CCNA ICND1 Questions

You just applied the IP address 127.1.1.1 /24 to a Cisco router loopback interface.  What will be the result?

Options are :

  • The address will be applied normally, since this address is from the reserved Class E range of addresses.
  • The address will be successfully applied because the address is from the reserved Class D range of addresses.
  • The address application will be successful since the address is from the reserved multicast address range.
  • The address will be successfully applied since the address is from the reserved range of loopback addresses.
  • You'll get an error message telling you this is an invalid address. (Correct)

Answer : You'll get an error message telling you this is an invalid address.

Explanation This is an address from the loopback range 127.0.0.0 /8, but these are not addresses you can assign to Cisco loopback interfaces. This address is reserved for loopback addresses, as defined by RFC 3330: "A datagram sent by a higher level protocol address anywhere within this block should loop back inside the host." We usually use only 127.0.0.1 for our work, since pinging 127.0.0.1 checks whether a PC can ping itself, but the entire address block is actually reserved for such loopbacks.

On what subnet will you find the IP address 134.86.200.2 /21?

Options are :

  • 134.86.128.0 /21
  • 134.86.64.0 /21
  • 134.86.200.0 /21 (Correct)
  • 134.86.200.1 /21
  • 134.86.192.0 /21
  • 134.86.96.0 /21

Answer : 134.86.200.0 /21

Explanation To determine the subnet containing a given IP address, convert the address to binary until you reach the number of bits in the subnet mask, and convert the result back to decimal. The binary string here is 10000110 01010110 11001xxx xxxxxxxx, and the resulting subnet is 134.86.200.0 /21.

Which three of the following statements regarding IPv4 and IPv6 addressing are true?

Options are :

  • The IPv4 address scheme uses broadcast addresses, but IPv6 does not. (Correct)
  • IPv6 addresses have exactly twice as many bits per field as IPv4 addresses. (Correct)
  • IPv4 addresses are 32 bits in length; IPv6 addresses have 128 bits. (Correct)
  • Due to the nature of IPv6, there is no definitive way to tell exactly how long an address will be until it is calculated. In contrast, IPv4 addresses have 32 bits.
  • Both IPv4 and IPv6 addresses use hexadecimal.
  • IPv4 addresses are 24 bits in length; IPv6 addresses are 128 bits long.

Answer : The IPv4 address scheme uses broadcast addresses, but IPv6 does not. IPv6 addresses have exactly twice as many bits per field as IPv4 addresses. IPv4 addresses are 32 bits in length; IPv6 addresses have 128 bits.

Explanation IPv4 addresses are 32 bits long, while IPv6 addresses are 128 bits long. IPv6 has eight 16-bit fields; IPv4 has four 8-bit fields. IPv6 does not use broadcasts, but IPv4 does.

Which two of these statements regarding RFC 1918 addresses are true?

Options are :

  • These addresses are routable.
  • These addresses are not routable. (Correct)
  • These addresses were defined to fight the problem of IPv6 address depletion.
  • These addresses were defined to fight the problem of IPv4 address depletion. (Correct)

Answer : These addresses are not routable. These addresses were defined to fight the problem of IPv4 address depletion.

Explanation RFC 1918 private address ranges were developed to combat the little problem we had at the time - we were running out of IPv4 addresses! These non-routable addresses can be used on private networks all over the world.

Which of the following standard ACLs permits traffic from 10.1.1.0 / 24 and denies all other traffic?

Options are :

  • access-list 5 permit 10.1.1.0 255.255.255.0
  • access-list 105 deny any access-list 105 permit 10.1.1.0 0.0.0.255
  • access-list 5 permit 10.1.1.0 0.0.0.255 (Correct)
  • access-list 5 deny all access-list 5 permit 10.1.1.0 0.0.0.255
  • access-list 105 permit 10.1.1.0 0.0.0.255 access-list 105 deny any
  • access-list 105 permit 10.1.1.0 0.0.0.255

Answer : access-list 5 permit 10.1.1.0 0.0.0.255

Explanation The only standard ACL that permits that subnet and denies everything else is "access-list 5 permit 10.1.1.0 0.0.0.255". The other choices either have incorrect syntax or are numbered outside the acceptable standard ACL numeric range.

We're configuring our Cisco router to get the time from an external source, and we naturally want that to be the most accurate and powerful time server we can access. What's the highest stratum level our router can get its time from?

Options are :

  • 15
  • 8
  • 0
  • 1 (Correct)
  • 128
  • 255

Answer : 1

Explanation The highest NTP stratum is stratum-0. Those are typically atomic clocks, and as you'd think, they're extremely accurate. Thing is, a Cisco router can't get its time directly from a stratum-0 device. A Cisco router can get its time directly from a stratum-1 device, typically known as a "time server".

How many valid subnets exist on the 10.0.0.0 /14 network?

Options are :

  • This is an invalid subnet number.
  • 32
  • 64 (Correct)
  • 48
  • 100
  • 128
  • 62

Answer : 64

Explanation This is a class A network, so we know the network mask is /8. The subnet mask given is 14, so we have 6 subnet bits (14 - 8). 2 to the 6th power is 64. That's all there is to it!

How many valid hosts exist on the 10.1.1.0 /26 subnet?

Options are :

  • 128
  • 32
  • 30
  • 256
  • 16
  • 62 (Correct)
  • 254
  • 64

Answer : 62

Explanation When calculating the number of valid hosts, we need to first know the number of host bits. That's simple enough, just subtract the number of subnet bits from 32. 32 - 26 = 6, so we have six host bits. 2 to the 6th power = 64. Finally, always subtract 2 from the number of hosts, since we don't want to use the first and last addresses in this range. That gives us 62 valid host addresses.

You need to Telnet into a router at 2 AM to do a little maintenance.   You get the following message.  You get a funny feeling in the pit of your stomach.  Why?

R1# telnet 10.1.1.2

Trying 10.1.1.2 ... Open

"Password required, but none set"

[ Connection to 10.1.1.2 closed by foreign host ]

Options are :

  • You forgot to set an enable password or enable secret.
  • There is no console password.
  • The router is locally authenticating users and the username / password combo you entered at the prompt (not shown) didn't match an entry in that database.
  • The router is locally authenticating users and the username / password combination you entered (not shown) had a password that didn't match the one you entered for your particular username.
  • You forgot to put a password on the VTY lines. (Correct)

Answer : You forgot to put a password on the VTY lines.

Explanation For good reason, there is no default Telnet setup on our Cisco routers. You get this message when there is no password on the VTY lines.

Which two of the following IP addresses will you NOT find on the 12.1.0.0 /19 subnet?

Options are :

  • 12.1.1.200
  • 12.1.0.63
  • 12.1.255.255 (Correct)
  • 12.1.31.254
  • 12.1.127.255 (Correct)

Answer : 12.1.255.255 12.1.127.255

Explanation The first number in this range is the network number we're given, 12.1.0.0. The last number is determined by writing 12.1.0.0 in decimal AND setting all the host bits to 1. We have a lot of host bits in this one -- 13, in fact. The result there is 00001100 00000001 00011111 11111111, or 12.1.31.255. The range is 12.1.0.0 - 12.1.31.255; the two correct answers are out of that range.

How many valid host addresses do we have to work with when given the subnet 20.1.1.32 /28?

Options are :

  • 8
  • 20
  • 14 (Correct)
  • 16
  • 18
  • 6
  • 30

Answer : 14

Explanation With a subnet mask of /28, that leaves us 4 host bits. 2 to the 4th power is 16; subtract the two unusable addresses and you have 14!

The subnet mask represented by the binary string 11111111 11111111 11110000 00000000 can be expressed legally in what two other ways?

Options are :

  • /12
  • 0.0.15.255
  • /20 (Correct)
  • 255.255.240.0 (Correct)

Answer : /20 255.255.240.0

Explanation Subnet masks can be expressed in dotted decimal format (like an IPv4 address) and by prefix notation. That string converts to the dotted decimal value 255.240.0.0; in prefix notation, just put the number of consecutive ones behind a slash, and that's /20.

Identify the default ports used by HTTP and HTTPS.   Choose two.

Options are :

  • 81
  • 22
  • 442
  • 80 (Correct)
  • 23
  • 443 (Correct)
  • 24

Answer : 80 443

Explanation HTTP uses port 80, HTTPS uses port 443 by default.

The OSPF hello interval timer on a Fast Ethernet interface has been changed to 30 seconds.   Which two of the following interface-level commands will successfully reset it to the default?   Choose two.

Options are :

  • reset ospf default
  • ip ospf hello 10 (Correct)
  • reset ospf all timer
  • ip ospf hello 40
  • ip ospf hello 60
  • no ip ospf hello 30 (Correct)

Answer : ip ospf hello 10 no ip ospf hello 30

Explanation You could remove the command with "no ip ospf hello 30", which would set the interface back to its default of 10 seconds; you could also hard-code the interface to 10 seconds with "ip ospf hello 10".

How is the term stratum commonly used in today's networks?

Options are :

  • By LLDP, referring to the logical distance between the two endpoints.
  • By CDP, referring to the logical distance between directly connected Cisco devices.
  • By NTP; it refers to the distance the local user is from the authoritative time source. (Correct)
  • By TACACS+, in reference to the time it takes to authenticate a source.
  • By STP; it refers to the combination of port priority and interface number.

Answer : By NTP; it refers to the distance the local user is from the authoritative time source.

Explanation The NTP stratum is the logical distance between the device you're on and its authoritative time server.

Choose the two that best describe the most powerful privilege level you can apply to a console port.

Options are :

  • Level 1
  • The higher the privilege level, the more powerful the user who is assigned that level. (Correct)
  • Level 15 (Correct)
  • Level 16
  • The lower the privilege level, the more powerful the user who is assigned that level.
  • Level 0

Answer : The higher the privilege level, the more powerful the user who is assigned that level. Level 15

Explanation The higher the privilege level, the more powerful the privileged person! The top level is level 15.

Which statement best describes the VLAN membership of an access port?   Do not assume defaults.

Options are :

  • It belongs to all VLANs.
  • By default, an access port belongs to no VLAN until you manually assign one.
  • It belongs to one and one VLAN only. This is a configurable value. (Correct)
  • It belongs to VLAN 1 and VLAN 1 only.

Answer : It belongs to one and one VLAN only. This is a configurable value.

Explanation An access port belongs to one and only one VLAN. That VLAN is VLAN 1 by default, but we can and often do change that value.

Which three of the following are true regarding fundamental switch operation?

Options are :

  • An "unknown unicast" is a frame destined for one particular address, but there is no entry for that destination in the receiving switch's MAC address table. (Correct)
  • Broadcast frames are flooded out every port on the receiving switch.
  • When a Cisco switch is first powered on and not yet connected to any devices, its MAC address table is empty.
  • Switches use the destination address of incoming frames to build their MAC address tables.
  • Switches use the source address of incoming frames to build their MAC address tables. (Correct)
  • Frames destined for ff-ff-ff-ff-ff-ff are sent out every port on the switch except the receiving port. (Correct)

Answer : An "unknown unicast" is a frame destined for one particular address, but there is no entry for that destination in the receiving switch's MAC address table. Switches use the source address of incoming frames to build their MAC address tables. Frames destined for ff-ff-ff-ff-ff-ff are sent out every port on the switch except the receiving port.

Explanation The tricky one here refers to the MAC address table contents; when a switch is first powered on, it does have static entries in its MAC address table for the CPU. The table is then built dynamically by examining the source MAC address of incoming frames, and our friend the broadcast frame is never forwarded back out the same port it came in on.

In which VTP modes can a Cisco switch create a VLAN?

Options are :

  • Server, transparent, and client.
  • Client and transparent only.
  • Server and client only.
  • Server only.
  • Transparent only.
  • Server and transparent only. (Correct)

Answer : Server and transparent only.

Explanation To create a VLAN, our switch must be in VTP Server or Transparent mode. A switch in Client mode cannot create a VLAN.

IPv4 uses ARP and broadcasts.  How does IPv6 handle these two features?   (Choose two.)

Options are :

  • IPv6 has no need for neighbor discovery.
  • IPv6 uses ARP in the same fashion that IPv4 does.
  • IPv6 does not use broadcasts. (Correct)
  • IPv6 doesn't use ARP; rather, it uses the Neighbor Discovery process. (Correct)
  • IPv6 uses broadcasts in much the same fashion IPv4 does.
  • IPv6 uses broadcasts much more efficiently than IPv4 does (only for neighbor discovery)

Answer : IPv6 does not use broadcasts. IPv6 doesn't use ARP; rather, it uses the Neighbor Discovery process.

Explanation IPv6 doesn't use broadcasts at all. It doesn't use ARP either, but uses a similar function known as Neighbor Discovery.

Which of the following best describes the term defined here by Wikipedia?   Choose two.

"a network addressing and routing method in which datagrams from a single sender are routed to any one of several destination nodes, selected on the basis of which is the nearest, lowest cost, healthiest, with the least congested route, or some other distance measure."

Options are :

  • Anycast (Correct)
  • Broadcast
  • Multicast
  • Unicast
  • This feature is found in IPv6 but not IPv4.
  • This feature is found in IPv4 but not IPv6.
  • This feature is found in both IPv4 and IPv6. (Correct)

Answer : Anycast This feature is found in both IPv4 and IPv6.

Explanation That snippet describes an anycast, and while you're hear more about them in your IPv6 studies than you ever will in your IPv4 studies, anycasts are found in both IPv4 and IPv6.

You're using a Cisco router as a DHCP server.   Which of the following best describes the overall IP address acquisition process when a router is used in that role instead of a traditional server?

Options are :

  • The process is really the same; hosts lease addresses for a configurable length of time, and the hosts contact the router to renew the lease before the lease expires. (Correct)
  • Using a Cisco router as a DHCP server means the router can no longer act as a traditional router, since all resources will be needed to handle the DHCP workload.
  • The process is somewhat the same with the exception of the lease; the lease length is fixed at 30 days.
  • Using a Cisco router as the DHCP server means that addresses cannot be renewed. Once the lease ends, the host must acquire a different address.

Answer : The process is really the same; hosts lease addresses for a configurable length of time, and the hosts contact the router to renew the lease before the lease expires.

Explanation Whether you're using a regular server or a Cisco router as a DHCP server, the process is really the same: the host requests an address, the server gives the host an address which is valid for a certain period of time (the lease), and the host can renew the lease before it actually expires.

A packet enters a router interface.  The destination IP address for that packet doesn't match any specific entry in the IP routing table.  What happens to that packet?

Options are :

  • If there's a default route, the packet will be forwarded using that route. If there is no default route, the packet is dropped. (Correct)
  • The packet is flooded out every interface on that router except the one it came in on.
  • The packet is dropped regardless of whether there is a default route or not.
  • The packet is flooded out all interfaces on the router, including the one it came in on.

Answer : If there's a default route, the packet will be forwarded using that route. If there is no default route, the packet is dropped.

Explanation If there's a default route, that packet is forwarded using that route. That's what a default route is for! Packets with unknown L3 destination addresses are never flooded; that's for L2 frames.

Which two of the following describe a network topology where all traffic must travel through a central device?

Options are :

  • Star (Correct)
  • Broadcast
  • Hub-and-spoke (Correct)
  • Point-to-point
  • Token Ring
  • Ethernet

Answer : Star Hub-and-spoke

Explanation Spoke-to-spoke traffic in hub-and-spoke networks must go through the hub; in star networks (much the same topology, really) , traffic from one point of the star to another must go through the central device in the star.

Identify the false statements.  Choose two.

Options are :

  • The AD of a RIP route is 120, regardless of source.
  • If the enable secret and enable password are set, the enable secret takes precedence.
  • The VTP domain names "ccent" and "CCENT" are the same. (Correct)
  • The extended ACL ranges are 100 - 199 and 2000 - 2699.
  • Running "service password-encryption" will encrypt the enable password and console line password (among others), and running "no service password-encryption" will decrypt them. (Correct)
  • You should erase the VTP information of a production switch before putting it into your network.

Answer : The VTP domain names "ccent" and "CCENT" are the same. Running "service password-encryption" will encrypt the enable password and console line password (among others), and running "no service password-encryption" will decrypt them.

Explanation The first false statement is the one regarding the VTP domains. That domain is case-sensitive, so "ccent" and "CCENT" are two different VTP domains. Watch that when troubleshooting a VTP deployment -- it happens more often than you'd think! As for "service password-encryption", it will encrypt the passwords mentioned, but running "no service password encryption" does not de-encrypt them.

In which of these situations should you be particularly careful about using an access list with a permit any line?

Options are :

  • Inbound traffic on an Ethernet-based interface
  • Using it as part of an OSPF deployment
  • Using it as part of an EIGRP deployment
  • Inbound traffic on a loopback interface
  • Outbound traffic on a Serial interface
  • Using it as part of a NAT deployment (Correct)

Answer : Using it as part of a NAT deployment

Explanation Be VERY careful about using "permit any" in a NAT deployment; if you have too many translations going on, you can hammer router resources to the point where the router can't even route!

Which three of the following statements are false of EIGRP?

Options are :

  • An EIGRP route marked with an "EX" in the routing table has an AD of 170.
  • An EIGRP route is indicated in the routing table with the code "D".
  • An EIGRP route learned via the "network" command has an AD of 90.
  • EIGRP is considered to be a distance vector protocol. (Correct)
  • An EIGRP route is indicated in the IP routing table with the code "E". (Correct)
  • An EIGRP route can have more than one administrative distance at a single time. (Correct)

Answer : EIGRP is considered to be a distance vector protocol. An EIGRP route is indicated in the IP routing table with the code "E". An EIGRP route can have more than one administrative distance at a single time.

Explanation EIGRP routes can have an AD of 90 or 170 by default, but it can't have more than one AD at a time. EIGRP routes are marked with "D" in the IP routing table, and finally, EIGRP is considered a "hybrid", having characteristics of both distance-vector and link-state protocols.

Which one of these statements is incorrect?

Options are :

  • To protect privileged mode, you can use either the enable password or enable secret features. The enable secret is encrypted by default and takes precedence over the enable password (if both are set, which is not required).
  • The "service password-encryption" command will encrypt every password in your config.
  • To protect access to the console line, just enter a password on the console line itself.
  • To apply an ACL to a physical interface, use the "access-class" command. (Correct)
  • The VTY line password is used to protect connections made remotely by either Telnet or SSH.

Answer : To apply an ACL to a physical interface, use the "access-class" command.

Explanation Use "access-group" to apply an ACL to a physical interface; "access-class" is used to apply an ACL to VTY lines.

Which of the following will NOT cause an OSPF adjacency to fail?

Options are :

  • Process ID mismatch (Correct)
  • Hello or dead timer interval mismatch
  • L2 problem (encapsulation mismatch, for example)
  • Area ID mismatch

Answer : Process ID mismatch

Explanation The process ID (the number in the "router ospf" command) is locally significant only and does not have to match with a potential neighbor. An L2 problem can indeed bring OSPF down; remember, L2 is the foundation for everything we do at L3. If L2 isn't working correctly, L3 isn't either!

An end user at your company has filled out a trouble ticket.  The user says he can't reach servers outside the network.  No one else is reporting a similar issue.  What should you check first?

Options are :

  • Layer 1 (for example, making sure the cabling is correct and the host is on) (Correct)
  • Go to each URL with your phone and make sure every site that user wants to reach is up.
  • Layer 3 (making sure the host has the proper IP address and mask)
  • Layer 2 (ensuring the network card is operational, PPP config is correct)

Answer : Layer 1 (for example, making sure the cabling is correct and the host is on)

Explanation Use the OSI model for troubleshooting! Start with L1, making sure the cables are connected and the host is on (stop laughing, that is the problem sometimes!). Then go up to L2 and then on to L3 if necessary. If no one else is reporting an issue, it's unlikely the destinations are the problem.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions