QUESTION 1

Host A receives a frame and discards it after determining that it is corrupt. At

which OSI layer are frames checked for errors?

Application

Network

Physical

Data-link

FCS or CRC
YOUR ANSWER

- Data-link

MORE INFORMATION:

The data-link layer is responsible for checking each frame received for errors. Every
Ethernet frame includes the frame check sequence (FCS) or cyclic redundancy check
(CRC) value that is calculated by the host which sent the frame.
The receiving host generates its own FCS value for every frame received and then
compares it with the FCS included in the frame. If the FCS values match, the frame
has arrived without any error. If the FCS values do not match, then it is assumed that
the frame has an error or is corrupt and, therefore, is discarded. More information on
Ethernet frames can be found on Firewall.cx's Ethernet frame analysis page.

QUESTION 2

Identify which of the services below use both TCP and UDP ports:

FTP

TFTP

DNS

SSH

TELNET
YOUR ANSWER

- DNS

MORE INFORMATION:

The domain name service (DNS) protocol is the only protocol of those listed above
that uses both the Transmission Control Protocol (TCP) and the User Domain Protocol
(UDP). UDP is the preferred transport protocol for DNS services because it's fast.
UDP does not require a connection to be established between the hosts before sending
any data.
If a host fails to receive a response from a DNS server after several requests, it can
then switch to TCP. TCP is slower but more reliable, because it requires a three-way
handshake to be established between the hosts before any data is sent.
QUESTION 3

After
carefully examining the network diagram above, select the correct statement
regarding broadcast and collision domains:

There is one broadcast domain and seven collision domains.

There are two broadcast domains and five collision domains.

There is one broadcast domain and 12 collision domains.

There are two broadcast domains and seven collision domains.

There are two broadcast domains and 12 collision domains.

YOUR ANSWER

- There are two broadcast domains and seven collision domains.

MORE INFORMATION:

Each link to a switch (switch port) is a separate collision domain. In our diagram, we
have two switches and a total of seven links. Hubs (located in the lower left corner of
the image) do not create separate collision domains per link. That's because traffic
entering one port exits all other ports.
Routers, on the other hand, create separate broadcast domains as broadcast packets do
not propagate across them.
QUESTION 4

Your manager has requested you indicate which of the above ports will
be Spanning Tree Protocol (STP)-designated ports:

Switch V1, Port Fa0/0; Switch V3, Port Fa0/0; Switch V3, Port Fa0/24

Switch V1, Port Fa0/24; Switch V2, Port Fa0/0; Switch V2, Port Fa0/24

YOUR ANSWER

- Switch V1, Port Fa0/24; Switch V2, Port Fa0/0; Switch V2, Port Fa0/24

MORE INFORMATION:

The first step is to understand which switch will become the root switch. This is done
via a process called the STP root bridge election process. According to this process,
the switch with the lowest bridge ID will be elected as the root switch. In our network
diagram, that's SwitchV2.
As per STP protocol, SwitchV2 will have all ports set to STP designated. Ports Fa0/0
on SwitchV1 and SwitchV3 are used to reach the root switch and are therefore
designated STP root ports.
The last set of ports to examine is Fa0/24 on SwitchV1 and SwitchV3. Between these
two, one port must be set to blocking mode in order to avoid creating a loop in our
network, while the other will be set to forwarding mode. Since SwitchV1 has a lower
media access control (MAC) address it wins, so SwitchV1 Fa0/24 is set to forwarding
and becomes an STP designated port, while SwitchV3 Fa0/24 turns to a blocking
state.
Detailed examples and analysis on STP, bridge election and STP port states can be
found on Firewall.cx's Spanning Tree Protocol section.
QUESTION 5

One of the routers in your company has just received information about network
172.16.10.0/24 from multiple sources. Which of the below will the router consider
as the most reliable source for network 172.16.10.0/24?

An EIGRP update for network 172.16.10.0/24

An OSPF update for network 172.16.10.0/24

A static route to network 172.16.10.0/24

A default route with a next hop address of 172.16.0.1

A directly connected interface with an IP address of 172.16.10.254/24

None of the above. The router will discard the update.

YOUR ANSWER

- A directly connected interface with an IP address of 172.16.10.254/24

MORE INFORMATION:

The administrative distance (AD) is used by a router to determine which routing

protocol to use if two or more protocols provide routing information for the same
destination network. The smaller the administrative distance, the higher the
preference.
Directly connected interfaces have an AD of 0 and are always preferred. Static routes
have an AD of 1, while the Enhanced Interior Gateway Routing Protocol (EIGRP) has
an AD of 90 and open shortest path first (OSPF) an AD of 110.
QUESTION 6

In the
network diagram above, which path will packets take when travelling from host
192.168.50.126 to host 192.168.50.5?

Packets will travel from R3 to R2 to R1.

Packets will travel from R1 to R3 to R2.

Packets will travel from R3 to R1 and return back to R3.

Packets will travel from R3 to R1 and from R3 to R2 to R1.

Packets will travel from R1 to R2 and back.

YOUR ANSWER

- Packets will travel from R3 to R1 and from R3 to R2 to R1.

MORE INFORMATION:

We begin by identifying to which network host 192.168.50.126 belongs. IP address

192.168.50.126 is the last usable address for network 192.168.50.64/26, which means
it is directly connected to router 3.
Next, we need to identify where 192.168.50.5 is located. By examining the diagram,
we can see IP 192.168.50.5 is router 1's interface that connects directly with router 2.
Finally, to understand the path packets will take, we examine the output of router 3's
routing table and discover that there are two equal cost links to network
192.168.50.4/30, therefore EIGRP will load-balance between both paths.
QUESTION 7

Which of the following commands is used to verify the encapsulation type on a

frame relay link?

show frame-relay lmi

show frame-relay

show interfaces

show frame-relay pvc

show frame-relay map

YOUR ANSWER

- show frame-relay map

MORE INFORMATION:

The show frame relay map command provides a variety of useful information as
shown in the screenshot below, including the frame relay interface, its status
(up/down), destination IP address, data link connection identifier, indication if the
entry is static or dynamic and encapsulation type (Cisco or IETF).

QUESTION 8

Which of the following options are used in standard access lists?

Destination address and subnet mask

Source address and subnet mask

Destination address and wildcard mask

Source address and wildcard mask

YOUR ANSWER

- Source address and subnet mask

- Source address and wildcard mask

CORRECT ANSWER

MORE INFORMATION:

Standard access lists provide a simple set of options: the source address and wildcard
mask. Extended access lists offer additional options: source address, destination
address, wildcard mask, protocol and ports, thus providing greater granularity.
In both cases, it's important to remember that access lists always use the wildcard
mask, which is the reverse of a subnet mask.
QUESTION 9

What actions
does the Dynamic Host Configuration Protocol (DHCP) server take when there is
an IP address conflict as shown above?

The DHCP server will automatically resolve all conflicts after their lease is over.

The IP addresses are removed from the DHCP pool until the conflicts are resolved.

The IP addresses detected by gratuitous Address Resolution Protocol are removed from
the pool.

The IP addresses detected by ping are removed from the pool.

The DHCP server needs to be restarted in order to automatically clear all conflicts.
YOUR ANSWER

- The IP addresses are removed from the DHCP pool until the conflicts are

resolved.
MORE INFORMATION:

When a Cisco DHCP server discovers a conflict, it will place the IP address into the
conflict table stating the address was conflicting and how it came to that conclusion,
as noted under the detection method column.
The administrator must examine each IP address and detection method and, when
ready, clear the IP addresses from the conflict pool. More information on each
detection method and commands to clear them can be found on
Firewall.cx's Resolving Cisco Switch & Router 'DHCP Server Pool Exhausted-Empty'
Error - Client IP Assignment Failure article.
QUESTION 10

What would the result be when the following commands are executed on
a Cisco Catalyst switch:
TechTarget-SW1 (config-if)# switchport port-security
TechTarget-SW1 (config-if)# switchport port-security mac-address sticky

The MAC address learned dynamically is saved in the switch's running-configuration.

The MAC address learned dynamically is saved in the switch's startup-configuration.

The MAC address learned dynamically is saved permanently in the VLAN database.

The statically configured MAC address is saved in the switch's running-configuration

when frames from that address are received.

The first MAC address "seen" on the specific port is allowed to access the network until
the port-security timer expires.
- The MAC address learned dynamically is saved in the switch's runningconfiguration.
YOUR ANSWER

MORE INFORMATION:

When the switch port-security mac-address sticky command is used without

specifying a MAC address at the end, the MAC address of the attached device is
dynamically learned and placed in the running-configuration of the switch.