255.255.255.0 for each network. Which command
should the administrator use to forward the summary route for area 15 into area 0?
area 0 range 172.16.8.0 255.255.255.248

area 0 range 172.16.8.0 255.255.248.0

area 15 range 172.16.8.0 255.255.248.0*

area 15 range 172.16.8.0 255.255.255.248

16. Match each type of OSPF router to its description. (Not all options are used.)

a router in the backbone area => backbone router

a router with all its interfaces in the same area => internal router

a router that has at least one interface that is attached to a non-OSPF network => Autonomous System
Boundary Router

a router with its interfaces attached to multiple areas => Area Border Router

17. Fill in the blank. Do not use acronyms.

OSPF type 2 LSA messages are only generated by the “designated” router to advertise routes in multiaccess
networks.

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

18. Fill in the blank. Use a number.

An ASBR generates type “5” LSAs for each of its external routes and floods them into the area that it is
connected to.

19. Fill in the blank. Use a number.

A type “4” LSA identifies the ASBR and provides a route to it.

20. Refer to the exhibit.

Fill in the blank. Do not use abbreviations.

The “network 192.168.10.128 0.0.0.127 area 1” command must be issued to configure R1 for multiarea
OSPF.​

21. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.
Why are users in the OSPF network not able to access the Internet?
The default route is not redistributed correctly from router R1 by OSPF.

The interface that is connected to the ISP router is down.

The OSPF network statements are misconfigured on routers R2 and R3.

The OSPF timers that are configured on routers R1, R2, and R3 are not compatible.

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

The network statement is misconfigured on router R1.*

22. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.
Fill in the blank. Do not use abbreviations.
What is the missing command on router R2 to establish an adjacency between routers R1 and R3? “network
172.16.10.0 0.0.0.255 area 0” .

Facebook Twitter Pinterest Gmail PrintFriendly

RELATED
CCNA 3 v6.0 Pretest Exam CCNA3 v6.0 Chapter 6 Exam
Answers 100% Answers

11 July, 2017  0 11 July, 2017  0

CCNA3 v6.0 Chapter 4 Exam CCNA3 v6.0 Final Exam Answers

Answers 100% Option C

11 July, 2017  0 12 July, 2017  0

ABOUT THE AUTHOR

 ADMIN  EMAIL AUTHOR

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

ADD A COMMENT

Your email address will not be published. Required fields are marked *

Name

Email

Website

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

SEARCH

Search 

FIND US ON FACEBOOK

CCNA6
1,523 likes

Like Page

Be the first of your friends to like this

CCNA V7.0 EXAM ANSWERS

CCNA 1 v7 CCNA 2 v7

CCNA 3 v7

CCNA 1 v7.0 Modules 1 – 3

CCNA 1 v7.0 Modules 4 – 7

CCNA 1 v7.0 Modules 8 – 10

CCNA 1 v7.0 Modules 11 – 13

CCNA 1 v7.0 Modules 14 – 15

CCNA 1 v7.0Modules 16 – 17

CCNA V6.0 ROUTING AND

SWITCHING

CCNA1 v6 CCNA2 v6

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

CCNA3 v6 CCNA4 v6

CCNA 1 v6 - Pretest Exam

CCNA 1 v6 - Chapter 1

CCNA 1 v6 - Chapter 2

CCNA 1 v6 - Chapter 3

CCNA 1 v6 - Chapter 4

CCNA 1 v6 - Chapter 5

CCNA 1 v6 - Chapter 6

CCNA 1 v6 Chapter 6 skill

CCNA 1 v6 - Chapter 7

CCNA 1 v6 - Chapter 8

CCNA 1 v6 - Chapter 9

CCNA 1 v6 - Chapter 10

CCNA 1 v6 - Chapter 11

CCNA 1 v6 - Practice Final

CCNA 1 v6 - Final Exam A

CCNA 1 v6 - Final Exam B

CCNA 1 v6 - Final Exam C

CCNA 1 v6 Final Packet Tracer Skill

Assessment

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 9 Exam Answers - CCNA6.COM

CCNA6.COM Copyright © 2020. CCNA6.COM 2020 CCNA v7.0 Study Materials

https://www.ccna6.com/ccna3-v6-0-chapter-9-exam-answers/[16/10/2020 1:39:14 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

This site uses cookies: Find out more. Okay, thanks

Okay, thanks

CCNA6.COM
Routing and Switching v7.0 Exam Answers

 Menu
Facebo

 Home  CCNA 3 v6.0  CCNA3 v6.0 Chapter 10 Exam Answers

Twitter

CCNA3
Pintere v6.0 Chapter 10 Exam Answers
CCNA 3 v6.0
11 July, 2017
 No Comments
 admin
 CCNA 3, Chapter 10, scaling networks, v6.0
WhatsA

Gmail
0
SHARES

1. A network administrator has just changed the router ID on a router that is

working in an OSPFv2 environment. What should the administrator do to reset the
adjacencies and use the new router ID?
Configure the network statements.

