CCNA ICND1 Practice

Identify the true statements regarding anycasts.  Choose two.

Options are :

  • Both IPv4 and IPv6 use anycast addressing. (Correct)
  • Anycast addressing is an IPv6 feature that does not function in IPv4.
  • Anycasts are sent to a single identifier that actually belongs to several nodes, and is accepted by the node closest to the sender. (Correct)
  • Anycasts replaced IPv4's multicasting.

Answer : Both IPv4 and IPv6 use anycast addressing. Anycasts are sent to a single identifier that actually belongs to several nodes, and is accepted by the node closest to the sender.

Explanation Although you don't hear much about them in your CCNA studies, both IPv4 and IPv6 use anycasts. From RFC 2526 defining IPv6 subcast anycast addresses: "The IP Version 6 addressing architecture defines an "anycast" address as an IPv6 address that is assigned to one or more network interfaces (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface having that address."

Identify the four true statements regarding IPv6 addresses.

Options are :

  • The IPv6 loopback address is ::1, which can also be expressed as 0:0:0:0:0:0:0:1. (Correct)
  • There are 16 bits in each of the eight fields of an IPv6 address. (Correct)
  • The global unicast address space is 2000://3. (Correct)
  • The multicast address space is FF00::/8. (Correct)
  • The loopback range for IPv6 is 127.0.0.0 /8.
  • There are eight bits in each of the eight fields of an IPv6 address.
  • The global unicast address space is FF00::/8.
  • The multicast address space is 2000::/3.

Answer : The IPv6 loopback address is ::1, which can also be expressed as 0:0:0:0:0:0:0:1. There are 16 bits in each of the eight fields of an IPv6 address. The global unicast address space is 2000://3. The multicast address space is FF00::/8.

Explanation The IPv6 loopback is ::1, which can also be expressed as 0:0:0:0:0:0:0:1. IPv6 addresses are 128 bits long, with each of the eight fields having 16 bits. The global unicast space is 2000://3, and the multicast space is FF08::/8.

Which of the following statements are true regarding the creation of an EUI-64 interface ID?  Choose three.

Options are :

  • The interface's MAC address. (Correct)
  • The value 0xFFFE (Correct)
  • The interface's IPv4 address. (If none is assigned, 10.1.1.1 is used.)
  • The local anycast address
  • The interface's multicast address
  • The value 0x0000
  • A bit inversion (Correct)

Answer : The interface's MAC address. The value 0xFFFE A bit inversion

Explanation The EUI-64 interface identifier is arrived at by putting the value FFFE (or "0xFFEE, to be technical) directly in the middle of the MAC address and then inverting the 7th bit.

An IPv6 router just sent a packet to FF02::2.  Which of the following is true regarding this transmission?  Choose two.

Options are :

  • This is a multicast. (Correct)
  • The destination can be best defined as "all nodes on the local network segment."
  • This is an anycast.
  • This is a unicast destined for the node closest to the sending node.
  • The destination is best defined as "all routers on the local network segment". (Correct)

Answer : This is a multicast. The destination is best defined as "all routers on the local network segment".

Explanation This is a multicast destined for all routers on the local network segment.

A Cisco router just sent an IPv6 traffic stream to FF02::2.  Which of the following is true regarding this transmission?    Choose three.

Options are :

  • This is a multicast stream. (Correct)
  • This is an anycast stream.
  • This is a unicast stream, destined for the closest host.
  • The destination is defined as "every router on the local network segment". (Correct)
  • The destination is defined as "every node on the local network segment".
  • The destination is defined as "every router on the network, both local and remote network segments.
  • The destination is defined as "every host in the network, both on local and remote network segments".
  • This could be a Router Solicitation (RS) message. (Correct)
  • This coule be a Router Determination (RD) message.

Answer : This is a multicast stream. The destination is defined as "every router on the local network segment". This could be a Router Solicitation (RS) message.

Explanation The multicast address FF02::2 is reserved for all routers on the local network segment. Router Solicitation messages are sent to this address.

Which of the following commands is absolutely, positively required for a Cisco router to route IPv6 traffic?

Options are :

  • ipv6 unicast-routing (Correct)
  • ipv6 enable
  • ipv6 run
  • ipv6 routing on

Answer : ipv6 unicast-routing

Explanation If you get a message that IPv6 is not enabled on the local router, just run ipv6 unicast-routing and that'll take care of it!

The IPv6 prefix Fe80::/10 is reserved for what kind of addresses?

Options are :

  • Link-local (Correct)
  • Site-local
  • Globally assigned addressing
  • Autoconfiguration

Answer : Link-local

Explanation The Ipv6 prefix Fe80::/10 is reserved for link-local addressing. (Site-local addresses have been deprecated by the IEEE, so they won't show up on your exam. I just wanted you to know they did exist once, but no longer.)

The process of creating an EUI-64 interface identifier involves a bit conversion.  Which bit is converted, and is this conversion performed before FFEE is inserted into the MAC address, or after?

Options are :

  • 7th bit, after (Correct)
  • 6th bit, after
  • 5th bit, after
  • 4th bit, after
  • 7th bit, before
  • 6th bit, before
  • 5th bit, before
  • 4th bit, before

Answer : 7th bit, after

Explanation After FFEE is inserted into the middle of the MAC address as part of the interface identifier creation process, the 7th bit of the result is converted. ("conversion" = "if it's a zero ,make it a one; if it's a one, make it a zero"

Identify the 4 main messages of the DHCPv6 address acquisition process.

Options are :

  • Solicit (Correct)
  • Advertise (Correct)
  • Request (Correct)
  • Reply (Correct)
  • Discovery
  • Offer
  • Acknowledgement
  • NDP
  • RDP

Answer : Solicit Advertise Request Reply

Explanation The DHCPv6 messages, in order: Solicit, Advertise, Request, Reply. (The DHCPv4 messages: Discovery, Offer, Request, Ack)

Which of the following allow a host to assign itself a unique IPv6 address?   Choose two.

Options are :

  • Stateless DHCP (Correct)
  • Autoconfiguration (Correct)
  • Stateful DHCP
  • Dynamic Address Acquisition (DAA)

Answer : Stateless DHCP Autoconfiguration

Explanation Stateless DHCP, also known as autoconfiguration, allows a router to assign itself a unique IPv6 address.

A host has just assigned itself an IPv6 address.   The host now needs to be sure that self-assigned address is unique.   Identify the three  true statements regarding this process.

Options are :

  • This process is performed by DAD, the Duplicate Address Detection feature. (Correct)
  • This process is automatically performed by stateful DHCP.
  • The host that assigned itself the address sends a Neighbor Solicitation message. The source of that NS is unknown, and the destination is the self-assigned address. (Correct)
  • The host that assigned itself the address sends a Neighbor Solicitation message. The source of the NS is the self-assigned address, and the destination is a broadcast message so as many hosts as possible can receive it.
  • If the host sending the NS receives an NA in reply, that means another host is already using that address, and the address cannot be used again. (Correct)
  • If the host sending the NS receives an NA in reply, the address is removed from the host that sent the NA, and the host sending the NS can indeed use the address.

Answer : This process is performed by DAD, the Duplicate Address Detection feature. The host that assigned itself the address sends a Neighbor Solicitation message. The source of that NS is unknown, and the destination is the self-assigned address. If the host sending the NS receives an NA in reply, that means another host is already using that address, and the address cannot be used again.

Explanation The DAD process is used here. The host assigning itself the address sends an NS with no source address and a destination address set to the self-assigned address. If that host hears an NA in response, the address is already in use and can't be used again. If the host hears nothing in response to the NS it sends, that means no one else is using that address and it is indeed unique and ready for use.

What command defines a default static route in IPv6 and uses Fast Ethernet 0/0 as the exit interface?

Options are :

  • R3(config)# ipv6 route ::/0 fast 0/0 (Correct)
  • R3(config)# Fast 0/0 route ::/0
  • R3(config)# ipv6 route ::/128 fast 0/0
  • R3(config)# Fast 0/0 route ::/128

Answer : R3(config)# ipv6 route ::/0 fast 0/0

Explanation For an IPv6 static route, use the ip route command followed by the route ::/0 and then the local exit interface. In the IPv6 routing table, you'll see the route expressed like this: S ::/0 [1/0]

The logging command allows you to send syslog messages to which of the following?  Choose one.

