Sei sulla pagina 1di 249

www.CareerCert.

info

Cisco 642-832

642-832 Troubleshooting and Maintaining Cisco IP Switched Networks ( TSHOOT)

Practice Test
Version

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 1 Which two statements about the Cisco Aironet Desktop Utility (ADU) are true? (Select two) A. The Aironet Desktop Utility (ADU) profile manager feature can create and manage only one profile for the wireless client adapter. B. The Aironet Desktop Utility (ADU) can support only one wireless client adapter installed and used at a time. C. The Aironet Desktop Utility (ADU) can be used to establish the association between the client adapter and the access point, manage authentication to the wireless network, and enable encryption. D. The Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can be used at the same time to configure the wireless client adapter. Answer: B,C Explanation: You can configure your Cisco Aironet Wireless LAN Client Adapter through the Cisco ADU or a third-party tool, such as the Microsoft Wireless Configuration Manager. Because third-party tools may not provide all the functionality available in ADU, Cisco recommends that you use ADU. The Aironet Desktop Utility (ADU) can support only one wireless client adapter as well as Aironet Desktop Utility establish the association between the client adapter and Access Point, allows to authenticate wireless client, allows to configure encryption by setting static WEP, WPA/WPA2 passphrase.

Section 3: Perform routine IOS device maintenance (0 Questions)

Section 4: Isolate sub-optimal internetwork operation at the correctly defined OSI Model layer (2 Questions)

QUESTION NO: 2 At which layer of the OSI model does the Spanning Tree Protocol (STP) operate at? A. Layer 5

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. Layer 4 C. Layer 3 D. Layer 2 E. Layer 1 Answer: D Explanation: Spanning-Tree Protocol (STP) is a Layer 2 (L2) protocol designed to run on bridges and switches. The specification for STP is called 802.1d. The main purpose of STP is to ensure that you do not run into a loop situation when you have redundant paths in your network. Loops are deadly to a network.

QUESTION NO: 3 In computer networking a multicast address is an identifier for a group of hosts that have joined a multicast group. Multicast addressing can be used in the Link Layer (OSI Layer 2), such as Ethernet Multicast, as well as at the Internet Layer (OSI Layer 3) as IPv4 or IPv6 Multicast. Which two descriptions are correct regarding multicast addressing? A. The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. B. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0. D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. Answer: C,D

Explanation: The point of this question is the form of multicast MAC address, and the conversion between the multicast MAC address and IP address. The multicast MAC address is 6 bytes(48 bits), the first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E, the last 3 bytes(24 bits) of the multicast MAC address =0 + 23 bit(the last 23 bit of the IP address). "0x01-00-5E" is a reserved value that indicates a multicast application. So option B and D are correct.

QUESTION NO: 4

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam EIGRP is being used as the routing protocol on the company network. While troubleshooting some network connectivity issues, you notice a large number of EIGRP SIA (Stuck in Active) messages. What causes these SIA routes? (Select two) A. The neighboring router stops receiving ACK packets from this router. B. The neighboring router starts receiving route updates from this router. C. The neighboring router is too busy to answer the query (generally caused by high CPU utilization). D. The neighboring router is having memory problems and cannot allocate the memory to process the query or build the reply packet. Answer: C,D Explanation: SIA routes are due to the fact that reply packets are not received. This could be caused by a router which is unable to send reply packets. The router could have reached the limit of its capacity, or it could be malfunctioning. Incorrect Answers: A: Missing replies, not missing ACKs, cause SIA. B: Routes updates do not cause SIA.Notes: If a router does not receive a reply to all outstanding queries within 3 minutes, the route goes to the stuck in active (SIA) state. The router then resets the neighbors that fail to reply by going active on all routes known through that neighbor, and it readvertises all routes to that neighbor.Reference: Enhanced Interior Gateway Routing Protocolhttp://www.cisco.com/warp/public/103/eigrp3.html

QUESTION NO: 5

Part of the routing table of router R1 is displayed below: S 62.99.153.0/24 [1/0] via 209.177.64.130 172.209.12.0/32 is subnetted, 1 subnets D EX 172.209.1 [170/2590720] via 209.179.2.114, 06:47:28, Serial0/0/0.1239 62.113.17.0/24 is variably subnetted, 2 subnets, 2 masks D EX 99.3.215.0/24 [170/27316] via 209.180.96.45, 09:52:10, FastEthernet11/0/0 [170/27316] via 209.180.96.44, 09:52:10, FastEthernet11/0/0 25.248.17.0/24 [90/1512111] via 209.179.66.25, 10:33:13, Serial0/0/0.1400001 [90/1512111] via 209.179.66.41, 10:33:13, Serial0/0/0.1402001 62.113.1.0/24 is variably subnetted, 12 subnets, 2 masks D 62.113.1.227/32 "Pass Any Exam. Any Time." - www.actualtests.com 4

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam [90/2611727] via 209.180.96.45, 10:33:13, FastEthernet1/0/0 [90/2611727] via 209.180.96.44, 10:33:13, FastEthernet1/0/0 S* 0.0.0.0/0 [1/0] via 209.180.96.14 From analyzing the above command output, what is the administrative distance of the external EIGRP routes? A. 24 B. 32 C. 90 D. 170 E. 27316 F. None of the other alternatives apply Answer: D Explanation: By default an external EIGRP route has a value of 170. By examining the exhibit we see that this default value of the external EIGRP routes (see D-EX in exhibit) indeed is set to 170. The first value within the brackets display the AD, so with a value of [170/27316] the AD is 170 and the metric of the route is 27316. Incorrect Answers: A: This is the subnet mask used for some of the routes in the table. B: This is the subnet mask used for some of the routes in the table. C: This is the AD of the internal EIGRP routes, which is the default E: This is the EIGRP metric of the external EIGRP routes.Reference: What Is Administrative Distance?http://www.cisco.com/warp/public/105/admin_distance.html

QUESTION NO: 6

The network is shown below, along with the relevant router configurations:

R1# show run interface Loopback0 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0 ip address 172.29.1.1 255.255.255.0 media-type 10BaseT "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam ! ! router eigrp 999 redistribute connected network 172.29.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server R2# show run interface Ethernet0 ip address 172.29.1.2 255.255.255.0 media-type 10BaseT ! interface Ethernet1 ip address 172.19.2.2 255.255.255.0 media-type 10BaseT ! router eigrp 999 network 172.19.0.0 network 172.29.0.0 ! ip classless no ip http server R3# show run interface Ethernet1/0 ip address 172.19.2.3 255.255.255.0 ! router eigrp 999 network 172.19.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server

With the topology found in the graphic, what will the R1 loopback 0 be in the R3 routing table? A. It will show up in the routing table as D 10.0.0/8. "Pass Any Exam. Any Time." - www.actualtests.com 6

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. It will show up in the routing table as D EX 10.0.0.0/8. C. It will show up in the routing table as D 10.0.0./24. D. It will not show up in R3 routing table because there is no network command on R1. Answer: B Explanation: Because router R1 is configured with route redistribution, it will redistribute the connected loopback network into EIGRP. Because redistributed routes will show up as external EIGRP routes in the routing table, choice B is correct. Although the loopback interface is using a /24 subnet mask, EIGRP summarizes at network boundaries by default so the network will appear as the class A network of 10.0.0.0/8 in the routing table of the other routers. Incorrect Answers: A: The route will be external, since it was redistributed into EIGRP. C: It will be external because of redistribution, and it will also be summarized since that is the default behavior of EIGRP. D: Although it was not configured under the EIGRP network command, it would be redistributed because it is a connected route.

QUESTION NO: 7

You work as a network technician. Study the exhibits carefully. If the command "variance 3" was added to the EIGRP configuration of R5, which path or paths would be chosen to route traffic from R5 to network X? A. R5-R2-R1 B. R5-R2-R1 and R5-R3-R1. C. R5-R3-R1 and R5-R4-R1. "Pass Any Exam. Any Time." - www.actualtests.com 7

Ac

tua

lTe

The EIGRP network is displayed in the following topology diagram:

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam D. R5-R2-R1,R5-R3-R1, and R5-R4-R1. Answer: B Explanation: Every routing protocol supports equal cost path load balancing. In addition, Interior Gateway Routing Protocol (IGRP) and EIGRP also support unequal cost path load balancing. Use the variance n command in order to instruct the router to include routes with a metric of less than n times the minimum metric route for that destination. The variable n can take a value between 1 and 128. The default is 1, which means equal cost load balancing. Traffic is also distributed among the links with unequal costs, proportionately, with respect to the metric. In this question the variance 3 command is used . In this instance, R5 can get to Net X using the path R5-R3 = metric of 10, and R3-R1 = 10 as well with the FD between R5 - R1 being 10 + 10 = 20. Therefore, we can load balance on any route that had an FD of 3x the successor, or 3x20, which is 60 Important Note: If a path does not meet the feasibility condition, the path is not used in load balancing. This is why chose D is wrong as this path has an Advertised Distance of 25 which is greater than the successors FD. The link below refers to an example that is nearly identical to the example in this question, except theirs used a variance of 2 and this question used a variance of 3. Reference: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009437d.shtml

QUESTION NO: 8

The following command was issued on Router 2:

Given the above output shown above, which statement is true? A. 192.168.1.0 is a redistributed route into EIGRP. B. 192.168.1.0 is a summarized route. C. 192.168.1.0 is a static route. D. 192.168.1.0 is equal path load balancing with 172.16.1.0. E. None of the other alternatives apply Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: When EIGRP learns the routing information from the different routing protocol it uses D EX symbol to indicate that this routing information has learned from other routing protocol.

QUESTION NO: 9 A network administrator is troubleshooting an EIGRP connection between RouterA, IP address 10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two statements are true?

Answer: A,F

Explanation: Metrics are the mathematics used to select a route. The higher the metric associated with a route, the less desirable it is. For EIGRP, the Bellman-Ford algorithm uses the following equation and creates the overall 24-bit metric assigned to a route: * metric = [(K1 bandwidth) + [( K2 bandwidth) (256 - load)] + (K3 delay)] [K5 (reliability + K4)] The elements in this equation are as follows: * By default, K1 = K3 = 1, K2 = K4 = K5 = 0. Therefore, by default, the metric formula reduces to: metric = (1 bandwidth) + (1 delay) metric = bandwidth + delay K Values should be same to become the EIGRP neighbors.

QUESTION NO: 10 Study the exhibit below carefully:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. RouterA received a hello packet with mismatched metric-calculation mechanisms. B. RouterA received a hello packet with mismatched authentication parameters. C. RouterA will form an adjacency with RouterB. D. RouterA received a hello packet with mismatched autonomous system numbers. E. RouterA received a hello packet with mismatched hello timers. F. RouterA will not form an adjacency with RouterB.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

If the configuration shown below is added to Router1, which three route entries will EIGRP advertise to neighboring routers? (Select three) router eigrp 10 network 10.0.0.0 eigrp stub A. 192.168.20.0/24 B. 10.1.2.0/24 C. 10.1.1.0/24 D. 10.1.3.0/24 E. 10.0.0.0/8 Answer: C,D,E

Explanation: The Enhanced Interior Gateway Routing Protocol (EIGRP) Stub Routing feature improves network stability, reduces resource utilization, and simplifies stub router configuration. Stub routing is commonly used in a hub and spoke network topology. In a hub and spoke network, one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies where the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router will be connected to 100 or more remote routers. In a hub and spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table. Generally, the distribution router need not send anything more than a default route to the remote router. When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. "Pass Any Exam. Any Time." - www.actualtests.com 10

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Any neighbor that receives a packet informing it of the stub status will not query the stub router for any routes, and a router that has a stub peer will not query that peer. The stub router will depend on the distribution router to send the proper updates to all peers.

QUESTION NO: 11 Refer to the exhibit. EIGRP has been configured on routers R1 and R2. However, R1 does not show R2 as a neighbor and does not accept routing updates from R2. What could be the cause of the problem?

A. The no auto-summary command has not been issued under the EIGRP process on both routers. B. Interface E0 on router R1 has not been configured with a secondary IP address of 10.1.2.1/24. C. EIGRP cannot exchange routing updates with a neighbor's router interface that is configured with two IP addresses. D. EIGRP cannot form neighbor relationship and exchange routing updates with a secondary address. Answer: D Explanation: Remember that simple distance vector routers do not establish any relationship with their neighbors. RIP and IGRP routers merely broadcast or multicast updates on configured interfaces. In contrast, EIGRP routers actively establish relationships with their neighbors, much the same way that OSPF routers do. EIGRP routers establish adjacencies with neighbor routers by using small hello packets. Hellos "Pass Any Exam. Any Time." - www.actualtests.com 11

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam are sent by default every five seconds. An EIGRP router assumes that as long as it is receiving hello packets from known neighbors, those neighbors (and their routes) remain viable. By forming adjacencies, EIGRP routers do the following: Dynamically learn of new routes that join their network Identify routers that become either unreachable or inoperable Rediscover routers that had previously been unreachable

QUESTION NO: 12 While troubleshooting an EIGRP routing problem you notice that one of the company routers have generated a large number of SIA messages. What are two possible causes for EIGRP Stuck-InActive routes? (Select two) A. Some query or reply packets are lost between the routers. B. The neighboring router starts receiving route updates from this router. C. A failure causes traffic on a link between two neighboring routers to flow in only one direction (unidirectional link). D. The neighboring router stops receiving ACK packets from this router. Answer: A,C

Explanation: The acknowledgement does not reach the destination or they are too delayed. This is normally due to too many routing topology changes, or a router with insufficient memory. Note: In some circumstances, it takes a very long time for a query to be answered. So long, in fact, that the router that issued the query gives up and clears its connection to the router that isn't answering, effectively restarting the neighbor session. This is known as a stuck in active (SIA) route. The most basic SIA routes occur when it simply takes too long for a query to reach the other end of the network and for a reply to travel back. Incorrect Answers: B: Does not apply to SIA. This is the normal operation of EIGRP. D: Ack packets don't reply to Queries, only Reply do.Reference:http://www.cisco.com/warp/public/103/eigrp3.html

QUESTION NO: 13 EIGRP uses five generic packet types (hello, updates, queries, replies, acknowledgements). If you wished to view the statistics for these packets, which IOS command should you use? A. debug eigrp packets B. show ip eigrp traffic C. show ip eigrp topology

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

12

www.CareerCert.info
Cisco 642-832: Practice Exam D. show ip eigrp neighbors Answer: B Explanation: The show ip eigrp traffic command displays the number of Enhanced IGRP (EIGRP) packets sent and received. Example: The following is sample output from the show ip eigrp traffic command: Router# show ip eigrp traffic IP-EIGRP Traffic Statistics for process 77 Hellos sent/received: 218/205 Updates sent/received: 7/23 Queries sent/received: 2/0 Replies sent/received: 0/2 Acks sent/received: 21/14

QUESTION NO: 14

A. The K-values do not match. B. The hold times do not match. C. The hello times do not match. D. The AS numbers do not match. Answer: A,D

Explanation: Peer relationships and adjacencies between routers will not be formed between EIGRP routers if the neighbor resides in a different autonomous system or if the metric-calculation mechanism (K values) is misaligned for that link. Incorrect Answers: B: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers do not match.Section 2: Troubleshoot OSPF(9 Questions) C: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers "Pass Any Exam. Any Time." - www.actualtests.com 13

Ac

tua

While troubleshooting a routing problem on the company EIGRP network you discover that one of the routers is failing to establish adjacencies with its neighbor. What is a likely cause of this problem between neighbors? (Select two)

lTe

sts

Reference :http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter 09186a00800ca5a9.html#wp1018815

.co

www.CareerCert.info
Cisco 642-832: Practice Exam do not match.Section 2: Troubleshoot OSPF(9 Questions)

QUESTION NO: 15

QUESTION NO: 16 Refer to the exhibit. On the basis of the information presented, which statement is true?

Answer: B

QUESTION NO: 17 DR (Designated Router) is for environments where many routers on the same network such as Ethernet. In the following presented network, all routers are reloaded simultaneously, and DR is selected as expected. What is the CK-RTC status? "Pass Any Exam. Any Time." - www.actualtests.com 14

Ac

tua

lTe

Explanation: In this example, the network 6.0.0.0/8 shows that it was leaned via IA, or Inter-area. Since this came from a neighbor in a different area, then the neighbor router at 5.0.0.2 must be an ABR. The various route types used by OSPF are:

sts

.co

A. OSPF router 5.0.0.2 is an ABR. B. Network 6.0.0.0/8 was learned from an OSPF neighbor within the area. C. The default route is learned from an OSPF neighbor. D. A default route is configured on the local router.

www.CareerCert.info
Cisco 642-832: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: How OSPF Forms Its Neighbors : In this example topology, all routers are running Open Shortest Path First (OSPF) over the Ethernet network:

tua

Answer: E

lTe

A. 2WAY/BDR B. FULL/BDR C. 2WAY/DROTHER D. 2WAY/DR E. FULL/DROTHER F. FULL/DR G. None of the other alternatives apply

sts

.co

15

www.CareerCert.info
Cisco 642-832: Practice Exam This is sample output of the show ip ospf neighbor command on R7 and R8: R7# show ip ospf neighbor Neighbor ID 170.170.3.4 170.170.3.3 170.170.3.8 170.170.3.2 Pri State Dead Time Address Interface 1 2WAY/DROTHER 00:00:34 170.170.3.4 Ethernet0 1 2WAY/DROTHER 00:00:34 170.170.3.3 Ethernet0 1 FULL/DR 00:00:32 170.170.3.8 Ethernet0 1 FULL/BDR 00:00:39 170.170.3.2 Ethernet0

Notice that R7 establishes full adjacency only with the Designated Router (DR) and the Backup Designated Router (BDR). All other routers have a two-way adjacency established. This is normal behavior for OSPF. In this case, the "show ip ospf neighbor"is performed on R4. R4 is the DR (due to higher router ID)so it will have FULL adjacency with all routers including R2. If the "show ip ospf neighbor" had been performed on R1, then it would show 2way/drother with R2. Router4# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 1 FULL/DROTHER 00:00:31 192.168.1.1 FastEthernet0/0 192.168.1.2 1 FULL/DROTHER 00:00:31 192.168.1.2 FastEthernet0/0 192.168.1.3 1 FULL/BDR 00:00:31 192.168.1.3 FastEthernet0/0 Router1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.2 1 2WAY/DROTHER 00:00:35 192.168.1.2 FastEthernet0/0 192.168.1.3 1 FULL/BDR 00:00:35 192.168.1.3 FastEthernet0/0 192.168.1.4 1 FULL/DR 00:00:35 192.168.1.4 FastEthernet0/0 Reference: www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094059.shtml

QUESTION NO: 18

While troubleshooting some connectivity issues, you issue the "show ip ospf database" in order to examine the link state database. Which three of the statements below are true regarding the OSPF link state database? (Select three) A. Each router has an identical link state database. B. External routes are imported into a separate link state database. C. Synchronization of link state databases is maintained via flooding of LSAs. D. Information in the link state database is used to build a routing table by calculating a shortestpath tree. E. By default, link state databases are refreshed every 10 minutes in the absence of topology changes. "Pass Any Exam. Any Time." - www.actualtests.com 16

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: A,C,D Explanation: The Link state database is a collection of link state advertisement for all routers and networks. Each router in the OSPF network maintains an identical database. LSA flooding occurs whenever there is a change in the OSPF topology, ensuring that the databases are synchronized. OSPF also uses the SPF algorithm to build the database tables. Incorrect Answers: B: Only one link state database is maintained, and it is used for all OSPF routes. E: The default refresh time is 30 minutes.Reference: Building Scalable Cisco Networks (Cisco Press) page 178.

QUESTION NO: 19 Which command should you use to verify what networks are being routed by a given OSPF process? A. show ip ospf B. show ip route C. show ip protocol D. show ip ospf database E. None of the other alternatives apply Answer: C

Explanation: The information displayed by the show ip protocols command is useful in debugging routing operations. Information in the Routing Information Sources field of the show ip protocols output can help you identify a router suspected of delivering bad routing information. For OSPF routers, this command will display the routed networks. Incorrect Answers: A: To display general information about Open Shortest Path First (OSPF) routing processes, use the show ip ospf command in EXEC mode. This command will display the areas assigned and other useful information, but not the networks being routed.Example:R1# show ip ospfRouting Process "ospf 201" with ID 192.42.110.200Supports only single TOS(TOS0) routeIt is an area border and autonomous system boundary routerRedistributing External Routes from, igrp 200 with metric mapped to 2, includes subnets in redistribution rip with metric mapped to 2 igrp 2 with metric mapped to 100 igrp 32 with metric mapped to 1Number of areas in this router is 3Area 192.42.110.0 Number of interfaces in this area is 1 Area has simple password authentication SPF algorithm executed 6 times B: This will display the active routing table, but not the networks that are being routed. D: The OSPF database does not display the networks being routed. "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

17

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 20 You have a multi-area OSPF network and you're concerned because one of the sites is having connectivity problem to resources in a different area. Which IOS privileged mode command would you enter to confirm that your network: A) has a path to its ABR, B) has a path to its ASBR, and C) the SPF calculation is functional? A. show ip protocols B. show running-config C. show ip ospf neighbor D. show ip ospf border-routers Answer: D Explanation: The show ip ospf border-routers command displays the internal OSPF routing table entries to an area border router (ABR) and autonomous system boundary router (ASBR). The SPF No in the output is the internal number of SPF calculation that installs this route. Example: Router R# show ip ospf border-routers OSPF Process 109 internal Routing Table

Destination Next Hop Cost Type Rte Type Area SPF No 160.89.97.53 144.144.1.53 10 ABR INTRA 0.0.0.3 3 160.89.103.51 160.89.96.51 10 ABR INTRA 0.0.0.3 3 160.89.103.52 160.89.96.51 20 ASBR INTER 0.0.0.3 3 160.89.103.52 144.144.1.53 22 ASBR INTER 0.0.0.3 3 Incorrect Answers: A: The show ip protocols command only displays routing protocol parameters and current timer values. B: The show running-config command displays the currently used configuration mode. The required information will not be displayed. C: The show ip ospf neighbor command displays OSPF-neighbor information on a per-interface basis. It does not include ABR, ASBR or SPF information.

QUESTION NO: 21 An OSPF link can be in multiple states at any given moment (ie. Exstart, exchange, full). Which two IOS commands let you view the state of the link? (Select two) "Pass Any Exam. Any Time." - www.actualtests.com 18

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. show ip ospf B. show ip protocols C. show ip ospf neighbor D. show ip ospf interface Answer: C,D Explanation: The link state exstart is an OSPF link state (see note below). We need retrieve OSPF link state information. C: The output of the show ip ospf neighbor command is used To display OSPF-neighbor information on a per-interface basis. It includes link state information. D: The show ip ospf interface command is used to display OSPF-related interface information for a particular interface. This includes the link state of the specified interface. Note: exstart state: After two OSPF neighboring routers establish bi-directional communication and complete DR/BDR election (on multi-access networks), the routers transition to the exstart state. Incorrect Answers: A: The show ip ospf command is used to display general information about OSPF routing processes. However, it does not include any link state information.B: The command "show ip protocols" displays the parameters and current state of the active routing protocol process. It does not show any link state information.

Which command would display OSPF parameters such as filters, default metric, maximum paths, and number of areas configured on a router? A. show ip protocol B. show ip route C. show ip ospf interface D. show ip ospf E. show ip interface F. None of the other alternatives apply Answer: A Explanation: The "show ip protocol" command displays values about routing timers and network information associated with the entire router . This includes, the AS number associated with the routing process, number of areas configured on the router, the metric, and the maximum paths.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 22

lTe

sts

.co

19

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 23 Exhibit:

Answer: B

Explanation: In this case we can see that OSPFv3 is being used, and since OSPFv3 is used exclusively for IPv6 networks we know that the correct answer must be "show ipv6 ospf." To display general information about Open Shortest Path First (OSPF) routing processes, use the show ipv6 ospf command in user EXEC or privileged EXEC mode. Example: The following is sample output from the show ipv6 ospf command: Router# show ipv6 ospf Routing Process "ospfv3 1" with ID 10.10.10.1 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs "Pass Any Exam. Any Time." - www.actualtests.com 20

Ac

A. show ip RIP B. show ipv6 ospf C. show ip ospf D. show ip ospf interface E. show ipv6 ospf interface F. show ipv4 ospf G. None of the other alternatives apply

tua

lTe

sts

You work as a network technician. You trainee shows you the IOS command output displayed in the exhibit. What command did Tess use to produce this output?

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Area BACKBONE( 0) Number of interfaces in this area is 1 MD5 Authentication, SPI 1000 SPF algorithm executed 2 times Number of LSA 5. Checksum Sum 0x02A005 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0

QUESTION NO: 24

Answer: C

Explanation: The show ip protocols command display current routing protocols. It displays the parameters and current state of the active routing protocol process. The output includes a list of the networks routing for individual ospf processes. Sample output: Rt Router # show ip protocols Routing Protocol is "ospf 200" Sending updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set "Pass Any Exam. Any Time." - www.actualtests.com 21

Ac

A. show ospf B. show ip route C. show ip protocols D. show ip ospf database E. None of the other alternatives apply

tua

lTe

Which IOS command would you use to find out which networks are routed by a particular OSPF process?

sts

.co

Reference: http://www.cisco.com/en/US/docs/ios/12_3t/ipv6/ipv6_15g.html#wp2139460

www.CareerCert.info
Cisco 642-832: Practice Exam Incoming update filter list for all interfaces is not set Redistributing: ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110) Incorrect Answers: A: The show ospf command displays summary information regarding the global OSPF configuration. B: The show ip route command displays the IP routing table. D: The show ip ospf database command displays the contents of the topological database maintained by the router. The command also shows the router ID and the OSPF process ID. However, the output does not include the networks routing for individual ospf processes.Section 3: Troubleshoot eBGP(21 Questions)

QUESTION NO: 25

R1 Configuration: router bgp 65001 network 10.0.0.0 neighbor 172.16.1.1 remote-as 65002 no auto-summary Routing table information:

show ip route | include 10 O 10.10.10.0/24 [110/11] via 192.168.1.1, 2d00h, Ethernet0/0 Why is this prefix not in the local BGP table of the R1? A. The 172.16.1.1 neighbor is down. B. The prefix 10.10.10.0/24 is not a 'connected' route. C. This route is not a BGP learned route. D. The network command is wrong. E. None of the other alternatives apply

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

A problem was reported that the 10.10.10.0/24 prefix was not injected into the local BGP table on a Company router named R1. The following information is available from this router:

.co

22

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: D Explanation: The network command is used with IGPs, such as RIP, to determine the interfaces on which to send and receive updates. The command also indicates which directly connected networks to advertise. However, when configuring BGP, the network command does not affect what interfaces BGP runs on. Therefore, configuring just a network statement will not establish a BGP neighbor relationship. This is a major difference between BGP and IGPs. The network statement follows this syntax: Router( config-router)# network network-number [ mask network-mask ] In BGP, the network command tells the BGP process what locally learned networks to advertise. The networks can be connected routes, static routes, or routes learned by way of a dynamic routing protocol, such as RIP. These networks must also exist in the routing table of the local router or they will not be sent out in updates. The mask keyword can be used with the network command to specify individual subnets. Routes learned by the BGP process are propagated by default but are often filtered by a routing policy. In this example, the correct syntax should be "network 10.10.10.0 mask 255.255.255.0" under the BGP routing process. Without the correct subnet mask specified, the route will not get injected into the BGP routing table, even if it is learned via an IGP. In this case, the route is known via OSPF.

QUESTION NO: 26

A. show ip bgp B. show ip bgp paths C. show ip bgp peers D. show ip bgp summary E. show ip bgp protocols Answer: D

Explanation: The show ip bgp summary command displays the status of all BGP connections. Neighbors with corresponding AS values will be listed; both interior and external. Incorrect Answers: A: The show ip bgp command displays routes in the BGP routing table, not the neighbors. B: The show ip bgp paths command is used to display all the BGP paths in the database. However, it does not list the neighbors. C: There is no such command.Reference:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1 "Pass Any Exam. Any Time." - www.actualtests.com 23

Ac

tua

Which IOS command would you enter if you wanted to view a list of IBGP and EBGP neighbor relationships that are configured?

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam _r/1rprt1/1rbgp.htm E: There is no such command.Reference:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1 _r/1rprt1/1rbgp.htm

QUESTION NO: 27 Which two of the following descriptions are correct according to the displayed output of the command show ip bgp summary? (Choose two.)

Explanation: Show ip bgp summary command displays the summary of all BGP connections. The six states of the BGP FSM are described as follows: * Idle - Idle is the first state of a BGP connection. BGP is waiting for a start event. It is normally initiated by an administrator or a network event. At the start event, BGP initializes its resources and resets a connect retry timer. Then it starts listening for a TCP notice that BGP can transition back to Idle from any other state in case of errors. * Connect - In the Connect state, BGP is waiting for the TCP connection to be completed. If the TCP connection is successful, the state transitions to OpenSent. If the TCP connection fails, the state transitions to the Active state, and the router tries to connect again. If the connect retry timer expires, the state remains in the Connect state, the timer is reset, and a TCP connection is initiated. In case of any other event, initiated by the system or the administrator, the state returns to Idle. * Active - In the Active state, BGP is trying to acquire a peer by initiating a TCP connection. If it is successful, it transitions to OpenSent. If the connect retry timer expires, BGP restarts the connect timer and returns to the Connect state. While active, BGP is still listening for a connection "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Answer: A,D

lTe

A. The BGP session to the 10.1.1.1 neighbor is established. B. The router is trying to create a BGP peering session with the 10.1.1.1 neighbor. C. The BGP session to the 10.3.3.3 neighbor is created, but the router received no BGP routing updates from the 10.3.3.3 neighbor. D. The router is attempting to establish a BGP peering session with the 10.2.2.2 neighbor.

sts

.co

24

www.CareerCert.info
Cisco 642-832: Practice Exam that may be initiated from another peer. The state may go back to Idle in case of other events, such as a stop event initiated by the system or the operator. In general, a neighbor state that is switching between "Connect" and "Active" is an indication that something is wrong and that there are problems with the TCP connection. It could be because of many TCP retransmissions, or the incapability of a neighbor to reach the IP address of its peer. * OpenSent - In the OpenSent state, BGP is waiting for an open message from its peer. The open message is checked for correctness. In case of errors, such as an incompatible version number or an unacceptable AS, the system sends an error notification message and goes back to idle. If there are no errors, BGP starts sending keepalive messages and resets the keepalive timer. At this stage, the hold time is negotiated and the smaller value is taken. If the negotiated hold time is zero (0), the hold timer and the keepalive timer are not restarted. At the OpenSent state, BGP recognizes whether the peer belongs to the same AS or to a different AS. BGP does this by comparing its AS number to the AS number of its peer. A same AS is an IBGP peer and a different AS is an EBGP peer. When a TCP disconnect is detected, the state falls back to Active. For any other errors, such as an expiration of the hold timer, BGP sends a notification message with the corresponding error code. Then it returns to the Idle state. * OpenConfirm - While in OpenConfirm state, BGP is waiting for a keepalive or notification message. If a keepalive message is received, the state goes to the Established state, and the neighbor negotiation is complete. If the system receives an update or keepalive message, it restarts the hold time, assuming that the negotiated hold time is not zero. If a notification message is received, the state falls back to Idle. The system sends periodic keepalive messages at the rate set by the keepalive timer. In the case of any TCP disconnect or in response to any stop event, initiated by the system or the administrator, the state returns to Idle. In response to any other event, the system sends a notification message with an FSM error code and returns to the Idle state. * Established - Established is the final state in the neighbor negotiation. BGP starts exchanging update packets with its peers. If it is non-zero, the hold timer is restarted at the receipt of an update or keepalive message.

QUESTION NO: 28 The "show ip bgp" command was issued on a Router as shown below:

Based on the Router2 output, which statement is true? "Pass Any Exam. Any Time." - www.actualtests.com 25

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. The best path to reach the 192.168.11.0 prefix is via 10.200.200.11. B. The 192.168.11.0 and 192.168.12.0 prefixes were learned via EBGP from the 10.200.200.11 and 10.200.200.12 EBGP neighbors. C. The best path to reach the 192.168.11.0 prefix is via both 10.200.200.11 and 10.200.200.12; BGP will automatically load balance between the two. D. The best path to reach the 192.168.11.0 prefix is via 10.200.200.12. E. None of the other alternatives apply. Answer: D Explanation: The best path to any given destination is noted by the ">" in the IP BGP table. In this case, the best path to 192.168.11.0 is via next hop 10.200.200.12 due to the fact that the weight is higher (101) than the path via the alternative next hop. Weight is a Cisco proprietary method for path determination and the weight value is used above all other values. Within a router, the path with the highest weight will be preferred.

QUESTION NO: 29

While verifying BGP operation on the Company router, you issue the "show ip bgp" command as shown below: routerR>show ip bgp BGP table version is 1046033, local router ID is 198.32.162.100 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e EGP, ? -incomplete Network Next Hop Metric LocPrf Weight Path * > 143.16.0.0 128.214.63.2 0 400 0 200 1 * 143.16.0.0 192.208.10.5 0 300 0 300 1 * 143.16.0.0 143.16.63.5 0 100 0 200 1 * 143.16.0.0 203.250.13.41 0 100 0 500 1 From the information above, which path will the network 143.16.0.0 prefer to take to exit the AS? A. 128.214.63.2 B. 192.208.10.5 C. 128.213.63.5 D. 203.250.13.41 E. All of the above will be used in a round robin fashion. Answer: A "Pass Any Exam. Any Time." - www.actualtests.com 26

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: Local preference (LocPref) is a well-known discretionary attribute that provides an indication to routers in the AS about which path is preferred to exit the AS. A path with a higher local preference is more preferred. In this scenario the following entry has the highest local preference value of 400. Network Next Hop Metric LocPrf Weight Path * > 128.213.0.0 128.214.63.2 0 400 0 200 1 The preferred exit path of the AS is therefore 128.214.63.2, as noted by the">" which refers to the best path for this destination.

QUESTION NO: 30 Refer to the exhibit. Router RTR is attempting to establish BGP neighbor relationships with routers RT1 and RT3. On the basis of the information that is presented in the exhibit, which two statements are true? (Choose two.)

A. RTR has a BGP password set but neighbor 10.0.0.1 does not. B. Neighbor 10.0.0.5 has a BGP password set but RTR does not. C. RTR has a BGP password set but neighbor 10.0.0.5 does not. D. RTR has a BGP password set but neighbor 10.0.0.1 has an incorrect password set. E. Neighbor 10.0.0.1 has a BGP password set but RTR does not. F. RTR has a BGP password set but neighbor 10.0.0.5 has an incorrect password set. Answer: A,F "Pass Any Exam. Any Time." - www.actualtests.com 27

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: The above log message means that there is an invalid MD5 password on one neighbor, where the other neighbor is configured for authentication while the other is not. If both sides were configured and there was a password mismatch, the error message would indicated "Bad MD5 digest" not "No MD5 digest." Only one configuration step is required to use BGP password authentication; that step is enabling password authentication on a peer-by-peer basis using the neighbor ip-address password password command. neighbor {ip-address | peer-group} password [0-7] password-string

QUESTION NO: 31 A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated to all of the devices. The route is not now in any of the routing tables. The administrator determines that an access list is the cause of the problem. The administrator changes the access list to allow this route, but the route still does not appear in any of the routing tables. What should be done to propagate this route? A. Clear the BGP session. B. Change both the inbound and outbound policy related to this route. C. Use the service-policy command to adjust the QOS policy to allow the route to propagate. D. Use the release BGP routing command. Answer: A

Explanation: When configuring BGP, changes made to an existing configuration may not appear immediately. In order to force BGP to clear its table and reset BGP sessions, use the clear ip bgp * command : Router# clear ip bgp * The asterisk (*) is a wildcard that matches all table entries. Therefore, all BGP routes are lost while the neighbor relationships are reset. This is expedient and very useful in a lab situation, but caution should be exercised when issuing this command on a production router. On an Internet backbone router, it may be more appropriate to use this command with a specific IP address, as shown in the following: Router# clear ip bgp 192.168.0.0

QUESTION NO: 32 Refer to the exhibit. Routers RTA and RTB are running BGP but the session is active. What command needs to be added to establish the BGP session? "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

28

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: A

Explanation: When BGP is running between routers in different autonomous systems, it is called External BGP (EBGP). When BGP is running between routers in the same AS, it is called Internal BGP (IBGP). BGP allows the path that packets take to be manipulated by the AS, as described in this module. It is important to understand how BGP works to avoid creating problems for your AS as a result of running BGP. A static route can be used to form an adjacency between EBGP neighbors.

QUESTION NO: 33 Refer to the exhibit. Router RT3 discovers network 202.176.56.0 via BGP. Which one of these statements is true?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. ip route 10.10.10.1 255.255.255.255 s0/0 ip route 10.10.10.1 255.255.255.255 s0/1 B. network 10.10.10.0 C. no synchronization D. neighbor 10.10.10.1 next-hop-self

sts

.co

29

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: C Explanation:

QUESTION NO: 34

Refer to the exhibit. On the basis of the information in the exhibit, which two statements are true? (Choose two.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. RT1 advertised network 202.176.50.0/24 with a metric of 782. B. RT3 is directly connected to RT1 using subnet 192.168.1.0. C. RT3 has an IGP metric of 782 to reach 192.168.1.1. D. RT3 has a BGP metric of 782 to reach 192.168.1.1. E. RT1 advertised network 202.176.50.0/24 with a metric of 1000. F. RT3 has an IGP metric of 1782 to reach 202.176.56.0/24.

sts

.co

30

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: D,F Explanation: The "show ip route bgp" command will display any BGP-learned routes that make it into the IP routing table, the command "show ip bgp" is required to display the contents of the actual BGP routing table. This output was seen on ISP because the local router ID is 192.168.100.1 (ISP). Since we know that this output must have been seen by ISP, we know the serial 0/0/1 interface has been configured with a metric of 75, as this is the metric to the peer with IP address 192.168.1.2 (the other side of the serial 0/0/1 interface).

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. When traffic is sent from the ISP to autonomous system 64512, the traffic will be forwarded to SanJose2 because of the higher MED value of SanJose2. B. The serial 0/0/1 interface on the ISP router has been configured with the set metric 50 command. C. The output was generated by entering the show ip bgp command on the SanJose1 router. D. The output was generated by entering the show ip bgp command on the ISP router. E. The serial 0/0/1 interface on the ISP router has been configured with the set metric 75 command. F. When traffic is sent from the ISP to autonomous system 64512, the traffic will be forwarded to SanJose1 because of the lower MED value of SanJose1.

tua

lTe

sts

.co

31

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 35 Refer to the exhibit. All routers are configured for BGP. EBGP routes received on router R2 show up in the BGP table on routers R1 and R3 but not in their IP routing tables. What would cause this?

Answer: B,C

Explanation: If your AS passes traffic from another AS to a third AS, BGP should not advertise a route before all routers in your AS learn about the route via IGP. BGP waits until IGP propagates the route within the AS and then advertises it to external peers. A BGP router with synchronization enabled does not install iBGP learned routes into its routing table if it is not able to validate those routes in its IGP. Issue the no synchronization command under router bgp in order to disable synchronization. This prevents BGP from validating iBGP routes in IGP. In this scenario, the routers must learn of the same route via an IGP, or synchronization should be turned off. Since this AS does not appear to be a transit AS, the best solution would be to disable synchronization. Reference: BGP Case Studies, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#synch

QUESTION NO: 36 The network consists of two separate autonomous systems as shown below:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

A. EBGP multihop is not configured on routers R1 and R3. B. Routers R1 and R3 do not receive the same routes via an IGP. C. Synchronization in autonomous system 100 is turned is on. D. The BGP routers in autonomous system 100 are not logically fully-meshed. E. Synchronization in autonomous system 100 is turned is off.

.co

32

www.CareerCert.info
Cisco 642-832: Practice Exam

You need to configure Router R2 as a BGP route reflector and Router R1 as the client. Assuming that Router R3 isn't running BGP, which two of the commands below would you enter on R2 to satisfy your goals? (Select two) A. neighbor 165.50.12.1 remote-as 65100 B. neighbor 165.50.12.2 remote-as 64000 C. neighbor 165.50.12.1 route-reflector-client D. neighbor 165.50.12.2 route reflector-client Answer: B,D

QUESTION NO: 37

The network consists of a series of routers that are all configured for IBGP. Which one of the following IBGP characteristics is true? A. The IBGP routers must always be fully meshed. B. The IBGP routers can be in a different AS. C. The IBGP routers must be directly connected. D. The IBGP routers do not need to be directly connected. E. None of the other alternatives apply are true. Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Explanation: B: RouterR2( config-router)# neighbor 165.50.12.2 remote-as 64000 We configure router R1 (165.50.12.2) as a neighbor in AS 64000. D: RouterR2( config-router)# neighbor 165.50.12.2 route-reflector-client Configures the router R2 as a BGP route reflector and configures the specified neighbor R1 (165.50.12.2) as its client. Incorrect Answers: A: We must specify router R1 as neighbor, not R2 itself (165.50.12.1). Furthermore, we should use the local AS (64000), not the remote AS 65100. C: We must specify router R1 as route reflector client, not R2 itself (165.50.12.1).

lTe

sts

.co

33

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: The IBGP routers do not have to be directly connected. The remote IBGP peers need only be reachable via a TCP connection. For example, if the network is also running an interior routing protocol such as EIGRP or OSPF, the remote IBGP router could be many hops away, as long as it is reachable via the IGP that is being used. Incorrect Answers: A: Using route reflectors or confederations a full mesh topology is not necessary. B: The IBGP routers must be placed in the same AS. Peers that are in different autonomous systems are using EBGP, not IBGP. C: The IBGP routers do not have to be directly connected.

QUESTION NO: 38

Based on the above configuration, which of the following BGP statements would inject the 10.10.0.0/16 prefix into the BGP routing table? A. network 10.0.0.0 B. network 10.10.0.0 mask 255.255.0.0 C. network 10.10.10.1 mask 255.255.255.255 D. network 10.10.10.0 mask 255.255.255.0 E. network 10.0.0.0 mask 255.255.0.0 Answer: B Explanation: The /16 mask is equal to 255.255.0.0, so answer choice B matches the address and the mask. To specify the route as classless, the mask keyword should be included or the network will be summarized at the network boundary.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

interface ethernet 0 ip address 10.10.10.1 255.255.0.0 ! int serial 0 ip address 172.16.1.1 255.255.255.252 ! router bgp 65001 neighbor 192.168.1.1 remote-as 65002

sts

.co

A BGP router is configured as shown below:

34

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 39 Router R-1 is configured for BGP routing as shown below: router bgp 65300 network 27.0.0.0 neighbor 192.23.1.1 remote-as 65300 From the perspective of router R-1, what kind of router is the router with IP address 192.23.1.1? A. A peer router running IBGP B. A peer router running EBGP C. A community member running IBGP D. A peer group member running IBGP E. A peer group member running EBGP Answer: A

QUESTION NO: 40

What is the correct command to summarize these prefixes into a single summary prefix of 192.168.12.0/22 while also allowing for the advertisement of the more specific prefixes? A. network 192.168.12.0 mask 255.255.252.0 B. network 192.168.12.0 mask 0.0.3.255 C. network 192.168.12.0 D. aggregate-address 192.168.12.0 255.255.252.0 E. aggregate-address 192.168.12.0 255.255.252.0 summary-only F. aggregate-address 192.168.12.0 255.255.252.0 as-set "Pass Any Exam. Any Time." - www.actualtests.com 35

Ac

tua

The BGP routing table consists of the following network routes:

lTe

sts

Explanation: Both the local and remote router is configured with the same autonomous system number so they are peer routers running IBGP.

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: D Explanation: To summarize BGP prefixes into one aggregated route, use the "aggregate-address" command. When used alone, this will advertise the aggregate route, along with the individual specific routing entries. To advertise only the aggregated route, use the "summary-only" keyword, as specified in choice E.

QUESTION NO: 41 Router R1 needs to be configured to advertise a specific network. Which of the following commands would you use if you wanted to advertise the subnet 154.2.1.0 255.255.255.0 to the EBGP neighbors on your subnet? A. Router (config-router)#network 154.2.1.0 B. Router (config-router)#network 164.2.1.0 C. Router (config-router)#network-advertise 154.2.1.0 D. Router (config-router)#network 154.2.1.0 mask 255.255.255.0 E. None of the other alternatives apply Answer: D

Explanation: The network command is used to specify the networks to be advertised by the Border Gateway Protocol (BGP) and multiprotocol BGP routing processes. Syntax: network network-number [ mask network-mask ] [ route-map map-name ] Mask and route-map are optional. If the mask keyword is configured, then an exact match must exist in the routing table. Incorrect Answers: A: If we do not specify the subnet mask then additional networks are allowed to be advertised. The classful subnet mask of 154.2.1.0 is 255.255.0.0 - a Class B network. B: This is using the incorrect IP address, as well as a missing subnet mask. C: The network-advertise is an invalid command.

QUESTION NO: 42 You are the administrator of a company with BGP connections to multiple ISP's. How could you configure BGP to make it favor one particular ISP for outbound traffic? A. Configure weight B. Enable route reflector

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

36

www.CareerCert.info
Cisco 642-832: Practice Exam C. Create a distribute list D. Enable the Longer Autonomous System path option. E. All of the above. Answer: A Explanation: If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. Weight is a Cisco BGP parameter that is local to the router. When terminating multiple ISP connections into the same router, weight can be used to affect which path is chosen for outbound traffic. Incorrect Answers: B: A route reflector cannot be used to influence outbound traffic. A route reflector modifies the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers. This saves on the number of BGP TCP sessions that must be maintained, and also reduces the BGP routing traffic. C: Distribute lists restrict the routing information that the router learns or advertises. By itself a distribute list cannot make routes from one ISP be preferred to routers from another ISP. D: This choice describes ASD path pre-pending, which would be used to influence the path that incoming traffic takes, not outgoing.

A. Route reflectors B. Route maps C. Route redistribution D. Peer groups E. Aggregate addresses Answer: A

Explanation: In general, all IBGP peers must be configured to be fully meshed. If they are not, then all of the IBGP routers will not have the updated information from the external BGP routers. There are two ways to overcome the scalability issues of a full IBGP mesh: route reflectors and confederations. With route reflectors, internal BGP routers peer only with the route reflector, and then the route reflectors connect with each other. This can considerably reduce the number of IBGP sessions. Another solution to the scalability problem of IBGP is the use of confederations. With confederations, the AS is broken up into smaller, more manageable sub autonomous systems. "Pass Any Exam. Any Time." - www.actualtests.com 37

Ac

tua

An ISP is running a large IBPG network with 25 routers. The full mesh topology that is currently in place is inefficiently using up bandwidth from all of the BGP traffic. What can the administrator configure to reduce the number of BGP neighbor relationships within the AS?

lTe

QUESTION NO: 43

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 44 What are the two reasons for the appearance of 0.0.0.0 as the next hop for a network when using the "show ip bgp" command? (Choose two) A. The network was originated via redistribution of an interior gateway protocol into BGP. B. The network was defined by a static route. C. The network was learned via IBGP. D. The network was learned via EBGP. E. The network was originated via a network or aggregate command. Answer: A,E

Q. What does a next hop of 0.0.0.0 mean in the show ip bgp command output?

QUESTION NO: 45

Refer to the exhibit diagram and configuration. RTB is summarizing its networks from AS 64100 with the aggregate-address command. However, the show ip route command on RTA reveals the RTB individual networks as well as its summary route. Which option would ensure that only the summary route would appear in the routing table of RTA?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Reference: http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#tw o

lTe

sts

A. A network in the BGP table with a next hop address of 0.0.0.0 means that the network is locally originated via redistribution of Interior Gateway Protocol (IGP) into BGP, or via a network or aggregate command in the BGP configuration.

.co

Explanation: From BGP FAQ on www.cisco.com :

38

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 46

Refer to the exhibit. BGP has been configured on the routers in the network. However, the IBGP peers in autonomous system 65200 have not converged. In addition, this console message was generated on router R2: *Mar 1 03:09:07.729: %TCP-6-BADAUTH No MD5 digest from 10.10.23.2(179) to 10.10.23.3(11002) On the basis of the information that is provided, what is the cause of the problem?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

The purpose of aggregate-address <network> <netmask> summary-only command is to suppress the advertisement of more specific routes.

lTe

Explanation: The aggregate-address <address> <netmask> command advertises the summary address as well as theadvertisement of the more specific routes.

sts

Answer: D

.co

A. Add a static route with a prefix of 192.168.24.0 255.255.252.0 pointing to the null0 interface. B. Create a route map permitting only the summary address. C. Delete the four network statements and leave only the aggregate-address statement in the BGP configuration. D. Add the keyword summary-only to the aggregate-address command.

39

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: D

QUESTION NO: 47

Refer to the exhibit. Which two statements are correct? (Choose two.)

A. All the routes were redistributed into BGP from an IGP. B. All the routes were originated by BGP with the network command. C. All six routes will be installed in the routing table.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Explanation: The above log message is relating the invalid MD5 password on neighbor. Both peers need to use the same password for MD5 authentication.

sts

.co

A. OSPF must be configured with the same MD5 authentication. B. BGP authentication can be used on iBGP peers when the connection is configured between the loopback interfaces. C. BGP authentication can be used on eBGP peers only. D. The password that is used for BGP authentication on both BGP peers in autonomous system 65200 must be the same.

40

www.CareerCert.info
Cisco 642-832: Practice Exam D. Four routes will be installed in the routing table. E. Two routes will be installed in the routing table. Answer: A,D Explanation: Because the AS paths shown all end with a ? we know that all of the routes had beed redistributed into BGP. The four best paths, as noted with the > sign, will all be inserted into the routing table.

Section 4: Troubleshoot routing redistribution solution (5 Questions)

QUESTION NO: 48

During a redistribution of routes from OSPF into EIGRP, the administrator notices that none of the OSPF routes are showing up in EIGRP. What are two possible causes? (Choose two.) A. Incorrect distribute lists have been configured B. Missing ip classless command C. CEF not enabled D. No default metric configured for EIGRP Answer: A,D

Explanation: Possible reasons for OSPF routes not showing up include the use of distribute lists to control routing and no metric is configured either with the redistribute command or with default-metric. Remember while redistributing into RIP or EIGRP, you should provide the metric. Here are the default seed metrics for various protocols: RIP : Infinity EIGRP : Infinity OSPF : 20 IS-IS: 0

QUESTION NO: 49

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

41

www.CareerCert.info
Cisco 642-832: Practice Exam Refer to the exhibit and the partial configuration on router R2. On router R4 all RIP routes are redistributed into the OSPF domain. A second redistribution is configured on router R2 using a route map. Based on the configuration on router R2, which EIGRP external routes will be present in the routing table of R1? Select the best response.

Answer: C

Explanation: The route-map command is used to configure policy routing, which is often a complicated task. A route map is defined using the syntax shown in the figure. Syntax: RouterA( Config)#route-map map-tag [permit | deny ] <Sequence Number> RouterA( Config-map-router)# The map-tag is the name, or ID, of the route map. This map-tag can be set to something easily recognizable name. The route-map command changes the mode on the router to the route-map configuration mode, from there conditions can be configured for the route map. Route maps operate similar to access lists, by examining one line at a time and when a match is found, action is taken. Route maps are different from numbered access lists because they can be modified without changing the entire list. Each route map statement is given a number. If a "Pass Any Exam. Any Time." - www.actualtests.com 42

Ac

A. There will be no EIGRP external routes in the routing table of R1. B. The routes originating from the RIP routing domain. C. Only routes originating in the OSPF routing domain. D. All routes originating from RIP and OSPF routing domains. E. None of the other alternatives apply.

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam sequence number is not specified, the first route map condition will automatically be numbered as ten (10). The second condition will automatically be numbered as 20, and so on. The optional sequence number can be used to indicate the position that a new route map is to have in the list of route maps already configured with the same name. In this exhibit an access-list is created to deny from 100.10.0.0 and 200.10.10.0 (RIP Domain) and that is called by route-map ABC. While redistributing OSPF routes into EIGRP the RED rout-map is used; and it denies advertising the RIP domain network into EIGRP.

QUESTION NO: 50 Refer to the exhibit. The routing protocols EIGRP and OSPF have been configured as indicated in the exhibit. Given the partial configuration of router R2, which network will be present in the routing table of R4?

A. Network B B. Network A and Network B C. Network A D. neither Network A nor Network B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

43

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: A Explanation: In this exhibit the OSPF domain is redistributed into the EIGRP 100 domain so Network B will present into Router R4. However, the Network A network will not be seen on router R4 (The bottom router which is improperly labeled Network B) because EIGRP 50 was not redistributed into EIGRP 100.

QUESTION NO: 51 Refer to the network shown below:

Answer: C Explanation: Use the distribute-list command to pick and choose which routing updates a router will send or receive. By referencing an access list, the distribute-list creates a route filter. This is a set of rules that precisely controls what routes a router will send or receive in a routing update. This command is available for all IP routing protocols and can be applied to either inbound or outbound routing updates. When applied to inbound updates, the syntax for configuring a route filter is as follows: Router( config-router)# distribute-list access-list-number in [ interface-name ] When applied to outbound updates, the syntax can be more complicated as shown in the following: "Pass Any Exam. Any Time." - www.actualtests.com 44

Ac

A. Set the OSPF default metric to 20. B. Apply an inbound ACL to the R2 serial interface. C. Configure distribute-lists on R3 and R4. D. Change the RIP administrative distance on R3 to 110. E. Change the OSPF administrative distance on R3 to 110. F. None of the other alternatives apply

tua

lTe

R1 and R2 belong to the RIP routing domain that includes the networks 10.20.0.0/16 and 10.21.0.0/16. R3 and R4 are performing two-way route redistribution between OSPF and RIP. A network administrator has discovered that R2 is receiving OSPF routes for the networks 10.20.0.0/16 and 10.21.0.0/16 and a routing loop has occurred. Which action will correct this problem?

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Router( config-router)# distribute-list access-list-number out [ interface-name | routing-process | as-number ] The routing-process and as-number options are invoked when exchanging routes between different routing protocols.

QUESTION NO: 52 RIP and OSPF are configured on the routers as shown in the exhibit. R2 is configured with a twoway redistribution between RIP and OSPF domains. All routers can ping each other, but R1 cannot see any of the OSPF routes in its routing table. What could the problem be?

A. OSPF and RIP use the same major network 172.16.0.0. Therefore, the keywordsubnets is not required to redistribute protocols into OSPF. B. Because OSPF has a longer mask for the same major network than RIP and because RIP version 1 is being used, none of the routes learned from OSPF will be advertised into RIP. C. The metric for the OSPF routes that are redistributed into RIP is too low, a fact that prevents OSPF routes from being advertised into RIP. D. The process of redistribution of RIP into OSPF does not require any metric conversion, so there is no need to define the metric using the default-metric command during the redistribution. Answer: B Explanation: The subnets keyword tells OSPF to redistribute all subnet routes. Without the subnets keyword, only networks that are not subnetted are redistributed by OSPF. Example: Router A(config)# router ospf 109 Router A(config-router)# redistribute rip subnets Router "Pass Any Exam. Any Time." - www.actualtests.com 45

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A(config-router)# network 130.10.62.0 0.0.0.255 area 0 Router A(config-router)# network 130.10.63.0 0.0.0.255 area 0

Section 5: Troubleshoot a DHCP client and server solution (13 Questions)

QUESTION NO: 53 What is the purpose of configuring router R1 with the "IP Helper address" command? A. IP Helper is used to direct BOOTP clients to a BOOTP server. B. IP Helper is used to prevent the router form forwarding IP broadcasts. C. IP Helper is used to allow IPX clients to communicate with IP-based servers. D. IP Helper is used to accommodate compatibility routers using different IP routing protocols. E. None of the other alternatives apply Answer: A

Explanation: The ip helper-address command is used to have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts, including BOOTP, received on an interface. DHCP protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the router interface closest to the client. The helper address should specify the address of the DHCP server. Note: A DHCP server can be considered to be a BOOTP server, even though a DHCP server is more advanced. Incorrect Answers: B: Combined with the ip forward-protocol global configuration command, the ip helper-address command allows you to control which broadcast packets and which protocols are forwarded. However, the main purpose of the IP helper feature is not to prevent the router from forwarding IP broadcasts. C: IP helper does not use IPX. D: This is false.

QUESTION NO: 54 When you execute the "ip helper-address" command on a router, which three UDP ports get enabled automatically by default? (Select three) A. 53 (DNS)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

46

www.CareerCert.info
Cisco 642-832: Practice Exam B. 69 (TFTP) C. 515 (LPR) D. 161 (SNMP) E. 49 (TACACS) Answer: A,B,E Explanation: To forward the BootP/DHCP request from the client to the DHCP server, the ip helper-address interface command is used. The IP helper-address can be configured to forward any UDP broadcast based on UDP port number. By default, the IP helper-address will forward the following UDP broadcasts: DNS (port 53), time service (port 37) Trivial File Transfer Protocol (TFTP) (port 69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and server datagrams (ports 67 and 68) IEN-116 name service (port 42) Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks http://www.cisco.com/warp/public/473/100.html

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Refer to the exhibit. Router RTA has been configured as a DHCP server. The two debug commands will generate output on RTA when Host A requests an IP address. Which set of DHCPD debug messages is in the correct sequence?

sts

QUESTION NO: 55

.co

47

www.CareerCert.info
Cisco 642-832: Practice Exam A. DHCPD: Sending DHCPOFFER to client DHCPD: DHCPDISCOVER received from client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPACK to client B. DHCPD: DHCPDISCOVER received from client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPOFFER to client DHCPD: Sending DHCPACK to client C. DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPACK to client D. DHCPD: DHCPREQUEST received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPACK to client E. DHCPD: Sending DHCPACK to client DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client F. DHCPD: DHCPDISCOVER received from client DHCPD: Sending DHCPACK to client DHCPD: Sending DHCPOFFER to client DHCPD: DHCPREQUEST received from client

Explanation: The following example shows a combination of DHCP server events and decoded receptions and transmissions: Router# debug ip dhcp server events Router# debug ip dhcp server packets DHCPD :DHCPDISCOVER received from client 0b07.1134.a029 through relay 10.1.0.253. DHCPD :assigned IP address 10.1.0.3 to client 0b07.1134.a029. DHCPD :Sending DHCPOFFER to client 0b07.1134.a029 (10.1.0.3). DHCPD :unicasting BOOTREPLY for client 0b07.1134.a029 to relay 10.1.0.253. DHCPD :DHCPREQUEST received from client 0b07.1134.a029. DHCPD :Sending DHCPACK to client 0b07.1134.a029 (10.1.0.3). DHCPD :unicasting BOOTREPLY for client 0b07.1134.a029 to relay 10.1.0.253. DHCPD :checking for expired leases. Note that for this question, the correct order of events are highlighted above. "Pass Any Exam. Any Time." - www.actualtests.com 48

Ac

tua

Answer: C

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Reference: http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_h1.html#wp1020307

QUESTION NO: 56 Refer to the exhibit. Router RTA has been configured as a DHCP server for router RTC. On the basis of the information that is provided, which statement about DHCP is true?

A. The VLAN1-POOL argument must be issued for the Fa0/1 interface on router RTA. B. Router RTA must be configured with the default-router 192.168.3.2 DHCP command. C. The ip address dhcp interface configuration command must be issued for the Fa0/1 interface of router RTA. D. The ip helper-address 192.168.1.2 interface configuration command must be issued for the Fa0/1 interface on router RTA. E. Router RTC must be configured with the ip address dhcp global configuration command. F. The lease 2 0 0 DHCP configuration command would change the default DHCP lease time to 48 hours on router RTA. Answer: F Explanation: Configuring the Address Lease Time: By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode: "Pass Any Exam. Any Time." - www.actualtests.com 49

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Reference: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.ht m#22915

QUESTION NO: 57 Refer to the exhibit. Which statement is true about the information that is given?

