Final Exam - Accessing the WAN
Take Assessment - EWAN Final Exam - CCNA Exploration: Accessing the
WAN (Version 4.0)
1 Which three guidelines would help contribute to creating a strong
password policy? (Choose three.)
Once a good password is created, do not change it.
***Deliberately misspell words when creating passwords.
***Create passwords that are at least 8 characters in length.
***Use combinations of upper case, lower case, and special characters.
Write passwords in locations that can be easily retrieved to avoid being
locked out.
Use long words found in the dictionary to make passwords that are easy to
remember.
2 Refer to the exhibit. Based on the output as shown, which two
statements correctly define how the router will treat Telnet traffic that
comes into interface FastEthernet 0/1? (Choose two).
Telnet to 172.16.10.0/24 is denied.
***Telnet to 172.16.20.0/24 is denied.
Telnet to 172.16.0.0/24 is permitted.
***Telnet to 172.16.10.0/24 is permitted.
Telnet to 172.16.20.0/24 is permitted.
3 A technician has been asked to run the Cisco SDM one-step lockdown on
a customer router. What will be the result of this process?
Traffic is only accepted from and forwarded to SDM-trusted Cisco routers.
Security testing is performed and the results are saved as a text file stored
in NVRAM.
All traffic that enters the router is quarantined and checked for viruses
before being forwarded.
***The router is tested for any potential security problems and all
recommended security-related configuration changes will be automatically
applied.
4 What are two main components of data confidentiality? (Choose two.)
checksum
digital certificates
***encapsulation
***encryption
hashing
5 Refer to the exhibit. A network administrator is tasked with completing
the Frame Relay topology that interconnects two remote sites. How should
the point-to-point subinterfaces be configured on HQ to complete the
topology?
frame-relay interface-dlci 103 on Serial 0/0/0.1
frame-relay interface-dlci 203 on Serial 0/0/0.2
***frame-relay interface-dlci 301 on Serial 0/0/0.1
frame-relay interface-dlci 302 on Serial 0/0/0.2 ***Each network protocol has a corresponding NCP.

frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1 NCP establishes the initial link between PPP devices.
frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2
NCP tests the link to ensure that the link quality is sufficient.
frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1
frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2

6 An administrator is configuring a dual stack router with IPv6 and IPv4 9 Refer to the exhibit. This serial interface is not functioning correctly.
using RIPng. The administrator receives an error message when trying to Based on the output shown, what is the most likely cause?
enter the IPv4 routes into RIPng. What is the cause of the problem?
improper LMI type
When IPv4 and IPv6 are configured on the same interface, all IPv4
addresses are over-written in favor of the newer technology. interface reset

Incorrect IPv4 addresses are entered on the router interfaces. ***PPP negotiation failure

RIPng is incompatible with dual-stack technology. unplugged cable

***IPv4 is incompatible with RIPng.

7 Refer to the exhibit. All devices are configured as shown in the exhibit. 10 What is the result when the command permit tcp 10.25.132.0 0.0.0.255
PC1 is unable to ping the default gateway. What is the cause of the any eq smtp is added to a named access control list and applied on the
problem? inbound interface of a router?

The default gateway is in the wrong subnet. TCP traffic with a destination to the 10.25.132.0/24 is permitted.

STP has blocked the port that PC1 is connected to. Only Telnet traffic is permitted to the 10.24.132.0/24 network

***Port Fa0/2 on S2 is assigned to the wrong VLAN. Ttraffic from 10.25.132.0/24 is permitted to anywhere on using any port.

S2 has the wrong IP address assigned to the VLAN30 interface. ***Traffic using port 25 from the 10.25.132.0/24 is permitted to all
destinations.

8 Which statement is true about NCP?

11 Refer to the exhibit. From the output of the show interfaces and ping
Link termination is the responsibility of NCP. commands, at which layer of the OSI model is a fault indicated?
 command?
application
All services will be disabled.
transport
***The default configuration will be restored on reboot.
***network
Automatic configuration from the network will be prevented.
data link
Services that are configured on the router will not be allowed to originate
physical traffic.

12 Which Layer 2 access method separates traffic into time slots and is 15 Which statement accurately describes a role that is played in
specified by DOCSIS for use with cable high speed Internet service? establishing a WAN connection?

***TDMA ISDN and ATM are circuit-switched technologies that are used to establish
on demand a path through the service provider network.
FDMA
***Data link layer protocols like PPP and HDLC define how data is
CDMA encapsulated for transmission across a WAN link.

S-CDMA A packet-switching network establishes a dedicated circuit between nodes

for the duration of the communication session.

13 Which additional functionality is available on an interface when the Frame Relay switches are normally considered to be customer premises
encapsulation is changed from HDLC to PPP? equipment (CPE) and are maintained by local administrators.

flow control
16 The Cisco IOS on a particular Cisco router has been corrupted. When
error control the router boots into the ROMMON mode, what is one resource that the
network technician needs to use in order to restore the Cisco IOS?
***authentication
an authenticated username
synchronous communication
a TFTP server

14 During the initial configuration of a router, the administrator enters the a serial connection to the Internet
command no service config. How will the router behave as a a result of this
the secret password of the router
***access to a backup IOS software image that is stored in DRAM on the
router
17 Refer to the exhibit. What happens if the network administrator issues
the commands shown when an ACL called Managers already exists on the
router?
The commands overwrite the existing Managers ACL.
***The commands are added at the end of the existing Managers ACL.
The network administrator receives an error stating that the ACL already
exists.
The commands will create a duplicate Managers ACL containing only the
new commands being entered.
18 What can a network administrator do to recover from a lost router
password?
use the copy tftp: flash: command
boot the router to bootROM mode and enter the b command to load the
IOS manually
telnet from another router and issue the show running-config command to
view the password
***boot the router to ROM monitor mode and configure the router to
ignore the startup configuration when it initializes
19 Which statement is true of DSL?
It is typically deployed in a mesh topology.
The network is shared using a logical bus topology.
***Bandwidth is dependent on the number of concurrent users.
Transfer rates are dependent on the length of the local loop.
20 Refer to the exhibit. EIGRP has been configured as a routing protocol on
the network. Users on the 192.168.1.0/24 network should have full access
to the web server that is connected to 192.168.3.0/24 but should not be
allowed to telnet to router R3. Verifying the configuration, the network
administrator realizes that users on network 192.168.1.0/24 can
successfully telnet to the router. What should be done to remedy the
problem?
***The ACL 101 statements 10 and 20 should be reversed.
The ACL 101 should be applied on R3 VTY lines 0 4 in the inbound
direction.
The ACL 101 should be applied on R3 VTY lines 0 4 in the outbound
direction.
The ACL 101 should be applied on R3 Serial0/0/1 interface in the outbound
direction.
The ACL 101 statement 10 should be changed to: permit ip 192.168.1.0
0.0.0.255 any
21 What will be the result of the enable secret command when added at
the global configuration mode on the router?
***It will use MD5 encryption to protect the privileged EXEC level access.
It will use type 7 encryption and will encrypt only the privileged EXEC level
passwords.
It will use type 7 encryption to prevent all passwords that are displayed on
the screen from being readable.
It will use MD5 encryption to protect the passwords that are only used in
the PAP and CHAP authentication process.
22 Refer to the exhibit. EIGRP has been configured as a routing protocol on
the network. Users on the 192.168.1.0/24 network should be able to
establish a TFTP connection to the file server on the 192.168.3.0/24
network for file backup. The users complain that they do not have the
required access. What is the possible cause of the problem?
TFTP uses UDP as a transport protocol. UDP is not allowed by the ACL 120.
TFTP uses SMTP as a transport protocol. SMTP is blocked by statement 10
in the ACL 120.
TFTP uses TCP as a transport protocol. TCP is blocked by statement 20 in
the ACL 120.
***TFTP uses ICMP as a transport protocol. ICMP is blocked by statement
30 in the ACL 120.
23 Which two protocols in combination should be used to establish a link
with secure authentication between a Cisco and a non-Cisco router?
(Choose two.)
HDLC
***PPP
***SLIP
PAP
CHAP
24 Which statement is true about wildcard masks?
***A wildcard mask must be created by inverting the subnet mask.
A wildcard mask performs the same function as a subnet mask.
A wildcard mask of 0.0.0.0 means the address should match exactly.
A wildcard mask uses a "1" to identify IP address bits that must be
checked.
25 Refer to the exhibit. Partial results of the show ip access-list and show ip
interface Fa0/1 commands for router R3 are shown. There are no other
ACLs in effect. Host A is unable to telnet to host B. Which two actions will
correct the problem but still restrict other traffic between the two
networks? (Choose two.)
Apply the ACL in the inbound direction on Fa0/0 interface.
***Apply the ACL in the outbound direction on Fa0/0 interface.
Change the protocol in the access list entries to UDP.
***Reverse the order of the TCP protocol statements in the ACL.
Modify the second entry in the list to permit tcp host 192.168.10.10 any eq
telnet .
26 Refer to the exhibit. Which statement correctly describes how Router1
processes an FTP request packet that enters interface S0/0/0, and is
destined for an FTP server at IP address 172.16.1.5?

The router matches the incoming packet to the statement that is created
by access-list 201 permit ip any any command and allows the packet into Refer to the exhibit. Router1 is not able to communicate with its peer that
the router. is connected to this interface. Based on the output as shown, what is the
most likely cause?
The router reaches the end of ACL 101 without matching a condition and
drops the packet because there is no statement that was created by interface reset
access-list 101 permit ip any any command.
***unplugged cable
***The router matches the incoming packet to the statement that was
created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 improper LMI type
command, ignores the remaining statements in ACL 101, and allows the
packet into the router. PPP negotiation failure

The router matches the incoming packet to the statement that was
created by the access-list 201 deny icmp 172.16.1.0 0.0.0.255 any
command, continues comparing the packet to the remaining statements in 29
ACL 201 to ensure that no subsequent statements allow FTP, and then the
router drops the packet.

Refer to the exhibit. A network administrator is creating a prototype to

verify the new WAN design. However, the communication between the
27 two routers cannot be established. Based on the output of the commands,
Which characteristic of VPN technology prevents the contents of data what can be done to solve the problem?
communications from being read by unauthorized parties?
Replace the serial cable .
QoS
Replace the WIC on RA.
latency
***Configure RA with a clock rate command.
reliability
Issue a no shutdown interface command on RB.
***confidentiality

30
28 What function does LCP perform in the establishment of a PPP session?
***LCP brings the network layer protocols up and down.
It carries packets from several network layer protocols.
It encapsulates and negotiates options for IP and IPX.
It negotiates and sets up control options on the WAN data link.
31
An administrator issues the command confreg 0x2142 at the rommon 1>
prompt. What is the effect when this router is rebooted?
Contents in RAM will be erased.
***Contents in RAM will be ignored.
Contents in NVRAM will be erased.
Contents in NVRAM will be ignored.
32
Refer to the exhibit. A network administrator is trying to configure a router
to use SDM. After this configuration shown in the exhibit is applied, the
SDM interface of the router is still not accessible. What is the cause of the
problem?
***The username and password are not configured correctly.
The authentication method is not configured correctly.
The HTTP timeout policy is not configured correctly.
The vtys are not configured correctly.
33
An administrator learns of an e-mail that has been received by a number of
users in the company. This e-mail appears to come from the office of the
administrator. The e-mail asks the users to confirm their account and
password information. Which type of security threat does this e-mail
represent?
cracking
***phishing
phreaking
spamming
 51

34 125

Refer to the exhibit. The corporate network that is shown has been 36
assigned network 172.16.128.0/19 for use at branch office LANs. VLSM is
not being used. Which subnet mask will allow the most efficient utilization
of IP addresses?
Refer to the exhibit. Which data transmission technology is being
***/21 represented?

/22 ***TDM

/23 PPP

/24 HDLC

/25 SLIP

/26

37

35

Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP

address from the DHCP server. The output of the debug ip dhcp server
Refer to the exhibit. How many addresses could be assigned to clients by command shows "DHCPD: there is no address pool for 192.168.3.17".
DHCP_Router? What is the problem?

3 The address 192.168.3.17 address is already in use by Fa0/0.

***17 ***The pool of addresses for the 192Network pool is configured

incorrectly.
19
The ip helper-address command should be used on the Fa0/0 interface.
The 192.168.3.17 address has not been excluded from the 192Network
pool.
38
What major benefit does Cisco HDLC provide that ISO standard HDLC
lacks?
flow control
error control
***multiprotocol support
cyclic redundancy checks
39
A network administrator has moved the company intranet web server
from a switch port to a dedicated router interface. How can the
administrator determine how this change has affected performance and
availability on the company intranet?
***conduct a performance test and compare with the baseline that was
established previously.
Determine performance on the intranet by monitoring load times of
company web pages from remote sites.
Interview departmental administrative assistants and determine if they
think load time for web pages has improved.
Compare the hit counts on the company web server for the current week
to the values that were recorded in previous weeks.
40
At what physical location does the responsibilty for a WAN connection
change from the user to the service provider?
demilitarized zone (DMZ)
***demarcation point
local loop
cloud
41
What functionality do access control lists provide when implementing
dynamic NAT on a Cisco router?
which addresses are allowed to be accessed from the inside network
which addresses are allowed out of the router
which addresses are assigned to a NAT pool
***which addresses are to be translated
42
A network administrator is tasked with maintaining two remote locations
in the same city. Both locations use the same service provider and have the
same service plan for DSL service. When comparing download rates, it is
noticed that the location on the East side of town has a faster download
rate than the location on the West side of town. How can this be
explained?
 been notified to work on their respective issues. Which statement applies
The West side has a high volume of POTS traffic. to this situation?

The West side of town is downloading larger packets.
***The service provider is closer to the location on the East side.
More clients share a connection to the DSLAM on the West side.
Only results from the software package should be tested as the network is
designed to accommodate the proposed software platform.
Scheduling will be easy if the network and software teams work
independently.

***It will be difficult to isolate the problem if two teams are implementing
changes independently.
43
Results from changes will be easier to reconcile and document if each
team works in isolation.

Refer to the exhibit. Branch A has a non-Cisco router that is using IETF
encapsulation and Branch B has a Cisco router. After the commands that
are shown are entered, R1 and R2 fail to establish the PVC. The R2 LMI is 45
Cisco, and the R1 LMI is ANSI. The LMI is successfully established at both
locations. Why is the PVC failing?

The PVC to R1 must be point-to-point. Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24
inside network. Host A has sent a packet to the web server. What is the
LMI types must match on each end of a PVC. destination IP address of the return packet from the web server?

The frame relay PVCs cannot be established between Cisco and non-Cisco 10.1.1.2:1234
routers.
172.30.20.1:1234
***The IETF parameter is missing from the frame-relay map ip 10.10.10.1
201 command. ***172.30.20.1:3333

192.168.1.2:80

44
A recently patched application server is experiencing response time
problems. The network on which the application server is located has been
experiencing occasional outages that the network team believes may be
related to recent routing changes. Network and application teams have
 48
A light manufacturing company wishes to replace its DSL service with a
non-line-of-sight broadband wireless solution that offers comparable
speeds. Which solution should the customer choose?

Wi-Fi

satellite

46 ***WiMAX
What is a characteristic feature of a worm?
Metro Ethernet
***exploits a known vulnerability

attaches to executable programs

49
masquerades as a legitmate program Which Frame Relay flow control mechanism is used to signal routers that
they should reduce the flow rate of frames?
lies dormant until triggered by an event, time, or date
DE

BE
47
When configuring a Frame Relay connection, what is the purpose of CIR
Inverse ARP?
***FECN
to assign a DLCI to a remote peer
CBIR
to disable peer requests from determining local Layer 3 addresses

to negotiate LMI encapsulations between local and remote Frame Relay

peers 50
Which option correctly defines the capacity through the local loop
***to create a mapping of DLCI to Layer 3 addresses that belong to remote guaranteed to a customer by the service provider?
peers
BE
 It should not need to be altered once implemented.
DE
***It creates a basis for legal action if necessary.
***CIR Posted by Cisco Network Academy Program at 11:44 PM 0 comments

CBIR

51

Refer to the exhibit. What is placed in the address field in the header of a
frame that will travel from the San Jose router to the DC router?

DLCI 103

***DLCI 301

172.16.1.18

172.16.1.19

52
What are three attributes of a security policy? (Choose three.)

***It provides step-by-step procedures to harden routers and other

network devices.

It defines acceptable and unacceptable use of network resources.

It focuses primarily on attacks from outside of the organization.

***It defines a process for managing security violations.