Al's ICND2 Practice Test #2

Revised March 5, 2008

(If you find any errors, let me know!)

1. A Diffie-Hellman key exchange makes use of what type of encryption?

  1. AES
  2. NSA
  3. RSA
  4. Symmetric
  5. Asymmetric

2. How many hex digits does it take to represent an IPv6 address?

  1. IPv6 addresses are always 128 hex digits.
  2. A maximum of 32.
  3. A minimum of 64.
  4. It varies depending upon the Registrar for your fifth of the planet.

3. For which of the following purposes might an IP ACL be used?

  1. To control dynamic NAT or PAT.
  2. To control traffic to or through a router for security.
  3. To classify packets for quality of service (QoS).
  4. To control dial-on-demand routing (DDR).
  5. To control encryption (VPNs).
  6. All of the above, and more!

4. What is the purpose of the "key chain" used with EIGRP authentication?

  1. To boost sales of Cisco's NTP server software (required to support the "accept" and "send" parameters).
  2. To allow keys to be changed without disrupting routing.
  3. To provide for a handy location to store house keys, car keys, and the key to your heart.
  4. None of the above.

5. If a host is running both an IPv4 stack and an IPv6 stack simultaneously, the host is said to be:

  1. Running IPv5 (the average of the two).
  2. Dual-stacked
  3. No machine on earth has sufficient memory or CPU to support this.
  4. Well-endowed
  5. Overclocking, which is illegal in the U.S. and its territories.

6. Which of the following are true regarding IEEE 802.1Q?

  1. It uses tagging, not encapsulation.
  2. The native VLANs on both ends of a trunk should match.
  3. It offers 4,094 usable VLANs.
  4. It is available only on Cisco products.
  5. All of the above.

7. Can an IP access list be configured on a Layer-2 switch?

  1. Yes, to control data flow into and out of the switch.
  2. Yes, to control Telnet or SSH access to the switch.
  3. Yes, to control whether the switch has multi-layer capabilities.
  4. No, an IP ACL (which filters on Layer-3 addressing) cannot be configured on a Layer-2 switch.

8. Which of the following commands displays the IPv6 routing table?

  1. show ipv6 route
  2. show ip route v6
  3. show route ipv6
  4. show ipv6 routing
  5. All of the above.

9. Which of the following are true with regard to VTP?

  1. You can change the VLAN database on a server switch using configuration commands on that switch
  2. You can change the VLAN database on a client switch using configuration commands on that switch.
  3. You can change the VLAN database on a transparent switch using configuration commands on that switch.
  4. Clients advertise their VLAN database periodically and immediately after a change.
  5. All of the above.

10. Which of the following is a symmetric encryption algorithm?

  1. 3DES
  2. DH1
  3. DH2
  4. MD5
  5. All of the above.

11. If you connect trunk-capable interfaces on two switches together, they will form a trunk if:

  1. The connected interfaces on both switches are set to "switchport mode dynamic desirable".
  2. The connected interfaces on both switches are set to "switchport mode dynamic auto".
  3. The connected interfaces on both switches are set to "switchport mode access".
  4. One switch's interface is set to "switchport mode trunk", and the other's is set to "switchport mode dynamic auto".

12. As with IPv4, IPv6 host names can be resolved statically or dynamically. What command configures static name resolution for an IPv6 host?

  1. ipv6 host name ipv6-address
  2. ip host name v6 ipv6-address
  3. ip host name ipv6-address version 6
  4. ipv6 ipv6-address host name

13. Which ACL keyword effectively means the same thing as a "0.0.0.0" wildcard mask?

  1. any
  2. host
  3. eq
  4. ip
  5. None of the above.

14. Which of the following algorithms provide data integrity?

  1. HMAC-MD5
  2. Dijkstra
  3. HMAC-SHA-1
  4. Shell Sort
  5. DUAL

15. Which sequence of commands correctly configures RIPng on Gig Ethernet 0/0?

  1. Router1(config)#router rip ICND2
    Router1(config-router)#interface gig0/0
    Router1(config-if)#ipv6 rip ICND2 enable
  2. Router1(config)#interface gig0/0
    Router1(config-if)#ipv6 rip enable
  3. Router1(config)#ipv6 router rip ICND2 enable
    Router1(config-rtr)#interface gig0/0
    Router1(config-if)#ipv6 rip ICND2
  4. Router1(config)#ipv6 router rip ICND2
    Router1(config-rtr)#interface gig0/0
    Router1(config-if)#ipv6 rip ICND2 enable

16. How is a standard STP bridge ID determined?

  1. IP address concatenated onto the VLAN number.
  2. MAC address multiplied by the priority.
  3. MAC address concatenated onto the priority.
  4. By using the "bridge-id" command in global config mode.

17. What is the function of the "established" keyword in an extended IP ACL?

  1. It verifies that the "SYN" bit is cleared in the packet's TCP header.
  2. It verifies that the checksum is correct in a TCP or UDP header.
  3. It verifies that the "ACK" bit is set in the packet's TCP header.
  4. It has no function on Cisco routers, it is for Nortel-to-Juniper compatibility.

18. Which are the three phases of PPP negotiation?

  1. Network-layer protocol
  2. Interface clear and reset
  3. Link establishment
  4. Auctioneering barter
  5. Authentication (optional)

19. What is the rule regarding activating ACLs on interfaces?

  1. One ACL per console port, per protocol, per direction.
  2. One ACL per interface, per protocol, per direction.
  3. One ACL per vty line, per protocol (Telnet or SSH), per direction.
  4. ACLs are cheap, so use as many as you want on any interface, for any protocol, in any direction.

20. Using the system "A:B::C:D" ("A is to B as C is to D"), which of the following are true?

  1. Root:STP::Root:RSTP
  2. Designated:STP::Designated::RSTP
  3. Listening:STP::Listening::RSTP
  4. Non-Designated:STP::Alternate:RSTP
  5. Blocking:STP::Discarding:RSTP

21. Which of the following can be matched with an extended IP ACL?

  1. Source address
  2. Destination address
  3. TCP or UDP port numbers
  4. ICMP options
  5. All of the above.

22. Which of the following command sequences configures an interface for PPP CHAP authentication?

  1. Router1(config)#username Router1 password cat$paCe! Router1(config)#interface fastethernet0/2
    Router1(config-if)#encapsulation ppp
    Router1(config-if)#ppp authentication chap
  2. Router1(config)#username Router2 password cat$paCe!
    Router1(config)#interface serial0/2
    Router1(config-if)#encapsulation ppp authentication chap
  3. Router1(config)#username Router2 password cat$paCe!
    Router1(config)#interface fastethernet0/2
    Router1(config-if)#encapsulation ppp
    Router1(config-if)#ppp authentication chap
  4. Router1(config)#username Router2 password cat$paCe!
    Router1(config)#interface serial0/2
    Router1(config-if)#encapsulation ppp
    Router1(config-if)#ppp authentication chap

23. Are VTP passwords case-sensitive?

  1. Only if the command "password case-sensitivity activate" was entered in global config mode.
  2. Yes, on Cisco routers and switches all passwords are case-sensitive.
  3. Only if VTP version 2 is enabled.
  4. No.

24. Given the following bridge ID's, which switch will be the root?

  1. 32768:00-0C-00-12-FE-A7
  2. 8192:12-34-56-78-9A-BC
  3. 32768:AF-AF-AF-AF-AF-AF
  4. 8192:12-34-56-78-9A-BD
  5. 16384:00-00-00-00-00-01

25. When running PVST, why does the priority increment by steps of 4096?

  1. Because the high-order 12 bits of the priority field are used for the Extended System ID.
  2. Because the low-order 12 bits of the priority field are used for the Extended System ID.
  3. Because the high-order 24 bits of the MAC address are used for the Extended System ID.
  4. Because the low-order 24 bits of the MAC address are used for the Extended System ID.

26. Which of the following command sequences correctly places ACL 14 so as to control inbound Telnet on the first five vty lines?

  1. Router1(config)#interface all
    Router1(config-if-range)#ip access-group 14 eq telnet
  2. Router1(config)#line vty 0 4
    Router1(config-line)#ip access-class 14 in
  3. Router1(config)#line vty 0 4
    Router1(config-line)#ip access-group 14 in
  4. Router1(config)#line vty 0 4
    Router1(config-line)#access-class 14 in
  5. Router1(config)#line vty 04
    Router1(config-line)#access-class 14 in

27. If two switches have equal-cost paths to the root, and there is a segment between the two switches, which switch's port becomes the designated port for the segment between them?

  1. The switch with the highest bridge ID.
  2. The switch with the lowest bridge ID.
  3. The switch that boots up first.
  4. The switch with the highest-rated power supplies (as measured in RMS Kilowatts).
  5. It's impossible to tell, switches don't use bridge IDs.

28. What is the purpose of the "variance" command?

  1. It tells IOS how to balance RAM between processes and packet receive buffers.
  2. It tells TFTP how to throttle the data rate when backing up the running config.
  3. It tells Telnet which fraction of packets to discard, in accordance with RFC-748.
  4. It tells EIGRP whether to load-share over unequal metric links.

29. When using PPP with CHAP between two routers, in which direction does the authentication proceed?

  1. The router with the lower IP address challenges the router with the higher IP address.
  2. The router with the higher IP address challenges the router with the lower IP address.
  3. The direction of the challenge is randomly determined.
  4. Each router challenges the other.

30. An "undefined ACL" is an ACL that is in force on an interface even though the ACL does not exist. What is the effect of an undefined ACL?

  1. It denies all traffic.
  2. It permits all traffic.
  3. The results vary by router model.
  4. This configuration is illegal, so IOS won't allow it.

31. Which command shows the version of STP that a switch is running?

  1. show interface vlan
  2. show vlan stp
  3. show spanning-tree
  4. show stp detail

32. Which of the following is an example of correct standard IP ACL syntax?

  1. Router1(config)#access-group 51 permit 192.168.57.0 0.0.0.255
  2. Router1(config)#access-group 52 permit 192.168.57.0 255.255.255.0
  3. Router1(config)#access-list 53 permit 192.168.57.0 255.255.255.0
  4. Router1(config)#access-list 54 permit 192.168.57.0 0.0.0.255

33. If a switch with a configured priority of 8192 has a MAC address of 00:00:0c:36:24:36, what will its extended bridge ID be for VLAN 24?

  1. 8192:0024-0c36-2436
  2. 8192:0000-0c60-2436
  3. 8192:0000-0c36-3460
  4. 8216:0000-0c36-2436
  5. It depends on the IOS version.

34. What is a potential issue with a hub-and-spoke Frame Relay topology?

  1. Routing loops might occur.
  2. Split horizon may prevent full convergence.
  3. WAN costs may be higher than if a full mesh was used.
  4. Subinterfaces are unusable.

35. What does a layer-two switch use to build and maintain its switching table?

  1. The Transport layer source address in the incoming frames.
  2. The Internet layer source address in the incoming frames.
  3. The Data-Link layer source address in the incoming frames
  4. The Internet layer destination address in the incoming frames.
  5. The "protocol" field in the IP header.

36. Which of the following ACLs permits all packets with a source address on classful network 10.0.0.0?

  1. access-list 1 permit 10.0.0.0 255.0.0.0
  2. access-group 1 permit 10.0.0.0 255.0.0.0
  3. access-list 1 permit 10.0.0.0 0.255.255.255
  4. access-class 1 permit 10.0.0.0 0.255.255.255

37. In the IP world, a "VLAN" is equivalent to a:

  1. Broadcast domain
  2. Collision domain
  3. Eminent domain
  4. Public domain

38. What is the purpose of Inverse ARP?

  1. It maps a Layer-3 address to a DLCI.
  2. It maps an IP address to a MAC address.
  3. It maps a MAC address to a DLCI.
  4. It converts mapping formats from ADC to Rand-McNally.

39. Which of the following are Frame Relay LMI types?

  1. IEEE
  2. ANSI
  3. Cisco
  4. Lucent
  5. Q933
  6. Juniper

40. What is the purpose of the "BECN" bit?

  1. It signals hosts to reduce the size of the TCP window.
  2. It signals routers that a Frame Relay PVC is congested.
  3. It informs Cisco that an IOS upgrade is required.
  4. It informs a Frame Relay switch that a frame is eligible for discard.

41. Assuming that the interfaces are correctly configured for "inside" and "outside", which which of the following command sequences correctly configures "PAT"?

  1. Router1(config)#ip nat translation inside source static 192.168.1.1 150.64.23.198
  2. Router1(config)#ip nat translation inside source list 1 pool pat-pool
    Router1(config)#ip nat pool pat-pool 172.16.1.1 172.16.1.255 netmask 255.255.255.0 overload
    Router1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
  3. Router1(config)#ip nat translation inside source list 55 interface serial0/0 overload
    Router1(config)#access-list 55 permit 192.168.1.0 0.0.0.255
  4. Router1(config)#ip nat translation inside source list 98 interface serial0/0 dynamic pat
    Router1(config)#access-list 98 permit 192.168.1.0 0.0.0.255

42. In Cisco's implementation, upon which of the following is OSPF link cost based?

  1. Bandwidth
  2. Delay
  3. Reliability
  4. Loading
  5. MTU

43. When configuring Frame Relay, which types of subinterfaces are available?

  1. Multipoint
  2. InterVLAN
  3. Point-to-point
  4. Pointless
  5. All of the above.

44. Network 192.168.1.0/24 will be subnetted using VLSM. There are a total of six subnets which require the following numbers of hosts:

Which subnet mask(s) are required to correctly solve this problem?
  1. /25 on all subnets.
  2. One each /25, /26, /28, /30 and two /27.
  3. One each /17, /18, /20, /22 and two /19.
  4. This problem cannot be solved using VLSM with the address space provided.
  5. This problem cannot be solved without using IPv6.

45. Which of the following are valid IPv6 addresses?

  1. 2001:0410:767:ABCD::1
  2. 3456:abcd::1::9876:feed
  3. fe80::0002:00FF:FE0c:1234
  4. ::1
  5. 2025:A84B:1985:2005:0000:0000:0000:000E
  6. 20G3:D410:76X7:ABCD::3C

46. The data path between two sites connected via Frame Relay is referred to as a:

  1. ACK
  2. CIR
  3. LMI
  4. PVC
  5. VPN

47. Which of the following places all network "10.0.0.0" interfaces in OSPF area 5?

  1. network 5 area 10.0.0.0 0.0.0.255
  2. network 10.0.0.0 0.255.255.255 area 5
  3. network 10.0.0.0 255.0.0.0 area 5
  4. area 5 network 10.0.0.0 0.255.255.255

48. Which algorithm lies at the heart of EIGRP?

  1. SPF
  2. DUAL
  3. Path-Vector
  4. Diffie-Hellman
  5. Dijkstra

49. By default, which of the following are used to calculate the EIGRP composite metric?

  1. Bandwidth
  2. Cost
  3. Hops
  4. Delay
  5. Reliability
  6. MTU
  7. Loading

50. Which command displays the Frame Relay mapping table?

  1. show frame-relay ip
  2. show frame-relay lmi
  3. show frame-relay pvc
  4. show frame-relay map


ANSWERS

 1. E       11. AD      21. E       31. C       41. C
 2. B       12. A       22. D       32. D       42. A
 3. F       13. B       23. B       33. D       43. AC
 4. B       14. AC      24. B       34. B       44. D
 5. B       15. D       25. B       35. C       45. ACDE
 6. ABC     16. C       26. D       36. C       46. D
 7. B       17. C       27. B       37. A       47. B
 8. A       18. ACE     28. D       38. A       48. B
 9. ACD     19. B       29. D       39. BCE     49. AD
10. A       20. ABDE    30. B       40. B       50. D


NOTES
1. The DH exchange uses asymmetric encryption to securely exchange the symmetric key that is used for bulk data encryption.
7. A true Layer-2 switch would not be able to do IP ACL processing on frames flowing through the switch, but some "Layer-2" switches, while not routers, do have IP ACL capabilities.
12. For IPv4, the command is "ip host name ipv4-address".
16. A standard bridge ID does not use the VLAN ID.
17. The idea is to ensure that the packet is part of a session that is at least "embryonic" (the packet is not the initial "syn" of the three-way TCP handshake).
19. The reason for the the "one-one-one" rule is so that an interface does not have an ACL telling it to permit a packet while another ACL simultaneously specifies that the same packet be denied.
32. In both 51 and 52, the command should be "access-list", and in both 52 and 53, the wildcard mask is inverted.
42. Since other vendors cost calculations may differ, costs may have to be changed for interoperability.
45. Answer "B" has two double-colons, in "F" the letters "G" and "X" are not valid hex digits.


Return to the top of this Exercise!

Return to the directory of Goodies!


Copyright © 2007
Alchemy, Inc.
All rights reserved.