Testking_640-802_V13
.pdf
Static secure MAC addresses-These are manually configured by using the switchport port-security mac-address mac-address interface configuration command, stored in the address table, and added to the switch running configuration.
Dynamic secure MAC addresses-These are dynamically configured, stored only in the address table, and removed when the switch restarts.
Sticky secure MAC addresses-These are dynamically configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them.
You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. To enable sticky learning, enter the switchport port-security mac-address sticky interface configuration command. When you enter this command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. The interface adds all the sticky secure MAC addresses to the running configuration.
The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost.
Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_11_ea1/configuration/gui
QUESTION NO: 6
Why would the TestKing network administrator configure port security on a new TestKing switch?
A.To prevent unauthorized Telnet access to a switch port.
B.To limit the number of Layer 2 broadcasts on a particular switch port.
C.To prevent unauthorized hosts from accessing the LAN.
D.To protect the IP and MAC address of the switch and associated ports.
E.To block unauthorized access to the switch management interfaces over common TCP ports.
F.None of the above
Leading the way in IT testing and certification tools, www.testking.com
- 261 -
Answer: C Explanation:
You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a station attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged.
Reference: http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008
TOPIC 3, IMPLEMENT AN IP ADDRESSING SCHEME AND IP SERVICES TO MEET NETWORK REQUIREMENTS IN A MEDIUM-SIZE ENTERPRISE BRANCH OFFICE NETWORK (76 questions)
Section 1: Describe the operation and benefits of using private and public IP addressing (5 questions)
QUESTION NO: 1
TestKing is using private IP addressing in their network. Which of the following IP addresses is a private IP address? (Select all that apply)
A.12.0.0.1
B.168.172.19.39
Leading the way in IT testing and certification tools, www.testking.com
- 262 -
C.172.20.14.36
D.172.33.194.30
E.192.168.42.34
F.11.11.11.1
Answer: C, E
Explanation:
RFC 1918 Private Address Space:
Range of IP Addresses |
Class of Networks |
Number of Network |
|
|
|
10.0.0.0 to |
A |
1 |
10.255.255.255.255 |
|
|
|
|
|
172.16.0.0 to |
B |
16 |
172.31.255.255 |
|
|
|
|
|
192.168.0.0 to |
C |
256 |
192.168.255.255 |
|
|
|
|
|
QUESTION NO: 2
TestKing is migrating to a private IP addressing scheme. Which of the following describe the use of private IP addresses? (Choose two)
A.Addresses chosen by TestKing.com to communicate with the Internet.
B.Addresses that cannot be routed through the public Internet.
C.Addresses that can be routed through the public Internet.
D.A scheme to conserve public addresses.
E.Addresses licensed to enterprise or ISPs by an Internet registry organization.
Answer: B, D
Explanation:
Private IP address space has been allocated via RFC 1918. This means the addresses are available for any use by anyone and therefore the same private IP addresses can be reused. However they are defined as not routable on the public Internet. They are used extensively in private networks due to the shortage of publicly registered IP address space and therefore network address translation is required to connect those networks to the Internet.
Leading the way in IT testing and certification tools, www.testking.com
- 263 -
QUESTION NO: 3
TestKing is using IP addressing according to RFC 1918. Which three address ranges are used for internal private address blocks as defined by RFC 1918? (Choose all that apply)
A.0.0.0.0 to 255.255.255
B.10.0.0.0 to 10.255.255.255
C.172.16.0.0 to 172.16.255.255
D.172.16.0.0 to 172.31.255.255
E.127.0.0.0. to 127.255.255.255
F.192.168.0.0 to 192.168.255.255
G.224.0.0.0 to 239.255.255.255
Answer: B, D, F Explanation:
RFC 1918 defines three different IP address ranges as private, meaning that they can be used by any private network for internal use, and these ranges are not to be used in the Internet. The class A private range is 10.0.0.0 to 10.255.255.255. The class B address range is 172.16.0.0 to 172.31.255.255. The class C private IP address range is 192.168.0.0 to 192.168.255.255.
Incorrect Answers:
A. The 0.0.0.0 network address is invalid and can not be used. C. The correct address range is 172.16.X.X through 172.31.X.X
E. The 127.0.0.1 address is reserved for the internal loopback IP address, but the entire 127.X.X.X range is not defined in RFC 1918 as a private address range for networks. G. This address range describes the class D multicast address range.
QUESTION NO: 4
TestKing needs to ensure their IP network can be reached from the Internet. Which of the following host addresses are members of networks that can be routed across the public Internet? (Choose three.)
A.10.172.13.65
B.172.16.223.125
C.172.64.12.29
D.192.168.23.252
E.198.234.12.95
F.212.193.48.254
Leading the way in IT testing and certification tools, www.testking.com
- 264 -
Answer: C, E, F Explanation:
In Internet terminology, a private network is a network that uses RFC 1918 IP address space. Computers may be allocated addresses from this address space when it's necessary for them to communicate with other computing devices on an internal (non-Internet) network but not directly with the Internet.
Three blocks of IP addresses are reserved for private use and are not routed over the Internet. Companies can assign these addresses to nodes on their private LANs at any time without conflict.
CIDR
From To Representation 10.0.0.0 10.255.255.255 10/8
172.16.0.0 172.31.255.255 172.16/12 192.168.0.0 192.168.255.255 192.168/16
QUESTION NO: 5
From where does a small network typically get its IP network addresses or IP block?
A.From the Internet Domain Name Registry (IDNR)
B.From the Internet Assigned Numbers Authority (IANA)
C.From the Internet Service Provider (ISP)
D.From the Internet Architecture Board (IAB)
E.None of the above
Answer: C Explanation:
Normally a small network will be assigned a number of IP addresses from their ISP, or in some cases, such as DSL and cable modem, a single dynamic IP address will be assigned by the ISP. Only very large networks requiring a large IP block (normally more than a /20) will register with IANA, RIPE, or ARIN (American Registry of Internet Numbers) to obtain their IP addresses.
Leading the way in IT testing and certification tools, www.testking.com
- 265 -
Section 2: Explain the operation and benefits of using DHCP and DNS (3 questions)
QUESTION NO: 1
Which protocol automates all of the following functions for hosts on a network: IP configuration, IP addresses, subnet masks, default gateways, and DNS server information?
A.CDP
B.SNMP
C.DHCP
D.ARP
E.DNS
F.None of the above
Answer: C Explanation:
DHCP uses the concept of the client making a request and the server supplying the IP address to the client, plus other information such as the default gateway, subnet mask, DNS IP address, and other information.
Incorrect Answers:
A.CDP is the Cisco Discovery Protocol. It is used by Cisco devices at the data link layer to obtain information about their directly connected neighbors.
B.SNMP is the Simple Network Management Protocol. This is used for the maintenance, management, and monitoring of network devices.
D.ARP is the Address Resolution Protocol, which is used to resolve layer 2 MAC addresses to layer 3 IP addresses.
E.DNS is the Domain Name Service. It is used to resolve domain names (for example, www.testking.com) to IP addresses. The IP address location of primary and secondary DNS resolver servers can be obtained for hosts using DHCP.
QUESTION NO: 2
Regarding DHCP (dynamic host configuration protocol), which two of the following choices below are true? (Select two answer choices)
A. The DHCP Discover message uses FF-FF-FF-FF-FF as the Layer 2 destination address.
Leading the way in IT testing and certification tools, www.testking.com
- 266 -
B.The DHCP Discover message uses UDP as the transport layer protocol.
C.The DHCP Discover message uses a special Layer 2 multicast address as the destination address.
D.The DHCP Discover message uses TCP as the transport layer protocol.
E.The DHCP Discover message does not use a Layer 2 destination address.
F.The DHCP Discover message does not require a transport layer protocol.
Answer: A, B
Explanation:
DHCP uses UDP as its transport protocol. DHCP messages from a client to a server are sent to the DHCP server port (UDP port 67), and DHCP messages from a server to a client are sent to the DHCP client port (UDP port 68).The client broadcasts a DHCPDISCOVER message on its local physical subnet. The DHCPDISCOVER message may include options that suggest values for the network address and lease duration. BOOTP relay agents may pass the message on to DHCP servers not on the same physical subnet.
Each server may respond with a DHCPOFFER message that includes an available network address in the "ipaddr" field (and other configuration parameters in DHCP options). Servers need not reserve the offered network address, although the protocol will work more efficiently if the server avoids allocating the offered network address to another client. The server unicasts the DHCPOFFER message to the client (using the DHCP/BOOTP relay agent if necessary) if possible, or may broadcast the message to a broadcast address (preferably 255.255.255.255) on the client's subnet.Incorrect Answers:
C.DHCP messages are broadcast to the "all hosts" address. IP multicast addresses are not used.
D.UDP is used, not TCP.
E.Since DHCP is used so that a client can obtain an IP address, a layer two destination address must be used, as the layer 3 IP address does not yet exist on the client for the return traffic.
F.DHCP, along with nearly every other type of traffic, requires the use of a transport layer protocol.
QUESTION NO: 3
Which one of the following protocols uses both UDP and TCP ports for the transport layer operation?
A.FTP
B.TFTP
C.SMTP
Leading the way in IT testing and certification tools, www.testking.com
- 267 -
D.Telnet
E.DNS
Answer: E Explanation:
TCP and UDP must use port numbers to communicate with the upper layers. Port numbers keep track of different conversations crossing the network simultaneously. Originating-source port numbers are dynamically assigned by the source host, which will be some number starting at 1024. 1023 and below are defined in RFC 1700, which discusses what is called well-known port numbers.
Virtual circuits that do not use an application with a well-known port number are assigned port numbers randomly chosen from within a specific range instead. These port numbers identify the source and destination host in the TCP segment. Only DNS uses both UDP and TCP port 53.
Section 3: Configure, verify and troubleshoot DHCP and DNS operation on a router. (including: CLI/SDM) (1 question)
QUESTION NO: 1
You work as a network technician at TestKing.com. Study the exhibit carefully.
Leading the way in IT testing and certification tools, www.testking.com
- 268 -
Based on the output shown above, what should you do to allow the TestKing workstations connected to the fastethernet0/0 interface to obtain an IP Address?
A.Apply access-group 14 to interface FastEthernet 0/0
B.Add access-list 14 permit any any to the access list configuration
C.Configure the IP address of interface FastEthernet 0/0 to 10.90.201.1
D.Add an interface description to the FastEthernet 0/0 interface configuration.
E.None of the above
Answer: C
Explanation:
According to question and exhibit:
Leading the way in IT testing and certification tools, www.testking.com
- 269 -
Router is configured for DHCP, which can provide the IP Address to host. And Host is connected on fastethernet0/0 interface. IP Address is not assigned on host connected interface. Until assigning the same subnet of pool on interface, host unable to obtain IP Address from Router.
Section 4: Implement static and dynamic addressing services for hosts in a LAN environment (15 questions)
QUESTION NO: 1
Exhibit:
You need to configure an IP address for workstation TestKingA. Based on the information shown above, what IP address should be assigned to this host?
A.192.168.1.159/28
B.192.168.1.145/28
C.192.168.1.160/28
D.192.168.1.144/28
E.192.168.1.143/28
Answer: B Explanation:
The available subnets and IP ranges that are available using a /28 (255.255.255.240) subnet mask is shown below:
Leading the way in IT testing and certification tools, www.testking.com
- 270 -