Cisco CCNA 200-125 Exam Dumps Latest – New Questions & Answers

Section V: Infrastructure Services

V.1. Which command can you enter to display duplicate IP addresses that the DHCP server assigns?

  • show ip dhcp conflict 10.0.2.12
  • show ip dhcp database 10.0.2.12
  • show ip dhcp server statistics
  • show ip dhcp binding 10.0.2.12
Show (Hide) Explanation/Reference
The command “show ip dhcp conflict” is used to display address conflicts found by a Cisco IOS DHCP Server when addresses are offered to the client. An example of the output of this command is shown below:

V.2. Which cloud service is typically used to provide DNS and DHCP services to an enterprise?

  • IaaS
  • DaaS
  • SaaS
  • PaaS

V.3. Which command can you enter in global configuration mode to create a DHCP address pool?

  • ip dhcp pool DHCP_pool
  • ip dhcp conflict logging
  • service dhcp
  • ip dhcp excluded-address 10.0.2.1 10.0.2.49

V.4. Which value indicates the distance from the NTP authoritative time source?

  • stratum
  • layer
  • location
  • priority

V.5. Afer you apply the given configuration to a router, the DHCP clients behind the device cannot communicate with hosts outside of their subnet. Which action is most likely to correct the problem?

ip dhcp pool test 
 network 192.168.10.0/27
 domain name cisco.com
 dns-server 172.16.1.1 172.16.2.1
 netbios-name-server 172.16.1.10 172.16.2.10
  • Configure the dns server on the same subnet as the clients
  • Activate the dhcp pool
  • Correct the subnet mask
  • configure the default gateway
Show (Hide) Explanation/Reference
In the DHCP pool we need to configure a default gateway (via the “default-route …” command) for the DHCP clients to communicate with outside subnets.

V.6. Which statement about DHCP snooping is true?

  • it blocks traffic from DHCP servers on untrusted interfaces.
  • it can be configured on switches and routers.
  • it allows packets from untrusted ports if their source MAC address is found in the binding table.
  • it uses DHCPDiscover packets to identify DHCP servers.

V.7. Which two options are benefits of DHCP snooping? (Choose two.)

  • A. It simplifies the process of adding DHCP servers to the network.
  • B. It prevents the deployment of rogue DHCP servers.
  • C. It prevents DHCP reservations.
  • D. It tracks the location of hosts in the network.
  • E. It prevents static reservations.

V.8. Which command can you enter to configure the switch as an authoritative NTP server with a site id: 13999902?

  • Switch(config)#ntp master 3
  • Switch(config)#ntp peer 193.168.2.2
  • Switch(config)#ntp server 193.168.2.2
  • Switch(config)#ntp source 193.168.2.2
Show (Hide) Explanation/Reference
An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.

V.9. Where does a switch maintain DHCP snooping information ?

  • in the MAC address table
  • in the CAM table
  • in the DHCP binding database
  • in the VLAN database

V.10. How does NAT overloading provide one-to-many address translation?

  • It uses a pool of addresses
  • It converts IPV4 addresses to unused IPv6 Addresses
  • assigns a unique TCP/UDP port to each session
  • It uses virtual MAC Address and Virtual IP Addresses
Show (Hide) Explanation/Reference
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

V.11. Which HSRP feature was new in HSRPv2?

  • VLAN group numbers that are greater than 255
  • Virtual MAC addresses
  • tracking
  • preemption
Show (Hide) Explanation/Reference
Both HSRP version 1 & version 2 support preempt command -> Answer D is not correct.

In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> A is correct.

V.12. Which keyword enables an HSRP router to take the active role immediately what it comes online?

  • preempt
  • priority
  • version
  • IP address

V.13. When troubleshooting client DNS issues, which two tasks must you perform? (Choose two.)

  • Ping a public website IP address.
  • Ping the DNS server.
  • Determine whether the hardware address is correct.
  • Determine whether a DHCP address has been assigned.
  • Determine whether the name servers have been configured.

V.14. What are the two minimum required components of a DHCP binding? (Choose two.)

  • an IP address
  • an ip-helper statement
  • an exclusion list
  • a DHCP pool
  • a hardware address

V.15. Which command can you enter to troubleshoot the failure of address assignment?

  • sh ip dhcp database
  • sh ip dhcp pool
  • sh ip dhcp import
  • sh ip dhcp server statistics
Show (Hide) Explanation/Reference
The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself.

R1#show ip dhcp pool
Pool SERVER :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0 
 Total addresses                : 1
 Leased addresses               : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.16.200.100       172.16.200.100   - 172.16.200.100    1

V.16. What are two requirements for an HSRP group? (Choose two.)

  • exactly one active router
  • one or more standby routers
  • one or more backup virtual routers
  • exactly one standby active router
  • exactly one backup virtual router
Show (Hide) Explanation/Reference
From this paragraph:

“A set of routers that run HSRP works in concert to present the illusion of a single default gateway router to the hosts on the LAN. This set of routers is known as an HSRP group or standby group. A single router that is elected from the group is responsible for the forwarding of the packets that hosts send to the virtual router. This router is known as the active router. Another router is elected as the standby router. If the active router fails, the standby assumes the packet forwarding duties. Although an arbitrary number of routers may run HSRP, only the active router forwards the packets that are sent to the virtual router IP address.

In order to minimize network traffic, only the active and the standby routers send periodic HSRP messages after the protocol has completed the election process. Additional routers in the HSRP group remain in the Listen state. If the active router fails, the standby router takes over as the active router. If the standby router fails or becomes the active router, another router is elected as the standby router.”

Reference: https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#anc6

-> There is exactly one active router and one standby router in an HSRP group. Answer A is surely a correct but other answers are not correct. Answers C, D and E are wrong terminologies so they are surely not correct. Therefore answer B is a best choice left (although it is not totally correct).

V.17. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?

  • VRRP
  • GLBP
  • TFTP
  • DHCP
Show (Hide) Explanation/Reference
Virtual Router Redundancy Protocol (VRRP) is one of the First Hop Redundancy Protocols that is supported by Cisco. Unlike HSRP and GLBP (which are Cisco proprietary protocols), VRRP is an industry standard protocol.

V.18. Which protocol is the Cisco proprietary implementation of FHRP?

  • HSRP
  • VRRP
  • GLBP
  • CARP

V.19. What are two benefits of using NAT? (Choose two.)

  • A. NAT protects network security because private networks are not advertised.
  • B. NAT accelerates the routing process because no modifications are made on the packets.
  • C. Dynamic NAT facilitates connections from the outside of the network.
  • D. NAT facilitates end-to-end communication when IPsec is enable.
  • E. NAT eliminates the need to re-address all host that require external access.
  • F. NAT conserves addresses through host MAC-level multiplexing.
Show (Hide) Explanation/Reference
By not reveal the internal IP addresses, NAT adds some security to the inside network -> A is correct.

NAT has to modify the source IP addresses in the packets -> B is not correct.

Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct.

In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.

NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.

V.20. Which statement is correct regarding the operation of DHCP?

  • A DHCP client uses a ping to detect address conflicts.
  • A DHCP server uses a gratuitous ARP to detect DHCP clients.
  • A DHCP client uses a gratuitous ARP to detect a DHCP server.
  • If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
  • If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
  • If an address conflict is detected, the address is removed from the pool and will not be reused until the server is rebooted.
Show (Hide) Explanation/Reference
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.

(Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)

V.21. Which value to use in HSRP protocol election process?

  • interface
  • virtual IP address
  • priority
  • router ID
Show (Hide) Explanation/Reference
HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default, the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the group. If all router priorities are equal or set to the default value, the router with the highest IP address on the HSRP interface becomes the active router. Below is an example of assigning HSRP priority of 200 to R1:

R1(config-if)# standby 1 priority 200

V.22. Which of the following is needed to be enable back the role of active in HSRP?

  • preempt
  • priority
  • other options
Show (Hide) Explanation/Reference
The “preempt” command enables the HSRP router with the highest priority to immediately become the active router. For example if we have a new router joining an HSRP of 1 and we want this router becomes the active router immediately (provided it had the highest HSRP priority) then we will need this additional command:

New_Router(config-if)#standby 1 preempt

V.23. What is new in HSRPv2?

  • prempt
  • a greater number in hsrp group field
  • other

V.24. Which command is used to build DHCP pool?

  • ip dhcp pool DHCP
  • ip dhcp conflict
  • ip dhcp-server pool DHCP
  • ip dhcp-client pool DHCP
Show (Hide) Explanation/Reference
The following example shows how to configure a DHCP Server on a Cisco router:

ConfigurationDescription
Router(config)#ip dhcp pool CLIENTSCreate a DHCP Pool named CLIENTS
Router(dhcp-config)#network 10.1.1.0 /24Specifies the subnet and mask of the DHCP address pool
Router(dhcp-config)#default-router 10.1.1.1Set the default gateway of the DHCP Clients
Router(dhcp-config)#dns-server 10.1.1.1Configure a Domain Name Server (DNS)
Router(dhcp-config)#domain-name 9tut.comConfigure a domain-name
Router(dhcp-config)#lease 0 12Duration of the lease (the time during which a client computer can use an assigned IP address). The syntax is “lease{days[hours] [minutes] | infinite}”. In this case the lease is 12 hours. The default is a one-day lease.
Before the lease expires, the client typically needs to renew its address lease assignment with the server
Router(dhcp-config)#exit
Router(config)# ip dhcp excluded-address 10.1.1.1 10.1.1.10The IP range that a DHCP Server should not assign to DHCP Clients. Notice this command is configured under global configuration mode

Note: We checked with both Cisco IOS v12.4 and v15.4 but found no “ip dhcp-server pool” command:

Therefore the answer “ip dhcp-server pool …” is not correct.

V.25. What is the two benefits of DHCP snooping? (Choose two)

  • static reservation
  • DHCP reservation
  • prevent DHCP rouge server
  • prevent untrusted host and servers to connect
Show (Hide) Explanation/Reference
Quick review of DHCP Spoofing and DHCP snooping:

DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down -> Answer D is correct.

The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes -> C is correct.

V.26. Which command is used to configure a switch as an authoritative NTP server?

  • Switch(config)#ntp master 3
  • Switch(config)#ntp peer IP
  • Switch(config)#ntp server IP
  • Switch(config)#ntp source IP
Show (Hide) Explanation/Reference
An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.

V.27. Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?

  • no additional configuration is required
  • standby 1 track Ethernet
  • standby 1 preempt
  • standby 1 priority 250
Show (Hide) Explanation/Reference
When all other routers in the group fail, the local router will not receive any HSRP Hello messages so it will become “active”. Notice that in this case the “preempt” command is not necessary. The “preempt” command is only useful when the local router receives a HSRP Hello message from the active HSRP router with a lower priority (then the local router will decide to take over the active role).

V.28. How to see dhcp conflict?

  • show ip dhcp pool
  • show dhcp database
  • show ip dhcp conflict
  • Other Option.
Show (Hide) Explanation/Reference

V.29. Where does the configuration reside when a helper address is configured to support DHCP?

  • on the switch trunk interface.
  • on the router closest to the client.
  • on the router closest to the server.
  • on every router along the path.

V.30. What is the danger of the permit any entry in a NAT access list?

  • It can lead to overloaded resources on the router.
  • It can cause too many addresses to be assigned to the same interface.
  • It can disable the overload command.
  • It prevents the correct translation of IP addresses on the inside network.
Show (Hide) Explanation/Reference
Using permit any can result in NAT consuming too many router resources, which can cause network problems. You should only limit the NAT access list to a specific range of IP addresses.

V.31. How does a DHCP server dynamically assign IP addresses to hosts?

  • Addresses are permanently assigned so that the host uses the same address at all times.
  • Addresses are assigned for a fixed period of time.
  • Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.
  • Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
Show (Hide) Explanation/Reference
The DHCP lifecycle consists of the following:
Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.

V.32. Which command can you enter to determine the addresses that have been assigned on a DHCP Server?

  • Show ip DHCP database.
  • Show ip DHCP pool.
  • Show ip DHCP binding.
  • Show ip DHCP server statistic.
Show (Hide) Explanation/Reference
http://www.aubrett.com/InformationTechnology/RoutingandSwitching/Cisco/CiscoRouters/
DHCPBindings.aspx
“Router#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
10.16.173.0 24d9.2141.0ddd Jan 12 2013 03:42 AM Automatic”

V.33. Which two command can you enter to display the current time sources statistics on devices? (Choose TWO)

  • Show ntp associations.
  • Show clock details.
  • Show clock.
  • Show time.
  • Show ntp status.
Show (Hide) Explanation/Reference
Maybe the “current time sources” here mention about the status of the clock source. In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is 209.65.200.226), the stratum (st) of this reference clock…

R1#show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.1.2.1         209.65.200.226    9   509    64  200    32.2   15.44  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.

R1#show ntp status
Clock is synchronized, stratum 10, reference is 10.1.2.1
nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18
reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013)
clock offset is 15.4356 msec, root delay is 52.17 msec
root dispersion is 67.61 msec, peer dispersion is 28.12 msec

For more information about these two commands, please read at:
http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html

In fact this question is unclear, but other answers are surely not correct.

V.34. What is the default lease time for a DHCP binding?

  • 24 hours
  • 12 hours
  • 48 hours
  • 36 hours
Show (Hide) Explanation/Reference
By default, each IP address assigned by a DHCP Server comes with a one- day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode:

V.35. Which NAT type is used to translate a single inside address to a single outside address?

  • dynamic NAT
  • NAT overload
  • PAT
  • static NAT
Show (Hide) Explanation/Reference
There are two types of NAT translation: dynamic and static.

Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network

Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.

In this question we only want to translate a single inside address to a single outside address so static NAT should be used.

V.36. What is the effect of the overload keyword in a static NAT translation configuration?

  • It enables port address translation.
  • It enables the use of a secondary pool of IP addresses when the first pool is depleted
  • It enables the inside interface to receive traffic.
  • It enables the outside interface to forward traffic.
Show (Hide) Explanation/Reference
http://www.firewall.cx/networking-topics/network-address-translation-nat/233-nat-overload-part-1.html

V.37. Which statement about the inside interface configuration in a NAT deployment is true?

  • It is defined globally
  • It identifies the location of source addresses for outgoing packets to be translated using access or route maps.
  • It must be configured if static NAT is used
  • It identifies the public IP address that traffic will use to reach the internet.
Show (Hide) Explanation/Reference
When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we are specifying the source IP addresses. Later in the “ip nat” command under global configuration mode, we will specify the access or route map for these source addresses.

For example the command:

Router(config)# ip nat inside source list 1 pool PoolforNAT

after the keyword “source” we need to specify one of the three keywords:

+ list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping

V.38. Which NTP type designates a router without an external reference clock as an authoritative time source?

  • server
  • peer
  • master
  • client

V.39. Which NTP command configures the local devices as an NTP reference clock source?

  • NTP Peer
  • NTP Broadcast
  • NTP Master
  • NTP Server
Show (Hide) Explanation/Reference
From a Cisco perspective, getting the clock from an Internet time source and/or from a local timing device both require the same command (ntp server). To have a specific network device consider itself as a reference clock source, another command is used (ntp master)

For example, the command

Router(config)#ntp server 192.168.1.1

configures the local device to use a remote NTP clock source from 192.168.1.1 while the command:

Router(config)#ntp master 1

configures the local device as a NTP reference clock source with stratum of 1.

Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=2141272

V.40. If you want multiple hosts on a network, where do you configure the setting?

  • in the IP protocol
  • in the multicast interface
  • in the serial interface
  • in the global configuration

V.41. Refer to the exhibit.

Which rule does the DHCP server use when there is an IP address conflict?

  • The address is removed from the pool until the conflict is resolved.
  • The address remains in the pool until the conflict is resolved.
  • Only the IP detected by Gratuitous ARP is removed from the pool.
  • Only the IP detected by Ping is removed from the pool.
  • The IP will be shown, even after the conflict is resolved.
Show (Hide) Explanation/Reference
Explanation:
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP  checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from  the pool. The address will not be assigned until the administrator resolves the conflict.

V.42. Which configuration can be used with PAT to allow multiple inside address to be translated to a single outside address ?

  • Dynamic Routing
  • DNS
  • Preempt
  • overload

V.43. Which command can you enter to create a NAT pool of 6 addresses?

  • Router(config)#ip nat pool test 175.17.12.69 175.17.12.74 prefix-length 24
  • Router(config)#ip nat pool test 175.17.12.69 175.17.13.74 prefix-length 16
  • Router(config)#ip nat pool test 175.17.12.66 175.17.12.72 prefix-length 8
  • Router(config)#ip nat pool test 175.17.12.69 175.17.12.76 prefix-length 8
Show (Hide) Explanation/Reference
The syntax to create a NAT pool is:

Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }

Therefore answer A is surely correct. Answer B is not correct as it creates many addresses (from 12.69 to 12.255 then to 13.74).

Answer C and D are not correct as we cannot use prefix-length of 8 (/8) for a class B subnet.

V.44. While troubleshooting a DCHP client that is behaving erratically, you discover that the client has been assigned the same IP address as a printer that is a static IP address. Which option is the best way to resolve the problem?

  • Configurea static route to the client.
  • Assign the client the same IP address as the router.
  • Move the client to another IP subnet
  • Move the printer to another IP subnet.
  • Reserve the printer IP address.
Show (Hide) Explanation/Reference
In this case the printer is statically assigned an IP address so we have to make sure DHCP server does not assign the same IP address to another device. We can configure the DHCP server with the command “ip dhcp excluded-address <ip-address>” (suppose it is a Cisco device).

V.45. Which three commands are required to enable NTP authentication on a Cisco router? (Choose three)

  • ntp peer
  • ntp max-associations
  • ntp authenticate
  • ntp trusted-key
  • ntp authentication-key
  • ntp refclock
Show (Hide) Explanation/Reference
+ The “ntp authenticate” command is used to enable the NTP authentication feature (NTP authentication is disabled by default).

+ The “ntp trusted-key” command specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. This command provides protection against accidentally synchronizing the device to a time source that is not trusted.

+ The “ntp authentication-key” defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the “ntp trusted-key number” command.

V.46. DRAG DROP. Drag and drop the DHCP client states from the left into the standard order in which the client passes through
them on the right.

Select and Place:

Correct Answer:

V.47. After you configure the ip dns spoofing command globally on a device, under which two conditions is DNS spoofing enabled on the device? (Choose two.)

  • The DNS server queue limit id disabled
  • The ip host command is disabled
  • All configured IP name server addresses are removed
  • The ip dns spoofing command is disabled on the local interface
  • The no ip domain lookup command is configured
Show (Hide) Explanation/Reference
DNS spoofing is designed to allow a router to act as a proxy DNS server and “spoof” replies to any DNS queries using either the configured IP address in the ip dns spoofing ip-address command or the IP address of the incoming interface for the query. This feature is useful for devices where the interface toward the Internet service provider (ISP) is not up. Once the interface to the ISP is up, the router forwards DNS queries to the real DNS servers. This feature turns on DNS spoofing and is functional if any of the following conditions are true: The no ip domain lookup command is configured. IP name server addresses are not configured. There are no valid interfaces or routes for sending to the configured name server addresses.

V.48. DRAG DROP. Drag and drop the DNS lookup commands from the left onto the correct effects on the right.

Select and Place:

Correct Answer:

V.49. DRAG DROP. Drag and drop the protocols from the left onto the correct IP traffic types on the right.

Select and Place:

Correct Answer:

V.50. Which task must you perform to enable an IOS device to use DNS services?

  • configure a relay agent information reforwarding policy
  • configure manual bindings
  • configure the relay agent information option
  • configure a name server

V.51. Which technology allows a large number of private IP address to be represented by a smaller number of public IP addresses?

  • NTP
  • RFC 1918
  • PBR
  • NAT

V.52. Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)

  • inside local
  • inside global
  • inside private
  • outside private
  • external global
  • external local
Show (Hide) Explanation/Reference
NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.

* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.

* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.

* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

V.53. Which statement describes the process of dynamically assigning IP addresses by the DHCP server?

  • Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
  • Addresses are permanently assigned so that the hosts use the same address at all times.
  • Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made.
  • Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease.
Show (Hide) Explanation/Reference
The DHCP lifecycle consists of the following:
Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.

V.54. Refer to the exhibit. What statement is true of the configuration for this network?

  • The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
  • Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
  • The number 1 referred to in the ip nat inside source command references access-list number 1.
  • ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24.
Show (Hide) Explanation/Reference
The “list 1 refers to the access-list number 1.

V.55. When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.)

  • network or subnetwork IP address
  • broadcast address on the network
  • IP address leased to the LAN
  • IP address used by the interfaces
  • manually assigned address to the clients
  • designated IP address to the DHCP server
Show (Hide) Explanation/Reference
Network or subnetwork IP address (for example 11.0.0.0/8 or 13.1.0.0/16) and broadcast address (for example 23.2.1.255/24) should never be assignable to hosts. When try to assign these addresses to hosts, you will receive an error message saying that they can’t be assignable.

V.56. Which two statements about static NAT translations are true? (Choose two.)

  • They allow connections to be initiated from the outside.
  • They require no inside or outside interface markings because addresses are statically defined.
  • They are always present in the NAT table.
  • They can be configured with access lists, to allow two or more connections to be initiated from the outside.
Show (Hide) Explanation/Reference
Static NAT is to map a single outside IP address to a single inside IP address. This is typically done to allow incoming connections from the outside (Internet) to the inside. Since these are static, they are always present in the NAT table even if they are not actively in use

V.57. In a GLBP network, who is responsible for the arp request?

  • AVF
  • AVG
  • Active router
  • Standby Router

V.58. In GLBP, which router will respond to client ARP requests?

  • The active virtual gateway will reply with one of four possible virtual MAC addresses.
  • All GLBP member routers will reply in round-robin fashion.
  • The active virtual gateway will reply with its own hardware MAC address.
  • The GLBP member routers will reply with one of four possible burned in hardware addresses.
Show (Hide) Explanation/Reference
One disadvantage of HSRP and VRRP is that only one router is in use, other routers must wait for the primary to fail because they can be used. However, Gateway Load Balancing Protocol (GLBP) can use of up to four routers simultaneously. In GLBP, there is still only one virtual IP address but each router has a different virtual MAC address. First a GLBP group must elect an Active Virtual Gateway (AVG). The AVG is responsible for replying ARP requests from hosts/clients. It replies with different virtual MAC addresses that correspond to different routers (known as Active Virtual Forwarders – AVFs) so that clients can send traffic to different routers in that GLBP group (load sharing).

V.59. Which statement describes VRRP object tracking?

  • It monitors traffic flow and link utilization.
  • It ensures the best VRRP router is the virtual router master for the group.
  • It causes traffic to dynamically move to higher bandwidth links.
  • It thwarts man-in-the-middle attacks.
Show (Hide) Explanation/Reference
Object tracking is the process of tracking the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group

V.60. What are three benefits of GLBP? (Choose three.)

  • GLBP supports up to eight virtual forwarders per GLBP group.
  • GLBP supports clear text and MD5 password authentication between GLBP group members.
  • GLBP is an open source standardized protocol that can be used with multiple vendors.
  • GLBP supports up to 1024 virtual routers.
  • GLBP can load share traffic across a maximum of four routers.
  • GLBP elects two AVGs and two standby AVGs for redundancy.

V.61. Which three statements about HSRP operation are true? (Choose three.)?

  • The virtual IP address and virtual MAC address are active on the HSRP Master router.
  • The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
  • HSRP supports only clear-text authentication
  • The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
  • The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
  • HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.
Show (Hide) Explanation/Reference
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic5
“The active router sources hello packets from its configured IP address and the HSRP virtual MAC address. The standby router sources hellos from its configured IP address and the burned-in MAC address (BIA).”
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic14
“By default, these timers are set to 3 and 10 seconds, respectively…” http://www.cisco.com/c/en/us/support/docs/switches catalyst-6000-series-switches/29545-168.html#q1
Load Sharing with HSRP
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html#conf
“…has a 256 unique HSRP group ID limit.”
“…the allowed group ID range (0-255). … MSFC2A (Supervisor Engine 32) can use any number of group IDs from that range.

