CCNA ICND1 Certification

Which of the following does NOT describe TCP?

Options are :

  • Does not guarantee delivery of segments (Correct)
  • Performs error detection and recovery
  • Performs "windowing"
  • Is considered "connection-oriented"
  • Operates at Layer 4 of the OSI networking model
  • Operates at the Transport layer of the OSI networking model

Answer : Does not guarantee delivery of segments

Explanation One of the things we love about TCP is that it guarantees delivery of segments. In addition, TCP does perform error detection and recovery, it performs windowing, and it's connection-oriented. It runs at Layer 4 of the OSI model; that layer is named the Transport layer.

Test : CCNA Cyber Ops - SECOPS # 210-255

Which of the following does NOT describe UDP?   Choose three.

Options are :

  • Guarantees delivery of segments. (Correct)
  • Performs error detection via "windowing" (Correct)
  • Is considered "connectionless"
  • Runs at Layer 4 of the OSI networking model
  • Runs at the Network layer of the OSI networking model (Correct)

Answer : Guarantees delivery of segments. Performs error detection via "windowing" Runs at the Network layer of the OSI networking model

Explanation UDP performs "best-effort" delivery as opposed to guaranteed delivery. Also, UDP doesn't perform error detection, nor does it perform windowing. UDP does run at Layer 4 of the OSI model, which is the Transport layer, not the Network layer.

Which of the following best describes the order of messages in the TCP three-way handshake?

Options are :

  • SYN, SYN/ACK, ACK (Correct)
  • SYN, ACK, SYN/ACK
  • SYN, SYN/ACK, ACK, FIN
  • SYN, ACK, SYN/ACK, FIN
  • ACK, SYN, FIN
  • SYN, ACK, SYN/ACK, FIN

Answer : SYN, SYN/ACK, ACK

Explanation The TCP three-way handshake: Initiator sends SYN; recipient of SYN sends SYN/ACK back to initiator; initiator sends ACK back to recipient.

Which of the following statements are true regarding error detection and recovery at the Transport layer of the OSI model?   Choose three.

Options are :

  • When the segment recipient sends an ACK back to the host, that ACK contains a sequence number that matches the last segment received by the recipient.
  • When the segment recipient sends an ACK back to the host, that ACK contains a sequence number that matches the next sequence number the recipient expects to see. (Correct)
  • The cumulative acknowledgement scheme makes error detection and recovery possible. (Correct)
  • Both TCP and UDP offer error detection and recovery.
  • Only TCP offers error detection and recovery. (Correct)
  • Only UDP offers error detection and recovery.

Answer : When the segment recipient sends an ACK back to the host, that ACK contains a sequence number that matches the next sequence number the recipient expects to see. The cumulative acknowledgement scheme makes error detection and recovery possible. Only TCP offers error detection and recovery.

Explanation Only TCP offers error detection and recovery, and it does so via the cumulative acknowledgement scheme. In short, that scheme has the recipient send an ACK back to the sender, identifying the next sequence number it expects to see. If that doesn't match up with the next sequence number the sender was planning on using, the sender knows some segments were lost.

CCNA Cyber Ops - SECFND # 210-250

Identify the true statements regarding flow control and windowing at the Transport layer of the OSI model.   Choose three.

Options are :

  • Both TCP and UDP offer these features.
  • Only TCP offers these features. (Correct)
  • Only UDP offers these features.
  • Flow control allows the data sender to control the speed of the data flow by continually querying the recipient as to whether they can handle a quicker data flow (or not).
  • Flow control allows the data recipient to control the speed of the data flow by telling the sender when to slow down and when to speed up. (Correct)
  • The size of the window is static and is set on the data sender.
  • The size of the window is static and is set on the data recipient.
  • The size of the window is dynamic and is controlled by the data sender.
  • The size of the window is dynamic and is controlled by the data recipient. (Correct)

Answer : Only TCP offers these features. Flow control allows the data recipient to control the speed of the data flow by telling the sender when to slow down and when to speed up. The size of the window is dynamic and is controlled by the data recipient.

Explanation A TCP-only feature, flow control allows the data recipient to control how fast the data sender actually sends that data. This is done by the recipient changing the size of the window, a dynamic value that tells the sender how much data it can send before it must receive an ACK from the data recipient.

Certification : CCNA Cyber Ops - SECFND # 210-250

What single word describes the major drawback to using TCP over UDP?

Options are :

  • overhead (Correct)
  • synchronization
  • handshake
  • transport
  • acknowledgement
  • sequence

Answer : overhead

Explanation TCP has huge overhead when compared to UDP. That's the main reason that UDP is used over TCP, even though TCP has several great features that UDP does not. All of those TCP features come at a cost, and that cost is high overhead.

Which of the following use UDP?  Choose two.

Options are :

  • DHCP, which uses UDP exclusively (Correct)
  • DNS , which uses both TCP and UDP (Correct)
  • DNS, which uses UDP exclusively
  • DHCP, which uses both TCP and UDP
  • FTP, which uses UDP exclusively
  • FTP, which uses both TCP and UDP

Answer : DHCP, which uses UDP exclusively DNS , which uses both TCP and UDP

Explanation DNS uses both UDP and TCP at port 53; DHCP uses UDP exclusively at ports 67 and 68 (server and client, respectively). FTP uses only TCP at ports 20 and 21.

Sometimes used in describing TCP and UDP operation, a socket is the combination of what two logical values?

Options are :

  • IP address and port number (Correct)
  • MAC address and port number
  • Port number and L4 address
  • Port number and L1 address

Answer : IP address and port number

Explanation A "socket" is the combination of an IP address and port number. For example, Telnet traffic at host 10.1.1.1 could be expressed as 10.1.1.1:23. It can also be expressed as (IP address, transport protocol, port number). In that case, this socket would be (10.1.1.1, TCP, 23).

Certification : CCNA Cyber Ops - SECOPS # 210-255

At what point during the CSMA/CD process can a host transmit?

Options are :

  • After it has listened to the wire and determined no other host is currently sending data. (Correct)
  • After it listens for and detects a jam signal.
  • Once the "transmit token" has been received.
  • When it is that host's turn, as CSMA/CD operates in a round-robin manner, ensuring every host has the opportunity to transmit.
  • With CSMA/CD, the host can transmit immediately, with no waiting.

Answer : After it has listened to the wire and determined no other host is currently sending data.

Explanation When CSMA/CD is in effect, a host must first listen to the wire to be sure no other host is already transmitting. If no one else is currently sending data, that host can go forward with doing just that.

Identify the true statements regarding "late collisions".    Choose four.

Options are :

  • They're called "late" since they occur only after the 512th bit of a frame is transmitted. (Correct)
  • Exceeding cable limitations may result in late collisions. (Correct)
  • Duplex mismatches often result in late collisions. (Correct)
  • CDP is an excellent tool with which to detect late collisions, as is the output of "show interface". (Correct)
  • They're referred to as "late" since they happen after the 256th bit of the frame is sent.
  • They cannot be detected by any service available on a Cisco router; a network analyzer of some kind is required.
  • Creation of more than 100 VLANs on the same switch is likely to result in late collisions.

Answer : They're called "late" since they occur only after the 512th bit of a frame is transmitted. Exceeding cable limitations may result in late collisions. Duplex mismatches often result in late collisions. CDP is an excellent tool with which to detect late collisions, as is the output of "show interface".

Explanation The scoop(s) on late collisions: They occur only after the 512th bit of a frame has been sent, they can be caused by exceeding cable limitations or duplex mismatches; CDP will scream at you about duplex mismatches, but you may not have CDP on, so you can also use the output of show interface to see if the late collision ticker is incrementing.

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which of the following statements are true regarding CSMA/CD?  Choose two.

Options are :

  • Ports running in half-duplex have to be concerned with CSMA/CD, but full-duplex ports do not. (Correct)
  • The speed of a port does not determine whether a port needs to use CSMA/CD. (Correct)
  • The "jam signal" indicates that all hosts can send data after listening to the wire.
  • The backoff timer is a non-random value. Set to 2 seconds by default, it can be changed with the switchport csma-cd backoff timer command.

Answer : Ports running in half-duplex have to be concerned with CSMA/CD, but full-duplex ports do not. The speed of a port does not determine whether a port needs to use CSMA/CD.

Explanation Only ports running in half-duplex have to be concerned with CSMA/CD. The speed of the port is immaterial. The jam signal actually indicates that hosts should not transmit, and the backoff timer is a random value (set to milliseconds, too!)

Test : CCNA Cyber Ops - SECOPS # 210-255

Which network device lends itself to a process known as microsegmentation?

Options are :

  • Switch (Correct)
  • Router
  • Hub
  • Repeater
  • Wireless Router
  • Bridge

Answer : Switch

Explanation "Microsegmentation" is the technical term for "one port, one collision domain". Every port on a switch is its own little collision domain; therefore, collisions literally cannot occur.

What value or protocol does a switch use to dynamically build a MAC address table?

Options are :

  • Source MAC address of incoming packets (Correct)
  • Destination MAC of incoming packets
  • ARP
  • CDP
  • Source IP address of incoming packet
  • Destination address of incoming packet

Answer : Source MAC address of incoming packets

Explanation The first value examined on an incoming frame is the source MAC address, and here's one reason why -- that's the value a switch uses to dynamically build its MAC address table.

Test : CCNA Cyber Ops - SECOPS # 210-255

Host C is sending a frame to Host A.    The destination of aaaa-aaaa-aaaa is known to the switch.  Which of the following actions will the switch take on the frame?

Options are :

  • Forward (Correct)
  • Flood
  • Filter

Answer : Forward

Explanation When the switch receives a unicast (a frame destined for one host and one host only) and there is an entry for that address in the switch's MAC table, the switch will forward the frame, meaning the switch forwards the frame only out the port that leads to that particular host.

In which of the following scenarios will a switch filter a frame?

Options are :

  • The source and destination MAC addresses are off the same port. (Correct)
  • The source MAC is unknown to the switch.
  • The destination MAC is unknown to the switch.
  • The source IP is unknown to the switch.
  • The destination IP is unknown to the switch.
  • The destination MAC is ff-ff-ff-ff-ff-ff.
  • The source and destination IP addresses are found off the same port.

Answer : The source and destination MAC addresses are off the same port.

Explanation A switch will filter (drop) a frame in the rare instance that the source and destination MAC addresses are found off the same port.

CCNA Cyber Ops - SECFND # 210-250

A switch will flood a frame under which of the following scenarios?    Choose two.

Options are :

  • The destination MAC of the frame is ff-ff-ff-ff-ff-ff. (Correct)
  • The frame is an unknown unicast. (Correct)
  • The frame is a known unicast.
  • The source MAC of the frame is ff-ff-ff-ff-ff-ff.
  • The source IP of the frame is 255.255.255.255.
  • The destination IP of the frame is 255.255.255.255.

Answer : The destination MAC of the frame is ff-ff-ff-ff-ff-ff. The frame is an unknown unicast.

Explanation If the frame is a Layer 2 broadcast, it'll have a destination MAC of ff-ff-ff-ff-ff-ff, and the switch will flood it. A switch will also forward an unknown unicast frame -- a frame that is a unicast, but the destination MAC of said frame is unknown to the switch.

One of the three frame processing methods used by Cisco switches is store-and-forward.  Which of the following statements are true of this method?  Choose three.

Options are :

  • The switch receives the entire frame before forwarding begins. (Correct)
  • Offers the highest level of error detection of the three processing methods. (Correct)
  • Is considered the slowest of the three methods. (Correct)
  • The switch begins to forward the frame before the entire frame is actually received.
  • Offers little if any error detection.
  • Is considered the fastest of the three processing methods.

Answer : The switch receives the entire frame before forwarding begins. Offers the highest level of error detection of the three processing methods. Is considered the slowest of the three methods.

Explanation The scoops on store-and-forward: The entire frame is received before forwarding begins (hence the name!), this method offers the highest level of error detection thanks to the Frame Check Sequence, and it's considered the slowest of the three methods.

One of the three frame processing methods available to Cisco switches is cut-through switching.  Which three of the following statements are true regarding this method?   Choose three.

Options are :

  • It's considered the fastest of the three methods. (Correct)
  • Offers zero error detection. (Correct)
  • Frame forwarding actually begins before the entire frame is received. (Correct)
  • It's the slowest of the three methods.
  • Offers some error detection, but not the best.
  • The frame is received in full before forwarding begins.

Answer : It's considered the fastest of the three methods. Offers zero error detection. Frame forwarding actually begins before the entire frame is received.

Explanation Cut-through switching is the fastest of the three methods, but there's quite a tradeoff for that speed -- zero error detection. Cut-through is the fastest of the three methods since it begins forwarding the frame before the entire frame is received.

Test : CCNA Cyber Ops - SECOPS # 210-255

Fragment-free processing is one of the three frame processing methods.    Which three of the following statements are true of fragment-free processing?

Options are :

  • It's the fastest of the three.
  • Checks only the first 64 bytes for corruption. (Correct)
  • It's the slowest of the three.
  • Checks only the first 128 bytes for corruption.
  • Is faster than one other method but slower than the other. (Correct)
  • Offers more error detection than one of the other methods, but less than the other remaining method. (Correct)

Answer : Checks only the first 64 bytes for corruption. Is faster than one other method but slower than the other. Offers more error detection than one of the other methods, but less than the other remaining method.

Explanation Fragment-free processing checks only the first 64 bytes of a frame for corruption, giving us less error detection than store-and-forward but more than cut-through. As for speed, it's faster than store-and-forward but slower than cut-through.

Which part of the MAC address 11-22-33-aa-bb-cc is the OUI?

Options are :

  • 11-22-33 (Correct)
  • aa-bb-cc
  • 22-33-aa
  • 33-aa-bb
  • The entire address is considered the OUI.
  • No part of a MAC address is considered to be part of the OUI.

Answer : 11-22-33

Explanation The Organizationally Unique Identifier identifies the hardware vendor, and it's the first half of the MAC address (the first 24 bits).

What decimal is represented by the hex character F?

Options are :

  • 15 (Correct)
  • 10
  • 8
  • 0
  • 255
  • 1

Answer : 15

Explanation A quick binary review: a = 10, b = 11, c =12, d = 13, e = 14, f = 15. The case of the letter does not matter. A or a -- they both equal 10.

QA : CCNA Cyber Ops - SECOPS # 210-255

What decimal is represented by the hex value f7?

Options are :

  • 247 (Correct)
  • 198
  • 255
  • 87
  • 22
  • 210

Answer : 247

Explanation With a two-hex value, the first character represents units of 16 and the second represents units of 1. We have 15 ("f") units of 16 and 7 units of 1. 15 x 16 = 240. Add 7 to that and you have 247.

What hex value is represented by the decimal 27?

Options are :

  • 1b (Correct)
  • b1
  • F
  • 28
  • 4A
  • b42

Answer : 1b

Explanation For a decimal-to-hex conversion when the decimal is less than 256, just divide the decimal by 16 and then convert the result and the remainder to hex. (This is easier done than said.) We were given 27; dividing 27 by 16 gives us 1 with a remainder of 11. In short, we have 1 unit of 16 and 11 units of 1, represented in hex as 1B.

What decimal is represented by the hex value 21C?

Options are :

  • 540 (Correct)
  • 255
  • 789
  • 487
  • 512

Answer : 540

Explanation With a three-character hex value, the first is units of 256 (16 x 16), the second is units of 16, and the third is units of 1. We have 2 units of 256, 1 unit of 16, and 12 units of 1. 512 + 16 + 12 = 540.

CCNA ICND1 Mock

A Cisco switch is at all its default settings.   Every port on the switch belongs to which VLAN(s)?   Choose two.

Options are :

  • 1 (Correct)
  • The native VLAN. (Correct)
  • 0
  • 255
  • There is no default VLAN.
  • 1001 - 1005

Answer : 1 The native VLAN.

Explanation By default, all ports on a Cisco switch belong to the default VLAN, VLAN 1. The term "native VLAN" is simply another term for the default VLAN, so that is also a correct choice.

You just put a port into a VLAN that has not yet been created on the switch.   Which two things will happen as a result?   Choose two.

Options are :

  • The switch will create the VLAN and put the port into that VLAN, just as you wanted. (Correct)
  • The VLAN creation will be noted in VLAN.DAT. (Correct)
  • The switch will return an error and prompt you to create the VLAN.
  • CDP will be deactivated on that port.
  • The VLAN creation will be noted in VLAN.EXE.

Answer : The switch will create the VLAN and put the port into that VLAN, just as you wanted. The VLAN creation will be noted in VLAN.DAT.

Explanation In this situation, the switch will be kind enough to create the VLAN for you and put the port into the VLAN, just like you wanted! The VLAN creation is also noted in the VLAN.DAT file.

Test : CCNA Cyber Ops - SECOPS # 210-255

You want to totally initialize a Cisco switch.  You ran write erase and then reloaded the switch.  When the switch reloads, the startup config is gone but several non-default VLANs are plainly visible when you run show vlan brief.  What else should you have done before running write erase?

Options are :

  • Delete the VLAN.dat file. (Correct)
  • Erase the running configuration.
  • Erase the boot files.
  • Delete the contents of RAM.
  • Delete the contents of NVRAM.

Answer : Delete the VLAN.dat file.

Explanation To get rid of all VLANs, you need to erase the vlan.dat file with "delete vlan.dat". This can actually be a little tricky; check my YouTube channel for a video showing you how to do this.

Which four of the following statements are true regarding VLANs?   Choose three.

Options are :

  • VLANs allow you to group users logically rather than being limited to physical groupings. (Correct)
  • VLANs are a help to network security, since you can "hide" sensitive hosts from the rest of the network by putting them in their own VLAN. (Correct)
  • Since each VLAN is a separate broadcast domain, creating multiple VLANs limits the scope of broadcasts and in turn helps prevent broadcast storms. (Correct)
  • Each VLAN is a collision domain unto itself, so the overall number of collisions in the network is limited.
  • Any and all VLANs can be deleted.
  • Inter-VLAN communication can take place on a Layer 2 switch.

Answer : VLANs allow you to group users logically rather than being limited to physical groupings. VLANs are a help to network security, since you can "hide" sensitive hosts from the rest of the network by putting them in their own VLAN. Since each VLAN is a separate broadcast domain, creating multiple VLANs limits the scope of broadcasts and in turn helps prevent broadcast storms.

Explanation VLANs are a huge boost to you and I, the network admins, and here are three reasons why: We can logically group users (typically by department, but not always); they bring a bit of additional security by allowing us to logically segment our network and hide sensitive hosts; finally, since each VLAN is a broadcast domain, the chances of a broadcast storm are lessened by their creation.

Certification : CCNA Cyber Ops - SECOPS # 210-255

Creating multiple VLANs has which of the following two effects on a switch?   Choose two.

Options are :

  • More broadcast domains (Correct)
  • Same number of collision domains (Correct)
  • Fewer broadcast domains
  • Fewer collision domains
  • More collision domains
  • Same number of broadcast domains

Answer : More broadcast domains Same number of collision domains

Explanation Each VLAN is a broadcast domain, so the more VLANs you have, the more broadcast domains you have. Creating multiple VLANs does not affect the number of collision domains.

QA : CCNA Cyber Ops - SECOPS # 210-255

Identify the true statements regarding the Cisco-proprietary trunking protocol.  Choose three.

Options are :

  • This is ISL. (Correct)
  • This is IEEE 802.1q ("dot1q")
  • The entire frame is encapsulated before it's sent across the trunk. (Correct)
  • It doesn't recognize the native VLAN concept. (Correct)
  • Only a small header is added to the frame before it's sent across the trunk.
  • Frames destined for the native VLAN are not encapsulated nor do they have a header added.

Answer : This is ISL. The entire frame is encapsulated before it's sent across the trunk. It doesn't recognize the native VLAN concept.

Explanation The Cisco-proprietary trunking protocol is ISL, which encapsulates every single frame sent across the trunk. ISL doesn't recognize the native VLAN concept.

Which three of the following statements describe the non-Cisco-proprietary trunking protocol?  Choose three.

Options are :

  • The non-Cisco-proprietary trunking protocol is IEEE 802.1q, generally referred to as simply "dot1q". (Correct)
  • This trunking protocol adds only a 4-byte value indicating the VLAN ID, and even this small overhead is not added to frames destined for the native VLAN. (Correct)
  • This trunking protocol does not encapsulate any frames. (Correct)
  • The non-Cisco-proprietary trunking protocol is ISP, the Inter-Switch Protocol.
  • This trunking protocol encapsulates all frames before they're sent across the trunk.
  • This particular protocol doesn't recognize native VLANs.

Answer : The non-Cisco-proprietary trunking protocol is IEEE 802.1q, generally referred to as simply "dot1q". This trunking protocol adds only a 4-byte value indicating the VLAN ID, and even this small overhead is not added to frames destined for the native VLAN. This trunking protocol does not encapsulate any frames.

Explanation The non-Cisco-proprietary trunking protocol is dot1q. Dot1q is the industry standard trunking protocol, so it can run on any switch, Cisco or otherwise. It does not encapsulate frames. It inserts a 4-byte value indicating the VLAN ID into the Ethernet header, and if a frame is destined for the native VLAN, dot1q doesn't even add that small bit of overhead!

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions