MODULE QUIZ

1.10.2 Module Quiz – Networking Today Answers – CCNA 1 v7 Module 1

Quiz
1. How does BYOD change the way in which businesses implement networks?
 BYOD requires organizations to purchase laptops rather than desktops.
 BYOD users are responsible for their own network security, thus reducing the need for
organizational security policies.
 BYOD devices are more expensive than devices that are purchased by an organization.
 BYOD provides flexibility in where and how users can access network
resources.
Explanation: A BYOD environment requires an organization to accommodate a variety of
devices and access methods. Personal devices, which are not under company control, may be
involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus
on delivering collaboration tools and other software to BYOD users.
2. An employee wants to access the network of the organization remotely, in
the safest possible way. What network feature would allow an employee to
gain secure remote access to a company network?
 ACL
 IPS
 VPN
 BYOD
Explanation: Virtual private networks (VPN) are used to provide secure access to remote
workers.
3. What is the Internet?
 It is a network based on Ethernet technology.
 It provides network access for mobile devices.
 It provides connections through interconnected global networks.
 It is a private network for an organization with LAN and WAN connections.
Explanation: The Internet provides global connections that enable networked devices
(workstations and mobile devices) with different network technologies, such as Ethernet,
DSL/cable, and serial connections, to communicate. A private network for an organization with LAN
and WAN connections is an intranet.
4. What are two functions of end devices on a network? (Choose two.)
 They originate the data that flows through the network.
 They direct data over alternate paths in the event of link failures.
 They filter the flow of data to enhance security.
 They are the interface between humans and the communication
network.
 They provide the channel over which the network message travels.
Explanation: End devices originate the data that flows through the network. Intermediary devices
direct data over alternate paths in the event of link failures and filter the flow of data to enhance
security. Network media provide the channel through which network messages travel.
5. In which scenario would the use of a WISP be recommended?
 an Internet cafe in a city
 a farm in a rural area without wired broadband access
 any home with multiple wireless devices
 an apartment in a building with cable access to the Internet
Explanation: Wireless Internet Service Providers (WISPs) are typically found in rural areas
where DSL or cable access is not available. A dish or antenna on the property of the subscriber
connects wirelessly to a WISP transmitter, eliminating the need for physical cabling outside the
building.
5. Which of the following fiber-optic cable types can help data travel
approximately 500 meters?
 multimode
 single-mode
6. What characteristic of a network enables it to quickly grow to support new
users and applications without impacting the performance of the service
being delivered to existing users?
 reliability
 scalability
 quality of service
 accessibility
Explanation: Networks must be able to quickly grow to support new users and services, without
impacting existing users and services. This ability to grow is known as scalability.
7. A college is building a new dormitory on its campus. Workers are digging
in the ground to install a new water pipe for the dormitory. A worker
accidentally damages a fiber optic cable that connects two of the existing
dormitories to the campus data center. Although the cable has been cut,
students in the dormitories only experience a very short interruption of
network services. What characteristic of the network is shown here?
 quality of service (QoS)
 scalability
 security
 fault tolerance
 integrity
Explanation: Fault tolerance is the characteristic of a network which allows it to quickly respond
to failures of network devices, media, or services. Quality of service refers to the measures taken to
ensure that network traffic requiring higher throughput receives the required network resources.
Scalability refers to the ability of the network to grow to accommodate new requirements. Security
refers to protecting networks and data from theft, alteration, or destruction. Integrity refers to the
completeness of something and is generally not used as a characteristic of networks in the same
way as the other terms.
8. What are two characteristics of a scalable network? (Choose two.)
 easily overloaded with increased traffic
 grows in size without impacting existing users
 is not as reliable as a small network
 suitable for modular devices that allow for expansion
 offers limited number of applications
Explanation: Scalable networks are networks that can grow without requiring costly replacement
of existing network devices. One way to make a network scalable is to buy networking devices that
are modular.
9. Which device performs the function of determining the path that messages
should take through internetworks?
 a router
 a firewall
 a web server
 a DSL modem
Explanation: A router is used to determine the path that the messages should take through the
network. A firewall is used to filter incoming and outgoing traffic. A DSL modem is used to provide
Internet connection for a home or an organization.
10. Which two Internet connection options do not require that physical cables
be run to the building? (Choose two.)
 DSL
 cellular
 satellite
 dialup
 dedicated leased line
Explanation: Cellular connectivity requires the use of the cell phone network. Satellite
connectivity is often used where physical cabling is not available outside the home or business.
11. What type of network must a home user access in order to do online
shopping?
 an intranet
 the Internet
 an extranet
  a local area network
Explanation: Home users will go online shopping over the Internet because online vendors are
accessed through the Internet. An intranet is basically a local area network for internal use only. An
extranet is a network for external partners to access certain resources inside an organization. A
home user does not necessarily need a LAN to access the Internet. For example, a PC connects
directly to the ISP through a modem.
12. During a routine inspection, a technician discovered that software that
was installed on a computer was secretly collecting data about websites that
were visited by users of the computer. Which type of threat is affecting this
computer?
 DoS attack
 identity theft
 spyware
 zero-day attack
Explanation: Spyware is software that is installed on a network device and that collects
information.
13. Which term refers to a network that provides secure access to the
corporate offices by suppliers, customers and collaborators?
 Internet
 intranet
 extranet
 extendednet
Explanation: The term Internet refers to the worldwide collection of connected networks. Intranet
refers to a private connection of LANs and WANS that belong to an organization and is designed to
be accessible to the members of the organization, employees, or others with authorization.
Extranets provide secure and safe access to suppliers, customers, and collaborators. Extendednet
is not a type of network.
14. A large corporation has modified its network to allow users to access
network resources from their personal laptops and smart phones. Which
networking trend does this describe?
 cloud computing
 online collaboration
 bring your own device
 video conferencing
Explanation: BYOD allows end users to use personal tools to access the corporate network.
Allowing this trend can have major impacts on a network, such as security and compatibility with
corporate software and devices.
15. What is an ISP?
 It is a standards body that develops cabling and wiring standards for networking.
 It is a protocol that establishes how computers within a local network communicate.
 It is an organization that enables individuals and businesses to
connect to the Internet.
 It is a networking device that combines the functionality of several different networking
devices in one.
Explanation: An ISP, or Internet Service Provider, is an organization that provides access to the
Internet for businesses and individuals.

2.9.4 Module Quiz – Basic Switch and End Device Configuration Answers

PlayvolumeAd

1. Which functionality is provided by DHCP?

 automatic assignment of an IP address to each host
 remote switch management
 translation of IP addresses to domain names
 end-to-end connectivity test
Explanation: DHCP provides dynamic and automatic IP address assignment to hosts.
2. Which two functions are provided to users by the context-sensitive help
feature of the Cisco IOS CLI? (Choose two.)
 providing an error message when a wrong command is submitted
 displaying a list of all available commands within the current mode
 allowing the user to complete the remainder of an abbreviated command with the TAB
key
 determining which option, keyword, or argument is available for the
entered command
 selecting the best command to accomplish a task
Explanation: Context-sensitive help provides the user with a list of commands and the
arguments associated with those commands within the current mode of a networking device.
A syntax checker provides error checks on submitted commands and the TAB key can be used for
command completion if a partial command is entered.
3. Which memory location on a Cisco router or switch stores the startup
configuration file?
 RAM
 ROM
 NVRAM
 flash
Explanation: The startup configuration file of a Cisco router or switch is stored in NVRAM, which
is nonvolatile memory.
4. To what subnet does the IP address 10.1.100.50 belong if a subnet mask of
255.255.0.0 is used?
 10.1.0.0
 10.0.0.0
 10.1.100.32
 10.1.100.0
Explanation: The purpose of a subnet mask is to separate the network portion of the address
from the host portion of the IP address. The network portion of the IP address is identified by all
binary 1s in the subnet mask. Using a subnet mask of 255.255.0.0 identifies the first two octets of
the IP address as the network portion.
5. When a hostname is configured through the Cisco CLI, which three naming
conventions are part of the guidelines? (Choose three.)
 the hostname should be fewer than 64 characters in length
 the hostname should be written in all lower case characters
 the hostname should contain no spaces
 the hostname should end with a special character
 the hostname should begin with a letter
Explanation: A hostname can be configured with upper or lower case characters and should end
with a letter or digit, not a special character. A hostname should start with a letter and no space is
allowed for a hostname.
6. What is the function of the shell in an OS?
 It interacts with the device hardware.
 It interfaces between the users and the kernel.
 It provides dedicated firewall services.
 It provides the intrusion protection services for the device.
Explanation: Most operating systems contain a shell and a kernel. The kernel interacts with the
hardware and the shell interfaces between the kernel and the users.
7. A router with a valid operating system contains a configuration file stored
in NVRAM. The configuration file has an enable secret password but no
console password. When the router boots up, which mode will display?
 global configuration mode
 setup mode
 Oprivileged EXEC mode
 user EXEC mode
Explanation: If a Cisco IOS device has a valid IOS and a valid configuration file, it will boot into
user EXEC mode. A password will be required to enter privileged EXEC mode.
8. An administrator has just changed the IP address of an interface on an IOS
device. What else must be done in order to apply those changes to the
device?
 Copy the running configuration to the startup configuration file.
 Copy the information in the startup configuration file to the running configuration.
 Reload the device and type yes when prompted to save the configuration.
 Nothing must be done. Changes to the configuration on an IOS device
take effect as soon as the command is typed correctly and the Enter
key has been pressed.
Explanation: Changes to router and switch configurations take effect as soon as the command is
entered. For this reason, it is very important that changes to live production devices are always
carefully planned before being implemented. If commands are entered that render the device
unstable or inaccessible, the device may have to be reloaded, resulting in network downtime.
9. Which memory location on a Cisco router or switch will lose all content
when the device is restarted?
 ROM
 flash
 NVRAM
 RAM
Explanation: RAM is volatile memory and will lose all contents if the router or switch is restarted
or shutdown.
10. Why would a technician enter the command copy startup-config running-
config?
 to remove all configurations from the switch
 to save an active configuration to NVRAM
 to copy an existing configuration into RAM
 to make a changed configuration the new startup configuration
Explanation: Usually, changes are made to a running configuration in RAM and copied
to NVRAM. However, in this case, the technician wants to copy a previously saved configuration
from NVRAM into RAM in order to make changes to it.?
11. Which statement is true about the running configuration file in a Cisco
IOS device?
 It affects the operation of the device immediately when modified.
 It is stored in NVRAM.
 It should be deleted using the erase running-config command.
 It is automatically saved when the router reboots.
Explanation: As soon as configuration commands are entered into a router, they modify the
device immediately. Running configuration files can not be deleted nor are they saved
automatically.
12. Which two statements are true regarding the user EXEC mode? (Choose
two.)
 All router commands are available.
 Global configuration mode can be accessed by entering the enable command.
 The device prompt for this mode ends with the “>” symbol.
 Interfaces and routing protocols can be configured.
 Only some aspects of the router configuration can be viewed.
Explanation: User EXEC mode limits access to some show and debug commands. It is the
first level of user interface encountered when configuring a router and is intended for investigation of
certain functions of the device. The User EXEC prompt is identified with the “>” symbol.
13. Which type of access is secured on a Cisco router or switch with
the enable secret command?
 virtual terminal
 privileged EXEC
 AUX port
 console line
Explanation: The enable secret command secures access to the privileged EXEC mode of a
Cisco router or switch.
14. What is the default SVI on a Cisco switch?
 VLAN1
 VLAN99
 VLAN100
 VLAN999
Explanation: Layer 2 switches use switch virtual interfaces (SVIs) to provide a means for remote
access over IP. The default SVI on a Cisco switch is VLAN1.

3.8.2 Module Quiz – Protocols and Models Answers

Playvolume00:00/01:03TruvidfullScreen

1. What process is used to receive transmitted data and convert it into a

readable message?
 access control
 decoding
 encapsulation
 flow control
Explanation: Decoding is the process of receiving transmitted data and reversing the encoding
process to interpret the information. An example is a person that listens to a voicemail and decodes
the sounds to understand the received message.
2. What is done to an IP packet before it is transmitted over the physical
medium?
 It is tagged with information guaranteeing reliable delivery.
 It is segmented into smaller individual pieces.
 It is encapsulated into a TCP segment.
 It is encapsulated in a Layer 2 frame.
Explanation: When messages are sent on a network, the encapsulation process works from the
top of the OSI or TCP/IP model to the bottom. At each layer of the model, the upper layer
information is encapsulated into the data field of the next protocol. For example, before an IP packet
can be sent, it is encapsulated in a data link frame at Layer 2 so that it can be sent over the physical
medium.
3. What process is used to place one message inside another message for
transfer from the source to the destination?
 access control
 decoding
 encapsulation
 flow control
Explanation: Encapsulation is the process of placing one message format into another message
format. An example is how a packet is placed in its entirety into the data field as it is encapsulated
into a frame.
4. A web client is sending a request for a webpage to a web server. From the
perspective of the client, what is the correct order of the protocol stack that
is used to prepare the request for transmission?
 HTTP, IP, TCP, Ethernet
 HTTP, TCP, IP, Ethernet
 Ethernet, TCP, IP, HTTP
 Ethernet, IP, TCP, HTTP
Explanation:
1. HTTP governs the way that a web server and client interact.
2. TCP manages individual conversations between web servers and clients.
3. IP is responsible for delivery across the best path to the destination.
4. Ethernet takes the packet from IP and formats it for transmission.
5. What are two benefits of using a layered network model? (Choose two.)
 It assists in protocol design.
 It speeds up packet delivery.
 It prevents designers from creating their own model.
 It prevents technology in one layer from affecting other layers.
 It ensures a device at one layer can function at the next higher layer.
Explanation: Some vendors have developed their own reference models and protocols. Today, if
a device is to communicate on the Internet, the device must use the TCP/IP model. The benefits of
using a layered model are as follows:
 assists in protocol design
 fosters competition between vendors
 prevents a technology that functions at one layer from affecting any other layer
 provides a common language for describing network functionality
 helps in visualizing the interaction between each layer and protocols between each layer

6. What is the purpose of protocols in data communications?

 specifying the bandwidth of the channel or medium for each type of communication
 specifying the device operating systems that will support the communication
 providing the rules required for a specific type of communication to
occur
 dictating the content of the message sent during communication
Explanation: Protocols provide rules that define how a message is transmitted across a network.
Implementation requirements such as electronic and bandwidth details for data communication are
specified by standards. Operating systems are not specified by protocols, but will implement
protocols. Protocols determine how and when to send a message but they do not control the
contents of a message.
7. Which logical address is used for delivery of data to a remote network?
 destination MAC address
 destination IP address
 destination port number
 source MAC address
 source IP address
Explanation: The destination IP address is used for end-to-end delivery of data to a remote
network. The destination MAC address is used for delivery on a local network. The destination port
number identifies the application that should process the data at the destination. Source addresses
identify the sender of the data.
8. What is the general term that is used to describe a piece of data at any
layer of a networking model?
 frame
 packet
 protocol data unit
 segment
Explanation: The term protocol data unit (PDU) is used to describe a piece of data at any layer
of a networking model. A packet is the PDU at the network layer. A frame is the data link layer PDU.
A segment is the PDU at the transport layer.
9. Which two protocols function at the internet layer? (Choose two.)
 POP
 BOOTP
 ICMP
 IP
 PPP
Explanation: ICMP and IP both function at the internet layer, whereas PPP is a network access
layer protocol, and POP and BOOTP are application layer protocols.
10. Which layer of the OSI model defines services to segment and reassemble
data for individual communications between end devices?
 application
 presentation
 session
 transport
 network
Explanation: The OSI model consists of seven layers: application, presentation, session,
transport, network, data link, and physical. The transport layer defines services to segment, transfer,
and reassemble the data for individual communications between the end devices.
11. Which type of communication will send a message to a group of host
destinations simultaneously?
  broadcast
 multicast
 unicast
 anycast
Explanation: Multicast is a one-to-many communication where the message is delivered to a
specific group of hosts. Broadcast communication is a one-to-all communication. A unicast
communication is a one-to-one communication. Anycast is an IPv6 term and is the sending of data
in a one-to-nearest communication.
12. Which three acronyms/initialisms represent standards organizations?
(Choose three.)
 IANA
 TCP/IP
 IEEE
 IETF
 OSI
 MAC
Explanation: TCP/IP is a protocol stack that contains a lot of other protocols such as HTTP,
FTP, and DNS. The TCP/IP protocol stack is required to be used when communicating on the
Internet. A MAC address is an address that is burned into an Ethernet network card. OSI is the 7
layer model that is used to explain how networking works.
13. What type of communication will send a message to all devices on a local
area network?
 broadcast
 multicast
 unicast
 allcast
Explanation: Broadcast communication is a one-to-all communication. A unicast communication
is a one-to-one communication. Multicast is a one-to-many communication where the message is
delivered to a specific group of hosts. Allcast is not a standard term to describe message delivery.
14. In computer communication, what is the purpose of message encoding?
 to convert information to the appropriate form for transmission
 to interpret information
 to break large messages into smaller frames
 negotiate correct timing for successful communication
Explanation: Before a message is sent across a network it must first be encoded. Encoding is
the process of converting the data message into another format suitable for transmission across the
physical medium. Each bit of the message is encoded into a pattern of sounds, light waves, or
electrical impulses depending on the network media over which the bits are transmitted. The
destination host receives and decodes the signals in order to interpret the message.
15. Which message delivery option is used when all devices need to receive
the same message simultaneously?
 duplex
 unicast
 multicast
 broadcast
Explanation: When all devices need to receive the same message simultaneously, the message
would be delivered as a broadcast. Unicast delivery occurs when one source host sends a message
to one destination host. The sending of the same message from a host to a group of destination
hosts is multicast delivery. Duplex communications refers to the ability of the medium to carry
messages in both directions.
16. What three requirements are defined by the protocols used in network
communcations to allow message transmission across a network? (Choose
three.)
 connector specifications
 message encoding
 media selection
 message size
 delivery options
 end-device installation
17. What type of delivery uses data link layer addresses?
 remote delivery
 local and remote delivery
 local delivery
 remote delivery using routers
18. What layer of the TCP/IP protocol model determines the best path
through the network?
 application
 transport
 internet
 network access

4.7.4 Module Quiz – Physical Layer Answers

Playvolume00:00/01:03TruvidfullScreen

1. Which standards organization oversees development of wireless LAN

standards?
 IANA
 IEEE
 IOS
 TIA
Explanation: IANA oversees the management of IP address allocation and domain names. ISO
is the largest developer of international networking standards and is famous for the Open Systems
Interconnection (OSI) model. TIA focuses on communication standards. The IEEE 802 standards
are many, but the ones that affect an entry-level network professional are Ethernet (802.3), wireless
LANs (802.11), and wireless PANs (802.15).
2. A network administrator is designing a new network infrastructure that
includes both wired and wireless connectivity. Under which situation would a
wireless connection be recommended?
 The end-user device only has an Ethernet NIC.
 The end-user device requires a dedicated connection because of performance
requirements.
 The end-user device needs mobility when connecting to the network.
 The end-user device area has a high concentration of RFI.
Explanation: When the end-user devices need mobility to connect to the network, wireless is
recommended. If an end-user device only has an Ethernet NIC, the user will only be able to use
Ethernet cabling. If RFI is an issue, wireless is not recommended. An end-user device that requires
a dedicated connection for performance would perform better with a dedicated Ethernet cable.
3. A network administrator is troubleshooting connectivity issues on a server.
Using a tester, the administrator notices that the signals generated by the
server NIC are distorted and not usable. In which layer of the OSI model is
the error categorized?
 presentation layer
 network layer
 physical layer
 data link layer
Explanation: The NIC has responsibilities in both Layer 1 and Layer 2. The NIC encodes the
frame as a series of signals that are transmitted onto the local media. This is the responsibility of the
physical layer of the OSI model. The signal could be in the form of electrical, optical, or radio waves.
4. What type of cable is used to connect a workstation serial port to a Cisco
router console port?
 crossover
 rollover
 straight-through
 coaxial
Explanation: UTP cable wire pairs can be terminated in different configurations for use in
different applications. To use a UTP cable for consoling into a Cisco router from a PC serial port, it
must be terminated as a rollover or console cable.
5. Which type of UTP cable is used to connect a PC to a switch port?
 console
 rollover
 crossover
 straight-through
Explanation: A rollover cable is a Cisco proprietary cable used to connect to a router or switch
console port. A straight-through (also called patch) cable is usually used to interconnect a host to a
switch and a switch to a router. A crossover cable is used to interconnect similar devices together,
for example, between two switches, two routers, and two hosts.
6. What is the definition of bandwidth?
 the measure of the transfer of bits across the media over a given period of time
 the speed at which bits travel on the network
 the amount of data that can flow from one place to another in a given
amount of time
 the measure of usable data transferred over a given period of time
Explanation: Bandwidth is the measure of the capacity of a network medium to carry data. It is
the amount of data that can move between two points on the network over a specific period of time,
typically one second.
7. Which statement correctly describes frame encoding?
 It uses the characteristic of one wave to modify another wave.
 It transmits data signals along with a clock signal which occurs at evenly spaced time
durations.
 It generates the electrical, optical, or wireless signals that represent the binary numbers
of the frame.
 It converts bits into a predefined code in order to provide a
predictable pattern to help distinguish data bits from control bits.
Explanation: Frame encoding converts a stream of data bits into a predefined code that is
recognized by both the sender and receiver. These codes are used for a variety of purposes, such
as distinguishing data bits from control bits, and identifying the beginning and end of a frame.
8. What is a characteristic of UTP cabling?
 cancellation
 cladding
 immunity to electrical hazards
 woven copper braid or metallic foil
Explanation: Cladding and immunization from electrical hazards are characteristics for fiber-optic
cabling. A woven copper braid or metallic foil is used as a shield for the inner coaxial cable
conductor. Cancellation is a property of UTP cabling where two wires are located adjacent to one
another so each magnetic field cancels out the adjacent magnetic field.
9. A wireless LAN is being deployed inside the new one room office that is
occupied by the park ranger. The office is located at the highest part of the
national park. After network testing is complete, the technicians report that
the wireless LAN signal is occasionally affected by some type of interference.
What are two possible causes of the signal distortion? (Choose two.)
 the microwave oven
 the large number of trees that surround the office
 the cellular phones that are used by the employees
 the elevated location where the wireless LAN was installed
 the number of wireless devices that are used in the wireless LAN
Explanation: Wireless LAN connectivity is not affected by trees or the elevation of the
equipment. Because this is a one room office in an isolated area, there will not be a large number of
wireless devices or source of interference operating in the immediate vicinity, apart from a cellular
phone or a microwave oven.
10. What is indicated by the term throughput?
 the guaranteed data transfer rate offered by an ISP
 the capacity of a particular medium to carry data
  the measure of the usable data transferred across the media
 the measure of the bits transferred across the media over a given
period of time
 the time it takes for a message to get from sender to receiver
Explanation: Throughput is the measure of the transfer of bits across the media over a given
period of time. Throughput is affected by a number of factors such as, EMI and latency, so it rarely
matches the specified bandwidth for a network medium. The throughput measurement includes
user data bits and other data bits, such as overhead, acknowledging, and encapsulation. The
measure of the usable data transferred across the media is called goodput.
11. What is one advantage of using fiber optic cabling rather than copper
cabling?
 It is usually cheaper than copper cabling.
 It is able to be installed around sharp bends.
 It is easier to terminate and install than copper cabling.
 It is able to carry signals much farther than copper cabling.
Explanation: Copper cabling is usually cheaper and easier to install than fiber optic cabling.
However, fiber cables generally have a much greater signaling range than copper.
12. What is the purpose of the OSI physical layer?
 controlling access to media
 transmitting bits across the local media
 performing error detection on received frames
 exchanging frames between nodes over physical network media
Explanation: The physical layer is responsible for transmitting the actual signals across the
physical media as bits. Exchanging frames, controlling media access, and performing error
detection are all functions of the data link layer.
13. Why are two strands of fiber used for a single fiber optic connection?
 The two strands allow the data to travel for longer distances without degrading.
 They prevent crosstalk from causing interference on the connection.
 They increase the speed at which the data can travel.
 They allow for full-duplex connectivity.
Explanation: Light can only travel in one direction down a single strand of fiber. In order to allow
for full-duplex communication two strands of fiber must be connected between each device.
14. Which characteristic describes crosstalk?
 the distortion of the network signal from fluorescent lighting
 the distortion of the transmitted messages from signals carried in
adjacent wires
 the weakening of the network signal over long cable lengths
 the loss of wireless signal over excessive distance from the access point
Explanation: EMI and RFI can distort network signals because of interference from fluorescent
lights or electric motors. Attenuation results in deterioration of the network signal as it travels along
copper cabling. Wireless devices can experience loss of signals because of excessive distances
from a access point, but this is not crosstalk. Crosstalk is the disturbance caused by the electric or
magnetic fields of the signal carried on an adjacent wire within the same cable.
15. Which procedure is used to reduce the effect of crosstalk in copper
cables?
 requiring proper grounding connections
 twisting opposing circuit wire pairs together
 wrapping the bundle of wires with metallic shielding
 designing a cable infrastructure to avoid crosstalk interference
 avoiding sharp bends during installation
Explanation: In copper cables, crosstalk is a disturbance caused by the electric or magnetic
fields of a signal on one wire interfering with the signal in an adjacent wire. Twisting opposing circuit
wire pairs together can effectively cancel the crosstalk. The other options are effective measures to
counter the negative effects of EMI and RFI, but not crosstalk.
16. Which statement describes a characteristic of the frame header fields of
the data link layer?
 They all include the flow control and logical connection fields.
 Ethernet frame header fields contain Layer 3 source and destination addresses.
  They vary depending on protocols.
 They include information on user applications.
Explanation: All data link layer protocols encapsulate the Layer 3 PDU within the data field of the
frame. However, the structure of the frame and the fields that are contained in the header vary
according to the protocol. Different data link layer protocols may use different fields, like
priority/quality of service, logical connection control, physical link control, flow control, and
congestion control.
17. Which two factors influence the method that is used for media access
control? (Choose two.)
 how data is generated by end devices applications
 how the connection between nodes appears to the data link layer
 how signals are encoded by the NICs on end devices
 how nodes share the media
 how the IP protocol forwards the packet to the destination
18. What is a characteristic of a WAN hub-and-spoke topology?
 It requires that some of the branch sites be interconnected through point-to-point links.
 It requires that every site be interconnected to each other through point-to-point links.
 All sites require a hub device that connects to a router.
 The branch sites are connected to a central site through point-to-
point links.

5.3.2 Module Quiz – Number Systems Answers

Playvolume00:00/01:03TruvidfullScreen

1. What is the decimal equivalent of 0xC9?

 185
 200
 201
 199
Explanation: 0x refers to the item as hexadecimal. Convert each character into its corresponding
nibble. Then combine the nibbles together and calculate the resulting decimal equivalent. C has a
value of 12. 12 x 16 = 192. 192 + 9 = 201.
2. Which is a valid hexadecimal number?
 f
 g
 h
 j
Explanation: The hexadecimal numbers are 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f.. The hexadecimal
number 0 represents 0 in decimal and is represented as 0000 in binary. The hexadecimal number f
represents 15 in decimal.
3. What is the binary representation of 0xCA?
 10111010
 11010101
 11001010
 11011010
Explanation: When converted, CA in hex is equivalent to 11011010 in binary. One way to do the
conversion is one nibble at a time, C = 1100 and A = 1010. Combine the two nibbles gives
11001010.
4. How many bits are in an IPv4 address?
 32
 64
 128
 256
Explanation: An IPv4 address is comprised of 4 octets of binary digits, each containing 8 bits,
resulting in a 32-bit address.
5. Which two statements are correct about IPv4 and IPv6 addresses? (Choose
two.)
  IPv6 addresses are represented by hexadecimal numbers.
 IPv4 addresses are represented by hexadecimal numbers.
 IPv6 addresses are 32 bits in length.
 IPv4 addresses are 32 bits in length.
 IPv4 addresses are 128 bits in length.
 IPv6 addresses are 64 bits in length.
Explanation: IPv4 addresses are represented as dotted decimal numbers and are 32 bits in
length. IPv6 addresses are represented by hexadecimal numbers and are 128 bits in length.
6. Which IPv4 address format was created for ease of use by people and is
expressed as 201.192.1.14?
 binary
 dotted decimal
 hexadecimal
 ASCII
Explanation: For ease of use by people, binary patterns are represented as dotted decimal.
Computer systems were created to understand binary addressing.
7. What is the dotted decimal representation of the IPv4 address
11001011.00000000.01110001.11010011?
 192.0.0.199
 198.51.100.201
 203.0.113.211
 209.165.201.223
Explanation: Each section (octet) contains eight binary digits. Each digit represents a specific
value (128, 64, 32, 16, 8, 4, 2, and 1). Everywhere there is a 1, the specific value is relevant. Add all
relevant values in a particular octet to obtain the decimal value. For example binary 11001011
equals 203 in decimal.
8. What is the decimal equivalent of the binary number 10010101?
 149
 157
 168
 192
Explanation: Binary 10010101 maps to 149 in decimal. 128+16+4+1 = 149
9. What is the decimal equivalent of the hex number 0x3F?
 63
 77
 87
 93
Explanation:
Hex 0x3F is 63 in decimal.
(3*16)+(15*1) = 63
10. What is the dotted decimal representation of the IPv4 address which is
represented as the binary string 00001010.01100100.00010101.00000001?
 10.100.21.1
 10.10.20.1
 100.10.11.1
 100.21.10.1
Explanation: Converting the binary string of 00001010.01100100.00010101.00000001 to dotted
decimal gives 10.100.21.1
11. What is the binary representation for the decimal number 173?
 10100111
 10100101
 10101101
 10110101
Explanation: decimal 173 = 128 + 0 + 32 + 0 + 8 + 4 + 0 + 1
12. Given the binary address of 11101100 00010001 00001100 00001010,
which address does this represent in dotted decimal format?
 234.17.10.9
 234.16.12.10
  236.17.12.6
 236.17.12.10
Explanation: The binary number 11101100 00010001 00001100 00001010 translates to
236.17.12.10.
13. How many binary bits exist within an IPv6 address?
 32
 48
 64
 128
 256
Explanation: IPv4 addressing space is exhausted by the rapid growth of the Internet and the
devices connected to the Internet. IPv6 expands the IP addressing space by increasing the address
length from 32 bits to 128 bits.
14. What is the binary equivalent of the decimal number 232?
 11101000
 11000110
 10011000
 11110010
Explanation: 232 in binary is 11101000. 128+64+32+8 = 232

6.4.2 Module Quiz – Data Link Layer Answers

Playvolume00:00/01:03TruvidfullScreen

1. What are two services performed by the data link layer of the OSI model?
(Choose two.)
 It encrypts data packets.
 It determines the path to forward packets.
 It accepts Layer 3 packets and encapsulates them into frames.
 It provides media access control and performs error detection.
 It monitors the Layer 2 communication by building a MAC address table.
Explanation: The data link layer is responsible for the exchange of frames between nodes over a
physical network media. Specifically the data link layer performs two basic services:
 It accepts Layer 3 packets and encapsulates them into frames.
 It provides media access control and performs error detection.
Path determination is a service provided at Layer 3. A Layer 2 switch builds a MAC address table as
part of its operation, but path determination is not the service that is provided by the data link layer.
2. What does a router do after de-encapsulating a received frame?
 determines the best path
 de-encapsulates the frame
 re-encapsulates the packet into a new frame
 forwards the new frame onto the network medium
Explanation: Routers are responsible for encapsulating a frame with a proper format for the
physical network media the routers connect. At each hop along the path, a router does the
following:
1. Accepts a frame from a medium
2. De-encapsulates the frame
3. Determines the best path to forward the packet
4. Re-encapsulates the packet into a new frame
5. Forwards the new frame appropriate to the medium of that segment of the physical network
3. What attribute of a NIC would place it at the data link layer of the OSI
model?
 attached Ethernet cable
 IP address
 MAC address
 RJ-45 port
 TCP/IP protocol stack
Explanation: The data link layer describes media access and physical addressing. The encoding
of a MAC address on a NIC places it at that layer. Ports and cables are placed at the physical layer
of the OSI model. IP addresses are placed at the network layer. The TCP/IP protocol stack
describes a different model.
4. Although CSMA/CD is still a feature of Ethernet, why is it no longer
necessary?
 the virtually unlimited availability of IPv6 addresses
 the use of CSMA/CA
 the use of full-duplex capable Layer 2 switches
 the development of half-duplex switch operation
 the use of Gigabit Ethernet speeds
Explanation: The use of Layer 2 switches operating in full-duplex mode eliminates collisions,
thereby eliminating the need for CSMA/CD.
5. What type of physical topology can be created by connecting all Ethernet
cables to a central device?
 bus
 ring
 star
 mesh
Explanation: Devices connected to the Ethernet star topology connect to either a hub or a
switch.
6. A technician has been asked to develop a physical topology for a network
that provides a high level of redundancy. Which physical topology requires
that every node is attached to every other node on the network?
 bus
 hierarchical
 mesh
 ring
 star
Explanation: The mesh topology provides high availability because every node is connected to
all other nodes. Mesh topologies can be found in WANs. A partial mesh topology can also be used
where some, but not all, end points connect to one another.
7. Which statement describes the half-duplex mode of data transmission?
 Data that is transmitted over the network can only flow in one direction.
 Data that is transmitted over the network flows in one direction at a
time.
 Data that is transmitted over the network flows in one direction to many different
destinations simultaneously.
 Data that is transmitted over the network flows in both directions at the same time.
Explanation: The data that is transmitted over the network can flow using one of three modes:
 Simplex – Data can only flow in one direction.
 Half-duplex – Data flows in one direction at a time.
 Full-duplex – Data flows in both directions at the same time.

8. Which is a function of the Logical Link Control (LLC) sublayer?

 to define the media access processes that are performed by the hardware
 to provide data link layer addressing
 to identify which network layer protocol is being used
 to accept segments and package them into data units that are called packets
Explanation: Defining the media access processes that are performed by the hardware and
providing data link layer addressing are functions of the MAC sublayer. The data link layer accepts
Layer 3 packets and packages them into data units that are called frames.
9. Which data link layer media access control method does Ethernet use?
 CSMA/CD
 determinism
 turn taking
 token passing
Explanation: CSMA/CD is used by Ethernet networks. CSMA/CA is used by 802.11-based
wireless networks.
10. What are the two sublayers of the OSI model data link layer? (Choose
two.)
 internet
 physical
 LLC
 transport
 MAC
 network access
Explanation: The data link layer of the OSI model is divided into two sublayers: the Media
Access Control (MAC) sublayer and the Logical Link Control (LLC) sublayer.
11. What method is used to manage contention-based access on a wireless
network?
 CSMA/CD
 priority ordering
 CSMA/CA
 token passing
Explanation: Carrier sense multiple access with collision avoidance (CSMA/CA) is used with
wireless networking technology to mediate media contention. Carrier sense multiple access with
collision detection (CSMA/CD) is used with wired Ethernet technology to mediate media contention.
Priority ordering and token passing are not used (or not a method) for media access control.
12. What identifier is used at the data link layer to uniquely identify an
Ethernet device?
 IP address
 MAC address
 sequence number
 TCP port number
 UDP port number
Explanation: Ethernet frames are identified at the data link layer by their MAC addresses, which
are unique to each NIC. IP addresses are used at the network layer, and TCP and UDP port
numbers are used at the transport layer. Sequence numbers are fields in TCP headers.
13. Which two engineering organizations define open standards and
protocols that apply to the data link layer? (Choose two.)
 International Organization for Standardization (ISO)
 Internet Assigned Numbers Authority (IANA)
 International Telecommunication Union (ITU)
 Electronic Industries Alliance (EIA)
 Internet Society (ISOC)
Explanation: The IANA is responsible for overseeing and managing IP address allocation,
domain name management, and protocol identifiers. The EIA is an international standards and
trade alliance for electronics organizations, and is best known for its standards related to electrical
wiring, connectors, and the 19-inch racks used to mount networking equipment. The ISOC
promotes the open development, evolution, and use of the Internet throughout the world.
14. Which layer of the OSI model is responsible for specifying the
encapsulation method used for specific types of media?
 application
 transport
 data link
 physical
Explanation: Encapsulation is a function of the data link layer. Different media types require
different data link layer encapsulation.
15. What is true concerning physical and logical topologies?
 The logical topology is always the same as the physical topology.
 Physical topologies are concerned with how a network transfers frames.
 Physical topologies display the IP addressing scheme of each network.
 Logical topologies refer to how a network transfers data between
devices.
Explanation: Physical topologies show the physical interconnection of devices. Logical
topologies show the way the network will transfer data between connected nodes.
7.5.2 Module Quiz – Ethernet Switching Answers
Playvolume00:00/01:03TruvidfullScreen

1. What will a host on an Ethernet network do if it receives a frame with a

destination MAC address that does not match its own MAC address?
 It will discard the frame.
 It will forward the frame to the next host.
 It will remove the frame from the media.
 It will strip off the data-link frame to check the destination IP address.
Explanation: In an Ethernet network, each NIC in the network checks every arriving frame to see
if the destination MAC address in the frame matches its own MAC address. If there is no match, the
device discards the frame. If there is a match, the NIC passes the frame up to the next OSI layer.
2. What is auto-MDIX?
 a type of Cisco switch
 an Ethernet connector type
 a type of port on a Cisco switch
 a feature that detects Ethernet cable type
Explanation: Auto-MDIX is a feature that is enabled on the latest Cisco switches and that allows
the switch to detect and use whatever type of cable is attached to a specific port.
3. Which two functions or operations are performed by the MAC sublayer?
(Choose two.)
 It is responsible for Media Access Control.
 It performs the function of NIC driver software.
 It adds a header and trailer to form an OSI Layer 2 PDU.
 It handles communication between upper and lower layers.
 It adds control information to network protocol layer data.
Explanation: The MAC sublayer is the lower of the two data link sublayers and is closest to the
physical layer. The two primary functions of the MAC sublayer are to encapsulate the data from the
upper layer protocols and to control access to the media.
4. What type of address is 01-00-5E-0A-00-02?
 an address that reaches every host inside a local subnet
 an address that reaches one specific host
 an address that reaches every host in the network
 an address that reaches a specific group of hosts
Explanation: The multicast MAC address is a special value that begins with 01-00-5E in
hexadecimal. It allows a source device to send a packet to a group of devices.
5. What happens to runt frames received by a Cisco Ethernet switch?
 The frame is dropped.
 The frame is returned to the originating network device.
 The frame is broadcast to all other devices on the same network.
 The frame is sent to the default gateway.
Explanation: In an attempt to conserve bandwidth and not forward useless frames, Ethernet
devices drop frames that are considered to be runt (less than 64 bytes) or jumbo (greater than 1500
bytes) frames.
6. What are the two sizes (minimum and maximum) of an Ethernet frame?
(Choose two.)
 56 bytes
 64 bytes
 128 bytes
 1024 bytes
 1518 bytes
Explanation: The minimum Ethernet frame is 64 bytes. The maximum Ethernet frame is 1518
bytes. A network technician must know the minimum and maximum frame size in order to
recognize runt and jumbo frames.
7. What addressing information is recorded by a switch to build its MAC
address table?
 the destination Layer 3 address of incoming packets
  the destination Layer 2 address of outgoing frames
 the source Layer 3 address of outgoing packets
 the source Layer 2 address of incoming frames
Explanation: A switch builds a MAC address table by inspecting incoming Layer 2 frames and
recording the source MAC address found in the frame header. The discovered and recorded MAC
address is then associated with the port used to receive the frame.
8. Which two characteristics describe Ethernet technology? (Choose two.)
 It is supported by IEEE 802.3 standards.
 It is supported by IEEE 802.5 standards.
 It typically uses an average of 16 Mb/s for data transfer rates.
 It uses the CSMA/CD access control method.
 It uses a ring topology.
Explanation: The 802.3 Ethernet standard specifies that a network implement the CSMA/CD
access control method.
9. What statement describes a characteristic of MAC addresses?
 They must be globally unique.
 They are only routable within the private network.
 They are added as part of a Layer 3 PDU.
 They have a 32-bit binary value.
Explanation: Any vendor selling Ethernet devices must register with the IEEE to ensure the
vendor is assigned a unique 24-bit code, which becomes the first 24 bits of the MAC address. The
last 24 bits of the MAC address are generated per hardware device. This helps to ensure globally
unique addresses for each Ethernet device.
10. What is the special value assigned to the first 24 bits of a multicast MAC
address?
 01-5E-00
 FF-00-5E
 FF-FF-FF
 01-00-5E
Explanation: Just as with multicast IP addresses, there is a special assigned value for multicast
MAC addresses. The first 24 bits are set in hex to: 01-00-5E. The remaining 6 hex digits are derived
from the lower 23 bits of the IP multicast.
11. Which network device makes forwarding decisions based on the
destination MAC address that is contained in the frame?
 repeater
 hub
 switch
 router
Explanation: Switches are the central connection point for a LAN and they maintain a MAC
address table. The MAC address table has a port number associated with a MAC address for
each particular device. The switch inspects a frame to look at the destination MAC address. The
switch then looks in its MAC address table and if that MAC address is found, the switch forwards
the data to the port that is associated with that particular MAC address.
12. Which network device has the primary function to send data to a specific
destination based on the information found in the MAC address table?
 hub
 router
 switch
 modem
Explanation: If a MAC address is found in the MAC address table, then data is sent to the
associated switch port. If the MAC address is not found in the MAC address table, the data is sent
to all switch ports that have devices attached to the same network.
13. Which function or operation is performed by the LLC sublayer?
 It performs data encapsulation.
 It communicates with upper protocol layers.
 It is responsible for media access control.
 It adds a header and trailer to a packet to form an OSI Layer 2 PDU.
Explanation: The Ethernet LLC sublayer has the responsibility to handle communication
between the upper layers and the lower layers of the protocol stack. The LLC is implemented in
software and communicates with the upper layers of the application to transition the packet to the
lower layers for delivery.
14. Which statement is true about MAC addresses?
 MAC addresses are implemented by software.
 A NIC only needs a MAC address if connected to a WAN.
 The first three bytes are used by the vendor assigned OUI.
 The ISO is responsible for MAC addresses regulations.
Explanation: A MAC address is composed of 6 bytes. The first 3 bytes are used for vendor
identification and the last 3 bytes must be assigned a unique value within the same OUI. MAC
addresses are implemented in hardware. A NIC needs a MAC address to communicate over the
LAN. The IEEE regulates the MAC addresses.

8.6.2 Module Quiz – Network Layer Answers

Playvolume00:00/01:00TruvidfullScreen

1. Which command can be used on a Windows host to display the routing

table?
 netstat -s
 show ip route
 netstat -r
 tracert
Explanation: On a Windows host, either the route print or netstat -r commands can be
used to display the host routing table. The show ip route command is used on a router to
display its routing table. The netstat –s command is used to display per-protocol statistics.
The tracert command is used to display the path that a packet travels to its destination.
2. What information is added during encapsulation at OSI Layer 3?
 source and destination MAC
 source and destination application protocol
 source and destination port number
 source and destination IP address
Explanation: IP is a Layer 3 protocol. Layer 3 devices can open the Layer 3 header to inspect
the Layer 3 header which contains IP-related information including the source and destination IP
addresses.
3. How does the network layer use the MTU value?
 The network layer depends on the higher level layers to determine the MTU.
 The network layer depends on the data link layer to set the MTU, and adjusts the speed
of transmission to accommodate it.
 The MTU is passed to the network layer by the data link layer.
 To increase speed of delivery, the network layer ignores the MTU.
Explanation: The data link layer indicates to the network layer the MTU for the medium that is
being used. The network layer uses that information to determine how large the packet can be
when it is forwarded. When packets are received on one medium and forwarded on a medium with
a smaller MTU, the network layer device can fragment the packet to accommodate the smaller size.
4. Which characteristic describes an IPv6 enhancement over IPv4?
 IPv6 addresses are based on 128-bit flat addressing as opposed to IPv4 which is based
on 32-bit hierarchical addressing.
 The IPv6 header is simpler than the IPv4 header is, which improves
packet handling.
 Both IPv4 and IPv6 support authentication, but only IPv6 supports privacy capabilities.
 The IPv6 address space is four times bigger than the IPv4 address space.
Explanation: IPv6 addresses are based on 128-bit hierarchical addressing, and the IPv6 header
has been simplified with fewer fields, improving packet handling. IPv6 natively supports
authentication and privacy capabilities as opposed to IPv4 that needs additional features to support
those. The IPv6 address space is many times bigger than IPv4 address space.
5. When a connectionless protocol is in use at a lower layer of the OSI model,
how is missing data detected and retransmitted if necessary?
 Connectionless acknowledgements are used to request retransmission.
 Upper-layer connection-oriented protocols keep track of the data
received and can request retransmission from the upper-level
protocols on the sending host.
 Network layer IP protocols manage the communication sessions if connection-oriented
transport services are not available.
 The best-effort delivery process guarantees that all packets that are sent are received.
Explanation: When connectionless protocols are in use at a lower layer of the OSI model, upper-
level protocols may need to work together on the sending and receiving hosts to account for and
retransmit lost data. In some cases, this is not necessary, because for some applications a certain
amount of data loss is tolerable.
6. What was the reason for the creation and implementation of IPv6?
 to make reading a 32-bit address easier
 to relieve IPv4 address depletion
 to provide more address space in the Internet Names Registry
 to allow NAT support for private addressing
Explanation: IPv4 addressing space is exhausted by the rapid growth of the Internet and the
devices connected to the Internet. IPv6 expands the IP addressing space by increasing the address
length from the 32 bits to 128 bits, which should provide sufficient addresses for future Internet
growth needs for many years to come.
7. Which statement accurately describes a characteristic of IPv4?
 All IPv4 addresses are assignable to hosts.
 IPv4 has a 32-bit address space.
 An IPv4 header has fewer fields than an IPv6 header has.
 IPv4 natively supports IPsec.
Explanation: IPv4 has a 32-bit address space, providing 4,294,967,296 unique addresses, but
only 3.7 billion are assignable, a limit due to address reservation for multicasting and testing. IPv4
does not provide native support for IPsec. IPv6 has a simplified header with fewer fields than IPv4
has.
8. Which field in an IPv4 packet header will typically stay the same during its
transmission?
 Flag
 Time-to-Live
 Packet Length
 Destination Address
Explanation: The value in the Destination Address field in an IPv4 header will stay the same
during its transmission. The other options might change during its transmission.
9. When a router receives a packet, what information must be examined in
order for the packet to be forwarded to a remote destination?
 destination MAC address
 source IP address
 destination IP address
 source MAC address
Explanation: When a router receives a packet, it examines the destination address of the packet
and uses the routing table to search for the best path to that network.
10. Which field in an IPv6 packet is used by the router to determine if a
packet has expired and should be dropped?
 TTL
 Hop Limit
 Address Unreachable
 No Route to Destination
Explanation: ICMPv6, like IPv4, sends a Time Exceeded message if the router cannot forward
an IPv6 packet because the packet has expired. However, the IPv6 packet does not have a TTL
field. Instead, it uses the Hop Limit field to determine if the packet has expired.
11. Which information is used by routers to forward a data packet toward its
destination?
  source IP address
 destination IP address
 source data-link address
 destination data-link address
Explanation: The destination IP address is the IP address for the receiving device. This IP
address is used by routers to forward the packet to its destination.
12. A computer has to send a packet to a destination host in the same LAN.
How will the packet be sent?
 The packet will be sent to the default gateway first, and then, depending on the response
from the gateway, it may be sent to the destination host.
 The packet will be sent directly to the destination host.
 The packet will first be sent to the default gateway, and then from the default gateway it
will be sent directly to the destination host.
 The packet will be sent only to the default gateway.
Explanation: If the destination host is in the same LAN as the source host, there is no need for a
default gateway. A default gateway is needed if a packet needs to be sent outside the LAN.
13. A router receives a packet from the Gigabit 0/0 interface and determines
that the packet needs to be forwarded out the Gigabit 0/1 interface. What
will the router do next?
 route the packet out the Gigabit 0/1 interface
 create a new Layer 2 Ethernet frame to be sent to the destination
 look into the ARP cache to determine the destination IP address
 look into the routing table to determine if the destination network is in the routing table
Explanation: Once a router receives a packet and looks inside the header to determine the
destination network, the router compares the destination network to the routing table to determine if
the packet is to be routed or dropped. If routed, the router attaches a new Layer 2 header based on
the technology that is used by the outgoing port that is used. The packet is then routed out the
destination port as designated by the routing table. The ARP cache is used to match an IP address
with a MAC address.
14. Which IPv4 address can a host use to ping the loopback interface?
 126.0.0.1
 127.0.0.0
 126.0.0.0
 127.0.0.1
Explanation: A host can ping the loopback interface by sending a packet to a
special IPv4 address within the network 127.0.0.0/8.