Options are :

  • The buffer in RAM
  • The console
  • A syslog server (by entering the IP address of the server)
  • All three of these locations are correct. (Correct)

Answer : All three of these locations are correct.

Explanation The "logging" command allows you to send syslog messages to a dedicated syslog server, the buffer (stored in RAM), and the console.

You want to enable Telnet access to a Cisco router.  You've written an ACL identifying the source IP addresses of users who should be able to connect.  All users who connect should use the password BULLDOG, and they should not be prompted for an individual username or password.    What two commands will wrap up this config?

Options are :

  • The ACL should be applied to the VTY lines with the access-class command. (Correct)
  • Apply the ACL to the console port with the console-class command.
  • Apply the ACL to the VTY lines with the ip access-group command.
  • Apply the ACL to the console port with the access-class command.
  • Apply the "login" and "password bulldog" commands to the appropriate lines or port. (Correct)
  • Apply the "login local" and "password bulldog" commands to the appropriate lines or port.

Answer : The ACL should be applied to the VTY lines with the access-class command. Apply the "login" and "password bulldog" commands to the appropriate lines or port.

Explanation To finish this successful config, apply the ACL to the VTY lines with "access-class" and then apply the "login" and "password bulldog" commands. ( "Login local" configures the router to prompt the user for an individually-assigned username and password; this option does not allow a single password to be set for Telnet connections.

Identify the true statements regarding static NAT.   Choose three.

Options are :

  • Allows bidirectional initialization of commands, which is a fancy way of saying hosts inside our network can start a conversation with hosts outside our network, and hosts outside our network can start conversations with hosts inside our network. (Correct)
  • Allows hosts inside our network to start conversations with outside hosts, but outside hosts cannot start conversations with inside hosts.
  • Creates a one-to-one static mapping that will never age out of the NAT translation table. (Correct)
  • Creates a static pool of NAT addresses that are assigned on an as-needed basis to hosts that match the ACL written for our static NAT pool.
  • Static NAT requires both the "ip nat inside" and "ip nat outside" commands. (Correct)
  • With static NAT, the inside and outside interfaces need not be identified with "ip nat inside" and "ip nat outside".

Answer : Allows bidirectional initialization of commands, which is a fancy way of saying hosts inside our network can start a conversation with hosts outside our network, and hosts outside our network can start conversations with hosts inside our network. Creates a one-to-one static mapping that will never age out of the NAT translation table. Static NAT requires both the "ip nat inside" and "ip nat outside" commands.

Explanation Two "always true" statements about NAT -- you always need "ip nat inside" and "ip nat outside" on the appropriate interfaces, and both static and dynamic NAT allow inside and outside hosts to initiate conversations. Static NAT mappings are one-to-one mappings that do not age out of the NAT translation table.

Identify the FALSE statements regarding NAT.   Choose two.

Options are :

  • Adding the single word "overload" to a NAT configuration (in the right place, of course) enables Port Address Translation, allowing multiple inside hosts to use a single routable IP address for NAT.
  • NAT enhances network security, since the IP addresses on inside hosts is never revealed to hosts outside the network.
  • The three major forms of NAT -- static, dynamic, and PAT -- all require inside and outside interfaces to be identified with "ip nat inside" and "ip nat outside".
  • NAT does not allow hosts outside the network to initiate conversations with hosts inside the network, but does allow those outside hosts to respond to conversations begun by inside hosts. (Correct)
  • Outside hosts see both the original and NAT-assigned IP addresses of inside hosts. (Correct)

Answer : NAT does not allow hosts outside the network to initiate conversations with hosts inside the network, but does allow those outside hosts to respond to conversations begun by inside hosts. Outside hosts see both the original and NAT-assigned IP addresses of inside hosts.

Explanation Outside hosts can indeed initiate conversations with inside hosts. (Some firewalls will not allow this, but NAT will.) Those same outside hosts see only the NAT-assigned IP addresses of inside hosts. They never see the inside hosts' original IP addresses.

What four messages are involved in the DHCPv4 address acquisition process?

Options are :

  • Discovery (Correct)
  • Offer (Correct)
  • Request (Correct)
  • Acknowledgment (Correct)
  • Solicit
  • Advertise
  • Reply

Answer : Discovery Offer Request Acknowledgment

Explanation If you see "DHCP" without a version number, we're dealing with DHCP for IPv4 ("DHCPv4"). The four message types are Discovery, Offer, Request, Acknowledgment.

You're creating a DHCP pool and will be using the 10.1.1.0 /24 subnet.  Which two of the following addresses should you not assign to the pool?

Options are :

  • 10.1.1.0 (Correct)
  • 10.1.1.1
  • 10.1.1.255 (Correct)
  • 10.1.1.254
  • 10.1.1.3
  • 10.1.1.244

Answer : 10.1.1.0 10.1.1.255

Explanation When creating a DHCP pool, never include the first and last addresses available on the subnet. The first address is the subnet address itself, and the last is the broadcast address for that subnet. Here, those addresses are 10.1.1.1 and 10.1.1.255.

Identify the true statements regarding the use of address pools with DHCP.

Options are :

  • Addresses are assigned from the pool to requesting hosts on a temporary basis, called a "lease". (Correct)
  • Addresses are assigned as requested from the pool on a permanent basis.
  • A pool of addresses using the 100.1.1.0 /24 range should not offer the 100.1.1.1 and 100.1.1.255 addresses. These addresses can be excluded with the "ip dhcp excluded-address" command. (Correct)
  • Hosts must wait until their address assignment actually expires before it can request a renewal on that lease.
  • Hosts can actively ask for a renewal of their address assignment before the assignment expires. (Correct)
  • DHCP runs a duplicate address check using a combination of ping and Gratuitous ARP. If an address assigned from the pool is determined to be a duplicate of an address already active in the network, that address is removed from the pool. (Correct)

Answer : Addresses are assigned from the pool to requesting hosts on a temporary basis, called a "lease". A pool of addresses using the 100.1.1.0 /24 range should not offer the 100.1.1.1 and 100.1.1.255 addresses. These addresses can be excluded with the "ip dhcp excluded-address" command. Hosts can actively ask for a renewal of their address assignment before the assignment expires. DHCP runs a duplicate address check using a combination of ping and Gratuitous ARP. If an address assigned from the pool is determined to be a duplicate of an address already active in the network, that address is removed from the pool.

Explanation Hosts can ask for a lease renewal before the lease actually expires; don't include the first and last addresses in a subnet in the DHCP pool; DHCP duplicate address detection will remove an address from the pool if it's determined that same address is already in use.

Identify the three true statements regarding the Internet Control Message Protocol, pings, and traceroutes.

Options are :

  • Both ping and traceroute use ICMP. (Correct)
  • ICMP packets are fully encapsulated inside IP packets. (Correct)
  • Pings use ICMP, but not traceroute.
  • Traceroute uses ICMP, but not ping.
  • To carry out pings and / or traceroutes, IP packets are encapsulated by ICMP packets.
  • Both pings and traceroutes can be terminated with two CTRL-SHIFT-6s, one right after the other. (Correct)
  • Once issued, neither pings nor traceroutes can be cancelled; they must be allowed to time out naturally.

Answer : Both ping and traceroute use ICMP. ICMP packets are fully encapsulated inside IP packets. Both pings and traceroutes can be terminated with two CTRL-SHIFT-6s, one right after the other.

Explanation Both ping and traceroute use ICMP, and as part of each process, the ICMP packet is encapsulated by the IP packet. To terminate a ping or traceroute, use CTRL-SHIFT-6 twice. It's a little tricky at first but it'll be second nature in no time at all.

Which two of the following are considered connection-oriented rather than connectionless?

Options are :

  • FTP (Correct)
  • TCP (Correct)
  • TFTP
  • UDP

Answer : FTP TCP

Explanation Both TCP and the File Transfer Protocol (FTP) are connection-oriented; that is, there is an underlying connection (or "control connection") established between the hosts before data is exchanged. Telnet is also considered a connection-oriented protocol.

A new admin just made some changes to a Cisco router config, and you'd really like to see the changes he made.  The changes have not yet been saved.   Which of the following commands should you run?

Options are :

  • show running-config (Correct)
  • show startup-config
  • show version
  • show dir
  • show config change unsaved

Answer : show running-config

Explanation Nothing to it, just run show running-config (or just "show run") and you can see what's been changed.

