 Assessment Results

 Item Feedback Report

CCNA Cybersecurity Operations (Version 1.1) - CyberOps Chapter

4 Exam

Below is the feedback on items for which you did not receive full credit. Some interactive items may not display
your response.

Subscore:

1 Which PDU format is used when bits are received from the netw
Correct Your
Response Resp

When received at the physical layer of a host, the bits are formatted into a frame at the data lin

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.1.2 Communications
Protocols

3 What is the prefix length notation for the subnet mask 255.255.255.224?
Correct Your
Response Resp

The binary format for 255.255.255.224 is 11111111.11111111.11111111.11100000. The prefix length is the num

This item references content from the following areas:

CCNA Cybersecurity Operations
  4.2.3 IPv4 Addressing
Basics

5 A high school in New York (school A) is using videoconferencing

technology to establish student interactions with another high school
(school B) in Russia. The videoconferencing is conducted between
two end devices through the Internet. The network administrator of
school A configures the end device with the IP address
209.165.201.10. The administrator sends a request for the IP
address for the end device in school B and the response is
192.168.25.10. Neither school is using a VPN. The administrator
knows immediately that this IP will not work. Why?
Correct Your
Response Response

This is a link-local address.

This is a loopback address.

This is a private IP address.

There is an IP address conflict.

The IP address 192.168.25.10 is an IPv4 private address. This address will not be routed over the
Internet, so school A will not be able to reach school B. Because the address is a private one, it can be
used freely on an internal network. As long as no two devices on the internal network are assigned the
same private IP, there is no IP conflict issue. Devices that are assigned a private IP will need to use
NAT in order to communicate over the Internet.

This item references content from the following areas:

CCNA Cybersecurity Operations

 4.2.4 Types of IPv4

Addresses

6 Which three IP addresses are private ? (Choose three.)

Correct Your
Response Response

10.1.1.1

224.6.6.6

172.16.4.4

192.168.5.5

192.167.10.10

172.32.5.2
The private IP addresses are within these three ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
 This item references content from the following areas:
CCNA Cybersecurity Operations

 4.2.4 Types of IPv4

Addresses

Refer to the exhibit. Using the network in the exhibit, what would be
the default gateway address for host A in the 192.133.219.0
network?
Correct Your
Respons Response
e

192.31.7.1

192.133.219.0

192.133.219.1

192.135.250.1

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.2.5 The Default

Gateway

9
 Refer to the exhibit. What is the global IPv6 address of the host in
uncompressed format?
Correct Your
Response Response

2001:0DB8:0000:0000:0000:0BAF:3F57:FE94

2001:0DB8:0000:0000:0BAF:0000:3F57:FE94

2001:0DB8:0000:0BAF:0000:0000:3F57:FE94

2001:DB80:0000:0000:BAF0:0000:3F57:FE94
In the compressed format, the :: represents two contiguous hextets of all zeros. Leading zeros in the
second, fifth, and sixth hextets have also been removed.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.2.6 IPv6

10 What is the purpose of ICMP messages?

Correct Your
Response Response

to inform routers about network topology changes

to ensure the delivery of an IP packet

to provide feedback of IP packet transmissions

to monitor the process of a domain name to IP address resolution

The purpose of ICMP messages is to provide feedback about issues that are related to the processing
of IP packets.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.3.1 ICMP

11
The graphic shows a network diagram as follows:
PC A connects to switch S1, which connects to the G0/0 interface of
router R1. PC B connects to switch S2, which connects to the G0/1
interface of router R1. A network analyst is connected to switch S2.
The address of each device is as follows:
PC A: 192.168.1.212 and FE80::1243:FEFE:8A43:2122 and 01-90-
C0-E4-55-BB
PC B: 192.168.2.101 and FE80::FBB2:E77A:D143 and 08-CB-8A-
5C-D5-8A
R1 G0/0:192.168.1.1 and FE80::1 and 00-D0-D3-BE-79-26
R1 G0/1: 192.168.2.1 and FE80::1 and 00-60-0F-B1-D1-11
Refer to the exhibit. A cybersecurity analyst is viewing captured
ICMP echo request packets sent from host A to host B on switch S2.
What is the source MAC address of Ethernet frames carrying the
ICMP echo request packets?
Correct Your
Respon Response
se

01-90-C0-E4-55-BB

00-60-0F-B1-D1-11

08-CB-8A-5C-D5-BA

00-D0-D3-BE-79-26
When router R1 receives the ICMP echo requests from host A it will forward the packets out interface
G0/1 towards host B. However, before forwarding the packets, R1 will encapsulate them in a new
 Ethernet frame using the MAC address of interface G0/1 as the source and the MAC address of host B
as the destination.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.4.1 MAC and IP

12

The exhibit shows a network topology. PC1 and PC2 are connected
to the Fa0/1 and Fa0/2 ports of the SW1 switch, respectively. SW1 is
connected through its Fa0/3 port to the Fa0/0 interface of the RT1
router. RT1 is connected through its Fa0/1 to the Fa0/2 port of SW2
switch. SW2 is connected through its Fa0/1 port to the PC3.
Refer to the exhibit. PC1 issues an ARP request because it needs to
send a packet to PC2. In this scenario, what will happen next?
Correct Your
Response Response

SW1 will send an ARP reply with the PC2 MAC address.

PC2 will send an ARP reply with its MAC address.

SW1 will send an ARP reply with its Fa0/1 MAC address.

RT1 will send an ARP reply with the PC2 MAC address.

RT1 will send an ARP reply with its Fa0/0 MAC address.
When a network device wants to communicate with another device on the same network, it sends a
broadcast ARP request. In this case, the request will contain the IP address of PC2. The destination
device (PC2) sends an ARP reply with its MAC address.

This item references content from the following

areas:
CCNA Cybersecurity Operations
  4.4.2 ARP

13 What are two features of ARP? (Choose two.)

Correct Your
Response Response

If no device responds to the ARP request, then the originating node will broadcast
the data packet to all devices on the network segment.

When a host is encapsulating a packet into a frame, it refers to the MAC address
table to determine the mapping of IP addresses to MAC addresses.

If a device receiving an ARP request has the destination IPv4 address, it responds
with an ARP reply.

An ARP request is sent to all devices on the Ethernet LAN and contains the IP
address of the destination host and its multicast MAC address.

If a host is ready to send a packet to a local destination device and it has the IP
address but not the MAC address of the destination, it generates an ARP broadcast.
When a node encapsulates a data packet into a frame, it needs the destination MAC address. First it
determines if the destination device is on the local network or on a remote network. Then it checks the
ARP table (not the MAC table) to see if a pair of IP address and MAC address exists for either the
destination IP address (if the destination host is on the local network) or the default gateway IP address
(if the destination host is on a remote network). If the match does not exist, it generates an ARP
broadcast to seek the IP address to MAC address resolution. Because the destination MAC address is
unknown, the ARP request is broadcast with the MAC address FFFF.FFFF.FFFF. Either the destination
device or the default gateway will respond with its MAC address, which enables the sending node to
assemble the frame. If no device responds to the ARP request, then the originating node will discard
the packet because a frame cannot be created.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.4.2 ARP

14 What are two potential network problems that can result from ARP
operation? (Choose two.)
Correct Your
Response Response

Manually configuring static ARP associations could facilitate ARP poisoning or MAC
address spoofing.

Network attackers could manipulate MAC address and IP address mappings in ARP
messages with the intent of intercepting network traffic.

Multiple ARP replies result in the switch MAC address table containing entries that
match the MAC addresses of hosts that are connected to the relevant switch port.

Large numbers of ARP request broadcasts could cause the host MAC address table
to overflow and prevent the host from communicating on the network.

On large networks with low bandwidth, multiple ARP broadcasts could cause data
communication delays.
Large numbers of ARP broadcast messages could cause momentary data communications delays.
Network attackers could manipulate MAC address and IP address mappings in ARP messages with the
intent to intercept network traffic. ARP requests and replies cause entries to be made into the ARP
 table, not the MAC address table. ARP table overflows are very unlikely. Manually configuring static
ARP associations is a way to prevent, not facilitate, ARP poisoning and MAC address spoofing.
Multiple ARP replies resulting in the switch MAC address table containing entries that match the MAC
addresses of connected nodes and are associated with the relevant switch port are required for normal
switch frame forwarding operations. It is not an ARP caused network problem.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.4.3 ARP Issues

16 What is a socket?
Correct Your
Response Response

the combination of the source and destination sequence and acknowledgment

numbers

the combination of a source IP address and port number or a destination IP address

and port number

the combination of the source and destination IP address and source and
destination Ethernet address

the combination of the source and destination sequence numbers and port numbers
A socket is a combination of the source IP address and source port or the destination IP address and
the destination port number.

This item references content from the following areas:

CCNA Cybersecurity Operations

 4.5.1 Transport Layer

Characteristics

17 Which two characteristics are associated with UDP sessions?

(Choose two.)
Correct Your
Response Response

Destination devices reassemble messages and pass them to an application.

Destination devices receive traffic with minimal delay.

Unacknowledged data packets are retransmitted.

Received data is unacknowledged.

Transmitted data segments are tracked.

TCP:
· Provides tracking of transmitted data segments
· Destination devices will acknowledge received data.
· Source devices will retransmit unacknowledged data.

UDP
· Destination devices will not acknowledge received data
· Headers use very little overhead and cause minimal delay.
 This item references content from the following areas:
CCNA Cybersecurity Operations

 4.5.1 Transport Layer

Characteristics

18 Which TCP mechanism is used to identify missing segments?

Correct Your
Response Response

FCS

sequence numbers

acknowledgments

window size
TCP segments are acknowledged by the receiver as they arrive. The receiver keeps track of the
sequence number of received segments and uses the sequence number to reorder the segments and
to identify any missing segments that need to be retransmitted.

This item references content from the following areas:

CCNA Cybersecurity Operations

 4.5.2 Transport Layer

Operation

19 Which transport layer feature is used to guarantee session

establishment?
Correct Your
Response Response

UDP sequence number

UDP ACK flag

TCP port number

TCP 3-way handshake

TCP uses the 3-way handshake. UDP does not use this feature. The 3-way handshake ensures there
is connectivity between the source and destination devices before transmission occurs.

This item references content from the following areas:

CCNA Cybersecurity Operations

 4.5.2 Transport Layer

Operation

20 How is a DHCPDISCOVER transmitted on a network to reach a

DHCP server?
Correct Your
Response Response
 A DHCPDISCOVER message is sent with the IP address of the DHCP server as
the destination address.

A DHCPDISCOVER message is sent with a multicast IP address that all DHCP

servers listen to as the destination address.

A DHCPDISCOVER message is sent with the IP address of the default gateway as

the destination address.

A DHCPDISCOVER message is sent with the broadcast IP address as the

destination address.
The DHCPDISCOVER message is sent by a DHCPv4 client and targets a broadcast IP along with the
destination port 67. The DHCPv4 server or servers respond to the DHCPv4 clients by targeting port
68.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.6.1 DHCP

22 What is the primary purpose of NAT?

Correct Your
Response Response

enhance network performance

increase network security

allow peer-to-peer file sharing

conserve IPv4 addresses

NAT was developed to conserve IPv4 addresses. A side benefit is that NAT adds a small level of
security by hiding the internal network addressing scheme. However, there are some drawbacks of
using NAT. It does not allow true peer-to-peer communication and it adds latency to outbound
connections.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.6.3 NAT

25 Which application layer protocol uses message types such as GET,

PUT, and POST?
Correct Your
Response Response

DNS

HTTP

SMTP

DHCP

POP3
 The GET command is a client request for data from a web server. A PUT command uploads resources
and content, such as images, to a web server. A POST command uploads data files to a web server.

This item references content from the following

areas:
CCNA Cybersecurity Operations

 4.6.6 HTTP

26
Question as presented:
Match the TCP/IP model layer with the function.

application
transport
internet
network access
supports communication between applications
represents data to the user
controls the media
determines best path

This item references content from the following areas:

CCNA Cybersecurity Operations

 4.1.2 Communications Protocols

Your response:

Match the TCP/IP model layer with the function.

application
transport
internet
network access
supports communication between applications
transport
represents data to the user
application
controls the media
internet
determines best path
 network access

27
Question as presented:
Match the compressed IPv6 address representation with the full IPv6 address. (Not
all options are used.)

2001:DB8:10:11::10
2001:DB8::10:11:101
2001:DB8:10::11:101
2001:DB8::10:0:11:101
2001:0DB8:0010:0000:0000:0000:0011:0101
2001:0DB8:0000:0000:0010:0000:0011:0101
2001:0DB8:0010:0000:0011:0000:0000:0101
2001:0DB8:0010:0011:0000:0000:0000:0010
2001:0DB8:0000:0000:0000:0010:0011:0101

This item references content from the following areas:

CCNA Cybersecurity Operations

 4.2.6 IPv6

Your response:

Match the compressed IPv6 address representation with the full IPv6 address. (Not all options are used.)

2001:DB8:10:11::10
2001:DB8::10:11:101
2001:DB8:10::11:101
2001:DB8::10:0:11:101
2001:0DB8:0010:0000:0000:0000:0011:0101
2001:DB8:10:11::10
2001:0DB8:0000:0000:0010:0000:0011:0101
2001:DB8::10:11:101
2001:0DB8:0010:0000:0011:0000:0000:0101
2001:DB8:10::11:101
2001:0DB8:0010:0011:0000:0000:0000:0010
2001:DB8::10:0:11:101
2001:0DB8:0000:0000:0000:0010:0011:0101
28

The exhibit shows a network topology with a PC, a web

server, 2 layer 2 switches, and 2 routes. The PC (IP address
192.168.1.2) is connected to the 1st switch. The 1st switch is
connected to the Fa0/0 of R1 (IP address 192.168.1.1). The
S0/0/0 of R1 (IP address 192.168.0.1) is connected to the
S0/0/0 of R2 (IP address 192.168.0.2). The Fa0/0 of R2 (IP
address 192.168.2.1) is connected to the 2nd switch. The 2nd
switch is connected to the web server (IP address
192.168.2.2).

Question as presented:
Refer to the exhibit. Consider a datagram that originates on the PC and that is
destined for the web server. Match the IP addresses and port numbers that are in
that datagram to the description. (Not all options are used.)

destination IP address
destination port number
source IP address
source port number
192.168.1.1
192.168.1.2
192.168.2.2
25
2578
80

A TCP/IP segment that originated on the PC has 192.168.1.2 as the IP source address. 2578
is the only possible option for the source port number because the PC port number must be
in the range of registered ports 1024 to 49151. The destination is the web server, which has
the IP address 192.168.2.2, and the destination port number is 80 according to the HTTP
protocol standard.
This item references content from the following areas:
CCNA Cybersecurity Operations

 4.5.1 Transport Layer Characteristics

Your response:

Refer to the exhibit. Consider a datagram that originates on the PC and that is destined for the web server. Matc
addresses and port numbers that are in that datagram to the description. (Not all options are used.)

destination IP address
destination port number
source IP address
source port number
192.168.1.1
destination IP address
192.168.1.2
destination port number
192.168.2.2
source port number
25
source IP address
2578
80