9.4.2 Module Quiz – Address Resolution

Playvolume00:00/01:00TruvidfullScreen

1. Which destination address is used in an ARP request frame?

 0.0.0.0
 255.255.255.255
 FFFF.FFFF.FFFF
 127.0.0.1
 01-00-5E-00-AA-23
Explanation: The purpose of an ARP request is to find the MAC address of the destination host
on an Ethernet LAN. The ARP process sends a Layer 2 broadcast to all devices on the Ethernet
LAN. The frame contains the IP address of the destination and the broadcast MAC address,
FFFF.FFFF.FFFF.
2. What addresses are mapped by ARP?
 destination MAC address to a destination IPv4 address
 destination IPv4 address to the source MAC address
 destination IPv4 address to the destination host name
 destination MAC address to the source IPv4 address
Explanation: ARP, or the Address Resolution Protocol, works by mapping a destination MAC
address to a destination IPv4 address. The host knows the destination IPv4 address and uses ARP
to resolve the corresponding destination MAC address.
3. What will a Layer 2 switch do when the destination MAC address of a
received frame is not in the MAC table?
 It initiates an ARP request.
 It broadcasts the frame out of all ports on the switch.
 It notifies the sending host that the frame cannot be delivered.
 It forwards the frame out of all ports except for the port at which the
frame was received.
Explanation: A Layer 2 switch determines how to handle incoming frames by using its MAC
address table. When an incoming frame contains a destination MAC address that is not in the table,
the switch forwards the frame out all ports, except for the port on which it was received.
4. Which two ICMPv6 messages are used during the Ethernet MAC address
resolution process? (Choose two.)
 router solicitation
 router advertisement
 neighbor solicitation
 neighbor advertisement
 echo request
Explanation: IPv6 uses neighbor solicitation (NS) and neighbor advertisement (NA) ICMPv6
messages for MAC address resolution.
5. Which router component holds the routing table, ARP cache, and running
configuration file?
 RAM
 Flash
 NVRAM
 ROM
Explanation: The routing table, ARP cache, and running configuration file are stored in volatile
RAM.
6. What type of information is contained in an ARP table?
 switch ports associated with destination MAC addresses
 domain name to IP address mappings
 routes to reach destination networks
 IP address to MAC address mappings
Explanation: ARP tables are used to store mappings of IP addresses to MAC addresses. When
a network device needs to forward a packet, the device knows only the IP address. To deliver the
packet on an Ethernet network, a MAC address is needed. ARP resolves the MAC address and
stores it in an ARP table.
7. A PC is configured to obtain an IP address automatically from network
192.168.1.0/24. The network administrator issues the arp –a command and
notices an entry of 192.168.1.255 ff-ff-ff-ff-ff-ff. Which statement describes
this entry?
 This is a static map entry.
 This is a dynamic map entry.
 This entry refers to the PC itself.
 This entry maps to the default gateway.
Explanation: The IP address of 192.168.1.255 on the 192.168.1.0/24 network is the broadcast
address, which is statically mapped to ff-ff-ff-ff-ff-ff in the ARP table.
8. A cybersecurity analyst believes an attacker is spoofing the MAC address
of the default gateway to perform a man-in-the-middle attack. Which
command should the analyst use to view the MAC address a host is using to
reach the default gateway?
 ipconfig /all
 route print
 netstat -r
 arp -a
Explanation: ARP is a protocol used with IPv4 to map a MAC address to an associated specific
IP address. The command arp -a will display the MAC address table on a Windows PC.
9. What is a function of ARP?
 resolving MAC addresses to IPv4 addresses
 resolving port addresses to MAC addresses
 resolving MAC addresses to port addresses
 resolving IPv4 addresses to MAC addresses
Explanation: Resolving IPv4 addresses to MAC addresses is one function of ARP. ARP is also
responsible for maintaining the ARP table.
10. What is the purpose of ARP in an IPv4 network?
 to forward data onward based on the destination IP address
 to obtain a specific MAC address when an IP address is known
 to forward data onward based on the destination MAC address.
 to build the MAC address table in a switch from the information that is gathered.
Explanation: ARP performs two functions:
 To obtain a specific MAC address when an IP address is known, by broadcasting an ARP
request message to all devices on a particular Ethernet network
 To use the gathered information to create a viewable table of IP address to MAC address
mappings
11. Which action is taken by a Layer 2 switch when it receives a Layer 2
broadcast frame?
 It drops the frame.
 It sends the frame to all ports except the port on which it received
the frame.
 It sends the frame to all ports that are registered to forward broadcasts.
 It sends the frame to all ports.
Explanation: When a Layer 2 switch receives a frame with a broadcast destination address, it
floods the frame to all ports except the port on which it received the frame.
12. When an IP packet is sent to a host on a remote network, what
information is provided by ARP?
 the IP address of the destination host
 the IP address of the default gateway
 the MAC address of the router interface closest to the sending host
 the MAC address of the switch port that connects to the sending host
Explanation: When a host sends an IP packet to a destination on a different network, the
Ethernet frame cannot be sent directly to the destination host because the host is not directly
reachable in the same network. The Ethernet frame must be sent to another device known as the
router or default gateway in order to forward the IP packet. ARP is used to discover the MAC
address of the router (or default gateway) and use it as the destination MAC address in the frame
header.
13. How does the ARP process use an IP address?
 to determine the MAC address of the remote destination host
 to determine the MAC address of a device on the same network
 to determine the amount of time a packet takes when traveling from source to destination
 to determine the network number based on the number of bits in the IP address
Explanation: The ARP process is used to complete the necessary mapping of IP and MAC
addresses that are stored in the ARP table that is maintained by each node on a LAN. When the
destination device is not on the same network as the source device, the MAC address of the Layer
3 device on the the source network is discovered and added to the ARP table of the source node.
14. The ARP table in a switch maps which two types of address together?
 Layer 3 address to a Layer 2 address
 Layer 3 address to a Layer 4 address
 Layer 4 address to a Layer 2 address
 Layer 2 address to a Layer 4 address
Explanation: The switch ARP table keeps a mapping of Layer 2 MAC addresses to Layer 3 IP
addresses. These mappings can be learned by the switch dynamically through ARP or statically
through manual configuration.
15. What is one function of the ARP protocol?
  obtaining an IPv4 address automatically
 mapping a domain name to its IP address
 resolving an IPv4 address to a MAC address
 maintaining a table of domain names with their resolved IP addresses
Explanation: The two main functions of the ARP protocol are to resolve an IPv4 address to a
MAC address and to maintain an ARP table, which lists the resolved pairs of IPv4 address and
MAC address. A device automatically obtains an IP address through DHCP. The functions of DNS
include resolving (or mapping) a domain name with its IP address and maintaining a table for the
domain name/IP pairs.

10.4.6 Module Quiz – Basic Router Configuration Answers

Playvolume00:00/01:00TruvidfullScreen

1. What is the purpose of the banner motd command?

 It configures a message that will identify printed documents to LAN users.
 It is a way that routers communicate the status of their links with oneanother.
 It provides an easy way of communicating with any user attached to a router’s LANs.
 It provides a way to make announcements to those who log in to a
router.
Explanation: The banner motd command is used to display a message when a user attempts
to log into the router.
2. A technician is configuring a router to allow for all forms of management
access. As part of each different type of access, the technician is trying to
type the command login. Which configuration mode should be entered to do
this task?
 user executive mode
 global configuration mode
 any line configuration mode
 privileged EXEC mode
Explanation: The command login is used to allow access to a router or switch through aux
lines, console lines, and Telnet lines.
3. What is stored in the NVRAM of a Cisco router?
 the Cisco IOS
 the running configuration
 the bootup instructions
 the startup configuration
Explanation:
The Cisco IOS is stored in flash.
The running configuration file is stored in RAM.
The bootup instructions are stored in ROM.
The startup configuration file is stored in NVRAM.
4. Which statement regarding the service password-encryption command is
true?
 It is configured in privileged EXEC mode.
 It encrypts only line mode passwords.
 As soon as the service password-encryption command is entered, all
currently set passwords formerly displayed in plain text are
encrypted.
 To see the passwords encrypted by the service password-encryption command in
plain text, issue the no service password-encryption command.
Explanation: The command service password-encryption is used to encrypt all the clear
text passwords in the running-configuration file.
5. An administrator is configuring a new router to permit out-of-band
management access. Which set of commands will allow the required login
using a password of cisco?
 Router(config)# line vty 0 4
Router(config-line)# password manage
 Router(config-line)# exit
Router(config)# enable password cisco
 Router(config)# line vty 0 4
Router(config-line)# password cisco
Router(config-line)# login
 Router(config)# line console 0
Router(config-line)# password cisco
Router(config-line)# login
 Router(config)# line console 0
Router(config-line)# password cisco
Router(config-line)# exit
Router(config)# service password-encryption
Explanation: The VTY lines are the Virtual Terminal lines of the router, used solely to control
inbound Telnet connections while console 0 is the physical console port on the switch/router you
plug into. The line vty command is used to remote configure access into the switch/router via
telnet or ssh.
6. Which command can be used on a Cisco router to display all interfaces, the
IPv4 address assigned, and the current status?
 show ip interface brief
 ping
 show ip route
 show interface fa0/1
Explanation: The show ip interface brief command can be used on a Cisco router to
display all interfaces, the IPv4 address assigned, and the current status.
7. Which CLI mode allows users to access all device commands, such as those
used for configuration, management, and troubleshooting?
 user EXEC mode
 privileged EXEC mode
 global configuration mode
 interface configuration mode
Explanation: The command Router#configure terminal allows a user to enter the privileged
mode from where the configuration,management and troubleshooting commands can be accessed.
8. What is the purpose of the startup configuration file on a Cisco router?
 to facilitate the basic operation of the hardware components of a device
 to contain the commands that are used to initially configure a router
on startup
 to contain the configuration commands that the router IOS is currently using
 to provide a limited backup version of the IOS, in case the router cannot load the full
featured IOS
Explanation: The startup configuration file is stored in NVRAM and contains the commands
needed to initially configure a router. It also creates the running configuration file that is stored in in
RAM.
9. Which characteristic describes the default gateway of a host computer?
 the logical address of the router interface on the same network as
the host computer
 the physical address of the switch interface connected to the host computer
 the physical address of the router interface on the same network as the host computer
 the logical address assigned to the switch interface connected to the router
Explanation: The default gateway is the IP address of an interface on the router on the same
network as the sending host.
10. A router boots and enters setup mode. What is the reason for this?
 The IOS image is corrupt.
 Cisco IOS is missing from flash memory.
 The configuration file is missing from NVRAM.
 The POST process has detected hardware failure.
Explanation: If a router cannot locate the startup-config file in NVRAM it will enter setup mode to
allow the configuration to be entered from the console device.
11. Which command is used to encrypt all passwords in a router configuration
file?
 Router_A (config)# enable secret <password>
 Router_A (config)# service password-encryption
 Router_A (config)# enable password <password>
 Router_A (config)# encrypt passwor
Explanation: The command service password-encryption is used to encrypt and secure
plain-text passwords configured on a router.
12. Company policy requires using the most secure method to safeguard
access to the privileged exec and configuration mode on the routers. The
privileged exec password is trustknow1. Which of the following router
commands achieves the goal of providing the highest level of security?
 secret password trustknow1
 enable password trustknow1
 service password-encryption
 enable secret trustknow1
Explanation: The command service password-encryption is used to encrypt and secure
plain-text passwords configured on a router
13. What will be the response from the router after the command,
“router(config)# hostname portsmouth” is entered?
 portsmouth#
 portsmouth(config)#
 invalid input detected
 router(config-host)#
 hostname = portsmouth portsmouth#
 ? command not recognized router(config)#
Explanation: The command hostname portsmouth is used to change the current router
name to portsmouth.

11.10.4 Module Quiz – IPv4 Addressing Answers

Playvolume00:00/01:03TruvidfullScreen

1. What does the IP address 172.17.4.250/24 represent?

 network address
 multicast address
 host address
 broadcast address
Explanation: The /24 shows that the network address is 172.17.4.0. The broadcast address for
this network would be 172.17.4.255. Useable host addresses for this network are 172.17.4.1
through 172.17.4.254.
2. If a network device has a mask of /28, how many IP addresses are available
for hosts on this network?
 256
 254
 62
 32
 16
 14
Explanation: A /28 mask is the same as 255.255.255.240. This leaves 4 host bits. With 4 host
bits, 16 IP addresses are possible, but one address represents the subnet number and one address
represents the broadcast address. 14 addresses can then be used to assign to network devices.
3. What is the purpose of the subnet mask in conjunction with an IP address?
 to uniquely identify a host on a network
 to identify whether the address is public or private
 to determine the subnet to which the host belongs
 to mask the IP address to outsiders
Explanation: With the IPv4 address, a subnet mask is also necessary. A subnet mask is a
special type of IPv4 address that coupled with the IP address determines the subnet of which the
device is a member.
4. A network administrator is variably subnetting a network. The smallest
subnet has a mask of 255.255.255.224. How many usable host addresses will
this subnet provide?
 2
 6
 14
 30
 62
Explanation: The subnet mask 255.255.255.224 is equivalent to the /27 prefix. This leaves 5 bits
for hosts, providing a total of 30 usable IP addresses (25 = 32 – 2 = 30).
5. What subnet mask is represented by the slash notation /20?
 255.255.255.248
 255.255.224.0
 255.255.240.0
 255.255.255.0
 255.255.255.192
Explanation: The slash notation /20 represents a subnet mask with 20 1s. This would translate
to: 11111111.11111111.11110000.0000, which in turn would convert into 255.255.240.0.
6. Which statement is true about variable-length subnet masking?
 Each subnet is the same size.
 The size of each subnet may be different, depending on
requirements.
 Subnets may only be subnetted one additional time.
 Bits are returned, rather than borrowed, to create additional subnets.
Explanation: In variable-length subnet masking, bits are borrowed to create subnets. Additional
bits may be borrowed to create additional subnets within the original subnets. This may continue
until there are no bits available to borrow.
7. Why does a Layer 3 device perform the ANDing process on a destination IP
address and subnet mask?
 to identify the broadcast address of the destination network
 to identify the host address of the destination host
 to identify faulty frames
 to identify the network address of the destination network
Explanation: ANDing allows us to identify the network address from the IP address and the
network mask.
8. How many usable IP addresses are available on the 192.168.1.0/27
network?
 256
 254
 62
 30
 16
 32
Explanation: A /27 mask is the same as 255.255.255.224. This leaves 5 host bits. With 5 host
bits, 32 IP addresses are possible, but one address represents the subnet number and one address
represents the broadcast address. Thus, 30 addresses can then be used to assign to network
devices.
9. Which subnet mask would be used if exactly 4 host bits are available?
 255.255.255.224
 255.255.255.128
 255.255.255.240
 255.255.255.248
Explanation: The subnet mask of 255.255.255.224 has 5 host bits. The mask of
255.255.255.128 results in 7 host bits. The mask of 255.255.255.240 has 4 host bits. Finally,
255.255.255.248 represents 3 host bits.
10. Which two parts are components of an IPv4 address? (Choose two.)
 subnet portion
 network portion
 logical portion
 host portion
 physical portion
 broadcast portion
Explanation: An IPv4 address is divided into two parts: a network portion – to identify the
specific network on which a host resides, and a host portion – to identify specific hosts on a
network. A subnet mask is used to identify the length of each portion.
11. If a network device has a mask of /26, how many IP addresses are
available for hosts on this network?
 64
 30
 62
 32
 16
 14
Explanation: A /26 mask is the same as 255.255.255.192. This leaves 6 host bits. With 6 host
bits, 64 IP addresses are possible, but one address represents the subnet number and one address
represents the broadcast address. Thus 62 addresses can then be assigned to network hosts.
12. What is the prefix length notation for the subnet mask 255.255.255.224?
 /25
 /26
 /27
 /28
Explanation: The binary format for 255.255.255.224 is
11111111.11111111.11111111.11100000. The prefix length is the number of consecutive 1s in the
subnet mask. Therefore, the prefix length is /27.
13. How many valid host addresses are available on an IPv4 subnet that is
configured with a /26 mask?
 254
 190
 192
 62
 64
Explanation: When a /26 mask is used, 6 bits are used as host bits. With 6 bits, 64 addresses
are possible, but one address is for the subnet number and one address is for a broadcast. This
leaves 62 addresses that can be assigned to network devices.
14. Which subnet mask would be used if 5 host bits are available?
 255.255.255.0
 255.255.255.128
 255.255.255.224
 255.255.255.240
Explanation: The subnet mask of 255.255.255.0 has 8 host bits. The mask of 255.255.255.128
results in 7 host bits. The mask of 255.255.255.224 has 5 host bits. Finally, 255.255.255.240
represents 4 host bits.
15. A network administrator subnets the 192.168.10.0/24 network into
subnets with /26 masks. How many equal-sized subnets are created?
 1
 2
 4
 8
 16
 64
Explanation: The normal mask for 192.168.10.0 is /24. A /26 mask indicates 2 bits have been
borrowed for subnetting. With 2 bits, four subnets of equal size could be created.
12.9.4 Module Quiz – IPv6 Addressing Answers
Playvolume00:00/01:03TruvidfullScreen

1. What is the subnet address for the IPv6 address 2001:D12:AA04:B5::1/64?

 2001::/64
 2001:D12::/64
 2001:D12:AA04::/64
 2001:D12:AA04:B5::/64
Explanation: The /64 represents the network and subnet IPv6 fields which are the first four
groups of hexadecimal digits. The first address within that range is the subnetwork address of 2001:
D12:AA04:B5::/64.
2. Which type of IPv6 address is not routable and used only for
communication on a single subnet?
 global unicast address
 link-local address
 loopback address
 unique local address
 unspecified address
Explanation: Link-local addresses have relevance only on the local link. Routers will not forward
packets that include a link-local address as either the source or destination address.
3. Which address type is not supported in IPv6?
 private
 multicast
 unicast
 broadcast
Explanation: IPv6 supports unicast, private, and multicast addresses but does not support Layer
3 broadcasts.
4. What is the minimum configuration for a router interface that is
participating in IPv6 routing?
 to have only a link-local IPv6 address
 to have both an IPv4 and an IPv6 address
 to have a self-generated loopback address
 to have both a link-local and a global unicast IPv6 address
 to have only an automatically generated multicast IPv6 address
Explanation: With IPv6, a router interface typically has more than one IPv6 address. The router
will at least have a link-local address that can be automatically generated, but the router commonly
has an global unicast address also configured.
5. What is the interface ID of the IPv6 address
2001:DB8::1000:A9CD:47FF:FE57:FE94/64?
 FE94
 FE57:FE94
 47FF:FE57:FE94
 A9CD:47FF:FE57:FE94
 1000:A9CD:47FF:FE57:FE94
Explanation: The interface ID of an IPv6 address is the rightmost 64 bits, or last four hextets, of
the address if no interface ID bits have been used for subnets.
6. What are three parts of an IPv6 global unicast address? (Choose three.)
 an interface ID that is used to identify the local network for a particular host
 a global routing prefix that is used to identify the network portion of
the address that has been provided by an ISP
 a subnet ID that is used to identify networks inside of the local
enterprise site
 a global routing prefix that is used to identify the portion of the network address provided
by a local administrator
 an interface ID that is used to identify the local host on the network
Explanation: There are three elements that make up an IPv6 global unicast address. A global
routing prefix which is provided by an ISP, a subnet ID which is determined by the organization, and
an interface ID which uniquely identifies the interface interface of a host.
7. What is the valid most compressed format possible of the IPv6 address
2001:0DB8:0000:AB00:0000:0000:0000:1234?
 2001:DB8:0:AB00::1234
 2001:DB8:0:AB::1234
 2001:DB8::AB00::1234
 2001:DB8:0:AB:0:1234
Explanation: There are two rules defining how an IPv6 address can be compressed. The first
rule states that leading zeros in a hextet can be eliminated. The second rule states that a single ::
can be used to represent one or more contiguous all zero hextets. There can be one and only one ::
in an IPv6 address.
8. What is the prefix associated with the IPv6 address
2001:CA48:D15:EA:CC44::1/64?
 2001::/64
 2001:CA48::/64
 2001:CA48:D15:EA::/64
 2001:CA48:D15:EA:CC44::/64
Explanation: The /64 represents the network and subnet IPv6 fields. The fourth field of
hexadecimal digits is referred to as the subnet ID. The subnet ID for this address is
2001:CA48:D15:EA::0/64.
9. What type of address is automatically assigned to an interface when IPv6
is enabled on that interface?
 global unicast
 link-local
 loopback
 unique local
Explanation: When IPv6 is enabled on any interface, that interface will automatically generate an
IPv6 link-local address.
10. Which IPv6 network prefix is only intended for local links and can not be
routed?
 2001::/3
 FC00::/7
 FE80::/10
 FEC0::/10
Explanation: FE80::/10 is a link-local prefix. Devices with only link-local addresses can
communicate with other devices on the same network but not with devices on any other network.
11. Your organization is issued the IPv6 prefix of 2001:0000:130F::/48 by your
service provider. With this prefix, how many bits are available for your
organization to create subnetworks if interface ID bits are not borrowed?
 8
 16
 80
 128
Explanation: The global routing prefix that is assigned to the organization has 48 bits. The next
16 bits are used for the subnet ID. This makes up the first 64 bits of the address, which is typically
the network portion of the address. The remaining 64 bits of the 128-bit IPv6 address are for the
interface ID (or host) portion of the address.
12. What is indicated by a successful ping to the ::1 IPv6 address?
 The host is cabled properly.
 The default gateway address is correctly configured.
 All hosts on the local link are available.
 The link-local address is correctly configured.
 IP is properly installed on the host.
Explanation: The IPv6 address ::1 is the loopback address. A successful ping to this address
means that the TCP/IP stack is correctly installed. It does not mean that any addresses are correctly
configured.
13. What is the most compressed representation of the IPv6 address
2001:0000:0000:abcd:0000:0000:0000:0001?
 2001:0:abcd::1
 2001:0:0:abcd::1
 2001::abcd::1
 2001:0000:abcd::1
 2001::abcd:0:1
Explanation: The IPv6 address 2001:0000:0000:abcd:0000:0000:0000:0001 in its most
compressed format would be 2001:0:0:abcd::1. The first two hextets of zeros would each compress
to a single zero. The three consecutive hextets of zeros can be compressed to a double colon ::.
The three leading zeros in the last hextet can be removed. The double colon :: can only be used
once in an address.
14. What is the purpose of the command ping ::1?
 It tests the internal configuration of an IPv6 host.
 It tests the broadcast capability of all hosts on the subnet.
 It tests the multicast connectivity to all hosts on the subnet.
 It tests the reachability of the default gateway for the network.
Explanation: The address ::1 is an IPv6 loopback address. Using the command ping ::1 tests
the internal IP stack to ensure that it is configured and functioning correctly. It does not test
reachability to any external device, nor does it confirm that IPv6 addresses are properly configured
on the host.
15. At a minimum, which address is required on IPv6-enabled interfaces?
 link-local
 unique local
 site local
 global unicast
Explanation: All IPv6 enabled interfaces must at minimum have a link-local address. Other IPv6
addresses can be assigned to the interface as required.

13.3.4 Module Quiz – ICMP Answers

Playvolume00:00/01:03TruvidfullScreen

1. What is a function of the tracert command that differs from

the ping command when they are used on a workstation?
 The tracert command reaches the destination faster.
 The tracert command shows the information of routers in the path.
 The tracert command sends one ICMP message to each hop in the path.
 The tracert command is used to test the connectivity between two devices.
Explanation: The tracert command sends three pings to each hop (router) in the path toward
the destination and displays the domain name and IP address of hops from their responses.
Because tracert uses the ping command, the travel time is the same as a
standalone ping command. The primary function of a standalone ping command is to test the
connectivity between two hosts.
2. Which ICMP message is used by the traceroute utility during the process of
finding the path between two end hosts?
 redirect
 ping
 time exceeded
 destination unreachable
Explanation: Traceroute progressively increments the TTL (IPv4) or hop limit (IPv6) field (1, 2, 3,
4…) for sending sequence of ping commands. When a router senses that the TTL or hop limit is 0, it
will discard the packet and send a time exceeded message to the source of the traceroute. The
returned message contains the IP address of the router that discarded the packet. Hence the
traceroute utility learns the address of the router. This process continues and provides the trace with
the address of each hop (router) as the packets continue traveling through routers to reach the
destination.
3. Which two things can be determined by using the ping command? (Choose
two.)
 the number of routers between the source and destination device
 the IP address of the router nearest the destination device
 the average time it takes a packet to reach the destination and for
the response to return to the source
 the destination device is reachable through the network
 the average time it takes each router in the path between source and destination to
respond
Explanation: A ping command provides feedback on the time between when an echo request
was sent to a remote host and when the echo reply was received. This can be a measure of
network performance. A successful ping also indicates that the destination host was reachable
through the network.
4. Which statement describes a characteristic of the traceroute utility?
 It sends four Echo Request messages.
 It utilizes the ICMP Source Quench messages.
 It is primarily used to test connectivity between two hosts.
 It identifies the routers in the path from a source host to a
destination host.
Explanation: Traceroute is a utility that generates a list of hops (or routers) along the path from a
source host to the destination host.
5. Which utility uses the Internet Control Messaging Protocol (ICMP)?
 RIP
 DNS
 ping
 NTP
Explanation: ICMP is used by network devices to send error messages.
6. A network administrator can successfully ping the server at
www.cisco.com, but cannot ping the company web server located at an ISP in
another city. Which tool or command would help identify the specific router
where the packet was lost or delayed?
 ipconfig
 netstat
 telnet
 traceroute
Explanation: The traceroute command provides connectivity information about the path a
packet takes to reach the destination and about every router (hop) along the way. It also indicates
how long a packet takes to get from the source to each hop and back.
7. Which protocol is used by IPv4 and IPv6 to provide error messaging?
 ICMP
 NDP
 ARP
 DHCP
Explanation: ICMP is used by IPv4 and IPv6 to provide for messages to be sent in the event of
certain errors and for informational purposes.
8. What message is sent by a host to check the uniqueness of an IPv6
address before using that address?
 neighbor solicitation
 ARP request
 echo request
 router solicitation
Explanation: In IPv6, Duplicate Address Detection (DAD) is used in place of ARP. An IPv6 host
performs DAD by sending a neighbor solicitation (NS) message to its own IPv6 address to ensure
the uniqueness of the address prior to using it.
9. A technician is troubleshooting a network where it is suspected that a
defective node in the network path is causing packets to be dropped. The
technician only has the IP address of the end point device and does not have
any details of the intermediate devices. What command can the technician
use to identify the faulty node?
 tracert
 ping
 ipconfig /flushdns
 ipconfig /displaydns
Explanation: The ping command is used to verify connectivity to a device,the
commands ipconfig /flushdns will cause the adapter to flush the DNS cache, while ipconfig /
displaydns will result in the display of the DNS information in the cache.
10. A user who is unable to connect to the file server contacts the help desk.
The helpdesk technician asks the user to ping the IP address of the default
gateway that is configured on the workstation. What is the purpose for
this ping command?
 to obtain a dynamic IP address from the server
 to request that gateway forward the connection request to the file server
 to test that the host has the capability to reach hosts on other
networks
 to resolve the domain name of the file server to its IP address
Explanation: The ping command is used to test connectivity between hosts. The other options
describe tasks not performed by ping. Pinging the default gateway will test whether the host has
the capability to reach hosts on its own network and on other networks.
11. A user calls to report that a PC cannot access the internet. The network
technician asks the user to issue the command ping 127.0.0.1 in a command
prompt window. The user reports that the result is four positive replies. What
conclusion can be drawn based on this connectivity test?
 The PC can access the network. The problem exists beyond the local network.
 The IP address obtained from the DHCP server is correct.
 The PC can access the Internet. However, the web browser may not work.
 The TCP/IP implementation is functional.
Explanation: The ping 127.0.0.1 command is used to verify that the TCP/IP stack is
functional. It verifies the proper operation of the protocol stack from the network layer to physical
layer, without sending a signal on the media. That is, this test does not go beyond the PC itself. For
example, it does not detect whether a cable is connected to the PC or not.
12. Which command can be used to test connectivity between two devices
using echo request and echo reply messages?
 netstat
 traceroute
 ICMP
 ping
Explanation: Ping is used to test connectivity between end devices. It can be used with both
IPv4 and IPv6. Ping uses the ICMP protocol which issues an echo request/echo reply. Traceroute
is a command used on a router. Netstat is used to display the local routing table.
13. What field content is used by ICMPv6 to determine that a packet has
expired?
 TTL field
 CRC field
 Hop Limit field
 Time Exceeded field
Explanation: ICMPv6 sends a Time Exceeded message if the router cannot forward an IPv6
packet because the packet expired. The router uses a hop limit field to determine if the packet has
expired, and does not have a TTL field.
14. Which protocol provides feedback from the destination host to the source
host about errors in packet delivery?
 ARP
 BOOTP
 DNS
 ICMP
Explanation: The ICMP protocol operates at Layer 3 of the OSI model, which is the Internet
layer of the TCP/IP model. ICMP encapsulates the ping and traceroute commands.
14.8.3 Module Quiz – Transport Layer Answers
Playvolume00:00/01:03TruvidfullScreen

1. Network congestion has resulted in the source learning of the loss of TCP
segments that were sent to the destination. What is one way that the TCP
protocol addresses this?
 The source decreases the amount of data that it transmits before it
receives an acknowledgement from the destination.
 The source decreases the window size to decrease the rate of transmission from the
destination.
 The destination decreases the window size.
 The destination sends fewer acknowledgement messages in order to conserve
bandwidth.
Explanation: If the source determines that the TCP segments are either not being acknowledged
or are not acknowledged in a timely manner, then it can reduce the number of bytes it sends before
receiving an acknowledgment. This does not involve changing the window in the segment header.
The source does not decrease the window that is sent in the segment header. The window in the
segment header is adjusted by the destination host when it is receiving data faster than it can
process it, not when network congestion is encountered.
2. Which two operations are provided by TCP but not by UDP? (Choose two.)
 identifying the applications
 acknowledging received data
 tracking individual conversations
 retransmitting any unacknowledged data
 reconstructing data in the order received
Explanation: Numbering and tracking data segments, acknowledging received data, and
retransmitting any unacknowledged data are reliability operations to ensure that all of the data
arrives at the destination. UDP does not provide reliability. Both TCP and UDP identify the
applications and track individual conversations. UDP does not number data segments and
reconstructs data in the order that it is received.
3. What is the TCP mechanism used in congestion avoidance?
 three-way handshake
 socket pair
 two-way handshake
 sliding window
Explanation: TCP uses windows to attempt to manage the rate of transmission to the maximum
flow that the network and destination device can support while minimizing loss and retransmissions.
When overwhelmed with data, the destination can send a request to reduce the of the window. This
congestion avoidance is called sliding windows.
4. What is a responsibility of transport layer protocols?
 providing network access
 tracking individual conversations
 determining the best path to forward a packet
 translating private IP addresses to public IP addresses
Explanation: There are three main responsibilities for transport layer protocols TCP and UDP:
 Tracking individual conversations
 Segmenting data and reassembling segments
 Identifying the applications

5. How does a networked server manage requests from multiple clients for
different services?
 The server sends all requests through a default gateway.
 Each request is assigned source and destination port numbers.
 The server uses IP addresses to identify different services.
 Each request is tracked through the physical address of the client.
Explanation: Each service provided by a server, such as email or file transfers, uses a specific
port number. The source port number of a service request identifies the client that is requesting
services. The destination port number identifies the specific service. Servers do not use address
information to provide services. Routers and switches use addressing information to move traffic
through the network.
6. Which two services or protocols use the preferred UDP protocol for fast
transmission and low overhead? (Choose two)
 FTP
 DNS
 HTTP
 POP3
 VoIP
Explanation: Both DNS and VoIP use UDP to provide low overhead services within a network
implementation.
7. What is the purpose of using a source port number in a TCP
communication?
 to notify the remote device that the conversation is over
 to assemble the segments that arrived out of order
 to keep track of multiple conversations between devices
 to inquire for a nonreceived segment
Explanation: The source port number in a segment header is used to keep track of multiple
conversations between devices. It is also used to keep an open entry for the response from the
server. The incorrect options are more related to flow control and guaranteed delivery.
8. Which number or set of numbers represents a socket?
 01-23-45-67-89-AB
 21
 192.168.1.1:80
 10.1.1.15
Explanation: A socket is defined by the combination of an IP address and a port number, and
uniquely identifies a particular communication.
9. Which two flags in the TCP header are used in a TCP three-way handshake
to establish connectivity between two network devices? (Choose two.)
 ACK
 FIN
 PSH
 RST
 SYN
 URG
Explanation: TCP uses the SYN and ACK flags in order to establish connectivity between two
network devices.
10. What happens if part of an FTP message is not delivered to the
destination?
 The message is lost because FTP does not use a reliable delivery method.
 The FTP source host sends a query to the destination host.
 The part of the FTP message that was lost is re-sent.
 The entire FTP message is re-sent.
Explanation: Because FTP uses TCP as its transport layer protocol, sequence and
acknowledgment numbers will identify the missing segments, which will be re-sent to complete the
message.
11. What type of applications are best suited for using UDP?
 applications that are sensitive to delay
 applications that need reliable delivery
 applications that require retransmission of lost segments
 applications that are sensitive to packet loss
Explanation: UDP is not a connection-oriented protocol and does not provide retransmission,
sequencing, or flow control mechanisms. It provides basic transport layer functions with a much
lower overhead than TCP. Lower overhead makes UDP suitable for applications which are sensitive
to delay.
12. Which action is performed by a client when establishing communication
with a server via the use of UDP at the transport layer?
 The client sets the window size for the session.
  The client sends an ISN to the server to start the 3-way handshake.
 The client randomly selects a source port number.
 The client sends a synchronization segment to begin the session.
Explanation: Because a session does not have to be established for UDP, the client selects a
random source port to begin a connection. The random port number selected is inserted into the
source port field of the UDP header.
13. Which transport layer feature is used to guarantee session
establishment?
 UDP ACK flag
 TCP 3-way handshake
 UDP sequence number
 TCP port number
Explanation: TCP uses the 3-way handshake. UDP does not use this feature. The 3-way
handshake ensures there is connectivity between the source and destination devices before
transmission occurs.
14. What is the complete range of TCP and UDP well-known ports?
 0 to 255
 0 to 1023
 256 – 1023
 1024 – 49151
Explanation: There are three ranges of TCP and UDP ports. The well-know range of port
numbers is from 0 – 1023.
15. What is a socket?
 the combination of the source and destination IP address and source and destination
Ethernet address
 the combination of a source IP address and port number or a
destination IP address and port number
 the combination of the source and destination sequence and acknowledgment numbers
 the combination of the source and destination sequence numbers and port numbers
Explanation: A socket is a combination of the source IP address and source port or the
destination IP address and the destination port number.

15.6.2 Module Quiz – Application Layer Answers

Playvolume00:00/01:03TruvidfullScreen

1. On a home network, which device is most likely to provide dynamic IP

addressing to clients on the home network?
 a dedicated file server
 a home router
 an ISP DHCP server
 a DNS server
Explanation: On a home network, a home router usually serves as the DHCP server. The home
router is responsible for dynamically assigning IP addresses to clients on the home network. ISPs
also use DHCP, but it usually assigns an IP address to the Internet interface of the home router, not
the clients on the home network. In businesses, it is common to have a file or other dedicated
server provide DHCP services to the network. Finally, a DNS server is responsible for finding the IP
address for a URL, not for providing dynamic addressing to network clients.
2. What part of the URL, http://www.cisco.com/index.html, represents the
top-level DNS domain?
 .com
 www
 http
 index
Explanation: The components of the URL http://www.cisco.com/index.htm are as follows:
 http = protocol
 www = part of the server name
 cisco = part of the domain name
  index = file name
 com = the top-level domain
3. What are two characteristics of the application layer of the TCP/IP model?
(Choose two.)
 responsibility for logical addressing
 responsibility for physical addressing
 the creation and maintenance of dialogue between source and
destination applications
 closest to the end user
 the establishing of window size
Explanation: The application layer of the TCP/IP model is the layer that is closest to the end
user, providing the interface between the applications. It is responsible for formatting, compressing,
and encrypting data, and is used to create and maintain dialog between source and destination
applications.
4. What message type is used by an HTTP client to request data from a web
server?
 GET
 POST
 PUT
 ACK
Explanation: HTTP clients send GET messages to request data from web servers.
5. Which statement is true about FTP?
 The client can choose if FTP is going to establish one or two connections with the server.
 The client can download data from or upload data to the server.
 FTP is a peer-to-peer application.
 FTP does not provide reliability during data transmission.
Explanation: FTP is a client/server protocol. FTP requires two connections between the client
and the server and uses TCP to provide reliable connections. With FTP, data transfer can happen in
either direction. The client can download (pull) data from the server or upload (push) data to the
server.
6. A wireless host needs to request an IP address. What protocol would be
used to process the request?
 FTP
 HTTP
 DHCP
 ICMP
 SNMP
Explanation: The DHCP protocol is used to request, issue, and manage IP addressing
information. CSMA/CD is the access method used with wired Ethernet. ICMP is used to test
connectivity. SNMP is used with network management and FTP is used for file transfer.
7. Which TCP/IP model layer is closest to the end user?
 application
 internet
 network access
 transport
Explanation: End users use applications to interact with and use the network. The application
layer of the TCP/IP model is closest to the end user. Application layer protocols are used to
communicate and exchange messages with other network devices and applications. The layers of
the TCP/IP model are from top to bottom (memory aid – ATIN): application, transport, internet,
network access
8. Which three protocols or standards are used at the application layer of the
TCP/IP model? (Choose three.)
 ТСР
 HTTP
 MPEG
 GIF
 IP
 UDP
Explanation: HTTP, MPEG, and GIF operate at the application layer of the TCP/IP model. TCP
and UDP operate at the transport layer. IP operates at the internet layer.
9. Which protocol uses encryption?
 DHCP
 DNS
 FTP
 HTTPS
Explanation: HTTPS uses Secure Socket Layer (SSL) to encrypt traffic accessed from a web
server.
10. Why is DHCP preferred for use on large networks?
 Large networks send more requests for domain to IP address resolution than do smaller
networks.
 DHCP uses a reliable transport layer protocol.
 It prevents sharing of files that are copyrighted.
 It is a more efficient way to manage IP addresses than static address
assignment.
 Hosts on large networks require more IP addressing configuration settings than hosts on
small networks.
Explanation: Static IP address assignment requires personnel to configure each network host
with addresses manually. Large networks can change frequently and have many more hosts to
configure than do small networks. DHCP provides a much more efficient means of configuring and
managing IP addresses on large networks than does static address assignment.
11. Which two tasks can be performed by a local DNS server? (Choose two.)
 providing IP addresses to local hosts
 allowing data transfer between two network devices
 mapping name-to-IP addresses for internal hosts
 forwarding name resolution requests between servers
 retrieving email messages
Explanation: Two important functions of DNS are to (1) provide IP addresses for domain names
such as www.cisco.com, and (2) forward requests that cannot be resolved to other servers in order
to provide domain name to IP address translation. DHCP provides IP addressing information to
local devices. A file transfer protocol such as FTP, SFTP, or TFTP provides file sharing services.
IMAP or POP can be used to retrieve an email message from a server.
12. Which protocol can be used to transfer messages from an email server to
an email client?
 SMTP
 POP3
 SNMP
 HTTP
Explanation: SMTP is used to send mail from the client to the server but POP3 is used to
download mail from the server to the client. HTTP and SNMP are protocols that are unrelated to
email.
13. When retrieving email messages, which protocol allows for easy,
centralized storage and backup of emails that would be desirable for a small-
to medium-sized business?
 IMAP
 РОР
 SMTP
 HTTPS
Explanation: IMAP is preferred for small-to medium-sized businesses as IMAP allows
centralized storage and backup of emails, with copies of the emails being forwarded to clients. POP
delivers the emails to the clients and deletes them on the email server. SMTP is used to send
emails and not to receive them. HTTPS is not used for secure web browsing.
14. Which application layer protocol is used to provide file-sharing and print
services to Microsoft applications?
 HTTP
 SMTP
 DHCP
  SMB
Explanation: SMB is used in Microsoft networking for file-sharing and print services. The Linux
operating system provides a method of sharing resources with Microsoft networks by using a
version of SMB called SAMBA.
15. An author is uploading one chapter document from a personal computer
to a file server of a book publisher. What role is the personal computer
assuming in this network model?
 client
 master
 server
 slave
 transient
Explanation: In the client/server network model, a network device assumes the role of server in
order to provide a particular service such as file transfer and storage. The device requesting the
service assumes the role of client. In the client/server network model, a dedicated server does not
have to be used, but if one is present, the network model being used is the client/server model. In
contrast, the peer-to-peer network model does not have a dedicated server.

16.5.4 Module Quiz – Network Security Fundamentals Answers

Playvolume00:00/01:00TruvidfullScreen

1. What three configuration steps must be performed to implement SSH

access to a router? (Choose three.)
 a password on the console line
 an IP domain name
 a user account
 an enable mode password
 a unique hostname
 an encrypted password
Explanation: To implement SSH on a router the following steps need to be performed:
 Configure a unique hostname.
 Configure the domain name of the network.
 Configure a user account to use AAA or local database for authentication.
 Generate RSA keys.
 Enable VTY SSH sessions.

2. What is the objective of a network reconnaissance attack?

 discovery and mapping of systems
 unauthorized manipulation of data
 disabling network systems or services
 denying access to resources by legitimate users
Explanation: The objective of a network reconnaissance attack is to discover information about a
network, network systems, and network services.
3. For security reasons a network administrator needs to ensure that local
computers cannot ping each other. Which settings can accomplish this task?
 smartcard settings
 firewall settings
 MAC address settings
 file system settings
Explanation: Smartcard and file system settings do not affect network operation. MAC address
settings and filtering may be used to control device network access but cannot be used to filter
different data traffic types.
4. A network administrator establishes a connection to a switch via SSH.
What characteristic uniquely describes the SSH connection?
 out-of-band access to a switch through the use of a virtual terminal with password
authentication
 remote access to the switch through the use of a telephone dialup connection
  on-site access to a switch through the use of a directly connected PC and a console
cable
 remote access to a switch where data is encrypted during the session
 direct access to the switch through the use of a terminal emulation program
Explanation: SSH provides a secure remote login through a virtual interface. SSH provides a
stronger password authentication than Telnet. SSH also encrypts the data during the session.
5. Which benefit does SSH offer over Telnet for remotely managing a router?
 encryption
 TCP usage
 authorization
 connections via multiple VTY lines
Explanation: SSH provides secure access to a network device for remote management. It uses
a stronger password authorization than Telnet does and encrypts any data that is transported during
the session.
6. What is one of the most effective security tools available for protecting
users from external threats?
 firewalls
 router that run AAA services
 patch servers
 password encryption techniques
Explanation: A firewall is one of the most effective security tools for protecting internal network
users from external threats. A firewall resides between two or more networks, controls the traffic
between them, and helps prevent unauthorized access. A host intrusion prevention system can help
prevent outside intruders and should be used on all systems.
7. Which type of network threat is intended to prevent authorized users from
accessing resources?
 DoS attacks
 access attacks
 reconnaissance attacks
 trust exploitation
Explanation: Network reconnaissance attacks involve the unauthorized discovery and mapping
of the network and network systems. Access attacks and trust exploitation involve unauthorized
manipulation of data and access to systems or user privileges. DoS, or Denial of Service attacks,
are intended to prevent legitimate users and devices from accessing network resources.
8. Which three services are provided by the AAA framework? (Choose three.)
 accounting
 automation
 authorization
 authentication
 autobalancing
 autoconfiguration
Explanation: The authentication, authorization, and accounting (AAA) framework provides
services to help secure access to network devices.
9. Which malicious code attack is self-contained and tries to exploit a specific
vulnerability in a system being attacked?
 virus
 worm
 Trojan horse
 social engineering
Explanation: A worm is a computer program that is self replicated with the intention of attacking
a system and trying to exploit a specific vulnerability in the target. Both virus and Trojan horse rely
on a delivery mechanism to carry them from one host to another. Social engineering is not a type of
malicious code attack.
10. Some routers and switches in a wiring closet malfunctioned after an air
conditioning unit failed. What type of threat does this situation describe?
 configuration
 environmental
 electrical
 maintenance

Explanation: The four classes of threats are as follows:
 Hardware threats – physical damage to servers, routers, switches, cabling plant, and
workstations
 Environmental threats – temperature extremes (too hot or too cold) or humidity extremes
(too wet or too dry)
 Electrical threats – voltage spikes, insufficient supply voltage (brownouts), unconditioned
power (noise), and total power loss
 Maintenance threats – poor handling of key electrical components (electrostatic
discharge), lack of critical spare parts, poor cabling, and poor labeling
11. What does the term vulnerability mean?
 a weakness that makes a target susceptible to an attack
 a computer that contains sensitive information
 a method of attack to exploit a target
 a known target or victim machine
 a potential threat that a hacker creates
Explanation: A vulnerability is not a threat, but it is a weakness that makes the PC or the
software a target for attacks.
12. Which component is designed to protect against unauthorized
communications to and from a computer?
 security center
 port scanner
 antimalware
 antivirus
 firewall
Explanation: Antivirus and antimalware software are used to prevent infection from malicious
software. A port scanner is used to test a PC network connection to determine which ports the PC is
listening to. The security center is an area of Windows that keeps track of the security software and
settings on the PC. A firewall is designed to block unsolicited connection attempts to a PC unless
they are specifically permitted.
13. Which command will block login attempts on RouterA for a period of 30
seconds if there are 2 failed login attempts within 10 seconds?
 RouterA(config)# login block-for 10 attempts 2 within 30
 RouterA(config)# login block-for 30 attempts 2 within 10
 RouterA(config)# login block-for 2 attempts 30 within 10
 RouterA(config)# login block-for 30 attempts 10 within 2
Explanation: The correct syntax is RouterA(config)# login block-for (number of
seconds) attempts (number of attempts) within (number of seconds).
14. What is the purpose of the network security accounting function?
 to require users to prove who they are
 to determine which resources a user can access
 to keep track of the actions of a user
 to provide challenge and response questions
Explanation: Authentication, authorization, and accounting are network services collectively
known as AAA. Authentication requires users to prove who they are. Authorization determines
which resources the user can access. Accounting keeps track of the actions of the user.
15. What type of attack may involve the use of tools such as nslookup and
fping?
 access attack
 reconnaissance attack
 denial of service attack
 worm attack
Explanation: For reconnaissance attacks, external attackers can use Internet tools, such as the
nslookup and whois utilities, to easily determine the IP address space assigned to a given
corporation or entity. After the IP address space is determined, an attacker can then ping the
publicly available IP addresses to identify the addresses that are active. Fping is a ping sweep tool
that can help automate this process.
17.8.5 Module Quiz – Build a Small Network Answers
Playvolume00:00/01:03TruvidfullScreen

1. Which two traffic types require delay sensitive delivery? (Choose two.)
 email
 web
 FТР
 voice
 video
Explanation: Voice and video traffic have delay sensitive characteristics and must be given
priority over other traffic types such as web, email, and file transfer traffic.
2. A network technician suspects that a particular network connection
between two Cisco switches is having a duplex mismatch. Which command
would the technician use to see the Layer 1 and Layer 2 details of a switch
port?
 show interfaces
 show running-config
 show ip interface brief
 show mac-address-table
Explanation: The show interfaces command can be used on both routers and switches to
see speed, duplex, media type, MAC address, port type, and other Layer 1/Layer 2-related
information.
3. Which statement is true about CDP on a Cisco device?
 The show cdp neighbor detail command will reveal the IP address of a neighbor only if
there is Layer 3 connectivity.
 To disable CDP globally, the no cdp enable command in interface configuration mode
must be used.
 CDP can be disabled globally or on a specific interface.
 Because it runs at the data link layer, the CDP protocol can only be implemented in
switches.
Explanation: CDP is a Cisco-proprietary protocol that can be disabled globally by using the no
cdp run global configuration command, or disabled on a specific interface, by using the no cdp
enable interface configuration command. Because CDP operates at the data link layer, two or
more Cisco network devices, such as routers can learn about each other even if Layer 3
connectivity does not exist. The show cdp neighbors detail command reveals the IP address
of a neighboring device regardless of whether you can ping the neighbor.
4. What factor should be considered in the design of a small network when
devices are being chosen?
 cost of devices
 redundancy
 traffic analysis
 ISP
Explanation: Factors to consider when designing a network include the cost of devices, speed,
modularity and scalability, and ease of managing the network.
5. A user is unable to reach the website when typing http://www.cisco.com in
a web browser, but can reach the same site by typing http://72.163.4.161.
What is the issue?
 default gateway
 DHCP
 DNS
 TCP/IP protocol stack
Explanation: Domain Name Service (DNS) is used to translate a web address to an IP address.
The address of the DNS server is provided via DHCP to host computers.
6. Where are Cisco IOS debug output messages sent by default?
 memory buffers
 vty lines
 Syslog server
  console line
Explanation: Debug messages, like other IOS log messages, are sent to the console line by
default. Sending these messages to the terminal lines requires the terminal monitor command.
7. Which element of scaling a network involves identifying the physical and
logical topologies?
 traffic analysis
 network documentation
 device inventory
 cost analysis
Explanation: To scale a network, several elements are required:
 Network documentation – physical and logical topology
 Device Inventory – list of devices that use or make up the network
 Budget – Itemized IT budget, including fiscal year equipment purchasing budget
 Traffic analysis – protocols, applications, and services and their respective traffic
requirements should be documented
8. What mechanism can be implemented in a small network to help minimize
network latency for real-time streaming applications?
 QoS
 PoE
 AAA
 ICMP
Explanation: Quality of service (QoS) is a mechanism which is used to classify and prioritize
traffic through the network. This enables network devices to minimize the latency for real-time
applications such as voice and video.
9. Which process failed if a computer cannot access the internet and received
an IP address of 169.254.142.5?
 IP
 DNS
 DHCP
 HTTP
Explanation: When a Windows computer cannot communicate with an IPv4 DHCP server, the
computer automatically assigns itself an IP address in the169.254.0.0/16 range. Linux and Apple
computers do not automatically assign an IP address.
10. A small company has only one router as the exit point to its ISP. Which
solution could be adopted to maintain connectivity if the router itself, or its
connection to the ISP, fails?
 Activate another router interface that is connected to the ISP, so the traffic can flow
through it.
 Have a second router that is connected to another ISP.
 Purchase a second least-cost link from another ISP to connect to this router.
 Add more interfaces to the router that is connected to the internal network.
Explanation: Small networks generally have only one link to an ISP to establish a connection to
the Internet. Problems can occur in the network, which can cause the disruption of this service. In
order to keep connectivity, redundancy has to be provided. If the problem is in the router interface
that is connected to the ISP, another interface can be activated on the router, so if one interface
fails, traffic may be redirected toward the other interface. However, if the router itself fails, a second
router that is connected to another ISP can be used as a backup.
11. When should an administrator establish a network baseline?
 when the traffic is at peak in the network
 when there is a sudden drop in traffic
 at the lowest point of traffic in the network
 at regular intervals over a period of time
Explanation: An effective network baseline can be established by monitoring the traffic at regular
intervals. This allows the administrator to take note when any deviance from the established norm
occurs in the network.
12. Which network design consideration would be more important to a large
corporation than to a small business?
 Internet router
  firewall
 low port density switch
 redundancy
Explanation: Small businesses today do need Internet access and use an Internet router to
provide this need. A switch is required to connect the two host devices and any IP phones or
network devices such as a printer or a scanner. The switch may be integrated into the router. A
firewall is needed to protect the business computing assets. Redundancy is not normally found in
very small companies, but slightly larger small companies might use port density redundancy or
have redundant Internet providers/links.
13. A newly hired network technician is given the task of ordering new
hardware for a small business with a large growth forecast. Which primary
factor should the technician be concerned with when choosing the new
devices?
 devices with a fixed number and type of interfaces
 devices that have support for network monitoring
 redundant devices
 devices with support for modularity
Explanation: In a small business with a large growth forecast, the primary influencing factor
would be the ability of devices to support modularity. Devices with a fixed type/number of interfaces
would not support growth. Redundancy is an important factor, but typically found in large
enterprises. Network monitoring is also an important consideration, but not as important as
modularity.
14. What type of traffic would most likely have the highest priority through
the network?
 FTP
 instant messaging
 voice
 SNMP
Explanation: Not all traffic should receive the same treatment or priority through a network.
Some types of traffic, such as voice and video, require the highest priority because they are very
sensitive to network latency and delay. Other types of traffic, such as FTP, which is not sensitive to
latency and delay, should be given the lowest level of priority so that the higher priority traffic can
get through.
15. A network technician is investigating network connectivity from a PC to a
remote host with the address 10.1.1.5. Which command, when issued on a
Windows PC, will display the path to the remote host?
 trace 10.1.1.5
 traceroute 10.1.1.5
 tracert 10.1.1.5
 ping 10.1.1.5
Explanation: The tracert command is used to initiate a trace from the command prompt on a
Windows PC. The traceroute command is used to initiate a trace from a Cisco router or switch.
Some other PC operating systems, such as Linux and Mac OS also use the traceroute command.
The ping command does not display the network path to the remote host.

CHECK YOUR UNDERSTANDING

1.2.6 Check Your Understanding – Network Components Answers

1. Which of the following is the name for all computers connected to a

network that participate directly in network communication?
 servers
 intermediary devices
 hosts
 media
Explanation: Hosts are all computers connected to a network that participate directly in network
communication.
2. When data is encoded as pulses of light, which media is being used to
transmit the data?
 wireless
 Fiber-optic cable
 copper cable
Explanation: Fiber-optic cable is the media is being used to transmit the data when data is
encoded as pulses of light.
3. Which two devices are intermediary devices? (Choose two)
 hosts
 routers
 servers
 switches
Explanation: Routers and switches are intermediary devices.

1.3.3 Check Your Understanding – Network Representations and

Topologies
Playvolume00:00/01:03TruvidfullScreen

1. Which connection physically connects the end device to the network?

 Port
 NIC
 Interface
Explanation: A NIC is a specialized port on a networking device that connects to individual
networks.
2. Which connections are specialized ports on a networking device that
connect to individual networks?
 Port
 NIC
 Interface
Explanation: An interface physically connects the end device to the network.
3. Which type of network topology lets you see which end devices are
connected to which intermediary devices and what media is being used?
 Physical topology
 Logical topology
Explanation: The logical topology lets you see which end devices are connected to which
intermediary devices and what media is being used.
4. Which type of network topology lets you see the actual location of
intermediary devices and cable installation?
 Physical topology
 Logical topology
Explanation: The physical topology lets you see the actual location of intermediary devices and
cable installation.

1.4.5 Check Your Understanding – Common Types of Networks

Playvolume00:00/01:03TruvidfullScreen

1. Which network infrastructure provides access to users and end devices in

a small geographical area, which is typically a network in a department in an
enterprise, a home, or small business?
 Extranet
 Intranet
 LAN
 WAN

Explanation: A LAN provides access to users and end devices in a small geographical area.
2. Which network infrastructure might an organization use to provide secure
and safe access to individuals who work for a different organization but
require access to the organization’s data?
 Extranet
 Intranet
 LAN
 WAN
Explanation: An extranet provides secure and safe access to individuals who work for a different
organization but require access to the organization’s data.
3. Which network infrastructure provides access to other networks over a
large geographical area, which is often owned and managed by a
telecommunications service provider?
 Extranet
 Intranet
 LAN
 WAN
Explanation: A WAN provides access to other networks over a large geographical area.

1.6.6 Check Your Understanding – Reliable Networks

Playvolume00:00/01:00TruvidfullScreen

1. When designers follow accepted standards and protocols, which of the four
basic characteristics of network architecture is achieved?
 fault tolerance
 Scalability
 QoS
 Security
Explanation: Scalability happens when designers follow accepted standards and protocols.
2. Confidentiality, integrity, and availability are requirements of which of the
four basic characteristics of network architecture?
 fault tolerance
 Scalability
 QoS
 Security
Explanation: Confidentiality, integrity, and availability are requirements of security.
3. With which type of policy, a router can manage the flow of data and voice
traffic, giving priority to voice communications if the network experiences
congestion?
 fault tolerance
 Scalability
 QoS
 Security
Explanation: QoS means that a router will manage the flow of data and voice traffic, giving
priority to voice communications.
4. Having multiple paths to a destination is known as redundancy. This is an
example of which characteristic of network architecture?
 fault tolerance
 Scalability
 QoS
 Security
Explanation: Redundancy is an example a fault-tolerant network architecture.
1.7.10 Check Your Understanding – Network Trends
Playvolume00:00/01:03TruvidfullScreen
1. Which feature is a good conferencing tool to use with others who are
located elsewhere in your city, or even in another country?
 BYOD
 Video communications
 Cloud computing
Explanation: Video communications is a good conferencing tool to use with others who are
located elsewhere in your city, or even in another country.
2. Which feature describes using personal tools to access information and
communicate across a business or campus network?
 BYOD
 Video communications
 Cloud computing
Explanation: BYOD feature describes using personal tools to access information and
communicate across a business or campus network.
3. Which feature contains options such as Public, Private, Custom and
Hybrid?
 BYOD
 Video communications
 Cloud computing
Explanation: Cloud computing contains options such as Public, Private, Custom and Hybrid.
4. Which feature is being used when connecting a device to the network
using an electrical outlet?
 Smart home technology
 Powerline
 Wireless broadband
Explanation: Powerline is being used when connecting a device to the network using an
electrical outlet.
5. Which feature uses the same cellular technology as a smart phone?
 Smart home technology
 Powerline
 Wireless broadband
Explanation: Wireless broadband uses the same cellular technology as a smart phone.

1.8.3 Check Your Understanding – Network Security

Playvolume00:00/01:00TruvidfullScreen

1. Which attack slows down or crashes equipment and programs?

 Firewall
 Virus, worm, or Trojan horse
 Zero-day or Zero-hour
 Virtual Private Network (VPN)
 Denial of Service (DoS)
Explanation: A DoS attack slows down or crashes equipment and programs.
2. Which option creates a secure connection for remote workers?
 Firewall
 Virus, worm, or Trojan horse
 Zero-day or Zero-hour
 Virtual Private Network (VPN)
 Denial of Service (DoS)
Explanation: A VPN creates a secure connection for remote workers.
3. Which option blocks unauthorized access to your network?
 Firewall
 Virus, worm, or Trojan horse
 Zero-day or Zero-hour
 Virtual Private Network (VPN)
 Denial of Service (DoS)
Explanation: A firewall blocks unauthorized access to your network.
4. Which option describes a network attack that occurs on the first day that a
vulnerability becomes known?
 Firewall
 Virus, worm, or Trojan horse
 Zero-day or Zero-hour
 Virtual Private Network (VPN)
 Denial of Service (DoS)
Explanation: A zero-day or zero-hour attack occurs on the first day that a vulnerability becomes
known.
5. Which option describes malicious code running on user devices?
 Firewall
 Virus, worm, or Trojan horse
 Zero-day or Zero-hour
 Virtual Private Network (VPN)
 Denial of Service (DoS)
Explanation: A virus, worm, or Trojan horse is malicious code running on user devices.

2.1.6 Check Your Understanding – Cisco IOS Access Answers

1. Which access method would be most appropriate if you were in the
equipment room with a new switch that needs to be configured?

 Console
 Telnet/SSH
 Aux
Explanation: Because a new switch would not have any initial configurations, it could only be
configured through the console port.
2. Which access method would be most appropriate if your manager gave you
a special cable and told you to use it to configure the switch?
 Console
 Telnet/SSH
 Aux
Explanation: Connecting a computer to a Cisco device through the console port requires a
special console cable.
3. Which access method would be the most appropriate in-band access to the
IOS over a network connection?
 Console
 Telnet/SSH
 Aux
Explanation: Both Telnet and SSH are in-band access methods that require an active network
connection to the device.
4. Which access method would be the most appropriate if you call your
manager to tell him you cannot access your router in another city over the
internet and he provides you with the information to access the router
through a telephone connection?
 Console
 Telnet/SSH
 Aux
Explanation: The AUX port on a Cisco device provided out-of-band connections over a
telephone line.
1. Which IOS mode allows access to all commands and features?
Playvolume00:00/01:03TruvidfullScreen

 global configuration mode

 interface subconfiguration mode
 line console subconfiguration mode
  privileged EXEC mode
 user EXEC mode
Explanation: The privileged EXEC mode allows access to all commands. Higher level
commands like global configuration mode and subconfiguration modes can only be reached from
the privileged EXEC mode.
2. Which IOS mode are you in if the Switch(config)# prompt is displayed?
 global configuration mode
 interface subconfiguration mode
 line console subconfiguration mode
 privileged EXEC mode
 user EXEC mode
Explanation: Global configuration mode is identified by the (config)# prompt.
3. Which IOS mode are you in if the Switch> prompt is displayed?
 global configuration mode
 interface subconfiguration mode
 line console subconfiguration mode
 privileged EXEC mode
 user EXEC mode
Explanation: The > prompt after the device name identifies user EXEC mode.
4. Which two commands would return you to the privileged EXEC prompt
regardless of the configuration mode you are in? (Choose two.)
 CTRL+Z
 disable
 enable
 end
 exit
Explanation: To return from any prompt, all the way down to privileged EXEC mode, type the
end command or by pressing the CTRL+Z keys simultaneously on the keyboard.
1. What is the command to assign the name “Sw-Floor-2” to a switch?
Playvolume00:00/01:00TruvidfullScreen

hostname Sw-Floor-2
host name Sw-Floor-2
name Sw-Floor-2
Explanation: The global configuration command to set the host name on a Cisco device is
hostname. So, in this example the full command is Switch(config)# hostname Sw-Floor-2.
2. How is the privileged EXEC mode access secured on a switch?
 enable class
 secret class
 enable secret class
 service password-encryption
Explanation: Securing access to the EXEC mode on a Cisco switch is accomplished with the
enable secret command followed by the password. In this example the command is Switch(config)#
enable secret class.
3. Which command enables password authentication for user EXEC mode
access on a switch?
 enable secret
 login
 secret
 service password-encryption
Explanation: User EXEC mode access through the console port is enabled with the login
command entered in line mode. For example: Switch(config-line)# login.
4. Which command encrypts all plaintext passwords access on a switch?
 enable secret
 login
 secret
 service password-encryption
Explanation: The service password-encryption command entered in global configuration mode
will encrypt all plaintext passwords.
5. Which is the command to configure a banner to be displayed when
connecting to a switch?
 banner $ Keep out $
 banner motd $ Keep out $
 display $ Keep out $
 login banner $ Keep out $
Explanation: The command to set a banner stating “Keep out” that will be displayed when
connection to a Cisco switch is Switch(config)# banner motd $ Keep out $
1. What is the structure of an IPv4 address called?
Playvolume00:00/01:03TruvidfullScreen

dotted-binary format

dotted-decimal format

 dotted-hexadecimal format
Explanation: IPv4 addresses are written in dotted-decimal format. For example: 192.168.1.1.
2. How is an IPv4 address represented?
 four binary numbers between 0 and 1 separated by colons.
 four decimal numbers between 0 and 255 separated by periods.
 thirty-two hexadecimal numbers separated by colons.
 thirty-two hexadecimal numbers separated by periods.
Explanation: IPv4 addresses are written as four groups of decimal numbers separated by
periods. For example: 192.168.1.1.
3. What type of interface has no physical port associated with it?
 console
 Ethernet
 serial
 switch virtual interface (SVI)
Explanation: Switch virtual interfaces (SVIs) are virtual and have no physical port. Layer 2
switches use SVIs for remote management.
1. What is the process of converting information into the proper form for
transmission?
Playvolume00:00/01:03TruvidfullScreen

 Formatting
 Encoding
 Encapsulation
Explanation: One of the first steps to sending a message is encoding. During the encoding
process, information is converted from its original form into an acceptable form for transmission.
2. Which step of the communication process is concerned with properly
identifying the address of the sender and receiver?
 Formatting
 Encoding
 Encapsulation
Explanation: Messages sent over a computer network must be in the correct format for them to
be delivered and processed. Part of the formatting process is properly identifying the source of the
message and its destination.
3. Which three are components of message timing? (Choose three.)
 Flow control
 Sequence numbers
 Access method
 Retransmit time
 Response timeout
Explanation: Flow control is the managing of the rate of transmission. Response timeout is how
long to wait for responses. Access methods determine when someone can send a message. These
are the three components of message timing.
4. Which delivery method is used to transmit information to one or more end
devices, but not all devices on the network?
 Unicast
 Multicast
 Broadcast
Explanation: Multicast messages are addressed for transmission to one or more end devices on
a network. Broadcast messages are addressed for transmission to all devices on the network.
Unicast messages are addressed for transmission to one device on the network.
1. BGP and OSPF are examples of which type of protocol?
Playvolume00:00/01:03TruvidfullScreen

 network communication
 network security
 routing
 service discovery
Explanation: BGP and OSPF are routing protocols. They enable routers to exchange route
information to reach remote networks.
2. Which two protocols are service discovery protocols? (Choose two.)
 DNS
 TCP
 SSH
 DHCP
Explanation: Service discovery protocols, such as DNS and DHCP enable automatic detection
of service. DHCP is used to discover services for automatic IP address allocation and DNS for
name-to-IP address resolution services.
3. What is the purpose of the sequencing function in network
communication?
 to uniquely label transmitted segments of data for proper
reassembly by the receiver
 to determine if data is corrupted during transmission
 to ensure data flows at an efficient rate between sender and receiver
 to guarantee delivery of data
Explanation: Sequencing uniquely identifies or labels each transmitted segment with a sequence
number that is used by the receiver to reassemble the segments in the proper order.
4. This protocol is responsible for guaranteeing the reliable delivery of
information.
 TCP
 IP
 HTTP
 Ethernet
Explanation: Transmission Control Protocol (TCP) manages the conversation between end
devices and guarantees the reliable delivery of information.
1. UDP and TCP belong to which layer of the TCP/IP protocol?
Playvolume00:00/01:03TruvidfullScreen

application

transport

 internet
 network access
Explanation: TCP and UDP are both transport layer protocols.
2. Which two protocols belong in the TCP/IP model application layer?
 EIGRP
 DNS
 OSPF

ICMP

DHCP

Explanation: DHCP and DNS are both application layer protocols.
3. Which protocol operates at the network access layer of the TCP/IP model?
 HTTP
 IP
 DNS
 Ethernet
Explanation: Ethernet is a network access layer protocol.
4. Which of the following are protocols that provide feedback from the
destination host to the source host regarding errors in packet delivery?
(Choose two.)
 IPv4
 TCP
 ICMPv4
 IPv6
 UDP
 ICMPv6
Explanation: ICMPv4 and ICMPv6 provide feedback when errors occur.
5. A device receives a data link frame with data and processes and removes
the Ethernet information. What information would be the next to be
processed by the receiving device?
 HTTP at the application layer
 HTML at the application layer
 IP at the internet layer
 UDP at the internet layer
 TCP at the transport layer
Explanation: Data is de-encapsulated so the next layer to receive the data would be the internet
layer.
6. Which services are provided by the internet layer of the TCP/IP protocol
suite? (Choose three.)
 File Transfer
 Address Resolution
 Routing Protocols
 Messaging
 Ethernet
 Internet Protocol
Explanation: IP (Internet Protocol), ICMP (Messaging), and Routing Protocols are services
provided at the Internet Layer.
1. True or false. Standards organizations are usually vendor-neutral.
Playvolume00:00/01:00TruvidfullScreen

 True
 False
Explanation: The correct answer is True. Most standards organizations are vendor-neutral, non-
profit organizations that develop and promote open standards.
2. This standards organization is concerned with the Request for Comments
(RFC) documents that specify new protocols and update existing ones.
 Internet Society (ISOC)
 Internet Engineering Task Force (IETF)
 Internet Architecture Board (IAB)
 Internet Research Task Force (IRTF)
Explanation: The IETF develops and maintains the specifications for new protocols and updates
to existing protocols through published documents called Request for Comments (RFCs).
3. This standards organization is responsible for IP address allocation and
domain name management.
 Internet Society (ISOC)

Internet Engineering Task Force (IETF)

Internet Architecture Board (IAB)

Internet Assigned Numbers Authority (IANA)

Explanation: IANA is responsible for overseeing and managing IP address allocation, domain
name management, and protocol identifiers for ICANN.
4. What types of standards are developed by the Electronics Industries
Alliance (EIA)?
 electric wiring and connectors
 radio equipment and cell towers
 video compression and broadband communications
 Voice over IP (VoIP) and satellite communications
Explanation: The Electronics Industries Alliance (EIA) develops standards related to electrical
wiring, connectors, and network equipment racks.
1. What is the process of dividing a large data stream into smaller pieces
prior to transmission?
Playvolume00:00/01:03TruvidfullScreen

 sequencing
 duplexing
 multiplexing
 segmentation
Explanation: Segmentation is the process of dividing a large data stream into smaller pieces
which are then transmitted to the receiver.
2. What is the PDU associated with the transport layer?
 segment
 packet
 bits
 frame
Explanation: The transport layer PDU is known as a segment.
3. Which protocol stack layer encapsulates data into frames?
 data link
 transport
 network
 application
Explanation: The data link layer encapsulates data into a frame.
4. What is the name of the process of adding protocol information to data as
it moves down the protocol stack?
 de-encapsulation
 sequencing
 segmentation
 encapsulation
Explanation: As data moves down the protocol stack, protocol data is added to the original data.
This process is known as encapsulation.
1. True or false? Frames exchanged between devices in different IP networks
must be forwarded to a default gateway.
Playvolume00:00/01:03TruvidfullScreen

 True
 False
Explanation: The correct answer is True. When two devices are on different IP networks, frames
cannot be sent directly to the receiver since it is on a different logical network. The frames must first
be forwarded to a default gateway (router).
2. True or false? The right-most part of an IP address is used to identify the
network that a device belongs to.
 True
  False
Explanation: The correct answer is False. It is the left-most portion of an IP address that
identifies the network. The right-most portion is used to identify the specific device or interface.
3. What is used to determine the network portion of an IPv4 address?
 subnet mask
 MAC address
 right-most part of the IP address
 left-most part of the MAC address
Explanation: It is the subnet mask used in IPv4 that is used to determine the network portion of
an IPv4 address.
4. Which of the following statements are true regarding network layer and
data link layer addresses? (Choose three.)
 Data link layer addresses are logical and network layer addresses are physical.
 Network layer addresses are expressed as 12 hexadecimal digits and data link layer
addresses are decimal.
 Network layer addresses are logical and data link addresses are
expressed as 12 hexadecimal digits.
 Data link layer addresses are physical and network layer addresses
are logical.
 Network layer addresses are either 32 or 128 bits in length.
 Data link layer addresses are 32 bits in length.
Explanation: MAC addresses are physical addresses and 48 bits or 12 hex digits in length. IPv4
addresses and IPv6 addresses are logical. IPv4 addresses are 32 bits and IPv6 addresses are 128
bits.
5. What is the order of the two addresses in the data link frame?
 source MAC, destination MAC
 destination MAC, source IP
 destination IP, source IP
 destination MAC, source MAC
 source IP, destination IP
Explanation: The data link frame addressing consists of a destination and source MAC address
in that order.
6. True or False? Data Link addresses are physical so they never change in
the data link frame from source to destination.
 True
 False
Explanation: The correct answer is False. Data link addresses change within the data link frame
when the receiving device is not on the same network.
1. True or false? The physical layer is only concerned with wired network
connections.
Playvolume00:00/01:03TruvidfullScreen

 true
 false
Explanation: The correct answer is False. The physical layer provides the means to transport
bits over the network whether the network is wired or wireless.
2. True or false? When a frame is encoded by the physical layer, all bits are
sent over the media at the same time.
 true
 false
Explanation: The correct answer is False. When encoded, the bits making up a frame are
transmitted over the media one at a time.
3. The physical layer of the receiving device passes bits up to which higher
level layer?
 application
 presentation
 network
  data link
Explanation: The physical layer receives frames from the data-link layer and converts it to bits
for transmission. On the sending device the physical layer passes the transmitted bits up to the data
link layer as a complete frame.
4. What PDU is received by the physical layer for encoding and transmission?
 frame
 segment
 packet
Explanation: The physical layer receives frames from the data link layer for encoding and
transmission.
1. Which media uses patterns of microwaves to represent bits?
Playvolume00:00/01:03TruvidfullScreen

copper

wireless

 fiber-optic
Explanation: In wireless networks data is represented by patterns of microwave transmissions.
2. Which media uses patterns of light to represent bits?
 copper
 wireless
 fiber-optic
Explanation: Fiber-optic cables use patterns of light to represent bits.
3. Which media uses electrical pulses to represent bits?
 copper
 wireless
 fiber-optic
Explanation: Electrical pulses are used to represent bits on networks using copper cable media.
4. Which of these is the name for the capacity of a medium to carry data?
 bandwidth
 throughput
 goodput
Explanation: Bandwidth is the capacity of a network medium to carry data.
5. Which of these is a measure of the transfer of bits across the media?
 bandwidth
 throughput
 goodput
Explanation: The transfer of bits across the network media over a period of time is known as
throughput.
36. What are two functions of NVRAM? (Choose two.)
 to store the routing table
 to retain contents when power is removed
 to store the startup configuration file
 to contain the running configuration file
 to store the ARP table

1. Which of the following attaches antennas to wireless devices? It can also

be bundled with fiber-optic cabling for two-way data transmission.
Playvolume00:00/01:03TruvidfullScreen

 UTP
 STP
 coaxial
Explanation: Coaxial cable, which is used for cable TV and internet service, is also used to
attach antennas to wireless devices.
2. Which of the following counters EMI and RFI by using shielding techniques
and special connectors?
 UTP
 STP
 coaxial
Explanation: Shielded twisted pair cable (STP) incorporates shielding and special connectors to
prevent signal interference from other wires, EMI, and RFI.
3. Which of the following is the most common network media?
 UTP
 STP
 coaxial
Explanation: Unshielded twisted pair cable (UTP) is the most common type of wired network
media.
4. Which of the following terminates with BNC, N type and F type connectors?
 UTP
 STP
 coaxial
Explanation: Coaxial cable, which is used for cable TV and internet service and to attach
antennas to wireless devices, uses several types of connectors to include BNC, N type, and F type
connectors.
1. Which of the following attaches antennas to wireless devices? It can also
be bundled with fiber-optic cabling for two-way data transmission.
Playvolume00:00/01:03TruvidfullScreen

 UTP
 STP
 coaxial
Explanation: Coaxial cable, which is used for cable TV and internet service, is also used to
attach antennas to wireless devices.
2. Which of the following counters EMI and RFI by using shielding techniques
and special connectors?
 UTP
 STP
 coaxial
Explanation: Shielded twisted pair cable (STP) incorporates shielding and special connectors to
prevent signal interference from other wires, EMI, and RFI.
3. Which of the following is the most common network media?
 UTP
 STP
 coaxial
Explanation: Unshielded twisted pair cable (UTP) is the most common type of wired network
media.
4. Which of the following terminates with BNC, N type and F type connectors?
 UTP
 STP
 coaxial
Explanation: Coaxial cable, which is used for cable TV and internet service and to attach
antennas to wireless devices, uses several types of connectors to include BNC, N type, and F type
connectors.
1. True or false. Wireless is not well suited for enterprise networks.
Playvolume00:00/01:03TruvidfullScreen

 true
 false
Explanation: The correct answer is False. Wireless provides the greatest mobility of all media
and is gaining popularity in enterprise networks.
2. True or false. Wireless LANs operate in full-duplex allowing all devices to
send or receive data at the same time so the number of users does not
impact performance.
 true
 false
Explanation: The correct answer is False. WLANs operate in half-duplex, which means only one
device can send or receive at a time. This can impact network performance if there are many users
accessing the WLAN at the same time.
3. Which of the following wireless standards is best suited for industrial and
IoT environments?
 Zigbee
 WiMAX
 Wi-Fi
 Bluetooth
Explanation: Zigbee is intended for applications that require short-range, low data-rates, and
long battery life, making it well suited for industrial and IoT applications.
4. Which of the following wireless standards is used for Personal Area
Networks (PANs) and allows devices to communicate over distances of 1 to
100 meters?
 Zigbee
 WiMAX
 Wi-Fi
 Bluetooth
Explanation: This wireless standard is used for Personal Area Networks (PANs) and allows
devices to communicate over distances of 1 to 100 meters.
1. Which is the binary equivalent to the 192.168.11.10 IP address?
Playvolume00:00/01:03TruvidfullScreen

11000000.11000000.00001011.00001010

11000000.10101000.00001011.00001010

 11000000.10101000.00001010.00001011
 11000000.10101000.00001011.00010010
Explanation: 192.168.11.10 is equivalent to 11000000.10101000.00001011.00001010
2. Which of the following is the binary equivalent to the 172.16.31.30 IP
address?
 11000000.00010000.00011111.00011110
 10101000.00010000.00011111.00011110
 10101100.00010000.00011110.00011110
 10101100.00010000.00011111.00011110
Explanation: 172.16.31.30 is equivalent to 10101100.00010000.00011111.000111110
1. Which is the hexadecimal equivalent of 202?
Playvolume00:00/01:00TruvidfullScreen

B10

BA

C10

CA

Explanation: The hexadecimal equivalent of 202 is CA.
2. Which is the hexadecimal equivalent of 254?
 EA
 ED
 FA
 FE
Explanation: The hexadecimal equivalent of 254 is FE.
3. Which is the decimal equivalent of A9?
 168
 169

 170
 171
Explanation: The decimal equivalent of A9 is 169.
4. Which of the following is the decimal equivalent of 7D?
 124
 125
 126
 127
Explanation: The decimal equivalent of 7D is 125.
1. What is another name for the OSI data link layer?
Playvolume00:00/01:03TruvidfullScreen

Layer 1

Layer 2

 Layer 3
 Layer 6
Explanation: The data link layer is Layer 2 of the OSI model.
2. The IEEE 802 LAN/MAN data link layer consists of which two sublayers?
(Choose two.)
 Network Control Protocol
 Logical Link Control
 Media Access Control
 Link Control Protocol
Explanation: The data link layer consists of two sublayers. These are Logical Link Control (LLC)
and Media Access Control (MAC)
3. What is the responsibility of the MAC sublayer?
 Adds Layer 3 addresses to the frame
 Communicates with the network layer (Layer 3)
 Provides the method to get the frame on and off the media
 Transmits the bits on the media
Explanation: The MAC sublayer of the data link layer is responsible for getting frames on and off
the media.
4. What Layer 2 function does a router perform? (Choose three.)
 Accepts a frame from a medium
 De-encapsulates the frame
 Refers to its Layer 3 routing table for a matching destination network
 Re-encapsulates the packet into a new frame
Explanation: Routers perform four functions at Layer 2. They accept a frame from the media, de-
encapsulate the packet from a frame, re-encapsulate the packet into a new frame, and forwards the
new frame appropriate to the medium of that segment of the physical network.
5. The media access control method used depends on which two criteria?
 Layer 3 IP protocol
 Media sharing
 Topology
 Transport layer protocol
 Type of data
Explanation: The two criteria for determining the media access control method used are the type
of media sharing involved and the topology.
6. Which organization defines standards for the network access layer (i.e.,
the OSI physical and data link layers)?
 Cisco
 IANA
 IEEE
 IETF
Explanation: The IEEE defines standards for the TCP/IP network access layer, which are the
OSI physical and data link layers.
1. Which topology displays networking device layer IP addresses?
Playvolume00:00/01:03TruvidfullScreen

aerial topology

IP address topology

logical topology

 physical topology
Explanation: The logical topology shows the IP addresses assigned to device interfaces.
2. What kind of network would use point-to-point, hub and spoke, or mesh
topologies?
 PAN
 LAN
 WLAN
 WAN
Explanation: Wide Area Networks (WANs) come in many topologies, to include point-to-point,
hub-and-spoke, and mesh.
3. Which LAN topology is a hybrid topology?
 bus
 extended star
 ring
 star
Explanation: The extended star topology is considered a hybrid topology because it combines
multiple star topologies.
4. Which duplex communication method is used in WLANs?
 full-duplex
 half-duplex
 simplex
Explanation: Wireless LANs (WLANs) only support half-duplex because only one device can
access the media at a time.
5. Which media access control method is used in legacy Ethernet LANs?
 carrier sense multiple access/collision annoyance
 carrier sense multiple access/collision avoidance
 carrier sense multiple access/collision destruction
 carrier sense multiple access/collision detection
Explanation: Carrier sense multiple access /collision detection (CSMA/CD) is the media access
control method used in legacy Ethernet LANs.
1. What does the data link layer add to a Layer 3 packet to create a frame?
(Choose two.)
Playvolume00:00/01:03TruvidfullScreen

 flags
 sequence number
 header
 trailer
Explanation: The data link layer adds a header which contains the source and destination Layer
2 address and a trailer that contains a frame check sequence (FCS).
2. What is the function of the last field in a data link layer frame?
 To determine whether the frame experienced transmission errors
 To identify special flow control services such as quality of service (QoS)
 To identify the beginning and end limits of the frame
 To identify the Layer 3 protocol in the data field
Explanation: The last field in the data link frame is the frame check sequence (FCS) which is
used to determine if the frame has experienced transmission errors.
3. Which lists the Layer 2 and Layer 3 address fields in the correct order?
 destination NIC address, source NIC address, source IP address,
destination IP address
  source NIC address, destination NIC address, source IP address, destination IP address
 destination NIC address, source NIC address, destination IP address, source IP address
 source NIC address, destination NIC address, destination IP address, source IP address
Explanation: The correct order of Layer 2 and Layer 3 address fields is: destination NIC
address, source NIC address, source IP address, destination IP address
4. Which of the following are data link layer protocols? (Choose three)
 802.11
 Ethernet
 IP
 PPP
 UDP
Explanation: 802.11, Ethernet, and PPP are Layer 2 protocols. IP is Layer 3 and UDP is Layer
4.
1. Which part of an Ethernet Frame uses a pad to increase the frame field to
at least 64 bytes?
Playvolume00:00/01:03TruvidfullScreen

 EtherType
 Preamble
 Start of Frame Delimiter
 Data field
Explanation: All frames must be at least 64 bytes long. Additional bits called a “pad” are used to
increase the size of small frames to the minimum size.
2. Which part of an Ethernet frame detects errors in the frame?
 Preamble
 Start of Frame Delimiter
 Frame Check Sequence
Explanation: The FCS field uses a CRC to detect errors in a frame.
3. Which part of an Ethernet Frame describes the higher-layer protocol that is
encapsulated?
 EtherType
 Preamble
 Start of Frame Delimiter
 Frame Check Sequence
Explanation: The EtherType field identifies the upper layer protocol that is encapsulated in the
Ethernet Frame.
4. Which part of an Ethernet Frame notifies the receiver to get ready for a
new frame?
 Start of Frame Delimiter
 Frame Check Sequence
 Preamble
 Data field
Explanation: The first few bytes of the preamble inform the receiver of a new frame.
5. Which data link sublayer controls the network interface through software
drivers?
 MAC
 LLC
Explanation: The LLC sublayer is responsible for controlling the network interface card through
software drivers
6. Which data link sublayer works with the upper layers to add application
information for delivery of data to higher level protocols?
 MAC
 LLC
Explanation: The LLC works with upper layers to support higher level protocols.
7. What is a function of the MAC sublayer? (Choose three.)
 controls access to the media
  checks for errors in received bits
 uses CSMA/CD or CSMA/CA to support Ethernet technology
 communicates between software at the upper layers and the device hardware at the
lower layers
 allows multiple Layer 3 protocols to use the same network interface and media
Explanation: The MAC sublayer checks for bit errors, supports Ethernet technologies, and
controls access to the media.
1. What are two methods for switching data between ports on a switch?
(Choose two.)
Playvolume00:00/01:03TruvidfullScreen

 cut-off switching
 cut-through switching
 store-and-forward switching
 store-and-supply switching
 store-and-restore switching
Explanation: The two methods for switching data between ports on a switch are cut-through
switching and store-and-forward switching.
2. Which switching method can be implemented using fast-forward switching
or fragment-free switching?
 cut-off switching
 cut-through switching
 store-and-forward switching
 store-and-restore switching
Explanation: Cut-through switching is implemented using either fast-forward switching or
fragment-free switching.
3. Which two types of memory buffering techniques are used by switches?
(Choose two.)
 long-term memory buffering
 port-based memory buffering
 shared memory buffering
 short-term memory buffering
Explanation: Switches use two memory buffering techniques: Port-based memory buffering and
shared memory buffering.
4. What feature automatically negotiates the best speed and duplex setting
between interconnecting devices?
 auto-MDIX
 autobots
 autonegotiation
 autotune
Explanation: Autonegotiation is a technology that automatically negotiates the speed and duplex
between two connected devices.
1. Which OSI layer sends segments to be encapsulated in an IPv4 or IPv6
packet?
Playvolume00:00/01:03TruvidfullScreen

 data link layer

 network layer
 transport layer
 session layer
Explanation: Transport layer PDUs, called segments, are encapsulated at the network layer by
IPv4 and IPv6 into packets.
2. Which layer is responsible for taking an IP packet and preparing it for
transmission over the communications medium?
 physical layer
 network layer
  data link layer
 transport layer
Explanation: The data link layer receives IP packets from the network layer and encapsulates
them for transmission over the medium.
3. What is the term for splitting up an IP packet when forwarding it from one
medium to another medium with a smaller MTU?
 encapsulation
 fragmentation
 segmentation
 serialization
Explanation: Fragmentation is the process of splitting up IP packets to travel over a medium with
a smaller MTU.
4. Which delivery method does not guarantee that the packet will be
delivered fully without errors?
 connectionless
 best effort
 media independent
Explanation: Best effort delivery does not guarantee packets will be delivered to the destination.
1. What are the two most commonly referenced fields in an IPv4 packet
header that indicate where the packet is coming from and where it is going?
(Choose two.)
Playvolume00:00/01:03TruvidfullScreen

 destination IP address
 protocol
 Time to Live
 source IP address
 Differentiated Services (DS)
Explanation: The IP header fields that identify where the packet originated and where it is going
are Source IP Address and Destination IP Address.
2. Which statement is correct about IPv4 packet header fields?
 The source and destination IPv4 addresses remain the same while
travelling from source to destination.
 The Time to Live field is used to determine the priority of each packet.
 The Total Length and Header Checksum fields are used to reorder a fragmented packet.
 The Version field identifies the next level protocol.
Explanation: The source and destination IP addresses in the IP packet do not change in route
from source to destination.
3. Which field is used to detect corruption in the IPv4 header?
 Header Checksum
 Time to Live
 Protocol
 Differentiated Services (DS)
Explanation: The Header Checksum field in an IPv4 header is used to detect corrupt packets.
4. Which field includes common values such as ICMP (1), TCP (6), and UDP
(17)?
 Header Checksum
 Time to Live
 Protocol
 Differentiated Services (DS)
Explanation: The protocol field identifies the upper layer protocol that is carried inside the IP
packet. Common protocols are TCP, UDP, and ICMP.
1. Which three options are major issues associated with IPv4? (Choose three.)
Playvolume00:00/01:03TruvidfullScreen

 IP address depletion
  increased network complexity and Internet routing table expansion
 always on connections
 lack of end-to-end connectivity
 global and political boundaries
 too many IPv4 addresses available
Explanation: IPv4 was standardized in the 1980s and has several technological limitations, such
as lack of end-to-end connectivity and a depleted address space.
2. Which two options are improvements provided by IPv6 as compared to
IPv4? (Choose two.)
 header supports additional fields for complex packets
 increased the IP address space
 standardizes the use of NAT
 supports class-based networks
 uses a simpler header to provide improved packet handling
Explanation: There are several technical improvements made to IPv6, two of which are a vastly
larger IP address pool and a simplified protocol header.
3. Which is true of the IPv6 header?
 it consists of 20 octets.
 it consists of 40 octets.
 it contains 8 header fields.
 it contains 12 header fields.
Explanation: The IPv6 header is a fixed length of 40 octets and contains 8 header fields.
4. Which is true of the IPv6 packet header?
 The Hop Limit field replaces the IPv4 Time to Live field.
 The Source and Destination IPv6 addresses change while travelling from source to
destination.
 The Time to Live field replaces the DiffServ field.
 The Version field identifies the next header.
Explanation: Several fields in the IPv6 header replaced fields in the IPv4 header. For example,
the Hop Limit field replaced the IPv4 header Time to Live field.
1. Which statement about host forwarding decisions is true?
Playvolume00:00/01:00TruvidfullScreen

A host cannot ping itself.


A remote destination host is on the same local network as the sending host.

Local hosts can reach each other without the need of a router.

 Routing is enabled on switches to discover the best path to a destination.
Explanation: A router is not needed to forward packets between local hosts on the network.
2. Which default gateway statement is true?
 A default gateway is required to send packets to other hosts on the local network.
 The default gateway address is the IP address of a switch on a remote network.
 The default gateway address is the IP address of the router on the
local network.
 Traffic can only be forwarded outside the local network if there is no default gateway.
Explanation: The default gateway is the IP address of a router on the local network.
3. Which two commands could be entered on a Windows host to view its IPv4
and IPv6 routing table? (Choose two.)
 netroute -l
 netstat -r
 print route
 route print
 print net
Explanation: The commands netstat -r and route print will display the routing table of a Windows
host.
1. What is the command used on a Cisco IOS router to view the routing table?
Playvolume00:00/01:00TruvidfullScreen
 netstart -r

route print

show ip route

 show routing table
Explanation: The show ip route command is used to view the routing table on a Cisco router.
2. What does a code of “O” indicate next to a route in the routing table?
 a directly connected route
 a route with an administrative distance of 0
 a gateway of last resort
 a route learned dynamically from OSPF
Explanation: Codes at the beginning of each routing table entry are used to identify the type of
route or how the route was learned. A code of “O” indicates the route was learned from OSPF.
3. This type of route is also known as a gateway of last resort.
 static route
 remote route
 default route
 directly connected route
Explanation: A default route is also known as a gateway of last resort.
4. Which is a characteristic of static routes?
 They are manually configured.
 They are advertised to directly connected neighbors.
 They are appropriate when there are many redundant links.
 They automatically adjust to a change in network topology.
Explanation: Static routes are manually configured and do not adjust to changes in the network
topology and are not advertised to neighboring routers.
5. True or False? A router can be configured with a combination of both static
routes and a dynamic routing protocol.
 True
 False
Explanation: The correct answer is True. Routers can be configured with static routes and with a
dynamic routing protocol.
1. What destination MAC address would be included in a frame sent from a
source device to a destination device on the same local network?
Playvolume00:00/01:03TruvidfullScreen

 A broadcast MAC address of FF-FF-FF-FF-FF-FF.

 The MAC address of the destination device.
 The MAC address of the local router interface.
Explanation: When sending a frame to another device on the same local network, the device
sending the frame will use the MAC address of the destination device.
2. What destination MAC address would be included in a frame sent from a
source device to a destination device on a remote local network?
 A broadcast MAC address of FF-FF-FF-FF-FF-FF.
 The MAC address of the destination device.
 The MAC address of the local router interface.
Explanation: When sending a frame to another device on a remote network, the device sending
the frame will use the MAC address of the local router interface, which is the default gateway.
3. What two protocols are used to determine the MAC address of a known
destination device IP address (IPv4 and IPv6)?
 DHCP
 ARP
 DNS
 ND
Explanation: Address Resolution Protocol (ARP) is used to determine the device MAC address
of a known destination device IPv4 address. Neighbor Discovery (ND) is used to determine the
MAC address of a known destination device IPv6 address.
10. What two criteria are used to help select a network medium from various
network media? (Choose two.)
 the types of data that need to be prioritized
 the cost of the end devices utilized in the network
 the distance the selected medium can successfully carry a signal
 the number of intermediate devices installed in the network
 the environment where the selected medium is to be installed

1. What two functions are provided by ARP? (Choose two.)

Playvolume00:00/01:00TruvidfullScreen

Maintains a table of IPv4 address to domain names

Maintains a table of IPv4 to MAC address mappings
 Maintains a table of IPv6 to MAC address mappings
 Resolves IPv4 addresses to domain names
 Resolves IPv4 addresses to MAC addresses
 Resolves IPv6 addresses to MAC addresses
Explanation: ARP has two primary functions: maintain a table of IPv4 to MAC address mappings
and determine the MAC addresses of known IPv4 addresses.
2. Where is the ARP table stored on a device?
 ROM
 flash
 NVRAM
 RAM
Explanation: The ARP table is cached temporarily in RAM.
3. Which statement is true about ARP?
 An ARP cache cannot be manually deleted.
 ARP entries are cached permanently.
 ARP entries are cached temporarily.
Explanation: The ARP table is cached temporarily in RAM.
4. Which command could be used on a Cisco router to view its ARP table?
 arp -a
 arp -d
 show arp table
 show ip arp
Explanation: The command show ip arp is used on Cisco routers to view the ARP table.
5. What is an attack using ARP?
 ARP broadcasts
 ARP hopping attacks
 ARP poisoning
 ARP starvation
Explanation: Two security issues with ARP Requests are that ARP messages are sent as
broadcasts and can be spoofed.
1. Which two ICMPv6 messages are used in SLAAC?
Playvolume00:00/01:03TruvidfullScreen

 Neighbor Advertisement
 Neighbor Solicitation
 Router Advertisement
 Router Solicitation
Explanation: The two ICMPv6 messages used in SLAAC are the router solicitation and the
router advertisement.
2. Which two ICMPv6 messages are used in to determine the MAC address of
a known IPv6 address?
 Neighbor Advertisement
 Neighbor Solicitation
 Router Advertisement
 Router Solicitation
Explanation: The two ICMPv6 messages used in determining the MAC address of a known IPv6
address are the neighbor solicitation and the neighbor advertisement.
3. To what type of address are ICMPv6 neighbor solicitation messages sent?
 unicast
 multicast
 broadcast
Explanation: ICMPv6 neighbor solicitation messages are sent as a multicast.
1. Host-A has the IPv4 address and subnet mask 10.5.4.100 255.255.255.0.
What is the network address of Host-A?
Playvolume00:00/01:03TruvidfullScreen

 10.0.0.0
 10.5.0.0
 10.5.4.0
 10.5.4.100
Explanation: The network address for 10.5.4.100 with a subnet mask of 255.255.255.0 is
10.5.4.0.
2. Host-A has the IPv4 address and subnet mask 172.16.4.100 255.255.0.0.
What is the network address of Host-A?
 172.0.0.0
 172.16.0.0
 172.16.4.0
 172.16.4.100
Explanation: The network address for 172.16.4.100 with a subnet mask of 255.255.0.0 is
172.16.0.0.
3. Host-A has the IPv4 address and subnet mask 10.5.4.100 255.255.255.0.
Which of the following IPv4 addresses would be on the same network as
Host-A? (Choose all that apply)
 10.5.4.1
 10.5.0.1
 10.5.4.99
 10.0.0.98
 10.5.100.4
Explanation: Host A is on network 10.5.4.0. Therefore, devices with the IPv4 addresses 10.5.4.1
and 10.5.4.99 are on the same network.
4. Host-A has the IPv4 address and subnet mask 172.16.4.100 255.255.0.0.
Which of the following IPv4 addresses would be on the same network as
Host-A? (Choose all that apply)
 172.16.4.99
 172.16.0.1
 172.17.4.99
 172.17.4.1
 172.18.4.1
Explanation: Host A is on network 172.16.0.0. Therefore, devices with the IPv4 addresses
172.16.4.99 and 172.16.0.1 are on the same network.
5. Host-A has the IPv4 address and subnet mask 192.168.1.50 255.255.255.0.
Which of the following IPv4 addresses would be on the same network as
Host-A? (Choose all that apply)
 192.168.0.1
 192.168.0.100
 192.168.1.1
  192.168.1.100
 192.168.2.1
Explanation: Host A is on network 192.168.1.0. Therefore, devices with the IPv4 addresses
192.168.1.1 and 192.168.1.100 are on the same network.
1. Which two statements are correct about private IPv4 addresses? (Choose
two.)
Playvolume00:00/01:03TruvidfullScreen

 Private IPv4 addresses are assigned to devices within an

organization’s intranet (internal network).
 Internet routers will typically forward any packet with a destination address that is a
private IPv4 address.
 172.99.1.1 is a private IPv4 address.
 Any organization (home, school, office, company) can use the
10.0.0.0/8 address.
Explanation: Private IPv4 addresses are assigned to devices within an organization’s intranet
(internal network) and any organization (home, school, office, company) can use the 10.0.0.0/8
address.
2. Which two statements are correct about public IPv4 addresses? (Choose
two.)
 Public IPv4 addresses are allowed to be assigned to devices within an organization’s
intranet (internal network).
 To access a device over the internet, the destination IPv4 address
must be a public address.
 192.168.1.10 is a public IPv4 address.
 Public IPv4 address exhaustion is a reason why there are private IPv4
addresses and why organizations are transitioning to IPv6.
Explanation: To access a device over the internet, the destination IPv4 address must be a public
address. Public IPv4 address exhaustion is a reason why there are private IPv4 address and why
organizations are transitioning to IPv6.
3. Which organization or group of organizations receives IP addresses from
IANA and is responsible for allocating these addresses to ISPs and some
organizations?
 IETF
 IEEE
 RIRs
 Tier 1 ISPs
Explanation: RIRs receive IP addresses from IANA and are responsible for allocating these
addresses to ISPs and some other organizations.
1. Which devices will not forward an IPv4 broadcast packet by default?
Playvolume00:00/01:03TruvidfullScreen

Ethernet switch

router

 Windows PC
 None of the above. All devices forward IPv4 broadcast packets by default.
Explanation: Routers will not forward an IPv4 broadcast packet by default.
2. Which two situations are the result of excessive broadcast traffic? (Choose
two)
 slow network operations
 slow device operations
 when devices on all adjacent networks are affected
 when the router has to forward an excessive number of packets
Explanation: Slow network operations and slow device operations are the result of excessive
broadcast traffic.
1. What is the most important motivating factor for moving to IPv6?
Playvolume00:00/01:03TruvidfullScreen
  better performance with IPv6
 IPv6 addresses that are easier to work with
 better security with IPv6
 depletion of IPv4 addresses
Explanation: The main driver or most important factor for IPv6 is the depletion of the IPv4
address space.
2. True or False: 4 out of 5 RIRs no longer have enough IPv4 addresses to
allocate to customers on a regular basis.
 True
 False
Explanation: The correct answer is True. Four of the five RIRs, ARIN, APNIC, LACNIC, and
RIPENCC have exhausted their IPv4 address pools. Only AfriNIC has remaining IPv4 address
space to allocate to customers.
3. Which of the following techniques use native IPv6 connectivity?
 dual stack
 tunneling
 translation
 all of the above
Explanation: Only dual stack uses native IPv6 connectivity.
1. What is the recommended prefix length for most IPv6 subnets?
Playvolume00:00/01:03TruvidfullScreen

/32

/48

/64

 /128
Explanation: Most IPv6 subnets will have a prefix length of /64.
2. Which part of a GUA is assigned by the ISP?
 Global Routing Prefix
 Global Routing Prefix and Subnet ID
 Prefix
 RIR Prefix
Explanation: The global routing prefix is the part of a GUA that is assigned by an ISP.
3. Which type of IPv6 unicast address is not routable between networks?
 unique local address
 GUA
 embedded IPv4 address
 LLA
Explanation: Link-local IPv6 addresses are for link only communication and are not routable.
4. True or False: The Subnet ID field in an GUA must borrow bits from the
interface ID.
 True
 False
Explanation: The correct answer is False. GUAs do not use a bit from the interface ID to create
subnets.
5. What type of IPv6 address begins with fe80?
 GUA
 LLA
 multicast address
 None. An IPv6 address must begin with 2001
Explanation: Link-local IPv6 addresses start with the prefix fe80.
1. True or False. RA messages are sent to all IPv6 routers by hosts requesting
addressing information.
Playvolume00:00/01:03TruvidfullScreen
  True
 False
Explanation: The correct answer is False. Router Advertisement (RA) messages are sent to all
IPv6 nodes. If Method 1 (SLAAC only) is used, the RA includes network prefix, prefix-length, and
default-gateway information.
2. Which dynamic addressing method for GUAs is the one where devices rely
solely on the contents of the RA message for their addressing information?
 Method 1: SLAAC
 Method 2: SLAAC and Stateless DHCPv6
 Method 3: Stateful DHCPv6
Explanation: SLAAC is a method where devices create their own GUA without the services of
DHCPv6. Using SLAAC, devices rely on the local router ICMPv6 RA messages to obtain the
necessary information.
3. Which dynamic addressing method for GUAs is the one where devices rely
solely on a DHCPv6 server for their addressing information?
 Method 1: SLAAC
 Method 2: SLAAC and Stateless DHCPv6
 Method 3: Stateful DHCPv6
Explanation: Stateful DHCPv6 is a method where devices automatically receive their addressing
information including a GUA, prefix length, and the addresses of DNS servers from a stateful
DHCPv6 server.
4. Which dynamic addressing method for GUAs is the one where devices get
their IPv6 configuration in a RA message and request DNS information from a
DHCPv6 server?
 Method 1: SLAAC
 Method 2: SLAAC and Stateless DHCPv6
 Method 3: Stateful DHCPv6
Explanation: SLAAC and stateless DHCPv6 is a method where devices use SLAAC for the GUA
and default gateway address. The devices then use a stateless DHCPv6 server for DNS servers
and other addressing information.
5. What are the two methods a device can use to generate its own IPv6
interface ID?
 SLAAC
 stateless DHCPv6
 stateful DHCPv6
 EUI-64
 randomly generated
Explanation: When the RA message is either SLAAC or SLAAC with stateless DHCPv6, the
client must generate its own interface ID using the EUI-64 process or a randomly generated 64-bit
number.
1. True or False? IPv6 was designed with subnetting in mind.
Playvolume00:00/01:03TruvidfullScreen

 True
 False
Explanation: The correct answer is True. IPv6 has a separate subnet ID field in the network
prefix portion of the address that can be used to create subnets.
2. Which field in an IPv6 GUA is used for subnetting?
 Prefix
 Network
 Global Routing Prefix
 Subnet ID
 Interface ID
Explanation: The Subnet ID field, which is between the Global Routing Prefix field and the
Interface ID field, is used for subnetting.
3. Given a /48 Global Routing Prefix and a /64 prefix, what is the subnet
portion of the following address: 2001:db8:cafe:1111:2222:3333:4444:5555
 café
 1111
 2222
 3333
 4444
Explanation: The subnet portion of the address is the 16 bits between the /48 and /64 prefixes,
which are 2222.
4. Given a /32 Global Routing Prefix and a /64 prefix, how many bits would be
allocated for the Subnet ID?
 8
 16
 32
 48
 64
Explanation: The subnet portion of the address consists of the 32 bits between the /32 and /64
prefixes.
26. Which two types of IPv6 messages are used in place of ARP for address
resolution?
 anycast
 broadcast
 echo reply
 echo request
 neighbor solicitation
 neighbor advertisement
A network administrator is testing network connectivity by issuing the ping
command on a router. Which symbol will be displayed to indicate that a time
expired during the wait for an ICMP echo reply message?
 U
 .
 !
 $
13. What is the aim of an ARP spoofing attack?
 to associate IP addresses to the wrong MAC address
 to overwhelm network hosts with ARP requests
 to flood the network with ARP reply broadcasts
 to fill switch MAC address tables with bogus addresses

1. Which two types of ICMP messages are common to both ICMPv4 and
ICMPv6? (Choose two.)
Playvolume00:00/01:03TruvidfullScreen

 Destination or Service Unreachable

 Hostname resolution
 IP configuration
 Source Unreachable
 Time exceeded
Explanation: ICMP messages common to both ICMPv4 and ICMPv6 include host confirmation,
destination or service unreachable, and time exceeded.
2. Which type of ICMPv6 message would a host send to acquire an IPv6
configuration when booting up?
 Neighbor Advertisement (NA) message
 Neighbor Solicitation (NS) message
 Router Advertisement (RA) message
 Router Solicitation (RS) message
Explanation: An IPv6-enabled host booting up would send an ICMPv6 router solicitation
message. An IPv6-enabled router would respond with a router advertisement message.
1. Which layer is responsible for establishing a temporary communication
session between the source and destination host applications?
Playvolume00:00/01:03TruvidfullScreen

 application layer
 data link layer
 network layer
 physical layer
 transport layer
Explanation: The transport layer is responsible for establishing a temporary communication
session between the source and destination host applications.
2. Which three are transport layer responsibilities? (Choose three.)
 conversation multiplexing
 identifying frames
 identifying routing information
 segmenting data and reassembling segments
 tracking individual conversations
Explanation: The transport layer is responsible for conversation multiplexing, segmenting data
and reassembling segments, and tracking individual conversations.
3. Which transport layer protocol statement is true?
 TCP has fewer fields than UDP.
 TCP is faster than UDP.
 UDP is a best-effort delivery protocol.
 UDP provides reliability.
Explanation: UDP is a best-effort delivery protocol while TCP is a reliable transport protocol.
4. Which transport layer protocol would be used for VoIP applications?
 Session Information Protocol (SIP)
 Transmission Control Protocol (TCP)
 User Datagram Protocol (UDP)
 VoIP Transfer Protocol
Explanation: UDP would be used by time sensitive VoIP applications.
1. Which transport layer protocol ensures reliable same-order delivery?
Playvolume00:00/01:03TruvidfullScreen

ICMP

IP

TCP

 UDP
Explanation: The TCP transport layer protocol ensures reliable same-order delivery.
2. Which TCP header statement is true?
 It consists of 4 fields in an 8-byte header.
 It consists of 8 fields in a 10-byte header.
 It consists of 10 fields in a 20-byte header.
 It consists of 20 fields in a 40-byte header.
Explanation: The TCP header consists of 10 fields in a 20-byte header.
3. Which two applications would use the TCP transport layer protocol?
(Choose two.)
 FTP
 HTTP
 ICMP
 TFTP
 VoIP
Explanation: FTP and HTTP require the use of the TCP transport layer protocol.
1. Which of the following is a stateless best-effort delivery transport layer
protocol?
Playvolume00:00/01:03TruvidfullScreen
 ICMP

IP

TCP

UDP

Explanation: UDP is a stateless best-effort delivery transport layer protocol.
2. Which UDP header statement is true?
 It consists of 4 fields in an 8-byte header.
 It consists of 8 fields in a 10-byte header.
 It consists of 10 fields in a 20-byte header.
 It consists of 20 fields in a 40-byte header.
Explanation: The UDP header consists of four fields in an 8-byte header.
3. Which two applications would use the UDP transport layer protocol?
(Choose two.)
 FTP
 HTTP
 ICMP
 TFTP
 VoIP
Explanation: TFTP and VoIP require the use of the UDP transport layer protocol.
4. Which two fields are the same in a TCP and UDP header? (Choose two.)
 Control bits
 Destination port number
 Sequence number
 Source port number
 Well-known port number
Explanation: Both TCP and UDP headers include a source and destination port number fields.
1. Assume a host with IP address 10.1.1.10 wants to request web services
from a server at 10.1.1.254. Which of the following would display the correct
socket pair?
Playvolume00:00/01:03TruvidfullScreen

 1099:10.1.1.10, 80:10.1.1.254
 10.1.1.10:80, 10.1.1.254:1099
 10.1.1.10:1099, 10.1.1.254:80
 80:10.1.1.10, 1099:10.1.1.254
Explanation: The socket pair for a host with IP address 10.1.1.10 requesting web services from
a server at 10.1.1.254 would be 10.1.1.10:1099, 10.1.1.254:80.
2. Which port group includes port numbers for FTP, HTTP, and TFTP
applications?
 dynamic ports
 private ports
 registered ports
 well-known ports
Explanation: FTP, HTTP, and TFTP applications port numbers are defined in the well-known
port numbers group.
3. Which Windows command would display the protocols in use, the local
address and port numbers, the foreign address and port numbers, and the
connection state?
 ipconfig /all
 ping
 netstat
 traceroute
Explanation: The netstat Windows command would display protocols in use, the local address
and port numbers, the foreign address and port numbers, and the connection state.
1. Which of the following would be valid source and destination ports for a
host connecting to an email server?
Playvolume00:00/01:03TruvidfullScreen

 Source: 25, Destination: 49152

 Source: 80, Destination: 49152
 Source: 49152, Destination: 25
 Source: 49152, Destination: 80
Explanation: The destination port is the well-known port for Simple Mail Transport Protocol,
which is 25. This is the port that the mail server will be listening on. The source port is dynamically
selected by the requesting client and can be 49152.
2. Which control bit flags are used during the three-way handshake?
 ACK and FIN
 FIN and RESET
 RESET and SYN
 SYN and ACK
Explanation: The three-way handshake consists of a three message exchanges with the
following control bit flags: SYN, SYN ACK, and ACK.
3. How many exchanges are needed to end both sessions between two hosts?
 one exchange
 two exchanges
 three exchanges
 four exchanges
 five exchanges
Explanation: There are four exchanges to end both sessions between two hosts. (1) Host A
sends a FIN. (2) Host B sends an ACK. (3) Host B sends a FIN. (4) Host A sends an ACK.
1. What field is used by the destination host to reassemble segments into the
original order?
Playvolume00:00/01:00TruvidfullScreen

Control Bits
Destination Port
Sequence Number
 Source Port
 Window Size
Explanation: The sequence number field is used by the destination host to reassemble
segments into the original order.
2. What field is used to provide flow control?
 Control Bits
 Destination Port
 Sequence Number
 Source Port
 Window Size
Explanation: The Window Size field is used to provide flow control.
3. What happens when a sending host senses there is congestion?
 The receiving host increases the number of bytes it sends before receiving an
acknowledgment from the sending host.
 The receiving host reduces the number of bytes it sends before receiving an
acknowledgment from the sending host.
 The sending host increases the number of bytes it sends before receiving an
acknowledgment from the destination host.
 The sending host reduces the number of bytes it sends before
receiving an acknowledgment from the destination host.
Explanation: When a sending host senses congestion, it reduces the number of bytes it sends
before receiving an acknowledgment from the destination host.
1. Why is UDP desirable for protocols that make a simple request and reply
transactions?
Playvolume00:00/01:03TruvidfullScreen

Flow Control
Low overhead
 Reliability
 Same-order delivery
Explanation: UDP is desirable for protocols that make simple request and reply transactions
because of its low overhead.
2. Which UDP datagram reassembly statement is true?
 UDP does not reassemble the data.
 UDP reassembles the data in the order that it was received.
 UDP reassembles the data using control bits.
 UDP reassembles the data using sequence numbers.
Explanation: UDP reassembles the data in the order that it was received.
3. Which of the following would be valid source and destination ports for a
host connecting to a DNS server?
 Source: 53, Destination: 49152
 Source: 1812, Destination: 49152
 Source: 49152, Destination: 53
 Source: 49152, Destination: 1812
Explanation: The correct valid source and destination ports for a host requesting DNS service is
Source: 49152, Destination: 53.
1. This layer of the OSI model is concerned with the protocols that exchange
data between programs running on hosts.
Playvolume00:00/01:00TruvidfullScreen

 application
 transport
 network
 physical
Explanation: The application layer of the OSI model is the layer that is closest to the end user. It
provides an interface between application protocols exchanging data between hosts.
2. MKV, GIF, and JPG standards are associated with which OSI layer?
 application
 presentation
 session
 transport
Explanation: The presentation layer is concerned with formatting and presenting data in a format
that is compatible with the destination device. Examples of presentation layer standards are MKV,
GIF, JPG, MOV, and PNG.
3. These three OSI layers define the same functions as the TCP/IP model
application layer.
 application
 presentation
 session
 transport
 network
 data link
Explanation: The upper three OSI layers; application, presentation, and session, define the
application layer functions of the TCP/IP model.
4. Which two are protocols that belong in the OSI application layer?
 PNG
 DNS
 SMTP
 QuickTime
Explanation: The application layer of the OSI model provides an interface between applications
protocols exchanging data between hosts. Protocols at the application layer include DNS, HTTP,
SMTP, FTP, and IMAP.
5. This is a function of the OSI session layer.
 compress and decompress data
 provide an interface between applications
 format data for the application layer
 exchange of information to initiate dialog between peers
Explanation: The session layer of the OSI model creates and maintains the dialogs, or sessions,
between two communicating hosts.
1. True or false? The peer-to-peer networking model requires the
implementation of a dedicated server for data access.
Playvolume00:00/01:00TruvidfullScreen

 True
 False
Explanation: The correct answer is False. In the peer-to-peer model, clients can share resources
without using a dedicated server.
2. True or false? In a peer-to-peer network environment every peer can
function as both a client and a server.
 True
 False
Explanation: The correct answer is True. A peer-to-peer network does not require a dedicated
server because each peer can function as both a client and as a server.
3. Which peer-to-peer application allows users to share pieces of many files
with each other at the same time?
 Hybrid
 Gnutella
 BitTorrent
Explanation: BitTorrent clients use a torrent file to locate other clients that are sharing pieces of
needed files. In this way, many files can be shared between clients at the same time.
4. Which of the following is a feature of the Gnutella protocol?
 Users can share whole files with other users.
 Users can share pieces of files with other users.
 Users can access an index server to get the location of resources shared by other users.
Explanation: Gnutella is a peer-to-peer protocol that allows users to share whole files with other
users.
1. This message type is used when uploading data files to a web server.
Playvolume00:00/01:03TruvidfullScreen

GET
POST
 PUT
Explanation: HTTP uses the POST message to upload data files to a web server. The GET
message is used by clients to request data and the PUT message is used to upload content such as
images.
2. This protocol is used by a web browser to establish a connection to a web
server.
 HTTP
 SSL
 IMAP
 SMTP
Explanation: Web browsers connect to web servers over HTTP. IMAP and SMTP are email
protocols. SSL is an encryption protocol used with HTTPS.
3. This protocol is used by a client to send email to a mail server.
  POP
 SMTP
 IMAP
 HTTP
Explanation: Email clients connect to SMTP servers over port 25 to send email. POP and IMAP
are used by clients to receive email. HTTP is used between web browsers and web servers.
4. Which is a feature of IMAP?
 It uploads email messages to a server.
 It listens passively on port 110 for client requests.
 It downloads a copy of email messages leaving the original on the
server.
Explanation: IMAP is a protocol for clients to retrieve copies of email messages from an IMAP
server. The original messages remain on the server until manually deleted.
5. True or false? HTTP is a secure protocol.
 True
 False
Explanation: The correct answer is False. HTTP sends information in plaintext and is not
considered secure. If security is desired, HTTP Secure (HTTPS) should be used.
1. Which of the following DNS record types is used to resolve IPv6 addresses?
Playvolume00:00/01:03TruvidfullScreen

A
NS

AAAA

 MX
Explanation: DNS AAAA records are used to resolve names to IPv6 addresses.
2. True or false? A DNS server that receives a request for a name resolution
that is not within its DNS zone will send a failure message to the requesting
client.
 True
 False
Explanation: The correct answer is False. When a DNS server receives a name resolution
request for a name not within its zone, the serve will forward the request to another DNS server.
3. Which of the following is displayed by the nslookup utility?
 the configured default DNS server
 the IP address of the end device
 all cached DNS entries
Explanation: By issuing the nslookup command, the default DNS server that is configured is
displayed.
4. Which of the following DNS resource record types resolves authoritative
name servers?
 NS
 A
 MX
 AAAA
Explanation: NS records resolve authoritative name servers. DNS A records resolve IPv4
addresses. AAAA records resolve IPv6 addresses, and MX records resolve mail exchange servers.
1. How many connections are required by FTP between client and server?
Playvolume00:00/01:03TruvidfullScreen

 1
 2
 3
 4
Explanation: FTP requires two connections between the client and the server. One connection is
over port 21 for client commands and server replies. The other connection is over port 20 for data
transfer.
2. True or false? FTP data transfers take place from client to server (push)
and from server to client (pull).
 True
 False
Explanation: The correct answer is True. Data transfer over FTP can take place in either
direction, uploads from client to server, or downloads from server to client.
3. Which of these ports are used by FTP? (Choose two.)
 20
 21
 25
 110
Explanation: Ports 20 and 21 are used by FTP.
4. True or false? Resource sharing over SMB is only supported on Microsoft
operating systems.
 True
 False
Explanation: The correct answer is False. Resource sharing over SMB is also supported by
Apple Macintosh. Linux and Unix operating systems use a version of SMB called SAMBA.
1. What kind of threat is described when a threat actor sends you a virus that
can reformat your hard drive?

 data loss or manipulation

 disruption of service
 identify theft
 information theft
Explanation: Sending a virus that will format the hard drive of a computer is an example of data
loss or manipulation threat.
2. What kind of threat is described when a threat actor makes illegal online
purchases using stolen credit information?
 data loss or manipulation
 disruption of service
 identify theft
 information theft
Explanation: Using stolen credit or identity information to make illegal online purchases is an
example of identity theft.
3. What kind of threat is described when a threat actor prevents legal users
from accessing data services?
 data loss or manipulation
 disruption of service
 identify theft
 information theft
Explanation: Disruption of service attacks occur when legitimate users are prevented from
accessing data and services.
4. What kind of threat is described when a threat actor steals scientific
research data?
 data loss or manipulation
 disruption of service
 identify theft
 information theft
Explanation: Stealing research data or proprietary information is an example of information theft.
5. What kind of threat is described when a threat actor overloads a network
to deny other users network access?
 data loss or manipulation
  disruption of service
 identify theft
 information theft
Explanation: Disruption of service attacks occur when legitimate users are prevented from
accessing data and services or the network.
6. What kind of threat is described when a threat actor alters data records?
 data loss or manipulation
 disruption of service
 identify theft
 information theft
Explanation: Altering data records is an example of data loss or manipulation.
7. What kind of threat is described when a threat actor is stealing the user
database of a company?
 data loss or manipulation
 disruption of service
 identify theft
 information theft
Explanation: Stealing data records or proprietary information is an example of information theft.
8. What kind of threat is described when a threat actor impersonates another
person to obtain credit information about that person?
 data loss or manipulation
 disruption of service
 identify theft
 information theft
Explanation: Using identity information to impersonate someone to obtain credit is an example
of identity theft.
1. Angela, an IT staff member at ACME Inc., notices that communication with
the company’s web server is very slow. After investigating, she determines
that the cause of the slow response is a computer on the internet sending a
very large number of malformed web requests to ACME’S web server. What
type of attack is described in this scenario?
Playvolume00:00/01:03TruvidfullScreen

 access attack
 denial of service (DoS) attack
 malware attack
 reconnaissance attack
Explanation: A denial of service (DoS) attack, if successful, prevents authorized users from
accessing system resources.
2. George needed to share a video with a co-worker. Because of the large size
of the video file, he decided to run a simple FTP server on his workstation to
serve the video file to his co-worker. To make things easier, George created
an account with the simple password of “file” and provided it to his co-
worker on Friday. Without the proper security measures or a strong
password, the IT staff was not surprised to learn on Monday that George’s
workstation had been compromised and was trying to upload work related
documents to the internet. What type of attack is described in this scenario?
 access attack
 denial of service (DoS) attack
 malware attack
 reconnaissance attack
Explanation: An access attack, if successful, exploits known vulnerabilities. These attacks can
allow a threat actor to gain access to resources they have no rights to access.
3. Jeremiah was browsing the internet from his personal computer when a
random website offered a free program to clean his system. After the
executable was downloaded and running, the operating system crashed.
Crucial operating system related files had been corrupted and Jeremiah’s
computer required a full disk format and operating system re-installation.
What type of attack is described in this scenario?
 access attack
 denial of service (DoS) attack
 malware attack
 reconnaissance attack
Explanation: Malware attacks include viruses, worms, and Trojan horses. These types of attacks
can result in crashed systems and deleted or corrupted files.
4. Arianna found a flash drive lying on the pavement of a mall parking lot.
She asked around but could not find the owner. She decided to keep it and
plugged it into her laptop, only to find a photo folder. Feeling curious,
Arianna opened a few photos before formatting the flash drive for her own
use. Afterwards, Arianna noticed that her laptop camera was active. What
type of attack is described in this scenario?
 access attack
 denial of service (DoS) attack
 malware attack
 reconnaissance attack
Explanation: Malware attacks include viruses, worms, and Trojan horses. These types of attacks
can allow a threat actor to take control of an infected system.
5. A computer is used as a print server for ACME Inc. The IT staff failed to
apply security updates to this computer for over 60 days. Now the print
server is operating slowly, and sending a high number of malicious packets to
its NIC. What type of attack is described in this scenario?
 access attack
 denial of service (DoS) attack
 malware attack
 reconnaissance attack
Explanation: A denial of service (DoS) attack, if successful, prevents authorized users from
accessing system resources.
6. Sharon, an IT intern at ACME Inc., noticed some strange packets while
revising the security logs generated by the firewall. A handful of IP addresses
on the internet were sending malformed packets to several different IP
addresses, at several different random port numbers inside ACME Inc. What
type of attack is described in this scenario?
 access attack
 denial of service (DoS) attack
 malware attack
 reconnaissance attack
Explanation: In a reconnaissance attack, the threat actor can probe a system to find what ports
are open, and what services are running.
1. Which device controls traffic between two or more networks to help
prevent unauthorized access?
Playvolume00:00/01:03TruvidfullScreen

 AAA Server
 firewall
 ESA/WSA
 IPS
Explanation: A firewall is a dedicated device that helps prevent unauthorized access by not
allowing external traffic to initiate connections to internal hosts.
2. Which device is used by other network devices to authenticate and
authorize management access?
 AAA Server
 firewall
 ESA/WSA
 IPS
Explanation: AAA servers perform authentication, authorization and accounting services on
behalf of other devices to manage access to resources.
3. Which backup policy consideration is concerned with using strong
passwords to protect the backups and for restoring data?
 frequency
 storage
 security
 validation
Explanation: Backup validation is concerned with using strong passwords to protect backups
and for restoring data.
4. This zone is used to house servers that should be accessible to outside
users.
 inside
 outside
 internet
 DMZ
Explanation: The DMZ, or demilitarized zone, is used for servers that need to be accessible to
external users.
5. Which is appropriate for providing endpoint security?
 a AAA server
 antivirus software
 a server-based firewall
 an ESA/WSA
Explanation: Antivirus software running on an endpoint or host is part of a comprehensive
endpoint security solution.
1. Which statement correctly relates to a small network?
Playvolume00:00/01:03TruvidfullScreen

Small networks are complex.


Small networks require an IT department to maintain.

The majority of businesses are small.

Explanation: The majority of businesses are small.
2. Which factor must be considered when selecting network devices?
 color
 console connections
 cost
 elasticity
Explanation: Factors to be considered include cost, speed and types of ports/interfaces,
expandability, and operating system features and services.
3. What is necessary to plan and use when implementing a network?
 device names
 IP addressing scheme
 MAC addressing scheme
 printer location
Explanation: When implementing a network, planning and using an IP addressing scheme is
necessary.
4. What is required to maintain a high degree of reliability and eliminate
single points of failure?
 accessibility
 expandability
 integrity
 redundancy
Explanation: Redundancy is required to maintain a high degree of reliability and eliminate single
points of failure.
5. What is required to classify traffic according to priority?
 IP addressing scheme
 quality of service (QoS)

 routing
 switching
Explanation: QoS is required to classify traffic according to priority.
1. What are two forms of software programs or processes that provide access
to the network? (Choose two.)
Playvolume00:00/01:03TruvidfullScreen

antivirus software
application layer services
 gaming software
 network applications
 productivity software
 virtual machine software
Explanation: Application layer services and network applications are two forms of software
programs that provide access to the network.
2. Which two network protocols are used to establish a remote access
network connection to a device? (Choose two.)
 File Transfer Protocol (FTP)
 Hypertext Transfer Protocol (HTTP).
 Remote Connect (RC)
 Secure Shell (SSH)
 Simple Mail Transfer Protocol (SMTP)
 Telnet
Explanation: SSH and Telnet are two network protocols that are used to establish a remote
access network connection to a device.
1. Which elements are required to scale to a larger network? (Choose two.)
Playvolume00:00/01:03TruvidfullScreen

budget

 device configurations
 increased bandwidth
 network documentation
 windows hosts
Explanation: Elements to scale to a larger network include budget, device inventory, network
documentation, and traffic analysis.
2. Which software installed on key hosts can reveal the types of network
traffic flowing through the network?
 Linux
 MacOS
 SSH
 Windows
 Wireshark
Explanation: Wireshark can reveal the types of network traffic flowing through the network.
3. What Windows 10 tool is useful to determine which applications are using
network services on a host?
 Control panel
 Data Usage
 File Manager
 Windows Defender Firewall
 Windows Explorer
Explanation: The Windows 10 Data Usage tool is useful to determine which applications are
using network services on a host.
1. A technician is troubleshooting a network problem and has just established
a theory of probable causes. What would be the next step in the
troubleshooting process?
Playvolume00:00/01:03TruvidfullScreen
  Document findings, actions, and outcomes.
 Establish a plan of action and implement the solution.
 Identify the problem.
 Test the theory to determine cause.
 Verify solution and implement preventive measures.
Explanation: The next step after “Establish a Theory of Probable Causes” is to “Test the Theory
to Determine Cause”.
2. A technician is troubleshooting a network problem. After troubleshooting,
the technician concludes that a switch should be replaced. What should the
technician do next?
 Email all users to let them know they are replacing a switch.
 Escalate the trouble ticket to the manager to approve the change.
 Purchase a new switch and replace the defective one.
 Resolve the problem.
Explanation: The technician should escalate the problem to their manager.
3. A technician is using the debug ip icmp privileged EXEC command to
capture live router output. Which commands would stop this debug command
on a Cisco router? (Choose two.)
 debug ip icmp off
 no debug debug ip icmp
 no debug ip icmp
 undebug all
 undebug debug ip icmp
Explanation: To disable the debug ip icmp command you can use no debug ip icmp, undebug ip
icmp, or undebug all.
4. A technician has established a remote connection to router R1 to observe
debug output. The technician enters the debug ip icmp command then pings
a remote destination. However, no output is displayed. Which command
would the technician have to enter to display log messages on a remote
connection?
 monitor debug output
 monitor terminal
 terminal monitor
 terminal monitor debug
Explanation: The terminal monitor command displays log messages on a remote connection.

Introduction to Networks (Version 7.0) – ITNv7 Practice Final Exam

Answers
1. A client packet is received by a server. The packet has a destination port
number of 22. What service is the client requesting?
 SSH
 TFTP
 DHCP
 DNS
2. Refer to the exhibit. What does the value of the window size specify?

 the amount of data that can be sent at one time

  the amount of data that can be sent before an acknowledgment is
required
 the total number of bits received during this TCP session
 a random number that is used in establishing a connection with the 3-way handshake
Explanation: The window size determines the number of bytes that can be sent before expecting
an acknowledgment. The acknowledgment number is the number of the next expected byte.
3. To which TCP port group does the port 414 belong?
 well-known
 private or dynamic
 public
 registered
Explanation: Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
4. Refer to the exhibit. An administrator is trying to configure the switch but
receives the error message that is displayed in the exhibit. What is the
problem?

 The entire command, configure terminal, must be used.

 The administrator is already in global configuration mode.
 The administrator must first enter privileged EXEC mode before
issuing the command.
 The administrator must connect via the console port to access global configuration mode.
Explanation: In order to enter global configuration mode, the command configure terminal, or a
shortened version such as config t, must be entered from privileged EXEC mode. In this scenario
the administrator is in user EXEC mode, as indicated by the > symbol after the hostname. The
administrator would need to use the enable command to move into privileged EXEC mode before
entering the configure terminal command.
5. What is a user trying to determine when issuing a ping 10.1.1.1 command
on a PC?
 if the TCP/IP stack is functioning on the PC without putting traffic on the wire
 if there is connectivity with the destination device
 the path that traffic will take to reach the destination
 what type of device is at the destination
Explanation: The ping destination command can be used to test connectivity.
6. What is a characteristic of a switch virtual interface (SVI)?
 An SVI is created in software and requires a configured IP address
and a subnet mask in order to provide remote access to the switch.
 Although it is a virtual interface, it needs to have physical hardware on the device
associated with it.
 SVIs do not require the no shutdown command to become enabled.
 SVIs come preconfigured on Cisco switches.
Explanation: Cisco IOS Layer 2 switches have physical ports for devices to connect. These
ports do not support Layer 3 IP addresses. Therefore, switches have one or more switch virtual
interfaces (SVIs). These are virtual interfaces because there is no physical hardware on the device
associated with it. An SVI is created in software.
The virtual interface lets you remotely manage a switch over a network using IPv4 and IPv6. Each
switch comes with one SVI appearing in the default configuration “out-of-the-box.” The default SVI is
interface VLAN1.
7. Match the descriptions to the terms. (Not all options are used.)

Explanation: A GUI, or graphical user interface, allows the user to interact with the operating
system by pointing and clicking at elements on the screen. A CLI, or command-line interface,
requires users to type commands at a prompt in order to interact with the OS. The shell is the part
of the operating system that is closest to the user. The kernel is the part of the operating system
that interfaces with the hardware.
8. What happens when a switch receives a frame and the calculated CRC
value is different than the value that is in the FCS field?
 The switch notifies the source of the bad frame.
 The switch places the new CRC value in the FCS field and forwards the frame.
 The switch drops the frame.
 The switch floods the frame to all ports except the port through which the frame arrived to
notify the hosts of the error.
Explanation: The purpose of the CRC value in the FCS field is to determine if the frame has
errors. If the frame does have errors, then the frame is dropped by the switch.
9. Two network engineers are discussing the methods used to forward frames
through a switch. What is an important concept related to the cut-through
method of switching?
 The fragment-free switching offers the lowest level of latency.
 Fast-forward switching can be viewed as a compromise between store-and-forward
switching and fragment-free switching.
 Fragment-free switching is the typical cut-through method of switching.
 Packets can be relayed with errors when fast-forward switching is
used.
Explanation: Fast-forward switching offers the lowest level of latency and it is the typical cut-
through method of switching. Fragment-free switching can be viewed as a compromise between
store-and-forward switching and fast-forward switching. Because fast-forward switching starts
forwarding before the entire packet has been received, there may be times when packets are
relayed with errors.
10. Which two issues can cause both runts and giants in Ethernet networks?
(Choose two.)
 using the incorrect cable type
 half-duplex operations
 a malfunctioning NIC
 electrical interference on serial interfaces
 CRC errors
Explanation: Because collisions are a normal aspect of half-duplex communications, runt and
giant frames are common by-products of those operations. A malfunctioning NIC can also place
frames on the network that are either too short or longer than the maximum allowed length. CRC
errors can result from using the wrong type of cable or from electrical interference. Using a cable
that is too long can result in late collisions rather than runts and giants.

11. Which two functions are performed at the LLC sublayer of the OSI Data Link Layer to
facilitate Ethernet communication? (Choose two.)
 implements CSMA/CD over legacy shared half-duplex media
 enables IPv4 and IPv6 to utilize the same physical medium
 integrates Layer 2 flows between 10 Gigabit Ethernet over fiber and 1 Gigabit Ethernet
over copper
 implements a process to delimit fields within an Ethernet 2 frame
 places information in the Ethernet frame that identifies which
network layer protocol is being encapsulated by the frame
Other case
 responsible for internal structure of Ethernet frame
 applies source and destination MAC addresses to Ethernet frame
 integrates Layer 2 flows between 10 Gigabit Ethernet over fiber and 1 Gigabit Ethernet
over copper
 enables IPv4 and IPv6 to utilize the same physical medium
 handles communication between upper layer networking software
and Ethernet NIC hardware
Other case
 adds Ethernet control information to network protocol data
 responsible for internal structure of Ethernet frame
 implements trailer with frame check sequence for error detection
 enables IPv4 and IPv6 to utilize the same physical medium
 applies source and destination MAC addresses to Ethernet frame
Other case
 implements CSMA/CD over legacy shared half-duplex media
 adds Ethernet control information to network protocol data
 places information in the Ethernet frame that identifies which
network layer protocol is being encapsulated by the frame
 applies source and destination MAC addresses to Ethernet frame
 integrates Layer 2 flows between 10 Gigabit Ethernet over fiber and 1 Gigabit Ethernet
over copper
Explanation: The data link layer is actually divided into two sublayers:
+ Logical Link Control (LLC): This upper sublayer defines the software processes that provide
services to the network layer protocols. It places information in the frame that identifies which
network layer protocol is being used for the frame. This information allows multiple Layer 3
protocols, such as IPv4 and IPv6, to utilize the same network interface and media.
+ Media Access Control (MAC): This lower sublayer defines the media access processes performed
by the hardware. It provides data link layer addressing and delimiting of data according to the
physical signaling requirements of the medium and the type of data link layer protocol in use.
12. Which two commands could be used to check if DNS name resolution is
working properly on a Windows PC? (Choose two.)
 nslookup cisco.com
 ping cisco.com
 ipconfig /flushdns
 net cisco.com
 nbtstat cisco.com
Explanation: The ping command tests the connection between two hosts. When ping uses a
host domain name to test the connection, the resolver on the PC will first perform the name
resolution to query the DNS server for the IP address of the host. If the ping command is unable to
resolve the domain name to an IP address, an error will result.
Nslookup is a tool for testing and troubleshooting DNS servers.
13. A small advertising company has a web server that provides critical
business service. The company connects to the Internet through a leased line
service to an ISP. Which approach best provides cost effective redundancy for
the Internet connection?
 Add a second NIC to the web server.
 Add a connection to the Internet via a DSL line to another ISP.
 Add another web server to prepare failover support.
 Add multiple connections between the switches and the edge router.
Explanation: With a separate DSL connection to another ISP, the company will have a
redundancy solution for the Internet connection, in case the leased line connection fails. The other
options provide other aspects of redundancy, but not the Internet connection. The options of adding
a second NIC and adding multiple connections between the switches and the edge router will
provide redundancy in case one NIC fails or one connection between the switches and the edge
router fails. The option of adding another web server provides redundancy if the main web server
fails.
14. Only employees connected to IPv6 interfaces are having difficulty
connecting to remote networks. The analyst wants to verify that IPv6 routing
has been enabled. What is the best command to use to accomplish the task?
 copy running-config startup-config
 show interfaces
 show ip nat translations
 show running-config
15. Refer to the exhibit. A network administrator is connecting a new host to
the Registrar LAN. The host needs to communicate with remote networks.
What IP address would be configured as the default gateway on the new
host?

Floor(config)# interface gi0/1

Floor(config-if)# description Connects to the Registrar LAN

Floor(config-if)# ip address 192.168.235.234 255.255.255.0

Floor(config-if)# no shutdown

Floor(config-if)# interface gi0/0

Floor(config-if)# description Connects to the Manager LAN

Floor(config-if)# ip address 192.168.234.114 255.255.255.0

Floor(config-if)# no shutdown

Floor(config-if)# interface s0/0/0

Floor(config-if)# description Connects to the ISP

Floor(config-if)# ip address 10.234.235.254 255.255.255.0

Floor(config-if)# no shutdown

Floor(config-if)# interface s0/0/1

Floor(config-if)# description Connects to the Head Office WAN

Floor(config-if)# ip address 203.0.113.3 255.255.255.0

Floor(config-if)# no shutdown
Floor(config-if)# end

 192.168.235.234
 203.0.113.3
 192.168.235.1
 10.234.235.254
 192.168.234.114
16. Match the command with the device mode at which the command is
entered. (Not all options are used.)

Explanation: The enable command is entered in R1> mode. The login command is entered in
R1(config-line)# mode. The copy running-config startup-config command is entered in R1# mode.
The ip address 192.168.4.4 255.255.255.0 command is entered in R1(config-if)# mode. The service
password-encryption command is entered in global configuration mode.
17. A router boots and enters setup mode. What is the reason for this?
 The IOS image is corrupt.
 Cisco IOS is missing from flash memory.
 The configuration file is missing from NVRAM.
 The POST process has detected hardware failure.
Explanation: The startup configuration file is stored in NVRAM and contains the commands
needed to initially configure a router. It also creates the running configuration file that is stored in in
RAM.

18. What service is provided by POP3?

 Retrieves email from the server by downloading the email to the local
mail application of the client.
 An application that allows real-time chatting among remote users.
 Allows remote access to network devices and servers.
 Uses encryption to provide secure remote access to network devices and servers.
19. Two students are working on a network design project. One student is
doing the drawing, while the other student is writing the proposal. The
drawing is finished and the student wants to share the folder that contains
the drawing so that the other student can access the file and copy it to a USB
drive. Which networking model is being used?
 peer-to-peer
 client-based
 master-slave
 point-to-point
Explanation: In a peer-to-peer (P2P) networking model, data is exchanged between two network
devices without the use of a dedicated server.

20. Which command is used to manually query a DNS server to resolve a specific host
name?
 tracert
 ipconfig /displaydns
 nslookup
 net
Explanation: The nslookup command was created to allow a user to manually query a DNS
server to resolve a given host name. The ipconfig /displaydns command only displays previously
resolved DNS entries. The tracert command was created to examine the path that packets take as
they cross a network and can resolve a hostname by automatically querying a DNS server. The net
command is used to manage network computers, servers, printers, and network drives.
21. Which PDU is processed when a host computer is de-encapsulating a
message at the transport layer of the TCP/IP model?
 bits
 frame
 packet
 segment
Explanation: At the transport layer, a host computer will de-encapsulate a segment to
reassemble data to an acceptable format by the application layer protocol of the TCP/IP model.

22. Which two OSI model layers have the same functionality as two layers of the TCP/IP
model? (Choose two.)
 data link
 network
 physical
 session
 transport
Explanation: The OSI transport layer is functionally equivalent to the TCP/IP transport layer, and
the OSI network layer is equivalent to the TCP/IP internet layer. The OSI data link and physical
layers together are equivalent to the TCP/IP network access layer. The OSI session layer (with the
presentation layer) is included within the TCP/IP application layer.

23. Which three layers of the OSI model are comparable in function to the application layer of
the TCP/IP model? (Choose three.)
 presentation
 physical
 network
 data link
 transport
 application
 session
Explanation:
The TCP/IP model consists of four layers: application, transport, internet, and network access. The
OSI model consists of seven layers: application, presentation, session, transport, network, data link,
and physical. The top three layers of the OSI model: application, presentation, and session map to
the application layer of the TCP/IP model.
24. Network information:
* local router LAN interface: 172.19.29.254 / fe80:65ab:dcc1::10
* local router WAN interface: 198.133.219.33 / 2001:db8:FACE:39::10
* remote server: 192.135.250.103
What task might a user be trying to accomplish by using the ping
2001:db8:FACE:39::10 command?
 verifying that there is connectivity within the local network
 creating a network performance benchmark to a server on the company intranet
 determining the path to reach the remote server
 verifying that there is connectivity to the internet
25. Which two ICMP messages are used by both IPv4 and IPv6 protocols?
(Choose two.)
 neighbor solicitation
 router advertisement
 router solicitation
 protocol unreachable
 route redirection
Explanation: The ICMP messages common to both ICMPv4 and ICMPv6 include: host
confirmation, destination (net, host, protocol, port) or service unreachable, time exceeded, and route
redirection. Router solicitation, neighbor solicitation, and router advertisement are new protocols
implemented in ICMPv6.
26. A network technician types the command ping 127.0.0.1 at the command
prompt on a computer. What is the technician trying to accomplish?
 pinging a host computer that has the IP address 127.0.0.1 on the network
 tracing the path to a host computer on the network and the network has the IP address
127.0.0.1
 checking the IP address on the network card
 testing the integrity of the TCP/IP stack on the local machine
Explanation: 127.0.0.1 is an address reserved by TCP/IP to test the NIC, drivers and TCP/IP
implementation of the device.
27. Although CSMA/CD is still a feature of Ethernet, why is it no longer
necessary?
 the virtually unlimited availability of IPv6 addresses
 the use of CSMA/CA
 the use of full-duplex capable Layer 2 switches
 the development of half-duplex switch operation
 the use of Gigabit Ethernet speeds
Explanation: The use of Layer 2 switches operating in full-duplex mode eliminates collisions,
thereby eliminating the need for CSMA/CD.

28. What does a router do when it receives a Layer 2 frame over the network medium?
 re-encapsulates the packet into a new frame
  forwards the new frame appropriate to the medium of that segment of the physical
network
 determines the best path
 de-encapsulates the frame
Explanation: Routers are responsible for encapsulating a frame with the proper format for the
physical network media they connect. At each hop along the path, a router does the
following:Accepts a frame from a medium
De-encapsulates the frame
Determines the best path to forward the packet
Re-encapsulates the packet into a new frame
Forwards the new frame appropriate to the medium of that segment of the physical network
29. Which two acronyms represent the data link sublayers that Ethernet
relies upon to operate? (Choose two.)
 SFD
 LLC
 CSMA
 MAC
 FCS
Explanation: For Layer 2 functions, Ethernet relies on logical link control (LLC) and MAC
sublayers to operate at the data link layer. FCS (Frame Check Sequence) and SFD (Start Frame
Delimiter) are fields of the Ethernet frame. CSMA (Carrier Sense Multiple Access) is the technology
Ethernet uses to manage shared media access.
30. A network team is comparing topologies for connecting on a shared
media. Which physical topology is an example of a hybrid topology for a LAN?
 bus
 extended star
 ring
 partial mesh
Explanation: An extended star topology is an example of a hybrid topology as additional
switches are interconnected with other star topologies. A partial mesh topology is a common hybrid
WAN topology. The bus and ring are not hybrid topology types.

31. Given network 172.18.109.0, which subnet mask would be used if 6 host bits were
available?
 255.255.192.0
 255.255.224.0
 255.255.255.192
 255.255.255.248
 255.255.255.252
Explanation:
With an IPv4 network, the subnet mask is determined by the hosts bits that are required:
11 host bits required – 255.255.248.0
10 host bits required – 255.255.252.0
9 host bits required – 255.255.254.0
8 host bits required – 255.255.255.0
7 host bits required – 255.255.255.128
6 host bits required – 255.255.255.192
5 host bits required – 255.255.255.224
4 host bits required – 255.255.255.240
3 host bits required – 255.255.255.248
2 host bits required – 255.255.255.252
32. Three devices are on three different subnets. Match the network address
and the broadcast address with each subnet where these devices are located.
(Not all options are used.)
Device 1: IP address 192.168.10.77/28 on subnet 1
Device 2: IP address192.168.10.17/30 on subnet 2
Device 3: IP address 192.168.10.35/29 on subnet 3
Explanation: To calculate any of these addresses, write the device IP address in binary. Draw a
line showing where the subnet mask 1s end. For example, with Device 1, the final octet (77) is
01001101. The line would be drawn between the 0100 and the 1101 because the subnet mask is
/28. Change all the bits to the right of the line to 0s to determine the network number (01000000 or
64). Change all the bits to the right of the line to 1s to determine the broadcast address (01001111
or 79).

33. What type of address is 198.133.219.162?

 link-local
 public
 loopback
 multicast
34. What does the IP address 192.168.1.15/29 represent?
 subnetwork address
 unicast address
 multicast address
 broadcast address
Explanation: A broadcast address is the last address of any given network. This address cannot
be assigned to a host, and it is used to communicate with all hosts on that network.

35. Why is NAT not needed in IPv6?

 Because IPv6 has integrated security, there is no need to hide the IPv6 addresses of
internal networks.
 The problems that are induced by NAT applications are solved because the IPv6 header
improves packet handling by intermediate routers.
 The end-to-end connectivity problems that are caused by NAT are solved because the
number of routes increases with the number of nodes that are connected to the Internet.
 Any host or user can get a public IPv6 network address because the
number of available IPv6 addresses is extremely large.
Explanation: The large number of public IPv6 addresses eliminates the need for NAT. Sites
from the largest enterprises to single households can get public IPv6 network addresses. This
avoids some of the NAT-induced application problems that are experienced by applications that
require end-to-end connectivity.
36. What routing table entry has a next hop address associated with a
destination network?
 directly-connected routes
 local routes
 remote routes
 C and L source routes
Explanation: Routing table entries for remote routes will have a next hop IP address. The next
hop IP address is the address of the router interface of the next device to be used to reach the
destination network. Directly-connected and local routes have no next hop, because they do not
require going through another router to be reached.

37. Which term describes a field in the IPv4 packet header that contains a unicast, multicast,
or broadcast address?
 destination IPv4 address
 protocol
 TTL
 header checksum
38. If the default gateway is configured incorrectly on the host, what is the
impact on communications?
 There is no impact on communications.
 The host is unable to communicate on the local network.
 The host can communicate with other hosts on the local network, but
is unable to communicate with hosts on remote networks.
 The host can communicate with other hosts on remote networks, but is unable to
communicate with hosts on the local network.
Explanation: A default gateway is only required to communicate with devices on another
network. The absence of a default gateway does not affect connectivity between devices on the
same local network.
39. Which is the compressed format of the IPv6 address
fe80:0000:0000:0000:0220:0b3f:f0e0:0029?
 fe80:9ea:0:2200::fe0:290
 fe80:9ea0::2020::bf:e0:9290
 fe80::220:b3f:f0e0:29
 fe80:9ea0::2020:0:bf:e0:9290
40. Refer to the exhibit. A user issues the command netstat –r on a
workstation. Which IPv6 address is one of the link-local addresses of the
workstation?

 ::1/128
 fe80::30d0:115:3f57:fe4c/128
 fe80::/64
 2001:0:9d38:6ab8:30d0:115:3f57:fe4c/128
Explanation: In the IPv6 address scheme, the network of fe80::/10 is reserved for link-local
addresses. The address fe80::/64 is a network address that indicates, in this workstation, fe80::/64
is actually used for link-local addresses. Thus the address fe80::30d0:115:3f57:fe4c/128 is a valid
IPv6 link-local address.

41. What type of IPv6 address is represented by ::1/128?

 EUI-64 generated link-local
 global unicast
 unspecified
 loopback
42. Which statement describes network security?
 It supports growth over time in accordance with approved network design procedures.
 It synchronizes traffic flows using timestamps.
 It ensures sensitive corporate data is available for authorized users.
 It prioritizes data flows in order to give priority to delay-sensitive traffic.
43. Which two devices would be described as intermediary devices? (Choose
two.)
 wireless LAN controller
 server
 assembly line robots
 IPS
 gaming console
 retail scanner
44. What characteristic describes spyware?
 software that is installed on a user device and collects information
about the user
 the use of stolen credentials to access private data
an attack that slows or crashes a device or network service
a network device that filters access and traffic coming into a network
45. Refer to the exhibit. The exhibit shows a small switched network and the
contents of the MAC address table of the switch. PC1 has sent a frame
addressed to PC3. What will the switch do with the frame?

 The switch will discard the frame.

 The switch will forward the frame to all ports.
 The switch will forward the frame only to port 2.
 The switch will forward the frame only to ports 1 and 3.
 The switch will forward the frame to all ports except port 4.
Explanation: The MAC address of PC3 is not present in the MAC table of the switch. Because
the switch does not know where to send the frame that is addressed to PC3, it will forward the
frame to all the switch ports, except for port 4, which is the incoming port.

46. Which destination address is used in an ARP request frame?

 0.0.0.0
 255.255.255.255
 the physical address of the destination host
 FFFF.FFFF.FFFF
 AAAA.AAAA.AAAA
Explanation:
The purpose of an ARP request is to find the MAC address of the destination host on an Ethernet
LAN. The ARP process sends a Layer 2 broadcast to all devices on the Ethernet LAN. The frame
contains the IP address of the destination and the broadcast MAC address, FFFF.FFFF.FFFF. The
host with the IP address that matches the IP address in the ARP request will reply with a unicast
frame that includes the MAC address of the host. Thus the original sending host will obtain the
destination IP and MAC address pair to continue the encapsulation process for data transmission.
47. Refer to the exhibit. PC1 issues an ARP request because it needs to send
a packet to PC3. In this scenario, what will happen next?

 SW1 will send an ARP reply with its Fa0/1 MAC address.
 RT1 will send an ARP reply with its own Fa0/0 MAC address.
 RT1 will forward the ARP request to PC3.
 RT1 will send an ARP reply with the PC3 MAC address.
 RT1 will send an ARP reply with its own Fa0/1 MAC address.
Explanation: When a network device has to communicate with a device on another network, it
broadcasts an ARP request asking for the default gateway MAC address. The default gateway
(RT1) unicasts an ARP reply with the Fa0/0 MAC address.
48. A network administrator is issuing the login block-for 180 attempts 2
within 30 command on a router. Which threat is the network administrator
trying to prevent?
 a user who is trying to guess a password to access the router
 a worm that is attempting to access another part of the network
 an unidentified individual who is trying to access the network equipment room
 a device that is trying to inspect the traffic on a link
Explanation: The login block-for 180 attempts 2 within 30 command will cause the device to
block authentication after 2 unsuccessful attempts within 30 seconds for a duration of 180 seconds.
A device inspecting the traffic on a link has nothing to do with the router. The router configuration
cannot prevent unauthorized access to the equipment room. A worm would not attempt to access
the router to propagate to another part of the network.

49. Which statement describes the characteristics of packet-filtering and stateful firewalls as
they relate to the OSI model?
 A packet-filtering firewall uses session layer information to track the state of a connection,
whereas a stateful firewall uses application layer information to track the state of a
connection.
 Both stateful and packet-filtering firewalls can filter at the application layer.
 A packet-filtering firewall typically can filter up to the transport
layer, whereas a stateful firewall can filter up to the session layer.
 A stateful firewall can filter application layer information, whereas a packet-filtering
firewall cannot filter beyond the network layer.
Explanation: Packet filtering firewalls can always filter Layer 3 content and sometimes TCP and
UDP-based content. Stateful firewalls monitor connections and thus have to be able to support up to
the session layer of the OSI model.
50. What are two ways to protect a computer from malware? (Choose two.)
 Empty the browser cache.
 Use antivirus software.
 Delete unused software.
 Keep software up to date.
 Defragment the hard disk.
Explanation: At a minimum, a computer should use antivirus software and have all software up
to date to defend against malware.
51. The employees and residents of Ciscoville cannot access the Internet or any remote web-
based services. IT workers quickly determine that the city firewall is being flooded with so
much traffic that a breakdown of connectivity to the Internet is occurring. Which type of
attack is being launched at Ciscoville?
 access
 Trojan horse
 reconnaissance
 DoS
Explanation: A DoS (denial of service) attack prevents authorized users from using one or more
computing resources.
52. Which two statements describe the characteristics of fiber-optic cabling?
(Choose two.)
 Fiber-optic cabling does not conduct electricity.
 Multimode fiber-optic cabling carries signals from multiple sending devices.
 Fiber-optic cabling is primarily used as backbone cabling.
 Fiber-optic cabling uses LEDs for single-mode cables and laser technology for multimode
cables.
 Fiber-optic cabling has high signal loss.
Explanation: Fiber-optic cabling is primarily used for high-traffic backbone cabling and does not
conduct electricity. Multimode fiber uses LEDs for signaling and single-mode fiber uses laser
technology. FIber-optic cabling carries signals from only one device to another.
53. What OSI physical layer term describes the measure of the transfer of
bits across a medium over a given period of time?
 latency
 goodput
 throughput
 bandwidth
54. Refer to the exhibit. What is the maximum possible throughput between
the PC and the server?

 10 Mb/s
 1000 Mb/s
 128 kb/s
 100 Mb/s
Explanation: The maximum throughput between any two nodes on a network is determined by
the slowest link between those nodes.
55. Match the description with the media. (Not all options are used.)

Explanation: UTP cables are used in wired office environments. Coaxial cables are used to
connect cable modems and televisions. Fiber optics are used for high transmission speeds and to
transfer data over long distances. STP cables are used in environments where there is a lot of
interference.