A. Router R2 will distribute incorrect default router option information to DHCP clients because it is importing this information from R1. B. As configured, router R2 will retrieve domain name and other option information from R1. C. For the import all command to work on router R2, its Fa0/1 interface must be configured as a DHCP client. D. The DHCP clients of router R2 will receive the same option information that the clients of R1 receive. "Pass Any Exam. Any Time." - www.actualtests.com 50

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: C Explanation: DHCP Server Options Import and Autoconfiguration Example: The following example shows a remote and central server configured to support DHCP options import and autoconfiguration. The central server is configured to automatically update DHCP options, such as DNS and WINs addresses, within the DHCP pools. In response to a DHCP request from a local client behind CPE equipment, the remote server can request or "import" these option parameters from the centralized server. See below for a diagram of the network topology.

Central Router !do not assign this range to DHCP clients ip dhcp-excluded address 10.0.0.1 10.0.0.5 ! ip dhcp pool central ! Specifies network number and mask for DHCP clients network 10.0.0.0 255.255.255.0 ! Specifes the domain name for the client domain-name central ! Specifies DNS server that will respond to DHCP clients when they need to correlate host ! name to ip address dns-server 10.0.0.2 !Specifies the NETBIOS WINS server netbios-name-server 10.0.0.2 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto Remote Router ! "Pass Any Exam. Any Time." - www.actualtests.com 51

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam ip dhcp pool client ! Imports DHCP options parameters into DHCP server database import all network 20.0.0.0 255.255.255.0 ! interface FastEthernet0/0 ip address dhcp duplex auto speed auto In our example, Router R 1 is acting as the central router, and R 2 is acting as the remote router. As shown in the example, interface Fa0/1 needs to have the "ip address dhcp" command applied, making it a DHCP client. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0 9186a00800ca75c.html#wp1009276

QUESTION NO: 58

A. ASw1(config)# interface range fastethernet 0/1 - 24 ASw1(config-if-range)# ip forward-protocol udp 69 B. RTA(config)# interface fastethernet0/1 RTA(config-if)# ip forward-protocol udp 69 C. RTA(config)# interface fastethernet0/0 RTA(config-if)# ip helper-address 10.1.2.10 D. RTA(config)# interface fastethernet0/1 RTA(config-if)# ip helper-address 10.1.2.10 "Pass Any Exam. Any Time." - www.actualtests.com 52

Ac

tua

lTe

Refer to the exhibit. A network administrator consoles into the ASw1 switch and attempts to save the switch configuration to the TFTP server that is located at IP address 10.1.2.10/24. However, whenever the copy running-config tftp command is issued with default options on switch ASw1, an error is produced. Which configuration would correct this situation?

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam E. RTA(config)# interface fastethernet0/0 RTA(config-if)# ip forward-protocol udp 69 F. ASw1# copy tftp running-config Answer: C Explanation: DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices might use broadcasts to locate TFTP servers. Some clients might need to broadcast to locate a TACACS security server. In a complex hierarchical network, clients might not reside on the same subnet as key servers. Such remote clients broadcast to locate these servers, but routers, by default, do not forward client broadcasts beyond their subnet. Some clients are unable to make a connection without services such as DHCP. For this reason, the administrator must provide DHCP and DNS servers on all subnets or use the Cisco IOS software helper address feature. Running services such as DHCP or DNS on several computers creates overhead and administrative problems, so the first option is not very appealing. When possible, administrators use the ip helper-address command to relay broadcast requests for these key User Datagram Protocol (UDP) services. By using the ip helper-address command, a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address By default, the ip helper-address command will forward these 8 UDP ports: Reference: http://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9

Refer to the exhibit. Based upon the information in the exhibit, which statement is true?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 59

lTe

sts

.co

53

www.CareerCert.info
Cisco 642-832: Practice Exam A. DHCP requests from the host will be rebroadcasted to R2. B. To complete this configuration, the R1 fa0/0 interface must be configured with the ip helperaddresses command. C. To complete this configuration, the R2 fa0/0 interface must be configured with the ip helperaddresses command. D. R1 will forward all DHCP requests to both 192.168.100.1 and 192.168.200.1 as unicast messages. E. R1 will forward DHCP requests to 192.168.100.1. If there is no response, R1 will then forward the requests to 192.168.200.1. Answer: D Explanation: A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface. The agents forward requests and replies between clients and servers when they are not on the same physical subnet. The Cisco IOS DHCP relay agent is enabled on an interface only when the ip helper-address is configured. If multiple helper-addresses are configured, it tries to get response from first, if no response got from the first helper address then sends the request to second one.

Refer to the exhibit. Which two statements are true? (Choose two)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 60

lTe

sts

.co

54

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: A,E

Explanation: While routers accept and generate broadcasts, they do not forward them. This can be quite a problem when a broadcast needs to get to a device such as a DHCP or TFTP server that's on one side of a router with other subnets on the other side.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. DHCPDISCOVER packets will reach the DHCP server. B. The router will not forward DHCPDISCOVER packets because it has not been configured to do so. C. This configuration is applied to interface Fa0/1. D. DHCPDISCOVER packets will not reach the DHCP server because DHCPDISCOVER packets are broadcasts. E. DHCPDISCOVER packets will not reach the DHCP server because ports 67 and 68 have not been explicitly allowed by the ip forward-protocol command. F. This configuration is applied to interface Fa0/0.

lTe

sts

.co

55

www.CareerCert.info
Cisco 642-832: Practice Exam

This command does forward eight common UDP service broadcasts by default. TIME, port 37 TACACS, port 49 DNS, port 53 BOOTP/DHCP Server, port 67 BOOTP/DHCP Client, port 68 TFTP, port 69 NetBIOS name service, port 137 NetBIOS datagram service, port 138 That's going to cover most scenarios where the ip helper-address command will be useful, but what about those situations where the broadcast you need forwarded is not on this list? You can use the ip forward-protocol command to add any UDP port number to the list. In this particular case, ports 67 and 68 were not included, so the BOOTP packets will not be sent to the DHCP server.

QUESTION NO: 61 On router R1, which three of the following protocols will be forwarded to a host specified by the "ip helper-address" interface configuration command if the configuration has not been modified by the "ip forward-protocol udp" global configuration command? (Choose three)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

R1( config)#int e0 R1(config-if)#ip helper-address ? A.B.C.D IP destination address R1( config-if)#ip helper-address 10.1.1.1

lTe

If this PC attempts to locate a DNS server with a broadcast, the broadcast will be stopped by the router and will never get to the DNS server. By configuring the ip helper-address command on the router, UDP broadcasts such as this will be translated into a unicast by the router, making the communication possible. The command should be configured on the interface that will be receiving the broadcasts.

sts

.co

56

www.CareerCert.info
Cisco 642-832: Practice Exam A. BOOTP B. TFTP C. ARP D. DNS E. proxy-ARP F. FTP G. CDP Answer: A,B,D Explanation: To forward the BootP/DHCP request from the client to the DHCP server, the ip helper-address interface command is used. The IP helper-address can be configured to forward any UDP broadcast based on UDP port number. By default, the IP helper-address will forward the following UDP broadcasts: DNS (port 53), time service (port 37) Trivial File Transfer Protocol (TFTP) (port 69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and server datagrams (ports 67 and 68) IEN-116 name service (port 42) Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks http://www.cisco.com/warp/public/473/100.html

Refer to the exhibit. Which statement is true about the configuration?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 62

sts

.co

57

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation: When configuring the Router as a DHCP server you should follow these steps: Define the pool using ip dhcp pool <poolname> Define the network to assign to client to the pool using : network network/mask Define the lease time using lease days Define the DNS server to resolve name/ip using: dns-server <ip address> Define the Default Gateway to assign to the client: degault-router <router ip add> In exhibit there is no dns-server in pool 1 and pool 2. If a dns server is not defined in the pool, it takes from the previous pool, same thing will happen here, pool 1 and pool 2 use the 10.10.20.50 as the DNS server from the pool 0.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: C

tua

A. Hosts belonging to DHCP pool 1 and pool 2 will retain their IP settings for 30 hours before they must renew. B. Hosts will receive IP settings from pool 1 until the addresses run out, and then hosts will receive the settings from pool 2. C. Hosts in the 10.10.20.0/24 subnet will use 10.10.20.50 as its DNS server. D. DHCP pool 0 needs to have the ip dhcp excluded-address command to exclude the default router and DNS servers.

lTe

sts

.co

58

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 63 Refer to the exhibit. The DHCP configuration that is shown is configured on a Cisco router. Which statement is true?

Answer: D

Explanation: There are two pools with different networks. Pool 1 has 172.16.1.0/24 and pool 2 has 172.16.2.0/24. Suppose that the router has fa0/0 interface with IP address 172.16.1.1 and fa0/1 with IP address 172.16.2.1. When a client sends the DHCP request on fa0/0 the router will assign the IP address from pool 1 and when a client sends the DHCP request on fa0/1 Router will assign IP address from pool 2 because the pool selection is based on the network address of the associated interface IP address.

QUESTION NO: 64 Refer to the exhibit. A network administrator has configured DHCP services on the router as shown. DHCP clients connected to the FastEthernet0/0 interface are working properly. DHCP clients connected to the FastEthernet0/1 interface are not receiving addresses. Which two statements contain recommendations that will solve the problem? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 59

Ac

tua

A. The router will distribute IP addresses from pool 1 until its addresses are exhausted. Then the router will begin distributing addresses from pool 2. B. The configuration is invalid because the DHCP options are global configuration commands. C. The configuration is incomplete until the DHCP pools are bound to the appropriate interface or interfaces. D. The router will choose which pool to use based upon the interface the DHCP request was received on.

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

A. The network shown in the output under the ip dhcp pool Central command should be changed to network 10.10.0.0 with a mask of 255.255.255.0. B. A second DHCP pool for network 10.10.0.0/24 should be configured. C. An ip dhcp excluded-address global configuration command for network 10.10.0.0/24 should be issued. D. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to the FastEthernet0/0 configuration. E. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to the FastEthernet0/1 configuration. Answer: B,C Explanation: In the exhibit, the DHCP pool has been configured for the 10.0.0.0 255.255.255.0 network so clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not receiving an IP address because the DHCP pool for 10.10.0.0/24 network has not been configured. So to assign an IP address to clients connected to fa0/1 interface you should configure the DHCP pool for 10.10.0.0/24 network.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

60

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 65 Refer to the exhibit. Which two statements are true about the partial configuration that is shown? (Choose two.)

A. Hosts connected to the FastEthernet0/1 interface will not receive DHCP replies from the router. B. The first DHCP client to connect to the FastEthernet 0/1 interface will receive the IP address 10.10.0.1. C. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address 10.0.0.1 D. DHCP requests received on the FastEthernet 0/1 interface will be forwarded to 10.0.0.2. E. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address 10.0.0.6. Answer: A,E Explanation: In the exhibit, the DHCP pool has been configured for the 10.0.0.0 255.255.255.0 network so clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not receiving IP address because the DHCP pool for the 10.10.0.0/24 network has not been configured. So to assign IP addresses to clients connected to fa0/1 interface you should configure "Pass Any Exam. Any Time." - www.actualtests.com 61

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam the DHCP pool for 10.10.0.0/24 network.

Section 6: Troubleshoot NAT (0 Questions)

Section 7: Troubleshoot first hop redundancy protocols (18 Questions)

QUESTION NO: 66 Refer to the exhibit. Which two statements are true about the output from the show standby vlan 50 command? (Choose two.)

A. The command standby 1 preempt was added to Catalyst_A. B. Catalyst_A is load sharing traffic in VLAN 50. C. Hosts using the default gateway address of 192.168.1.1 will have their traffic sent to 192.168.1.11 even after Catalyst_A becomes available again. D. Hosts using the default gateway address of 192.168.1.2 will have their traffic sent to Catalyst_A. Answer: A,B Explanation: "Pass Any Exam. Any Time." - www.actualtests.com 62

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. To configure a router as the active router, you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The default priority is 100, so if you configure just one router to have a higher priority, that router will be the default active router. HSRP works by the exchange of multicast messages that advertise priority among HSRPconfigured routers. When the active router fails to send a hello message within a configurable period of time, the standby router with the highest priority becomes the active router. The transition of packet- forwarding functions between routers is completely transparent to all hosts on the network. HSRP-configured routers exchange three types of multicast messages:

Hello - The hello message conveys to other HSRP routers the router's HSRP priority and state information. By default, an HSRP router sends hello messages every three seconds.

Coup - When a standby router assumes the function of the active router, it sends a coup message.

Active - The router is performing packet-transfer functions.

Standby - The router is prepared to assume packet-transfer functions if the active router fails.

Speaking and listening - The router is sending and receiving hello messages.

Listening - The router is receiving hello messages. The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

Resign - A router that is the active router sends this message when it is about to shut down or when a router that has a higher priority sends a hello message. At any time, HSRP-configured routers are in one of the following states:

.co

63

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 67 Refer to the exhibit. Based upon the debug output that is shown, which three statements about HSRP are true? (Choose three.)

Answer: B,D,E

Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface. This address is used for all routing protocol and management traffic initiated by or destined to the router. In addition, each router has a common gateway IP address, the virtual router address, that is kept alive by HSRP. This address is also referred to as the HSRP address or the standby address . Clients can point to that virtual router address as their default gateway, knowing that a router always keeps that address active. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet. You can assign the HSRP address with the following interface command: Switch( config-if)# standby group ip ip-address [secondary] When HSRP is used on an interface that has secondary IP addresses, you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address. You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. Use the following interface configuration command to allow preemption: Switch( config-if)# standby group preempt [delay seconds] By default, the router can preempt another immediately, without delay. You can use the delay "Pass Any Exam. Any Time." - www.actualtests.com 64

Ac

tua

lTe

sts

A. The router with IP address 172.16.11.112 is using default HSRP priority. B. The IP address 172.16.11.115 is the virtual HSRP IP address. C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address 172.16.11.111. D. The router with IP address 172.16.11.111 haspreempt configured. E. The final active router is the router with IP address 172.16.11.111. F. The router with IP address 172.16.11.112 has nonpreempt configured.

.co

www.CareerCert.info
Cisco 642-832: Practice Exam keyword to force it to wait for seconds before becoming active. This is usually done if there are routing protocols that need time to converge.

QUESTION NO: 68 What can be determined about the HSRP relationship from the displayed debug output?

Answer: F

Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.

QUESTION NO: 69

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router 172.16.11.112. B. The IP address 172.16.11.112 is the virtual HSRP router IP address. C. The nonpreempt feature is enabled on the 172.16.11.112 router. D. The IP address 172.16.11.111 is the virtual HSRP router IP address. E. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router 172.16.11.111. F. The preempt feature is not enabled on the 172.16.11.111 router.

tua

lTe

sts

.co

65

www.CareerCert.info
Cisco 642-832: Practice Exam Examine the router output above. Which two items are correct? (Choose two.)

Answer: C,D

Explanation: Since preemption has been configured, we know that when any router comes back up, it will become the active router as long as it has a higher priority value. In this example, the current priority shows it to be 95. If the interface were to come up, it would now be 95 + 10 (which is the default value) so the total value would then become 105. If fast0/2 were to come up as well, it would then be 105 + 15 (special override as seen in the command) = 120. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi guration/guide/swhsrp.html

QUESTION NO: 70 Refer to the exhibit. Which two problems are the most likely cause of the exhibited output? (Choose two.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

A. If Ethernet 0/2 goesdown, the standby router will take over. B. The local IP address of Router A is 10.1.0.6. C. When Ethernet 0/3 of RouterA comes back up, the priority will become 105. D. Router A will assume the active state if its priority is the highest. E. The local IP address of Router A is 10.1.0.20.

66

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: D,E

When HSRP is used on an interface that has secondary IP addresses, you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address.

QUESTION NO: 71 Refer to the exhibit. Based upon the debug output that is shown, which three statements about HSRP are true? (Choose three.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface. This address is used for all routing protocol and management traffic initiated by or destined to the router. In addition, each router has a common gateway IP address, the virtual router address that is kept alive by HSRP. This address is also referred to as the HSRP address or the standby address . Clients can point to that virtual router address as their default gateway, knowing that a router always keeps that address active. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet. You can assign the HSRP address with the following interface command: Switch( config-if)# standby group ip ip-address [secondary]

lTe

sts

.co

A. VRRP misconfiguration B. spanning tree issues C. transport layer issues D. physical layer issues E. HSRP misconfiguration

67

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: B,D,E

Switch( config-if)# standby group ip ip-address [secondary] When HSRP is used on an interface that has secondary IP addresses, you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address. You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. Use the following interface configuration command to allow preemption: Switch( config-if)# standby group preempt [delay seconds] By default, the router can preempt another immediately, without delay. You can use the delay keyword to force it to wait for seconds before becoming active. This is usually done if there are routing protocols that need time to converge.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: Each router in an HSRP group has its own unique IP address assigned to an interface. This address is used for all routing protocol and management traffic initiated by or destined to the router. In addition, each router has a common gateway IP address, the virtual router address, that is kept alive by HSRP. This address is also referred to as the HSRP address or the standby address . Clients can point to that virtual router address as their default gateway, knowing that a router always keeps that address active. Keep in mind that the actual interface address and the virtual (standby) address must be configured to be in the same IP subnet. You can assign the HSRP address with the following interface command:

tua

lTe

sts

.co

A. The router with IP address 172.16.11.112 is using default HSRP priority. B. The IP address 172.16.11.115 is the virtual HSRP IP address. C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address 172.16.11.111. D. The router with IP address 172.16.11.111 haspreempt configured. E. The final active router is the router with IP address 172.16.11.111. F. The router with IP address 172.16.11.112 has nonpreempt configured.

68

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 72 Examine the router output above. Which two items are correct? (Choose two.)

Answer: C,D

Explanation: Since preemption has been configured, we know that when any router comes back up, it will become the active router as long as it has a higher priority value. In this example, the current priority shows it to be 95. If the interface were to come up, it would now be 95 + 10 (which is the default value) so the total value would then become 105. If fast0/2 were to come up as well, it would then be 105 + 15 (special override as seen in the command) = 120. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi guration/guide/swhsrp.html

HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default, the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the group. If all router priorities are equal or set to the default value, the router with the highest IP address on the HSRP interface becomes the active router. To set the priority, use the following interface configuration command: Switch( config-if)# standby group priority priority When HSRP is configured on an interface, the router progresses through a series of states before "Pass Any Exam. Any Time." - www.actualtests.com 69

Ac

tua

lTe

sts

A. If Ethernet 0/2 goesdown, the standby router will take over. B. The local IP address of Router A is 10.1.0.6. C. When Ethernet 0/3 of RouterA comes back up, the priority will become 105. D. Router A will assume the active state if its priority is the highest. E. The local IP address of Router A is 10.1.0.20.

.co

www.CareerCert.info
Cisco 642-832: Practice Exam becoming active. This forces a router to listen for others in a group and see where it fits into the pecking order. The HSRP state sequence is Disabled, Init, Listen, Speak, Standby, and, finally, Active.

QUESTION NO: 73 What can be determined about the HSRP relationship from the displayed debug output?

Answer: F

Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router 172.16.11.112. B. The IP address 172.16.11.112 is the virtual HSRP router IP address. C. The nonpreempt feature is enabled on the 172.16.11.112 router. D. The IP address 172.16.11.111 is the virtual HSRP router IP address. E. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router 172.16.11.111. F. The preempt feature is not enabled on the 172.16.11.111 router.

tua

lTe

sts

.co

70

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 74 Which three of the following network features are methods used to achieve high availability? (Select all that apply.) A. Spanning Tree Protocol (STP) B. Delay reduction C. Hot Standby Routing Protocol (HSRP) D. Dynamic routing protocols E. Quality of Service (QoS) F. Jitter management Answer: A,C,D Explanation: Because the importance of high availability networks is increasingly being recognized, many organizations are beginning to make reliability/availability features a key selection criteria for network infrastructure products. With this in mind, Cisco Systems engaged ZD Tag to observe and confirm the results of a series of tests demonstrating the high availability features of Cisco Catalyst Layer 2/Layer 3 switches. In order to maximize the relevance of the results, the demonstration was based on a model of a "real world" campus (in one of Cisco's Enterprise Solution Center labs in San Jose , California ). This switched internetwork consisted of wiring closet, wiring center, and backbone switches and conformed to Cisco's modular three-tier (Access/Distribution/Core) design philosophy. The testing demonstrated the following high availability and resilience features of Catalyst switches: per-VLAN Spanning Tree (PVST) using Cisco's InterSwitch Link (ISL) and 802.1Q VLAN Trunking Cisco Spanning Tree Enhancements, including UplinkFast and PortFast Cisco Hot Standby Router Protocol (HSRP) and HSRP Track Cisco IOS per-destination load balancing over equal cost OSPF paths Cisco IOS fast convergence for OSPF Reference: http://www.cisco.com/warp/public/779/largeent/learn/technologies/campuslan.pdf

QUESTION NO: 75 Network topology exhibit:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

71

www.CareerCert.info
Cisco 642-832: Practice Exam R1 configuration exhibit:

R2 configuration exhibit:

You work as a network technician. Please study the exhibit carefully. In this scenario the following are true: * Host A can ping the headquarter office * HSRP is configured on R1 * First R1 and then R2 are configured and reloaded Based on this information, what can be said of this network? A. R1 will be the standby router because it has the lower IP address. B. R2 will be the standby router because it has the higher IP address. C. R1 will be the active router because it booted first. D. R2 will be the active router because it booted last. E. R1 will be the active router because it has the lower priority that is configured. F. R2 will be the active router because it has the higher priority that is configured. Answer: C Explanation: Even though router R2 has a higher priority, it will not become the active router because the HSRP preemption was not configured. Since the "standby 62 preempt" command was not configured, "Pass Any Exam. Any Time." - www.actualtests.com 72

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam the first HSRP router to boot up will become the active router and remain the active router even when another device with a higher priority is added.

QUESTION NO: 76 Exhibit:

Answer: E Explanation: In the output shown, it can be seen that the standby router is unknown, and the active timer is expired meaning that this router was unable to locate any other HSRP enabled routers on the LAN. It then became the active router, with no standby router.

QUESTION NO: 77 Refer to the exhibit. Host A has sent an ARP message to the default gateway IP address 10.10.10.1. Which statement is true? "Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. R3 is the active router because the standby timer has been incorrectly configured. B. R3 is the active router because it has a lower priority on that VLAN. C. R3 is the active router and is advertising the virtual IP address 10.110.10.111 on VLAN 11. D. R3 is the active router because it has a lower IP address then the tying priority router on that VLAN. E. R3 is the active router because it is the only HSRP-enabled router on that segment F. None of the other alternatives apply

tua

lTe

You are troubleshooting a redundancy issue with the network. Based on the R3 "debug standby" output in the exhibit, which HSRP statement is true?

sts

.co

73

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation: The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to overcome the limitations of existing redundant router protocols. Some of the concepts are the same as with HSRP/VRRP, but the terminology is different and the behavior is much more dynamic and robust. The trick behind this load balancing lies in the GLBP group. One router is elected the active virtual gateway (AVG). This router has the highest priority value, or the highest IP address in the group, if there is no highest priority. The AVG answers all ARP requests for the virtual router address. Which MAC address it returns depends on which load-balancing algorithm it is configured to use. In any event, the virtual MAC address supported by one of the routers in the group is returned. According to exhibit, Router DSW2 is the Active Virtual Gateway (AVG) router because it has highest IP address even having equal priority. When router DSW1 sends the ARP message to 10.10.10.1 Router DSW 2 will reply to DSW 1 as a Active Virtual Router.

QUESTION NO: 78 Exhibit:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Answer: B

sts

A. DSw1 will reply with the MAC address of the next AVF. B. DSw2 will reply with the MAC address of the next AVF. C. Because of the invalid timers that are configured, DSw1 will not reply. D. Because of the invalid timers that are configured, DSw2 will not reply. E. DSw1 will reply with the IP address of the next AVF. F. DSw2 will reply with the IP address of the next AVF.

.co

74

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: A

QUESTION NO: 79 Routers R1 and R2 are configured for HSRP as shown below: Router R1: interface ethernet 0 ip address 20.6.2.1 255.255.255.0 standby 35 ip 20.6.2.21 standby 35 priority 100 interface ethernet 1 ip address 20.6.1.1.2 255.255.255.0 standby 34 ip 20.6.1.21 "Pass Any Exam. Any Time." - www.actualtests.com 75

Ac

Explanation: Answer A is correct because there is no response from the HSRP neighbor. As we can see from the exhibit, the neighbor discovery timer has expired and the standby router is unknown.

tua

lTe

A. R5 is the active router because it is the only HRSP-enabled router on that segment. B. R5 is the active router because the standby timer has been incorrectly configured. C. R5 is the active router because it has a lower priority on that VLAN. D. R5 is the active router because it has a lower IP address than the tying priority router on that VLAN. E. R5 is the active router and is advertising the virtual IP address 10.10.10.111 on VLAN 11. F. None of the other alternatives apply

sts

.co

You have configured HSRP on router R5 as shown. Based on the "debug standby" output in the exhibit, which HSRP statement is true?

www.CareerCert.info
Cisco 642-832: Practice Exam Router R2: interface ethernet 0 ip address 20.6.2.2 255.255.255.0 standby 35 ip 20.6.2.21 interface ethernet 1 ip address 20.6.1.1.1 255.255.255.0 standby 34 ip 20.6.1.21 standby 34 priority 100 You have configured the routers R1 & R2 with HSRP. While debugging router R2 you notice very frequent HSRP group state transitions. What is the most likely cause of this? A. physical layer issues B. no spanning tree loops C. use of non-default HSRP timers D. failure to set the command standby 35 preempt Answer: A

Explanation: R2 is not able to from the standby state to reach the active state. This could be caused by missing HSRP hello messages. There are several possible causes for HSRP packets to get lost between the peers. The most common problems are Physical Layer Problems or excessive network traffic caused by Spanning-Tree Issues. Note: Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol used for allowing redundant connections. It can keep core connectivity if the primary routing process fails. HSRP defines six states in which an HSRP router may run: initial, learn, listen, speak, standby, and active. Incorrect Answers: B: Spanning tree loops does not affect this problem. C: Not a likely cause. Besides, in the example here the default values were indeed used.

QUESTION NO: 80 Refer to the exhibit. Which three statements accurately describe this GLBP topology? (Choose three.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

76

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: A,B,E

Explanation: With GLBP the following is true: With GLB, there is 1 AVG and 1 standby VG. In this case R1 is the AVG and R2 is the standby. R2 would act as a VRF and would already be forwarding and routing packets. Any additional routers would be in a listen state. As the role of the Active VG and load balancing, R1 responds to ARP requests with different virtual MAC addresses. In this scenario, R2 is the Standby VFfor the VMAC 0008.b400.0101 and would become the Active VF if R1 were down. As the role of the Active VG, the primary responsibility is to answer ARP requests to the virtual IP address. As an AVF router R2 is already forwarding/routing packets

QUESTION NO: 81 Network topology exhibit: "Pass Any Exam. Any Time." - www.actualtests.com 77

Ac

tua

lTe

A. Router A is responsible for answering ARP requests sent to the virtual IP address. B. If Router A becomes unavailable, Router B will forward packets sent to the virtual MAC address of Router A. C. If another router were added to this GLBP group, there would be two backup AVGs. D. Router B is in GLBP listen state. E. Router A alternately responds to ARP requests with different virtual MAC addresses. F. Router B will transition from blocking state to forwarding state when it becomes the AVG.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

In this network segment, the two routers on the network are configured for GLBP (Gateway Load Balancing Protocol). What can be said about this? A. The hosts will have different default gateway IP addresses and different MAC addresses for each rtouter. B. The default gateway address of each host should be set to the virtual IP address. C. The hosts will learn the proper default gateway IP address from Router R1. D. The default gateway address of each host should be set to the real IP address of the router. E. None of the other alternatives apply. Answer: B

Explanation: GLBP performs a similar, but not identical, function for the user as the HSRP and VRRP. Both HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP address. One member is elected to be the active router to forward packets sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. With standard HSRP and VRRP, these standby routers pass no traffic in normal operation - which is wasteful. Therefore the concept cam about for using multiple virtual router groups, which are configured for the same set of routers. But to share the load, the hosts must be configured for different default gateways, which results in an extra administrative burden of going around and configuring every host and creating 2 or more groups of hosts that each use a different default gateway. GLBP is similar in that it provides load balancing over multiple routers (gateways) - but it can do this using only ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual MAC addresses, and this is how the load is balanced between the routers. Instead of the hassle of configuring all the hosts with a static Default Gateway, you can lket them use ARP's to find their own. Multiple gateways in a "GLBP redundancy group" respond to client Address Resolution Protocol (ARP) requests in a shared and ordered fashion, each with their own unique virtual MAC addresses. As such, workstation traffic is divided across all possible gateways. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets Reference: http://www.infocellar.com/networks/Routers/HSRP-GLBP-VRRP.htm

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

78

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 82 Refer to the exhibit. Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration. What conclusion is valid?

Answer: D

Section 8: Troubleshoot IPv6 routing (3 Questions)

QUESTION NO: 83 Refer to the output. What IOS command produces this output?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

By default, the decrement value for an interface is 10. So, when fa1/1 on Switch_A goes down, the priority will be decreased by 10 from 200 to 190.

tua

Switch( config-if)# standby group track type mod/num [decrementvalue]

lTe

Explanation: HSRP has a mechanism for detecting link failures and swaying the election, giving another router an opportunity to take over the active role. When a specific interface is tracked, HSRP reduces the router's priority by a configurable amount as soon as the interface goes down.

sts

.co

A. If port Fa1/1 on Switch_A goes down, the standby device will take over as active. B. If the current standby device were to have the higher priority value, it would take over the role of active for the HSRP group. C. If Switch_A had the highest prioritynumber, it would not take over as active router. D. If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.

79

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: D

Routing Process "ospfv3 1" with ID 172.16.3.3 It is an autonomous system boundary router Redistributing External Routes from, static SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. Checksum Sum 0x218D Number of areas in this router is 1. 1 normal 0 stub 0 nssa Area 1 Number of interfaces in this area is 2 SPF algorithm executed 9 times Number of LSA 15. Checksum Sum 0x67581 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Explanation: Sample Output for the show ipv6 ospf Command The following is sample output from the show ipv6 ospf command: Router# show ipv6 ospf

sts

.co

A. show ip ospf B. show ip ospf interface C. show ipv6 ospf interface D. show ipv6 ospf

80

www.CareerCert.info
Cisco 642-832: Practice Exam Flood list length 0 Reference: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6ospf.html#wp1071056

QUESTION NO: 84 Refer to the exhibit. What two statements are true? (Choose two.)

Explanation: OSPFv3 supports IPv6. The configuration of OSPFv3 is not a subcommand mode of the router ospf command as it is in OSPFv2 configuration. For example, instead of using the network area command to identify networks that are part of the OSPFv3 network, the interfaces are directly configured to specify that IPv6 networks are part of the OSPFv3 network. The following describes the steps to configure OSPF for IPv6:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: A,C

tua

A. The IP address of the backup designated router (BDR) is FE80::205:5FFF:FED3:5808. B. This is the designated router (DR) on the FastEthernet 0/0 link. C. Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command. D. OSPF version 2 has been enabled to support IPv6. E. The output was generated by the show ip interface command. F. The router was configured with the commands: router ospf 1 network 172.16.6.0 0.0.0.255 area 1

lTe

sts

.co

81

www.CareerCert.info
Cisco 642-832: Practice Exam There are several commonly used OSPFv3 show commands, including the show ipv6 ospf [ process-id ] [ area-id ] interfacee [ interface ] command.

QUESTION NO: 85 The command "clear ipv6 ospf process" was issued on a router. What does this command accomplish? A. The route table is cleared. Then the OSPF neighbors are reformed. B. The OSPF adjacencies are cleared and initiated again. C. The OSPF database is repopulated and then the shortest path first (SPF) algorithm is performed. D. The shortest path first (SPF) algorithm is performed on the LSA database. E. None of the other alternatives apply Answer: C

Section 9: Troubleshoot IPv6 and IPv4 interoperability (4 Questions)

QUESTION NO: 86

To enable BGP tunneling over the IPv4 backbone, the IPv4 address 192.168.30.1 is converted into a valid IPv6 address. Which three IPv6 addresses are acceptable formats for the IPv4 address? (Choose three.) A. 192.168.30.1:0:0:0:0:0:0 B. 0:0:0:0:0:0:192.168.30.1 C. ::192.168.30.1 D. C0A8:1E01:: E. 192.168.30.1:: F. ::C0A8:1E01

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Explanation: When the process keyword is used with the clear ipv6 ospf command, the OSPF database is cleared and repopulated, and then the SPF algorithm is performed. When the force-spf keyword is used with the clear ipv6 ospf command, the OSPF database is not cleared before the SPF algorithm is performed. Reference: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6ospf_support_TSD_Island_of_Content_Chapter.html

sts

.co

82

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: B,C,F Explanation: Many transition strategies have been developed for IPv4 networks to migrate to IPv6 service and for IPv6 networks to intercommunicate over IPv4 networks. Most of these strategies involve tunneling, dual stack, IPv4 Compatible IPv6 Address. A mechanism exists for creating IPv6 addresses that are compatible with IPv4. These addresses use 0s in the first 96 bits of the address and one of the two formats for the remaining portion of the address. Here is the example of IPv4 10.10.100.16 address acceptable for IPv6 format: 0:0:0:0:0:10:10:100:16 or : :10:10:100:16 or : :A:A:64:10 So Answer B, C, F are the correct answers.

Answer: B

Explanation: The transition from IPv4 to IPv6 does not require an upgrade on all nodes at the same time. Many transition mechanisms like dual stack, tunneling etc enable smooth integration of IPv4 to IPv6. You can configure IPv4 as well as IPv6 Address on same router's same interface, so you can route IPv4 route and IPv6 route simultaneously. Here is the example to configure IPv4 and IPv6 address on the same interface: Router( Config)#int s0/0 Router( Config-if)#ip address 1.1.1.1 255.255.255.0 Router( Config-if)#ipv6 address affe::1/64 "Pass Any Exam. Any Time." - www.actualtests.com 83

Ac

tua

A. Only OSPF version 3 can be utilized for routing IPv4 and IPv6. B. IPv4 and IPv6 networks can be routed simultaneously. C. IPv6 can be routed using the same routing protocol versions as IPv4 D. A router routing for IPv6 and IPv4 must convert IPv4 packets to IPv6 packets to route them. E. None of the other alternatives apply

lTe

Company network is implemting IPv6 into their existing IPv4 netwrok. Which statement is true about incorporating IPv6 into an already existing IPv4 network?

sts

QUESTION NO: 87

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 88 A company is using 6to4 tunneling within their IPv6 network. Which two statements about this kind of tunneling are accurate? (Choose two) A. 6to4 is a manual tunnel method. B. Prepending a reserved IPv6 code to the hexadecimal representation of 192.168.0.1 facilitates 6to4 tunneling. C. Each 6to4 site receives a /48 prefix in a 6to4 tunnel. D. 2002::/48 is the address range specifically assigned to 6to4. E. Prepending 0x2002 with the IPv4 address creates an IPv6 address that is used in 6to4 tunneling.

Reference: Routing IPv6 over IPv4 www.cisco.com/web/about/ac123/ac147/ac174/ac197/about_cisco_ipj_archive_article09186a0080 0c830a.html

QUESTION NO: 89 A Company is using 6to4 tunnels in their IPv6 network. Which two statements are true about these tunnels? (Choose two) A. In a 6to4 tunnel, the first two bytes of the IPv6 address will be 0x2002 and the next four bytes will be the hexadecimal equivalent of the IPv4 address. B. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:1315:4463:1::/64 IPv6 address. "Pass Any Exam. Any Time." - www.actualtests.com 84

Ac

tua

Explanation: The 6to4 transition mechanism provides a solution to the complexity problem of building manually configured tunnels to an ISP by advertising a site's IPv4 tunnel endpoint (to be used for a dynamic tunnel) in a special external routing prefix for that site. The specification of a 48-bit external routing prefix in the IPv6 Aggregatable Global Unicast Address Format that provides just enough space to hold the 32 bits required for the 32-bit IPv4 tunnel endpoint address (called V4ADDR in Figure 3) makes this setup possible. Sending and Receiving Rules for 6to4 Routers When the requesting site's 6to4 router sees that it must send a packet to another site (that is, there is a nonlocal destination), and that the next hop destination prefix contains the special 6to4 Top Level Aggregation (TLA) value of 2002: :/ 16, the IPv6 packet is encapsulated in an IPv4 packet using an IPv4 protocol type of 41, as defined in the Transition Mechanisms RFC.

lTe

sts

.co

Answer: C,E

www.CareerCert.info
Cisco 642-832: Practice Exam C. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:c0a8:6301::/48 IPv6 address. D. In a 6to4 tunnel, the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address. E. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:c0a8:6301::/16 IPv6 address. Answer: A,C Explanation: The 6to4 method uses the reserved prefix 2002: :/ 16 concatenated with the hexadecimal equivalent of the IPv4 address to allow an IPv4 site to create and use a /48 IPv6 prefix based on a single Globally routable reachable IPv4 address. For example, in a 6to4 tunnel, the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address. Reference: BSCI study guide volume 2, Cisco Press, page 8-75.

On the basis of the following exhibit, can you tell me why VLAN updates from switch CK-P2S1 are not applied to switch CK-P1S1? (Choose three.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 90

sts

Section 10: Troubleshoot switch-to-switch connectivity for the VLAN based solution (9 Questions)

.co

85

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation: Determine the VTP mode of operation of the switch and include the mode when setting the VTP domain name information on the switch. If you leave the switch in server mode, be sure to verify that the configuration revision number is set to 0 before adding the switch to the VTP domain. It is generally recommended that you have several servers in the domain, with all other switches set to client mode for purposes of controlling VTP information. It is also highly recommended that you use secure mode in your VTP domain. Assigning a password to the domain will accomplish this. This will prevent unauthorized switches from participating in the VTP domain. From the privileged mode or VLAN configuration mode, use the vtp password password command.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: B,C,D

tua

A. The MD5 digests do not match. B. Switch CK-P1S1 is in transparent mode. C. The passwords do not match. D. The VTP domains are different.

lTe

sts

.co

86

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 91 Two switches connect multiple VLANs as shown below:

SW1 configuration exhibit:

SW2 configuration exhibit:

Refer to the exhibits and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5 on switch SW1 complain that they do not have connectivity to the users in VLAN 5 on switch SW2. What should be done to fix the problem?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

87

www.CareerCert.info
Cisco 642-832: Practice Exam A. Define VLAN5 in the allowed list for the trunk port on SW2 B. Configure the same number of VLANs on both switches. C. Disable pruning for all VLANs in both switches. D. Define VLAN5 in the allowed list for the trunk port on SW1. E. Create switch virtual interfaces (SVI) on both switches to route the traffic. F. None of the other alternatives apply. Answer: D Explanation: switchport trunk allowed vlan , defines which VLANs can be trunked over the link. By default, a switch transports all active VLANs (1 to 4094) over a trunk link. There might be times when the trunk link should not carry all VLANs. For example, broadcasts are forwarded to every switch port on a VLAN-including the trunk link because it, too, is a member of the VLAN. If the VLAN does not extend past the far end of the trunk link, propagating broadcasts across the trunk makes no sense.

QUESTION NO: 92

A. SW13 has a higher VTP configuration revision than the current VTP revision. B. SW13 is configured as a VTP server with a different domain name. C. SW13 is configured as a VTP server with the domain name R1. D. SW13 has a lower VTP configuration revision than the current VTP revision. E. SW13 is not configured to participate in VTP. F. SW13 is configured with only VLAN1. Answer: A,C,F Explanation: VTP Modes: 1. Server By default, a Catalyst switch is in the VTP server mode and in the "no management domain" state until the switch receives an advertisement for a domain over a trunk link or a VLAN management domain is configured. A switch that has been put in VTP server mode and had a domain name specified can create, modify, and delete VLANs. VTP servers can also specify other configuration parameters such as VTP version and VTP pruning for the entire VTP domain. VTP information is "Pass Any Exam. Any Time." - www.actualtests.com 88

Ac

tua

lTe

In the network, VLAN Trunking Protocol (VTP) is running with a domain name of R1. VLANs 1, 2, 3, 4, 5, 10, 20 are active on the network. Suddenly the whole network goes down. No traffic is being passed on VLANs 2, 3, 4, 5, 10, 20. However, traffic passes on VLAN 1 and indicates all switches are operational. Right before the network problem occurred; a switch named SW13 was taken out of the lab and added to the network. What three configuration issues on SW13 could be causing the network outage? (Select three)

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam stored in NVRAM. 2. Client The VTP client maintains a full list of all VLANs within the VTP domain, but it does not store the information in NVRAM. VTP clients behave the same way as VTP servers, but it is not possible to create, change, or delete VLANs on a VTP client. Any changes made must be received from a VTP server advertisement. Client will make contact with the VTP server in between 5 minutes, it copies the advertisements from that VTP server having highest Revision number. So, before connecting any switch into LAN verify that new switch is in which mode, what is the revision number, is that highest than other switch operated in server mode? 3. Transparent VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration, and does not synchronize its VLAN configuration based on received advertisements. However, in VTP Version 2, transparent switches do forward VTP advertisements that the switches receive out their trunk ports. VLANs can be configured on a switch in the VTP transparent mode, but the information is local to the switch (VLAN information is not propagated to other switches) and is stored in NVRAM

QUESTION NO: 93

Answer: A

Explanation: The 802.1Q standard can create an interesting scenario on the network. Recalling that the maximum size for an Ethernet frame as specified by IEEE 802.3 is 1518 bytes, this means that if a maximum-sized Ethernet frame gets tagged, the frame size will be 1522 bytes, a number that violates the IEEE 802.3 standard. To resolve this issue, the 802.3 committee created a subgroup called 802.3ac to extend the maximum Ethernet size to 1522 bytes. Note: The show port command is used to display port status and counters. Giants denote the number of received giant frames (frames that exceed the maximum IEEE 802.3 frame size) on the port. Reference: Trunking between Catalyst 4000, 5000, and 6000 Family Switches Using 802.1q Encapsulation "Pass Any Exam. Any Time." - www.actualtests.com 89

Ac

A. IEEE 802.1Q B. IEEE 802.10 C. Misconfigured NIC D. User configuration E. All of the above

tua

lTe

You're a network administer and you issue the command (show port 3/1) on an Ethernet port. To your surprise you notice a non-zero entry in the 'Giants' column. What could be the cause of this?

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam http://www.cisco.com/warp/public/473/27.html

QUESTION NO: 94 You have a trunk link operating between two switches and you're experiencing problems with frames leaking between the two VLANs. Each switch has identical modules, software revisions and VLAN configuration information. Spanning tree protocol is disabled on all VLANs. What is probably causing this problem? (Select all that apply)? A. The link is using IEEE 802.1Q protocol B. The link is using IEEE 802.1E protocol C. Spanning tree is disabled D. Not enough information to determine. E. The native VLAN information is identical at each end of the link. F. The native VLAN information is different at each end of the link. Answer: A,F

Explanation: While internal to a switch, VLAN numbers and identification are carried in a special extended format that allows the forwarding path to maintain VLAN isolation from end to end without any loss of information. Instead, outside of a switch, the tagging rules are dictated by standards such as ISL or 802.1Q. ISL is a Cisco proprietary technology and is in a sense a compact form of the extended packet header used inside the device: since every packet always gets a tag, there is no risk of identity loss and therefore of security weaknesses. On the other hand, the IEEE committee that defined 802.1Q decided that because of backward compatibility it was desirable to support the so-called native VLAN, that is to say, a VLAN that is not associated explicitly to any tag on an 802.1Q link. This VLAN is implicitly used for all the untagged traffic received on an 802.1Q capable port. This capability is desirable because it allows 802.1Q capable ports to talk to old 802.3 ports directly by sending and receiving untagged traffic. However, in all other cases, it may be very detrimental because packets associated with the native VLAN lose their tags, for example, their identity enforcement, as well as their Class of Service (802.1p bits) when transmitted over an 802.1Q link. For these sole reasons-loss of means of identification and loss of classification-the use of the native VLAN should be avoided. Reference : http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315 9f.shtml

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

90

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 95 CORRECT TEXT What command could you enter to display the trunking status of a module/port in the switch? (Type in the answer below): Answer: show trunk

QUESTION NO: 96 You are troubleshooting a Catalyst 5000 trunk in the network. What should you do if there's a disagreement about the VLANs configured to use the trunk? A. Reload the active VLAN configuration B. Clear the affected port and bring it up again. C. Explicitly set the trunk for the VLAN to be on. D. Remove all the VLANs set Answer: B

QUESTION NO: 97 Which kind of management can be performed from the console port of a Cisco 6500 switch? A. Physical management of the switch. B. Logical management of the switch. C. In-band management of the switch. D. Out-of-band management of the switch. Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: In this situation you may want to set or clear the VLANS on both ends. A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)-ISL is a Cisco-proprietary trunking encapsulation 802.1Q-802.1Q is an industry-standard trunking encapsulation When a trunk is first brought up using either of these methods, it may be beneficial to clear the port immediately after.

tua

lTe

sts

.co

91

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: When you configure a switch or a router from the console, it is considered 'out of band' because you don't get in there from any of the paths that the network device is a part of. Modems are often attached to the console port, providing for remote out of band management of the device.

QUESTION NO: 98 A VTP domain has six active VLANs. Without notice, all VLANs except VLAN1 fail. Just prior to the failure, Switch2 was added to the network. Which three issues on Switch2 could be the cause? Select three. A. Switch2 is configured for only VLAN1. B. Switch2 is a VTP server in a different domain. C. Switch2 is a VTP server in the Company domain. D. Switch2 is not a VTP domain. E. Switch2 has a lower VTP configuration revision number than the current VTP revision. F. Switch2 has a higher VTP configuration revision number than the current VTP revision. Answer: A,C,F

Section 11: Troubleshoot loop prevention for the VLAN based solution (18 Questions)

QUESTION NO: 99 You need to troubleshoot an issue on the switched LAN. When you issue a command "show port 3/1" on a switch, you observe the Giants column has a non-zero entry. What could cause this? A. IEEE 802.10 B. Misconfigured NIC

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Explanation: : A VTP server in a given domain with the highest revision number will overwrite the VTP configuration of all other switch in the same VTP domain. Cisco best practices advises one to configure the correct VTP domain, VTP password, VTP mode, (server, client, transparent), and VTP revision number before adding any new switch to a network. The default VTP mode is server. A network can have more than one VTP domain. Each VTP domain has it own server(s) that do not influence clients in other VTP domains.

lTe

sts

.co

92

www.CareerCert.info
Cisco 642-832: Practice Exam C. User configuration D. IEEE 802.1Q E. None of the other alternatives apply Answer: D Explanation: 802.1Q uses an internal tagging mechanism. Internal means that a tag is inserted within the frame: Note:With ISL, the frame is encapsulated instead.

The tagging mechanism implies a modification of the frame; the trunking device inserts a 4-byte tag and recomputes the frame check sequence (FCS):

The EtherType field that identifies the 802.1Q frame is 0x8100 . In addition to the 12-bit VLAN-ID, 3 bits are reserved for IEEE 802.1p priority tagging. Note: Inserting a tag into a frame that already has the maximum Ethernet size creates a 1522-byte frame that can be considered a "baby giant" by the receiving equipment. The IEEE 802.3 committee is extending the maximum standard frame size in order to address this issue. Reference: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3. shtml#basic_char

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

93

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 100 SW1 configuration exhibit:

SW2 configuration exhibit:

SW3 configuration exhibit:

Study the exhibits carefully. Based on the information shown above, which statement is true? A. The port on switch SW3 is forwarding and receiving BPDUs correctly. B. The port on switch SW1 is forwarding and sending BPDUs correctly. C. The port on switch SW1 is blocking and sending BPDUs correctly. D. The port on switch SW2 is blocking and sending BPDUs correctly. E. The port on switch SW2 is forwarding and receiving BPDUs correctly. F. The port on switch SW3 is forwarding, sending, and receiving BPDUs correctly. G. None of the other alternatives apply.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

94

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: B Explanation: STP States To participate in STP, each port of a switch must progress through several states. A port begins its life in a Disabled state, moving through several passive states and, finally, into an active state if allowed to forward traffic. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator, or by the system due to a fault condition, are in the Disabled state. This state is special and is not part of the normal STP progression for a port. Blocking - After a port initializes, it begins in the Blocking state so that no bridging loops can form. In the Blocking state, a port cannot receive or transmit data and cannot add MAC addresses to its address table. Instead, a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. In addition, ports that are put into standby mode to remove a bridging loop enter the Blocking state. Listening - The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port. In other words, the port is on its way to begin forwarding traffic. In the Listening state, the port still cannot send or receive data frames. However, the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. Here, the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. Should the port lose its Root Port or Designated Port status, it returns to the Blocking state. Learning - After a period of time called the Forward Delay in the Listening state, the port is allowed to move into the Learning state. The port still sends and receives BPDUs as before. In addition, the switch can now learn new MAC addresses to add to its address table. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. Forwarding -After another Forward Delay period of time in the Learning state, the port is allowed to move into the Forwarding state. The port can now send and receive data frames, collect MAC addresses in its address table, and send and receive BPDUs. The port is now a fullyfunctioning switch port within the Spanning Tree topology.

QUESTION NO: 101

The switched LAN is shown below:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

95

www.CareerCert.info
Cisco 642-832: Practice Exam

Study the exhibit above carefully. Switch SW5 is configured as the root switch for VLAN 10 but not for VLAN 20. If the STP configuration is correct, what will be true about Switch SW5? A. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode. B. All ports will be in forwarding mode. C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode. D. All ports in VLAN 10 will be in forwarding mode. E. None of the other alternatives apply.

Explanation: STP States To participate in STP, each port of a switch must progress through several states. A port begins its life in a Disabled state, moving through several passive states and, finally, into an active state if allowed to forward traffic. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator, or by the system due to a fault condition, are in the Disabled state. This state is special and is not part of the normal STP progression for a port. Blocking - After a port initializes, it begins in the Blocking state so that no bridging loops can form. In the Blocking state, a port cannot receive or transmit data and cannot add MAC addresses to its address table. Instead, a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. In addition, ports that are put into standby mode to remove a bridging loop enter the Blocking state. Listening - The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port. In "Pass Any Exam. Any Time." - www.actualtests.com 96

Ac

Answer: D

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam other words, the port is on its way to begin forwarding traffic. In the Listening state, the port still cannot send or receive data frames. However, the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. Here, the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. Should the port lose its Root Port or Designated Port status, it returns to the Blocking state. Learning - After a period of time called the Forward Delay in the Listening state, the port is allowed to move into the Learning state. The port still sends and receives BPDUs as before. In addition, the switch can now learn new MAC addresses to add to its address table. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. Forwarding -After another Forward Delay period of time in the Learning state, the port is allowed to move into the Forwarding state. The port can now send and receive data frames, collect MAC addresses in its address table, and send and receive BPDUs. The port is now a fullyfunctioning switch port within the Spanning Tree topology.

QUESTION NO: 102 The following output was shown on switch SW1:

Based on the "show spanning-tree vlan 200" output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? (Select two) A. This switch is the root bridge for VLAN 200. B. The maximum length of time that the BPDU information will be saved is 30 seconds. C. BPDUs will be sent out every 10 seconds. D. The time spent in the listening state will be 30 seconds. E. BPDUs will be sent out every two seconds. F. The time spent in the learning state will be 15 seconds. Answer: C,D Explanation: STP operation is controlled by three timers. The Hello Time is the amount of time between the sending of Configuration BPDUs. The 802.1D standard specifies a default value of 2 seconds. "Pass Any Exam. Any Time." - www.actualtests.com 97

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam This value controls Configuration BPDUs as the Root Bridge generates them. Other bridges propagate BPDUs from the Root Bridge as they are received. If BPDUs stop arriving for the time interval ranging from 2 to 20 seconds because of a network disturbance, or if the Root Bridges stop sending periodic BPDUs during this time, the timer will expire. 2 to 20 seconds is the range between the expected receipt of a BPDU and the expiration of the Max Age time. If the outage lasts for more than 20 seconds, the default Max Age time, the bridge invalidates the saved BPDUs and begins looking for a new Root Port. Forward Delay is the amount of time the bridge spends in the Listening and Learning states. This is a single value that controls both states. The default value of 15 seconds was originally derived assuming a maximum network size of seven bridge hops, a maximum of three lost BPDUs, and a Hello Time of 2 seconds. The Forward Delay timer also controls the bridge table age-out period after a change in the active topology. Max Age is the STP timer that controls how long a bridge stores a BPDU before discarding it. Max Age is only an issue when the link failure is not on a directly connected link. When a failure occurs on a directly connected link, the switch knows there will not be any BPDUs coming in on that link, so Max Age is not considered in transitioning the port to Forwarding mode. Recall that each port saves a copy of the best BPDU it has seen. As long as the bridge receives a continuous stream of BPDUs every 2 seconds, the receiving bridge maintains a continuous copy of the BPDU values. However, if the device sending this best BPDU fails, a mechanism must exist to allow other bridges to take over.

QUESTION NO: 103

Refer to the following network exhibits:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

98

www.CareerCert.info
Cisco 642-832: Practice Exam SW1 configuration exhibit:

SW2 configuration exhibit:

00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SW1 FastEthernet0/4 (half duplex) ,with TBA05071417(Cat6K-B) 0/4 (half duplex). What would be the possible outcome of the problem shown in this message? A. The root port on switch SW2will fallback to full-duplex mode. B. Interface Fa 0/6 on switch SW2 will transition to a forwarding state and create a bridging loop. C. The interfaces between switches SW1 and SW2 will transition to a blocking state. D. The root port on switch SW1 will automatically transition to full-duplex mode. E. None of the other alternatives apply. Answer: B Explanation: STP States To participate in STP, each port of a switch must progress through several states. A port begins its life in a Disabled state, moving through several passive states and, finally, into an active state if allowed to forward traffic. The STP port states are as follows: Disabled -Ports that are administratively shut down by the network administrator, or by the system due to a fault condition, are in the Disabled state. This state is special and is not part of the normal STP progression for a "Pass Any Exam. Any Time." - www.actualtests.com 99

Ac

tua

lTe

sts

Refer to the network topology exhibit and the partial configuration exhibits of switch SW1 and SW2. STP is configured on all switches in the network. SW2 receives this error message on the console port:

.co

www.CareerCert.info
Cisco 642-832: Practice Exam port. Blocking - After a port initializes, it begins in the Blocking state so that no bridging loops can form. In the Blocking state, a port cannot receive or transmit data and cannot add MAC addresses to its address table. Instead, a port is allowed to receive only BPDUs so that the switch can hear from other neighboring switches. In addition, ports that are put into standby mode to remove a bridging loop enter the Blocking state. Listening - The port will be moved from Blocking to Listening if the switch thinks that the port can be selected as a Root Port or Designated Port. In other words, the port is on its way to begin forwarding traffic. In the Listening state, the port still cannot send or receive data frames. However, the port is allowed to receive and send BPDUs so that it can actively participate in the Spanning Tree topology process. Here, the port is finally allowed to become a Root Port or Designated Port because the switch can advertise the port by sending BPDUs to other switches. Should the port lose its Root Port or Designated Port status, it returns to the Blocking state. Learning - After a period of time called the Forward Delay in the Listening state, the port is allowed to move into the Learning state. The port still sends and receives BPDUs as before. In addition, the switch can now learn new MAC addresses to add to its address table. This gives the port an extra period of silent participation and allows the switch to assemble at least some address table information. Forwarding -After another Forward Delay period of time in the Learning state, the port is allowed to move into the Forwarding state. The port can now send and receive data frames, collect MAC addresses in its address table, and send and receive BPDUs. The port is now a fully functioning switch port within the Spanning Tree topology.

The following "show" command was issued on a switch:

Study the exhibit carefully. Based on the output shown above, which statement is true? A. Switch 6 has been configured with the "spanning-tree vlan 1 hello-time2" global configuration command.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 104

sts

.co

100

www.CareerCert.info
Cisco 642-832: Practice Exam B. The root bridge has been configured with the "spanning-tree vlan 1 root secondary" global configuration command. C. Switch SW6 has been configured with the "spanning-tree vlan 1 priority24577" global configuration command. D. Switch SW6 has been configured with the "spanning-tree vlan 1 root primary" global configuration command. E. Switch SW6 has been configured with the "spanning-tree vlan 1 root secondary" global configuration command. F. None of the other alternatives apply. Answer: E Explanation: To configure a Catalyst switch to become the Root Bridge , use one of the following methods: * Directly modify the Bridge Priority value so that a switch can be given a lower-than-default Bridge ID value to win a Root Bridge election: Switch (config )# spanning-tree vlan vlan-id priority bridge-priority The bridge-priority value defaults to 32,768, but you can also assign a value of 0 to 65,535. Remember that Catalyst switches run one instance of STP for each VLAN (PVST+), so the VLAN ID must always be given. You should designate an appropriate Root Bridge for each VLAN. * Let the switch become the Root by automatically choosing a Bridge Priority value: Switch( config)# spanning-tree vlan vlan-id root {primary | secondary} [ diameter diameter] This command is actually a macro on the Catalyst that executes several other commands. The result is a more direct and automatic way to force one switch to become the Root Bridge . Actual Bridge Priorities are not given in the command. Rather, the switch modifies STP values according to the current values in use within the active network. These values are modified only once, when the macro command is issued. Use the primary keyword to make the switch attempt to become the primary Root Bridge . This command modifies the switch's Bridge Priority value to become less than the Bridge Priority of the current Root Bridge . If the current Root Priority is more than 24,576, the local switch sets its priority to 24,576. If the current Root Priority is less than that, the local switch sets its priority to 4096 less than the current Root. For the secondary Root Bridge , the Root Priority is set to 28,672. There is no way to query or listen to the network to find another potential secondary Root, so this priority is used under the assumption that it is less than the default priorities (32,768) that might be used elsewhere.

QUESTION NO: 105 The switched LAN is displayed below:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

101

www.CareerCert.info
Cisco 642-832: Practice Exam

In this network, STP has been implemented. Switch SW1 is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch SW1. What will happen as a result of this change? A. Switch SW1 will change its spanning tree priority to become root for VLAN 2 only. B. All ports of the root switch SW1 will remain in forwarding mode throughout the reconvergence of the spanning tree domain. C. No other switch in the network will be able to become root as long as switch SW1 is up and running. D. Switch SW1 will remain root for the default VLAN and will become root for VLAN 2. E. None of the other alternatives apply Answer: D

Explanation: By default, switches with Cisco PVST and PVST+ maintain a separate spanning-tree instance for each active VLAN configured on it. A bridge ID, consisting of the switch priority and the switch MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge ID becomes the root switch for that VLAN. To configure a switch to become the root for the specified VLAN, use the spanning-tree vlan vlanid root primary global configuration command to modify the switch priority from the default value (32768) to a significantly lower value. When this command is entered, the switch checks the switch priority of the root switches for each VLAN. Because of the extended system ID support, the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. If any root switch for the specified VLAN has a switch priority lower than 24576, the switch sets its own priority for the specified VLAN to 4096 less than the lowest switch priority. 4096 is the value of the least-significant bit of a 4-bit switch priority value.

QUESTION NO: 106 "Pass Any Exam. Any Time." - www.actualtests.com 102

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two.)

Answer: B,D

Explanation: An algorithm is a formula or set of steps for solving a particular problem. Algorithms rely on a set of rules. They have a clear beginning and end. The spanning-tree algorithm is no exception. The spanning-tree algorithm is defined in the IEEE 802.1D standard. The parameters used by the algorithm, including the Bridge ID, are explored here. The remaining parameters, Path Cost and Port ID, will be covered in the following two topics. The spanning-tree algorithm characterizes STP. The spanning-tree Algorithm relies on a set of parameters to make decisions. The Bridge ID (BID) is the first parameter used by the spanningtree algorithm. The Bridge ID (BID) is used by STP to determine the center of the bridged network, known as the Root Bridge . The Bridge ID (BID) parameter is an 8-byte field consisting of an ordered pair of numbers. The first is a 2-byte decimal number called the Bridge Priority, and the second is a 6-byte (hexadecimal) MAC address. The Bridge Priority is a decimal number used to measure the preference of a bridge in the spanning-tree Algorithm. The possible values range between 0 and 65,535. The default setting is 32,768. "Pass Any Exam. Any Time." - www.actualtests.com 103

Ac

tua

A. Disabling the Spanning Tree Protocol would improve network performance. B. Changing the bridge priority of S1 to 36864 would improve network performance. C. Changing the bridge priority of S1 to 4096 would improve network performance. D. Changing the bridge priority of S3 to 4096 would improve network performance. E. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance. F. Changing the bridge priority of S2 to 36864 would improve network performance.

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam The MAC address in the BID is one of the MAC addresses of the switch. Each switch has a pool of MAC addresses, one for each instance of STP, used as BIDs for the VLAN spanning-tree instances (one per VLAN). For example, Catalyst 6000 switches each have a pool of 1024 MAC addresses assigned to the supervisor module or backplane for this purpose.

QUESTION NO: 107 Exhibit

spanning-tree vlan 1 port-priority 16

Explanation: Load Sharing Using STP Port Priorities When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state. The priorities on a parallel trunk port can be set so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Answer: A

lTe

A. VLAN 1 traffic will be blocked on Switch SWB port 1/1. B. VLAN 2 traffic will be blocked on Switch SWB port 1/1. C. VLAN 2 traffic will be blocked on Switch SWA port 0/2. D. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/1. E. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/2.

sts

.co

Assuming that VLAN 1 and VLAN 2 traffic is enabled on the above network, what effect will the following command have when entered on port 0/2 on switch SWA?

104

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 108 CORRECT TEXT Refer to the output shown on switch SW1 below: VLAN 1 bridge priority set to 8192. VLAN 1 bridge max aging time set to 20. VLAN 1 bridge hello time set to 2. VLAN 1 bridge forward delay set to 15. Switch is now the root switch for active VLAN 1.

Answer: set spantree root 1

QUESTION NO: 109 CORRECT TEXT Refer to the output shown on switch SW1 below: Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree ports 4/1-24 fast start enabled. What command could you enter to reproduce this output? (Type in answer below) "Pass Any Exam. Any Time." - www.actualtests.com 105

Ac

What command would you enter to reproduce this output? (Type in answer below)

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: set spantree portfast 4/1-24 enable

QUESTION NO: 110 Given the above diagram and assuming that STP is enabled on all switch devices, which two statements are true? (Choose two.)

Explanation: The root bridge should be placed as close to the core as possible and should be the most centrally located. By default, the switch with the lowest bridge ID will become the root bridge, assuming all other parameters are left as default. This makes DSW11 the root bridge. Also, all ports directly connected to the root bridge will become designated ports, since they are closest to the root bridge. In this case, port F3/2 will become the non-designated port.

QUESTION NO: 111 If the root bridge fails, configuration BPDUs will no longer be sent. Which STP timer will have to expire before the other switches can actively restore connectivity with topology change procedure of STP? A. hello timer B. BPDU timer "Pass Any Exam. Any Time." - www.actualtests.com 106

Ac

tua

Answer: A,D

lTe

A. DSW11willbe elected the root bridge. B. DSW12 will be elected the root bridge. C. ASW13 will be elected the root bridge. D. P3/1 will be elected the nondesignated port. E. P2/2 will be elected the nondesignated port. F. P3/2 will be elected the nondesignated port.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. Forward_delay timer D. Max_age timer E. Dead timer F. Wait timer Answer: D Explanation: Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. Max age takes into account that the switch at the periphery of the network should not time out the root information under stable condition (that is, if the root is still alive). This is the value that max age needs to take into account the total BPDU propagation delay and the message age overestimate. As such, the formula for max age is as follows: Max_age = End-to-end_BPDU_propa_delay + Message_age_overestimate = 14 + 6 = 20 sec This explains how IEEE reaches the default recommended value for max age. Reference: http://www.zyxel.com/support/supportnote/ves1012/app/stp.htm

Exhibit SW1#show spanning-tree vlan 200

VLAN200 Spanning tree enabled protocol ieee Root ID Priority 32968 Address 000c.ce29.ef00 Cost 19 Port 2 (FastEthernet0/2) Hello time 10 Sec Max Age 20 sec Forward Delay 30 sec Bridge ID Priority 32968 (priority 32768 sys-id-ext 200) Address 000c.ce2a.4180 Hello Time 2 sec Max Age 20 Sec Forward Delay 15 sec Interface Role Sts Cost PrioNbr Type "Pass Any Exam. Any Time." - www.actualtests.com 107

Ac

tua

QUESTION NO: 112

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam --------------------------------------------------------------------------------------Fa0/2 Root FWD 19 128.2 P2p Fa0/3 Altn BLK 19 128.3 P2p

Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? (Choose two) A. BDPUs will be sent out every two seconds. B. The time spent in the listening state will be 30 seconds C. The time spent in the learning state will be 15 seconds D. The maximum length of time that the BPDU information will be saved is 30 seconds. E. This switch is the root bridge for VLAN 200. F. BPDUs will be sent out every 10 seconds. Answer: B,F

QUESTION NO: 113

What should you do to reduce spanning-tree protocol BPDU traffic during extended periods of instability in your VLANs? A. Combine all the VLAN spanning trees into a single spanning tree. B. Set forward delay and max-age timers to the maximum possible values. C. None of the choices. D. Change the router VTP server mode. E. Disable the root bridge Answer: B Explanation: There are several STP timers, as listed below: hello : the hello time is the time between each Bridge Protocol Data Unit (BPDU) that is sent on a port. This is equal to two seconds by default, "Pass Any Exam. Any Time." - www.actualtests.com 108

Ac

tua

lTe

Explanation: Changing the Spanning Tree Protocol Timers T he STP timers (hello, forward delay, and max age) are included in each BPDU. An IEEE bridge is not concerned about its local configuration of the timers value. It will consider the value of the timers contained in the BPDU that it is receiving. Effectively, that means only a timer configured on the root bridge of the STP is important. Obviously, in case you would lose the root, the new root would start to impose its local timer value to the entire network. So, even if it is not required to configure the same timer value in the entire network, it is at least mandatory to configure any timer changes on the root bridge and on the backup root bridge.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam but can be tuned to be between one and ten seconds. forward delay: the forward delay is the time spent in the listening and learning state. This is by default equal to 15 seconds, but can be tuned to be between four and 30 seconds. max age : the max age timer controls the maximum length of time a bridge port saves its configuration BPDU information. This is 20 seconds by default and can be tuned to be between six and 40 seconds. The STP timers (hello, forward delay, and max age) are included in each BPDU. An IEEE bridge is not concerned about its local configuration of the timers value. It will consider the value of the timers contained in the BPDU that it is receiving. Effectively, that means only a timer configured on the root bridge of the STP is important. Obviously, in case you would lose the root, the new root would start to impose its local timer value to the entire network. So, even if it is not required to configure the same timer value in the entire network, it is at least mandatory to configure any timer changes on the root bridge and on the backup root bridge. In order to reduce the number of BPDU's in the spanning tree topology, the forward delay and max-age timers should be increased. This will reduce the BPDU traffic, but it will also increase the convergence time during a topology change.

QUESTION NO: 114 The network is displayed in the diagram below:

You use the following information for switch SWA: Port Mode Encapsulation Status Native VLAN fa0/1 desirable n-802.1q trunking 5

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

109

www.CareerCert.info
Cisco 642-832: Practice Exam Port VLANs is allowed on trunk fa0/ 1 1-100, 102-1005 Port VLANs is owned and active in management domain fa0/1 1-6. 8-100, 102-115, 197-999, 1002-1005 Port VLANs in spanning tree forwarding state and not pruned fa0/1 1-6, 8-100, 102-105, 108-999, 1002-1005 SW users in VLAN 107 complain that they are unable to gain access to the resources through the SW1 router. What is the cause of this problem? A. VLAN 107 is not configured on the trunk. B. VLAN 107 does not exist on switch SWA. C. VTP is pruning VLAN 107. D. Spanning tree is not enabled on VLAN 107. E. None of the other alternatives apply Answer: C

Explanation: In this example, VLAN 7, 101, 106, and 107 are being pruned. VLAN 107 is being pruned incorrectly in this case. By disabling VTP pruning, VLAN 107 should be able to once again gain access to the network resources. Incorrect Answers: A: Based on the output shown above, VLAN 107 is known and active within the management domain. Therefore, it must have been configured and the VLAN is indeed allowed to traverse the trunk. Only VLAN 101 has been configured to not pass along this trunk. B: Based on the output shown above, VLAN 107 is known and active within the management domain. Therefore, it must have been configured and the VLAN is indeed allowed to traverse the trunk. Only VLAN 101 has been configured to not pass along this trunk. D: By default, STP is enabled on all VLANs.

QUESTION NO: 115 Which of the following commands would you enter if you wanted to display spanning tree statistical information? A. show spantree backbonefast B. show spantree statistics "Pass Any Exam. Any Time." - www.actualtests.com 110

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. show spantree uplinkfast D. show spantree blockedports E. show spantree portstate F. show spantree portvlancost Answer: B Explanation: The command 'show spantree statistics' is the correct IOS command to show spanning tree statistical information and is obviously the correct answer choice. The following list various commands to use for troubleshooting Catalyst switches: show spantree vlan_id - Shows the current state of the spanning tree for the " vlan_id" entered from the perspective of the switch on which it is entered. show spantree summary - Provides a summary of connected spanning tree ports by VLAN. show spantree statistics - Shows spanning tree statistical information. show spantree backbonefast - Displays whether the spanning tree Backbone Fast Convergence feature is enabled. show spantree blockedports - Displays only the blocked ports. show spantree portstate - Determines the current spanning tree state of a Token Ring port within a spanning tree. show spantree portvlancost - Shows the path cost for the VLANs on a port. show spantree uplinkfast - Shows the uplinkfast settings. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/command/reference/sh_sp_ te.html

Is the following statement True or False? The "show spanning-tree" command only shows information about ports with their red or amber lights on. A. True B. There is not enough information to determine C. False Answer: C Explanation: The show spanning-tree command only displays information for ports with an active link (green light is on). If these conditions are not met, you can issue a show running-configuration command "Pass Any Exam. Any Time." - www.actualtests.com 111

Ac

QUESTION NO: 116

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam to confirm the configuration.

Section 12: Troubleshoot Access Ports for the VLAN based solution (6 Questions)

QUESTION NO: 117 Refer to the show interface Gi0/1 switchport command output shown in the exhibit. Which two statements are true about this interface? (Choose two.)

A. This interface is a member of a voice VLAN. B. This interface is a dot1q trunk passing all configured VLANs. C. This interface is a member of VLAN7. D. This interface is configured for access mode. E. This interface is a member of VLAN1.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

112

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: C,D Explanation: In Exhibit, Operation mode is in static access and Access mode VLAN is 7 so it means this port is operating on access mode as a member of VLAN 7.

QUESTION NO: 118 Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about interfaces Fa0/13 and Fa0/14?

Explanation: trunk - This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed. You should also manually configure the encapsulation mode. show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access mode. It doesn't shows the port on trunk mode.

QUESTION NO: 119 Refer to the exhibit. On the basis of the output generated by the show commands, which two statements are true? (Choose two.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: C

tua

A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1 B. that interfaces Fa0/13 and Fa0/14 are down C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces D. that interfaces Fa0/13 and Fa0/14have a domain mismatch with another switch E. that interfaces Fa0/13 and Fa0/14have a duplex mismatch with another switch

lTe

sts

.co

113

www.CareerCert.info
Cisco 642-832: Practice Exam

A. All interfaces on the switch have been configured as access ports. B. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in the show vlan output. C. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in the show vlan output. D. There are no native VLANs configured on the trunk. E. VLAN 1 will not be encapsulated with an 802.1q header. F. VLAN 2 will not be encapsulated with an 802.1q header. Answer: C,E Explanation: The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors. In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services. "Pass Any Exam. Any Time." - www.actualtests.com 114

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging . 802.1Q also introduces the concept of a native VLAN on a trunk. Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1Q trunk link, the end station can receive and understand only the native VLAN frames. This provides a simple way to offer full trunk encapsulation to the devices that can understand it, while giving normal access stations some inherent connectivity over the trunk. show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access mode. It doesn't show the port on trunk mode.

QUESTION NO: 120 The administrator has issue the "show vlan id 5" command. What will this command display? (Select two) A. Ports in VLAN 5 B. Utilization C. VLAN information on port 0/5 D. Filters E. MTU and type Answer: A,E

Explanation: #show vlan id 5 : Shows all ports belonging to VLAN 5 and MTU of ports and type.

QUESTION NO: 121

You work as a network Technician. A new workstation has consistently been unable to obtain an IP address from the DHCP server when the workstation boots. Older workstations function normally, and the new workstation obtains an address when manually forced to renew its address. What should be configured on the switch to allow the workstation to obtain an IP address at boot? A. UplinkFast on the switch port connected to the server B. BackboneFast on the switch port connected to the server C. PortFast on the switch port connected to the workstation D. trunking on the switch

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

115

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: C Explanation: Spanning tree PortFast is a Catalyst feature that causes a switch or trunk port to enter the spanning tree Forwarding state immediately, bypassing the Listening and Learning states. IOSbased switches only use PortFast on access ports connected to end stations. When a device is connected to a port, the port normally enters the spanning tree Listening state. When the Forward Delay timer expires, the port enters the Learning state. When the Forward Delay timer expires a second time, the port is transitioned to the Forwarding or Blocking state. When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to the Forwarding state. As soon as the switch detects the link, the port is transitioned to the Forwarding state (less than 2 seconds after the cable is plugged in).

A. SW1(config)# interface fastethernet 0/1 SW1(config-if)# no shut "Pass Any Exam. Any Time." - www.actualtests.com 116

Ac

tua

lTe

sts

.co

Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources. On the basis of the information in the exhibit, which command sequence would correct the problem?

QUESTION NO: 122

www.CareerCert.info
Cisco 642-832: Practice Exam B. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10 C. SW1(config)# vlan 10 SW1(config-vlan)# state active D. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access E. SW1(config)# vlan 10 SW1(config-vlan)# no shut Answer: A Explanation: In Exhibit Operation Mode is down, it means interface is in down state. Just bring into up state using no shutdown command

Switch SW1 has been configured with Private VLANs. With that type of PVLAN port should the default gateway be configured? A. Trunk B. Isolated C. Primary D. Community E. Promiscuous F. None of the other alternatives apply Answer: E Explanation: Promiscuous: The switch port connects to a router, firewall, or other common gateway device. This port can communicate with anything else connected to the primary or any secondary VLAN. In other words, the port is in promiscuous mode, in which the rules of private VLANs are ignored.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 123

sts

Section 13: Troubleshoot private VLANS (1 Question)

.co

117

www.CareerCert.info
Cisco 642-832: Practice Exam Section 14: Troubleshoot port security (4 Questions)

QUESTION NO: 124 A PC host is connected to a switch in the network shown below:

Configuration exhibit:

A. When the number of secure IP addresses reaches 10, the interface will immediately shut down. B. Interface FastEthernet 0/1 was configured with the switchport port-security aging command. C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command. D. When the number of secure MAC addresses reaches 10, the interface will immediately shut down and an SNMP trap notification will be sent. E. Interface FastEthernet 0/1 was configured with the switchport port-security protect command. F. None of the other alternatives apply. Answer: D,E Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. Those addresses can be learned dynamically or "Pass Any Exam. Any Time." - www.actualtests.com 118

Ac

Study the exhibits carefully. The "show port-security interface fa0/1" command was issued on switch SW1. Given the output that was generated, which security statement is true?

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam configured statically. The port will then provide access to frames from only those addresses. If, however, the number of addresses is limited to four but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learned dynamically, and port access will be limited to those four dynamically learned addresses. Port Security Implementation:

When Switch port security rules violate different action can be applied: 1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation. 2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a Simple Network Management Protocol (SNMP) trap is sent. 3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery must be used to make the interface usable. The port will not be shutdown, because it is in protect mode -- not shutdown.

QUESTION NO: 125 The following show command was issued on switch SW1:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

119

www.CareerCert.info
Cisco 642-832: Practice Exam

Based on the output shown, what will happen when one additional user is connected to interface FastEthernet 5/1? A. The interface will be placed into the error-disabled state immediately, and an SNMP trap notification will be sent. B. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list. C. All secure addresses will age out and be removed from the secure address list. This will cause the security violation counter to increment. D. The first address learned on the port will be removed from the secure address list and be replaced with the new address. E. None of the other alternatives apply Answer: A

Explanation: Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. Those addresses can be learned dynamically or configured statically. The port will then provide access to frames from only those addresses. If, however, the number of addresses is limited to four but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learned dynamically, and port access will be limited to those four dynamically learned addresses. Port Security Implementation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

120

www.CareerCert.info
Cisco 642-832: Practice Exam

Exhibit:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 126

tua

Section 15: Troubleshoot general switch security (3 Questions)

lTe

sts

When Switch port security rules violate different action can be applied: 1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation. 2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a Simple Network Management Protocol (SNMP) trap is sent. 3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery must be used to make the interface usable.

.co

121

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: E

You can use the binding keyword to display all the known DHCP bindings that have been overheard. The switch maintains these in its own database. A switch can use the DHCP snooping bindings to prevent IP and MAC address spoofing attacks. MAC spoofing attacks consist of malicious clients generating traffic by using MAC addresses that do not belong to them. IP spoofing attacks are exactly like MAC spoofing attacks, except that the client uses an IP address that isn't his. Reference: LAN Switch Security: What Hackers Know About Your Switches, by Eric Vyncke CCIE No. 2659; Christopher Paggen - CCIE No. 2659, Cisco Press, Chapter 5.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Switch#show ip dhcp snooping [binding]

tua

Explanation: When DHCP snooping is configured, you can display its status with the following command:

lTe

A. Snooping attack B. Rogue device attack C. STP attack D. VLAN attack E. Spoofing attack F. MAC flooding attack G. None of the other alternatives apply

sts

.co

You issue the "show ip dhcp snooping" command on SW3 as shown in the exhibit. What type of attack is being defended against?

122

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 127 The following "show" command was issued on SW1:

Answer: A

To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select the traffic that will be either forwarded or dropped by the access-map. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Each access-map can have multiple entries. The order of these entries is determined by the sequence . If no sequence number is entered, accessmap entries are added with sequence numbers in increments of 10. In access map configuration mode, optionally enter an action forward or action drop . The default is to forward traffic. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address), and to match the packet against one or more ACLs (standard or extended). Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one "Pass Any Exam. Any Time." - www.actualtests.com 123

Ac

Explanation: VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike router ACLs, VLAN maps are not defined by direction (input or output).

tua

lTe

sts

A. The traffic will be dropped. B. The traffic will be forwarded to the router processor for further processing. C. The traffic will be forwarded without further processing. D. The traffic will be forwarded to the TCAM for further processing. E. None of the other alternatives apply

.co

Study the exhibit carefully. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?

www.CareerCert.info
Cisco 642-832: Practice Exam or more VLANs. A single access-map can be used on multiple VLANs.

Section 16: Troubleshoot VACL and PACL (3 Questions)

QUESTION NO: 128 What is true about access control on bridged and routed VLAN traffic? (Select three) A. Router ACLs can be applied to the input and output directions of a VLAN interface. B. Bridged ACLs can be applied to the input and output directions of a VLAN interface. C. Only router ACLs can be applied to a VLAN interface. D. VLAN maps and router ACLs can be used in combination. E. VLAN maps can be applied to a VLAN interface Answer: A,B,D

QUESTION NO: 129

Switch SW1 has been configured with Private VLANs. With that type of PVLAN port should the default gateway be configured? A. Trunk B. Isolated C. Primary D. Community E. Promiscuous F. None of the other alternatives apply Answer: E Explanation: Promiscuous: The switch port connects to a router, firewall, or other common gateway device. This port can communicate with anything else connected to the primary or any secondary VLAN. "Pass Any Exam. Any Time." - www.actualtests.com 124

Ac

tua

lTe

Explanation: Router ACLs are applied on interfaces as either inbound or outbound. To filter both bridged and routed traffic, VLAN maps can be used by themselves or in conjunction with router ACLs. VLAN ACLs, also called VLAN maps, which filter both bridged and routed packets. VLAN maps can be used to filter packets exchanged between devices in the same VLAN.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam In other words, the port is in promiscuous mode, in which the rules of private VLANs are ignored.

QUESTION NO: 130 In the event that two devices need access to a common server, but they cannot communicate with each other, which security feature should be configured to mitigate attacks between these devices? A. private VLANs B. port security C. BPDU guard D. dynamic ARP inspection E. DHCP snooping

Section 17: Troubleshoot switch virtual interfaces (SVIs) (1 Question)

QUESTION NO: 131 An SVI has been configured on a device. Which two statements are true about a switched virtual interface (SVI)? (Select two) A. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch administration. B. Multiple SVIs can be associated with a VLAN. C. SVI is another name for a routed port. D. An SVI is created by entering the no switchport command in interface configuration mode.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

There are two types of secondary VLANs: * Isolated VLANs-Ports within an isolated VLAN cannot communicate with each other at the Layer 2 level. * Community VLANs-Ports within a community VLAN can communicate with each other but cannot communicate with ports in other communities at the Layer 2 level.

lTe

sts

Explanation: Private VLANs partition a regular VLAN domain into subdomains and can have multiple VLAN pairs, one for each subdomain. A subdomain is represented by a primary VLAN and a secondary VLAN. All secondary (private vlan) share the same primary VLANs.

.co

Answer: A

125

www.CareerCert.info
Cisco 642-832: Practice Exam E. An SVI provides a default gateway for a VLAN. Answer: A,E Explanation: On a multilayer switch, you can also enable Layer 3 functionality for an entire VLAN on the switch. This allows a network address to be assigned to a logical interface-that of the VLAN itself. This is useful when the switch has many ports assigned to a common VLAN, and routing is needed in and out of that VLAN. The logical Layer 3 interface is known as an SVI . However, when it is configured, it uses the much more intuitive interface name vlan vlan-id , as if the VLAN itself is a physical interface. First, define or identify the VLAN interface, and then assign any Layer 3 functionality to it with the following configuration commands: Switch( config)# interface vlan vlan-id Switch( config-if)# ip address ip-address mask [secondary] The VLAN must be defined and active on the switch before the SVI can be used. Make sure the new VLAN interface is also enabled with the no shutdown interface configuration command

Company has a Catalyst 6500 and you need to configure redundancy between the supervisor modules. With route processor redundancy (RPR+), the redundant supervisor engine is fully initialized and configured, which shortens the switchover time if the active supervisor engine fails. Which three statements are true about the RPR + operations when the redundant supervisor engine switched over the failed primary supervisor engine? (Choose three) A. Static IP routes are maintained across a switchover because they are configured from entries in the configuration file. B. Information about dynamic routing states, maintained on the active supervisor engine, is synchronized to the redundant supervisor engine and is transferred during the switchover. C. Information about dynamic routing states, maintained on the active supervisor engine, is not synchronized to the redundant supervisor engine and is lost on switchover. D. The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed traffic is interrupted until route tables reconverge. E. Static IP routes are cleared across a switchover and recreated from entries in the configuration file on the redundant supervisor engine. "Pass Any Exam. Any Time." - www.actualtests.com 126

Ac

tua

QUESTION NO: 132

lTe

Section 18: Troubleshoot switch supervisor redundancy (3 Questions)

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam F. The Forwarding Information Base (FIB) tables are maintained during the switchover. As a result, routed traffic continues without any interruption when the failover occurs. Answer: A,C,D Explanation: The following guidelines and restrictions apply to RPR+:

RPR+ redundancy does not support configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy.

Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. Enter a " copy running-config startup-config " command to synchronize the configuration on the redundant supervisor engine.

Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine load balancing. Only one supervisor engine is active. Network services are disrupted until the redundant supervisor engine takes over and the switch recovers.

The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed traffic is interrupted until route tables reconverge.

Static IP routes are maintained across a switchover because they are configured from entries in the configuration file.

Information about dynamic states maintained on the active supervisor engine is not synchronized to the redundant supervisor engine and is lost on switchover. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/r edund.html

QUESTION NO: 133

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

With RPR+, both supervisor engines must run the same version of Cisco IOS software. If the supervisor engines are not running the same version of Cisco IOS software, the redundant supervisor engine comes online in RPR mode.

sts

.co

127

www.CareerCert.info
Cisco 642-832: Practice Exam Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy using NSF? (Choose two.) A. independent of SSO B. NSF combined with SSO enables supervisor engine load balancing C. supported by RIPv2, OSPF, IS-IS, and EIGRP D. supports IPv4 and IPv6 multicast E. prevents route flapping F. dependent on FIB tables Answer: E,F Explanation: The purpose of NSF is to enable the Layer 3 switch to continue forwarding packets from an NSFcapable neighboring router when the primary route processor (RP) is failing and the backup RP is taking over. So it prevents the route flapping and it depends on FIB (Forwarding Information Base) table.

QUESTION NO: 134

Which statement best describes Cisco supervisor engine redundancy using Stateful Switchover? A. Switchover ensures that Layer 2 through Layer 4 traffic is not interrupted. B. Redundancy requires BGP, OSPF, EIGRP, or IS-IS. C. Redundancy provides fast supervisor switchover for all Cisco Catalyst 6500 series switches. D. Switchover can be caused by clock synchronization failure between supervisors. Answer: D

Explanation: Section 19: Troubleshoot switch support of advanced services (i.e., Wireless, VOIP and Video) (8 Questions)

QUESTION NO: 135 Exhibit:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

128

www.CareerCert.info
Cisco 642-832: Practice Exam

You work as a network technician. Please study the exhibit carefully. In this wireless network, the LAP (lightweight access point) attempts to register to a WLC (Wireless LAN Controller). What kind of message is transmitted? A. The lightweight access point will send Layer 2 and Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages at the same time. B. The lightweight access point will send Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages only. C. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery. D. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages only. Answer: C

Explanation: This procedure for a LAP to register with a WLC is: The LAP issues a DHCP request to a DHCP server in order to get an IP address, unless an assignment was made previously with a static IP address. If Layer 2 LWAPP mode is supported on the LAP, the LAP broadcasts an LWAPP discovery message in a Layer 2 LWAPP frame. Any WLC that is connected to the network and that is configured for Layer 2 LWAPP mode responds with a Layer 2 discovery response. If the LAP does not support Layer 2 mode, or if the WLC or the LAP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery message broadcast, the LAP proceeds to step 3. If step 1 fails, or if the LAP or the WLC does not support Layer 2 LWAPP mode, the LAP attempts a Layer 3 LWAPP WLC discovery. If step 3 fails, the LAP resets and returns to step 1. Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

QUESTION NO: 136 Exhibit: "Pass Any Exam. Any Time." - www.actualtests.com 129

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

In this scenario the signal transmitted from the AP is reflected off a wall, resulting in multipath interference at the client end (ClientA). Which of the following statements is true? A. The transmitted signal from the AP arrives at the client at slightly different times resulting in phase shifting. B. Multipath interference can be solved by using dual antennas. C. If signal 2 is close to 360 degrees out of phase with signal 1, the result is essentially zero signal or a dead spot in the WLAN. D. Multipath interference is less of an issue when using a DSSS technology because multipath is frequency selective. E. If signal 1 is in phase with signal 2, the result is essentially zero signal or a dead spot in the WLAN. F. None of the other alternatives apply. Answer: B

Explanation: In order to understand diversity using dual antenna's , you must understand multipath distortion. When a radio frequency (RF) signal is transmitted towards the receiver, the general behavior of the RF signal is to grow wider as it is transmitted further. On its way, the RF signal encounters objects that reflect, refract, diffract or interfere with the signal. When an RF signal is reflected off an object, multiple wavefronts are created. As a result of these new duplicate wavefronts, there are multiple wavefronts that reach the receiver. Diversity is the use of two antennas for each radio, to increase the odds that you receive a better signal on either of the antennas. The antennas used to provide a diversity solution can be in the same physical housing or must be two separate but equal antennas in the same location. Diversity provides relief to a wireless network in a multipath scenario. Diversity antennas are physically separated from the radio and each other, to ensure that one encounters less multipath propagation effects than the other. Dual antennas typically ensure that if one antenna is in an RF null then the other is not, which provides better performance in multipath environments. You can move the antenna to get it out of the null point and provide a way to receive the signal correctly. Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646.shtml

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

130

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 137 On the wireless LAN, A client is searching for an access point (AP). What is the correct process order that this client and access point goes through in order to create a connection? A. association request/response, probe request/response, authentication request/response B. association request/response, authentication request/response, probe request/response C. probe request/response, authentication request/response, association request/response D. probe request/response, association request/response, authentication request/response E. None of the other alternatives apply Answer: C Explanation: From the Cisco FAQ on Cisco Aironet Wireless Security: What steps does Open Authentication involve for a client to associate with the AP? The client sends a probe request to the APs. The APs send back probe responses. The client evaluates the AP responses and selects the best AP. The client sends an authentication request to the AP. The AP confirms authentication and registers the client. The client then sends an association request to the AP. The AP confirms the association and registers the client. Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.sht ml

QUESTION NO: 138 Network topology exhibit:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

131

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: B,C,E

Explanation: This question shows an example of layer 2 roaming. A L2 roam occurs when a WLAN client moves from one access point to another within the same subnet. If the client moves to a new access point on a different IP subnet, L3 roaming occurs after the L2 roam has completed. Roaming is always a client station decision. The client station is responsible for detecting, evaluating, and roaming to an alternative access point. Figure 3 Sequence of Events for L2 Roam illustrates a L2 roam. Figure: Sequence of Events for L2 Roam

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. ...with a unique IP subnet range. B. ... with identical SSIDs. C. ...within the same IP subnet. D. ...with the same guest mode SSID. E. ...only with the native VLAN. F. ...with the native VLAN.

tua

lTe

All access points should be configured....

sts

In this WLAN segment, what are three requirements for configuring these Aironet access points (APs) that will allow for all wireless clients to work without service interruption while roaming from access point to access point? (Select three)

.co

132

www.CareerCert.info
Cisco 642-832: Practice Exam

The arrows in the figure indicate the following events: 1. A client moves from access point A coverage area into access point B coverage area ( with both access points in the same subnet ). As the client moves out of the range of access point A, a roaming event (for example, maximum retries) is triggered. 2. The client scans all IEEE 802.11 channels for alternative access points. In this case, the client discovers access point B and reauthenticates and reassociates to it. After associating to the new access point B, if it is configured for 802.1X, the client begins IEEE 802.1X authentication. 3. Access point B sends a null media access control (MAC) multicast, on the client's virtual local area network (VLAN), using the source address of the client. This updates the content addressable memory ( CAM ) tables of the upstream switch and directs further LAN traffic for the client to access point B and not access point A. 4. Using its own source address, access point B sends a MAC multicast, on the native VLAN , telling access point A that access point B now has the client associated to it. Access point A receives this multicast and removes the client MAC address from its association table. When a roaming event occurs, the client station scans each 802.11 channel. 2 On each channel the client station sends a probe, and waits for a probe responses or beacons from access points on that channel. The probe responses and beacons received from access points are discarded unless they have matching Service Set Identifier (SSID) and encryption settings. Reference: http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c 5223.html

QUESTION NO: 139

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

133

www.CareerCert.info
Cisco 642-832: Practice Exam Which three statements are true about implementing wireless LANs in the network using Cisco devices? (Select three) A. Antenna power is a relative value reference to dBi. B. LWAPP allows encrypted communications between lightweight access points and WLAN controllers. C. Characteristics of antennas are directionality, gain, and polarization. D. Power over Ethernet (PoE) is only available when a WLAN controller is integrated into the network. E. The WLAN solution Engine (WLSE) is used to control lightweight access points. F. One of the advantages of the lightweight WLAN solution is that the devices act indepently. Answer: A,B,C Explanation: DBi is a unit measuring the gain of an antenna. The reference level or dBi is the strength of the signal that would be transmitted by a non-directional isotropic antenna i.e.radiates equally in all directions. This antenna exists as a mathematical concept used only as a known reference to measure antenna gain per dBi. In electronics, the term "gain" is often repeated but misunderstood. Gain implies increase e.g 20 dBi but without respect to where the increase originated. LWAPP is a draft Internet Engineering Task Force (IETF) standard, authored by Cisco Systems, that standardizes the communications protocol between lightweight access points and WLAN systems such as controllers, switches, and routers. Its goals are to: Reduce the amount of processing within access points, freeing up their computing resources to focus exclusively on wireless access instead offiltering and policy enforcement Enable centralized traffic handling, authentication, encryption , and policy enforcement for an entire WLAN system Provide a generic encapsulation and transport mechanism for multivendor access point interoperability, using either a Layer 2 infrastructure oranIP-routed network When a Cisco LWAPP-enabled access point boots up, it immediately looks for a wireless LAN controller within the network. After it finds a wireless LAN controller, the LWAPP-enabled access point sends out encrypted "neighbor" messages. An antenna gives the wireless system three fundamental properties: gain, direction and polarization. Gain is a measure of increase in power. Gain is the amount of increase in energy that an antenna adds to a radio frequency (RF) signal. Direction is the shape of the transmission pattern. Polarization is the physical orientation of the element on the antenna that actually emits the RF energy. An omnidirectional antenna, for example, is usually a vertical polarized antenna. References: http://wireless-network.wireless-computer-networking.com/dBi.htm http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807f34d3.shtml "Pass Any Exam. Any Time." - www.actualtests.com 134

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 140 An IP phone connects a user to a switch as shown below:

Answer: A

Explanation: The new voice VLAN is called an auxiliary VLAN in the Catalyst software command-line interface (CLI). In the traditional switched world, data devices reside in a data VLAN. The new auxiliary VLAN is used to represent other types of devices collectively. Today those devices are IP phones (hence the notion of a voice VLAN), but, in the future, other types of non-data devices will also be part of the auxiliary VLAN. Just as data devices come up and reside in the native VLAN (default VLAN), IP phones come up and reside in the auxiliary VLAN, if one has been configured on the switch. When the IP phone powers up, it communicates with the switch using CDP. The switch then provides the phone with its configured VLAN ID (voice subnet), also known as the voice VLAN ID or VVID. Meanwhile, data devices continue to reside in the native VLAN (or default VLAN) of the switch. A data device VLAN (data subnet) is referred to as a port VLAN ID or PVID.

QUESTION NO: 141 Look at the graphic below, the connectivity between Cisco IP phone access port and the workstation CK-PC has been established, how to manage the traffic? "Pass Any Exam. Any Time." - www.actualtests.com 135

Ac

tua

lTe

sts

A. A PC connected to a switch port via an IP phone is unaware of the presence of the phone. B. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same LAN segment with a PC. C. To improve the quality of the voice traffic, no other devices should be attached to the IP phone. D. The voice VLAN must be configured as a native VLAN on the switch. E. A PC connected to a switch port via an IP phone must support a trunking encapsulation.

.co

Based on the diagram shown above, which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone?

www.CareerCert.info
Cisco 642-832: Practice Exam

A switch instructs an attached IP Phone through CDP messages as to how it should extend QoS trust to its own user data switch port. To configure the trust extension, use the following interface configuration command: Switch( config-if)# switchport priority extend {cos value | trust} Normally, the QoS information from a PC connected to an IP Phone should not be trusted. This is because the PC's applications might try to spoof CoS or Differentiated Services Code Point (DSCP) settings to gain premium network service. In this case, use the cos keyword so that the CoS bits are overwritten to value by the IP Phone as packets are forwarded to the switch. If CoS values from the PC cannot be trusted, they should be overwritten to a value of 0. "Pass Any Exam. Any Time." - www.actualtests.com 136

Ac

Example: interface fastethernet 0/1 switchport voice vlan 200 switchport priority extend cos 0

tua

lTe

Explanation: The CK-PC connected to the phone, however, should normally be untrusted and have all inbound CoS values set to 0. This is mentioned here to show how trust boundaries also exist at any connected IP Phones.

sts

Answer: A

.co

A. The IP phone access port will override the priority of the frames received from the CK-PC. B. The IP phone access port would trust the priority of the frames received from the CK-PC. C. The switch port FaO/4 would neglect the priority of the frames received from the CK-PC. D. The switch port FaO/4 would trust the priority for the frames received from the CK-PC.

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 142 You need to configure a new Cisco router to be installed in the VOIP network. Which three interface commands will configure the switch port to support a connected Cisco phone and to trust the CoS values received on the port if CDP discovers that a Cisco phone is attached? (Select three) A. switchport voice vlan vlan-id B. mls qos trust device cisco-phone C. switchport priority extend cos_value D. mls qos trust cos E. mls qos trust override cos

Section 20: Troubleshoot a VoIP support solution (7 Questions)

QUESTION NO: 143 Based on the graphic below, which Catalyst switch interface command should be issued in order for the switch to instruct the phone to override the incoming CoS from the CK-PC before sending the packet to the switch?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: 1. To configure the IP Phone uplink, just configure the switch port where it connects. The switch instructs the phone to follow the mode that is selected. In addition, the switch port does not need any special trunking configuration commands if a trunk is wanted. If an 802.1Q trunk is needed, a special-case trunk is negotiated by Dynamic Trunking Protocol (DTP) and CDP. Use the following interface configuration command to select the voice VLAN mode that will be used: Switch( config-if)# switchport voice vlan { vlan-id | dot1p | untagged | none} 2. mls qos trust [ cos ] : Configure the port trust state. By default, the port is not trusted. All traffic is sent through one egress queue. Use the cos keyword to classify ingress packets with the packet CoS values. The egress queue assigned to the packet is based on the packet CoS value 3. mls qos trust device cisco-phone : Configure the Cisco IP Phone as a trusted device on the interface.

tua

lTe

sts

.co

Answer: A,B,D

137

www.CareerCert.info
Cisco 642-832: Practice Exam

A. switchport priority extend cos 11 B. switchport priority extend cos 2 C. mis qos cos 2 D. mis qos cos 2 override Answer: B Explanation: Overriding the CoS Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco7960 IP Phone port. The PC can generate packets with an assigned CoS value. You can configure the switch to override the priority of frames arriving on the IP phone port from connected devices. Beginning in privileged EXEC mode, follow these steps to override the CoS priority received from the nonvoice port on the Cisco7960 IP Phone: Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_14_ea1/config uration/guide/swvoip.html

Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is configured on the switch port interface connected to the IP phone?

A. Effectively, the trust boundary has been moved to the PC attached to the IP phone. B. The computer is now establishing theCoS value and has effectively become the trust boundary. C. The IP phone is enabled to override with aCoS value of 3 the existing CoS marking of the PC attached to the IP phone. D. The switch will no longer tag incoming voice packets and will extend the trust boundary to the distribution layer switch. E. RTP will be used to negotiate aCoS value based upon bandwidth utilization on the link.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 144

lTe

sts

.co

138

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: C Explanation: The "switchport priority extend cos <priority>" is used to set the IP phone access port to override the priority received from the PC or the attached device. The CoS value is a number from 0 to 7. Seven is the highest priority. The default is 0. In this case, it has been set to mark all traffic with a class of service value of 3. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_14_ea1/config uration/guide/swvoip.html

QUESTION NO: 145 VOIP is being implemented in the network and you need to assess the need for QoS. Which of the following network problems would indicate a need to implement QoS features? (Select three) A. Mis-routed packets B. Excess jitter C. Delay of critical traffic D. Packet loss due to congestion E. Data link layer broadcast storms F. FTP connections unsuccessful Answer: B,C,D

Explanation: Loss, jitter, and delay are the three reasons for implementing QoS features on modern networks. Loss is when a packet disappears on a network. Jitter is a timing mismatch between two way traffic, and delay is when a packet takes too long to get somewhere. Incorrect Answers: A: This would indicate a routing problem, or packets being "black-holed." QoS would not help in this situation. E: Broadcast storms indicate a problem on a LAN segment, such as a babbling host, too many hosts, a segment that is too large, a bad application, etc. QoS would not help in this situation. F: If only FTP sessions were having issues, then the FTP application or FTP server should be corrected. Normally, FTP sessions are not delay sensitive due to the re-transmission nature of TCP and do not require QoS.

QUESTION NO: 146 Jitter is causing problems with the VOIP application in the network. What causes network jitter?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

139

www.CareerCert.info
Cisco 642-832: Practice Exam A. Variable queue delays B. Packet drops C. Transmitting too many small packets D. Compression Answer: A Explanation: Delay variation or jitter is the difference in the delay times of consecutive packets. A jitter buffer is often used to smooth out arrival times, but there are instantaneous and total limits on buffering ability. Any type of buffering used to reduce jitter directly increases total network delay. In general, traffic requiring low latency also requires a minimum variation in latency. Note: Jitter in Packet Voice Networks : Jitter is defined as a variation in the delay of received packets. At the sending side, packets are sent in a continuous stream with the packets being spaced evenly apart. Due to network congestion, improper queuing, or configuration errors, this steady stream can become lumpy, or the delay between each packet can vary instead of remaining constant.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

According to the information presented in the following exhibit, can you tell me the reason that the trust state of interface FastEthernet 0/3 displays "not trusted"?

sts

QUESTION NO: 147

.co

140

www.CareerCert.info
Cisco 642-832: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

141

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation: CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Ciscomanufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols. This feature enables applications to send SNMP queries to neighboring devices. CDP runs on all media that support Subnetwork Access Protocol ( SNAP). Because CDP runs over the data-link layer only, two systems that support different network-layer protocols can learn about each other. Communication between Switch and IP Phone is performed by CDP protocol. There is no CDP neighbor and trusted state also no trusted.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Answer: D

lTe

A. The command mis qos needs to be turned on in global configuration mode. B. DSCP map needs to be configured for VOIP. C. ToS has not been configured. D. There is not a Cisco Phone attached to the interface.

sts

.co

142

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 148 You are a network administrator of a large investor relations company that uses a switched network to carry both data and IP telephony services. Why should you carry voice traffic on a separate VLAN? A. IP phones require inline power and must be in separate VLAN to receive inline power. B. IP telephony applications require prioritization over other traffic as they are more delay sensitive. C. IP phones can only receive IP addresses through DHCP if they are in separate VLAN. D. The CDP frames from the IP phone can only be recognized by the switch if the phone is in an auxiliary vlan. Answer: B Explanation: Voice conversations don't take up a lot of bandwidth, but the bandwidth they do is very delicate. If anything happens with the connection or the integrity of the data transfer in either direction the conversation won't seam natural. To ensure the highest degree of integrity you should put voice traffic on its own separate VLAN and give that VLAN the highest priority.

QUESTION NO: 149

Which QoS mechanisms can you use on a converged network to improve VoIP quality? (Select three) A. The use of a queuing method that will give VoIP traffic strict priority over other traffic. B. The use of RTP header compression for the VoIP traffic. C. The proper classification and marking of the traffic as close to the source as possible. D. The use of 802.1QinQ trunking for VoIP traffic. E. The use of WRED. Answer: A,C,E Explanation: In order to optimize the quality of VOIP calls, QoS should be implemented to ensure that VOIP traffic is prioritized over other traffic types. By providing a strict queue for VOIP traffic, you will ensure that voice calls take precedence over the other traffic types. In order to properly provide for QoS across the network, the voice traffic should be marked to give priority as close to the source as possible. This will ensure that the traffic is prioritized end to end. Finally, WRED (Weighted Random Early Detection) could be configured to prevent congestion. WRED can be used to selectively drop less important traffic types, instead of dropping the voice packets when links become busy. "Pass Any Exam. Any Time." - www.actualtests.com 143

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Incorrect Answers: B: Compression can be used to lower the bandwidth required to transmit VOIP calls, but it will not help with improving the voice quality. In general, compression of any kind lowers the quality of VOIP. D: The trunking method used will have no bearing on the VOIP quality.Section 21: Troubleshoot a video support solution(3 Questions)

QUESTION NO: 150 The Company is rolling out Cisco's Architecture for Voice, Video and Integrated Data (AVVID). Which of the following choices represent the fundamental intelligent network services in Cisco's AVVID? (Select all that apply.) A. Quality of Service (QoS) B. Intelligent platforms C. Mobility and scalability D. Security E. High availability Answer: A,C,D,E

QUESTION NO: 151

Which of the characteristics below is associated with the (QoS) Integrated Services Model? A. QoS classified at layer 3 using IP precedence or DSCP. B. Guaranteed rate service. C. Implemented using FIFO queues. D. All traffic has an equal chance of being dropped. Answer: B Explanation: Cisco IOS QoS includes the following features that provide controlled load service, which is a kind of integrated service: "Pass Any Exam. Any Time." - www.actualtests.com 144

Ac

tua

Explanation: By creating a robust foundation of basic connectivity and protocol implementation, Cisco AVVID Network Infrastructure addresses five primary concerns of network deployment: High availability Quality of service (QoS) Security Mobility and Scalability Reference: http://www.cisco.com/en/US/netsol/netwarch/ns19/ns24/networking_solutions_audience_business _benefit09186a008009d678.html

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Resource Reservation Protocol (RSVP) can be used by applications to signal their QoS requirements to the router. Intelligent queuing mechanisms can be used with RSVP to provide the following kinds of services:

QUESTION NO: 152

A. The access layer is the initial point at which traffic enters the network. Traffic is marked (or remarked) at Layers 2 and 3 by the access switch as it enters the network, or is "trusted" that it is entering the network with the appropriate tag. B. No traffic marking occurs at the core layer. Layer 2/3 QoS tags are trusted from distribution layer switches and used to prioritize and queue the traffic as it traverses the core. C. Traffic inbound from the access layer to the distribution layer can be trusted or reset depending upon the ability of the access layer switches. Priority access into the core is provided based on Layer 3 QoS tags. D. IP precedence, DSCP, QoS group, IP address, and ingress interface are Layer 2 characteristics that are set by the access layer as it passes traffic to the distribution layer. The distribution layer, once it has made a switching decision to the core layer, strips these off. E. MAC address, Multiprotocol Label Switching (MPLS); the ATM cell loss priority (CLP) bit, the Frame Relay discard eligible (DE) bit, and ingress interface are established by the voice submodule (distribution layer) as traffic passes to the core layer. F. The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic within a certain time frame, which is typically a fixed number internal to the switch. If a frame is determined to be in excess of the predefined rate limit, the CoS value can be marked up in a way that results in the packet being dropped. "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

You work as a network technician. Your boss is interested in the QoS technology in the context of video traffic. What can be said of application of this technology in this type of network? (Select three)

sts

.co

Guaranteed Rate Service, which allows applications to reserve bandwidth to meet their requirements. For example, a Voice over IP (VoIP) application can reserve 32 Mbps end to end using this kind of service. Cisco IOS QoS uses weighted fair queuing (WFQ) with RSVP to provide this kind of service. Controlled Load Service, which allows applications to have low delay and high throughput even during times of congestion. For example, adaptive real-time applications such as playback of a recorded conference can use this kind of service. Cisco IOS QoS uses RSVP with Weighted Random Early Detection (WRED) to provide this kind of service. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter0 9186a008007ff07.html#1000946

145

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: A,B,C Explanation: Three main types of QoS policies are required within the Campus: 1)Classification and Marking 2)Policing and Markdown 3)Queuing Classification, marking, and policing should be performed as close to the traffic-sources as possible, specifically at the Campus Access-Edge. Queuing, on the other hand, needs to be provisioned at all Campus Layers (Access, Distribution, Core) due to oversubscription ratios. Distribution and edge switches can be configured to trust the COS markings of incoming traffic, rest the COS value to 0, or reset the COS value to a different value. These switches also perform the necessary functions to map the layer 2 COS values to a layer 3 TOS or DSCP value when sending traffic into the cloud.

Section 22: Troubleshoot Layer 3 Security (4 Questions)

QUESTION NO: 153

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the output displayed in the exhibit, which statement is true?

lTe

sts

.co

146

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: D

Explanation: To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router's function. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. This is known as interVLAN routing . Multilayer switches can perform both Layer 2 switching and interVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2 trunks. Layer 3 switching can occur between any type of interface, as long as the interface can have a Layer 3 address assigned to it. Switch( config)# ip routing command enables the routing on Layer 3 Swtich

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. HSRP must be configured on SW1. B. A separate router is required to support interVLAN routing. C. Interface VLAN 10 must be configured on the SW1 switch. D. The global config command ip routing must be configured on the SW1 switch. E. VLANs 10 and 15 must be created in the VLAN database mode. F. VTP must be configured to support interVLAN routing.

lTe

sts

.co

147

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 154 Refer to the exhibit. VLAN2, VLAN3, and VLAN10 are configured on the switch D-SW1. Host computers are on VLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the management VLAN is on VLAN10 (10.1.10.0). Hosts are able to ping each other but are unable to reach the servers. On the basis of the exhibited output, which configuration solution could rectify the problem?

Answer: C

Explanation: Although a routed port is configured for connectivity with an external router, Inter-VLAN routing would most likely be achieved through the use of a virtual interface. Example: To route between VLANs 10 and 20 which have been configured on the multilayer switch use the following configuration: RouteSwitch( config)# interface vlan 10 RouteSwitch(config-if)# ip address 10.0.10.1 255.255.255.0 RouteSwitch(config)# interface vlan 20 RouteSwitch(config-if)# ip address 10.0.20.1 255.255.255.0

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. Enable IP routing on the switch D-SW1. B. Configure a default route that points toward network 200.1.1.0/24. C. Assign an IP address of 10.1.3.1/24 to VLAN3. D. Configure default gateways to IP address 10.1.2.1 on each host. E. Configure default gateways to IP address 10.1.10.1 on each host. F. Configure default gateways to IP address 200.1.1.2 on each host.

lTe

sts

.co

148

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 155 The network is displayed in the following network topology exhibit:

Router configuration exhibit:

A. Although interVLAN routing is not enabled, both workstations will have connectivity to each other. B. Although interVLAN routing is enabled, the workstations will not have connectivity to each other. C. InterVLAN routing has been configured properly, and the workstations have connectivity to each other. D. InterVLAN routing will not occur since no routing protocol has been configured. E. None of the other alternatives apply. Answer: C Explanation: "Pass Any Exam. Any Time." - www.actualtests.com 149

Ac

Based on the network diagram and routing table output in the exhibit, which of these statements is true?

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A Layer 2 network can also exist as a VLAN inside one or more switches. VLANs are essentially isolated from each other so that packets in one VLAN cannot cross into another VLAN. To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router's function. The router must have a physical or logical connection to each VLAN so that it can forward packets between them. This is known as interVLAN routing . InterVLAN routing can be performed by an external router that connects to each of the VLANs on a switch. Separate physical connections can be used, or the router can access each of the VLANs through a single trunk link. The Switch Port which is connected with Router should be trunk link, You need to configure like: Switch( config)# interface fa 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation dot1q In Router you need to configure like: Router( config)# interface fa 0/0 Router(config-if)# description VLAN 1 Router(config-if)# ip address 192.168.10.1 255.255.255.0 Router( config)# interface fa 0/0.10 Router(config-subif)# description Management VLAN 10 Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip address 192.168.91.1 255.255.255.0 Router( config)# interface fa 0/0.20 Router(config-subif)# description Engineering VLAN 20 Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip address 192.168.20.1 255.255.255.0

QUESTION NO: 156

A. A trunk port should be configured on the link between CK-SW1 and CK-SW2 to ping successfully.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Study the following graphic carefully Host1 and Host2, which belong to different VLANs, are in the same subnet. According to the information displayed, which description is correct when trying to ping from host to host?

lTe

sts

.co

150

www.CareerCert.info
Cisco 642-832: Practice Exam B. The two hosts should be in the same VLAN in order to ping successfully. C. A Layer 3 device is a must in order for the ping command to be successful. D. The ping command will be successful without any further configuration changes. Answer: D Explanation: Normally, to transport packets between VLANs, you must use a Layer 3 device. However, in this case the "switchport mode access" command has been used for these ports so the VLAN information will be sent along untagged. Devices that are in different VLANs can ping each other as long as they are in the same subnet when the VLAN information is untagged.

QUESTION NO: 157 The following "show" command was issued on R1:

Study the exhibit carefully. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5? A. The traffic will be dropped. B. The traffic will be forwarded to the router processor for further processing. C. The traffic will be forwarded without further processing. D. The traffic will be forwarded to the TCAM for further processing. E. None of the other alternatives apply Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

Section 23: Troubleshoot issues related to ACLs used to secure access to Cisco routers (2 Questions)

151

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike router ACLs, VLAN maps are not defined by direction (input or output). To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select the traffic that will be either forwarded or dropped by the access-map. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Each access-map can have multiple entries. The order of these entries is determined by the sequence . If no sequence number is entered, accessmap entries are added with sequence numbers in increments of 10. In access map configuration mode, optionally enter an action forward or action drop . The default is to forward traffic. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address), and to match the packet against one or more ACLs (standard or extended). Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. A single access-map can be used on multiple VLANs.

A. Confirm if there are other problematic route-map statements thatprecede divert. B. Check the access list for log hits. C. Check the routing table for 212.50.185.126. D. Remove any two of the set clauses. (Multiple set clause entries will cause PBR to use the routing table.) Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Refer to the exhibit. Based upon the configuration, you need to understand why the policy routing match counts are not increasing. Which would be the first logical step to take? Select the best response.

lTe

QUESTION NO: 158

sts

.co

152

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: Section 24: Troubleshoot configuration issues related to accessing the AAA server for authentication purposes (1 Questions)

QUESTION NO: 159 Exhibit:

You work as a network administrator. You study the exhibit carefully. What is the function of this configuration? A. mitigates the risk of rogue devices gaining unauthorized access to the network B. sets the port state to authorized C. sets the maximum number of retries to supplicant for EAP-request frames of types other than EAP-Request/Identify D. sets the port state to unauthorized E. configures a guest VLAN on this interface Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

153

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: Cisco switches supports port-based authentication with combination of AAA, which is known as dot1x authentication. When it is enabled, a switch port will not pass any traffic until a user has authenticated with the switch. If the authentication is successful, the user can use the port normally.

Section 25: Troubleshoot security issues related to IOS services (i.e. ,finger , NTP, HTTP, FTP, RCP etc.) (4 Questions)

QUESTION NO: 160

You want to enhance the security within the LAN and prevent VLAN hopping. What two steps can be taken to help prevent this? (Select two) A. Enable BPD guard B. Disable CDP on ports where it is not necessary C. Place unused ports in a common unrouted VLAN D. Prevent automatic trunk configuration E. Implement port security Answer: C,D

Explanation: To prevent VLAN hoping you should disable unused ports and put them in an unused VLAN, or a separate unrouted VLAN. By not granting connectivity or by placing a device into a VLAN not in use, unauthorized access can be thwarted through fundamental physical and logical barriers. Another method used to prevent VLAN hopping is to prevent automatic trunk configuration. Hackers used 802.1Q and ISL tagging attacks, which are malicious schemes that allow a user on a VLAN to get unauthorized access to another VLAN. For example, if a switch port were configured as DTP auto and were to receive a fake DTP packet, it might become a trunk port and it might start accepting traffic destined for any VLAN. Therefore, a malicious user could start communicating with other VLANs through that compromised port. Reference: VLAN Security White Paper, Cisco Systems http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315 9f.shtml

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

154

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 161 The network is being flooded with invalid Layer 2 addresses, causing switch CAM tables to be filled and forcing unicast traffic to be transmitted out all switch ports. Which type of Layer 2 attack is being used here? A. MAC spoofing B. VLAN hopping C. MAC address flooding D. DHCP flooding E. Session hijacking Answer: C Explanation: Port security is especially useful in the face of MAC address flooding attacks. In these attacks, an attacker tries to fill up a switch's CAM tables by sending a large number of frames to it with source MAC addresses that the switch is unaware of at that time. The switch learns about these MAC addresses and puts them in its CAM table, thinking that these MAC addresses actually exist on the port on which it is receiving them. In reality, this port is under the attacker's control and a machine connected to this port is being used to send frames with spoofed MAC addresses to the switch. If the attacker keeps sending these frames in a large-enough quantity, and the switch continues to learn of them, eventually the switch's CAM table becomes filled with entries for these bogus MAC addresses mapped to the compromised port. Under normal operations, when a machine receiving a frame responds to it, the switch learns that the MAC address associated with that machine sits on the port on which it has received the response frame. It puts this mapping in its CAM table, allowing it to send any future frames destined for this MAC address directly to this port rather than flood all the ports on the VLAN. However, in a situation where the CAM table is filled up, the switch is unable to create this CAM entry. At this point, when the switch receives a legitimate frame for which it does not know which port to forward the frame to, the switch floods all the connected ports belonging to the VLAN on which it has received the frame. The switch continues to flood the frames with destination addresses that do not have an entry in the CAM tables to all the ports on the VLAN associated with the port it is receiving the frame on. Reference: http://book.soundonair.ru/cisco/ch05lev1sec2.html

QUESTION NO: 162 A MAC address flood attack is occurring on the LAN. During this attack, numerous frames are forwarded to a switch which causes the CAM table to fill to capacity. How does this action benefit the attacker? "Pass Any Exam. Any Time." - www.actualtests.com 155

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. All traffic is tagged with a specific VLAN ID from the VLAN of the attacker and is now viewable. B. Clients will forward packets to the attacking device, which will in turn send them to the desired destination but not before recording the traffic patterns. C. All traffic is redirected to the VLAN that the attacker used to flood the CAM table. D. All traffic is flooded out all ports and an attacker is able to capture all data. E. None of the other alternatives apply Answer: D Explanation: MAC flooding basically involves bombarding the switch with spoofed ARP requests in the hope of making the switch "fail open". This, in essence, makes the switch display the characteristics of a hub, where it sends packets to all ports. A MAC flooding attack looks like traffic from thousands or computers moving into one port, but it's actually the attacker spoofing the MAC address of thousands of non-existent hosts. The goal is to flood the switches CAM (content addressable memory) table, or port/MAC table with these bogus requests, and once flooded, the switch will broadcast openly onto a LAN, allowing the attacker to start sniffing. The success of this attack is almost completely dependant on the model and manufacturer of the switch. Reference: http://www.governmentsecurity.org/archive/t2605.html

QUESTION NO: 163

Which of the following characteristics describe the BPDU Guard feature? (Choose all that apply.) A. A BPDU Guard port should only be configured on ports with PortFast enabled. B. BPDU Guard and PortFast should not be enabled on the same port. C. BPDU Guard is used to ensure that superior BPDUs are not received on a switch port. D. A BPDU Guard port receiving a BPDU will go into err-disable state. E. A BPDU Guard port receiving a BPDU will be disabled. F. BPDU Guard can be enabled on any switch port. Answer: A,E

QUESTION NO: 164 Which of the following are valid modes of accessing the data plane? (Choose all that apply.) A. Serial connection B. Secure Shell C. RADIUS D. Simple Network Management Protocol

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

156

www.CareerCert.info
Cisco 642-832: Practice Exam E. HTTP F. Telnet Answer: A,B,D,E,F

QUESTION NO: 165 Which of the following is not an essential prerequisite for AutoQoS to be correctly applied to an interface? (Choose all that apply.) A. The interface must be configured as a Multilink PPP interface. B. The correct bandwidth should be configured on the interface. C. A QoS policy must not be currently attached to the interface. D. CEF must be enabled. E. AutoQoS must be enabled globally before it can be enabled on the interface. F. An IP address must be configured on the interface if its speed is equal to or less than 768 kbps. Answer: A,E

QUESTION NO: 166

Answer: E

QUESTION NO: 167 Which of the following is not considered a common approach to narrow the field of potential problem causes? (Choose the best answer.) A. Following the traffic path B. Top-down C. Comparing configurations D. Bottom-up "Pass Any Exam. Any Time." - www.actualtests.com 157

Ac

A. Extranet VPN B. Managed overlay VPN topology C. Hub-and-spoke VPN topology D. Central-site VPN topology E. Full mesh VPN topology F. Remote-access VPN topology

tua

lTe

Which of the following topology situations would be a qood candidate for configuring DMVPN?

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam E. Divide and conquer F. Examine SLAs Answer: F

QUESTION NO: 168 Which of the following best describes the following command: ip flow-export destination 192.168.1.50 1500? A. it is not a valid NetFlow command. B. it is an SNMP command that exports 1500-byte packets to IP address 192.168.1.50. C. it is a NetFlov/ command that v/ill export 1500-byte packets to IP address 192.168.1.50. D. it is a NetFlov/ command that allows IP address 192.168.1.50 to send traffic to port 1500. E. It is a NetFlov/ command that v/ill specify that the NetFlov/ collector's IP address is 192.168.1.50 over UDP port 1500. F. It is an SNMP command that exports flows to destination address 1Q2.168.1.50 for packets up to an MTU of 1500.

QUESTION NO: 169

A. Statically defined RP B. Bootstrap Router C. Auto-RP D. RP Discovery Protocol (RDP) E. RP Helios F. RPARP(RARP) Answer: A,B,C

QUESTION NO: 170 Which of the following are shared distribution tree characteristics? (Choose all that apply.) A. Memory requirements are higher for shared distribution tree than for source distribution tree. B. Creates a tree from a central RP to all last-hop routers. "Pass Any Exam. Any Time." - www.actualtests.com 158

Ac

tua

Which of the following are valid methods of providing a router with information concerning the location of the RP? (Choose all that apply.)

lTe

sts

Answer: E

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. Uses a rendezvous point. D. An optimal path is created between each source router and each last-hop router. E. Place (S,G) entry in each router's multicast routing table. F. Place (*,G) entry in a router's multicast routing to table. Answer: C,F

QUESTION NO: 171 Given the multicast IP address of 224.193.5.10, what would the corresponding multicast MAC address be? A. 00-00-0c-c0-05-0a B. 00-00-0c-cl-05-0a C. 01-00-5e-00-00-0c D. 01-00-5e-41-05-0a E. 00-00-0c-01-00-5e F. 01-00-5e-cl-05-0a Answer: D

QUESTION NO: 172

A. The configuration on the FTP server is copied to RAM. B. The command is not valid on a Cisco router. C. The configuration file in RAM is copied to an FTP server. D. The configuration file in NVRAM is copied to an FTP server. E. The configuration on the FTP server is copied to NVRAM. F. The configuration will be copied from NVRAM to an FTP server with a filename of Kevin. Answer: D

QUESTION NO: 173 Which of the following commands can be used to gather information about the AS-PATH of a BGP route? (Choose all that apply.) A. show ip bgp neighbors "Pass Any Exam. Any Time." - www.actualtests.com 159

Ac

tua

Which of the following is an accurate description of the command copy startup-config ftp://kevin:cisco@192.168.1.74?

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. debug ip bgp updates C. show ip route bgp D. show ip bgp E. show ip bgp summary F. sh ip bgp database Answer: B,D,E

QUESTION NO: 174 How long will a port remain in the listening state by default? A. Depends on the number of switches in the spanning tree domain B. 50 seconds C. 15 seconds D. Until the root directs it to start forwarding E. 20 seconds F. Depends on the pott speed

QUESTION NO: 175

A. The new router will become active immediately because it's the newest router introduced into the group. B. The new router can become active only when the existing active router and the existing standby router become unavailable. C. The new router has a lower priority value. D. The new router will never become active unless the existing active router becomes unavailable. E. The new router has preempt configured and a higher priority F. The new router has a higher priority value. Answer: E

QUESTION NO: 176 Which of the following is not a valid reason for a packet to be punted? "Pass Any Exam. Any Time." - www.actualtests.com 160

Ac

tua

A new router is added to an existing HSRP standby group. One of the existing routers is in an active state, the other is in a standby state. Under what circumstance will the new router become the active router?

lTe

sts

Answer: C

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. The TCAM has reached capacity B. An unknown destination MAC address C. A packet being discarded due to a security violation D. A Telnet packet from a session being initiated with the switch E. Routing protocols sending broadcast traffic F. A packet belonging to a GRE tunnel Answer: B,C

QUESTION NO: 177 Which of the following are not true OSPF LSA rules? A. OSPF LSA type 5 triggers an LSA type 7 at an ABR between an NSSA and the backbone area. B. OSPF LSA type 1 triggers an LSA type 3 at an ABR. C. OSPF LSA type 7 triggers an LSA type 5 at an ABR between an NSSA and the backbone area. D. OSPF LSA type 3 triggers an LSA type 4 at an ABR. E. OSPF LSA type 5 triggers an LSA type 7 at an A5BR but only in N5SAs. F. OSFP LSA type 2 triggers an LSA type 3 at an ABR. Answer: A,D,E

QUESTION NO: 178

A. Bottom up B. Component swapping C. Top down D. Shoot from the hip E. Divide and conquer F. Follow the traffic path Answer: E

QUESTION NO: 179 Which of the following are not BGRP data structures? (Choose all that apply.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Several troubleshooters are about to work on the same problem. Which of the following troubleshooting methods would be most appropriate to make the best use of the troubleshooters1 time?

lTe

sts

.co

161

www.CareerCert.info
Cisco 642-832: Practice Exam A. EIGRP database table B. EIGRP CEF table C. EIGRP neighbor table D. EIGRP adjacency table E. EIGRP interface table F. EIGRP topology table Answer: A,B,D

QUESTION NO: 180 Which of the following is a valid host IPv6 address? (Choose all that apply.) A. ff02:a:b:c::l/64 B. 2001:aaaa: 1234:456c: 1/64 C. 2001:000a:lb2c::/64 D. 2fff:f:f:f::f/64 E. ff02:33ab:l:32::2/128 F. 2001:bad:2345:a:b::cef/128 Answer: B,D,F

QUESTION NO: 181

A. Unknown destination MAC address B. Bad cabling C. MAC forwarding table is full D. Port configured for half duplex E. Port configured for full duplex F. Network congestion Answer: B,F

QUESTION NO: 182 Which of the following would be considered reasonable network maintenance tasks? (Choose all that apply.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

You examine the port statistics on a Cisco Catalyst switch and notice an excessive number of frames are being dropped. Which of the following are possible reasons for the drops?

lTe

sts

.co

162

www.CareerCert.info
Cisco 642-832: Practice Exam A. Ensuring compliance with legal regulations and corporate policies B. Troubleshooting problem reports C. Planning for network expansion D. Providing support to sales and marketing E. Giving presentations to management F. Monitoring and tuning network performance Answer: A,B,C,F

QUESTION NO: 183 Which of the following options represents the correct sequence of DHCP messages after a client initially boots? A. DHCPREQUEST, DHCPOFFER, DHCPDISCOVER, DHCPACK B. DHCPDISCOVER, DHCPOFER, DHCPREQUEST, DHCPACK C. DHCPOFFER, DHCPACK, DHCPREQUEST, DHCPDISCOVER D. DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, DHCPACK E. DHCPREQUE5T, DHCPDISCOVER, DHCPOFFER, DHCPACK F. DHCPDISCOVER, DHCPACK, DHCPREQUEST, DHCPOFFER Answer: B

QUESTION NO: 184

Which of the following statements regarding documentation would not be considered a helpful step in the troubleshooting process? A. Use the Cisco Auto Configuration tool. B. Use the Cisco Rollback feature. C. Automate documentation. D. Schedule documentation checks. E. Use the Cisco Configuration Archive tool. F. Require documentation prior to a ticket being closed out. Answer: A

QUESTION NO: 185 Which of the following statements are true concerning the command ip sla monitor responder type tcpconnect ipaddress 10.1.1.1 port 23? (Choose all that apply.) "Pass Any Exam. Any Time." - www.actualtests.com 163

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. The command will initiate a probe with a destination IP address of 10.1.1.1. B. The command is used on the IP SLA responder and the IP SLA source. C. The command will allow only source address 10.1.1.1 to source probes. D. The command will initiate a probe with a destination Telnet port. E. The command is used to make the router a responder. F. The command will initiate a probe with a source port of 23. Answer: A,D

QUESTION NO: 186 In what situation would the command ip helper-address be required? (Choose the best answer.) A. Only when there is a duplicate IP address caused by a combination of static and dynamic IP address allocations B. On each router that exists between the client and the server C. Only when a router separates the client from the server D. Only if the DHCP sever issues a DHCPNAK to the initial request E. Only when the client is on the same subnet as the server F. Only when the DHCP pool is out of IP addresses Answer: C

QUESTION NO: 187

Which of the following commands will restore a previously archived configuration by replacing the running configuration with the archived configuration? A. configure archive running-config B. configure replace C. copy archive running config D. copy startup-config running-config E. copy tftp running-config F. configure tftp running-config Answer: B

QUESTION NO: 188 Which of the following is not a characteristic of fast switching?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

164

www.CareerCert.info
Cisco 642-832: Practice Exam A. Fast switching reducesa routers CPU utilization, compared to process switching. B. All packets of a flow, except for the first packet, use the information in the fast cache. C. It can be enabled with the interface command ip route-cache. D. Fast switching uses a fast cache maintained in a router's control plane. E. The fast cache contains information about how traffic from different data flows should be forwarded. F. Even though the fast switching is enabled, the first packet of a flow is still process switched. Answer: D

QUESTION NO: 189 Which of the following commands will display a router's crypto map IPsec security association settings? A. show crypto map ipsec sa B. show crypto map C. show crypto engine connections active D. show ipsec crypto map E. show crypto map sa F. show ipsec crypto map sa Answer: A

QUESTION NO: 190

A. Layer 1 status B. Output queue drops C. Interface CPU utilization D. Cable type connected to interface E. Layer 2 status F. Input queue drops Answer: A,B,E,F

QUESTION NO: 191 Which of the following statements concerning IGMP are correct? (Choose all that apply.) "Pass Any Exam. Any Time." - www.actualtests.com 165

Ac

Which of the following pieces of information will the command show interface provide? (Choose all that apply.)

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. With IGMPvl, queries are sent to a specific group. B. Hosts issuing IGMPvl requests will be correctly interpreted by IGMPv2 hosts due to backward compatibility. C. An IGMPv2 router will ignore IGMPv2 leave messages when IGMFVl hosts are present. D. With IGMFV2, a leave message is supported. E. An IGMPv2 host will send an IGMFVl report on an IGMFVl router. F. An IGMPv2 router can only allow IGMPv2 hosts to execute a join request. Answer: C,D,E

QUESTION NO: 192 Which of the following are byproducts of a structured maintenance plan? (Choose all that apply.) A. Predictable security vulnerabilities B. Economies of scale C. Improved expenditure forecasts D. Increased downtime E. Predictable equipment obsolescence F. Consumption of fewer resources Answer: A,B,C,E,F

QUESTION NO: 193

Which of the following are correct statements? A. EIGRP advertises the best routes to its neighbor. B. EIGRP uses "cost" to determine best path. C. EIGRP allows unequal cost load balancing. D. OSPF requires neighbor adjacencies before updates are sent. E. EIGRP advertises all routes to its neighbor. F. OSPF allows unequal cost load balancing. Answer: A,C,D

QUESTION NO: 194 Which of the following commands will remove all dynamic entries for a router's NAT table? A. clear nat translations "Pass Any Exam. Any Time." - www.actualtests.com 166

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. clear ip nat translations* C. clear ip nat statistics D. clear ip nat transactions * E. clear ip nat translations F. clear ip nat translations all Answer: B

QUESTION NO: 195 Which of the following are TACACS+ characteristics? (Choose all that apply.) A. Cisco proprietary B. Standards-based protocol C. Provides separate services for authentication, authorization, and accounting D. Encrypts only the password E. Uses UDP for a transport layer F. Encrypts the entire packet

QUESTION NO: 196

A. User authentication B. Overlapping IP address space C. GRE or IPsec configuration D. MTU size E. VPN client software F. Authentication server configured ly Answer: B,C,D

QUESTION NO: 197 Which of the following would provide good baseline documentation to have on hand when analyzing potential problems? (Choose all that apply.) A. User authentication ID and password "Pass Any Exam. Any Time." - www.actualtests.com 167

Ac

tua

Which of the following are common issues that should be considered when establishing or troubleshooting site-to-site VPNs? (Choose all that apply.)

lTe

sts

Answer: A,C,F

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. User profile C. Output of debug D. Output of show interface E. Result of ping F. Output of show process cpu Answer: C,D,E,F

QUESTION NO: 198 Which of the following characteristics describe the Root Guard feature? (Choose all that apply.) A. The port must be put into forwarding state manually after root-inconsistent state has been corrected. B. A Root Guard port receiving superior BPDU goes into a root-inconsistent state. C. A Root Guard port receiving inferior BPDU goes into a root-inconsistent state. D. While the port is in a root-inconsistent state no user data is sent across that port. E. The port returns to a forwarding state if inferior BPDUs stop. F. It should be applied to all switch ports. Answer: B,D

QUESTION NO: 199

A. sh ip route B. sh ip cef <ip_address> C. sh adjacency <ip_address> D. sh ip route <ip_addres$> E. sh ip adjacency </p_address> F. sh ip cef <mac_addrQss> <ip_address> Answer: B

QUESTION NO: 200 Which of the following management types can be used to deploy appropriate quality-of-service solutions to make the most efficient use of bandwidth?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Which of the following commands provides data plane information required to forward a packet to a specific ip address?

lTe

sts

.co

168

www.CareerCert.info
Cisco 642-832: Practice Exam A. Fault management B. Accounting management C. Operations management D. Performance management E. Security management F. Configuration management Answer: D

QUESTION NO: 201 Whichof the following are valid modes of packet switching on most routers? (Choose all that apply.) A. Cisco Express Fonvarding B. FIB switching C. Cache switching D. Optimized switching E. Process switching F. Fast switching Answer: A,E,F

QUESTION NO: 202

Which of the following is an unlikely reason for the ARP process to fail? A. CEF switching is disabled on the switch B. The source device and destination device are in different VLANs C. The VLAN is excluded from the trunk D. The host is connected to the switch through an IP phone E. A faulty cable from host to switch or between switches F. The trunking encapsulation type is inconsistent on the two ends of the link Answer: A,D

QUESTION NO: 203 Which of the following is not a characteristic of Cisco Express Forwarding? A. The adjacency table is populated from a router's ARP cache. "Pass Any Exam. Any Time." - www.actualtests.com 169

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. CEF does not require the first packet of a data flow to be process switched. C. CEF maintains the Forward Information Base and the adjacency table. D. CEF can be enabled with the interface command ip cef. E. The FIB is populated from a router's IP routing table. F. On most router platforms CEF is enabled by default. Answer: D

QUESTION NO: 204 Which of the following are considered subcomponents of the problem diagnosis step of the troubleshooting flow? (Choose all that apply.) A. Eliminate potential causes B. Collect information C. Document causes D. Hypothesize underlying causes E. Verif/ hypothesis F. Examine collected information Answer: A,B,D,E,F

QUESTION NO: 205

A. 0000.0c70.ac22 B. 0000.0c07.22ac C. 0000.0c07.acl6 D. 0000.0c07.ac22 E. 0000.0c70.cala F. 0000.0d22.ac07 Answer: C

QUESTION NO: 206 Which of the following procedures are involved in the recommended three-step troubleshooting flow? (Choose the best three answers.) A. Problem report "Pass Any Exam. Any Time." - www.actualtests.com 170

Ac

tua

Which of the following virtual MAC addresses is correct for the HSRP group 22?

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. Problem collaboration C. Problem diagnosis D. Problem resolution E. Problem documentation F. Probiem authentication Answer: A,C,D

QUESTION NO: 207 Which of the following data structures exist on a router for the OSPF routing protocol? A. OSPF topology table B. OSPF interface table C. OSPF routing information base D. OSPF link-state database E. OSPF adjacency table F. OSPF neighbor table Answer: B,C,D,F

QUESTION NO: 208

A. RIP route 10.1.2.0/24 B. EIGRP route 10.1.2.0/24 C. RIP route 10.1.0.0/16 D. OSPF route 10.1.0.0/16 E. RIP route 10.0.0.0/16 F. OSPF route 10.1.2.0/24 Answer: B,D,E

QUESTION NO: 209 Which of the following commands would result in the following output: M.M.M A. Ping 10.1.1.1 Data Pattern M. B. Ping 10.1.1.1 timeout 0 "Pass Any Exam. Any Time." - www.actualtests.com 171

Ac

tua

A router simultaneously receives all the following routes in various routing updates. Which of the following routes would end up in the routing table? (Choose all that apply.)

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. Ping 10.1.1.1 size 1500 df-bit D. Ping 10.1.1.1 source loopback 0 E. Ping 10.1.1.1 size 1500 F. Ping 10.1.1.1 size 1500 Strict Answer: C

QUESTION NO: 210 Which of the following commands will cause RIPng to originate a default route advertisement while suppressing all other routes? A. Rl(config-if)#ipv6 default-information originate B. Rl(config-router)#ipv6 rip <process-name> default-information only C. Rl(config)#ipv6 route ::/0 null 0 D. Rl(config-if)#ipv6 rip <process-name> default-information only E. Rl(config-router)#ipv6 rip route ;:/0 originate F. Rl(config-router)#aggregate-address ::/0 summarize-routes

QUESTION NO: 211

The 0SPFv3 process will send hello packets to which of the follov/ing well-known addresses? A. 255.255.255.255 B. 224.0.0.6 C. FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFF:FFF D. FF02::10 E. 224.0.0.10 F. FF02::5 Answer: F

QUESTION NO: 212 Which of the following commands shows all routes learned via EIGRP? (Choose all that apply.) A. show ip eigrp topology B. show ip eigrp adjacency C. show ip eigrp routes "Pass Any Exam. Any Time." - www.actualtests.com 172

Ac

tua

lTe

sts

Answer: D

.co

www.CareerCert.info
Cisco 642-832: Practice Exam D. show ip eigrp database E. show ip route eigrp F. show ip eigrp forwarding Answer: A

QUESTION NO: 213 Which of the following three port types are valid Spanning Tree port types? (Choose the best three answers.) A. Designated port B. Nonswitch port C. Switch port D. Nonroot port E. Nondesignated port F. Root port Answer: A,E,F

QUESTION NO: 214

Which of the following is a valid method for defining a seed metric? (Choose all that apply.) A. The default-metric command configured under the appropriate interface B. The metric parameter in the network command of a routing process C. The metric parameter in the redistribute command D. The default-metric command E. A route-map containing a seed command F. A route map containing a metric command Answer: C,D,F

QUESTION NO: 215 Which of the following characteristics are common to both RIPv2 and RIPng? (Choose all that apply.) A. Link-local address used for next-hop addresses B. Interface can be added to RIP routing process in either interface configuration mode or in router configuration mode "Pass Any Exam. Any Time." - www.actualtests.com 173

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. Uses a multicast to send routing updates D. Use hop count as a metric E. Distance-vector routing protocol F. Maximum hop count is 15 with 16 being "unreachable" Answer: C,D,E,F

QUESTION NO: 216 Which of the following commands will enable you to see the contents of the IP routing table and send the output to a TFTP server at the same time? A. show ip route | to tftp://192.168.1.1/route.txt B. show ip route | tee tftp://192.168.1.1/route.txt C show ip route | include tftp://192.168.1.1/route.txt D. show ip route ft include tJtp://19Z168.1.1/route.txt E. show ip route | redirect tftp://192.168.1.1/route.txt Answer: B

QUESTION NO: 217

Which of the following solutions will encapsulate IPv6 packets with IPv4 headers? A. Create an IPv4 tunnel and assign the tunnel IPv6 addresses. B. Create IPv4 interfaces on both ends of the network, and use either static routes or a routing process to direct IPv6 packets through those interfaces. C. IPv6 packets cannot be encapsulated with IPv4 headers because the addresses are not compatible. D. Create IFV6 interfaces on both ends of the network, and use static routes to point the IPv4 address to those interfaces. E. Use an IPv6 routing protocol like OSPFv3 and assign IPv4 packets to that process. F. Create an IPv4 tunnel and use the tunnel mode ipv6ip command. Answer: F

QUESTION NO: 218 Which of the following is not a typical wireless troubleshooting target? A. Quality of Service "Pass Any Exam. Any Time." - www.actualtests.com 174

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. Trunk configuration C. Access lists D. Routing protocol configuration E. Power over Ethernet F. DHCP configuration Answer: D

QUESTION NO: 219 Which of the following is a valid representation of the following IPv6 address: 2001:0000:0000:0abc:0000:0000:000a:000b? Choose the answer with the least number of digits. A. 2001:0000:0:abc:0000:0000:a:b B. 2001::abc::a:b C. 2001::abc:0:0:000a:000b D. 2001::0abc:0000:0000:a:b E. 2001:0000:0000:abc::a:b F. 2001::abc:0:0:a:b Answer: F

QUESTION NO: 220

A. Routing loops B. Misconfiguration of VPN end points C. Overiapping IP address space D. DMVPN E. User profiles F. MTU Answer: A,B,F

QUESTION NO: 221 You are using NBAR to get a statistical baseline for the applications running on your network but discover that some applications are not being recognized. Which of the following are possible solutions? (Choose all that apply.) "Pass Any Exam. Any Time." - www.actualtests.com 175

Ac

tua

Which of the following are troubleshooting targets common to both site-to-site and remote-access VPNs? (Choose all that apply.)

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam A. Use the ip nbar pdlm command to allow NBAR to reference a new PDLM in flash memory. B. If NBAR doesn't recognize certain applications you must contact Cisco and ask them to email you a new PDLM for that application. C. Use the ip nbar port-map command to allow NBAR to recognize certain applications with anev/ port number. D. The applications not being recognized can be rerouted to an NBAR collector, which has a more complete list of applications. E. Use the copy nbar flash: command to download a new PDLM file to flash. F. Use the ip nbar pdlm command to download a new NBAR reference file from the Cisco website. Answer: A,C

QUESTION NO: 222 Which of the following statements are true for routers but not true for Layer 3 Ethernet switches? (Choose all that apply.) A. May have Ethernet as well as non-Ethernet interfaces B. Traditionally used as a standalone device for inter-VLAN communication C. Makes use of TCAMs D. Uses subinterfaces to define trunks E. Can use both Layer 2 and Layer 3 to make forwarding decisions F. Allows the definition of Switched Virtual Interfaces (SVI) Answer: A,B,D

QUESTION NO: 223

Which of the following events would not explain excessive CPU utilization? A. A large number of BGP sessions. B. A large BGP table. C. A router is configured with the following command: ip route 0.0.0.0 0.0.0.0 fa 0/1. D. All interface buffers are continually in use. E. A flapping interface. F. The router sends a large number of ARP requests. Answer: B

QUESTION NO: 224

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

176

www.CareerCert.info
Cisco 642-832: Practice Exam Which of the following correctly fills in the missing words of this sentence: An ARP request uses a address, whereas an ARP reply uses a address. A. broadcast, multicast B. unicast, broadcast C. broadcast, unicast D. multicast, unicast E. broadcast, broadcast F. unicast, multicast Answer: C

QUESTION NO: 225

Answer: A

QUESTION NO: 226

A. 2811 B. 2801 C. 2851 D. 2821 E. 1841 F. 3825 Answer: A,B,C,D,F

QUESTION NO: 227 A network administrator enters the command clear ip route * and as a result he sees the message, "Please update the network documentation to record why the ip routing table was cleared." Which "Pass Any Exam. Any Time." - www.actualtests.com 177

Ac

Which of the following router models will support 1000 tunnels?

tua

lTe

sts

A. Providing technical customer support B. Changing configurations C. Updating software D. Monitoring network performance E. Replacing hardware F. Scheduling backups

.co

Which of the following is not a typical maintenance task within a network maintenance model?

www.CareerCert.info
Cisco 642-832: Practice Exam router feature was used in this case? A. NetFlow B. SNMP C. Debug D. SysLog E. EEM F. CEF Answer: E

QUESTION NO: 228 Which of the following types of attacks does DHCP snooping prevent? (Choose all that apply.) A. Attacker sends multiple DHCP requests flooding DHCP server B. Attacker connects rogue server initiating DHCP requests C. Attacker connects rogue server replying to DHCP requests D. Attacker sends DHCP jam signal causing DHCP server to crash E. Attacker sends gratuitous ARP replies, thereby jamming the DHCP server F. Attacker sends unsolicited DHCP replies, thereby jamming the DHCP server

A. Filter unneeded BGP routes. B. Run BGP on a different platform that already has more memory. C. Upgrade the router memory. D. Increase the BGP update timer. E. Compress the BGP table. F. Use a default route instead of maintaining a full BGP table. Answer: A,C,F

QUESTION NO: 230

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

You issue the command show process memory | include BGP and notice that BGP is consuming a large percentage of the router's memory. Which of the following steps would result in lowering the amount of memory being consumed by BGP? (Choose all that apply.)

tua

QUESTION NO: 229

lTe

Answer: A,C

sts

.co

178

www.CareerCert.info
Cisco 642-832: Practice Exam Which of the following characteristics applies only to OSPFv3 and not to OSPFv2? A. Several processes can exist simultaneously B. Requires direct connectivity from the backbone area to all other areas C. Has the same packet types D. Can support multiple subnets on a single link E. Uses a hierarchical structure divided into areas F. Adjacencies formed with neighbors Answer: D

QUESTION NO: 231 A router has been configured with an EIGRP variance of 3. Which of the following statements is true? A. An error will result because a router cannot be configured with an EIGRP variance of 3 because the maximum variance number is 2. B. The successor route will end up in the routing table, and so will any route with a metric at most three times greater than the value of the successor's metric. C. EIGRP will only advertise routes that are within three hops of the current router. D. The successor route will end up in the routing table, and so will any route with a metric at least one third the value of the successor's metric. E. The best three routes with equal cost paths will end up in the routing table. F. The successor route will be any route with three times the value of the advertised distance. Answer: B

QUESTION NO: 232

Which of the following statements is correct? A. A route's feasible distance is the sum of the router's metric to reach the neighbor, plus the advertised distance. B. A route's feasible distance is calculated as the advertised distance plus the feasible successor's distance. C. A route's successor route is the feasible distance plus the advertised distance. D. A route's feasible distance is the sum of the advertised distance and the successor distance. E. A route's feasible successor is calculated as the successor plus the feasible distance. F. A route's feasible successor is the sum of the router's metric to reach the neighbor, plus the advertised distance.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

179

www.CareerCert.info
Cisco 642-832: Practice Exam Answer: A

QUESTION NO: 233 Which of the following are considered common elements found in a set of network documents? (Choose all that apply.) A. Building schematic B. IGP community elements C. Listing of interconnections D. Physical topology diagram E. Logical topology diagram F. Inventory of network equipment

QUESTION NO: 234

Answer: A,C,E

QUESTION NO: 235 You are using AutoQoS Enterprise and realize that the results are not what you expected. Which of the following are possible reasons for AutoQoS not functioning correctly? (Choose all that apply.) A. The interface you configured for AutoQoS is set to half-duplex. B. AutoQoS was configured on only one end of the link. C. The interface you configured for AutoQoS has no IP address. D. The interface's bandwidth is not correctly configured. E. CEF is not enabled on the interface. "Pass Any Exam. Any Time." - www.actualtests.com 180

Ac

tua

A. Spanning Tree Protocol B. Cabling C. Frame forwarding D. Packet forwarding E. EtherChannel F. Routing protocols

lTe

sts

Which of the following troubleshooting targets is considered to be a Layer 2 issue? (Choose all that apply.)

.co

Answer: C,D,E,F

www.CareerCert.info
Cisco 642-832: Practice Exam F. You enabled AutoQoS on the interface but forgot to enable globally first. Answer: B,C,D,E

QUESTION NO: 236 Which of the following statements are true regarding Layer 3 switches? (Choose all that apply.) A. A routed port does not run STP or DTP. B. A routed port is considered to be in a down state if it is not operational at both Layer 1 and Layer 2. C. An SVI is considered to be in a down state if it is not operational at both Layer 1 and Layer 2. D. An SVI is considered to be in a down state only when none of the ports in the corresponding VLAN are active. E. An SVI port does not run 5TP or DTP. F. To create a trunk, an SVI can be logically divided into subinterfaces. Answer: A,B,D

QUESTION NO: 237

Answer: B,C

QUESTION NO: 238 Which of the following types of NAT allows multiple private internal IP addresses to use a single public external IP address? A. NAT mapping B. NAT overloading C. NAT caching "Pass Any Exam. Any Time." - www.actualtests.com 181

Ac

A. The network is load balancing among different members of the VRRP group. B. The default hello timers are 1 second. C. The interface IP address is being used as the virtual IP address. D. There are several routers in the group simultaneously forwarding traffic for the group. E. It is a Cisco Proprietary protocol. F. The default hello timers are 3 seconds.

tua

lTe

Which of the following characteristics are true assuming you are troubleshooting a network currently enabled for VRRP? (Choose all that apply.)

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam D. Static NAT E. Dynamic NAT F. Overlapping NAT Answer: B

QUESTION NO: 239 Which of the following scenarios are likely reasons for an EtherChannel to fail? A. Mismatched EtherChannel protocol B. Mismatched EtherChannel port selection C. Mismatched EtherChannel distribution algorithm D. Mismatched trunk mode E. Mismatched native VLAN F. Mismatched link speed Answer: A,D,E,F

QUESTION NO: 240

Answer: F Explanation: Topi 4: More Questions (50 Questions)

QUESTION NO: 241

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. timezone EST -5 B. clock timezone GMT -5 C. dock GMT -5 D. clock EST-5 E. NTP timezone EST -5 F. dock timezone EST -5

tua

lTe

Which of the following NTP command specifies that a router is in the Eastern time zone, which is five hours behind GMT?

sts

.co

182

www.CareerCert.info
Cisco 642-832: Practice Exam

Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. What is preventing the 192.168.1.150 network from appearing in the HQ router's routing table? A. The default route is missing from the Branch4 router. B. The IP address on the E0/0 interface for the Branch4 router has the wrong IP mask. It should be 255.255.255.252. "Pass Any Exam. Any Time." - www.actualtests.com 183

Ac

tua

lTe

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. The network statement under router EIGRP on the Branch4 router is incorrect. It should be network 192.168.1.0 0.0.0.255. D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command. E. The IP address on the tunnel interface on P4S-Branch4 is incorrect. It should be 192.168.1.12 255.255.255.252. Answer: C Explanation: As you can guess, you will need to use the show running-config command on Branch4 router From the

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

184

www.CareerCert.info
Cisco 642-832: Practice Exam From the show running-config output of Branch4, we learn that the EIGRP network was wrongly configured on this router. By configuring "network 192.168.1.14 0.0.0.0" the Branch4 will only advertise host 192.168.1.14 to HQ so HQ router will not know about the existence of 192.168.1.150 network.

QUESTION NO: 242

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

185

www.CareerCert.info
Cisco 642-832: Practice Exam Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. What is the reason that tunnel 5 on the HQ router is down when its companion tunnel on the Branch5 router is up? A. The IP address on the tunnel interface on Branch5 is incorrect. It should be 192.168.1.16 255.255.255.252. B. The tunnel source for tunnel 5 is incorrect on the HQ router. It should be serial 2/0. C. The tunnel numbers for tunnel between the HQ router and the Branch5 router do not match. D. The tunnel destination address for tunnel 5 is incorrect on the HQ router. It should be 10.2.5.1 to match the interface address of the Branch5 router. E. The tunnel interface for tunnel 5 on the HQ router is in the administrative down state. Answer: B Explanation: Section: (none)

QUESTION NO: 243

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

Use the show running-config command on HQ router, we learn that the tunnel source configured on HQ is Serial1/0 but HQ router connects to the Internet via Serial2/0 interface -> the tunnel source configured on HQ router was incorrect.

.co

186

www.CareerCert.info
Cisco 642-832: Practice Exam

Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. What is preventing the HQ router and the Branch1 router from building up an EIGRP neighbor relationship? A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command. "Pass Any Exam. Any Time." - www.actualtests.com 187

Ac

tua

lTe

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. The tunnel destination address is incorrect on the HQ router. It should be 10.2.1.1 to match the interface address of the Branch1 router. C. The tunnel source is incorrect on the Branch1 router. It should be serial 2/0. D. The default route is missing from the Branch1 router. E. The tunnel interface numbers for the tunnel between the HQ router and Branch1 router do not match. Answer: B Explanation: Use the show running-config command on HQ and Branch1 routers and we will see the tunnel destination address was wrongly configured on HQ router.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

188

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 244

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

189

www.CareerCert.info
Cisco 642-832: Practice Exam

Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. For the following statements, what is preventing a successful ping between the HQ router and the 192.168.1.10 interface on the Branch3 router? A. The default route is missing from the Branch3 router. B. The tunnel interface numbers for the tunnel between the HQ router and the Branch3 router do not match "Pass Any Exam. Any Time." - www.actualtests.com 190

Ac

tua

lTe

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam C. The tunnel source is incorrect on the Branch3 router. It should be serial 2/0. D. The IP address on the tunnel interface for the Branch3 router has wrong IP mask. It should be 255.255.255.252 E. The network statement under router EIGRP on the Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255. Answer: A Explanation:

The Branch3 router is missing the default route to HQ router's interface (Serial2/0) so the ping command will not work.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

191

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 245

You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the "Pass Any Exam. Any Time." - www.actualtests.com 192

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam "tunnel destination" must be the IP address of the interface, not of the opposite tunnel.

Answer: E

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation: First we should check the configuration of both HQ and Branch 2 routers by using the show running-config command On HQ router:

tua

lTe

A. The default route is missing from the Branch2 router. B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ip address command. C. The tunnel numbers for the tunnel between the HQ router and the Branch2 router do not match. D. The tunnel source is incorrect on the Branch2 router. It should be serial 2/0. E. The AS number for the EIGRP process on Branch2 should be 1 and not 11.

sts

.co

Notice: The tunnel source on one router must be specified as the tunnel destination on the other router. Below are the questions of this lab-sim. What is the reason for the ping between the HQ router and the 192.168.1.193 interface on the Branch2 router failing?

193

www.CareerCert.info
Cisco 642-832: Practice Exam

On Branch2 router

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

194

www.CareerCert.info
Cisco 642-832: Practice Exam

From the outputs we learn that the AS numbers in two routers are not the same. They therefore do not become EIGRP neighbors and the ping between two routers should fail.

QUESTION NO: 246 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that "Pass Any Exam. Any Time." - www.actualtests.com 195

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

Answer: B,D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Digital Certificate B. Pre-Shared Key C. Transport Mode D. Tunnel Mode E. GRE/IPSEC Transport Mode F. GRE/IPSEC Tunnel Mode

sts

.co

Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)

196

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 247

Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

lTe

sts

.co

197

www.CareerCert.info
Cisco 642-832: Practice Exam A. ESP-3DES-SHA B. ESP-3DES-SHA1 C. ESP-3DES-SHA2 D. ESP-3DES E. ESP-SHA-HMAC Answer: D Explanation: In the site-to-site VPN branch we see something like this

so the answer should be ESP-3DES-SHA2 or ESP-3DES? To answer this question, we should review the concept: "Data confidentiality is the use of encryption to scramble data as it travels across an insecure media". Data confidentiality therefore means encryption. "The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual parameters". In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2: IPsec protocol: ESP IPsec encryption type: 3DES IPsec authentication: SHA2 The question wants to ask which algorithm is used for providing data confidentiality (encryption) , therefore the answer should be D - ESP-3DES.

QUESTION NO: 248 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking "Pass Any Exam. Any Time." - www.actualtests.com 198

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

Which defined peer IP address an local subnet belong to Crete? (Choose two) A. peer address 192.168.55.159 B. peer address 192.168.89.192 C. peer address 192.168.195.23 D. subnet 10.5.15.0/24 E. subnet 10.7.23.0/24 F. subnet 10.4.38.0/24 Answer: A,D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

199

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 249

Which IPSec rule is used for the Olympia branch and what does it define? (Choose two) A. 102 "Pass Any Exam. Any Time." - www.actualtests.com 200

Ac

tua

This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. 116 C. 127 D. IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN E. IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN. F. IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN. Answer: B,E Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

From the output above, we learn that the IPSec Rule is 116. Next click on "IPSec Rules" and select the Name/Number of 116 to view the rule applied to it. You will see a "permit" rule for traffic from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard which are inverse subnet masks)

sts

.co

201

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 250 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.

A. The packet has a source address of 172.16.29.12 B. The packet has a source address of 10.94.61.29 C. The session originated from a trusted interface D. The application is not specified within the inspection rule SDM_LOW E. The packet has a source address of 198.133.219.144 Answer: C,E Explanation: The "incoming TCP packet on an untrusted interface" refers to the traffic sent from the outside to the outer interface of the router.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions: Which two options would be correct for a permissible incoming TCP packet on an untrusted interface in this configuration? (Choose two)

lTe

sts

.co

202

www.CareerCert.info
Cisco 642-832: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.

tua

lTe

QUESTION NO: 251

sts

.co

(Notice: In the real exam, there may be more filter rules than the ones shown above) The access list denies traffic from 172.16.29.12/30 and 10.0.0.0/8 networks so A and B are not correct. D is obviously incorrect because the SDM_LOW did specify the filter rule. The access list 101 only filter packets from "returning traffic" and it does not proceed traffic originated from a trusted (inside) interface so C is correct. E is correct because the IP address of 198.133.219.144 is not in the "deny" lists so it satisfies the "permit any" line.

203

www.CareerCert.info
Cisco 642-832: Practice Exam Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions: Which two statements would specify a permissible incoming TCP packet on a trusted interface in this configuration? (Choose two) A. The packet has a source address of 10.79.233.107 B. The packet has a source address of 172.16.81.108 C. The packet has a source address of 198.133.219.40 D. The destination address is not specified within the inspection rule SDM_LOW. Answer: A,C Explanation: The "incoming TCP packet on a trusted packet" refers to the packet originates from the inside (trusted) interface.

QUESTION NO: 252 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

The configured access list denies packets in the 172.16.81.108/30 subnetwork so it will only drop packets that have a source address of 172.16.81.108 while allow other packets to go through (except 255.255.255.255 and 127.0.0.0/8)

tua

lTe

sts

.co

204

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: C Explanation:

The trusted interface is the inside interface and the untrusted interface is the outside interface. Moreover, from the above picture we see that the "Originating traffic" starts from FastEthernet0/0 to Serial0/0/0. So Fa0/0 is the inside interface and S0/0/0 is the outside interface.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface. B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces. C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.

sts

.co

Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions: Which statement is true?

205

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 253 Which three statements accurately describe IOS Firewall configurations? (Choose three) A. The IP inspection rule can be applied in the inbound direction on the secured interface. B. The IP inspection rule can be applied in the outbound direction on the unsecured interface. C. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL. D. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning traffic must be a standard ACL. Answer: A,B,C

QUESTION NO: 254

Study this exhibit carefully. What information can be derived from the SDM firewall configuration displayed?

A. Access-list 101 was configured for the trusted interface, and access-list 100 was configured for the untrusted interface "Pass Any Exam. Any Time." - www.actualtests.com 206

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam B. Access-list 100 was configured for the trusted interface, and access-list 101 was configured for the untrusted interface. C. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the outbound direction on the trusted interface. D. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the outbound direction on the untrusted interface. Answer: B Explanation: The last line of access-list 100 is used to "permit" all the traffic so it is the inside (trusted) interface. The last line of access-list 101 is used to "deny" all traffic so it is the outside (untrusted) interface.

QUESTION NO: 255 Which two statements are true about the Cisco Classic (CBAC) IOS Firewall set? (Choose two) A. It can be used to block bulk encryption attacks. B. It can be used to protect against denial of service attacks C. Traffic originating from the router is considered trusted, so it is not inspected. D. Based upon the custom firewall rules, an ACL entry is statically created and added to the existing ACL permanently. E. Temporary ACL entries that allow selected traffic to pass are created and persist for the duration of the communication session.

Which two encapsulation methods require that an 827 ADSL router be configured with a PPP username and CHAP password? (Choose two) A. PPPoE with the 827 configured as a bridge B. PPPoE with the 827 configured as the PPPoE client C. PPPoA D. RFC 1483 Bridged with the 827 configured as the PPPoE client E. RFC 1482 Bridged with the 827 configured as a bridge Answer: B,C Explanation: When configuring PPPoE (as the PPPoE client) and PPPoA, we need a username and password to match with those configured at the Internet Service Provider (ISP). "Pass Any Exam. Any Time." - www.actualtests.com 207

Ac

QUESTION NO: 256

tua

Answer: B,E

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 257 Router NetworkTut is configured as shown below:

Given the above configuration, which statement is true? A. This device is configured as a PPPoE client B. This device is configured as a PPPoA client C. This device is configured as RFC 1483/2684bridge D. This device is configured an an aggregation router Answer: B

Explanation: Notice that the command "encapsulation aaa15mux ppp dialer" is configured under interface ATM0/0. This configuration is used for PPPoA client.

QUESTION NO: 258 As a network engineer, study the exhibit carefully. Router Net is unable to establish an ADSL connection with its provider. Which action would correct this problem?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

208

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer: C

QUESTION NO: 259

Which statement about PPPoA configuration is correct? A. The dsl operating-mode auto command is required if the default mode has been changed. B. The ip mtu 1496 command must be applied on the dialer interface C. The encapsulation ppp command is required D. The ip mtu 1492 command must be applied on the dialer interface Answer: A

QUESTION NO: 260

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. On the Dialer0 interface, add the pppoe enable command B. On the Dialer0 Interface, add the ip mtu 1496 command C. On the ATM0/0 interface, add the dialer pool-member 1 command D. On the ATM0/0 interface, add the dialer pool-member 0 command.

sts

.co

209

www.CareerCert.info
Cisco 642-832: Practice Exam Network Topology Exhibit:

A. The first three statements of ACL 112 should have permitted the ICMP traffic and the last statement should deny the identified traffic. B. The last statement of ACL 112 should have been "access-list 112deny icmp any 10.2.1.0 0.0.0.255". C. The last statement of ACL 112 should have been "access-list 112permit icmp any 10.2.1.0 0.0.0.255". D. ACL 112 should have been applied to interface Fa0/0 in an inbound direction. E. The last statement of ACL 112 should have been "access-list 112deny icmp any 10.1.1.0 0.0.0.255". F. ACL 112 should have been applied to interface Fa0/1 in an outbound direction G. None of the above. Answer: C Explanation: The network 10.2.1.0 is the internal LAN network. If the last statement is "access-list 112 permit icmp any 10.1.1.0 0.0.0.255", it will allow ICMP traffic sent from the Internet to work and thus makes the router vulnerable to ICMP-based attacks

QUESTION NO: 261 "Pass Any Exam. Any Time." - www.actualtests.com 210

Ac

tua

lTe

sts

Configuration Exhibit: NET(config)# access-list 112 deny icmp any any echo log NET(config)# access-list 112 deny imp any any redirect log NET(config)# access-list 112 deny icmp any any mask-request log NET(config)# access-list 112 permit icmp any 10.1.1.0 0.0.0.255 NET(config)# interface Fa0/1 NET(config-if)# ip access-group 112 in You work as a network administrator at networkTut.com, study the exhibit carefully. The configuration has been applied to router NET to mitigate the threat of certain types of ICMPbased attacks while allowing some ICMP traffic to the corporate LAN to work. However, the configuration is incorrect. On the basis of the information in the exhibit, which configuration option would correctly configure router NET?

.co

www.CareerCert.info
Cisco 642-832: Practice Exam As a network technician, do you know what is a recommended practice for secure configuration management? A. Disable post scan B. Use SSH or SSL C. Enable trust levels D. Deny echo replies on all edge routers Answer: B

QUESTION NO: 262 As a network engineer, do you know for what purpose SDM uses Security Device Event Exchange (SDEE)? A. to provide a keepalive mechanism B. to pull event logs from the router C. to extract relevant SNMP information D. to perform application-level accounting Answer: B

QUESTION NO: 263

A. The LIST1 list will disable authentication on the console port.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Authentication is the process of determining if a user or identity is who they claim to be. Refer to the exhibit. Which statement about the authentication process is correct?

lTe

sts

.co

211

www.CareerCert.info
Cisco 642-832: Practice Exam B. All login requests will be authenticated using the group tacacs+ method C. The default login authentication will automatically be applied to all login connections D. Because no method list is specified, the LIST1 list will not authenticate anyone on the console port. Answer: A Explanation: The command " aaa authentication login LIST1 none" tells the router not to use any authentication method for the LIST1. The command "login authentication LIST1" under console mode applies the LIST1 for the logging using console port.

QUESTION NO: 264

Answer: A

QUESTION NO: 265

A. A good security practice is to havethe none parameter configured as the final method used to ensure that no other authentication method will be used. B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined. C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered. D. Theaaa new-model command forces the router to override every other authentication method previously configured for the router lines. E. To increase security, group radius should be used instead of group tacacs+. F. Two authentication options are prescribed by the displayedaaa authentication command Answer: D,F

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two)

tua

lTe

sts

A. If the radius server returns an error, the enable password will be used. B. If the radius server returns a 'failed' message, the enable password will be used. C. The command login authentication group will associate the AM authentication to a specified interface. D. If the group database is unavailable, the radius server will be used.

.co

In computer security, AAA stands for authentication, authorization and accounting. Which option about the AAA authentication enable default group radius enable command is correct?

212

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: The aaa new-model command will override previously configured authentication method -> D is correct. Two authentication options are prescribed by the above command. They are tacacs+ and none

QUESTION NO: 266 You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configure a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface information? (Select two) A. The crypto ACL number B. The IPSEC mode (tunnel or transport) C. The GRE tunnel interface IP address D. The GRE tunnel source interface or IP address, and tunnel destination IP address E. The MTU size of the GRE tunnel interface Answer: C,D

QUESTION NO: 267

Which statement correctly describes IPsec VPN backup technology? A. The cypto isakmp keepalive command is used to configure the Stateful Switchover (SSO) protocol. B. Reverse Route Injection (RRI) is configured on at the remote site to inject the central site networks C. Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MAC addresses and a virtual IP address. D. The cypto isakmp keepalive command is used to configure stateless failover Answer: D

QUESTION NO: 268 IPSec VPN is a widely-acknowledged solution for enterprise network. What are the four steps to setup an IPsec VPN? A. Step 1: Interesting traffic initiates the IPsec process. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers. "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

213

www.CareerCert.info
Cisco 642-832: Practice Exam B. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers. C. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers. D. Step 1: Interesting traffic initiates the IPsec process. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers. Answer: C

A. HSRP B. Dual Router Mode (DRM) IPsec C. IPsec Backup Peerings D. RRI Answer: A,D "Pass Any Exam. Any Time." - www.actualtests.com 214

Ac

tua

lTe

sts

Study the exhibit carefully. The Cisco IOS IPsec High Availability (IPsec HA) Enhancements feature provides an infrastructure for reliable and secure networks to provide transparent availability of the VPN gateways - that is, Cisco IOS Software-based routers. What are the two options that are used to provide High Availability IPsec? (Choose two)

.co

QUESTION NO: 269

www.CareerCert.info
Cisco 642-832: Practice Exam Explanation: The "standby ip" command specifies HSRP is being used (and it establishes 192.168.0.3 as the IP of the virtual router). The "crypto map" and "reverse-route" lines specify Reverse Route Injection (RRI) is being used. Reverse Route Injection (RRI) is the process of injecting a static route into the Interior Gateway Protocol (IGP) routing table. To configure RRI under a static crypto map, we perform the following steps: 1. configure terminal 2. crypto map {map-name} {seq-name} ipsec-isakmp (creates or modifies a crypto map entry and enters crypto map configuration mode) 3. reverse-route [static | tag tag-id [static] | remote-peer [static] | remote-peer ip-address [static]] (creates source proxy information for a crypto map entry)

Answer: A,C,D

QUESTION NO: 271

A new router was configured with the following commands:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. IKE keepalives are unidirectional and sent every ten seconds B. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys. C. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets. D. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers.

sts

.co

IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPN statements are true? (Choose three)

QUESTION NO: 270

215

www.CareerCert.info
Cisco 642-832: Practice Exam The configuration above was found on an Internet Service Provider's (ISP) Multiprotocol Label Switching (MPLS) network. What is its purpose? A. To prevent customers from running TDP with the ISP routers B. To prevent customers from running LDP with the ISP routers C. To prevent other ISPs from running LDP with the ISP routers D. To prevent man-in-the-middle attacks E. To use CBAC to shut down Distributed Denial of Service attacks F. To use IPS to protect against session-replay attacks G. None of the above Answer: A Explanation: The 711 port is used for Tag Distribution Protocol (TDP) and the administrator usually wants to block this type of traffic between the ISP and customer routers due to security reason. By doing this, the TDP neighbor session between the customer and ISP routers will not be formed.

QUESTION NO: 272 Study the exhibit carefully.

Routers A and B are customer routers. Routers 1, 2, 3 and 4 are provider routers. The routers are operating with various IOS versions. Which frame mode MPLS configuration statement is true? A. Before MPLS is enabled, the ip cef command is only requited on routers 1 and 4. B. After MPLS is enabled, the ip cef command is only required on routers 1 and 4. C. Before MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4. D. After MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4. E. Before MPLS is enabled, the ip cef command must be applied to all provider routers. Answer: E Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

216

www.CareerCert.info
Cisco 642-832: Practice Exam CEF is the fundamental requirement of the MPLS architecture and must be enabled globally on all routers that want to use MPLS.

QUESTION NO: 273 DRAG DROP Drag each type of attack on the left to the description on the left.

Answer:

Explanation:

1) Trojan horse: Programs that appear desirable but actually contain something harmful. 2) Virus: Malicious software attached to other programs and which execute a particular unwanted function on a user workstation. 3) Port redirection: Compromised system that is used as a jump-off point for attacks against other targets. 4) Worm: Executes arbitrary code and installs copies of itself in the memory of the Infected computer

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

217

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 274 DRAG DROP Drag and drop question. The upper gives the MPLS functions, the bottom describes the planes. Drag the above items to the proper location at the below

Answer:

Control Plane: Exchange routing updates between neighboring devices Exchanges labels between peer devices Compiles a list of all labels advertised and received Data Plane: Performs label swapping "Pass Any Exam. Any Time." - www.actualtests.com 218

Ac

tua

lTe

Explanation:

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Performs packet forwarding Builds a mapping of destination networks to active labels

QUESTION NO: 275 DRAG DROP Drag the protocols that are used to distribute MPLS labels from the above to the target area on the below.(Not all options will be used)

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

219

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Drag each element of the Cisco IOS Firewall Feature Set from the above and drop onto its description on the below.

sts

QUESTION NO: 276 DRAG DROP

.co

1) LDP 2) RSVP 3) BGPv4

220

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

QUESTION NO: 277 DRAG DROP Match the xDSL type on the above to the most appropriate implementation on the below.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

221

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Explanation:

tua

lTe

sts

.co

222

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 278 DRAG DROP

Drag and drop the xDSL type on the above to the appropriate xDSL description on the below.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

223

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

QUESTION NO: 279 DRAG DROP Identify the recommended steps for worm attack mitigation by dragging and dropping them into the target area in the correct order.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

224

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

225

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

226

www.CareerCert.info
Cisco 642-832: Practice Exam

1) Containment - stop the spread of the worm inside your network and within your network 2) Inoculation - upgrade all systems to the lastest operating system code version 3) Quarantine - track down each infected machine inside your network 4) Treatment - clean and patch each infected system

QUESTION NO: 280 DRAG DROP Drag the IOS commands from the left that would be used to implement a GRE tunnel using the 10.1.1.0.30 network on interface serial 0/0 to the correct target area on the right.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

227

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

Answer:

.co

228

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 281 DRAG DROP

Drag the DSL local loop topic on the left to the correct descriptions on the right.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

Global-level commands: 1) interface tunnel 0 Interface-level commands: 1) ip address 10.1.1.1 255.255.255.252 2) tunnel source serial 0/0 3) tunnel destination 10.1.1.2 4) tunnel mode gre ip

lTe

sts

.co

229

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer:

QUESTION NO: 282 DRAG DROP Drag the DSL technologies on the left to their maximum(down/up) data rate values on the below.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

230

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

231

www.CareerCert.info
Cisco 642-832: Practice Exam

Drag and drop each function on the above to the hybrid fiber-coaxial architecture component that it describes on the below.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

QUESTION NO: 283 DRAG DROP

sts

.co

232

www.CareerCert.info
Cisco 642-832: Practice Exam Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

Explanation:

.co

233

www.CareerCert.info
Cisco 642-832: Practice Exam QUESTION NO: 284 DRAG DROP Drag and drop each management protocol on the above to the correct category on the below.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

234

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

235

www.CareerCert.info
Cisco 642-832: Practice Exam

Secure: 1) SSH 2) SSL 3) IPSec 4) SNMPv3 Unsecure: 1) NTP 2) Telnet 3) Syslog 4) SNMPv2

QUESTION NO: 285 DRAG DROP Drag the IPsec protocol description from the above to the correct protocol type on the below.(Not all descriptions will be used) "Pass Any Exam. Any Time." - www.actualtests.com 236

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam Drag and Drop question, drag each item to its proper location.

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

237

www.CareerCert.info
Cisco 642-832: Practice Exam 1) AH: Provides a framework for authenticating and securing data. 2) ESP: Provides a framework for encrypting, authenticating and securing data. 3) IKE: Provides a framework for the negotiation on security parameters and establishes authenticated keys.

QUESTION NO: 286 DRAG DROP Drag and drop the steps in the process for provisioning a cable modem to connect to a headend on the above to the below in the order defined by the DOCSIS standard.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

238

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

239

www.CareerCert.info
Cisco 642-832: Practice Exam

1) Scan and lock the downstream frequency: At power-on, the cable modem scans and locks the downstream path for the allocated RF data channel in order for physical and data link layers to be established. 2) Obtain upstream parameters: The cable modem listens to the management messages arriving via the downstream path. These include information regarding how and when to communicate in the upstream path. These are used to establish the upstream physical and data link layers. 3) Establish Layer 1 and 2 communications: Connection established from Cable modem (CM) to Cable modem termination system (CMTS) to build physical and data link layers. 4) Acquire IP configuration parameters via DHCP: After Layer 1 and 2 are established, Layer 3 can be allocated as well. This is done by the DHCP server. 5) Register and ensure QoS settings with the CMTS: The CM negotiates traffic types and QoS settings with the CMTS. 6) IP network initialization: Once Layers 1, 2, and 3 are established and the configuration file is pulled from the TFTP server, the CM provides routing services for hosts on the subscriber side of "Pass Any Exam. Any Time." - www.actualtests.com 240

Ac

tua

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam the CM. It also performs some Network Address Translation (NAT) functions so that multiple hosts might be represented by a single public IP address.

QUESTION NO: 287 DRAG DROP Drag the correct statements about MPLS-based VPN on the left to the boxes on the right .(Not all statements will be used)

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

241

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

242

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 288 DRAG DROP cisco ios command to interface dialer 0

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

1) The VPN routers are contained in the IPv4 routing tables of the PE routers 2) RT are attributes attached to VPNv4 BGP routes to indicate their VPN memberships 3) RD are attributes attached to VPNv4 BGP routes to allow overlapping VPN address spaces

tua

lTe

sts

.co

243

www.CareerCert.info
Cisco 642-832: Practice Exam

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

244

www.CareerCert.info
Cisco 642-832: Practice Exam

QUESTION NO: 289

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

The dialer interface indicates how to handle traffic from the clients. For example, default routing information, the encapsulation protocol, the dialer pool to use. Notice that we have to use the "ip nat outside", not "ip nat inside" because the dialer 0 interface is the logical interface connecting to the Internet.

sts

.co

245

www.CareerCert.info
Cisco 642-832: Practice Exam NetworkTut is a small export company .This firm has an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP. Its network is up and operating normally. As part of its network expansion, NetworkTut has decided to connect to the internet by a broadband cable ISP. Your task is to enable this connection by use of the information below.

Explanation: Enter the outbound e0/0 interface to enable PPPoE and bind the dialer profile 1 to this interface: R3( config)#interface e0/0 R3( config-if)#pppoe enable R3( config-if)#pppoe-client dial-pool-number 1 (interface E0/0 is bound to the logical dialer 1 interface) R3( config-if)#no shutdown R3( config-if)#exit Create and configure the dialer interface of the router R3 for PPPoE with a maximum transmission unit (MTU) size of 1492 bytes and a negotiated IP address (dynamically assigned) R3( config)#interface dialer 1 (define a dialer rotary group and enters interface configuration mode) R3( config-if)#ip address negotiated R3( config-if)#ip mtu 1492 "Pass Any Exam. Any Time." - www.actualtests.com 246

Ac

tua

Connection Encapsulation: PPP Connection Type: PPPoE client Connection Authentication: None Connection MTU: 1492 bytes Address: Dynamically assigned by the ISP Outbound Interface: E0/0 You will know that the connection has been successfully enabled when you can ping the simulated Internet address of 172.16.1.1 Note: Routing to the ISP: Manually configured default route

lTe

sts

.co

www.CareerCert.info
Cisco 642-832: Practice Exam R3( config-if)#encapsulation ppp R3( config-if)#dialer pool 1 R3( config-if)#exit The "ip address negotiated" command instructs the client to use an IP address provided by the PPPoE server (using DHCP). The "dialer pool 1" command associates the dialer back to the "pppoe-client dialpool-number 1" on the Ethernet interface. Notice that the pool numbers must match on the Ethernet interface and the dialer interface for the configuration to operate. Manually configured a default route on router R3 R3( config)#ip route 0.0.0.0 0.0.0.0 dialer 1 R3( config)#exit Try pinging the simulated Internet address R3#ping 172.16.1.1 The ping should work well and you will receive replies from the simulated Internet address. Save the configuration R3#copy running-config startup-config

QUESTION NO: 290

You are a network support specialist for NetworkTut, an IT training firm. They have just installed a new router (R1) into their network. The router was successfully installed and is passing traffic. However, your manager is concerned about security and has tasked you with implementing access security for the new router R1. The portion of NetworkTut's security policy related to router access states: # The default user access authentication scheme requires that the user be authenticated using the router's local database. # User console access should be authenticated using the default authentication scheme. # User aux port access should be authenticated using the default authentication scheme. # User vty access should be protected via a password that is validated using only the corporate Tacacs server. For this router installation: # The corporate Tacacs server has an IP address of 10.6.6.254 and uses a shared key of Training. # The enable password for R1 is New1 You have successfully completed your task when you have verified that you can login into: # R1's console using the local user's ID of Net1 with a password of Sel # R2's console using the username of Net2 with a password of Loc and establish a SSH session from R2 to R1 using the test Tacacs user's ID of cisco with a password ofcisco123

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

247

www.CareerCert.info
Cisco 642-832: Practice Exam

Explanation: R1>enable password : New1 R1#configure terminal R1( config)#aaa new-model (enable the AAA security services) R1( config)#tacacs-server host 10.6.6.254 key Training (notice that the key is case sensitive) The default user access authentication scheme requires that the user be authenticated using the router's local database R1( config)#aaa authentication login default local (verify login authentication using the local user database. The "aaa authentication login" specifies the authentication will take place at login. Because we used the list "default", login authentication is automatically applied for all login connections, such as tty , vty, console and aux). Define the MY_VTY_LIST (or another name) group to use the corporate Tacacs server for the authentication R1( config)#aaa authentication login MY_VTY_LIST group tacacs+ Configure user console access using the default authentication scheme R1( config)#line console 0 R1( config-line)#login authentication default R1( config-line)#exit Configure user aux port access using the default authentication scheme R1( config)#line aux 0 R1( config-line)#login authentication default R1( config-line)#exit Configure vty access using TACACS server by applying MY_VTY_LIST to the vty lines "Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

248

www.CareerCert.info
Cisco 642-832: Practice Exam R1( config)#line vty 0 15 R1( config-line)#login authentication MY_VTY_LIST R1( config-line)#end R1#copy running-config startup-config Logout R1 to test the console password of R1 R1#exit Press RETURN to get started. (Press Enter here) Username: Net1 Password: Sel R1> (Now you see you are in User Mode, that means you configured the console password correctly! If you wish to continue entering privileged EXEC mode again, use the password New1). Login to R1 using SSH from R2 R2>enable username : Net2 password : Loc R2# ssh 10.2.1.1 (10.2.1.1 is the IP address of R1 shown in the picture) You will be asked for the user ID( cisco) and password (cisco123).

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

249

Potrebbero piacerti anche