Q31.  - (Topic 8)

Which two statements about unique local IPv6 addresses are true?

A. They are identical to IPv4 private addresses.

B. They are defined by RFC 1884.

C. They use the prefix FEC0::/10

D. They use the prefix FC00::/7

E. They can be routed on the IPv6 global internet.

Answer: A,D

Q32.  - (Topic 5)

What are three approaches that are used when migrating from an IPv4 addressing scheme to an IPv6 scheme. (Choose three.)

A. enable dual-stack routing

B. configure IPv6 directly

C. configure IPv4 tunnels between IPv6 islands

D. use proxying and translation to translate IPv6 packets into IPv4 packets

E. statically map IPv4 addresses to IPv6 addresses

F. use DHCPv6 to map IPv4 addresses to IPv6 addresses

Answer: A,C,D


Several methods are used terms of migration including tunneling, translators, and dual stack. Tunnels are used to carry one protocol inside another, while translators simply translate IPv6 packets into IPv4 packets. Dual stack uses a combination of both native IPv4 and IPv6. With dual stack, devices are able to run IPv4 and IPv6 together and if IPv6 communication is possible that is the preferred protocol. Hosts can simultaneously reach IPv4 and IPv6 content.

Q33.  - (Topic 5)

Refer to the exhibit.

What statement is true of the configuration for this network?

A. The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.

B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.

C. The number 1 referred to in the ip nat inside source command references access-list number 1.

D. ExternalRouter must be configured with static routes to networks and

Answer: C


The “list 1 refers to the access-list number 1.

Q34.  - (Topic 6)

Refer to the exhibit.

The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security

2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)

A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.

B. Only host A will be allowed to transmit frames on fa0/1.

C. This frame will be discarded when it is received by 2950Switch.

D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.

E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.

F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

Answer: B,D


The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.

Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

Q35.  - (Topic 4)

A network administrator needs to configure a serial link between the main office and a remote location. The router at the remote office is a non-Cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?

A. Main(config)# interface serial 0/0

Main(config-if)# ip address Main(config-if)# no shut

B. Main(config)# interface serial 0/0

Main(config-if)# ip address Main(config-if)# encapsulation ppp

Main(config-if)# no shut

C. Main(config)# interface serial 0/0

Main(config-if)# ip address Main(config-if)# encapsulation frame-relay

Main(config-if)# authentication chap Main(config-if)# no shut

D. Main(config)# interface serial 0/0

Main(config-if)#ip address Main(config-if)#encapsulation ietf

Main(config-if)# no shut

Answer: B


With serial point to point links there are two options for the encapsulation. The default, HDLC, is Cisco proprietary and works only with other Cisco routers. The other option is PPP which is standards based and supported by all vendors.

Q36.  - (Topic 8)

Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses?



C. RFC 1631

D. RFC 1918

Answer: A

Q37.  - (Topic 5)

What are the alert messages generated by SNMP agents called?





Answer: A,B


A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they’re

unacknowledged so you don’t actually know if the remote application received your oh-so- important message to it. SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP.

Q38.  - (Topic 5)

What authentication type is used by SNMPv2?




D. community strings

Answer: D


SNMP Versions

Cisco IOS software supports the following versions of SNMP:

•SNMPv1 — The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.

•SNMPv2c — The community-string based Administrative Framework for SNMPv2. SNMPv2c (the "c" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.

•SNMPv3 — Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.

SNMP Security Models and Levels

Model Level

Authentication Encryption What Happens v1 noAuthNoPriv

Community String No

Uses a community string match for authentication. v2c

noAuthNoPriv Community String No

Uses a community string match for authentication. v3

noAuthNoPriv Username


Uses a username match for authentication. v3

authNoPriv MD5 or SHA


Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. v3

authPriv MD5 or SHA DES

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml

Q39.  - (Topic 3)

Which commands are required to properly configure a router to run OSPF and to add network to OSPF area 0? (Choose two.)

A. Router(config)# router ospf 0

B. Router(config)# router ospf 1

C. Router(config)# router ospf area 0

D. Router(config-router)# network 0

E. Router(config-router)# network area 0

F. Router(config-router)# network area 0

Answer: B,E


In the router ospf command, the ranges from 1 to 65535 so o is an invalid number -> but To configure OSPF, we need a wildcard in the “network” statement, not a subnet mask. We also need to assgin an area to this process ->.

Q40.  - (Topic 3)

A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the configuration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?

A. service password-encryption

access-list 1 permit

line vty 0 4 login

password cisco access-class 1

B. enable password secret line vty 0


password cisco

C. service password-encryption line vty 1


password cisco

D. service password-encryption line vty 0 4


password cisco

Answer: C


Only one VTY connection is allowed which is exactly what's requested. Incorrect Answer: command.

line vty0 4

would enable all 5 vty connections.

Topic 4, WAN Technologies