Change the interface priority.

Issue the clear ip ospf process privileged mode command.*

Change the OSPFv2 process ID.

2. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

What three conclusions can be drawn from the displayed output? (Choose three.)
The DR can be reached through the GigabitEthernet 0/0 interface.*

This interface is using the default priority.

The BDR has three neighbors.

The router ID on the DR router is 3.3.3.3

The router ID values were not the criteria used to select the DR and the BDR.*

There have been 9 seconds since the last hello packet sent.*

3. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

Which conclusion can be drawn from this OSPF multiaccess network?

​When a DR is elected all other non-DR routers become DROTHER.

​All DROTHER routers will send LSAs to the DR and BDR to multicast 224.0.0.5.

If the DR stops producing Hello packets, a BDR will be elected, and then it promotes itself to assume the role
of DR.​

With an election of the DR, the number of adjacencies is reduced from 6 to 3.*

4. Which OSPF feature allows a remote OSPF area to participate in OSPF routing
when it cannot connect directly to OSPF Area 0?
NBMA

DR/BDR

virtual link*

point-to-point connectivity

5. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

What are three resulting DR and BDR elections for the given topology? (Choose
three.)
R3 is BDR for segment A.

R1 is DR for segment A.*

R2 is BDR for segment A.*

R3 is DR for segment A.

R4 is BDR for segment B.

R5 is BDR for segment B.*

6. When checking a routing table, a network technician notices the following entry:

O*E2 0.0.0.0/0 [110/1] via 192.168.16.3, 00:20:22, Serial0/0/0

What information can be gathered from this output?

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

This route is a propagated default route.*

The route is located two hops away.

The metric for this route is 110.

The edge of the OSPF area 0 is the interface that is addressed 192.168.16.3.

7. Refer to the exhibit.

What two conclusions can be drawn based on the output of the show ipv6 route
command? (Choose two.)
Route 2001:DB8:CAFE:4::/64 is an external route advertised by an ASBR.

R2 receives default route information from another router.*

Route 2001:DB8:CAFE:B001::/64 is a route advertised by an ABR.*

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

Route 2001:DB8:CAFE:4::/64 is advertised by a router three hops away.

Routes 2001:DB8:CAFE:1::/64 and 2001:DB8:CAFE:3::/64 are advertised from the same router.

8. Which command will a network engineer issue to verify the configured hello and
dead timer intervals on a point-to-point WAN link between two routers that are
running OSPFv2?
show ip ospf neighbor

show ip ospf interface serial 0/0/0*

show ipv6 ospf interface serial 0/0/0

show ip ospf interface fastethernet 0/1

9. A network engineer suspects that OSPFv3 routers are not forming neighbor
adjacencies because there are interface timer mismatches. Which two commands
can be issued on the interface of each OSFPv3 router to resolve all timer
mismatches? (Choose two.)
no ipv6 ospf hello-interval*

no ipv6 ospf dead-interval*

ip ospf hello-interval 10

ip ospf dead-interval 40

no ipv6 ospf cost 10

no ipv6 router ospf 10

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

10. A network engineer has manually configured the hello interval to 15 seconds on
an interface of a router that is running OSPFv2. By default, how will the dead
interval on the interface be affected?
The dead interval will now be 15 seconds.

The dead interval will now be 30 seconds.

The dead interval will now be 60 seconds.*

The dead interval will not change from the default value.

11. Which command can be used to view the OSPF hello and dead time intervals?
show ip protocols

show ip ospf neighbor

show ip ospf interface*

show ip ospf route

12. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

A network administrator is configuring OSPF for R1 and R2, but the adjacency
cannot be established. What is the cause of the issue?
The process ID is misconfigured.

The area ID is misconfigured.*

The IP address on router R2 is misconfigured.

The interface s0/0/0 on router R2 is missing a link-local address.

13. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

What the amount of time that has elapsed since the router received a hello packet?
40 seconds

10 seconds

4 seconds*

6 seconds

14. Which two parameters must match between neighboring OSPF routers in order
to form an adjacency? (Choose two.)
hello / dead timers*

process ID

router ID

IP address

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

network types*

cost

15. Refer to the exhibit.

A network administrator has configured OSPFv2 on the two Cisco routers but PC1
is unable to connect to PC2. What is the most likely problem?
Interface S0/0 is configured as a passive-interface on router R2.

Interface s0/0 has not been activated for OSPFv2 on router R2.

Interface Fa0/0 is configured as a passive-interface on router R2.

Interface Fa0/0 has not been activated for OSPFv2 on router R2.*

16. Refer to the exhibit.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

R1 and R2 are connected to the same LAN segment and are configured to run
OSPFv3. They are not forming a neighbor adjacency. What is the cause of the
problem?
The IPv6 addresses of R1 and R2 are not in the same subnet.

The OSPFv3 process IDs of R1 and R2 are different.

The timer intervals of R1 and R2 do not match.*

The priority value of both R1 and R2 is 1.

17. A network administrator is troubleshooting an OSPFv3 configuration on an

IPv6 network. The administrator issues the show ipv6 protocols command. What is
the purpose for this command?
to verify OSPFv3 configuration information*

to display the OSPFv3 learned routes in the routing table

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

to display the OSPFv3 parameters configured on an interface

to verify that the router has formed an adjacency with its neighboring routers

18. Refer to the exhibit.

Directly connected networks configured on router R1 are not being shared with
neighboring routers through OSPFv3. What is the cause of the issue?
IPv6 OSPF routing is not enabled.

There is a mismatch of OSPF process ID in commands.*

The no shutdown command is missing on the interfaces.

There are no network statements for the routes in the OSPF configuration.

19. An administrator is troubleshooting OSPFv3 adjacency issues. Which command

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

would the administrator use to confirm that OSPFv3 hello and dead intervals are
matching between routers?​
show ipv6 ospf interface​*

show ipv6 ospf​

show ipv6 protocols​

show ipv6 ospf neighbor​

20. What three states are transient OPSF neighbor states that indicate a stable
adjacency is not yet formed between two routers? (Choose three.)
full

exstart*

2way

exchange*

loading*

established

21. Match each OSPF election criterion to its sequential order for the OSPF DR and
BDR election process. (Not all options are used.)

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

22. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.

Which routers are the DR and BDR in this topology?

DR:R1 BDR:R2

DR:R6 BDR:R5

DR:R5 BDR:R3

DR:R3 BDR:R6

DR:R4 BDR:R1

DR:R3 BDR:R5*

23. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.

A network administrator is configuring multiarea OSPFv3 on the routers. The

routing design requires that the router RT1 is a DROTHER for the network in Area
0 and the DR for the network in Area 1. Check the settings and status of the routers.
What can the administrator do to ensure that RT1 will meet the design requirement
after all routers restart?

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

Restart all routers except for RT1.

Change the router ID to 5.5.5.5 on RT1.

Configure the loopback 0 interface with 6.6.6.6.

Use the ipv6 ospf priority 0 command on the interface g0/0 of RT1.

Use the ipv6 ospf priority 10 command on the interface g0/2 of RT1.*

Facebook Twitter Pinterest Gmail PrintFriendly

RELATED
CCNA3 v6.0 Chapter 5 Exam CCNA3 v6.0 Chapter 7 Exam
Answers Answers

11 July, 2017  1 11 July, 2017  0

CCNA3 v6.0 Chapter 1 Exam CCNA3 v6.0 Chapter 2 Exam

Answers Answers

11 July, 2017  0 11 July, 2017  1

ABOUT THE AUTHOR

 ADMIN  EMAIL AUTHOR

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

ADD A COMMENT

Your email address will not be published. Required fields are marked *

Name

Email

Website

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

SEARCH

Search 

FIND US ON FACEBOOK

CCNA6
1,523 likes

Like Page

Be the first of your friends to like this

CCNA V7.0 EXAM ANSWERS

CCNA 1 v7 CCNA 2 v7

CCNA 3 v7

CCNA 1 v7.0 Modules 1 – 3

CCNA 1 v7.0 Modules 4 – 7

CCNA 1 v7.0 Modules 8 – 10

CCNA 1 v7.0 Modules 11 – 13

CCNA 1 v7.0 Modules 14 – 15

CCNA 1 v7.0Modules 16 – 17

CCNA V6.0 ROUTING AND

SWITCHING

CCNA1 v6 CCNA2 v6

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

CCNA3 v6 CCNA4 v6

CCNA 1 v6 - Pretest Exam

CCNA 1 v6 - Chapter 1

CCNA 1 v6 - Chapter 2

CCNA 1 v6 - Chapter 3

CCNA 1 v6 - Chapter 4

CCNA 1 v6 - Chapter 5

CCNA 1 v6 - Chapter 6

CCNA 1 v6 Chapter 6 skill

CCNA 1 v6 - Chapter 7

CCNA 1 v6 - Chapter 8

CCNA 1 v6 - Chapter 9

CCNA 1 v6 - Chapter 10

CCNA 1 v6 - Chapter 11

CCNA 1 v6 - Practice Final

CCNA 1 v6 - Final Exam A

CCNA 1 v6 - Final Exam B

CCNA 1 v6 - Final Exam C

CCNA 1 v6 Final Packet Tracer Skill

Assessment

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]

CCNA3 v6.0 Chapter 10 Exam Answers - CCNA6.COM

CCNA6.COM Copyright © 2020. CCNA6.COM 2020 CCNA v7.0 Study Materials

https://www.ccna6.com/ccna3-v6-0-chapter-10-exam-answers/[16/10/2020 1:40:24 AM]