Which two of the following is true regarding L2 switches?

Options are :

  • You can configure an IP address on a L2 switch, but you can't configure a routing protocol on one. (Correct)
  • Typically, a switch will have an IP address assigned to its management interface in order to allow remote management via Telnet. (Correct)
  • IP addresses cannot be configured on L2 switches.
  • To enable an L2 switch to route, enter the global command "ip routing".

Answer : You can configure an IP address on a L2 switch, but you can't configure a routing protocol on one. Typically, a switch will have an IP address assigned to its management interface in order to allow remote management via Telnet.

Explanation You can't run a routing protocol on an L2 switch, but you can assign an IP address to a management interface. Usually, that's the VLAN 1 interface, and that allows you to remotely connect to and manage the switch.

Migrating from a IPv4 network to an IPv6 network isn't easy, nor is it something that happens overnight.  Which three of the following describe v4-to-v6 migration strategies?

Options are :

  • IPv4 tunnels and IPv6 islands (Correct)
  • A version of NAT called "NAT Port Translation"
  • Dual-stack routing (Correct)
  • PAT
  • IPv6 tunnels and IPv4 islands
  • A version of NAT called "NAT Protocol Translation" (Correct)

Answer : IPv4 tunnels and IPv6 islands Dual-stack routing A version of NAT called "NAT Protocol Translation"

Which three of the following statements regarding an IPv6 address expressions?

Options are :

  • Zero compression can only be used once per address. (Correct)
  • Leading zero compression can only be used once per address.
  • Zero compression can be used multiple times in a single address.
  • Leading zero compression can be used multiple times in a single address. (Correct)
  • Leading zero compression is expressed with a set of colons.
  • Zero compression is expressed with a set of colons. (Correct)

Answer : Zero compression can only be used once per address. Leading zero compression can be used multiple times in a single address. Zero compression is expressed with a set of colons.

Explanation Zero compression can be used only once per address and it's expressed with two colons. You can use leading zero compression as often as it's legal.

Regarding RIP v1 and v2, which three of the following statements are true?

Options are :

  • They both send routing updates to 255.255.255.255.
  • They both support routing protocol update authentication.
  • They are both classless protocols.
  • They have the same AD (120). (Correct)
  • They are both distance vector protocols. (Correct)
  • They both have the same maximum hop count (15 is the highest legal count, 16 indicates an unreachable route). (Correct)

Answer : They have the same AD (120). They are both distance vector protocols. They both have the same maximum hop count (15 is the highest legal count, 16 indicates an unreachable route).

Explanation Regarding the incorrect statements: RIPv1 broadcasts updates, RIPv2 multicasts them to 224.0.0.9. Only RIPv2 supports update authentication, and only RIPv2 is considered classless since RIPv2 sends the subnet mask along in its routing table updates. RIPv1 does not support subnet masking, so it can't send those masks in updates, and is therefore considered classful.

Which of the following protocols or services allows an internal host with a non-routable address to have that address translated to a routable address in order to communicate with external devices?

Options are :

  • ARP
  • NAT (Correct)
  • DNS
  • DHCP
  • Static Routing

Answer : NAT

Explanation NAT, the Network Address Translation protocol, is all about translating a private non-routable IP address (often used by internal hosts) to a public address that can be routed.

What protocol translates a known hostname to an IP address?

Options are :

  • DNS (Correct)
  • DHCP
  • ARP
  • NAT
  • CDP
  • FTP

Answer : DNS

Explanation DNS, the Domain Name Server protocol, resolves hostnames to IP addresses.

The output of show interface serial 0/1/0 reveals the following line.  The interface is running PPP.  Identify the two true statements regarding troubleshooting this situation.

"Serial 0/1/0 is up, line protocol is down"

Options are :

  • Physically, the interface is fine; there's a logical problem, likely a protocol mismatch (HDLC on one end, PPP on the other) or a PPP authentication issue. (Correct)
  • The issue is likely at Layer 2. (Correct)
  • The problem is likely at Layer 1.
  • There is a physical problem with the interface.
  • The issue is most likely at Layer 3.
  • There is a routing issue with the interface.

Answer : Physically, the interface is fine; there's a logical problem, likely a protocol mismatch (HDLC on one end, PPP on the other) or a PPP authentication issue. The issue is likely at Layer 2.

Explanation We usually start troubleshooting at the physical layer, but here, the first part of that output tells us everything is fine physically. If the output said Serial 0/1/0 was down or administratively down, we'd know there is a physical issue. When you see the physical state is fine but the line protocol is down, you're dealing with a logical issue at Layer 2. In this case, I'd make sure the interface on the other side of the link is running PPP instead of the default HDLC.

If an internal user can't successfully reach websites but can operate normally otherwise with internal devices and hosts, connectivity with what device is the first thing you should check?  (Assume everyone else in the internal network can reach websites successfully.)

Options are :

  • DHCP Server
  • DNS Server (Correct)
  • ARP Server
  • HTTP Server

Answer : DNS Server

Explanation If you have one poor user who can't reach websites, but everyone else in the network can, that user likely doesn't have communications established with a DNS server, since DNS is the protocol that resolves hostnames to IP addresses.

Which two of the following statements regarding "Router on a Stick" are true?

Options are :

  • The switch will have subinterfaces, and those subinterfaces are assigned to the two involved VLANs.
  • The router will have subinterfaces, and those subinterfaces are assigned to the two involved VLANs. (Correct)
  • This technique is often used to allow communication between VLANs when the switch those VLANs are on is a Layer 2 switch. (Correct)
  • This technique is often used to allow communication between VLANs when the switch connected to the hosts is a Layer 3 switch.

Answer : The router will have subinterfaces, and those subinterfaces are assigned to the two involved VLANs. This technique is often used to allow communication between VLANs when the switch those VLANs are on is a Layer 2 switch.

Explanation For inter-VLAN communication, we need to get Layer 3 in there somewhere, since different subnets are most likely involved. If your switch is a Layer 2 switch, you can configure ROAS to get L3 involved. ROAS configs involve configuring subinterfaces on the router, not the switch.

Which two statements are true regarding port security?

Options are :

  • The default mode cannot be changed.
  • The default mode is restrict, which shuts the port down for 10 minutes, after which it is automatically reset.
  • The default mode is restrict, which puts the port into err-disabled state, and it must be manually reset.
  • The default mode is shutdown, which puts the port into err-disabled state. It must then be manually reset. (Correct)
  • The default mode is shutdown, which puts the port into port-inconsistent state. It must then be manually reset.
  • The default number of secure MAC addresses is zero.
  • The default number of secure MAC addresses is one. (Correct)

Answer : The default mode is shutdown, which puts the port into err-disabled state. It must then be manually reset. The default number of secure MAC addresses is one.

Explanation The default port security mode is shutdown. When this happens, the port goes into err-disabled mode, and by default it must be manually reset. You need to resolve the address that put it into shutdown mode first, though, or the port will go right back into that mode.

How many valid subnets exist on the 200.1.1.0 /27 network?

Options are :

  • 8 (Correct)
  • 6
  • 16
  • 32
  • 64
  • 4

Answer : 8

Explanation 200.1.1.0 is a Class C network with a network mask of /24. The subnet mask here is /27, so we have three subnet bits (27 - 24). 2 to the 3rd power is 8. That's it!

Which three of these numbers fall in the numeric ranges that are acceptable when creating an extended access list?

Options are :

  • 142 (Correct)
  • 2682 (Correct)
  • 99
  • 412
  • 2412 (Correct)
  • 838
  • 1999

Answer : 142 2682 2412

Explanation The acceptable numeric ranges for an extended ACL are 100 - 199 and 2000 - 2699, so any numbers in those ranges will suit our purposes. Check your ACL numbers carefully on exam day!

How many valid host addresses are there on the 210.17.24.0 255.255.255.128 subnet?

Options are :

  • 256
  • 128
  • 1024
  • 64
  • 254
  • 62
  • 1022
  • 126 (Correct)

Answer : 126

Explanation To calculate the number of valid hosts on a given subnet, first subtract the number of subnet bits from 32. The subnet mask 255.255.255.128 has 25 bits (11111111 11111111 11111111 10000000), and 32 - 25 = 7, so we have 7 host bits. 2 to the 7th power is 128. Subtract the two unusable host addresses (the first and last in the range) and you have 126.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions