CCNA ICND1 Certification Exam

To which VLANs does a trunk port belong?

Options are :

  • Every VLAN the switch knows about. (Correct)
  • Only the default VLANs.
  • VLAN 1 only.
  • Only the non-default VLANs.
  • None of them.

Answer : Every VLAN the switch knows about.

Explanation By default, a trunk port belongs to every VLAN the switch knows about. For that reason, trunk ports will not be seen in the output of show vlan brief. Instead, run show interface trunk to see info regarding trunk ports.

To how many VLANs does an access port belong?

Options are :

  • One and only one. (Correct)
  • All VLANs known to the switch.
  • Access ports do not belong to VLANs.
  • An access port belongs to all default VLANs.
  • An access port belongs to the exact same VLANs the highest numbered trunking port on that switch belongs to.

Answer : One and only one.

Explanation An access port belongs to one VLAN and one VLAN only. By default, that's VLAN 1.

Which of the following is true of native VLANs and trunks?  Choose two.

Options are :

  • The native VLAN must match between trunking switches or an error message will result. (Correct)
  • If the native VLAN is different on trunking switches, a frame sent for one VLAN will be handled as if it were actually destined for another VLAN by the receiving switch. (Correct)
  • A native VLAN mismatch between switches will cause no operational issues.
  • Both the industry standard and Cisco-proprietary trunking protocols support the native VLAN.

Answer : The native VLAN must match between trunking switches or an error message will result. If the native VLAN is different on trunking switches, a frame sent for one VLAN will be handled as if it were actually destined for another VLAN by the receiving switch.

Explanation If the native VLANs on trunking switches do not match up, you're in for a world of hurt. First, you'll get VERY annoying error messages on your screen every few seconds. Also, since dot1q doesn't tag frames from the native VLAN, a mismatch results in the frames being incorrectly handled by the remote switch. For example, if SW1 sees VLAN 1 as the native VLAN and SW2 sees VLAN 10 as the native VLAN, SW2 will send untagged frames to VLAN 10 even though SW1 intended them to go to VLAN 1. A mess, right? Right! Keep your native VLANs the same!

Identify the true statements regarding VTP.  Choose three.

Options are :

  • The VTP domain name is case-sensitive. (Correct)
  • VTP v3 offers cryptography for the VTP domain password and previous versions do not. (Correct)
  • The default VTP mode is server mode. (Correct)
  • All three VTP modes allow the switch to delete VLANs.
  • By default, a Cisco switch is in a VTP domain.

Answer : The VTP domain name is case-sensitive. VTP v3 offers cryptography for the VTP domain password and previous versions do not. The default VTP mode is server mode.

Explanation A little info on the wrong answers: Client mode does not allow the switch to delete or modify (add hosts to) VLANs, and by default a Cisco switch is not in a VTP domain.

Which of the following statements are correct?

Options are :

  • When connecting a switch port to a router, use a straight-through cable. (Correct)
  • When connecting a switch to another switch for the purpose of trunking, use a crossover cable. (Correct)
  • When you connect a laptop's console port directly to a Cisco device's console port, you'll need a rollover cable. (Correct)
  • When connecting one router's serial port directly to another router's serial port, use a crossover cable.
  • When connecting a laptop's console port directly to a Cisco device's console port, use a crossover cable.
  • When connecting one switch to another switch directly, use a rollover cable to connect any port on the first switch to any port on the second.

Answer : When connecting a switch port to a router, use a straight-through cable. When connecting a switch to another switch for the purpose of trunking, use a crossover cable. When you connect a laptop's console port directly to a Cisco device's console port, you'll need a rollover cable.

Explanation To connect a switch to a router's ethernet-based port, use a straight-through cable. Use crossover cables to connect two switches. You'll always want a rollover cable in your bag, since that's what you need to connect your laptop to a router or switch via the console port.

Which of the following OSI layers is accompanied by the correct data unit for that layer?

Options are :

  • Layer 3: Packets (Correct)
  • Layer 2: Frames (Correct)
  • Layer 4: Segments (Correct)
  • Layer 1: Bits (Correct)
  • Layer 5: Segments
  • Layer 1: Frames
  • Layer 2: Bits
  • Layer 3: Frames

Answer : Layer 3: Packets Layer 2: Frames Layer 4: Segments Layer 1: Bits

Explanation From Layer 4 down, we have segments, then packets with L3 addresses, then frames with L2 addresses, and at Layer 1 it's all ones and zeroes -- bits, that is!

If an Ethernet-based port is running CSMA/CD, which of the following is definitely FALSE regarding that port?

Options are :

  • It's running at full duplex. (Correct)
  • It's running at half duplex.
  • It's running in auto-duplex mode.
  • It's a Fast Ethernet port.
  • It's a Gig Ethernet port.

Answer : It's running at full duplex.

Explanation The only time an Ethernet-based port will run CSMA/CD is when that port is running in half-duplex mode, where it can send or receive but cannot do both at the same time. That's why we like full duplex ports, which can send and receive at the same time.

Identify the true statements regarding switches.   Choose three.

Options are :

  • They run at Layer 2 of the OSI model. (Correct)
  • As you create VLANs, you're creating more broadcast domains. (Correct)
  • When you perform microsegmentation on a switch, you're lowering the chance of a data collision but increasing the number of collision domains. (Correct)
  • By default, a Cisco switch operates at both Layer 2 and Layer 3 of the OSI model.
  • The creation of more VLANs results in an overall lower number of broadcast domains.
  • Enabling microsegmentation on a Cisco switch results in more data colisions.

Answer : They run at Layer 2 of the OSI model. As you create VLANs, you're creating more broadcast domains. When you perform microsegmentation on a switch, you're lowering the chance of a data collision but increasing the number of collision domains.

Explanation The term "switch" refers to a switch that runs only at Layer 2 of the OSI model. ( Even so, "Layer 3 switches" do not run at both L2 and L3 by default.) As we add VLANs to the network, we're adding more broadcast domains, which is actually a good thing as we lessen the scope of broadcasts. Microsegmentation refers to the "one port, one collision domain" situation we have on modern switches; each port is its own little collision domain, which results in fewer data collisions. And that is a VERY good thing!

What protocol resolves a known IP address to an unknown MAC address?

Options are :

  • ARP (Correct)
  • DNS
  • DHCP
  • HTTP
  • TCP
  • UDP

Answer : ARP

Explanation The Address Resolution Protocol (ARP) uses a known IP address to get the unknown MAC address of that same host.

Of routers, hubs, bridges, and switches, which use the Layer 3 address for data forwarding?

Options are :

  • Only routers. (Correct)
  • Only hubs.
  • Only bridges.
  • Only switches.
  • All four devices do that.
  • Routers and switches only.
  • Routers and bridges only.
  • Routers and hubs only.
  • Hubs, bridges, and switches, but not routers.

Answer : Only routers.

Explanation Only routers use L3 addresses. Hubs, switches, and bridges all use L2 addresses.

Which of the following are terms that describe the address type used by switches to forward frames?    Choose four.

Options are :

  • Burned-In Address (Correct)
  • Data Link Layer Address (Correct)
  • Physical Address (Correct)
  • Network Layer Address
  • Layer 2 Address (Correct)
  • Layer 3 Address
  • Layer 1 Address

Answer : Burned-In Address Data Link Layer Address Physical Address Layer 2 Address

Explanation That's right, there are four common names for this address: Layer 2 address, Data Link layer address, Burned-In Address (usually abbreviated "BIA), and Physical address. The last two names refer to the address being physically burned into the network card.

Congratulations!  You just replaced every bridge in your network with brand-new Cisco switches.   Which of the following statements describes your new network?   Choose three.

Options are :

  • Thanks to microsegmentation, you'll now have far fewer data collisions. (Correct)
  • In place of the Layer 2 devices you previously had, you now have...well, you still have Layer 2 devices. But they're much better Layer 2 devices! (Correct)
  • Without additional configuration on your new switches, you'll have about the same number of broadcast domains as you did previous to the swap. (Correct)
  • The one drawback here is that you'll have more data collisions in exchange for fewer broadcast domains.
  • You've swapped out Layer 2 devices for brand-new Layer 3 devices.
  • You will now have fewer data collisions while greatly reducing the scope of broadcasts in your network.

Answer : Thanks to microsegmentation, you'll now have far fewer data collisions. In place of the Layer 2 devices you previously had, you now have...well, you still have Layer 2 devices. But they're much better Layer 2 devices! Without additional configuration on your new switches, you'll have about the same number of broadcast domains as you did previous to the swap.

Explanation Switches are L2 devices, just as bridges are, but they bring huge benefits that bridges do not offer. Your switches offer microsegmentation, a fancy way of saying that each host connected directly to a switch is in its own little collision domain. The only slight drawback is that you have about the same number of broadcast domains you had before, since by default switches do nothing to limit the number of broadcasts. You could create VLANs to limit the scope of broadcasts, but that's a non-default configuration.

Which of the following is true of the command service password-encryption?   Choose three.

Options are :

  • It encrypts all passwords currently on the router as well as any added in the future. (Correct)
  • It uses a relatively weak MD5 encryption. (Correct)
  • It's a global command and takes effect immediately. (Correct)
  • It encrypts all current router passwords, but must be run again to encrypt any non-encrypted passwords added later.
  • It uses a very strong AES form of encryption.
  • This global command requires a router reload in order to take effect.

Answer : It encrypts all passwords currently on the router as well as any added in the future. It uses a relatively weak MD5 encryption. It's a global command and takes effect immediately.

Explanation The global command "service password-encryption" takes effect immediately and encrypts all non-encrypted passwords currently on the router as well as any you add later. It's not strong encryption -- actually, it's a weak MD5 -based form of encryption -- but it's better than nothing!

Which of the following describes the locations and order in which a Cisco router loads its IOS image?

Options are :

  • Flash, TFTP Server, ROM (Correct)
  • Flash, ROM, TFTP Server
  • ROM, RAM, Flash, TFTP Server
  • RAM, ROM, Flash, TFTP Server
  • TFTP Server, Flash, ROM, RAM
  • TFTP Server, Flash, RAM, ROM

Answer : Flash, TFTP Server, ROM

Explanation A Cisco router will first look to Flash for a valid IOS image. If none is found there, the router will check to see if a TFTP Server has been identified from which the image should be loaded. If there isn't one, a limited IOS is loaded from ROM.

When writing a static route, which of the following values are acceptable at the very end of the command?   Choose two.

Options are :

  • The next-hop IP address (Correct)
  • The local router's exit interface. (Correct)
  • The IP address of the local router's exit interface.
  • The name of the interface on the next-hop router to which packets should be sent.
  • The wildcard mask.
  • The words "ip route".
  • The destination network.

Answer : The next-hop IP address The local router's exit interface.

Explanation Static routes created with the ip route command end with either the local router's exit interface or the next-hop IP address. Never apply the IP address of an interface on the local router. The router actually won't let you do that, but the exam might, so watch it. : )

During the boot process, where does a Cisco router first look for its startup configuration file?

Options are :

  • NVRAM (Correct)
  • RAM
  • ROM
  • Flash
  • A statically defined TFTP server
  • The startup config is not loaded when the router boots.

Answer : NVRAM

Explanation When a router boots, it looks for its startup configuration file in NVRAM. If none is found there, the router checks to see whether it's been configured to look for that file on a TFTP server. If there is no file to be found in NVRAM or a TFTP server, the router will prompt you to enter the initial configuration dialog, generally referred to as Setup Mode.

You want to use the username / password database shown belowfor Telnet authorization.  Which of the following statements are true regarding that config?   Choose two.

username chris password bryant

line vty 0 4

login

Options are :

  • You'll need the "login local" command on the VTY lines. (Correct)
  • You'll need the "login" command on the VTY lines.
  • Successfully authorized users will be placed into user exec mode. (Correct)
  • Successfully authorized users will be placed into privileged exec mode.

Answer : You'll need the "login local" command on the VTY lines. Successfully authorized users will be placed into user exec mode.

Explanation To use a database such as this for Telnet authorizations, use the command "login local". (The command "local" will force the router to look for a single password on the VTY lines.) Since no user has been assigned privilege level 15 and the "privilege level 15" command isn't on the VTY lines, users who successfully authenticate will be placed in user exec mode.

Which of the following are correct identifications of the three RFC 1918 private address classes?  Choose three.

Options are :

  • 10.0.0.0 /8 (Correct)
  • 172.16.0.0 /12 (Correct)
  • 192.168.0.0 /16 (Correct)
  • 10.0.0.0 /16
  • 172.16.0.0 /16
  • 192.168.0.0 /24

Answer : 10.0.0.0 /8 172.16.0.0 /12 192.168.0.0 /16

Explanation Be ready to identify addresses in the private address ranges, which are 10.0.0.0 /8 (Class A), 172.16.0.0 /12 (Class B), and 192.168.0.0 /16 (Class C).

There are certain first octets in an IP address that let you know you can't assign that address to network hosts.   Identify them from the list below.   Choose five.  (FIVE??? Yeah, five!  : )   )

Options are :

  • 127 (Correct)
  • 224 (Correct)
  • 230 (Correct)
  • 240 (Correct)
  • 250 (Correct)
  • 10
  • 172
  • 200
  • 144

Answer : 127 224 230 240 250

Explanation You can't assign addresses to hosts if the first octet is 127 (reserved for loopbacks), 224 - 239 (reserved for multicasting), or 240-255 (reserved for future use / experimental address range)

Which term below best describes a route marked in the IP routing table with the code S*?

Options are :

  • default static route (Correct)
  • static route
  • floating static route
  • directly connected route
  • EIGRP summary

Answer : default static route

Explanation Watch this one! The letter S by itself indicates a static route, but S* indicates a default static route.

You're writing a floating static route.   Which of the following values will be different than that of a regular static route to the exact same destination?

Options are :

  • administrative distance (Correct)
  • local exit interface
  • next-hop IP address
  • The ip route command, which is not used to create a floating static route
  • wildcard mask

Answer : administrative distance

Explanation A floating static route looks like a regular static route, except for the new admin distance it's assigned. Floating static routes are static routes that will only enter the IP routing table if the primary route to that same destination leaves the table. Usually, you add 1 to the AD of the source of the primary route. For instance, if OSPF discovered the primary route, any AD higher than 110 assigned to a static route to the same destination will result in a floating static route.

Assuming all defaults, which of the following routing table codes is more trusted than any of the others in the list?

Options are :

  • C (Correct)
  • D
  • S
  • S*
  • D EX
  • O
  • R

Answer : C

Explanation The letter C indicates a directly Connected route. This route type has an AD of 0, making it the most trusted source for routing information.

Which of the following statements regarding administrative distance are true?   Choose three.

Options are :

  • AD is used as a tiebreaker when a route is discovered by a dynamic routing protocol such as OSPF and a similar static route is already on the router. For example, OSPF reporting a route to 200.1.1.0 /24 while a static route of 200.1.0.0 /16 is already present on the router.
  • AD is used as a tiebreaker when two or more routing information sources report different paths for the exact same destination, including the exact same masks. For example, when the route 200.1.1.0 /24 is reported by EIGRP and OSPF with different next-hop addresses. (Correct)
  • The default AD of all OSPF route types is 110. (Correct)
  • The default AD of all EIGRP route types is 90.
  • The default AD of all RIP route types is 120. (Correct)
  • The default AD of all static route types is 10.

Answer : AD is used as a tiebreaker when two or more routing information sources report different paths for the exact same destination, including the exact same masks. For example, when the route 200.1.1.0 /24 is reported by EIGRP and OSPF with different next-hop addresses. The default AD of all OSPF route types is 110. The default AD of all RIP route types is 120.

Explanation AD is the tiebreaker when the "longest match" mask comparison results in a tie. For that to happen, the destination and mask must be the same. All OSPF route types have a default AD of 110, and all RIP route types have an AD of 120 by default. EIGRP routes types actually have three different ADs -- internal (90), external (170), and summary (5).

Which of the following commands can be used to create a default static route?   Choose two.

Options are :

  • ip default-network (Correct)
  • ip route 0.0.0.0 0.0.0.0 172.16.2.1 (Correct)
  • ip default-route
  • ip route 255.255.255.255 255.255.255.255 172.16.2.1

Answer : ip default-network ip route 0.0.0.0 0.0.0.0 172.16.2.1

Explanation I know the ip route command with all zeroes for the destination and mask looks funny, but that is indeed one way to create a default route. The ip default-network command is the other.

What protocol is considered the manager of the PPP negotiation processes?

Options are :

  • TCP
  • LCP (Correct)
  • UDP
  • HDLC
  • CHAP
  • PAP

Answer : LCP

Explanation The Link Control Protocol (LCP) is considered the manager of the PPP negotiation processes. From MS Technet: "LCP negotiates link and PPP parameters to dynamically configure the data link layer of a PPP connection."

You're considering using VPNs in place of dedicated point-to-point links in your network's WANs.   Give three concrete reasons for doing so.

Options are :

  • A VPN solution is less expensive than dedicated point-to-point links. (Correct)
  • Traffic protected by IPSec over a VPN is more secure than traffic going over a dedicated point-to-point link. (Correct)
  • Cisco VPNs are a scalable solution. (Correct)
  • VPNs require no authentication input from the end user.
  • VPNs have less overhead than dedicated point-to-point links.
  • There may be bandwidth savings involved by using VPNs instead of dedicated point-to-point links.

Answer : A VPN solution is less expensive than dedicated point-to-point links. Traffic protected by IPSec over a VPN is more secure than traffic going over a dedicated point-to-point link. Cisco VPNs are a scalable solution.

Explanation Three huge benefits of using VPNs rather than ptp links: We don't have to pay for expensive ptp links, we have much better security over our VPNs, and VPNs are super-scalable.

Which of the following is commonly run over a VPN to provide data confidentiality, data integrity, and data authentication?

Options are :

  • IPSec (Correct)
  • GRE
  • DSL
  • LCP

Answer : IPSec

Explanation IPSec provides data confidentiality, data integrity, and data authentication -- all important when we're building VPNs!

Which of the following are true regarding IPv6?   Choose four.

Options are :

  • IPv6 doesn't use broadcasts. (Correct)
  • IPv6 offers autoconfiguration, allowing a host to acquire an interface address without being assigned one statically or by DHCPv6. (Correct)
  • Has greater capability for "plug and play" than does IPv4. (Correct)
  • IPv6 does not use anycasts.
  • An IPv6 address is 142 bits long.
  • IPv6 does not use multicasts.
  • An IPv6-enabled interface can have multiple IPv6 addresses in action simultaneously. (Correct)
  • No IPv6 interface can have more than one IPv6 address at a time, but it can have both an IPv6 and IPv4 address at one time.

Answer : IPv6 doesn't use broadcasts. IPv6 offers autoconfiguration, allowing a host to acquire an interface address without being assigned one statically or by DHCPv6. Has greater capability for "plug and play" than does IPv4. An IPv6-enabled interface can have multiple IPv6 addresses in action simultaneously.

Explanation IPv6 still uses multicasts and anycasts, but does not use broadcasts. IPv6 autoconfiguration allows an interface to create its own IPv6 address, without the requirement for static addressing or DHCPv6. In turn, that capability allows much-improved "plug and play" capabilities, which in IPv4 was often called "plug and pray". : ) A single interface can have multiple IPv6 addresses running at one time.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions