Upload
shalua-yonah
View
224
Download
0
Embed Size (px)
Citation preview
7/30/2019 ccna discovery chapter 1 Q&A
1/7
1 What address can be used to summarize only networks 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/
172.16.3.0/24?
172.16.0.0/21172.16.0.0/22
172.16.0.0 255.255.255.248
172.16.0.0 255.255.254.0
2 The ability to connect securely to a private network over a public network is provided by which W
technology?DSL
Frame Relay
ISDNPSTN
VPN
3 Which two statements are true regarding network convergence? (Choose two.)
In a large network, using the EIGRP or OSPF routing protocols rather than RIPv2 may impro
convergence time.Using STP at the core layer improves convergence time by allowing the use of redundant lindevices.
Route summarization improves convergence time by minimizing the size of the routing table
A full mesh topology improves convergence time by allowing load balancing.ACLs can be configured to improve convergence time.
4
Refer to the exhibit. If the firewall module has been correctly configured using best practices for
network security, which statement is true about the security design for the network?
Servers in the network are not protected from internal attacks.Servers in the DMZ are protected from internal and external attacks.
Servers in the server farm are protected from internal and external attacks.
Traffic from the external networks is not able to access the servers in the DMZ.
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml7/30/2019 ccna discovery chapter 1 Q&A
2/7
5 Which two considerations are valid when designing access layer security? (Choose two.)In a large wireless network, the most efficient method to secure the WLAN is MAC address
DoS attacks are normally launched against end-user PCs and can be mitigated by installing p
firewalls on all company PCs.SSH is more secure than Telnet to administer network devices.
Disabling unused ports on the switches helps prevent unauthorized access to the network.
All Telnet passwords are at least 6 characters long.
6 Which statement is true about a DMZ in a traditional network firewall design?
A DMZ is designed to provide service for external access but not for internal access.
Servers in the DMZ provide limited information that can be accessed from external networksUser access to the DMZ from the Internet and the internal network usually is treated the sam
All servers in the enterprise network should be located in a DMZ because of enhanced securi
7 What are two mechanisms that provide redundancy for server farm implementations? (Choose tw
host intrusion prevention systems
virtual private networksnetwork intrusion prevention systems
Rapid Spanning Tree Protocol
Hot Standby Routing Protocol
8 Which two items in a physical WLAN design can be identified through a site survey? (Choose tw
the types of antennas that are required
the encryption techniques that are requiredthe access point hardware that is required
the different levels of access that are required
the connection reliability that is required
9 Centralizing servers in a data center server farm can provide which benefit over a distributed serv
environment?It keeps client-to-server traffic local to a single subnet.
Servers located in a data center require less bandwidth.
It is easier to filter and prioritize traffic to and from the data center.Server farms are not subject to denial of service attacks.
10 What are two best practices in wireless LAN design to ensure secure wireless access to the corponetwork? (Choose two.)
Configure APs for broadcast SSID.
Place APs as far apart as possible.
Use a separate WLAN for employees.Configure WPA.
Use wireless routers in all IDFs
11 What kind of ACL inspects outbound UDP, TCP, and ICMP traffic and allows inbound access ontraffic that belongs to these established sessions?
dynamic ACL
time-based ACL
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml7/30/2019 ccna discovery chapter 1 Q&A
3/7
reflexive ACL
lock and key ACL
12 A network designer is creating a new network. The design must offer enough redundancy to prov
protection against a single link or device failure, yet must not be too complex or expensive toimplement. What topology would fill these needs?
Star
full mesh
partial meshextended star
hub and spoke
13
Refer to the exhibit. Which two devices are part of the access design layer? (Choose two.)Edge2ISP4
BR4
FC-APFC-CPE-1
FC-ASW-2
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml7/30/2019 ccna discovery chapter 1 Q&A
4/7
14
Refer to the exhibit. What effect does the ACL shown have on network traffic, assuming that it is
correctly applied to the interface?
All traffic to network 172.16.0.0 is denied.All TCP traffic is denied to and from network 172.16.0.0.
All Telnet traffic from the 172.16.0.0 network to any destination is denied.
All port 23 traffic to the 172.16.0.0 network is denied.All traffic from the 172.16.0.0 network is denied to any other network.
15
Refer to the exhibit. Which two statements correctly describe the benefits of the network access l
design that is shown? (Choose two.)If host A sends a broadcast message, only hosts in VLAN10 receive the broadcast frame.
If host A attempts to transmit data at the same time as another host, only hosts in VLAN10 a
affected by the collision.Segmenting all voice traffic on a separate VLAN facilitates the implementation of QoS.
VLANs improve network performance by facilitating the use of route summarization.
VLANs at the access layer help guarantee network availability by facilitating load balancing
16
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml7/30/2019 ccna discovery chapter 1 Q&A
5/7
Refer to the exhibit. The server broadcasts an ARP request for the MAC address of its default gat
If STP is not enabled, what is the result of this ARP request?Router_1 contains the broadcast and replies with the MAC address of the next-hop router.
Switch_A replies with the MAC address of the Router_1 E0 interface.
Switch_A and Switch_B continuously flood the message onto the network.Switch_B forwards the broadcast request and replies with the Router_1 address.
17 Which Cisco IOS function can be configured at the distribution layer to filter unwanted traffic an
traffic management?virus protection
spyware protection
VPNsaccess control lists
18
Refer to the exhibit. What happens when Host 1 attempts to send data?
Frames from Host 1 are dropped, but no other action is taken.
Frames from Host 1 cause the interface to shut down, and a log message is sent.Frames from Host 1 are forwarded, but a log message is sent.
Frames from Host 1 are forwarded, and the mac-address table is updated.
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml7/30/2019 ccna discovery chapter 1 Q&A
6/7
19 The network administrator is designing network connectivity for a home teleworker.
The teleworker needs secure access to download and upload documents on the network file serve
What network connection would be most cost efficient while still meeting the security and conneneeds of this teleworker?
dedicated leased line connection with a dialup backup link
Frame Relay connection with a DSL backup linkDSL VPN connection with a dialup backup link
ATM connection with a DSL VPN backup link
DSL connection with no backup link
20 In a well-designed, high-availability network, which device significantly affects the most users if
failure occurs?desktop PC of the user
large switch in the network core layer
large switch in the network distribution layersmall workgroup switch in the network access layer
21 Which three statements describe the functions of the Cisco hierarchical network design model?
(Choose three.)Route summarization is not necessary at the core and distribution layers.
The distribution layer is responsible for traffic filtering and isolating failures from the core.
Two goals of the core layer are 100 percent uptime and maximizing throughput.
The access layer provides a means of connecting end devices to the network.The distribution layer distributes network traffic directly to end users.
The core layer usually employs a star topology.
22
Refer to the exhibit. The network administrator creates a standard access control list to prohibit tr
from the 192.168.1.0/24 network from reaching the 192.168.2.0/24 network while still permittinInternet access for all networks. On which router interface and in which direction should it be app
interface fa0/0, inbound
interface fa0/0, outboundinterface fa0/1, inbound
interface fa0/1, outbound
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml7/30/2019 ccna discovery chapter 1 Q&A
7/7
23 What are three ways to ensure that an unwanted user does not connect to a wireless network and the data? (Choose three.)
Disable SSID broadcasting.
Configure filters to restrict IP addresses.Use authentication between clients and the wireless device.
Use NetBIOS name filtering between clients and the wireless device.
Configure strong encryption such as WPA.
Use a WEP compression method.
24 What is true about implementing a centralized server farm topology?
requires direct cabling from the MPOE to enhance the performance of serversrequires the addition of high-capacity switches to each workgroup
provides defined entry and exit points so that filtering and securing traffic is easier
allows for placement of workgroup servers at the access layer
25 Which three functions are performed at the distribution layer of the hierarchical network model?
(Choose three.)summarizing routes from the access layer
allowing end users to access the local network
providing the gateway of last resort for core layer devicespreserving bandwidth at the access layer by filtering network functions
isolating network problems to prevent them from affecting the core layer
utilizing redundant links for load balancing to increase available bandwidth
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml