Having the proper certifications means better employment opportunities and better partnerships with vendors. This certification series, courtesy of Kaplan’s Transcender IT Certification Success, will test your knowledge of various certification exams, including an in-depth tutorial explaining each answer. The tutorial also includes further reading and relevant information.
In our second exam, we’ll be testing your knowledge of Interconnecting Cisco Networking Devices, which is part of the Cisco CCNA certification.
Interested in other IT certifications? Transcender offers practice exams on many certifications, ranging from CompTIA to CISSP. For a limited time, ChannelPro-SMB.com readers get an exclusive discount to these practice exams. Use offer code CPSMB10P for 10 percent off of any practice exam. Offer excludes CD and Voucher purchase options. This offer code expires on December 1, 2011.
The Cisco Certified Network Associate (CCNA) Certification is a testing program that certifies the skills of computer professionals responsible for supporting local-area and wide-area routed networks and local-area switched networks using Cisco software and hardware solutions. NetCert: Interconnecting Cisco Networking Devices Part 1 practice test is designed to prepare you to pass the ICND1 (640-822) exam given by Cisco. The ICND1 exam measures your ability to properly support routed and switched LANs and routed WANs.
By first reviewing the suggested materials and then practicing with NetCert: Interconnecting Cisco Networking Devices Part 1, you should be fully prepared to pass the actual exam given by Cisco. The ICND1 exam is the first exam in the two-exam path to achieve the CCNA certification.
Review the Interconnecting Cisco Network Devices Part 1 exam (ICND1 640-822) information page at http://www.cisco.com/web/learning/le3/current_exams/640-822.html. This site contains the authoritative list of information about the ICND1 exam and includes a link to other available references.
CiscoÆ, Cisco SystemsÆ, CCDA, CCNA, CCDP, CCNP, CCIE, CCSI, and the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks belong to their respective owners.
In which of the following networks does the address 192.168.54.23/27 reside?
a.) 192.168.54.0
b.) 192.168.54.8
c.) 192.168.54.4
d.) 192.168.54.16
In which two situations would it be appropriate to issue the ipconfig command with the /release and /renew options? (Choose two.)
a.) When the result of running the ipconfig /all command indicates a 169.254.163.6 address
b.) When recent scope changes have been made on the DHCP server
c.) When no IP helper address has been configured on the router between the client and the DHCP server
d.) When the no ip directed-broadcast command has been issued in the router interface local to the client, and no IP helper address has been configured on the router between the client and the DHCP server
When packets are transmitted from one host to another across a routed segment, which two addresses are changed? (Choose two.)
a.) source IP address
b.) source MAC address
c.) destination IP address
d.) destination MAC address
Which statement is TRUE of the Cisco IOS ip default-network command?
a.) the command is classful
b.) the command is an interface configuration mode command
c.) the command alone cannot define the gateway of last resort
d.) the command is issued when IP routing is disabled on the router
Which security protocol uses Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP)?
a.) WEP
b.) WPA
c.) LEAP
d.) WPA2
In which of the following networks does the address 192.168.54.23/27 reside?
a.) 192.168.54.0
b.) 192.168.54.8
c.) 192.168.54.4
d.) 192.168.54.16
Answer:
a.) 192.168.54.0
When a class C address such as 192.168.54.0 is subnetted with a /27 mask, the subnet mask in dotted decimal format is 255.255.255.224. This means that the interval between the network IDs of the resulting subnets is 32. The resulting network IDs are as follows:
- 192.168.54.0
- 192.168.54.32
- 192.168.54.64
- 192.168.54.92 and so on.
Therefore, the address 192.168.54.23 resides in the 192.168.54.0 subnet.
Neither the first address (192.168.54.0, the network ID) nor the last address (192.168.54.31, the broadcast address) in any resulting subnet can be used. Therefore, the addresses in this range are 192.168.54.1 through 192.168.54.30, which includes the 192.168.54.23 address.
192.168.54.8 would only be a network ID if the mask were /29, which would result in an interval of 8 between network IDs. However, even if a /29 mask were used, the 192.168.54.23 address would not fall in its range. The address range for a /29 mask would be 192.168.54.9 through 192.168.54.14.
Similarly, 192.168.54.4 would only be a network ID for a /30 mask, which would result in an interval of 4 between network IDs. But even if a /30 mask were used, the 192.168.54.23 address would not fall in its range. The address range for a /30 mask would be 192.168.54.5 through 192.168.54.6.
192.168.54.16 could be a network ID if the mask were /28, /29 or /30, but not with a /27 mask.
Reference:
In which two situations would it be appropriate to issue the ipconfig command with the /release and /renew options? (Choose two.)
a.) When the result of running the ipconfig /all command indicates a 169.254.163.6 address
b.) When recent scope changes have been made on the DHCP server
c.) When no IP helper address has been configured on the router between the client and the DHCP server
d.) When the no ip directed-broadcast command has been issued in the router interface local to the client, and no IP helper address has been configured on the router between the client and the DHCP server
Answer:
a.) When the result of running the ipconfig /all command indicates a 169.254.163.6 address
b.) When recent scope changes have been made on the DHCP server
It would it be appropriate to issue the ipconfig command with the /release and /renew options when the result of running the ipconfig /all command indicates a 169.254.163.6 address, or when recent scope changes have been made on the DHCP server. When a computer has an address in the 169.254.0.0 network, it indicates that the computer has not been issued an address from the DHCP server. Instead, the computer has utilized Automatic Private IP Addressing (APIPA) to issue itself an address. If the reason for this assignment is a temporary problem with the DHCP server or some other transitory network problem, issuing the ipconfig /release command followed by the ipconfig /renew command could allow the computer to receive the address from the DHCP sever.
Similarly, if changes have been made to the settings on the DHCP server, such as a change in the scope options (such as gateway or DNS server), issuing this pair of commands would update the DHCP client with the new settings when his address is renewed.
These commands will have no effect when no IP helper address has been configured on the router between the client and the DHCP server. An IP helper address can be configured on the local interface of a router when no DHCP server exists on that subnet and you would like to allow the router to forward DHCP DISCOVER packets to the DHCP server on a remote subnet. DHCP DISCOVER packets are broadcast, and routers do not pass on broadcast traffic by default.
These commands also will be of no benefit if the no ip directed-broadcast command has been issued in the router interface local to the client and no IP helper address has been configured on the router between the client and the DHCP server. The no ip directed-broadcastcommand instructs the router to deny broadcast traffic (which is the default). Under those conditions, the command will not result in finding the DHCP server or receiving an address.
Reference:
When packets are transmitted from one host to another across a routed segment, which two addresses are changed? (Choose two.)
a.) source IP address
b.) source MAC address
c.) destination IP address
d.) destination MAC address
Answer:
b.) source MAC address
d.) destination MAC address
When packets move from one LAN segment to another LAN segment across a router, the source and destination Media Access Control (MAC) addresses in the packet change.
Packets destined for a remote network must be forwarded by a router that is typically the sending host’s default gateway. The IP address of the remote host is inserted into the packet, while the MAC address of the default gateway is inserted as the Layer 2 address. This ensures that the packet is received by the default gateway. The router then examines the destination IP address, performs a route lookup, and forwards the packet toward the destination, inserting its MAC address as the source MAC address. If the next hop is another router, then the destination MAC address is replaced with the next router’s MAC address. This process is repeated by each router along the path (inserting its own MAC address as the source MAC address and inserting the MAC address of the next router interface as the destination MAC address) until the packet is received by the remote host’s default gateway. The destination gateway then replaces the destination MAC address with the host’s MAC address and forwards the packet.
It is incorrect to state that the source IP address or the destination IP address change when packets transfer from one host to another across a routed segment. The Internet Protocol (IP) addresses within the packets do not change because this information is needed to route the packet, including any data returned to the sender.
Data return to the sending host is critically dependent on the destination having a default gateway configured and its router having a route back to the sender. If either is missing or configured incorrectly, a return is not possible. For example, when managing a switch remotely with Telnet, the switch cannot be located on the other side of a router from the host being used to connect if the switch does not have a gateway configured. In this case, there will no possibility of a connection being made because the switch will not have a return path to the router.
Reference:
Cisco Documentation > Internetworking Technology Handbook > Routing Basics
Which statement is TRUE of the Cisco IOS ip default-network command?
a.) the command is classful
b.) the command is an interface configuration mode command
c.) the command alone cannot define the gateway of last resort
d.) the command is issued when IP routing is disabled on the router
Answer:
a.) the command is classful
It is correct to state that the ip default-network command is classful. This means that a subnet network defined by this command will not flag the route as a default route, because the route will be installed to the major network that the subnet was derived from. To flag the candidate route as a default route, the ip default-gateway command needs to be reissued using the major net. For example if you ran the ip default-gateway command for the 171.70.24.0 network (which is a subnet of the 172.70.0.0 class B network), it would not be flagged as a candidate default route unless you also issued the command for the 172.70.0.0 network.
The ip default-network command is NOT an interface configuration mode command. This command is a global configuration command.
It is not correct to state that the ip default-network command alone cannot define the gateway of last resort. Although there are instances when this command alone will not suffice, multiple commands are not always required. The ip default-network command is classful. This means that a subnet network defined by this command will not flag the route as a default route, because the route will be installed to the major network that the subnet was derived from. To flag the route as a default route, the ip default-gateway command needs to be reissued using the major net. It functions the same as the ip default-network command. The only difference between these commands is that the ip default-gateway command can only be used when IP routing is disabled on the router.
The command ip route 0.0.0.0 0.0.0.0.0 can also be used to set a default route. When running the ip route 0.0.0.0 0.0.0.0.0 command, the address to which these packets should be forwarded is appended to the command, as in the following example:
ip route 0.0.0.0 0.0.0.0.0 192.168.1.10.
This command would forward all packets that are destined for networks that do not appear in the routing table to 192.168.1.10.
When running the ip-default gateway command, the destination address is appended to the end, as in the following example:
ip-default gateway 192.168.1.20
The ip default-gateway command is valid to configure a default gateway on a Cisco switch as well.
The ip default-network command is NOT issued when IP routing is disabled on the router. The ip default-gateway command is used when IP routing is disabled.
Reference:
Cisco Documentation > Configuring a Gateway of Last Resort Using IP Commands > Document I
: 16448
Which security protocol uses Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP)?
a.) WEP
b.) WPA
c.) LEAP
d.) WPA2
Answer:
d.) WPA2
AES-CCMP is used by Wi-Fi Protected Access version 2 (WPA2) for data encryption. When operating in Personal mode, WPA2 uses a pre-shared key for authentication. When operating in Enterprise mode, it uses 802.1X and Extendible Authentication Protocol (EAP) for authentication. The AES algorithm is used in CCMP. With CCMP, a single component controls key management and message integrity.
IEEE 802.11i is an enhancement to the 802.11 standard for WLAN security mechanisms .WPA2 (an implementation of 802.11i) was developed to overcome the security weaknesses of the Wired Equivalent Privacy (WEP) specifications.
WPA uses Message Integrity Code/Temporal Key Integrity Protocol (MIC/TKIP) to encrypt data. In WPA, the keys change automatically as the system is used. The MIC which is used in WPA has a frame counter which protects against possible replay attacks.
Wired Equivalent Privacy (WEP) is an encryption technique that uses 40-bit and 128-bit static keys that provide secure transaction between an AP and a wireless client by encrypting the transmitted data. A WEP key must be configured and match on both AP and the wireless client.
Lightweight -EAP (LEAP) uses the TCP handshake process similar to EAP-TLS but employs a user name and password for authentication using a RADIUS server. EAP-TLS requires the use of certificates.
LEAP authentication provides two-way security:
- Using dynamic session WEP keys: The dynamic session-based WEP keys are generated by the RADIUS authentication server and encrypt the data sent over wireless media between the Access Points and the client adapters. This reduces administration since the keys then do not require static configuration on both ends as with standard WEP
- User Authentication: The user database can be defined either on the RADIUS server or on a Windows server.
Reference:
http://www.microsoft.com/technet/community/columns/cableguy/cg0505.mspx