Вы находитесь на странице: 1из 75

WAN Questions

Here you will find answers to WAN Questions

Question 1
As a network technician, you must know the various layers of the OSI model. At which layers of the OSI
Model do
Wide Area Networks operate in? (Choose two)
A. Physical Layer
B. Datalink Layer
C. Network
Layer D. Session
E. Transport Layer
F. Presentation Layer
G. Application Layer

Answer: A
Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the
Question 2
Network equipment supporting the use of flow control mechanisms has been recently install ed in the
network. What is the purpose of flow control in a data network?
A. It ensures that data is retransmitted if an acknowledgment is not
received. B. It reassembles segments in the correct order on the
destination device.
C. It provides a mechanism for the receiver to control the transmission
speed. D. It regulates the size of each datagram segment.
E. All of the above are functions of flow control

Answer: C

Flow control is the process that control the rates at which data is transferred between two endpoints, enabling

receiving device to signal congestion to a sending device, which allows for the sending device to
temporarily halt transmission, alleviating congestion at the receiving device.
You are a network administrator working in the communication company. One day, you find that the
encapsulation has been altered by someone on a synchronous serial line and this new configuration is not
the optimal one. So you attempt to return the encapsulation to the default. Which measure will you take to
reach this goal?
A. Issue the shutdown then no shutdown commands to reset the encapsulation on the
interface. B. Reboot the router and allow it to reload the configuration.
C. Configure the interface for HDLC
encapsulation. D. Change the encapsulation to

Answer: C
We cant use the shutdown & no shutdown commands to reset the encapsulation because it doesnt
affect the encapsulation type -> A is not correct.
Reboot the router and reload the configuration can solve this problem but other configuration will be erased
too ->
The question asks attempt to return the encapsulation to the default and the default encapsulation on a
Cisco router is HDLC so we can configure the interface for HDLC encapsulation -> C is the correct.
D is not correct as ARPA is not the default WAN encapsulation of a Cisco router. ARPA is the standard
Ethernet version 2.0 encapsulation.
During your interview for a network administrator job, your interviewer gives you some statements to
judge. The following options are all related to the configuration of a serial link on a Cisco router. You
should point out which one is the correct. What is your answer?
A. The clock rate command is a requirement for DCE
B. If the clock rate command is configured, then the bandwidth command is
required. C. If the bandwidth command is configured, then the clock rate
command is required. D. Cisco routers are DCE devices.

Answer: A
The purpose of DCE equipment is to provide clocking and switching services in a network. Clock rate
doesnt have

a default value so we have to configure it manually (while bandwidth does have a default value). Cisco
routers can be configured as DTE or DCE devices.
Question 5
As a network technician, you should know how to gain information from the exhibit. According to the
command output displayed in the following exhibit, please point out the correct description about
interface Serial 0/0/0.
Router#show running-config
Building configuration

Current configuration :59 bytes

<output omitted>
interface Serial0/0/0
ip address
A. The configuration is incomplete, which will cause the interface status to be Serial0/0/0 is down, line
protocol is down
B. The interface is using Cisco HDLC for layer 2 encapsulation.
C. The configuration is incomplete, which will cause the interface status to be Serial0/0/0 is up, line
protocol is down.
D. A ping to the remote address will be successful.

Answer: B
The configuration is correct and the no shutdown command was used (because we dont see a shutdown
line in the output) so we can see at least Serial0/0/0 is up -> A is not correct.
Although the configuration is correct but we dont know if this interface is connected with another router or
not. If it is connected with another interface (on another router) and that interface is up, we will see the
Serial0/0/0 is up, line protocol is up. Otherwise we will see Serial0/0/0 is up, line protocol is down ->
we cant guarantee answer C is correct.
Answer D is the same with C because we dont know if the remote interface exists (and
turned up) or not.

For WAN interface (serial interface), the default layer 2 encapsulation is HDLC -> B is correct.

Question 6

Router2#show interface serial 0/0

Serial0/0 is up, line protocol is
down Hardware is PowerQUICC
Serial Internet address is
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255 load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
<output omitted>
You work as a network administrator. You study the exhibits carefully. The corporate office and branch
office have been attached through two non-Cisco routers over a highly reliable WAN connection over a
year. A new Cisco router has been installed to replace the hardware at the branch location. Since the
installation, IP communication cannot be verified across the link.
Given the output on router R1, what could be a logical first step to take to resolve this
problem? A. Ensure an exact match between the bandwidth setting on Router1 and
B. Change the encapsulation on Router1 to PPP.
C. Change the bandwidth setting on Router1 to match the actual line speed
D. Verify successful DCE communication between the two sites.
E. Verify Layer1 communication on the Router1 Serial0/0 interface

Answer: B
HDLC is a Cisco proprietary protocol so we cant use it when connecting to a non-Cisco router. PPP
is the standard protocol that is widely supported and used by many ISPs.

Question 7
From the choices shown above, which port can be used for a WAN T1 connection?

A. Console
B. Serial 0
E. None of the other alternatives apply

Answer: B
The console port is intended for local administrative access from an ASCII terminal or a computer using a
terminal emulator.
Serial ports support WAN T1 connection.
Attachment Unit Interface (AUI) ports are designed to connect to an external transceiver for conversion to a
specific media type (such as twisted pair, coax, or fiber). AUI can transfer only 1 bit at a time.
BRI ports are used for ISDN services (mostly
voice). Question 8
A WAN connection is shown below:

Based on this diagram, which two devices can be used to complete the connection between the WAN router
at the customer site and the service provider? (Choose two)
B. modem
C. WAN switch
D. ATM switch
E. Frame Relay switch

Answer: A


A modem or CSU/DSU can provide clock rate so it can be used for the topology above.
The Channel Service Unit (CSU) can echo loopback signals from the phone company for testing purposes.
The Data Service Unit (DSU) manages line control, and converts input and output between RS-232C, RS449, or V.35 frames from the LAN and the time-division multiplexed (TDM) DSX frames on the T-1 line.
The DSU provides a modem-like interface between the computer as Data Terminal Equipment (DTE) and
the CSU.

Security Testlet

Not sure about the requirement of this question but it is something like this:
Before this switch and router can be put to use in the network, what security risks can be found
We are still not sure about the configurations in this sim but we got some information to share with you (updated
on December-07-2011. Thanks Joe Mendola, xallax and many candidates who share the information!):
Maybe this is the configurations on Router and Switch (but notice that they are surely missing something):
no service password-encryption
enable password cisco
username ciscouser privilege 15 password 0 cisco
banner motd ^CWelcome! If you encountered any problem, please consult the administrator^C

line vty 0 4
password 4t&34rkf
login local
transport input telnet ssh

no service password-encryption
line console 0
line vty o 4
no login
transport input telnet ssh (????)
line vty 5 15 (????)
login (????)
transport input telnet ssh (????)
banner motd ^CWelcome! If you encountered any problem, please consult the administrator^C
Note: This is just what we gather and guess. In the exam the configurations may be different so make sure
you understand about enable secret, enable password, login, login local, transport input, line
vty, service password-encryption, bannder motd, privilege before taking this exam!
This sim has 4 questions:
Question 1
Identify security threats on RouterA (select 3)
A. unencrypted password set
B. unsecured message on banner
C. remote access can only be made through telnet or SSH
D. user gets level 15 automatically by default

Answer: A C D
Guideline to answer this question:
Because the service password-encryption is not set on RouterA so the password to access privileged mode (via
the command enable password cisco) is unencrypted. Also, the password for VTY is unencrypted (notice that
the password 4t&34rkf is in fact unencrypted) -> A is correct.
Although the banner says Welcome but it does not leak any security information so it is still safe -> B is not
From the command transport input telnet ssh we learn that remote access can be mad through telnet or SSH.
This is also the default setting of Cisco router -> C is correct.
In the line vty 0 4 configuration, the type of login is specified as login local. It means that the router will not
use the password configured under line vty 0 4 (in this case 4t&34rkf) but it will use the user & password
configured in username ciscouser privilege 15 password cisco command. The command username ciscouser
privilege 15 password cisco will grant the privilege of 15 for ciscouser user -> D is correct.

Question 2
Which two of the following are true regarding the configuration of RouterA (choose two)
A. at least 5 simultaneous remote connect are possible
B. only telnet protocol connections to Router A are supported
C. remotely connection to RouterA using telnet will succeed
D. console line connection will never time out due to inactivity
E. since DHCP is not used on Fa0/1 there is not a need to use the NAT protocol

Answer: A C
Guideline to answer this question:
A is correct as we can telnet from line 0 to line 4 (line vty o 4).
We can use both telnet and SSH to connect to this router (transport input telnet ssh) -> B is not correct.
C is correct as we can telnet to it.
D is not correct because by default, the timeout is set to 10 minutes on both the console and the vty ports.
E is not correct as NAT can be used even DHCP is not used.
Question 3
Select the options which are security issues which need to be modified before RouterA is used (not sure how
many answers we can choose)
A. unencrypted weak password is configured to protect privilege mode
B. inappropriate wording in banner message
C. the virtual terminal lines have weak password configured
D. virtual terminal lines have a password, but it will not be used
E. configuration supports in-secure web server access

Answer: A D
Guideline to answer this question:
Privilege mode on RouterA is protected with unencrypted password (via enable password command) -> A is
B is not correct as mentioned above.
The password of VTY lines is 4t&34rkf. Although it is unencrypted but it is not a weak password because it
has number & special characters inside -> C is not correct.
Although a password of 4t&34rkf is configured but with the command login local, router will use the
username of ciscouser & password of cisco (configured in username ciscouser privilege 15 password 0
cisco command) -> D is correct.
By checking the configuration of routerA with the show run command. To support web server access it must
have the command ip http server but it does not -> E is not correct.
Question 4
Select three options which are security issues with the current configuration of Switch A. (Choose three)

A. privilege mode is protected with an unencrypted password

B. inappropriate wording in banner message
C. virtual terminal lines are protected only by a password requirement
D. both the username and password are weak
E. telnet connections can be used to remotely manage the switch
F. Cisco user will be granted privilege level 15 by default

Answer: not sure

Guideline to answer this question:
We havent had enough information about switch configuration so we cant be sure about the correct answers but
the below is a guideline:
Answer B is surely not correct as the wording in banner does not leak any security information.
If under line vty 0 4 you see the login command but it does not have a password then maybe answer C is
correct. In this case if we try to telnet/ssh to the switch then we will receive a message Password required, but
none set then we are kicked out ^^.
If you see popular username and password then maybe answer D is correct.
If the command transport input specifies telnet as a method then answer E is correct.
For answer F, if you see something like this:
line vty 0 4
privilege level 15
or these lines:
username ciscouser privilege 15 password cisco
login local (in line vty 0 4)
then answer F is correct.

ARP Testlet
This is a testlet. The testlet consists of 4 questions that relate to the scenario below:

Directions: Refer to the exhibit. This testlet consists of four questions that address steps in the process of data
communication between host F and the server named WWW on another LAN. You are free to move back and
forth between the questions to review your answers.
Question 1:
In order to begin communicating with the server, host F sends out an ARP request. How will the devices
exhibited in the topology respond to this request?
A Switch West _1 will reply with the MAC address of the server.
B Hosts D and E will respond that the destination is not on the local LAN.
C Router SFX will forward the ARP request to the ILM router .
D Switch West _1 will block the request since the server is not on the LAN.
E The ILM router will respond with the IP address of the WWW server.
F Router SFX will respond with the MAC address of its Fa0/0 interface.

Answer: F
Because the server WWW is on another LAN of host F, host F knows that it has to send its packets to the
default gateway. Therefore, for the first time, it will send out an ARP broadcast message asking for the MAC
address of router SFX. Router SFX receives this message and replies with the MAC address of Fa0/0 interface.
Later, when host F wants to send packets to WWW server, it will include the IP address of WWW server and
the MAC address of Fa0/0 interface of SFX router in the destination IP address and destination MAC
address fields, respectively.
Question 2:
The ARP reply has been received by host F, which needs to build the packet. What information will be placed
in the header of the packet that leaves host F if host F is to communicate with the WWW server? (Choose two)
A The destination address will be the IP address of interface Fa0/0 of the ILM router .
B The destination address will be the IP address of the WWW server.
C The destination address will be the IP address of interface Fa0/0 of router SFX.
D The source address will be the IP address of host F.
E The source address will be the IP address of interface Fa0/0 of router SFX.
F The destination address will be the IP address of interface Fa0/0 of router SFX.

Answer: B D
After receiving ARP reply from SFX router, host F will place these fields in the header of the packets:
Source addresses: the IP address of host F and the MAC address of host F
Destination addresses: the IP address of WWW server and the MAC address of SFX router
Question 3:
The frame has been received by the ILM router and is to be delivered on the local LAN. Which two statements
describe the addressing of the Ethernet frame that has been created by the ILM router ? (Choose two)
A The destination address will the be the MAC address of the switch A port attached to the Fa0/0 interface of
the ILM router .
B The destination address will be the MAC address of the WWW server.
C The destination address will be the MAC address of the A switch port attached to the WWW server.
D The source address will be the MAC address of host F.
E The source address will be the MAC address of interface Fa0/0 of the ILM router.

Answer: B E
Question 4:
Host F is displaying two World Wide Web documents from the WWW server in two browser windows at the
same time. How did the data find its way to the correct browser windows?
A The IP source addresses of the packets will be used to direct the data to the correct browser window.
B The browsers track the data by the URL.
C TCP port numbers are used to direct the data to the correct application window.
D The OSI application layer tracks the conversations and directs them to the correct browser.

Answer: C
TCP and UDP protocol port numbers are designed to distinguish multiple applications running on a single
device from one another. In the TCP and UDP header, there are Source Port and Destination Port fields
which are used to indicate the message sending process and receiving process identities defined. The
combination of the IP address and the port number is called socket.

Implementation SIM 2
This topology contains 3 routers and 1 switch. Complete the topology.
Drag the appropriate device icons to the labeled Device
Drag the appropriate connections to the locations labeled Connections.
Drag the appropriate IP addresses to the locations labeled IP address

(Hint: use the given host addresses and Main router information)
To remove a device or connection, drag it away from the topology.
Use information gathered from the Main router to complete the configuration of any additional routers.
No passwords are required to access the Main router. The config terminal command has been disabled for the
HQ router. The router does not require any configuration.
Configure each additional router with the following:
Configure the interfaces with the correct IP address and enable the interfaces.
Set the password to allow console access to consolepw
Set the password to allow telnet access to telnetpw
Set the password to allow privilege mode access to privpw
Note: Because routes are not being added to the configurations, you will not be able to ping through the
All devices have cable autosensing capabilities disabled.
All hosts are PCs

Answer and explanation:

Specify appropriate devices and drag them on the Device boxes
For the device at the bottom-right box, we notice that it has 2 interfaces Fa0/2 and Fa0/4; moreover the link
connects the PC on the right with the device on the bottom-right is a straight-through link -> it is a switch
The question stated that this topology contains 3 routers and 1 switch -> two other devices are routers
Place them on appropriate locations as following:

(Host D and host E will be automatically added after placing two routers. Click on them to access neighboring
Specify appropriate connections between these devices:
+ The router on the left is connected with the Main router through FastEthernet interfaces: use a crossover
+ The router on the right is connected with the Main router through Serial interfaces: use a serial cable
+ The router on the right and the Switch: use a straight-through cable
+ The router on the left and the computer: use a crossover cable
(To remember which type of cable you should use, follow these tips:
- To connect two serial interfaces of 2 routers we use serial cable
To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
For example: we use straight-through cable to connect switch to router, switch to host, hub to host, hub to
server and we use crossover cable to connect switch to switch, switch to hub, router to router, host to host )

Assign appropriate IP addresses for interfaces:

From Main router, use show running-config command:

(Notice that you may see different IP addresses in the real CCNA exam, the ones shown above are just used for
From the output we learned that the ip address of Fa0/0 interface of the Main router is
This address belongs to a subnetwork which has:
Increment: 16 (/28 = or 1111 1111.1111 1111.1111 1111.1111 0000)
Network address: (because 176 = 16 * 11 and 176 < 177)
Broadcast address: (because 191 = 176 + 16 1)
And we can pick up an ip address from the list that belongs to this subnetwork: and assign it
to the Fa0/0 interface the router on the left
Use the same method for interface Serial0/0 with an ip address of
Increment: 16
Network address: (because 160 = 16 * 10 and 160 < 161)
Broadcast address: (because 176 = 160 + 16 1)
-> and we choose for Serial0/0 interface of the router on the right
Interface Fa0/1 of the router on the left
IP (of the computer on the left) :
Increment: 16
Network address: (because 128 = 16 * 8 and 128 < 129)
Broadcast address: (because 143 = 128 + 16 1)
-> we choose from the list
Interface Fa0/0 of the router on the right
IP (of the computer on the left) :
Increment: 16
Network address: (because 224 = 16 * 14 and 224 < 225)
Broadcast address: (because 239 = 224 + 16 1)
-> we choose from the list
Lets have a look at the picture below to summarize

Configure two routers on the left and right with these commands:
Router1 = router on the left
Assign appropriate IP addresses to Fa0/0 & Fa0/1 interfaces:
Router1#configure terminal
Router1(config)#interface fa0/0
Router1(config-if)#ip address
Router1(config-if)#no shutdown
Router1(config-if)#interface fa0/1
Router1(config-if)#ip address
Router1(config-if)#no shutdown
Set passwords (configure on two routers)
+ Console password:
Router1(config)#line console 0
Router1(config-line)#password consolepw
+ Telnet password:
Router1(config)#line vty 0 4
Router1(config-line)#password telnetpw

+ Privilege mode password:
Router1(config)#enable password privpw
Save the configuration:
Router1#copy running-config startup-config
Configure IP addresses of Router2 (router on the right)
Router2#configure terminal
Router2(config)#interface fa0/0
Router2(config-if)#ip address
Router2(config-if)#no shutdown
Router2(config-if)#interface serial0/0
Router2(config-if)#ip address
Router2(config-if)#no shutdown
and set console, telnet and privilege mode passwords for Router2 as we did for Router1, remember to save the
configuration when you finished

Implementation SIM
You have been hired by PC Consultants Incorporated to document the layout of the network. Complete the
following tasks:
Complete the network topology shown in the graphic by dragging the labels below with the appropriate router
types, interface types and IP addresses to the graphic. Find the information you need by using the router
console attached to the Home router.

Answer and Explanation:

First we have to find out the types of these routers to place them in correct positions by using show cdp
neighbors command on HOME router:

There are 3 columns we should pay more attention to:

+ Local Intrfce (Local Interface): the interface on the device you are using show cdp neighbors command.
In this case it is the interface of HOME router
+ Platform: the platform of neighbor device
+ Port ID: the neighbor devices port or interface which links to the HOME router
From the exhibit, the Local Interface, Platform and Port ID columns, we can identify where these four
routers should be placed and their corresponding associated ports

Finally, we need to identify the IP addresses of four interfaces on neighboring routers using show runningconfig command:

And we can easily assign corresponding ip addresses to four neighbor routers, which are on the same network
with HOME routers interfaces

Please remember in the real CCNA Exam the routers types, ip addresses and interfaces may be different! So
make sure you understand how it works!
Other lab-sims in the ICND 1 Exam:
ICND 1 Show Configuration Sim
ICND 1 Implementation SIM
ICND 1 ARP Testlet
ICND 1 Implementation Sim 2
Frame Relay Sim Hotspot (on 9tut.com)
Other lab-sims might appear in the real ICND 1 exam, read and understand them if you have enough time!


Central Florida Widgets recently installed a new router in their Apopka office. Complete the network
installation by performing the initial router configurations and configuring RIPv2 routing using the router
command line interface (CLI) on the Apopka router.
Configure the router per the following requirements:

Name of the router is Apopka

Enable-secret password is cisco10
The password to access user EXEC mode using the console is RouterPass
The password to allow telnet access to the router is scan90
IPv4 addresses must be configured as follows:
Ethernet network router has second assignable host address in subnet.
Serial network is router has last assignable host address in the subnet. Interfaces should be
Routing protocol is RIPv2.
(Notice: In the real exam the name, passwords, IP addresses and the positions of the assignable host addresses
might be different)
To configure the router (Apopka) click on the console host icon that is connected to a router by a serial console
cable (shown in the diagram as a dashed black line).
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it
by the title bar.
The Tab key and most commands that use the Control or Escape keys are not supported and are not
necessary to complete this simulation. The help command does not display all commands of the help system.
Answer and Explanation:
1) Name the router:
Router#config terminal
Router(config)#hostname Apopka
2) Enable-secret password (cisco10):
Apopka(config)#enable secret cisco10
3) Set the console password to RouterPass:
Apopka(config)#line console 0
Apopka(config-line)#password RouterPass
4) Set the Telnet password to scan90:
Apopka(config)#line vty 0 4
Apopka(config-line)#password scan90
5) Configure Ethernet interface (on the right) of router Apopka:
The subnet mask of the Ethernet network is 27. From this subnet mask, we can find out the
increment by converting it into binary form, that is /27 = 1111 1111.1111 1111.1111 1111.1110 0000. Pay more
attention to the last bit 1 because it tells us the increment, using the formula:
Increment = 2place of the last bit 1 (starts counting from 0,from right to left), in this case increment = 25 = 32. Therefore:

Increment: 32
Network address:
Broadcast address: (because is the second subnetwork, so the previous IP is the broadcast address of the first subnet).
-> The second assignable host address of this subnetwork is
Assign the second assignable host address to Fa0/0 interface of Apopka router:
Apopka(config)#interface Fa0/0
Apopka(config-if)#ip address
Apopka(config-if)#no shutdown
6) Configure Serial interface (on the left) of router Apopka:
Using the same method to find out the increment of the Serial network:
Serial network
Increment: 16 (/28 = 1111 1111.1111 1111.1111 1111.1111 0000)
Network address: (because 8 * 16 = 128 so is also the network address of this subnet)
Broadcast address:
-> The last assignable host address in this subnet is
Assign the last assignable host address to S0/0/0 interface of Apopka router:
Apopka(config)#interface S0/0/0 (or use interface S0/0 if not successful)
Apopka(config-if)#ip address
Apopka(config-if)#no shutdown
7) Configure RIP v2 routing protocol:
Apopka(config)#router rip
Apopka(config-router)#version 2
Save the configuration:
Apopka#copy running-config startup-config
Finally, you should use the ping command to verify all are working properly!

Here you will
ll find answers to hotspot questions in ICND 1 exam

Refer to the topology. Using the information shown, answer the five questions shown on the Questions

Question 1:
On which router should a default route be
configured? A on the ISP router
B on R1
C on R2
D on R3
E on R4

Answer: B
With all links operational and all routers converged, which of the foll owing describes the messaging between
A Hell os are sent every five seconds.
B Multicasts are sent every 60 seconds.
C Broadcasts are sent every 30 seconds.
D No messaging unless the topology
changes. Answer: C
Question 3:
Which of the foll owing describes the route update process if the interface from R4 connected to LAN 4 goes
down? A No updates occur

B R4 tell s both R1 and R3 the network not accessible. Both R3 and R1 update R2.
C R4 tell s only R1 the network is not accessible. R1 updates R2 and R2
updates R3. D R4 tell s only R3 the network is not accessible. R3 updates R2
and R2 updates R1.

Answer: B
Why would RIP be used rather than static routes on R1, R2, R3, and R4?
A RIP creates more accurate than static routes.
B RIP uses less network resources than do static routes.
C RIP is supported by more diff erent vendors equipment than static routes.
D RIP requires less configuration to automaticall y adjust when links go down than static routes.

Answer: D
On which router should a static route be configured?
A on the ISP router
B on R1
C on R2
D on R3
E on R4

Answer: A

Here you will find answers to operation questions in ICND 1 exam
Question 1:
Refer to the exhibit. The junior network support staff provided the diagram as a recommended configuration
for the first phase of a four-phase network expansion project. The entire network expansion will have over
1000 users on
14 network segments and has been all ocated this IP address space: through through
What are three problems with this design? (Choose three)

A The AREA 1 IP address space is inadequate for the number of

users. B The AREA 3 IP address space is inadequate for the
number of users. C AREA 2 could use a mask of /25 to conserve IP
address space.
D The network address space that is provided requires a single network-wide
mask. E The router-to-router connection is wasting address space.
F The broadcast domain in AREA 1 is too large for IP to
function. Answer: A C E
Refer to the exhibit. A technician is testing connection problems in the internetwork. What is the problem
indicated by the output from HostA?

A The routing on Router2 is not functioning

properly. B An access list is applied to an
interface of Router3. C The Fa0/24 interface of
Switch1 is down.
D The gateway address of HostA is incorrect or not
configured. Answer: D
When trying to ping the IP,you received the replies from that IP. It means that you can
reach the Fa0/0 interface of Router1. But notice that the IP of host A ( and the IP of the
Fa0/0 interface of Router 1 ( are on the same network. So you dont need a gateway
address configured on HostA. Therefore you cant conclude the gateway address of HostA was
configured correctly.
Lately, you tried to use the tracert command to reach another network ( In this case, a gateway
address was required for reaching the network of hostB. But the result told that Destination host
unreachable means that Host A can not find a route to Host B -> The gateway address of Host A was
incorrect (something other than or not configured is a possibility.
A and B are incorrect because if there is a mis-configuration on Router 2 or Router 3 (while Router 1 is
configurated correctly), you will see at least one successful line when using tracert command likes the bold
line below:
Tracing route to over a maximum of 30 hops:
1 62 ms 62 ms 46 ms
2 * * * Request timed out.

C is incorrect because we can ping Router 1 -> port Fa0/24 on Switch 1 was turned on and running correctly.

Question 3:
Refer to the exhibit. The internetwork is using subnets of the address with a subset mask of The routing protocol in use is RIP version 1. Which address could be assigned to the
FastEthernet interface on RouterA?

Answer: D
: = 1111 1111.1111 1111.1111 1111.1110 0000 (binary form)
Increment: 32
First subnetwork: -> (A is incorrect because is a broadcast
Second subnetwork: ->
Third subnetwork: -> (B is incorrect because is a network
address) Fourth subnetwork: -> (C is incorrect because is a
broadcast address)
Fifth subnetwork: ->
Sixth subnetwork: -> (D is correct because is the last
assignable host address of this subnetwork)
Seventh subnetwork: -> (E is incorrect because is a
network address)
Question 4:
Refer to the exhibit. For security reasons, information about RTA, including platform and IP addresses,
should not be accessible from the Internet. This information should, however, be accessible to devices on

the internal networks of RTA. Which command or series of commands will accomplish these objectives?

A RTA(config)#no cdp run

B RTA(config)#no cdp enable
C RTA(config)#interface s0/0
RTA(config-if)#no cdp run
D RTA(config)#interface s0/0
RTA(config-if)#no cdp enable
Answer: D
Refer to the exhibit, PC1 pings PC2. What three things will CORE router do with the data that is
received from
PC1? (Choose three)

A The data frames will be forwarded out interface FastEthernet0/1 of CORE

router. B The data frames will be forwarded out interface FastEthernet1/0 of
CORE router.
C CORE router will replace the destination IP address of the packets with the IP address of PC2.

D CORE router will place the MAC address of PC2 in the destination MAC address of the frames.
E CORE router will put the IP address of the forwarding FastEthernet interface in the place of the
source IP
address in the packets.

F CORE router will put the MAC address of the forwarding FastEthernet interface in the place of the
MAC address.
Answer: B D

Subnetting Questions
Here you will find answers to subnetting questions in ICND 1 exam
Note: If you are not sure about subnetting, please read my Subnetting tutorial.

Question 1:
Refer to the exhibit. The goal of this network design is to provide the most eff icient use of IP address space
in a network expansion. Each circle defines a network segment and the number of users required on that
segment. An IP subnetwork number and default gateway address are shown for each segment.
What are three problems with the network design as shown? (Choose three)

A Interface fa0/3 has an IP address that overlaps with network

B Interface fa0/1 has an invalid IP address for the subnet on which it

resides. C Interface fa0/2 has an invalid IP address for the subnet on
which it resides. D Network requires more user address
E Network requires more user address
F The IP subnet is invalid for a segment with a single

Answer: A B
D Question 2:
If an ethernet port on a router was assigned an IP address of, what is the maximum
number of hosts all owed on this subnet?
A 1024
B 2046
C 4094
D 4096
E 8190

Answer: C
Refer to the exhibit. The internetwork is using subnets of the address with a subnet
mask of The routing protocol in use is RIP version 2. Which address could be assigned
to the



Answer: D

Question 4:
Refer to the exhibit. HostA cannot ping HostB. Assuming routing is properly configured, what could be the
cause of this problem?

A HostA is not on the same subnet as its default

gateway. B The address of SwitchA is a subnet
C The Fa0/0 interface on RouterA is on a subnet that cant be
used. D The serial interfaces of the routers are not on the same
E The Fa0/0 interface on RouterB is using a broadcast address.

Answer: D

Drag and Drop Questions

March 29th, 2011 42 comments
Here you will find answers to drag and drop questions in ICND 1 exam
Question 1:
Drag the appropriate command on the left to the configuration task it accomplishes (not all
ll options are used)

1) service password-encryption
2) line console 0
3) enable secret noWay1n4u
4) line vty 0 4
password 2hard2Guess
5) enable password uwi11NeverNo
Question 2:
Construct the command sequence to configure an IP address on a serial interface (not all options are used)

1) Hub# configure terminal
2) Hub(config)# interface s0/0
3) Hub(config-if)# ip address
4) Hub(config-if)# no shutdown
5) Hub(config-if)# description T1 to
WAN Explanation:
One thing interesting in the answers is that the command ip address
(answer 3) is correct because is not a broadcast address. Lets analyze this
case a bit closer:
Increment: 4 for the third octet ( = 1111 1111.1111 1111.1111 1100.0000
0000) First subnetwork range: to
Second subnet range: to

Therefore and are the broadcast addresses but not So we can assign
this address to s0/0 interface.

(Notice that the command Hub(con.fig)#ip address is only correct only if it is in
inteiface mode, which is Hub(con.fig-ij)#)
Question 3:
Drag the commands on the left to the appropriate functions on the right (Not all options are used)

1) ipconfig /all
2) tracert
3) telnet
4) ping
5) arp a

Drag and Drop Questions 2

March 28th, 2011 31 comments
Here you will find answers to ICND 1 -Drag and Drop Questions Part 2
Question 1

As a CCNA candidate, you should master the functions of various commands. Look at the following
items, some commands are listed on the left. The related roles are listed on the right in a wrong sequence.
Please match them together. (Not all options are used)

1) Router#copy tftp flash: replace the IOS image
2) Router#copy flash tftp: backup the current IOS image
3) Router#copy running-config tftp: make a backup copy of configuration in RAM
4) Router#copy running-config startup-config: make the configuration in RAM the configuration the
router will use on startup
5) Router#copy tftp running-config: merge a backup configuration with the configuration in
RAM Explanation
First please notice that by saying replace we often mean changes to NVRAM and TFTP while saying
merge or
add we mean changes to RAM. Next we should review the syntax of copy command:
Syntax: copy <source> <base config filename> <destination> <destination filename.txt>
1) By default, the flash memory in a router is used to store the Cisco IOS image so the requirement
replace the IOS image means that moving file somewhere to the flash memory. In the left columns we
only have one choice which has the flash as the destination ->copy tftp flash.

2) Same explanation as above, when saying backup the current IOS image the flash takes the role as the
source >copy flash tftp. And backup means we should copy it to somewhere like tftp server, CDROM
3) The running-config is stored in the RAM so make a backup copy of configuration in RAM means copy
running configuration from RAM so backup server (tftp) -> copy running-config tftp
4) copy running-config startup-config is a very common command so no more explanation needed.

5) After solving 4 boxes above, we only have two choices left: copy tftp running-config & copy flash
running- config. The bottom-right box says merge a backup configuration so it should be the tftp server
and the command here is copy tftp running-config.

Wireless Questions
Here you will find answers to Wireless Questions Part 1
If you are not sure about Wireless, please read my Wireless tutorial and Basic Wireless Terminologies
Question 1
Which wireless LAN design ensures that a mobile wireless user will not lose connectivity when moving
from one access point to another on the WLAN?
A. Utilizing MAC address filtering to all ow the client MAC address to authenticate with the surrounding APs
B. Using adapters and access points manufactured by the same company
C. Overlapping the wireless cell coverage by at least
10% D. Configuring all access points to use the same

Answer: C
By using more than one Access Point (AP) we can create overlapping cell s to all ow roaming in a larger area.
But we have to ensure that two APs must have at least 10% coverage overlap and they use non-overlapping
Question 2
You need to troubleshoot an interference issue with the wireless LAN. Which two devices can interfere
with the operation of this network because they operate on similar frequencies? (Choose two)
A. Microwave oven
B. AM radio
C. Toaster
D. Copier
E. Cordless phone
F. IP phone
G. Ipod

Answer: A

Microwave oven and cordless phone radiate energy in the 2.4 GHz unlicensed band so they can interfere with

WLAN standards. As the result of that, you cant hear clearly on the phone or cant surf
web. Question 3
Which of the foll owing data network would you implement if you wanted a wireless network that had a
relatively high data rate, but was limited to very short distances?
A. Broadband personal comm. Service
(PCS) B. Broadband circuit
E. Cable

Answer: C
Infrared typicall y requires a line-of-sight (your TV remote control, for example) which means that it is
limited to very short distances. I am not sure if it is considered relative high data rate but infrared can
transfer up to 4Mpbs.
You need to add a wireless access point to a new off ice. Which additional configuration step is necessary in
order to connect to an access point that has SSID broadcasting disabled?
A. Configure open authentication on the AP and the
B. Set the SSID value in the client software to
C. Set the SSID value on the client to the SSID configured on the
D. Configure MAC address filtering to permit the client to connect to
the AP

Answer: C
Service Set Identifier (SSID) is the term to identify a WLAN. In most cases SSID is broadcast by the AP,
the user only needs to select that SSID and provides a correct password to access it. But in some cases for

security reason, the SSID can be disabled. Users can only access to that network if they type both SSID and
password correctly.
You need to secure a new access point on the a wireless network. Which two practices help
secure the configuration utilities on wireless access points from unauthorized access? (Choose
A. Changing the default SSID
B. Configuring traff ic
C. Changing the mixed mode setting to single

D. Configuring a new administrator password

E. Assigning a private IP address to the AP

Answer: A
To improve security, you should change the default SSID value on your AP. For example, Linksys routers
(which are produced by Cisco) typically have an SSID of linksys -> A is correct.
In an AP we can configure traffic filtering but it is mainly used for filtering which services clients can use,
IP ranges, ports, websites, time access It has no effect on securing your AP -> B is not correct.
Mixed mode here means we can configure AP to allow clients to use different standard like 802.11b, g or
n. But setting it to single mode doesnt have any security protection on it -> C is not correct.
We should also change the administrator password because everyone can access to the admin page of an
AP by open a web browser and type the IP address of that AP (for example: Typically,
Linksys Wireless routers have a default username/password of admin/admin or admin/[blank] which
are easily guessed or found out -> D is correct.
We can access the AP by using a private IP address (in the same private network of the AP, for example) -> E is not correct.
Question 6
You need to determine the proper security settings on a new WLAN-capable office. Which encryption type
WPA2 use in this office?
C. PPK via IV
E. None of the other alternatives apply

Answer: B
Advanced Encryption Standard (AES) is the cipher system used by RSN. It is the equivalent of the RC4
algorithm used by WPA. However the encryption mechanism is much more complex and does not suffer
from the problems associated with WEP. AES is a block cipher, operating on blocks of data 128bits long.

CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a
Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication
(CBC-MAC) method. Changing even one bit in a message produces a totally different result.

The AES-CCMP encryption algorithm used in the 802.11i (WPA2) security protocol. It uses the AES block
cipher, but restricts the key length to 128 bits. AES-CCMP incorporates two sophisticated cryptographic
techniques (counter mode and CBC-MAC) and adapts them to Ethernet frames to provide a robust security
protocol between the mobile client and the access point.
Question 7
What is one reason why WPA encryption is preferred over WEP in this
network? A. The WPA key values remain the same until the client
configuration is changed.
B. The values of WPA keys can change dynamically while the system is used.
C. The access point and the client are manually configured with different WPA key
values. D. A WPA key is longer and requires more special characters than the WEP
E. None of the other alternatives apply

Answer: B
Wireless Encryption Protocol (WEP) uses RC4 encryption and a static 64-bit key so it can be easily broken as
40-bits are encrypted and 24 bits are clear-text IV(Initialization Vector). It was later upgraded to 128-bit, but
IV was still clear text meaning it took slightly longer (minutes) to break-in.
WPA was introduced in 2003 as a replacement for WEP. WPA uses Temporal Key Integrity Protocol
(TKIP) to automatically change the keys. TKIP still uses RC4; it just improves how its done
Question 8
In an effort to increase security within the wireless network, WPA is being utilized. Which two
statements shown below best describe the wireless security standard that is defined by WPA? (Choose
A. It requires use of an open authentication method
B. It specifies use of a static encryption key that must be changed frequently to enhance security
C. It includes authentication by PSK
D. It specifies the use of dynamic encryption keys that change each time a client establishes a connection
E. It requires that all access points and wireless devices use the same encryption key
F. WPA works only with Cisc0 access points

Answer: C D

Question 9
You need to configure a new wireless access point for your network. What are three basic parameters to
configure an AP? (Choose three)
A. Authentication method

C. RF channel

Answer: A C
D Explanation
Below lists basic parameters to configure an AP

Wireless Questions 2
Here you will find answers to Wireless Part 2
If you are not sure about Wireless, please read my Wireless tutorial and Basic Wireless Terminologies
Question 1
You have finished physicall y install ing an access point on the ceiling at a newly opened off ice. At a
minimum, which parameter must you configure on the access point in order to all ow wireless clients to
operate on it?
E. None of the other alternatives apply

Answer: A
Part of the wireless LAN is shown below:

What two facts can be determined from the diagram of the WLAN shown above? (Choose
two) A. Access points in each cell must be configured to use channel 1
B. The network diagram represents an extended service set (ESS)
C. The two APs should be configured to operate on diff erent channels
D. The area of overlap of the two cell s represents a basic service set (BSS)
E. The area of overlap must be less than 10% of the area to ensure connectivity
F. There are too many hosts on this WLAN

Answer: B
C Question
A single 802.11g access point has been configured and install ed in the center of a square shaped off ice. A
few wireless users are experiencing slow performance and drops while most users are operating at peak eff
iciency. From the list below, what are three likely causes of this problem? (Choose three)
A. Null SSID

B. Mismatched TKIP encryption

C. Cordless phones
D. Antenna type or direction

E. Mismatched
SSID F. Metal file

Answer: C D
F Explanation
802.11g operates in 2.4 GHz ISM band. Some popular devices and technologies can interfere 802.11g
+ Newer cordless phones
+ Bluetooth
+ Microwaves
+ Metal surface (can cause interference)
+ Antenna (can reduce wireless signal)

Question 4
Three access points have been install ed and configured to cover a small remote off ice. What term
defines the wireless topology?

Answer: C
Two workers have established wireless communication directly between their wireless laptops. What
type of wireless topology has been created by these employees?

Answer: B


Independent Basic Service Set IBSS (ad hoc mode) does not use an AP. It all ows two devices to
communicate directly.
Basic Service Set (BSS) is a single wireless LAN created with an AP and all devices that associate with
that AP. Extended Service Set (ESS) consists of multiple APs, all owing roaming in a larger coverage
Question 6
802.1b is being utilized in the wireless network. Which spread spectrum technology does the 802.1b standard
define for operation in this network?

Answer: D
Frequency Hopping Spread Spectrum (FHSS) uses all frequencies in the band, hopping to diff erent ones.
By using slightly diff erent frequencies for consecutive transmissions, a device can hopefull y avoid
interference from other devices that use the same unlicensed band, succeeding at sending data at some
Direct Sequence Spread Spectrum (DSSS) foll owed as the next general class of encoding type for
WLANs. Designed for use in the 2.4 GHz unlicensed band, DSSS uses one of several separate
channels or frequencies.
The original 802.11 WLAN standards used FHSS, but the current standards (802.11a, 802.11b, and
802.11g) do not. 802.1b uses DSSS while 802.1a & 802.1g use Orthogonal Frequency Division
Multiplexing (OFDM).
(Reference: ICND1 Off icial Exam Certification
Guide) Question 7
Which IEEE standard is used to define Wi-Fi?
A. IEEE 802.3
B. IEEE 802.5
C. IEEE 802.11h
D. IEEE 802.11c

E. IEEE 802.11

Answer: E

Question 8
An off ice is using an IEEE 802.11b wireless LAN. What is the maximum data rate specified
for this WLAN? A. 11 mbps
C. 54
D. 10
E. 1000 mbps
F. 16 mbps

The maximum data rate for popular WLAN standards are listed below:
* IEEE 802.11a: 54 Mbps in the 5.7 GHz ISM band
* IEEE 802.11b: 11 Mbps in the 2.4 GHz ISM band
* IEEE 802.11g: 54 Mbps in the 2.4 GHz ISM band

Share your ICND1 Experience

Please share with us your experience after taking the exam ICND1, your materials, the way
you learned, your recommendations

Read more

Show Configuration Sim

This task requires the use of various show commands from the CLI of Router1 to answer 5 multiplechoice questions. This does not require any configuration.

NOTE: The show running-configuration and the show startup-configuration commands have been
disabled in this simulation.
To access the multiple-choice questions, click on the numbered boxes on the right of the top panel.
There are 5 multiple-choice questions with this task. Be sure to answer all 5 questions before leaving
this item.
Question 1:
What is the subnet broadcast address of the LAN connected to Router1?
B -
C -
Answer: A
The show running-configuration and show startup-configuration have been disabled as stated
above so we should use the show ip interface command to get information about the LAN network
connected to Router1.

From the output we learn that the ip address of the FastEthernet interface of Router1 is
and the subnet mask is /28. Therefore:
Increment: 16 (/28=1111 1111.1111 1111.1111 1111.1111 0000)
Network address:
Broadcast address: (15 = 0 + 16 1)
-> The broadcast address of this subnetwork is
Question 2:
What is the bandwidth on the WAN interface of Router1?
A 16 Kbit/sec
B 32 Kbit/sec
C 64 Kbit/sec
D 128 Kbit/sec
E 512 Kbit/sec
F 1544 Kbit/sec
Answer: E
To find out the bandwidth on the WAN (serial) interface of Router1 we need to use the show interfaces
serial 0/0 command:

Therefore the bandwidth on the WAN is 512 Kbit/sec.

Question 3:
What interfaces on Router1 have not had any configurations applied? (Choose two)
A Ethernet 0
B FastEthenet 0/0
C FastEthernet 0/1
D Serial 0
E Serial 0/0
F Serial 0/1
Answer: C F
Use the show ip interface brief to identify what interfaces Router 1 have. Notice that Router1 does not
have Ethernet 0 and Serial 0 interfaces. FastEthernet 0/0 and Serial 0/0 were configured with their IP
addresses therefore only FastEthernet 0/1 and Serial0/1 have not had any configurations applied.
Question 4:
Including the address on the Router1 FastEthernet interface, how many hosts can have IP addresses on
the LAN to which Router1 is connected?
B 14
C 62
D 128
Answer: B

The mask address of interface Fa0/0 of Router1 is /28 (as shown in question 1), which has four 0 bits
(1111 1111.1111 1111.1111 1111.1111 0000). Therefore there are 24 2 = 14 assignable IP addresses for
hosts on the LAN.
Question 5:
The hosts in the LAN are not able to connect to the Internet. Which commands will correct this issue?
A Router1(conf)# interface fa0/0
Router1(conf-if)# no shutdown
B Routed (conf)# interface fa0/1
Router1(conf-if)# no shutdown
C Router1(conf)# interface s0/0
Router1(conf-if)# no shutdown
D Router1(conf)# interface s0/1
Router1(conf-if)# no shutdown
E Router1(conf)# interface s0/0
Router1(conf-if)# ip address
F Router1(conf)# interface s0/1
Routerl (conf-if)# ip address

Answer: C
We should check the statuses of all the interfaces on Router1 with the show ip interface brief

From the output, we learn that the status of Serial0/0 interface which connects to ISP router is currently
administratively down. This status indicates this interface is shutting down so we need to turn it on.

Hotspot Routing Question

Question 1:
If the router R1 has a packet with a destination address, what describes the operation of
the network?
A R1 will forward the packet out all interfaces
B R1 will drop this packet because it is not a valid IP address
C As R1 forwards the frame containing this packet, Sw-A will add to its MAC table
D R1 will encapsulate the packet in a frame with a destination MAC address of FF-FF-FF-FF-FF-FF
E As R1 forwards the frame containing this packet, Sw-A will forward it ti the device assigned the IP
address of

Answer: B
Question 2:
Users on the network must access files located on the Server 1. What route could be
configured on router R1 for file requests to reach the server?

A ip route s0/0/0

B ip route
C ip route
D ip route

Answer: A
Quetion 3:
When a packet is sent from Host 1 to Server 1, in how many different frames will the packet be
encapsulated as it is sent across the internetwork?

Answer: C or D(depending on your understand, please read the comments to understand why)
Question 4:
What must be configured on the network in order for users on the Internet to view web pages located
on Web Server 2?
A On router R2,configure a default static route to the network
B On router r2, configure DNS to resolve the URL assigned to Web Server 2 to the
C On router R1, configure NAT to translate an address on the network to
D On router R1, configure DHCP to assign a registered IP address on the network
to Web Server 2

Answer: C
Question 5:
The router address is the default gateway for both the Web Server 2 and Host 1. What is
the correct subnet mask for this network?

Answer: A

Hotspot Frame-relay Question

(In the old days, this question was a multi-choice question but Cisco upgraded it into a lab-sim
question. Therefore, instead of listing all the configuration as above, you have to type show framerelay map and show running-config to get its configuration)
Note: If you are not sure about Frame-Relay, please read my Frame Relay tutorial.

Question 1:
What destination Layer 2 address will be used in the frame header containing a packet for host
A 704
B 196
C 702
D 344

Answer: C
Question 2:
A static map to the S-AMER location is required. Which command should be used to create this map?
A frame-relay map ip 704 broadcast
B frame-relay map ip 196 broadcast
C frame-relay map ip 702 broadcast
D frame-relay map ip 344 broadcast

Answer: B
Question 3:
Which connection uses the default encapsulation for serial interfaces on Cisco routers?
A The serial connection to the MidEast branch office
B The serial connection to the DeepSouth branch office
C The serial connection to the NorthCentral branch office
D The serial connection to the Multinational Core

Answer: A
Question 4:
If required, what password should be configured on the router in the MidEast branch office to allow a
connection to be established with the Dubai router?
A No password is required
B Enable
C Scr
D Telnet
E Console

Answer: A or D (because maybe there are 2 versions of this question, depending on the output of
show running-config command, please read the explanation below)
This question is not clear for a long time but now maybe the trick was solved. What Cisco wants to ask
is the word used as password, not the type of connection, so in the exam you might see some strange

words for answers like En8ble, T1net, C0nsole. All you have to do is to use the command show
running-config as wx4 mentioned below to find the answer.
wx4 commented:
Q4: if password required which?
in my example it was connection to North!
How to figure out which pw is required?
#show running-config
1. check the interface to the router you need connection to. If there is ppp authentication you need a
2. you will find the password on the top of your running-config output
check the area:
username North password c0nsole
username xxxxx yyyyy
in my case it was c0nsole, in your case it can be no password needed or a different password.
If you are still not clear, please read antons comment:
A big question I noticed here was about the FR Lab regarding the password. You have to perform a
show running-config and look for USERNAME and PASSWORD.
username South_Router password c0nsol3
username North_Router password t31net
Obviously this has to be en PPP encapsulation, if asked for a posible password for SOUTH_ROUTER
you pick c0nsol3, and for NORTH_ROUTER you pick t31net. If youre running HDLC, i would pick
no password is required.