V.62. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?

  • VRRP
  • GLBP
  • TFTP
  • DHCP
Show (Hide) Explanation/Reference
Virtual Router Redundancy Protocol (VRRP) is one of the First Hop Redundancy Protocols that is supported by Cisco. Unlike HSRP and GLBP (which are Cisco proprietary protocols), VRRP is an industry standard protocol.

V.63. Which NAT function can map multiple inside addresses to a single outside address?

  • PAT
  • SFTP
  • RARP
  • ARP
  • TFTP
Show (Hide) Explanation/Reference
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

V.64. Which three options are the HSRP states for a router? (Choose three)

  • initialize
  • learn
  • secondary
  • listen
  • speak
  • primary
Show (Hide) Explanation/Reference
HSRP consists of 6 states:

StateDescription
InitialThis is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on
LearnThe router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.
ListenThe router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.
SpeakThe router sends periodic HSRP hellos and participates in the election of the active or standby router.
StandbyIn this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)
ActiveThe router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages

Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.

V.65. Which NTP command configures the local device as an NTP reference clock source?

  • ntp peer
  • ntp broadcast
  • ntp master
  • ntp server

V.66. Which technology supports the stateless assignment of IPv6 addresses? (Choose two.)

  • DNS
  • DHCPv6
  • DHCP
  • autoconfiguration
Show (Hide) Explanation/Reference
DHCPv6 Technology Overview
IPv6 Internet Address Assignment Overview
IPv6 has been developed with Internet Address assignment dynamics in mind. Being aware that IPv6 Internet addresses are 128 bits in length and written in hexadecimals makes automation of address- assignment an important aspect within network design. These attributes make it inconvenient for a user to manually assign IPv6 addresses, as the format is not naturally intuitive to the human eye. To facilitate address assignment with little or no human intervention, several methods and technologies have been developed to automate the process of address and configuration parameter assignment to IPv6 hosts. The various IPv6 address assignment methods are as follows:

1. Manual Assignment
An IPv6 address can be statically configured by a human operator. However, manual assignment is quite
open to errors and operational overhead due to the 128 bit length and hexadecimal attributes of the addresses, although for router interfaces and static network elements and resources this can be an appropriate solution.
2. Stateless Address Autoconfiguration (RFC2462)
Stateless Address Autoconfiguration (SLAAC) is one of the most convenient methods to assign Internet
addresses to IPv6 nodes. This method does not require any human intervention at all from an IPv6 user. If one wants to use IPv6 SLAAC on an IPv6 node, it is important that this IPv6 node is connected to a network with at least one IPv6 router connected. This router is configured by the network administrator and sends out Router Advertisement announcements onto the link. These announcements can allow the on-link connected IPv6 nodes to configure themselves with IPv6 address and routing parameters, as specified in RFC2462, without further human intervention.
3. Stateful DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) has been standardized by the IETF through
RFC3315. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to “IPv6 Stateless Address Autoconfiguration” (RFC 2462), and can be used separately, or in addition to the stateless autoconfiguration to obtain configuration parameters.
4. DHCPv6-PD
DHCPv6 Prefix Delegation (DHCPv6-PD) is an extension to DHCPv6, and is specified in RFC3633. Classical
DHCPv6 is typically focused upon parameter assignment from a DHCPv6 server to an IPv6 host running a DHCPv6 protocol stack. A practical example would be the stateful address assignment of “2001:db8::1” from a DHCPv6 server to a DHCPv6 client. DHCPv6-PD however is aimed at assigning complete subnets and other network and interface parameters from a DHCPv6-PD server to a DHCPv6-PD client. This means that instead of a single address assignment, DHCPv6-PD will assign a set of IPv6 “subnets”. An example could be the assignment of “2001:db8::/60” from a DHCPv6-PD server to a DHCPv6-PD client. This will allow the DHCPv6-PD client (often a CPE device) to segment the received address IPv6 address space, and assign it dynamically to its IPv6 enabled interfaces.
5. Stateless DHCPv6
Stateless DHCPv6 is a combination of “stateless Address Autoconfiguration” and “Dynamic Host Configuration Protocol for IPv6” and is specified by RFC3736. When using stateless-DHCPv6, a device will use Stateless Address Auto-Configuration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive “additional parameters” which may not be available through SLAAC. For example, additional parameters could include information such as DNS or NTP server addresses, and are provided in a stateless manner by DHCPv6. Using stateless DHCPv6 means that the DHCPv6 server does not need to keep track of any state of assigned IPv6 addresses, and there is no need for state refreshment as result. On network media supporting a large number of hosts associated to a single DHCPv6 server, this could mean a significant reduction in DHCPv6 messages due to the reduced need for address state refreshments. From Cisco IOS 12.4(15)T onwards the client can also receive timing information, in addition to the “additional parameters” through DHCPv6. This timing information provides an indication to a host when it should refresh its DHCPv6 configuration data. This behavior (RFC4242) is particularly useful in unstable environments where changes are likely to occur.

V.67. DRAG DROP. Order the DHCP message types as they would occur between a DHCP client and a DHCP server.

Select and Place:

Correct Answer:

V.68. Which command can you enter to troubleshoot the failure of address assignment?

  • sh ip dhcp database
  • sh ip dhcp pool
  • sh ip dhcp import
  • sh ip dhcp server statistics
Show (Hide) Explanation/Reference
The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself.

R1#show ip dhcp pool
Pool SERVER :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0 
 Total addresses                : 1
 Leased addresses               : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.16.200.100       172.16.200.100   - 172.16.200.100    1

V.69. Which command can you enter to verify that a router is synced with a configures time source?

  • show ntp authenticate
  • ntp associations
  • ntp server time
  • ntp authenticate
  • show ntp associations
Show (Hide) Explanation/Reference
In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is 209.65.200.226), the stratum (st) of this reference clock and if a router is synced with the configured time source (in this case R1 is synchronized with 10.1.2.1, presented by a “*”).

R1#show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.1.2.1         209.65.200.226    9   509    64  200    32.2   15.44  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

V.70. Which statement about QoS default behavior is true?

  • Ports are untrusted by default.
  • VoIP traffic is passed without being tagged.
  • Video traffic is passed with a well-known DSCP value of 46.
  • Packets are classified internally with an environment.
  • Packets that arrive with a tag are untagged at the edge of an administrative domain.
Show (Hide) Explanation/Reference

Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used. Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.

V.71. What is the authoritative source for an address lookup?

  • a recursive DNS search
  • the operating system cache
  • the ISP local cache
  • the browser cache

V.72. Which configuration command can you apply to a HSRP router so that its local interface becomes active if all other routers in the group fail?

  • Router(config)#standby 1 priority 250
  • No additional configuration is required
  • Router(config)#standby 1 preempt
  • Router(config)#standby 1 track Ethernet

V.73. Which option is the benefit of implementing an intelligent DNS for a cloud computing solution?

  • It reduces the need for a backup data center.
  • It can redirect user requests to locations that are using fewer network resources.
  • It enables the ISP to maintain DNS records automatically.
  • It eliminates the need for a GSS.

V.74. Which value is used to determine the active router in an HSRP default configuration?

  • Router loopback address
  • Router IP address
  • Router priority
  • Router tracking number

V.75. What is a valid HSRP virtual MAC address?

  • 007.3313.9734
  • 0000.0C07.AC15
  • 0007.B400.AE01
  • 0000.5E00.01A3
Show (Hide) Explanation/Reference
With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP.

+ With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group. Therefore C is correct.
+ With HSRP version 2, the virtual MAC address is 0000.0C9F.Fxxx, in which xxx is the HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.

(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

V.75. Requirement to configure DHCP binding ( 2 options)

  • DHCP pool
  • ip address
  • Hardware address
  • other option
Show (Hide) Explanation/Reference
An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hoststhat are found in the DHCP database.

All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:

ip dhcp pool SERVER
host 172.16.200.100 255.255.255.0
client-identifier 01aa.bbcc.0003.00
default-router 172.16.200.1 
!

Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html

In fact the “DHCP pool” option is also correct but two above choices are better.


Related Articles

guest
113 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments