642-832
TRANSCRIPT
Cisco 642-832
642-832 Troubleshooting and Maintaining Cisco IP
Switched Networks (TSHOOT)
Practice TestVersion
Actu
alTe
sts.
com
QUESTION NO: 1
Which two statements about the Cisco Aironet Desktop Utility (ADU) are true? (Select two)
A. The Aironet Desktop Utility (ADU) profile manager feature can create and manage only one
profile for the wireless client adapter.
B. The Aironet Desktop Utility (ADU) can support only one wireless client adapter installed and
used at a time.
C. The Aironet Desktop Utility (ADU) can be used to establish the association between the client
adapter and the access point, manage authentication to the wireless network, and enable
encryption.
D. The Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can be
used at the same time to configure the wireless client adapter.
Answer: B,C
Explanation:
You can configure your Cisco Aironet Wireless LAN Client Adapter through the Cisco ADU or a
third-party tool, such as the Microsoft Wireless Configuration Manager. Because third-party tools
may not provide all the functionality available in ADU, Cisco recommends that you use ADU.
The Aironet Desktop Utility (ADU) can support only one wireless client adapter as well as Aironet
Desktop Utility establish the association between the client adapter and Access Point, allows to
authenticate wireless client, allows to configure encryption by setting static WEP, WPA/WPA2
passphrase.
Section 3: Perform routine IOS device maintenance (0 Questions)
Section 4: Isolate sub-optimal internetwork operation at the correctly defined OSI Model layer (2
Questions)
QUESTION NO: 2
At which layer of the OSI model does the Spanning Tree Protocol (STP) operate at?
A. Layer 5
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 2
Actu
alTe
sts.
com
B. Layer 4
C. Layer 3
D. Layer 2
E. Layer 1
Answer: D
Explanation:
Spanning-Tree Protocol (STP) is a Layer 2 (L2) protocol designed to run on bridges and switches.
The specification for STP is called 802.1d. The main purpose of STP is to ensure that you do not
run into a loop situation when you have redundant paths in your network. Loops are deadly to a
network.
QUESTION NO: 3
In computer networking a multicast address is an identifier for a group of hosts that have joined a
multicast group. Multicast addressing can be used in the Link Layer (OSI Layer 2), such as
Ethernet Multicast, as well as at the Internet Layer (OSI Layer 3) as IPv4 or IPv6 Multicast. Which
two descriptions are correct regarding multicast addressing?
A. The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that
indicates a multicast application.
B. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved
value that indicates a multicast application.
C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into
the last 24 bits of the MAC address. The high-order bit is set to 0.
D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved
value that indicates a multicast application.
Answer: C,D
Explanation:
The point of this question is the form of multicast MAC address, and the conversion between the
multicast MAC address and IP address.
The multicast MAC address is 6 bytes(48 bits), the first 3 bytes (24 bits) of the multicast MAC
address are 0x01-00-5E, the last 3 bytes(24 bits) of the multicast MAC address =0 + 23 bit(the last
23 bit of the IP address). "0x01-00-5E" is a reserved value that indicates a multicast application.
So option B and D are correct.
QUESTION NO: 4
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 3
Actu
alTe
sts.
com
EIGRP is being used as the routing protocol on the company network. While troubleshooting some
network connectivity issues, you notice a large number of EIGRP SIA (Stuck in Active) messages.
What causes these SIA routes? (Select two)
A. The neighboring router stops receiving ACK packets from this router.
B. The neighboring router starts receiving route updates from this router.
C. The neighboring router is too busy to answer the query (generally caused by high CPU
utilization).
D. The neighboring router is having memory problems and cannot allocate the memory to process
the query or build the reply packet.
Answer: C,D
Explanation:
SIA routes are due to the fact that reply packets are not received. This could be caused by a
router which is unable to send reply packets. The router could have reached the limit of its
capacity, or it could be malfunctioning.
Incorrect Answers:
A: Missing replies, not missing ACKs, cause SIA.
B: Routes updates do not cause SIA.Notes: If a router does not receive a reply to all outstanding
queries within 3 minutes, the route goes to the stuck in active (SIA) state. The router then resets
the neighbors that fail to reply by going active on all routes known through that neighbor, and it re-
advertises all routes to that neighbor.Reference: Enhanced Interior Gateway Routing
Protocolhttp://www.cisco.com/warp/public/103/eigrp3.html
QUESTION NO: 5
Part of the routing table of router R1 is displayed below:
S 62.99.153.0/24 [1/0] via 209.177.64.130
172.209.12.0/32 is subnetted, 1 subnets
D EX 172.209.1
[170/2590720] via 209.179.2.114, 06:47:28, Serial0/0/0.1239
62.113.17.0/24 is variably subnetted, 2 subnets, 2 masks
D EX 99.3.215.0/24
[170/27316] via 209.180.96.45, 09:52:10, FastEthernet11/0/0
[170/27316] via 209.180.96.44, 09:52:10, FastEthernet11/0/0
25.248.17.0/24
[90/1512111] via 209.179.66.25, 10:33:13, Serial0/0/0.1400001
[90/1512111] via 209.179.66.41, 10:33:13, Serial0/0/0.1402001
62.113.1.0/24 is variably subnetted, 12 subnets, 2 masks
D 62.113.1.227/32
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 4
Actu
alTe
sts.
com
[90/2611727] via 209.180.96.45, 10:33:13, FastEthernet1/0/0
[90/2611727] via 209.180.96.44, 10:33:13, FastEthernet1/0/0
S* 0.0.0.0/0 [1/0] via 209.180.96.14
From analyzing the above command output, what is the administrative distance of the external
EIGRP routes?
A. 24
B. 32
C. 90
D. 170
E. 27316
F. None of the other alternatives apply
Answer: D
Explanation:
By default an external EIGRP route has a value of 170. By examining the exhibit we see that this
default value of the external EIGRP routes (see D-EX in exhibit) indeed is set to 170. The first
value within the brackets display the AD, so with a value of [170/27316] the AD is 170 and the
metric of the route is 27316.
Incorrect Answers:
A: This is the subnet mask used for some of the routes in the table.
B: This is the subnet mask used for some of the routes in the table.
C: This is the AD of the internal EIGRP routes, which is the default
E: This is the EIGRP metric of the external EIGRP routes.Reference: What Is Administrative
Distance?http://www.cisco.com/warp/public/105/admin_distance.html
QUESTION NO: 6
The network is shown below, along with the relevant router configurations:
R1# show run
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0
ip address 172.29.1.1 255.255.255.0
media-type 10BaseT
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 5
Actu
alTe
sts.
com
!
!
router eigrp 999
redistribute connected
network 172.29.0.0
auto-summary
no eigrp log-neighbor-changes
!
ip classless
no ip http server
R2# show run
interface Ethernet0
ip address 172.29.1.2 255.255.255.0
media-type 10BaseT
!
interface Ethernet1
ip address 172.19.2.2 255.255.255.0
media-type 10BaseT
!
router eigrp 999
network 172.19.0.0
network 172.29.0.0
!
ip classless
no ip http server
R3# show run
interface Ethernet1/0
ip address 172.19.2.3 255.255.255.0
!
router eigrp 999
network 172.19.0.0
auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip http server
With the topology found in the graphic, what will the R1 loopback 0 be in the R3 routing table?
A. It will show up in the routing table as D 10.0.0/8.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 6
Actu
alTe
sts.
com
B. It will show up in the routing table as D EX 10.0.0.0/8.
C. It will show up in the routing table as D 10.0.0./24.
D. It will not show up in R3 routing table because there is no network command on R1.
Answer: B
Explanation:
Because router R1 is configured with route redistribution, it will redistribute the connected
loopback network into EIGRP. Because redistributed routes will show up as external EIGRP
routes in the routing table, choice B is correct. Although the loopback interface is using a /24
subnet mask, EIGRP summarizes at network boundaries by default so the network will appear as
the class A network of 10.0.0.0/8 in the routing table of the other routers.
Incorrect Answers:
A: The route will be external, since it was redistributed into EIGRP.
C: It will be external because of redistribution, and it will also be summarized since that is the
default behavior of EIGRP.
D: Although it was not configured under the EIGRP network command, it would be redistributed
because it is a connected route.
QUESTION NO: 7
The EIGRP network is displayed in the following topology diagram:
You work as a network technician. Study the exhibits carefully. If the command "variance 3" was
added to the EIGRP configuration of R5, which path or paths would be chosen to route traffic from
R5 to network X?
A. R5-R2-R1
B. R5-R2-R1 and R5-R3-R1.
C. R5-R3-R1 and R5-R4-R1.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 7
Actu
alTe
sts.
com
D. R5-R2-R1,R5-R3-R1, and R5-R4-R1.
Answer: B
Explanation:
Every routing protocol supports equal cost path load balancing. In addition, Interior Gateway
Routing Protocol (IGRP) and EIGRP also support unequal cost path load balancing. Use the
variance n command in order to instruct the router to include routes with a metric of less than n
times the minimum metric route for that destination. The variable n can take a value between 1
and 128. The default is 1, which means equal cost load balancing. Traffic is also distributed
among the links with unequal costs, proportionately, with respect to the metric.
In this question the variance 3 command is used . In this instance, R5 can get to Net X using the
path R5-R3 = metric of 10, and R3-R1 = 10 as well with the FD between R5 - R1 being 10 + 10 =
20. Therefore, we can load balance on any route that had an FD of 3x the successor, or 3x20,
which is 60
Important Note: If a path does not meet the feasibility condition, the path is not used in load
balancing. This is why chose D is wrong as this path has an Advertised Distance of 25 which is
greater than the successors FD. The link below refers to an example that is nearly identical to the
example in this question, except theirs used a variance of 2 and this question used a variance of
3.
Reference:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009437d.shtml
QUESTION NO: 8
The following command was issued on Router 2:
Given the above output shown above, which statement is true?
A. 192.168.1.0 is a redistributed route into EIGRP.
B. 192.168.1.0 is a summarized route.
C. 192.168.1.0 is a static route.
D. 192.168.1.0 is equal path load balancing with 172.16.1.0.
E. None of the other alternatives apply
Answer: A
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 8
Actu
alTe
sts.
com
Explanation:
When EIGRP learns the routing information from the different routing protocol it uses D EX symbol
to indicate that this routing information has learned from other routing protocol.
QUESTION NO: 9
A network administrator is troubleshooting an EIGRP connection between RouterA, IP address
10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two
statements are true?
A. RouterA received a hello packet with mismatched metric-calculation mechanisms.
B. RouterA received a hello packet with mismatched authentication parameters.
C. RouterA will form an adjacency with RouterB.
D. RouterA received a hello packet with mismatched autonomous system numbers.
E. RouterA received a hello packet with mismatched hello timers.
F. RouterA will not form an adjacency with RouterB.
Answer: A,F
Explanation:
Metrics are the mathematics used to select a route. The higher the metric associated with a route,
the less desirable it is. For EIGRP, the Bellman-Ford algorithm uses the following equation and
creates the overall 24-bit metric assigned to a route:
* metric = [(K1 × bandwidth) + [( K2 × bandwidth) ÷ (256 - load)] + (K3 × delay)] × [K5 ÷
(reliability + K4)]
The elements in this equation are as follows:
* By default, K1 = K3 = 1, K2 = K4 = K5 = 0. Therefore, by default, the metric formula reduces to:
metric = (1 × bandwidth) + (1 × delay)
metric = bandwidth + delay
K Values should be same to become the EIGRP neighbors.
QUESTION NO: 10
Study the exhibit below carefully:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 9
Actu
alTe
sts.
com
If the configuration shown below is added to Router1, which three route entries will EIGRP
advertise to neighboring routers? (Select three)
router eigrp 10
network 10.0.0.0
eigrp stub
A. 192.168.20.0/24
B. 10.1.2.0/24
C. 10.1.1.0/24
D. 10.1.3.0/24
E. 10.0.0.0/8
Answer: C,D,E
Explanation:
The Enhanced Interior Gateway Routing Protocol (EIGRP) Stub Routing feature improves network
stability, reduces resource utilization, and simplifies stub router configuration.
Stub routing is commonly used in a hub and spoke network topology. In a hub and spoke network,
one or more end (stub) networks are connected to a remote router (the spoke) that is connected to
one or more distribution routers (the hub). The remote router is adjacent only to one or more
distribution routers. The only route for IP traffic to follow into the remote router is through a
distribution router. This type of configuration is commonly used in WAN topologies where the
distribution router is directly connected to a WAN. The distribution router can be connected to
many more remote routers. Often, the distribution router will be connected to 100 or more remote
routers. In a hub and spoke topology, the remote router must forward all nonlocal traffic to a
distribution router, so it becomes unnecessary for the remote router to hold a complete routing
table. Generally, the distribution router need not send anything more than a default route to the
remote router.
When using the EIGRP Stub Routing feature, you need to configure the distribution and remote
routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are
propagated from the remote (stub) router. The router responds to queries for summaries,
connected routes, redistributed static routes, external routes, and internal routes with the message
"inaccessible." A router that is configured as a stub will send a special peer information packet to
all neighboring routers to report its status as a stub router.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 10
Actu
alTe
sts.
com
Any neighbor that receives a packet informing it of the stub status will not query the stub router for
any routes, and a router that has a stub peer will not query that peer. The stub router will depend
on the distribution router to send the proper updates to all peers.
QUESTION NO: 11
Refer to the exhibit. EIGRP has been configured on routers R1 and R2. However, R1 does not
show R2 as a neighbor and does not accept routing updates from R2. What could be the cause of
the problem?
A. The no auto-summary command has not been issued under the EIGRP process on both
routers.
B. Interface E0 on router R1 has not been configured with a secondary IP address of 10.1.2.1/24.
C. EIGRP cannot exchange routing updates with a neighbor's router interface that is configured
with two IP addresses.
D. EIGRP cannot form neighbor relationship and exchange routing updates with a secondary
address.
Answer: D
Explanation:
Remember that simple distance vector routers do not establish any relationship with their
neighbors. RIP and IGRP routers merely broadcast or multicast updates on configured interfaces.
In contrast, EIGRP routers actively establish relationships with their neighbors, much the same
way that OSPF routers do.
EIGRP routers establish adjacencies with neighbor routers by using small hello packets. Hellos
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 11
Actu
alTe
sts.
com
are sent by default every five seconds. An EIGRP router assumes that as long as it is receiving
hello packets from known neighbors, those neighbors (and their routes) remain viable. By forming
adjacencies, EIGRP routers do the following: Dynamically learn of new routes that join their
network Identify routers that become either unreachable or inoperable Rediscover routers that had
previously been unreachable
QUESTION NO: 12
While troubleshooting an EIGRP routing problem you notice that one of the company routers have
generated a large number of SIA messages. What are two possible causes for EIGRP Stuck-In-
Active routes? (Select two)
A. Some query or reply packets are lost between the routers.
B. The neighboring router starts receiving route updates from this router.
C. A failure causes traffic on a link between two neighboring routers to flow in only one direction
(unidirectional link).
D. The neighboring router stops receiving ACK packets from this router.
Answer: A,C
Explanation:
The acknowledgement does not reach the destination or they are too delayed. This is normally
due to too many routing topology changes, or a router with insufficient memory.
Note: In some circumstances, it takes a very long time for a query to be answered. So long, in fact,
that the router that issued the query gives up and clears its connection to the router that isn't
answering, effectively restarting the neighbor session. This is known as a stuck in active (SIA)
route. The most basic SIA routes occur when it simply takes too long for a query to reach the other
end of the network and for a reply to travel back.
Incorrect Answers:
B: Does not apply to SIA. This is the normal operation of EIGRP.
D: Ack packets don't reply to Queries, only Reply
do.Reference:http://www.cisco.com/warp/public/103/eigrp3.html
QUESTION NO: 13
EIGRP uses five generic packet types (hello, updates, queries, replies, acknowledgements). If you
wished to view the statistics for these packets, which IOS command should you use?
A. debug eigrp packets
B. show ip eigrp traffic
C. show ip eigrp topology
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 12
Actu
alTe
sts.
com
D. show ip eigrp neighbors
Answer: B
Explanation:
The show ip eigrp traffic command displays the number of Enhanced IGRP (EIGRP) packets sent
and received.
Example:
The following is sample output from the show ip eigrp traffic command:
Router# show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 77
Hellos sent/received: 218/205
Updates sent/received: 7/23
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 21/14
Reference
:http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter
09186a00800ca5a9.html#wp1018815
QUESTION NO: 14
While troubleshooting a routing problem on the company EIGRP network you discover that one of
the routers is failing to establish adjacencies with its neighbor. What is a likely cause of this
problem between neighbors? (Select two)
A. The K-values do not match.
B. The hold times do not match.
C. The hello times do not match.
D. The AS numbers do not match.
Answer: A,D
Explanation:
Peer relationships and adjacencies between routers will not be formed between EIGRP routers if
the neighbor resides in a different autonomous system or if the metric-calculation mechanism (K
values) is misaligned for that link.
Incorrect Answers:
B: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers
do not match.Section 2: Troubleshoot OSPF(9 Questions)
C: It is possible for two routers to become EIGRP neighbors even though the hello and hold timers
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 13
Actu
alTe
sts.
com
do not match.Section 2: Troubleshoot OSPF(9 Questions)
QUESTION NO: 15
QUESTION NO: 16
Refer to the exhibit. On the basis of the information presented, which statement is true?
A. OSPF router 5.0.0.2 is an ABR.
B. Network 6.0.0.0/8 was learned from an OSPF neighbor within the area.
C. The default route is learned from an OSPF neighbor.
D. A default route is configured on the local router.
Answer: B
Explanation:
In this example, the network 6.0.0.0/8 shows that it was leaned via IA, or Inter-area. Since this
came from a neighbor in a different area, then the neighbor router at 5.0.0.2 must be an ABR.
The various route types used by OSPF are:
QUESTION NO: 17
DR (Designated Router) is for environments where many routers on the same network such as
Ethernet. In the following presented network, all routers are reloaded simultaneously, and DR is
selected as expected. What is the CK-RTC status?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 14
Actu
alTe
sts.
com
A. 2WAY/BDR
B. FULL/BDR
C. 2WAY/DROTHER
D. 2WAY/DR
E. FULL/DROTHER
F. FULL/DR
G. None of the other alternatives apply
Answer: E
Explanation:
How OSPF Forms Its Neighbors :
In this example topology, all routers are running Open Shortest Path First (OSPF) over the
Ethernet network:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 15
Actu
alTe
sts.
com
This is sample output of the show ip ospf neighbor command on R7 and R8:
R7# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
170.170.3.4 1 2WAY/DROTHER 00:00:34 170.170.3.4 Ethernet0
170.170.3.3 1 2WAY/DROTHER 00:00:34 170.170.3.3 Ethernet0
170.170.3.8 1 FULL/DR 00:00:32 170.170.3.8 Ethernet0
170.170.3.2 1 FULL/BDR 00:00:39 170.170.3.2 Ethernet0
Notice that R7 establishes full adjacency only with the Designated Router (DR) and the Backup
Designated Router (BDR). All other routers have a two-way adjacency established. This is normal
behavior for OSPF.
In this case, the "show ip ospf neighbor"is performed on R4. R4 is the DR (due to higher router
ID)so it will have FULL adjacency with all routers including R2. If the "show ip ospf neighbor" had
been performed on R1, then it would show 2way/drother with R2.
Router4# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 1 FULL/DROTHER 00:00:31
192.168.1.1 FastEthernet0/0 192.168.1.2 1 FULL/DROTHER 00:00:31 192.168.1.2
FastEthernet0/0 192.168.1.3 1 FULL/BDR 00:00:31 192.168.1.3 FastEthernet0/0
Router1# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface 192.168.1.2 1 2WAY/DROTHER 00:00:35
192.168.1.2 FastEthernet0/0 192.168.1.3 1 FULL/BDR 00:00:35 192.168.1.3 FastEthernet0/0
192.168.1.4 1 FULL/DR 00:00:35 192.168.1.4 FastEthernet0/0
Reference:
www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094059.shtml
QUESTION NO: 18
While troubleshooting some connectivity issues, you issue the "show ip ospf database" in order to
examine the link state database. Which three of the statements below are true regarding the
OSPF link state database? (Select three)
A. Each router has an identical link state database.
B. External routes are imported into a separate link state database.
C. Synchronization of link state databases is maintained via flooding of LSAs.
D. Information in the link state database is used to build a routing table by calculating a shortest-
path tree.
E. By default, link state databases are refreshed every 10 minutes in the absence of topology
changes.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 16
Actu
alTe
sts.
com
Answer: A,C,D
Explanation:
The Link state database is a collection of link state advertisement for all routers and networks.
Each router in the OSPF network maintains an identical database. LSA flooding occurs whenever
there is a change in the OSPF topology, ensuring that the databases are synchronized. OSPF
also uses the SPF algorithm to build the database tables.
Incorrect Answers:
B: Only one link state database is maintained, and it is used for all OSPF routes.
E: The default refresh time is 30 minutes.Reference: Building Scalable Cisco Networks (Cisco
Press) page 178.
QUESTION NO: 19
Which command should you use to verify what networks are being routed by a given OSPF
process?
A. show ip ospf
B. show ip route
C. show ip protocol
D. show ip ospf database
E. None of the other alternatives apply
Answer: C
Explanation:
The information displayed by the show ip protocols command is useful in debugging routing
operations. Information in the Routing Information Sources field of the show ip protocols output
can help you identify a router suspected of delivering bad routing information. For OSPF routers,
this command will display the routed networks.
Incorrect Answers:
A: To display general information about Open Shortest Path First (OSPF) routing processes, use
the show ip ospf command in EXEC mode. This command will display the areas assigned and
other useful information, but not the networks being routed.Example:R1# show ip ospfRouting
Process "ospf 201" with ID 192.42.110.200Supports only single TOS(TOS0) routeIt is an area
border and autonomous system boundary routerRedistributing External Routes from, igrp 200 with
metric mapped to 2, includes subnets in redistribution rip with metric mapped to 2 igrp 2 with
metric mapped to 100 igrp 32 with metric mapped to 1Number of areas in this router is 3Area
192.42.110.0 Number of interfaces in this area is 1 Area has simple password authentication SPF
algorithm executed 6 times
B: This will display the active routing table, but not the networks that are being routed.
D: The OSPF database does not display the networks being routed.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 17
Actu
alTe
sts.
com
QUESTION NO: 20
You have a multi-area OSPF network and you're concerned because one of the sites is having
connectivity problem to resources in a different area. Which IOS privileged mode command would
you enter to confirm that your network: A) has a path to its ABR, B) has a path to its ASBR, and C)
the SPF calculation is functional?
A. show ip protocols
B. show running-config
C. show ip ospf neighbor
D. show ip ospf border-routers
Answer: D
Explanation:
The show ip ospf border-routers command displays the internal OSPF routing table entries to an
area border router (ABR) and autonomous system boundary router (ASBR). The SPF No in the
output is the internal number of SPF calculation that installs this route.
Example: Router R# show ip ospf border-routers
OSPF Process 109 internal Routing Table
Destination Next Hop Cost Type Rte Type Area SPF No
160.89.97.53 144.144.1.53 10 ABR INTRA 0.0.0.3 3
160.89.103.51 160.89.96.51 10 ABR INTRA 0.0.0.3 3
160.89.103.52 160.89.96.51 20 ASBR INTER 0.0.0.3 3
160.89.103.52 144.144.1.53 22 ASBR INTER 0.0.0.3 3
Incorrect Answers:
A: The show ip protocols command only displays routing protocol parameters and current timer
values.
B: The show running-config command displays the currently used configuration mode. The
required information will not be displayed.
C: The show ip ospf neighbor command displays OSPF-neighbor information on a per-interface
basis. It does not include ABR, ASBR or SPF information.
QUESTION NO: 21
An OSPF link can be in multiple states at any given moment (ie. Exstart, exchange, full). Which
two IOS commands let you view the state of the link? (Select two)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 18
Actu
alTe
sts.
com
A. show ip ospf
B. show ip protocols
C. show ip ospf neighbor
D. show ip ospf interface
Answer: C,D
Explanation:
The link state exstart is an OSPF link state (see note below). We need retrieve OSPF link state
information.
C: The output of the show ip ospf neighbor command is used To display OSPF-neighbor
information on a per-interface basis. It includes link state information.
D: The show ip ospf interface command is used to display OSPF-related interface information for
a particular interface. This includes the link state of the specified interface.
Note: exstart state: After two OSPF neighboring routers establish bi-directional communication
and complete DR/BDR election (on multi-access networks), the routers transition to the exstart
state.
Incorrect Answers:
A: The show ip ospf command is used to display general information about OSPF routing
processes. However, it does not include any link state information.B: The command "show ip
protocols" displays the parameters and current state of the active routing protocol process. It does
not show any link state information.
QUESTION NO: 22
Which command would display OSPF parameters such as filters, default metric, maximum paths,
and number of areas configured on a router?
A. show ip protocol
B. show ip route
C. show ip ospf interface
D. show ip ospf
E. show ip interface
F. None of the other alternatives apply
Answer: A
Explanation:
The "show ip protocol" command displays values about routing timers and network information
associated with the entire router . This includes, the AS number associated with the routing
process, number of areas configured on the router, the metric, and the maximum paths.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 19
Actu
alTe
sts.
com
QUESTION NO: 23
Exhibit:
You work as a network technician. You trainee shows you the IOS command output displayed in
the exhibit. What command did Tess use to produce this output?
A. show ip RIP
B. show ipv6 ospf
C. show ip ospf
D. show ip ospf interface
E. show ipv6 ospf interface
F. show ipv4 ospf
G. None of the other alternatives apply
Answer: B
Explanation:
In this case we can see that OSPFv3 is being used, and since OSPFv3 is used exclusively for
IPv6 networks we know that the correct answer must be "show ipv6 ospf." To display general
information about Open Shortest Path First (OSPF) routing processes, use the show ipv6 ospf
command in user EXEC or privileged EXEC mode.
Example:
The following is sample output from the show ipv6 ospf command:
Router# show ipv6 ospf
Routing Process "ospfv3 1" with ID 10.10.10.1
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 20
Actu
alTe
sts.
com
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Area BACKBONE(0)
Number of interfaces in this area is 1
MD5 Authentication, SPI 1000
SPF algorithm executed 2 times
Number of LSA 5. Checksum Sum 0x02A005
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Reference: http://www.cisco.com/en/US/docs/ios/12_3t/ipv6/ipv6_15g.html#wp2139460
QUESTION NO: 24
Which IOS command would you use to find out which networks are routed by a particular OSPF
process?
A. show ospf
B. show ip route
C. show ip protocols
D. show ip ospf database
E. None of the other alternatives apply
Answer: C
Explanation:
The show ip protocols command display current routing protocols. It displays the parameters and
current state of the active routing protocol process. The output includes a list of the networks
routing for individual ospf processes.
Sample output:
Rt Router # show ip protocols
Routing Protocol is "ospf 200"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 21
Actu
alTe
sts.
com
Incoming update filter list for all interfaces is not set
Redistributing: ospf 200
Routing for Networks:
172.6.31.5/32
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)
Incorrect Answers:
A: The show ospf command displays summary information regarding the global OSPF
configuration.
B: The show ip route command displays the IP routing table.
D: The show ip ospf database command displays the contents of the topological database
maintained by the router. The command also shows the router ID and the OSPF process ID.
However, the output does not include the networks routing for individual ospf processes.Section 3:
Troubleshoot eBGP(21 Questions)
QUESTION NO: 25
A problem was reported that the 10.10.10.0/24 prefix was not injected into the local BGP table on
a Company router named R1. The following information is available from this router:
R1 Configuration:
router bgp 65001
network 10.0.0.0
neighbor 172.16.1.1 remote-as 65002
no auto-summary
Routing table information:
show ip route | include 10
O 10.10.10.0/24 [110/11] via 192.168.1.1, 2d00h, Ethernet0/0
Why is this prefix not in the local BGP table of the R1?
A. The 172.16.1.1 neighbor is down.
B. The prefix 10.10.10.0/24 is not a 'connected' route.
C. This route is not a BGP learned route.
D. The network command is wrong.
E. None of the other alternatives apply
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 22
Actu
alTe
sts.
com
Answer: D
Explanation:
The network command is used with IGPs, such as RIP, to determine the interfaces on which to
send and receive updates. The command also indicates which directly connected networks to
advertise. However, when configuring BGP, the network command does not affect what interfaces
BGP runs on. Therefore, configuring just a network statement will not establish a BGP neighbor
relationship. This is a major difference between BGP and IGPs. The network statement follows
this syntax:
Router(config-router)# network network-number [ mask network-mask ]
In BGP, the network command tells the BGP process what locally learned networks to advertise.
The networks can be connected routes, static routes, or routes learned by way of a dynamic
routing protocol, such as RIP. These networks must also exist in the routing table of the local
router or they will not be sent out in updates. The mask keyword can be used with the network
command to specify individual subnets. Routes learned by the BGP process are propagated by
default but are often filtered by a routing policy. In this example, the correct syntax should be
"network 10.10.10.0 mask 255.255.255.0" under the BGP routing process. Without the correct
subnet mask specified, the route will not get injected into the BGP routing table, even if it is
learned via an IGP. In this case, the route is known via OSPF.
QUESTION NO: 26
Which IOS command would you enter if you wanted to view a list of IBGP and EBGP neighbor
relationships that are configured?
A. show ip bgp
B. show ip bgp paths
C. show ip bgp peers
D. show ip bgp summary
E. show ip bgp protocols
Answer: D
Explanation:
The show ip bgp summary command displays the status of all BGP connections. Neighbors with
corresponding AS values will be listed; both interior and external.
Incorrect Answers:
A: The show ip bgp command displays routes in the BGP routing table, not the neighbors.
B: The show ip bgp paths command is used to display all the BGP paths in the database.
However, it does not list the neighbors.
C: There is no such
command.Reference:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 23
Actu
alTe
sts.
com
_r/1rprt1/1rbgp.htm
E: There is no such
command.Reference:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1
_r/1rprt1/1rbgp.htm
QUESTION NO: 27
Which two of the following descriptions are correct according to the displayed output of the
command show ip bgp summary? (Choose two.)
A. The BGP session to the 10.1.1.1 neighbor is established.
B. The router is trying to create a BGP peering session with the 10.1.1.1 neighbor.
C. The BGP session to the 10.3.3.3 neighbor is created, but the router received no BGP routing
updates from the 10.3.3.3 neighbor.
D. The router is attempting to establish a BGP peering session with the 10.2.2.2 neighbor.
Answer: A,D
Explanation:
Show ip bgp summary command displays the summary of all BGP connections.
The six states of the BGP FSM are described as follows:
* Idle - Idle is the first state of a BGP connection. BGP is waiting for a start event. It is normally
initiated by an administrator or a network event. At the start event, BGP initializes its resources
and resets a connect retry timer. Then it starts listening for a TCP notice that BGP can transition
back to Idle from any other state in case of errors.
* Connect - In the Connect state, BGP is waiting for the TCP connection to be completed. If the
TCP connection is successful, the state transitions to OpenSent. If the TCP connection fails, the
state transitions to the Active state, and the router tries to connect again. If the connect retry timer
expires, the state remains in the Connect state, the timer is reset, and a TCP connection is
initiated. In case of any other event, initiated by the system or the administrator, the state returns
to Idle.
* Active - In the Active state, BGP is trying to acquire a peer by initiating a TCP connection. If it
is successful, it transitions to OpenSent. If the connect retry timer expires, BGP restarts the
connect timer and returns to the Connect state. While active, BGP is still listening for a connection
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 24
Actu
alTe
sts.
com
that may be initiated from another peer. The state may go back to Idle in case of other events,
such as a stop event initiated by the system or the operator.
In general, a neighbor state that is switching between "Connect" and "Active" is an indication that
something is wrong and that there are problems with the TCP connection. It could be because of
many TCP retransmissions, or the incapability of a neighbor to reach the IP address of its peer.
* OpenSent - In the OpenSent state, BGP is waiting for an open message from its peer. The
open message is checked for correctness. In case of errors, such as an incompatible version
number or an unacceptable AS, the system sends an error notification message and goes back to
idle. If there are no errors, BGP starts sending keepalive messages and resets the keepalive
timer. At this stage, the hold time is negotiated and the smaller value is taken. If the negotiated
hold time is zero (0), the hold timer and the keepalive timer are not restarted.
At the OpenSent state, BGP recognizes whether the peer belongs to the same AS or to a different
AS. BGP does this by comparing its AS number to the AS number of its peer. A same AS is an
IBGP peer and a different AS is an EBGP peer.
When a TCP disconnect is detected, the state falls back to Active. For any other errors, such as
an expiration of the hold timer, BGP sends a notification message with the corresponding error
code. Then it returns to the Idle state.
* OpenConfirm - While in OpenConfirm state, BGP is waiting for a keepalive or notification
message. If a keepalive message is received, the state goes to the Established state, and the
neighbor negotiation is complete. If the system receives an update or keepalive message, it
restarts the hold time, assuming that the negotiated hold time is not zero. If a notification message
is received, the state falls back to Idle. The system sends periodic keepalive messages at the rate
set by the keepalive timer. In the case of any TCP disconnect or in response to any stop event,
initiated by the system or the administrator, the state returns to Idle. In response to any other
event, the system sends a notification message with an FSM error code and returns to the Idle
state.
* Established - Established is the final state in the neighbor negotiation. BGP starts exchanging
update packets with its peers. If it is non-zero, the hold timer is restarted at the receipt of an
update or keepalive message.
QUESTION NO: 28
The "show ip bgp" command was issued on a Router as shown below:
Based on the Router2 output, which statement is true?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 25
Actu
alTe
sts.
com
A. The best path to reach the 192.168.11.0 prefix is via 10.200.200.11.
B. The 192.168.11.0 and 192.168.12.0 prefixes were learned via EBGP from the 10.200.200.11
and 10.200.200.12 EBGP neighbors.
C. The best path to reach the 192.168.11.0 prefix is via both 10.200.200.11 and 10.200.200.12;
BGP will automatically load balance between the two.
D. The best path to reach the 192.168.11.0 prefix is via 10.200.200.12.
E. None of the other alternatives apply.
Answer: D
Explanation:
The best path to any given destination is noted by the ">" in the IP BGP table. In this case, the
best path to 192.168.11.0 is via next hop 10.200.200.12 due to the fact that the weight is higher
(101) than the path via the alternative next hop. Weight is a Cisco proprietary method for path
determination and the weight value is used above all other values. Within a router, the path with
the highest weight will be preferred.
QUESTION NO: 29
While verifying BGP operation on the Company router, you issue the "show ip bgp" command as
shown below:
routerR>show ip bgp
BGP table version is 1046033, local router ID is 198.32.162.100
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
* > 143.16.0.0 128.214.63.2 0 400 0 200 1
* 143.16.0.0 192.208.10.5 0 300 0 300 1
* 143.16.0.0 143.16.63.5 0 100 0 200 1
* 143.16.0.0 203.250.13.41 0 100 0 500 1
From the information above, which path will the network 143.16.0.0 prefer to take to exit the AS?
A. 128.214.63.2
B. 192.208.10.5
C. 128.213.63.5
D. 203.250.13.41
E. All of the above will be used in a round robin fashion.
Answer: A
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 26
Actu
alTe
sts.
com
Explanation:
Local preference (LocPref) is a well-known discretionary attribute that provides an indication to
routers in the AS about which path is preferred to exit the AS. A path with a higher local
preference is more preferred. In this scenario the following entry has the highest local preference
value of 400.
Network Next Hop Metric LocPrf Weight Path
* > 128.213.0.0 128.214.63.2 0 400 0 200 1
The preferred exit path of the AS is therefore 128.214.63.2, as noted by the">" which refers to the
best path for this destination.
QUESTION NO: 30
Refer to the exhibit. Router RTR is attempting to establish BGP neighbor relationships with routers
RT1 and RT3. On the basis of the information that is presented in the exhibit, which two
statements are true? (Choose two.)
A. RTR has a BGP password set but neighbor 10.0.0.1 does not.
B. Neighbor 10.0.0.5 has a BGP password set but RTR does not.
C. RTR has a BGP password set but neighbor 10.0.0.5 does not.
D. RTR has a BGP password set but neighbor 10.0.0.1 has an incorrect password set.
E. Neighbor 10.0.0.1 has a BGP password set but RTR does not.
F. RTR has a BGP password set but neighbor 10.0.0.5 has an incorrect password set.
Answer: A,F
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 27
Actu
alTe
sts.
com
Explanation:
The above log message means that there is an invalid MD5 password on one neighbor, where the
other neighbor is configured for authentication while the other is not. If both sides were configured
and there was a password mismatch, the error message would indicated "Bad MD5 digest" not
"No MD5 digest."
Only one configuration step is required to use BGP password authentication; that step is enabling
password authentication on a peer-by-peer basis using the neighbor ip-address password
password command.
neighbor {ip-address | peer-group} password [0-7] password-string
QUESTION NO: 31
A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated to
all of the devices. The route is not now in any of the routing tables. The administrator determines
that an access list is the cause of the problem. The administrator changes the access list to allow
this route, but the route still does not appear in any of the routing tables. What should be done to
propagate this route?
A. Clear the BGP session.
B. Change both the inbound and outbound policy related to this route.
C. Use the service-policy command to adjust the QOS policy to allow the route to propagate.
D. Use the release BGP routing command.
Answer: A
Explanation:
When configuring BGP, changes made to an existing configuration may not appear immediately.
In order to force BGP to clear its table and reset BGP sessions, use the clear ip bgp * command :
Router# clear ip bgp *
The asterisk (*) is a wildcard that matches all table entries. Therefore, all BGP routes are lost while
the neighbor relationships are reset. This is expedient and very useful in a lab situation, but
caution should be exercised when issuing this command on a production router. On an Internet
backbone router, it may be more appropriate to use this command with a specific IP address, as
shown in the following:
Router# clear ip bgp 192.168.0.0
QUESTION NO: 32
Refer to the exhibit. Routers RTA and RTB are running BGP but the session is active. What
command needs to be added to establish the BGP session?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 28
Actu
alTe
sts.
com
A. ip route 10.10.10.1 255.255.255.255 s0/0
ip route 10.10.10.1 255.255.255.255 s0/1
B. network 10.10.10.0
C. no synchronization
D. neighbor 10.10.10.1 next-hop-self
Answer: A
Explanation:
When BGP is running between routers in different autonomous systems, it is called External BGP
(EBGP). When BGP is running between routers in the same AS, it is called Internal BGP (IBGP).
BGP allows the path that packets take to be manipulated by the AS, as described in this module. It
is important to understand how BGP works to avoid creating problems for your AS as a result of
running BGP. A static route can be used to form an adjacency between EBGP neighbors.
QUESTION NO: 33
Refer to the exhibit. Router RT3 discovers network 202.176.56.0 via BGP. Which one of these
statements is true?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 29
Actu
alTe
sts.
com
A. RT1 advertised network 202.176.50.0/24 with a metric of 782.
B. RT3 is directly connected to RT1 using subnet 192.168.1.0.
C. RT3 has an IGP metric of 782 to reach 192.168.1.1.
D. RT3 has a BGP metric of 782 to reach 192.168.1.1.
E. RT1 advertised network 202.176.50.0/24 with a metric of 1000.
F. RT3 has an IGP metric of 1782 to reach 202.176.56.0/24.
Answer: C
Explanation:
QUESTION NO: 34
Refer to the exhibit. On the basis of the information in the exhibit, which two statements are true?
(Choose two.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 30
Actu
alTe
sts.
com
A. When traffic is sent from the ISP to autonomous system 64512, the traffic will be forwarded to
SanJose2 because of the higher MED value of SanJose2.
B. The serial 0/0/1 interface on the ISP router has been configured with the set metric 50
command.
C. The output was generated by entering the show ip bgp command on the SanJose1 router.
D. The output was generated by entering the show ip bgp command on the ISP router.
E. The serial 0/0/1 interface on the ISP router has been configured with the set metric 75
command.
F. When traffic is sent from the ISP to autonomous system 64512, the traffic will be forwarded to
SanJose1 because of the lower MED value of SanJose1.
Answer: D,F
Explanation:
The "show ip route bgp" command will display any BGP-learned routes that make it into the IP
routing table, the command "show ip bgp" is required to display the contents of the actual BGP
routing table. This output was seen on ISP because the local router ID is 192.168.100.1 (ISP).
Since we know that this output must have been seen by ISP, we know the serial 0/0/1 interface
has been configured with a metric of 75, as this is the metric to the peer with IP address
192.168.1.2 (the other side of the serial 0/0/1 interface).
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 31
Actu
alTe
sts.
com
QUESTION NO: 35
Refer to the exhibit. All routers are configured for BGP. EBGP routes received on router R2 show
up in the BGP table on routers R1 and R3 but not in their IP routing tables. What would cause
this?
A. EBGP multihop is not configured on routers R1 and R3.
B. Routers R1 and R3 do not receive the same routes via an IGP.
C. Synchronization in autonomous system 100 is turned is on.
D. The BGP routers in autonomous system 100 are not logically fully-meshed.
E. Synchronization in autonomous system 100 is turned is off.
Answer: B,C
Explanation:
If your AS passes traffic from another AS to a third AS, BGP should not advertise a route before all
routers in your AS learn about the route via IGP. BGP waits until IGP propagates the route within
the AS and then advertises it to external peers. A BGP router with synchronization enabled does
not install iBGP learned routes into its routing table if it is not able to validate those routes in its
IGP. Issue the no synchronization command under router bgp in order to disable synchronization.
This prevents BGP from validating iBGP routes in IGP. In this scenario, the routers must learn of
the same route via an IGP, or synchronization should be turned off. Since this AS does not
appear to be a transit AS, the best solution would be to disable synchronization.
Reference: BGP Case Studies,
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#synch
QUESTION NO: 36
The network consists of two separate autonomous systems as shown below:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 32
Actu
alTe
sts.
com
You need to configure Router R2 as a BGP route reflector and Router R1 as the client. Assuming
that Router R3 isn't running BGP, which two of the commands below would you enter on R2 to
satisfy your goals? (Select two)
A. neighbor 165.50.12.1 remote-as 65100
B. neighbor 165.50.12.2 remote-as 64000
C. neighbor 165.50.12.1 route-reflector-client
D. neighbor 165.50.12.2 route reflector-client
Answer: B,D
Explanation:
B: RouterR2(config-router)# neighbor 165.50.12.2 remote-as 64000 We configure router R1
(165.50.12.2) as a neighbor in AS 64000.
D: RouterR2(config-router)# neighbor 165.50.12.2 route-reflector-client Configures the router R2
as a BGP route reflector and configures the specified neighbor R1 (165.50.12.2) as its client.
Incorrect Answers:
A: We must specify router R1 as neighbor, not R2 itself (165.50.12.1). Furthermore, we should use
the local AS (64000), not the remote AS 65100.
C: We must specify router R1 as route reflector client, not R2 itself (165.50.12.1).
QUESTION NO: 37
The network consists of a series of routers that are all configured for IBGP. Which one of the
following IBGP characteristics is true?
A. The IBGP routers must always be fully meshed.
B. The IBGP routers can be in a different AS.
C. The IBGP routers must be directly connected.
D. The IBGP routers do not need to be directly connected.
E. None of the other alternatives apply are true.
Answer: D
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 33
Actu
alTe
sts.
com
Explanation:
The IBGP routers do not have to be directly connected. The remote IBGP peers need only be
reachable via a TCP connection. For example, if the network is also running an interior routing
protocol such as EIGRP or OSPF, the remote IBGP router could be many hops away, as long as it
is reachable via the IGP that is being used.
Incorrect Answers:
A: Using route reflectors or confederations a full mesh topology is not necessary.
B: The IBGP routers must be placed in the same AS. Peers that are in different autonomous
systems are using EBGP, not IBGP.
C: The IBGP routers do not have to be directly connected.
QUESTION NO: 38
A BGP router is configured as shown below:
interface ethernet 0
ip address 10.10.10.1 255.255.0.0
!
int serial 0
ip address 172.16.1.1 255.255.255.252
!
router bgp 65001
neighbor 192.168.1.1 remote-as 65002
Based on the above configuration, which of the following BGP statements would inject the
10.10.0.0/16 prefix into the BGP routing table?
A. network 10.0.0.0
B. network 10.10.0.0 mask 255.255.0.0
C. network 10.10.10.1 mask 255.255.255.255
D. network 10.10.10.0 mask 255.255.255.0
E. network 10.0.0.0 mask 255.255.0.0
Answer: B
Explanation:
The /16 mask is equal to 255.255.0.0, so answer choice B matches the address and the mask. To
specify the route as classless, the mask keyword should be included or the network will be
summarized at the network boundary.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 34
Actu
alTe
sts.
com
QUESTION NO: 39
Router R-1 is configured for BGP routing as shown below:
router bgp 65300
network 27.0.0.0
neighbor 192.23.1.1 remote-as 65300
From the perspective of router R-1, what kind of router is the router with IP address 192.23.1.1?
A. A peer router running IBGP
B. A peer router running EBGP
C. A community member running IBGP
D. A peer group member running IBGP
E. A peer group member running EBGP
Answer: A
Explanation:
Both the local and remote router is configured with the same autonomous system number so they
are peer routers running IBGP.
QUESTION NO: 40
The BGP routing table consists of the following network routes:
What is the correct command to summarize these prefixes into a single summary prefix of
192.168.12.0/22 while also allowing for the advertisement of the more specific prefixes?
A. network 192.168.12.0 mask 255.255.252.0
B. network 192.168.12.0 mask 0.0.3.255
C. network 192.168.12.0
D. aggregate-address 192.168.12.0 255.255.252.0
E. aggregate-address 192.168.12.0 255.255.252.0 summary-only
F. aggregate-address 192.168.12.0 255.255.252.0 as-set
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 35
Actu
alTe
sts.
com
Answer: D
Explanation:
To summarize BGP prefixes into one aggregated route, use the "aggregate-address" command.
When used alone, this will advertise the aggregate route, along with the individual specific routing
entries. To advertise only the aggregated route, use the "summary-only" keyword, as specified in
choice E.
QUESTION NO: 41
Router R1 needs to be configured to advertise a specific network. Which of the following
commands would you use if you wanted to advertise the subnet 154.2.1.0 255.255.255.0 to the
EBGP neighbors on your subnet?
A. Router (config-router)#network 154.2.1.0
B. Router (config-router)#network 164.2.1.0
C. Router (config-router)#network-advertise 154.2.1.0
D. Router (config-router)#network 154.2.1.0 mask 255.255.255.0
E. None of the other alternatives apply
Answer: D
Explanation:
The network command is used to specify the networks to be advertised by the Border Gateway
Protocol (BGP) and multiprotocol BGP routing processes.
Syntax: network network-number [ mask network-mask ] [ route-map map-name ]
Mask and route-map are optional. If the mask keyword is configured, then an exact match must
exist in the routing table.
Incorrect Answers:
A: If we do not specify the subnet mask then additional networks are allowed to be advertised. The
classful subnet mask of 154.2.1.0 is 255.255.0.0 - a Class B network.
B: This is using the incorrect IP address, as well as a missing subnet mask.
C: The network-advertise is an invalid command.
QUESTION NO: 42
You are the administrator of a company with BGP connections to multiple ISP's. How could you
configure BGP to make it favor one particular ISP for outbound traffic?
A. Configure weight
B. Enable route reflector
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 36
Actu
alTe
sts.
com
C. Create a distribute list
D. Enable the Longer Autonomous System path option.
E. All of the above.
Answer: A
Explanation:
If the router learns about more than one route to the same destination, the route with the highest
weight will be preferred. Weight is a Cisco BGP parameter that is local to the router. When
terminating multiple ISP connections into the same router, weight can be used to affect which path
is chosen for outbound traffic.
Incorrect Answers:
B: A route reflector cannot be used to influence outbound traffic. A route reflector modifies the
BGP split horizon rule by allowing the router configured as the route reflector to propagate routes
learned by IBGP to other IBGP peers. This saves on the number of BGP TCP sessions that must
be maintained, and also reduces the BGP routing traffic.
C: Distribute lists restrict the routing information that the router learns or advertises. By itself a
distribute list cannot make routes from one ISP be preferred to routers from another ISP.
D: This choice describes ASD path pre-pending, which would be used to influence the path that
incoming traffic takes, not outgoing.
QUESTION NO: 43
An ISP is running a large IBPG network with 25 routers. The full mesh topology that is currently in
place is inefficiently using up bandwidth from all of the BGP traffic. What can the administrator
configure to reduce the number of BGP neighbor relationships within the AS?
A. Route reflectors
B. Route maps
C. Route redistribution
D. Peer groups
E. Aggregate addresses
Answer: A
Explanation:
In general, all IBGP peers must be configured to be fully meshed. If they are not, then all of the
IBGP routers will not have the updated information from the external BGP routers. There are two
ways to overcome the scalability issues of a full IBGP mesh: route reflectors and confederations.
With route reflectors, internal BGP routers peer only with the route reflector, and then the route
reflectors connect with each other. This can considerably reduce the number of IBGP sessions.
Another solution to the scalability problem of IBGP is the use of confederations. With
confederations, the AS is broken up into smaller, more manageable sub autonomous systems.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 37
Actu
alTe
sts.
com
QUESTION NO: 44
What are the two reasons for the appearance of 0.0.0.0 as the next hop for a network when using
the "show ip bgp" command? (Choose two)
A. The network was originated via redistribution of an interior gateway protocol into BGP.
B. The network was defined by a static route.
C. The network was learned via IBGP.
D. The network was learned via EBGP.
E. The network was originated via a network or aggregate command.
Answer: A,E
Explanation:
From BGP FAQ on www.cisco.com :
Q. What does a next hop of 0.0.0.0 mean in the show ip bgp command output?
A. A network in the BGP table with a next hop address of 0.0.0.0 means that the network is locally
originated via redistribution of Interior Gateway Protocol (IGP) into BGP, or via a network or
aggregate command in the BGP configuration.
Reference:
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#tw
o
QUESTION NO: 45
Refer to the exhibit diagram and configuration. RTB is summarizing its networks from AS 64100
with the aggregate-address command. However, the show ip route command on RTA reveals the
RTB individual networks as well as its summary route. Which option would ensure that only the
summary route would appear in the routing table of RTA?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 38
Actu
alTe
sts.
com
A. Add a static route with a prefix of 192.168.24.0 255.255.252.0 pointing to the null0 interface.
B. Create a route map permitting only the summary address.
C. Delete the four network statements and leave only the aggregate-address statement in the
BGP configuration.
D. Add the keyword summary-only to the aggregate-address command.
Answer: D
Explanation:
The aggregate-address <address> <netmask> command advertises the summary address as well
as theadvertisement of the more specific routes.
The purpose of aggregate-address <network> <netmask> summary-only command is to suppress
the advertisement of more specific routes.
QUESTION NO: 46
Refer to the exhibit. BGP has been configured on the routers in the network. However, the IBGP
peers in autonomous system 65200 have not converged. In addition, this console message was
generated on router R2:
*Mar 1 03:09:07.729: %TCP-6-BADAUTH No MD5 digest from 10.10.23.2(179) to
10.10.23.3(11002)
On the basis of the information that is provided, what is the cause of the problem?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 39
Actu
alTe
sts.
com
A. OSPF must be configured with the same MD5 authentication.
B. BGP authentication can be used on iBGP peers when the connection is configured between the
loopback interfaces.
C. BGP authentication can be used on eBGP peers only.
D. The password that is used for BGP authentication on both BGP peers in autonomous system
65200 must be the same.
Answer: D
Explanation:
The above log message is relating the invalid MD5 password on neighbor. Both peers need to
use the same password for MD5 authentication.
QUESTION NO: 47
Refer to the exhibit. Which two statements are correct? (Choose two.)
A. All the routes were redistributed into BGP from an IGP.
B. All the routes were originated by BGP with the network command.
C. All six routes will be installed in the routing table.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 40
Actu
alTe
sts.
com
D. Four routes will be installed in the routing table.
E. Two routes will be installed in the routing table.
Answer: A,D
Explanation:
Because the AS paths shown all end with a ? we know that all of the routes had beed redistributed
into BGP. The four best paths, as noted with the > sign, will all be inserted into the routing table.
Section 4: Troubleshoot routing redistribution solution (5 Questions)
QUESTION NO: 48
During a redistribution of routes from OSPF into EIGRP, the administrator notices that none of the
OSPF routes are showing up in EIGRP. What are two possible causes? (Choose two.)
A. Incorrect distribute lists have been configured
B. Missing ip classless command
C. CEF not enabled
D. No default metric configured for EIGRP
Answer: A,D
Explanation:
Possible reasons for OSPF routes not showing up include the use of distribute lists to control
routing and no metric is configured either with the redistribute command or with default-metric.
Remember while redistributing into RIP or EIGRP, you should provide the metric. Here are the
default seed metrics for various protocols:
RIP : Infinity
EIGRP : Infinity
OSPF : 20
IS-IS: 0
QUESTION NO: 49
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 41
Actu
alTe
sts.
com
Refer to the exhibit and the partial configuration on router R2. On router R4 all RIP routes are
redistributed into the OSPF domain. A second redistribution is configured on router R2 using a
route map. Based on the configuration on router R2, which EIGRP external routes will be present
in the routing table of R1? Select the best response.
A. There will be no EIGRP external routes in the routing table of R1.
B. The routes originating from the RIP routing domain.
C. Only routes originating in the OSPF routing domain.
D. All routes originating from RIP and OSPF routing domains.
E. None of the other alternatives apply.
Answer: C
Explanation:
The route-map command is used to configure policy routing, which is often a complicated task. A
route map is defined using the syntax shown in the figure.
Syntax:
RouterA(Config)#route-map map-tag [permit | deny ] <Sequence Number>
RouterA(Config-map-router)#
The map-tag is the name, or ID, of the route map. This map-tag can be set to something easily
recognizable name. The route-map command changes the mode on the router to the route-map
configuration mode, from there conditions can be configured for the route map.
Route maps operate similar to access lists, by examining one line at a time and when a match is
found, action is taken. Route maps are different from numbered access lists because they can be
modified without changing the entire list. Each route map statement is given a number. If a
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 42
Actu
alTe
sts.
com
sequence number is not specified, the first route map condition will automatically be numbered as
ten (10). The second condition will automatically be numbered as 20, and so on. The optional
sequence number can be used to indicate the position that a new route map is to have in the list of
route maps already configured with the same name.
In this exhibit an access-list is created to deny from 100.10.0.0 and 200.10.10.0 (RIP Domain) and
that is called by route-map ABC. While redistributing OSPF routes into EIGRP the RED rout-map
is used; and it denies advertising the RIP domain network into EIGRP.
QUESTION NO: 50
Refer to the exhibit. The routing protocols EIGRP and OSPF have been configured as indicated in
the exhibit. Given the partial configuration of router R2, which network will be present in the routing
table of R4?
A. Network B
B. Network A and Network B
C. Network A
D. neither Network A nor Network B
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 43
Actu
alTe
sts.
com
Answer: A
Explanation:
In this exhibit the OSPF domain is redistributed into the EIGRP 100 domain so Network B will
present into Router R4. However, the Network A network will not be seen on router R4 (The
bottom router which is improperly labeled Network B) because EIGRP 50 was not redistributed
into EIGRP 100.
QUESTION NO: 51
Refer to the network shown below:
R1 and R2 belong to the RIP routing domain that includes the networks 10.20.0.0/16 and
10.21.0.0/16. R3 and R4 are performing two-way route redistribution between OSPF and RIP. A
network administrator has discovered that R2 is receiving OSPF routes for the networks
10.20.0.0/16 and 10.21.0.0/16 and a routing loop has occurred. Which action will correct this
problem?
A. Set the OSPF default metric to 20.
B. Apply an inbound ACL to the R2 serial interface.
C. Configure distribute-lists on R3 and R4.
D. Change the RIP administrative distance on R3 to 110.
E. Change the OSPF administrative distance on R3 to 110.
F. None of the other alternatives apply
Answer: C
Explanation:
Use the distribute-list command to pick and choose which routing updates a router will send or
receive. By referencing an access list, the distribute-list creates a route filter. This is a set of rules
that precisely controls what routes a router will send or receive in a routing update. This command
is available for all IP routing protocols and can be applied to either inbound or outbound routing
updates. When applied to inbound updates, the syntax for configuring a route filter is as follows:
Router(config-router)# distribute-list access-list-number in [ interface-name ]
When applied to outbound updates, the syntax can be more complicated as shown in the
following:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 44
Actu
alTe
sts.
com
Router(config-router)# distribute-list access-list-number out [ interface-name | routing-process |
as-number ]
The routing-process and as-number options are invoked when exchanging routes between
different routing protocols.
QUESTION NO: 52
RIP and OSPF are configured on the routers as shown in the exhibit. R2 is configured with a two-
way redistribution between RIP and OSPF domains. All routers can ping each other, but R1
cannot see any of the OSPF routes in its routing table. What could the problem be?
A. OSPF and RIP use the same major network 172.16.0.0. Therefore, the keyword subnets is not
required to redistribute protocols into OSPF.
B. Because OSPF has a longer mask for the same major network than RIP and because RIP
version 1 is being used, none of the routes learned from OSPF will be advertised into RIP.
C. The metric for the OSPF routes that are redistributed into RIP is too low, a fact that prevents
OSPF routes from being advertised into RIP.
D. The process of redistribution of RIP into OSPF does not require any metric conversion, so there
is no need to define the metric using the default-metric command during the redistribution.
Answer: B
Explanation:
The subnets keyword tells OSPF to redistribute all subnet routes. Without the subnets keyword,
only networks that are not subnetted are redistributed by OSPF.
Example:
Router A(config)# router ospf 109 Router A(config-router)# redistribute rip subnets Router
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 45
Actu
alTe
sts.
com
A(config-router)# network 130.10.62.0 0.0.0.255 area 0 Router A(config-router)# network
130.10.63.0 0.0.0.255 area 0
Section 5: Troubleshoot a DHCP client and server solution (13 Questions)
QUESTION NO: 53
What is the purpose of configuring router R1 with the "IP Helper address" command?
A. IP Helper is used to direct BOOTP clients to a BOOTP server.
B. IP Helper is used to prevent the router form forwarding IP broadcasts.
C. IP Helper is used to allow IPX clients to communicate with IP-based servers.
D. IP Helper is used to accommodate compatibility routers using different IP routing protocols.
E. None of the other alternatives apply
Answer: A
Explanation:
The ip helper-address command is used to have the Cisco IOS software forward User Datagram
Protocol (UDP) broadcasts, including BOOTP, received on an interface. DHCP protocol
information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set
of clients, configure a helper address on the router interface closest to the client. The helper
address should specify the address of the DHCP server.
Note: A DHCP server can be considered to be a BOOTP server, even though a DHCP server is
more advanced.
Incorrect Answers:
B: Combined with the ip forward-protocol global configuration command, the ip helper-address
command allows you to control which broadcast packets and which protocols are forwarded.
However, the main purpose of the IP helper feature is not to prevent the router from forwarding IP
broadcasts.
C: IP helper does not use IPX.
D: This is false.
QUESTION NO: 54
When you execute the "ip helper-address" command on a router, which three UDP ports get
enabled automatically by default? (Select three)
A. 53 (DNS)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 46
Actu
alTe
sts.
com
B. 69 (TFTP)
C. 515 (LPR)
D. 161 (SNMP)
E. 49 (TACACS)
Answer: A,B,E
Explanation:
To forward the BootP/DHCP request from the client to the DHCP server, the ip helper-address
interface command is used. The IP helper-address can be configured to forward any UDP
broadcast based on UDP port number. By default, the IP helper-address will forward the following
UDP broadcasts: DNS (port 53), time service (port 37) Trivial File Transfer Protocol (TFTP) (port
69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name
server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and
server datagrams (ports 67 and 68) IEN-116 name service (port 42)
Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks
http://www.cisco.com/warp/public/473/100.html
QUESTION NO: 55
Refer to the exhibit. Router RTA has been configured as a DHCP server. The two debug
commands will generate output on RTA when Host A requests an IP address. Which set of
DHCPD debug messages is in the correct sequence?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 47
Actu
alTe
sts.
com
A. DHCPD: Sending DHCPOFFER to client
DHCPD: DHCPDISCOVER received from client
DHCPD: DHCPREQUEST received from client
DHCPD: Sending DHCPACK to client
B. DHCPD: DHCPDISCOVER received from client
DHCPD: DHCPREQUEST received from client
DHCPD: Sending DHCPOFFER to client
DHCPD: Sending DHCPACK to client
C. DHCPD: DHCPDISCOVER received from client
DHCPD: Sending DHCPOFFER to client
DHCPD: DHCPREQUEST received from client
DHCPD: Sending DHCPACK to client
D. DHCPD: DHCPREQUEST received from client
DHCPD: Sending DHCPOFFER to client
DHCPD: DHCPDISCOVER received from client
DHCPD: Sending DHCPACK to client
E. DHCPD: Sending DHCPACK to client
DHCPD: DHCPDISCOVER received from client
DHCPD: Sending DHCPOFFER to client
DHCPD: DHCPREQUEST received from client
F. DHCPD: DHCPDISCOVER received from client
DHCPD: Sending DHCPACK to client
DHCPD: Sending DHCPOFFER to client
DHCPD: DHCPREQUEST received from client
Answer: C
Explanation:
The following example shows a combination of DHCP server events and decoded receptions and
transmissions:
Router# debug ip dhcp server events
Router# debug ip dhcp server packets
DHCPD:DHCPDISCOVER received from client 0b07.1134.a029 through relay 10.1.0.253.
DHCPD:assigned IP address 10.1.0.3 to client 0b07.1134.a029.
DHCPD:Sending DHCPOFFER to client 0b07.1134.a029 (10.1.0.3).
DHCPD:unicasting BOOTREPLY for client 0b07.1134.a029 to relay 10.1.0.253.
DHCPD:DHCPREQUEST received from client 0b07.1134.a029.
DHCPD:Sending DHCPACK to client 0b07.1134.a029 (10.1.0.3).
DHCPD:unicasting BOOTREPLY for client 0b07.1134.a029 to relay 10.1.0.253.
DHCPD:checking for expired leases.
Note that for this question, the correct order of events are highlighted above.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 48
Actu
alTe
sts.
com
Reference:
http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_h1.html#wp1020307
QUESTION NO: 56
Refer to the exhibit. Router RTA has been configured as a DHCP server for router RTC. On the
basis of the information that is provided, which statement about DHCP is true?
A. The VLAN1-POOL argument must be issued for the Fa0/1 interface on router RTA.
B. Router RTA must be configured with the default-router 192.168.3.2 DHCP command.
C. The ip address dhcp interface configuration command must be issued for the Fa0/1 interface of
router RTA.
D. The ip helper-address 192.168.1.2 interface configuration command must be issued for the
Fa0/1 interface on router RTA.
E. Router RTC must be configured with the ip address dhcp global configuration command.
F. The lease 2 0 0 DHCP configuration command would change the default DHCP lease time to
48 hours on router RTA.
Answer: F
Explanation:
Configuring the Address Lease Time:
By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the
amount of time that the address is valid. To change the lease value for an IP address, use the
following command in DHCP pool configuration mode:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 49
Actu
alTe
sts.
com
Reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.ht
m#22915
QUESTION NO: 57
Refer to the exhibit. Which statement is true about the information that is given?
A. Router R2 will distribute incorrect default router option information to DHCP clients because it is
importing this information from R1.
B. As configured, router R2 will retrieve domain name and other option information from R1.
C. For the import all command to work on router R2, its Fa0/1 interface must be configured as a
DHCP client.
D. The DHCP clients of router R2 will receive the same option information that the clients of R1
receive.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 50
Actu
alTe
sts.
com
Answer: C
Explanation:
DHCP Server Options Import and Autoconfiguration Example:
The following example shows a remote and central server configured to support DHCP options
import and autoconfiguration. The central server is configured to automatically update DHCP
options, such as DNS and WINs addresses, within the DHCP pools. In response to a DHCP
request from a local client behind CPE equipment, the remote server can request or "import" these
option parameters from the centralized server. See below for a diagram of the network topology.
Central Router
!do not assign this range to DHCP clients
ip dhcp-excluded address 10.0.0.1 10.0.0.5
!
ip dhcp pool central
! Specifies network number and mask for DHCP clients
network 10.0.0.0 255.255.255.0
! Specifes the domain name for the client
domain-name central
! Specifies DNS server that will respond to DHCP clients when they need to correlate host
! name to ip address
dns-server 10.0.0.2
!Specifies the NETBIOS WINS server
netbios-name-server 10.0.0.2
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
Remote Router
!
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 51
Actu
alTe
sts.
com
ip dhcp pool client
! Imports DHCP options parameters into DHCP server database
import all
network 20.0.0.0 255.255.255.0
!
interface FastEthernet0/0
ip address dhcp
duplex auto
speed auto
In our example, Router R 1 is acting as the central router, and R 2 is acting as the remote router.
As shown in the example, interface Fa0/1 needs to have the "ip address dhcp" command applied,
making it a DHCP client.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0
9186a00800ca75c.html#wp1009276
QUESTION NO: 58
Refer to the exhibit. A network administrator consoles into the ASw1 switch and attempts to save
the switch configuration to the TFTP server that is located at IP address 10.1.2.10/24. However,
whenever the copy running-config tftp command is issued with default options on switch ASw1, an
error is produced. Which configuration would correct this situation?
A. ASw1(config)# interface range fastethernet 0/1 - 24
ASw1(config-if-range)# ip forward-protocol udp 69
B. RTA(config)# interface fastethernet0/1
RTA(config-if)# ip forward-protocol udp 69
C. RTA(config)# interface fastethernet0/0
RTA(config-if)# ip helper-address 10.1.2.10
D. RTA(config)# interface fastethernet0/1
RTA(config-if)# ip helper-address 10.1.2.10
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 52
Actu
alTe
sts.
com
E. RTA(config)# interface fastethernet0/0
RTA(config-if)# ip forward-protocol udp 69
F. ASw1# copy tftp running-config
Answer: C
Explanation:
DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices might
use broadcasts to locate TFTP servers. Some clients might need to broadcast to locate a
TACACS security server. In a complex hierarchical network, clients might not reside on the same
subnet as key servers. Such remote clients broadcast to locate these servers, but routers, by
default, do not forward client broadcasts beyond their subnet. Some clients are unable to make a
connection without services such as DHCP. For this reason, the administrator must provide DHCP
and DNS servers on all subnets or use the Cisco IOS software helper address feature. Running
services such as DHCP or DNS on several computers creates overhead and administrative
problems, so the first option is not very appealing. When possible, administrators use the ip
helper-address command to relay broadcast requests for these key User Datagram Protocol
(UDP) services.
By using the ip helper-address command, a router can be configured to accept a broadcast
request for a UDP service and then forward it as a unicast to a specific IP address
By default, the ip helper-address command will forward these 8 UDP ports:
Reference: http://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9
QUESTION NO: 59
Refer to the exhibit. Based upon the information in the exhibit, which statement is true?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 53
Actu
alTe
sts.
com
A. DHCP requests from the host will be rebroadcasted to R2.
B. To complete this configuration, the R1 fa0/0 interface must be configured with the ip helper-
addresses command.
C. To complete this configuration, the R2 fa0/0 interface must be configured with the ip helper-
addresses command.
D. R1 will forward all DHCP requests to both 192.168.100.1 and 192.168.200.1 as unicast
messages.
E. R1 will forward DHCP requests to 192.168.100.1. If there is no response, R1 will then forward
the requests to 192.168.200.1.
Answer: D
Explanation:
A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay
agents receive DHCP messages and then generate a new DHCP message to send out on another
interface. The agents forward requests and replies between clients and servers when they are not
on the same physical subnet.
The Cisco IOS DHCP relay agent is enabled on an interface only when the ip helper-address is
configured.
If multiple helper-addresses are configured, it tries to get response from first, if no response got
from the first helper address then sends the request to second one.
QUESTION NO: 60
Refer to the exhibit. Which two statements are true? (Choose two)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 54
Actu
alTe
sts.
com
A. DHCPDISCOVER packets will reach the DHCP server.
B. The router will not forward DHCPDISCOVER packets because it has not been configured to do
so.
C. This configuration is applied to interface Fa0/1.
D. DHCPDISCOVER packets will not reach the DHCP server because DHCPDISCOVER packets
are broadcasts.
E. DHCPDISCOVER packets will not reach the DHCP server because ports 67 and 68 have not
been explicitly allowed by the ip forward-protocol command.
F. This configuration is applied to interface Fa0/0.
Answer: A,E
Explanation:
While routers accept and generate broadcasts, they do not forward them. This can be quite a
problem when a broadcast needs to get to a device such as a DHCP or TFTP server that's on one
side of a router with other subnets on the other side.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 55
Actu
alTe
sts.
com
If this PC attempts to locate a DNS server with a broadcast, the broadcast will be stopped by the
router and will never get to the DNS server. By configuring the ip helper-address command on the
router, UDP broadcasts such as this will be translated into a unicast by the router, making the
communication possible. The command should be configured on the interface that will be
receiving the broadcasts.
R1(config)#int e0 R1(config-if)#ip helper-address ? A.B.C.D IP destination address
R1(config-if)#ip helper-address 10.1.1.1
This command does forward eight common UDP service broadcasts by default. TIME, port 37
TACACS, port 49 DNS, port 53 BOOTP/DHCP Server, port 67 BOOTP/DHCP Client, port 68
TFTP, port 69 NetBIOS name service, port 137 NetBIOS datagram service, port 138
That's going to cover most scenarios where the ip helper-address command will be useful, but
what about those situations where the broadcast you need forwarded is not on this list? You can
use the ip forward-protocol command to add any UDP port number to the list. In this particular
case, ports 67 and 68 were not included, so the BOOTP packets will not be sent to the DHCP
server.
QUESTION NO: 61
On router R1, which three of the following protocols will be forwarded to a host specified by the "ip
helper-address" interface configuration command if the configuration has not been modified by the
"ip forward-protocol udp" global configuration command? (Choose three)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 56
Actu
alTe
sts.
com
A. BOOTP
B. TFTP
C. ARP
D. DNS
E. proxy-ARP
F. FTP
G. CDP
Answer: A,B,D
Explanation:
To forward the BootP/DHCP request from the client to the DHCP server, the ip helper-address
interface command is used. The IP helper-address can be configured to forward any UDP
broadcast based on UDP port number. By default, the IP helper-address will forward the following
UDP broadcasts: DNS (port 53), time service (port 37) Trivial File Transfer Protocol (TFTP) (port
69) Terminal Access Control Access Control System (TACACS) service (port 49) NetBIOS name
server (port 137) NetBIOS datagram server (port 138) Boot Protocol (DHCP/BootP) client and
server datagrams (ports 67 and 68) IEN-116 name service (port 42)
Reference: Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks
http://www.cisco.com/warp/public/473/100.html
QUESTION NO: 62
Refer to the exhibit. Which statement is true about the configuration?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 57
Actu
alTe
sts.
com
A. Hosts belonging to DHCP pool 1 and pool 2 will retain their IP settings for 30 hours before they
must renew.
B. Hosts will receive IP settings from pool 1 until the addresses run out, and then hosts will receive
the settings from pool 2.
C. Hosts in the 10.10.20.0/24 subnet will use 10.10.20.50 as its DNS server.
D. DHCP pool 0 needs to have the ip dhcp excluded-address command to exclude the default
router and DNS servers.
Answer: C
Explanation:
When configuring the Router as a DHCP server you should follow these steps:
Define the pool using ip dhcp pool <poolname>
Define the network to assign to client to the pool using : network network/mask
Define the lease time using lease days
Define the DNS server to resolve name/ip using: dns-server <ip address>
Define the Default Gateway to assign to the client: degault-router <router ip add>
In exhibit there is no dns-server in pool 1 and pool 2. If a dns server is not defined in the pool, it
takes from the previous pool, same thing will happen here, pool 1 and pool 2 use the 10.10.20.50
as the DNS server from the pool 0.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 58
Actu
alTe
sts.
com
QUESTION NO: 63
Refer to the exhibit. The DHCP configuration that is shown is configured on a Cisco router. Which
statement is true?
A. The router will distribute IP addresses from pool 1 until its addresses are exhausted. Then the
router will begin distributing addresses from pool 2.
B. The configuration is invalid because the DHCP options are global configuration commands.
C. The configuration is incomplete until the DHCP pools are bound to the appropriate interface or
interfaces.
D. The router will choose which pool to use based upon the interface the DHCP request was
received on.
Answer: D
Explanation:
There are two pools with different networks. Pool 1 has 172.16.1.0/24 and pool 2 has
172.16.2.0/24. Suppose that the router has fa0/0 interface with IP address 172.16.1.1 and fa0/1
with IP address 172.16.2.1. When a client sends the DHCP request on fa0/0 the router will assign
the IP address from pool 1 and when a client sends the DHCP request on fa0/1 Router will assign
IP address from pool 2 because the pool selection is based on the network address of the
associated interface IP address.
QUESTION NO: 64
Refer to the exhibit. A network administrator has configured DHCP services on the router as
shown. DHCP clients connected to the FastEthernet0/0 interface are working properly. DHCP
clients connected to the FastEthernet0/1 interface are not receiving addresses. Which two
statements contain recommendations that will solve the problem? (Choose two.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 59
Actu
alTe
sts.
com
A. The network shown in the output under the ip dhcp pool Central command should be changed
to network 10.10.0.0 with a mask of 255.255.255.0.
B. A second DHCP pool for network 10.10.0.0/24 should be configured.
C. An ip dhcp excluded-address global configuration command for network 10.10.0.0/24 should be
issued.
D. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to
the FastEthernet0/0 configuration.
E. The ip helper-address 10.0.0.1 command should be issued so that the address can be added to
the FastEthernet0/1 configuration.
Answer: B,C
Explanation:
In the exhibit, the DHCP pool has been configured for the 10.0.0.0 255.255.255.0 network so
clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not
receiving an IP address because the DHCP pool for 10.10.0.0/24 network has not been
configured. So to assign an IP address to clients connected to fa0/1 interface you should configure
the DHCP pool for 10.10.0.0/24 network.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 60
Actu
alTe
sts.
com
QUESTION NO: 65
Refer to the exhibit. Which two statements are true about the partial configuration that is shown?
(Choose two.)
A. Hosts connected to the FastEthernet0/1 interface will not receive DHCP replies from the router.
B. The first DHCP client to connect to the FastEthernet 0/1 interface will receive the IP address
10.10.0.1.
C. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address
10.0.0.1
D. DHCP requests received on the FastEthernet 0/1 interface will be forwarded to 10.0.0.2.
E. The first DHCP client to connect to the FastEthernet 0/0 interface will receive the IP address
10.0.0.6.
Answer: A,E
Explanation:
In the exhibit, the DHCP pool has been configured for the 10.0.0.0 255.255.255.0 network so
clients connected to fa0/0 are receiving an IP address but clients connected to fa0/1 are not
receiving IP address because the DHCP pool for the 10.10.0.0/24 network has not been
configured. So to assign IP addresses to clients connected to fa0/1 interface you should configure
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 61
Actu
alTe
sts.
com
the DHCP pool for 10.10.0.0/24 network.
Section 6: Troubleshoot NAT (0 Questions)
Section 7: Troubleshoot first hop redundancy protocols (18 Questions)
QUESTION NO: 66
Refer to the exhibit. Which two statements are true about the output from the show standby vlan
50 command? (Choose two.)
A. The command standby 1 preempt was added to Catalyst_A.
B. Catalyst_A is load sharing traffic in VLAN 50.
C. Hosts using the default gateway address of 192.168.1.1 will have their traffic sent to
192.168.1.11 even after Catalyst_A becomes available again.
D. Hosts using the default gateway address of 192.168.1.2 will have their traffic sent to
Catalyst_A.
Answer: A,B
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 62
Actu
alTe
sts.
com
HSRP uses a priority scheme to determine which HSRP-configured router is to be the default
active router. To configure a router as the active router, you assign it a priority that is higher than
the priority of all the other HSRP-configured routers. The default priority is 100, so if you configure
just one router to have a higher priority, that router will be the default active router.
HSRP works by the exchange of multicast messages that advertise priority among HSRP-
configured routers. When the active router fails to send a hello message within a configurable
period of time, the standby router with the highest priority becomes the active router. The transition
of packet- forwarding functions between routers is completely transparent to all hosts on the
network.
HSRP-configured routers exchange three types of multicast messages:
Hello -The hello message conveys to other HSRP routers the router's HSRP priority and state
information. By default, an HSRP router sends hello messages every three seconds.
Coup -When a standby router assumes the function of the active router, it sends a coup message.
Resign -A router that is the active router sends this message when it is about to shut down or
when a router that has a higher priority sends a hello message.
At any time, HSRP-configured routers are in one of the following states:
Active -The router is performing packet-transfer functions.
Standby -The router is prepared to assume packet-transfer functions if the active router fails.
Speaking and listening -The router is sending and receiving hello messages.
Listening -The router is receiving hello messages.
The standby preempt interface configuration command allows the router to become the active
router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.
The configurations of both routers include this command so that each router can be the standby
router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If
you do not use the standby preempt command in the configuration for a router, that router cannot
become the active router.
QUESTION NO: 67
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 63
Actu
alTe
sts.
com
Refer to the exhibit. Based upon the debug output that is shown, which three statements about
HSRP are true? (Choose three.)
A. The router with IP address 172.16.11.112 is using default HSRP priority.
B. The IP address 172.16.11.115 is the virtual HSRP IP address.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP
address 172.16.11.111.
D. The router with IP address 172.16.11.111 has preempt configured.
E. The final active router is the router with IP address 172.16.11.111.
F. The router with IP address 172.16.11.112 has nonpreempt configured.
Answer: B,D,E
Explanation:
Each router in an HSRP group has its own unique IP address assigned to an interface. This
address is used for all routing protocol and management traffic initiated by or destined to the
router. In addition, each router has a common gateway IP address, the virtual router address, that
is kept alive by HSRP. This address is also referred to as the HSRP address or the standby
address . Clients can point to that virtual router address as their default gateway, knowing that a
router always keeps that address active. Keep in mind that the actual interface address and the
virtual (standby) address must be configured to be in the same IP subnet. You can assign the
HSRP address with the following interface command:
Switch(config-if)# standby group ip ip-address [secondary]
When HSRP is used on an interface that has secondary IP addresses, you can add the secondary
keyword so that HSRP can provide a redundant secondary gateway address.
You can configure a router to preempt or immediately take over the active role if its priority is the
highest at any time. Use the following interface configuration command to allow preemption:
Switch(config-if)# standby group preempt [delay seconds]
By default, the router can preempt another immediately, without delay. You can use the delay
keyword to force it to wait for seconds before becoming active. This is usually done if there are
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 64
Actu
alTe
sts.
com
routing protocols that need time to converge.
QUESTION NO: 68
What can be determined about the HSRP relationship from the displayed debug output?
A. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router
172.16.11.112.
B. The IP address 172.16.11.112 is the virtual HSRP router IP address.
C. The nonpreempt feature is enabled on the 172.16.11.112 router.
D. The IP address 172.16.11.111 is the virtual HSRP router IP address.
E. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router
172.16.11.111.
F. The preempt feature is not enabled on the 172.16.11.111 router.
Answer: F
Explanation:
The standby preempt interface configuration command allows the router to become the active
router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.
The configurations of both routers include this command so that each router can be the standby
router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If
you do not use the standby preempt command in the configuration for a router, that router cannot
become the active router.
QUESTION NO: 69
Examine the router output above. Which two items are correct? (Choose two.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 65
Actu
alTe
sts.
com
A. If Ethernet 0/2 goes down, the standby router will take over.
B. The local IP address of Router A is 10.1.0.6.
C. When Ethernet 0/3 of RouterA comes back up, the priority will become 105.
D. Router A will assume the active state if its priority is the highest.
E. The local IP address of Router A is 10.1.0.20.
Answer: C,D
Explanation:
Since preemption has been configured, we know that when any router comes back up, it will
become the active router as long as it has a higher priority value.
In this example, the current priority shows it to be 95. If the interface were to come up, it would
now be 95 + 10 (which is the default value) so the total value would then become 105. If fast0/2
were to come up as well, it would then be 105 + 15 (special override as seen in the command) =
120.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi
guration/guide/swhsrp.html
QUESTION NO: 70
Refer to the exhibit. Which two problems are the most likely cause of the exhibited output?
(Choose two.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 66
Actu
alTe
sts.
com
A. VRRP misconfiguration
B. spanning tree issues
C. transport layer issues
D. physical layer issues
E. HSRP misconfiguration
Answer: D,E
Explanation:
Each router in an HSRP group has its own unique IP address assigned to an interface. This
address is used for all routing protocol and management traffic initiated by or destined to the
router. In addition, each router has a common gateway IP address, the virtual router address that
is kept alive by HSRP. This address is also referred to as the HSRP address or the standby
address . Clients can point to that virtual router address as their default gateway, knowing that a
router always keeps that address active. Keep in mind that the actual interface address and the
virtual (standby) address must be configured to be in the same IP subnet. You can assign the
HSRP address with the following interface command:
Switch(config-if)# standby group ip ip-address [secondary]
When HSRP is used on an interface that has secondary IP addresses, you can add the secondary
keyword so that HSRP can provide a redundant secondary gateway address.
QUESTION NO: 71
Refer to the exhibit. Based upon the debug output that is shown, which three statements about
HSRP are true? (Choose three.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 67
Actu
alTe
sts.
com
A. The router with IP address 172.16.11.112 is using default HSRP priority.
B. The IP address 172.16.11.115 is the virtual HSRP IP address.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP
address 172.16.11.111.
D. The router with IP address 172.16.11.111 has preempt configured.
E. The final active router is the router with IP address 172.16.11.111.
F. The router with IP address 172.16.11.112 has nonpreempt configured.
Answer: B,D,E
Explanation:
Each router in an HSRP group has its own unique IP address assigned to an interface. This
address is used for all routing protocol and management traffic initiated by or destined to the
router. In addition, each router has a common gateway IP address, the virtual router address, that
is kept alive by HSRP. This address is also referred to as the HSRP address or the standby
address . Clients can point to that virtual router address as their default gateway, knowing that a
router always keeps that address active. Keep in mind that the actual interface address and the
virtual (standby) address must be configured to be in the same IP subnet. You can assign the
HSRP address with the following interface command:
Switch(config-if)# standby group ip ip-address [secondary]
When HSRP is used on an interface that has secondary IP addresses, you can add the secondary
keyword so that HSRP can provide a redundant secondary gateway address.
You can configure a router to preempt or immediately take over the active role if its priority is the
highest at any time. Use the following interface configuration command to allow preemption:
Switch(config-if)# standby group preempt [delay seconds]
By default, the router can preempt another immediately, without delay. You can use the delay
keyword to force it to wait for seconds before becoming active. This is usually done if there are
routing protocols that need time to converge.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 68
Actu
alTe
sts.
com
QUESTION NO: 72
Examine the router output above. Which two items are correct? (Choose two.)
A. If Ethernet 0/2 goes down, the standby router will take over.
B. The local IP address of Router A is 10.1.0.6.
C. When Ethernet 0/3 of RouterA comes back up, the priority will become 105.
D. Router A will assume the active state if its priority is the highest.
E. The local IP address of Router A is 10.1.0.20.
Answer: C,D
Explanation:
Since preemption has been configured, we know that when any router comes back up, it will
become the active router as long as it has a higher priority value.
In this example, the current priority shows it to be 95. If the interface were to come up, it would
now be 95 + 10 (which is the default value) so the total value would then become 105. If fast0/2
were to come up as well, it would then be 105 + 15 (special override as seen in the command) =
120.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/confi
guration/guide/swhsrp.html
HSRP election is based on a priority value (0 to 255) that is configured on each router in the
group. By default, the priority is 100. The router with the highest priority value (255 is highest)
becomes the active router for the group. If all router priorities are equal or set to the default value,
the router with the highest IP address on the HSRP interface becomes the active router. To set the
priority, use the following interface configuration command:
Switch(config-if)# standby group priority priority
When HSRP is configured on an interface, the router progresses through a series of states before
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 69
Actu
alTe
sts.
com
becoming active. This forces a router to listen for others in a group and see where it fits into the
pecking order. The HSRP state sequence is Disabled, Init, Listen, Speak, Standby, and, finally,
Active.
QUESTION NO: 73
What can be determined about the HSRP relationship from the displayed debug output?
A. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router
172.16.11.112.
B. The IP address 172.16.11.112 is the virtual HSRP router IP address.
C. The nonpreempt feature is enabled on the 172.16.11.112 router.
D. The IP address 172.16.11.111 is the virtual HSRP router IP address.
E. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router
172.16.11.111.
F. The preempt feature is not enabled on the 172.16.11.111 router.
Answer: F
Explanation:
The standby preempt interface configuration command allows the router to become the active
router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.
The configurations of both routers include this command so that each router can be the standby
router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If
you do not use the standby preempt command in the configuration for a router, that router cannot
become the active router.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 70
Actu
alTe
sts.
com
QUESTION NO: 74
Which three of the following network features are methods used to achieve high availability?
(Select all that apply.)
A. Spanning Tree Protocol (STP)
B. Delay reduction
C. Hot Standby Routing Protocol (HSRP)
D. Dynamic routing protocols
E. Quality of Service (QoS)
F. Jitter management
Answer: A,C,D
Explanation:
Because the importance of high availability networks is increasingly being recognized, many
organizations are beginning to make reliability/availability features a key selection criteria for
network infrastructure products. With this in mind, Cisco Systems engaged ZD Tag to observe and
confirm the results of a series of tests demonstrating the high availability features of Cisco Catalyst
Layer 2/Layer 3 switches. In order to maximize the relevance of the results, the demonstration was
based on a model of a "real world" campus (in one of Cisco's Enterprise Solution Center labs in
San Jose , California ).
This switched internetwork consisted of wiring closet, wiring center, and backbone switches and
conformed to Cisco's modular three-tier (Access/Distribution/Core) design philosophy. The testing
demonstrated the following high availability and resilience features of Catalyst switches: per-VLAN
Spanning Tree (PVST) using Cisco's InterSwitch Link (ISL) and 802.1Q VLAN Trunking Cisco
Spanning Tree Enhancements, including UplinkFast and PortFast Cisco Hot Standby Router
Protocol (HSRP) and HSRP Track Cisco IOS per-destination load balancing over equal cost
OSPF paths Cisco IOS fast convergence for OSPF
Reference: http://www.cisco.com/warp/public/779/largeent/learn/technologies/campuslan.pdf
QUESTION NO: 75
Network topology exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 71
Actu
alTe
sts.
com
R1 configuration exhibit:
R2 configuration exhibit:
You work as a network technician. Please study the exhibit carefully.
In this scenario the following are true:
* Host A can ping the headquarter office
* HSRP is configured on R1
* First R1 and then R2 are configured and reloaded
Based on this information, what can be said of this network?
A. R1 will be the standby router because it has the lower IP address.
B. R2 will be the standby router because it has the higher IP address.
C. R1 will be the active router because it booted first.
D. R2 will be the active router because it booted last.
E. R1 will be the active router because it has the lower priority that is configured.
F. R2 will be the active router because it has the higher priority that is configured.
Answer: C
Explanation:
Even though router R2 has a higher priority, it will not become the active router because the HSRP
preemption was not configured. Since the "standby 62 preempt" command was not configured,
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 72
Actu
alTe
sts.
com
the first HSRP router to boot up will become the active router and remain the active router even
when another device with a higher priority is added.
QUESTION NO: 76
Exhibit:
You are troubleshooting a redundancy issue with the network. Based on the R3 "debug standby"
output in the exhibit, which HSRP statement is true?
A. R3 is the active router because the standby timer has been incorrectly configured.
B. R3 is the active router because it has a lower priority on that VLAN.
C. R3 is the active router and is advertising the virtual IP address 10.110.10.111 on VLAN 11.
D. R3 is the active router because it has a lower IP address then the tying priority router on that
VLAN.
E. R3 is the active router because it is the only HSRP-enabled router on that segment
F. None of the other alternatives apply
Answer: E
Explanation:
In the output shown, it can be seen that the standby router is unknown, and the active timer is
expired meaning that this router was unable to locate any other HSRP enabled routers on the
LAN. It then became the active router, with no standby router.
QUESTION NO: 77
Refer to the exhibit. Host A has sent an ARP message to the default gateway IP address
10.10.10.1. Which statement is true?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 73
Actu
alTe
sts.
comA. DSw1 will reply with the MAC address of the next AVF.
B. DSw2 will reply with the MAC address of the next AVF.
C. Because of the invalid timers that are configured, DSw1 will not reply.
D. Because of the invalid timers that are configured, DSw2 will not reply.
E. DSw1 will reply with the IP address of the next AVF.
F. DSw2 will reply with the IP address of the next AVF.
Answer: B
Explanation:
The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to
overcome the limitations of existing redundant router protocols. Some of the concepts are the
same as with HSRP/VRRP, but the terminology is different and the behavior is much more
dynamic and robust.
The trick behind this load balancing lies in the GLBP group. One router is elected the active virtual
gateway (AVG). This router has the highest priority value, or the highest IP address in the group, if
there is no highest priority. The AVG answers all ARP requests for the virtual router address.
Which MAC address it returns depends on which load-balancing algorithm it is configured to use.
In any event, the virtual MAC address supported by one of the routers in the group is returned.
According to exhibit, Router DSW2 is the Active Virtual Gateway (AVG) router because it has
highest IP address even having equal priority. When router DSW1 sends the ARP message to
10.10.10.1 Router DSW 2 will reply to DSW 1 as a Active Virtual Router.
QUESTION NO: 78
Exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 74
Actu
alTe
sts.
com
You have configured HSRP on router R5 as shown. Based on the "debug standby" output in the
exhibit, which HSRP statement is true?
A. R5 is the active router because it is the only HRSP-enabled router on that segment.
B. R5 is the active router because the standby timer has been incorrectly configured.
C. R5 is the active router because it has a lower priority on that VLAN.
D. R5 is the active router because it has a lower IP address than the tying priority router on that
VLAN.
E. R5 is the active router and is advertising the virtual IP address 10.10.10.111 on VLAN 11.
F. None of the other alternatives apply
Answer: A
Explanation:
Answer A is correct because there is no response from the HSRP neighbor. As we can see from
the exhibit, the neighbor discovery timer has expired and the standby router is unknown.
QUESTION NO: 79
Routers R1 and R2 are configured for HSRP as shown below:
Router R1:
interface ethernet 0
ip address 20.6.2.1 255.255.255.0
standby 35 ip 20.6.2.21
standby 35 priority 100
interface ethernet 1
ip address 20.6.1.1.2 255.255.255.0
standby 34 ip 20.6.1.21
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 75
Actu
alTe
sts.
com
Router R2:
interface ethernet 0
ip address 20.6.2.2 255.255.255.0
standby 35 ip 20.6.2.21
interface ethernet 1
ip address 20.6.1.1.1 255.255.255.0
standby 34 ip 20.6.1.21
standby 34 priority 100
You have configured the routers R1 & R2 with HSRP. While debugging router R2 you notice very
frequent HSRP group state transitions. What is the most likely cause of this?
A. physical layer issues
B. no spanning tree loops
C. use of non-default HSRP timers
D. failure to set the command standby 35 preempt
Answer: A
Explanation:
R2 is not able to from the standby state to reach the active state. This could be caused by missing
HSRP hello messages. There are several possible causes for HSRP packets to get lost between
the peers. The most common problems are Physical Layer Problems or excessive network traffic
caused by Spanning-Tree Issues.
Note:
Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol used for allowing redundant
connections. It can keep core connectivity if the primary routing process fails.
HSRP defines six states in which an HSRP router may run: initial, learn, listen, speak, standby,
and active.
Incorrect Answers:
B: Spanning tree loops does not affect this problem.
C: Not a likely cause. Besides, in the example here the default values were indeed used.
QUESTION NO: 80
Refer to the exhibit. Which three statements accurately describe this GLBP topology? (Choose
three.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 76
Actu
alTe
sts.
comA. Router A is responsible for answering ARP requests sent to the virtual IP address.
B. If Router A becomes unavailable, Router B will forward packets sent to the virtual MAC address
of Router A.
C. If another router were added to this GLBP group, there would be two backup AVGs.
D. Router B is in GLBP listen state.
E. Router A alternately responds to ARP requests with different virtual MAC addresses.
F. Router B will transition from blocking state to forwarding state when it becomes the AVG.
Answer: A,B,E
Explanation:
With GLBP the following is true:
With GLB, there is 1 AVG and 1 standby VG. In this case R1 is the AVG and R2 is the standby.
R2 would act as a VRF and would already be forwarding and routing packets. Any additional
routers would be in a listen state.
As the role of the Active VG and load balancing, R1 responds to ARP requests with different
virtual MAC addresses.
In this scenario, R2 is the Standby VFfor the VMAC 0008.b400.0101 and would become the Active
VF if R1 were down.
As the role of the Active VG, the primary responsibility is to answer ARP requests to the virtual IP
address.
As an AVF router R2 is already forwarding/routing packets
QUESTION NO: 81
Network topology exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 77
Actu
alTe
sts.
com
In this network segment, the two routers on the network are configured for GLBP (Gateway Load
Balancing Protocol). What can be said about this?
A. The hosts will have different default gateway IP addresses and different MAC addresses for
each rtouter.
B. The default gateway address of each host should be set to the virtual IP address.
C. The hosts will learn the proper default gateway IP address from Router R1.
D. The default gateway address of each host should be set to the real IP address of the router.
E. None of the other alternatives apply.
Answer: B
Explanation:
GLBP performs a similar, but not identical, function for the user as the HSRP and VRRP. Both
HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured
with a virtual IP address. One member is elected to be the active router to forward packets sent to
the virtual IP address for the group. The other routers in the group are redundant until the active
router fails. With standard HSRP and VRRP, these standby routers pass no traffic in normal
operation - which is wasteful. Therefore the concept cam about for using multiple virtual router
groups, which are configured for the same set of routers. But to share the load, the hosts must be
configured for different default gateways, which results in an extra administrative burden of going
around and configuring every host and creating 2 or more groups of hosts that each use a different
default gateway.
GLBP is similar in that it provides load balancing over multiple routers (gateways) - but it can do
this using only ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual
MAC addresses, and this is how the load is balanced between the routers. Instead of the hassle of
configuring all the hosts with a static Default Gateway, you can lket them use ARP's to find their
own. Multiple gateways in a "GLBP redundancy group" respond to client Address Resolution
Protocol (ARP) requests in a shared and ordered fashion, each with their own unique virtual MAC
addresses. As such, workstation traffic is divided across all possible gateways. Each host is
configured with the same virtual IP address, and all routers in the virtual router group participate in
forwarding packets
Reference: http://www.infocellar.com/networks/Routers/HSRP-GLBP-VRRP.htm
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 78
Actu
alTe
sts.
com
QUESTION NO: 82
Refer to the exhibit. Assume that Switch_A is active for the standby group and the standby device
has only the default HSRP configuration. What conclusion is valid?
A. If port Fa1/1 on Switch_A goes down, the standby device will take over as active.
B. If the current standby device were to have the higher priority value, it would take over the role of
active for the HSRP group.
C. If Switch_A had the highest priority number, it would not take over as active router.
D. If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.
Answer: D
Explanation:
HSRP has a mechanism for detecting link failures and swaying the election, giving another router
an opportunity to take over the active role. When a specific interface is tracked, HSRP reduces the
router's priority by a configurable amount as soon as the interface goes down.
Switch(config-if)# standby group track type mod/num [decrementvalue]
By default, the decrement value for an interface is 10. So, when fa1/1 on Switch_A goes down, the
priority will be decreased by 10 from 200 to 190.
Section 8: Troubleshoot IPv6 routing (3 Questions)
QUESTION NO: 83
Refer to the output. What IOS command produces this output?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 79
Actu
alTe
sts.
com
A. show ip ospf
B. show ip ospf interface
C. show ipv6 ospf interface
D. show ipv6 ospf
Answer: D
Explanation:
Sample Output for the show ipv6 ospf Command
The following is sample output from the show ipv6 ospf command:
Router# show ipv6 ospf
Routing Process "ospfv3 1" with ID 172.16.3.3
It is an autonomous system boundary router
Redistributing External Routes from,
static
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x218D
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Area 1
Number of interfaces in this area is 2
SPF algorithm executed 9 times
Number of LSA 15. Checksum Sum 0x67581
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 80
Actu
alTe
sts.
com
Flood list length 0
Reference: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-
ospf.html#wp1071056
QUESTION NO: 84
Refer to the exhibit. What two statements are true? (Choose two.)
A. The IP address of the backup designated router (BDR) is FE80::205:5FFF:FED3:5808.
B. This is the designated router (DR) on the FastEthernet 0/0 link.
C. Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command.
D. OSPF version 2 has been enabled to support IPv6.
E. The output was generated by the show ip interface command.
F. The router was configured with the commands:
router ospf 1
network 172.16.6.0 0.0.0.255 area 1
Answer: A,C
Explanation:
OSPFv3 supports IPv6. The configuration of OSPFv3 is not a subcommand mode of the router
ospf command as it is in OSPFv2 configuration. For example, instead of using the network area
command to identify networks that are part of the OSPFv3 network, the interfaces are directly
configured to specify that IPv6 networks are part of the OSPFv3 network.
The following describes the steps to configure OSPF for IPv6:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 81
Actu
alTe
sts.
com
There are several commonly used OSPFv3 show commands, including the show ipv6 ospf [
process-id ] [ area-id ] interfacee [ interface ] command.
QUESTION NO: 85
The command "clear ipv6 ospf process" was issued on a router. What does this command
accomplish?
A. The route table is cleared. Then the OSPF neighbors are reformed.
B. The OSPF adjacencies are cleared and initiated again.
C. The OSPF database is repopulated and then the shortest path first (SPF) algorithm is
performed.
D. The shortest path first (SPF) algorithm is performed on the LSA database.
E. None of the other alternatives apply
Answer: C
Explanation:
When the process keyword is used with the clear ipv6 ospf command, the OSPF database is
cleared and repopulated, and then the SPF algorithm is performed. When the force-spf keyword is
used with the clear ipv6 ospf command, the OSPF database is not cleared before the SPF
algorithm is performed.
Reference: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-
ospf_support_TSD_Island_of_Content_Chapter.html
Section 9: Troubleshoot IPv6 and IPv4 interoperability (4 Questions)
QUESTION NO: 86
To enable BGP tunneling over the IPv4 backbone, the IPv4 address 192.168.30.1 is converted
into a valid IPv6 address. Which three IPv6 addresses are acceptable formats for the IPv4
address? (Choose three.)
A. 192.168.30.1:0:0:0:0:0:0
B. 0:0:0:0:0:0:192.168.30.1
C. ::192.168.30.1
D. C0A8:1E01::
E. 192.168.30.1::
F. ::C0A8:1E01
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 82
Actu
alTe
sts.
com
Answer: B,C,F
Explanation:
Many transition strategies have been developed for IPv4 networks to migrate to IPv6 service and
for IPv6 networks to intercommunicate over IPv4 networks. Most of these strategies involve
tunneling, dual stack, IPv4 Compatible IPv6 Address. A mechanism exists for creating IPv6
addresses that are compatible with IPv4. These addresses use 0s in the first 96 bits of the
address and one of the two formats for the remaining portion of the address.
Here is the example of IPv4 10.10.100.16 address acceptable for IPv6 format:
0:0:0:0:0:10:10:100:16
or
::10:10:100:16
or
::A:A:64:10
So Answer B, C, F are the correct answers.
QUESTION NO: 87
Company network is implemting IPv6 into their existing IPv4 netwrok. Which statement is true
about incorporating IPv6 into an already existing IPv4 network?
A. Only OSPF version 3 can be utilized for routing IPv4 and IPv6.
B. IPv4 and IPv6 networks can be routed simultaneously.
C. IPv6 can be routed using the same routing protocol versions as IPv4
D. A router routing for IPv6 and IPv4 must convert IPv4 packets to IPv6 packets to route them.
E. None of the other alternatives apply
Answer: B
Explanation:
The transition from IPv4 to IPv6 does not require an upgrade on all nodes at the same time. Many
transition mechanisms like dual stack, tunneling etc enable smooth integration of IPv4 to IPv6.
You can configure IPv4 as well as IPv6 Address on same router's same interface, so you can
route IPv4 route and IPv6 route simultaneously.
Here is the example to configure IPv4 and IPv6 address on the same interface:
Router(Config)#int s0/0
Router(Config-if)#ip address 1.1.1.1 255.255.255.0
Router(Config-if)#ipv6 address affe::1/64
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 83
Actu
alTe
sts.
com
QUESTION NO: 88
A company is using 6to4 tunneling within their IPv6 network. Which two statements about this kind
of tunneling are accurate? (Choose two)
A. 6to4 is a manual tunnel method.
B. Prepending a reserved IPv6 code to the hexadecimal representation of 192.168.0.1 facilitates
6to4 tunneling.
C. Each 6to4 site receives a /48 prefix in a 6to4 tunnel.
D. 2002::/48 is the address range specifically assigned to 6to4.
E. Prepending 0x2002 with the IPv4 address creates an IPv6 address that is used in 6to4
tunneling.
Answer: C,E
Explanation:
The 6to4 transition mechanism provides a solution to the complexity problem of building manually
configured tunnels to an ISP by advertising a site's IPv4 tunnel endpoint (to be used for a dynamic
tunnel) in a special external routing prefix for that site.
The specification of a 48-bit external routing prefix in the IPv6 Aggregatable Global Unicast
Address Format that provides just enough space to hold the 32 bits required for the 32-bit IPv4
tunnel endpoint address (called V4ADDR in Figure 3) makes this setup possible.
Sending and Receiving Rules for 6to4 Routers
When the requesting site's 6to4 router sees that it must send a packet to another site (that is,
there is a nonlocal destination), and that the next hop destination prefix contains the special 6to4
Top Level Aggregation (TLA) value of 2002::/16, the IPv6 packet is encapsulated in an IPv4
packet using an IPv4 protocol type of 41, as defined in the Transition Mechanisms RFC.
Reference: Routing IPv6 over IPv4
www.cisco.com/web/about/ac123/ac147/ac174/ac197/about_cisco_ipj_archive_article09186a0080
0c830a.html
QUESTION NO: 89
A Company is using 6to4 tunnels in their IPv6 network. Which two statements are true about these
tunnels? (Choose two)
A. In a 6to4 tunnel, the first two bytes of the IPv6 address will be 0x2002 and the next four bytes
will be the hexadecimal equivalent of the IPv4 address.
B. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the
2002:1315:4463:1::/64 IPv6 address.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 84
Actu
alTe
sts.
com
C. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:c0a8:6301::/48
IPv6 address.
D. In a 6to4 tunnel, the first two bytes of the IPv6 address will be locally derived and the next two
bytes will be the hexadecimal equivalent of the IPv4 address.
E. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:c0a8:6301::/16
IPv6 address.
Answer: A,C
Explanation:
The 6to4 method uses the reserved prefix 2002::/16 concatenated with the hexadecimal
equivalent of the IPv4 address to allow an IPv4 site to create and use a /48 IPv6 prefix based on a
single Globally routable reachable IPv4 address. For example, in a 6to4 tunnel, the first two bytes
of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal
equivalent of the IPv4 address.
Reference: BSCI study guide volume 2, Cisco Press, page 8-75.
Section 10: Troubleshoot switch-to-switch connectivity for the VLAN based solution (9 Questions)
QUESTION NO: 90
On the basis of the following exhibit, can you tell me why VLAN updates from switch CK-P2S1 are
not applied to switch CK-P1S1? (Choose three.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 85
Actu
alTe
sts.
com
A. The MD5 digests do not match.
B. Switch CK-P1S1 is in transparent mode.
C. The passwords do not match.
D. The VTP domains are different.
Answer: B,C,D
Explanation:
Determine the VTP mode of operation of the switch and include the mode when setting the VTP
domain name information on the switch. If you leave the switch in server mode, be sure to verify
that the configuration revision number is set to 0 before adding the switch to the VTP domain. It is
generally recommended that you have several servers in the domain, with all other switches set to
client mode for purposes of controlling VTP information.
It is also highly recommended that you use secure mode in your VTP domain. Assigning a
password to the domain will accomplish this. This will prevent unauthorized switches from
participating in the VTP domain. From the privileged mode or VLAN configuration mode, use the
vtp password password command.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 86
Actu
alTe
sts.
com
QUESTION NO: 91
Two switches connect multiple VLANs as shown below:
SW1 configuration exhibit:
SW2 configuration exhibit:
Refer to the exhibits and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5
on switch SW1 complain that they do not have connectivity to the users in VLAN 5 on switch SW2.
What should be done to fix the problem?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 87
Actu
alTe
sts.
com
A. Define VLAN5 in the allowed list for the trunk port on SW2
B. Configure the same number of VLANs on both switches.
C. Disable pruning for all VLANs in both switches.
D. Define VLAN5 in the allowed list for the trunk port on SW1.
E. Create switch virtual interfaces (SVI) on both switches to route the traffic.
F. None of the other alternatives apply.
Answer: D
Explanation:
switchport trunk allowed vlan , defines which VLANs can be trunked over the link. By default, a
switch transports all active VLANs (1 to 4094) over a trunk link. There might be times when the
trunk link should not carry all VLANs. For example, broadcasts are forwarded to every switch port
on a VLAN-including the trunk link because it, too, is a member of the VLAN.
If the VLAN does not extend past the far end of the trunk link, propagating broadcasts across the
trunk makes no sense.
QUESTION NO: 92
In the network, VLAN Trunking Protocol (VTP) is running with a domain name of R1. VLANs 1, 2,
3, 4, 5, 10, 20 are active on the network. Suddenly the whole network goes down. No traffic is
being passed on VLANs 2, 3, 4, 5, 10, 20. However, traffic passes on VLAN 1 and indicates all
switches are operational. Right before the network problem occurred; a switch named SW13 was
taken out of the lab and added to the network. What three configuration issues on SW13 could be
causing the network outage? (Select three)
A. SW13 has a higher VTP configuration revision than the current VTP revision.
B. SW13 is configured as a VTP server with a different domain name.
C. SW13 is configured as a VTP server with the domain name R1.
D. SW13 has a lower VTP configuration revision than the current VTP revision.
E. SW13 is not configured to participate in VTP.
F. SW13 is configured with only VLAN1.
Answer: A,C,F
Explanation:
VTP Modes:
1. Server
By default, a Catalyst switch is in the VTP server mode and in the "no management domain" state
until the switch receives an advertisement for a domain over a trunk link or a VLAN management
domain is configured. A switch that has been put in VTP server mode and had a domain name
specified can create, modify, and delete VLANs. VTP servers can also specify other configuration
parameters such as VTP version and VTP pruning for the entire VTP domain. VTP information is
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 88
Actu
alTe
sts.
com
stored in NVRAM.
2. Client
The VTP client maintains a full list of all VLANs within the VTP domain, but it does not store the
information in NVRAM. VTP clients behave the same way as VTP servers, but it is not possible to
create, change, or delete VLANs on a VTP client. Any changes made must be received from a
VTP server advertisement. Client will make contact with the VTP server in between 5 minutes, it
copies the advertisements from that VTP server having highest Revision number. So, before
connecting any switch into LAN verify that new switch is in which mode, what is the revision
number, is that highest than other switch operated in server mode?
3. Transparent
VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise
its VLAN configuration, and does not synchronize its VLAN configuration based on received
advertisements. However, in VTP Version 2, transparent switches do forward VTP advertisements
that the switches receive out their trunk ports. VLANs can be configured on a switch in the VTP
transparent mode, but the information is local to the switch (VLAN information is not propagated to
other switches) and is stored in NVRAM
QUESTION NO: 93
You're a network administer and you issue the command (show port 3/1) on an Ethernet port. To
your surprise you notice a non-zero entry in the 'Giants' column. What could be the cause of this?
A. IEEE 802.1Q
B. IEEE 802.10
C. Misconfigured NIC
D. User configuration
E. All of the above
Answer: A
Explanation:
The 802.1Q standard can create an interesting scenario on the network. Recalling that the
maximum size for an Ethernet frame as specified by IEEE 802.3 is 1518 bytes, this means that if a
maximum-sized Ethernet frame gets tagged, the frame size will be 1522 bytes, a number that
violates the IEEE 802.3 standard. To resolve this issue, the 802.3 committee created a subgroup
called 802.3ac to extend the maximum Ethernet size to 1522 bytes.
Note: The show port command is used to display port status and counters. Giants denote the
number of received giant frames (frames that exceed the maximum IEEE 802.3 frame size) on the
port.
Reference: Trunking between Catalyst 4000, 5000, and 6000 Family Switches Using 802.1q
Encapsulation
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 89
Actu
alTe
sts.
com
http://www.cisco.com/warp/public/473/27.html
QUESTION NO: 94
You have a trunk link operating between two switches and you're experiencing problems with
frames leaking between the two VLANs. Each switch has identical modules, software revisions
and VLAN configuration information. Spanning tree protocol is disabled on all VLANs. What is
probably causing this problem? (Select all that apply)?
A. The link is using IEEE 802.1Q protocol
B. The link is using IEEE 802.1E protocol
C. Spanning tree is disabled
D. Not enough information to determine.
E. The native VLAN information is identical at each end of the link.
F. The native VLAN information is different at each end of the link.
Answer: A,F
Explanation:
While internal to a switch, VLAN numbers and identification are carried in a special extended
format that allows the forwarding path to maintain VLAN isolation from end to end without any loss
of information. Instead, outside of a switch, the tagging rules are dictated by standards such as
ISL or 802.1Q.
ISL is a Cisco proprietary technology and is in a sense a compact form of the extended packet
header used inside the device: since every packet always gets a tag, there is no risk of identity
loss and therefore of security weaknesses.
On the other hand, the IEEE committee that defined 802.1Q decided that because of backward
compatibility it was desirable to support the so-called native VLAN, that is to say, a VLAN that is
not associated explicitly to any tag on an 802.1Q link. This VLAN is implicitly used for all the
untagged traffic received on an 802.1Q capable port.
This capability is desirable because it allows 802.1Q capable ports to talk to old 802.3 ports
directly by sending and receiving untagged traffic. However, in all other cases, it may be very
detrimental because packets associated with the native VLAN lose their tags, for example, their
identity enforcement, as well as their Class of Service (802.1p bits) when transmitted over an
802.1Q link.
For these sole reasons-loss of means of identification and loss of classification-the use of the
native VLAN should be avoided.
Reference :
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315
9f.shtml
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 90
Actu
alTe
sts.
com
QUESTION NO: 95 CORRECT TEXT
What command could you enter to display the trunking status of a module/port in the switch?
(Type in the answer below):
Answer: show trunk
QUESTION NO: 96
You are troubleshooting a Catalyst 5000 trunk in the network. What should you do if there's a
disagreement about the VLANs configured to use the trunk?
A. Reload the active VLAN configuration
B. Clear the affected port and bring it up again.
C. Explicitly set the trunk for the VLAN to be on.
D. Remove all the VLANs set
Answer: B
Explanation:
In this situation you may want to set or clear the VLANS on both ends. A trunk is a point-to-point
link between one or more Ethernet switch interfaces and another networking device such as a
router or a switch. Trunks carry the traffic of multiple VLANs over a single link and allow you to
extend VLANs across an entire network. Two trunking encapsulations are available on all Ethernet
interfaces:
Inter-Switch Link (ISL)-ISL is a Cisco-proprietary trunking encapsulation
802.1Q-802.1Q is an industry-standard trunking encapsulation
When a trunk is first brought up using either of these methods, it may be beneficial to clear the
port immediately after.
QUESTION NO: 97
Which kind of management can be performed from the console port of a Cisco 6500 switch?
A. Physical management of the switch.
B. Logical management of the switch.
C. In-band management of the switch.
D. Out-of-band management of the switch.
Answer: D
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 91
Actu
alTe
sts.
com
Explanation:
When you configure a switch or a router from the console, it is considered 'out of band' because
you don't get in there from any of the paths that the network device is a part of. Modems are often
attached to the console port, providing for remote out of band management of the device.
QUESTION NO: 98
A VTP domain has six active VLANs. Without notice, all VLANs except VLAN1 fail. Just prior to
the failure, Switch2 was added to the network.
Which three issues on Switch2 could be the cause? Select three.
A. Switch2 is configured for only VLAN1.
B. Switch2 is a VTP server in a different domain.
C. Switch2 is a VTP server in the Company domain.
D. Switch2 is not a VTP domain.
E. Switch2 has a lower VTP configuration revision number than the current VTP revision.
F. Switch2 has a higher VTP configuration revision number than the current VTP revision.
Answer: A,C,F
Explanation:
: A VTP server in a given domain with the highest revision number will overwrite the VTP
configuration of all other switch in the same VTP domain. Cisco best practices advises one to
configure the correct VTP domain, VTP password, VTP mode, (server, client, transparent), and
VTP revision number before adding any new switch to a network. The default VTP mode is server.
A network can have more than one VTP domain. Each VTP domain has it own server(s) that do
not influence clients in other VTP domains.
Section 11: Troubleshoot loop prevention for the VLAN based solution (18 Questions)
QUESTION NO: 99
You need to troubleshoot an issue on the switched LAN. When you issue a command "show port
3/1" on a switch, you observe the Giants column has a non-zero entry. What could cause this?
A. IEEE 802.10
B. Misconfigured NIC
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 92
Actu
alTe
sts.
com
C. User configuration
D. IEEE 802.1Q
E. None of the other alternatives apply
Answer: D
Explanation:
802.1Q uses an internal tagging mechanism. Internal means that a tag is inserted within the
frame:
Note:With ISL, the frame is encapsulated instead.
The tagging mechanism implies a modification of the frame; the trunking device inserts a 4-byte
tag and recomputes the frame check sequence (FCS):
The EtherType field that identifies the 802.1Q frame is 0x8100. In addition to the 12-bit VLAN-ID, 3
bits are reserved for IEEE 802.1p priority tagging.
Note: Inserting a tag into a frame that already has the maximum Ethernet size creates a 1522-byte
frame that can be considered a "baby giant" by the receiving equipment. The IEEE 802.3
committee is extending the maximum standard frame size in order to address this issue.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3.
shtml#basic_char
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 93
Actu
alTe
sts.
com
QUESTION NO: 100
SW1 configuration exhibit:
SW2 configuration exhibit:
SW3 configuration exhibit:
Study the exhibits carefully. Based on the information shown above, which statement is true?
A. The port on switch SW3 is forwarding and receiving BPDUs correctly.
B. The port on switch SW1 is forwarding and sending BPDUs correctly.
C. The port on switch SW1 is blocking and sending BPDUs correctly.
D. The port on switch SW2 is blocking and sending BPDUs correctly.
E. The port on switch SW2 is forwarding and receiving BPDUs correctly.
F. The port on switch SW3 is forwarding, sending, and receiving BPDUs correctly.
G. None of the other alternatives apply.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 94
Actu
alTe
sts.
com
Answer: B
Explanation:
STP States
To participate in STP, each port of a switch must progress through several states. A port begins its
life in a Disabled state, moving through several passive states and, finally, into an active state if
allowed to forward traffic. The STP port states are as follows: Disabled -Ports that are
administratively shut down by the network administrator, or by the system due to a fault condition,
are in the Disabled state. This state is special and is not part of the normal STP progression for a
port. Blocking -After a port initializes, it begins in the Blocking state so that no bridging loops can
form. In the Blocking state, a port cannot receive or transmit data and cannot add MAC addresses
to its address table. Instead, a port is allowed to receive only BPDUs so that the switch can hear
from other neighboring switches. In addition, ports that are put into standby mode to remove a
bridging loop enter the Blocking state. Listening -The port will be moved from Blocking to Listening
if the switch thinks that the port can be selected as a Root Port or Designated Port. In other
words, the port is on its way to begin forwarding traffic. In the Listening state, the port still cannot
send or receive data frames. However, the port is allowed to receive and send BPDUs so that it
can actively participate in the Spanning Tree topology process. Here, the port is finally allowed to
become a Root Port or Designated Port because the switch can advertise the port by sending
BPDUs to other switches. Should the port lose its Root Port or Designated Port status, it returns
to the Blocking state. Learning -After a period of time called the Forward Delay in the Listening
state, the port is allowed to move into the Learning state. The port still sends and receives BPDUs
as before. In addition, the switch can now learn new MAC addresses to add to its address table.
This gives the port an extra period of silent participation and allows the switch to assemble at least
some address table information. Forwarding -After another Forward Delay period of time in the
Learning state, the port is allowed to move into the Forwarding state. The port can now send and
receive data frames, collect MAC addresses in its address table, and send and receive BPDUs.
The port is now a fullyfunctioning switch port within the Spanning Tree topology.
QUESTION NO: 101
The switched LAN is shown below:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 95
Actu
alTe
sts.
com
Study the exhibit above carefully. Switch SW5 is configured as the root switch for VLAN 10 but not
for VLAN 20. If the STP configuration is correct, what will be true about Switch SW5?
A. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby
mode.
B. All ports will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking
mode.
D. All ports in VLAN 10 will be in forwarding mode.
E. None of the other alternatives apply.
Answer: D
Explanation:
STP States
To participate in STP, each port of a switch must progress through several states. A port begins its
life in a Disabled state, moving through several passive states and, finally, into an active state if
allowed to forward traffic. The STP port states are as follows: Disabled -Ports that are
administratively shut down by the network administrator, or by the system due to a fault condition,
are in the Disabled state. This state is special and is not part of the normal STP progression for a
port. Blocking -After a port initializes, it begins in the Blocking state so that no bridging loops can
form. In the Blocking state, a port cannot receive or transmit data and cannot add MAC addresses
to its address table. Instead, a port is allowed to receive only BPDUs so that the switch can hear
from other neighboring switches. In addition, ports that are put into standby mode to remove a
bridging loop enter the Blocking state. Listening -The port will be moved from Blocking to Listening
if the switch thinks that the port can be selected as a Root Port or Designated Port. In other
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 96
Actu
alTe
sts.
com
words, the port is on its way to begin forwarding traffic. In the Listening state, the port still cannot
send or receive data frames. However, the port is allowed to receive and send BPDUs so that it
can actively participate in the Spanning Tree topology process. Here, the port is finally allowed to
become a Root Port or Designated Port because the switch can advertise the port by sending
BPDUs to other switches. Should the port lose its Root Port or Designated Port status, it returns
to the Blocking state. Learning -After a period of time called the Forward Delay in the Listening
state, the port is allowed to move into the Learning state. The port still sends and receives BPDUs
as before. In addition, the switch can now learn new MAC addresses to add to its address table.
This gives the port an extra period of silent participation and allows the switch to assemble at least
some address table information. Forwarding -After another Forward Delay period of time in the
Learning state, the port is allowed to move into the Forwarding state. The port can now send and
receive data frames, collect MAC addresses in its address table, and send and receive BPDUs.
The port is now a fullyfunctioning switch port within the Spanning Tree topology.
QUESTION NO: 102
The following output was shown on switch SW1:
Based on the "show spanning-tree vlan 200" output shown in the exhibit, which two statements
about the STP process for VLAN 200 are true? (Select two)
A. This switch is the root bridge for VLAN 200.
B. The maximum length of time that the BPDU information will be saved is 30 seconds.
C. BPDUs will be sent out every 10 seconds.
D. The time spent in the listening state will be 30 seconds.
E. BPDUs will be sent out every two seconds.
F. The time spent in the learning state will be 15 seconds.
Answer: C,D
Explanation:
STP operation is controlled by three timers. The Hello Time is the amount of time between the
sending of Configuration BPDUs. The 802.1D standard specifies a default value of 2 seconds.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 97
Actu
alTe
sts.
com
This value controls Configuration BPDUs as the Root Bridge generates them. Other bridges
propagate BPDUs from the Root Bridge as they are received.
If BPDUs stop arriving for the time interval ranging from 2 to 20 seconds because of a network
disturbance, or if the Root Bridges stop sending periodic BPDUs during this time, the timer will
expire. 2 to 20 seconds is the range between the expected receipt of a BPDU and the expiration of
the Max Age time. If the outage lasts for more than 20 seconds, the default Max Age time, the
bridge invalidates the saved BPDUs and begins looking for a new Root Port.
Forward Delay is the amount of time the bridge spends in the Listening and Learning states. This
is a single value that controls both states. The default value of 15 seconds was originally derived
assuming a maximum network size of seven bridge hops, a maximum of three lost BPDUs, and a
Hello Time of 2 seconds. The Forward Delay timer also controls the bridge table age-out period
after a change in the active topology.
Max Age is the STP timer that controls how long a bridge stores a BPDU before discarding it. Max
Age is only an issue when the link failure is not on a directly connected link. When a failure occurs
on a directly connected link, the switch knows there will not be any BPDUs coming in on that link,
so Max Age is not considered in transitioning the port to Forwarding mode. Recall that each port
saves a copy of the best BPDU it has seen. As long as the bridge receives a continuous stream of
BPDUs every 2 seconds, the receiving bridge maintains a continuous copy of the BPDU values.
However, if the device sending this best BPDU fails, a mechanism must exist to allow other
bridges to take over.
QUESTION NO: 103
Refer to the following network exhibits:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 98
Actu
alTe
sts.
com
SW1 configuration exhibit:
SW2 configuration exhibit:
Refer to the network topology exhibit and the partial configuration exhibits of switch SW1 and
SW2. STP is configured on all switches in the network. SW2 receives this error message on the
console port:
00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not
half duplex), with SW1 FastEthernet0/4 (half duplex) ,with TBA05071417(Cat6K-B) 0/4 (half
duplex).
What would be the possible outcome of the problem shown in this message?
A. The root port on switch SW2 will fallback to full-duplex mode.
B. Interface Fa 0/6 on switch SW2 will transition to a forwarding state and create a bridging loop.
C. The interfaces between switches SW1 and SW2 will transition to a blocking state.
D. The root port on switch SW1 will automatically transition to full-duplex mode.
E. None of the other alternatives apply.
Answer: B
Explanation:
STP States
To participate in STP, each port of a switch must progress through several states. A port begins its
life in a Disabled state, moving through several passive states and, finally, into an active state if
allowed to forward traffic. The STP port states are as follows: Disabled -Ports that are
administratively shut down by the network administrator, or by the system due to a fault condition,
are in the Disabled state. This state is special and is not part of the normal STP progression for a
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 99
Actu
alTe
sts.
com
port. Blocking -After a port initializes, it begins in the Blocking state so that no bridging loops can
form. In the Blocking state, a port cannot receive or transmit data and cannot add MAC addresses
to its address table. Instead, a port is allowed to receive only BPDUs so that the switch can hear
from other neighboring switches. In addition, ports that are put into standby mode to remove a
bridging loop enter the Blocking state. Listening -The port will be moved from Blocking to Listening
if the switch thinks that the port can be selected as a Root Port or Designated Port. In other
words, the port is on its way to begin forwarding traffic. In the Listening state, the port still cannot
send or receive data frames. However, the port is allowed to receive and send BPDUs so that it
can actively participate in the Spanning Tree topology process. Here, the port is finally allowed to
become a Root Port or Designated Port because the switch can advertise the port by sending
BPDUs to other switches. Should the port lose its Root Port or Designated Port status, it returns
to the Blocking state. Learning -After a period of time called the Forward Delay in the Listening
state, the port is allowed to move into the Learning state. The port still sends and receives BPDUs
as before. In addition, the switch can now learn new MAC addresses to add to its address table.
This gives the port an extra period of silent participation and allows the switch to assemble at least
some address table information. Forwarding -After another Forward Delay period of time in the
Learning state, the port is allowed to move into the Forwarding state. The port can now send and
receive data frames, collect MAC addresses in its address table, and send and receive BPDUs.
The port is now a fully functioning switch port within the Spanning Tree topology.
QUESTION NO: 104
The following "show" command was issued on a switch:
Study the exhibit carefully. Based on the output shown above, which statement is true?
A. Switch 6 has been configured with the "spanning-tree vlan 1 hello-time2" global configuration
command.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 100
Actu
alTe
sts.
com
B. The root bridge has been configured with the "spanning-tree vlan 1 root secondary" global
configuration command.
C. Switch SW6 has been configured with the "spanning-tree vlan 1 priority24577" global
configuration command.
D. Switch SW6 has been configured with the "spanning-tree vlan 1 root primary" global
configuration command.
E. Switch SW6 has been configured with the "spanning-tree vlan 1 root secondary" global
configuration command.
F. None of the other alternatives apply.
Answer: E
Explanation:
To configure a Catalyst switch to become the Root Bridge , use one of the following methods:
* Directly modify the Bridge Priority value so that a switch can be given a lower-than-default
Bridge ID value to win a Root Bridge election:
Switch (config)# spanning-tree vlan vlan-id priority bridge-priority
The bridge-priority value defaults to 32,768, but you can also assign a value of 0 to 65,535.
Remember that Catalyst switches run one instance of STP for each VLAN (PVST+), so the VLAN
ID must always be given. You should designate an appropriate Root Bridge for each VLAN.
* Let the switch become the Root by automatically choosing a Bridge Priority value:
Switch(config)# spanning-tree vlan vlan-id root {primary | secondary}
[diameter diameter]
This command is actually a macro on the Catalyst that executes several other commands. The
result is a more direct and automatic way to force one switch to become the Root Bridge . Actual
Bridge Priorities are not given in the command. Rather, the switch modifies STP values according
to the current values in use within the active network. These values are modified only once, when
the macro command is issued.
Use the primary keyword to make the switch attempt to become the primary Root Bridge . This
command modifies the switch's Bridge Priority value to become less than the Bridge Priority of the
current Root Bridge . If the current Root Priority is more than 24,576, the local switch sets its
priority to 24,576. If the current Root Priority is less than that, the local switch sets its priority to
4096 less than the current Root. For the secondary Root Bridge , the Root Priority is set to
28,672. There is no way to query or listen to the network to find another potential secondary Root,
so this priority is used under the assumption that it is less than the default priorities (32,768) that
might be used elsewhere.
QUESTION NO: 105
The switched LAN is displayed below:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 101
Actu
alTe
sts.
com
In this network, STP has been implemented. Switch SW1 is the root switch for the default VLAN.
To reduce the broadcast domain, the network administrator decides to split users on the network
into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root
primary on switch SW1. What will happen as a result of this change?
A. Switch SW1 will change its spanning tree priority to become root for VLAN 2 only.
B. All ports of the root switch SW1 will remain in forwarding mode throughout the reconvergence
of the spanning tree domain.
C. No other switch in the network will be able to become root as long as switch SW1 is up and
running.
D. Switch SW1 will remain root for the default VLAN and will become root for VLAN 2.
E. None of the other alternatives apply
Answer: D
Explanation:
By default, switches with Cisco PVST and PVST+ maintain a separate spanning-tree instance for
each active VLAN configured on it. A bridge ID, consisting of the switch priority and the switch
MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge
ID becomes the root switch for that VLAN.
To configure a switch to become the root for the specified VLAN, use the spanning-tree vlan vlan-
id root primary global configuration command to modify the switch priority from the default value
(32768) to a significantly lower value. When this command is entered, the switch checks the
switch priority of the root switches for each VLAN. Because of the extended system ID support,
the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to
become the root for the specified VLAN.
If any root switch for the specified VLAN has a switch priority lower than 24576, the switch sets its
own priority for the specified VLAN to 4096 less than the lowest switch priority. 4096 is the value of
the least-significant bit of a 4-bit switch priority value.
QUESTION NO: 106
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 102
Actu
alTe
sts.
com
Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity
throughout the network, Front Line users have been complaining that they experience slower
network performance when accessing the server farm than the Reception office experiences.
Based on the exhibit, which two statements are true? (Choose two.)
A. Disabling the Spanning Tree Protocol would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S1 to 4096 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
F. Changing the bridge priority of S2 to 36864 would improve network performance.
Answer: B,D
Explanation:
An algorithm is a formula or set of steps for solving a particular problem. Algorithms rely on a set
of rules. They have a clear beginning and end. The spanning-tree algorithm is no exception.
The spanning-tree algorithm is defined in the IEEE 802.1D standard. The parameters used by the
algorithm, including the Bridge ID, are explored here. The remaining parameters, Path Cost and
Port ID, will be covered in the following two topics.
The spanning-tree algorithm characterizes STP. The spanning-tree Algorithm relies on a set of
parameters to make decisions. The Bridge ID (BID) is the first parameter used by the spanning-
tree algorithm. The Bridge ID (BID) is used by STP to determine the center of the bridged network,
known as the Root Bridge . The Bridge ID (BID) parameter is an 8-byte field consisting of an
ordered pair of numbers. The first is a 2-byte decimal number called the Bridge Priority, and the
second is a 6-byte (hexadecimal) MAC address. The Bridge Priority is a decimal number used to
measure the preference of a bridge in the spanning-tree Algorithm. The possible values range
between 0 and 65,535. The default setting is 32,768.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 103
Actu
alTe
sts.
com
The MAC address in the BID is one of the MAC addresses of the switch. Each switch has a pool of
MAC addresses, one for each instance of STP, used as BIDs for the VLAN spanning-tree
instances (one per VLAN). For example, Catalyst 6000 switches each have a pool of 1024 MAC
addresses assigned to the supervisor module or backplane for this purpose.
QUESTION NO: 107
Exhibit
Assuming that VLAN 1 and VLAN 2 traffic is enabled on the above network, what effect will the
following command have when entered on port 0/2 on switch SWA?
spanning-tree vlan 1 port-priority 16
A. VLAN 1 traffic will be blocked on Switch SWB port 1/1.
B. VLAN 2 traffic will be blocked on Switch SWB port 1/1.
C. VLAN 2 traffic will be blocked on Switch SWA port 0/2.
D. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/1.
E. VLAN 1 and 2 traffic will be blocked on Switch SWA port 0/2.
Answer: A
Explanation:
Load Sharing Using STP Port Priorities
When two ports on the same switch form a loop, the STP port priority setting determines which
port is enabled and which port is in a blocking state. The priorities on a parallel trunk port can be
set so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority
(lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority
(higher values) for the same VLAN remains in a Blocking state for that VLAN. One trunk port
sends or receives all traffic for the VLAN.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 104
Actu
alTe
sts.
com
QUESTION NO: 108 CORRECT TEXT
Refer to the output shown on switch SW1 below:
VLAN 1 bridge priority set to 8192.
VLAN 1 bridge max aging time set to 20.
VLAN 1 bridge hello time set to 2.
VLAN 1 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 1.
What command would you enter to reproduce this output? (Type in answer below)
Answer: set spantree root 1
QUESTION NO: 109 CORRECT TEXT
Refer to the output shown on switch SW1 below:
Warning: Spantree port fast start should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary
spanning tree loops. Use with caution.
Spantree ports 4/1-24 fast start enabled.
What command could you enter to reproduce this output? (Type in answer below)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 105
Actu
alTe
sts.
com
Answer: set spantree portfast 4/1-24 enable
QUESTION NO: 110
Given the above diagram and assuming that STP is enabled on all switch devices, which two
statements are true? (Choose two.)
A. DSW11will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.
Answer: A,D
Explanation:
The root bridge should be placed as close to the core as possible and should be the most centrally
located. By default, the switch with the lowest bridge ID will become the root bridge, assuming all
other parameters are left as default. This makes DSW11 the root bridge. Also, all ports directly
connected to the root bridge will become designated ports, since they are closest to the root
bridge. In this case, port F3/2 will become the non-designated port.
QUESTION NO: 111
If the root bridge fails, configuration BPDUs will no longer be sent. Which STP timer will have to
expire before the other switches can actively restore connectivity with topology change procedure
of STP?
A. hello timer
B. BPDU timer
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 106
Actu
alTe
sts.
com
C. Forward_delay timer
D. Max_age timer
E. Dead timer
F. Wait timer
Answer: D
Explanation:
Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge
Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a
predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This
bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a
valid network topology.
Max age takes into account that the switch at the periphery of the network should not time out the
root information under stable condition (that is, if the root is still alive). This is the value that max
age needs to take into account the total BPDU propagation delay and the message age
overestimate. As such, the formula for max age is as follows:
Max_age
= End-to-end_BPDU_propa_delay + Message_age_overestimate
= 14 + 6
= 20 sec
This explains how IEEE reaches the default recommended value for max age.
Reference: http://www.zyxel.com/support/supportnote/ves1012/app/stp.htm
QUESTION NO: 112
Exhibit
SW1#show spanning-tree vlan 200
VLAN200
Spanning tree enabled protocol ieee
Root ID Priority 32968
Address 000c.ce29.ef00
Cost 19
Port 2 (FastEthernet0/2)
Hello time 10 Sec Max Age 20 sec Forward Delay 30 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 000c.ce2a.4180
Hello Time 2 sec Max Age 20 Sec Forward Delay 15 sec
Interface Role Sts Cost PrioNbr Type
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 107
Actu
alTe
sts.
com
---------------------------------------------------------------------------------------
Fa0/2 Root FWD 19 128.2 P2p
Fa0/3 Altn BLK 19 128.3 P2p
Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements
about the STP process for VLAN 200 are true? (Choose two)
A. BDPUs will be sent out every two seconds.
B. The time spent in the listening state will be 30 seconds
C. The time spent in the learning state will be 15 seconds
D. The maximum length of time that the BPDU information will be saved is 30 seconds.
E. This switch is the root bridge for VLAN 200.
F. BPDUs will be sent out every 10 seconds.
Answer: B,F
Explanation:
Changing the Spanning Tree Protocol Timers T he STP timers (hello, forward delay, and max
age) are included in each BPDU. An IEEE bridge is not concerned about its local configuration of
the timers value. It will consider the value of the timers contained in the BPDU that it is receiving.
Effectively, that means only a timer configured on the root bridge of the STP is important.
Obviously, in case you would lose the root, the new root would start to impose its local timer value
to the entire network. So, even if it is not required to configure the same timer value in the entire
network, it is at least mandatory to configure any timer changes on the root bridge and on the
backup root bridge.
QUESTION NO: 113
What should you do to reduce spanning-tree protocol BPDU traffic during extended periods of
instability in your VLANs?
A. Combine all the VLAN spanning trees into a single spanning tree.
B. Set forward delay and max-age timers to the maximum possible values.
C. None of the choices.
D. Change the router VTP server mode.
E. Disable the root bridge
Answer: B
Explanation:
There are several STP timers, as listed below: hello: the hello time is the time between each
Bridge Protocol Data Unit (BPDU) that is sent on a port. This is equal to two seconds by default,
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 108
Actu
alTe
sts.
com
but can be tuned to be between one and ten seconds. forward delay: the forward delay is the time
spent in the listening and learning state. This is by default equal to 15 seconds, but can be tuned
to be between four and 30 seconds. max age : the max age timer controls the maximum length of
time a bridge port saves its configuration BPDU information. This is 20 seconds by default and can
be tuned to be between six and 40 seconds.
The STP timers (hello, forward delay, and max age) are included in each BPDU. An IEEE bridge is
not concerned about its local configuration of the timers value. It will consider the value of the
timers contained in the BPDU that it is receiving. Effectively, that means only a timer configured on
the root bridge of the STP is important. Obviously, in case you would lose the root, the new root
would start to impose its local timer value to the entire network. So, even if it is not required to
configure the same timer value in the entire network, it is at least mandatory to configure any timer
changes on the root bridge and on the backup root bridge.
In order to reduce the number of BPDU's in the spanning tree topology, the forward delay and
max-age timers should be increased. This will reduce the BPDU traffic, but it will also increase the
convergence time during a topology change.
QUESTION NO: 114
The network is displayed in the diagram below:
You use the following information for switch SWA:
Port Mode Encapsulation Status Native VLAN
fa0/1 desirable n-802.1q trunking 5
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 109
Actu
alTe
sts.
com
Port VLANs is allowed on trunk
fa0/ 1 1-100, 102-1005
Port VLANs is owned and active in management domain
fa0/1 1-6. 8-100, 102-115, 197-999, 1002-1005
Port VLANs in spanning tree forwarding state and not pruned
fa0/1 1-6, 8-100, 102-105, 108-999, 1002-1005
SW users in VLAN 107 complain that they are unable to gain access to the resources through the
SW1 router.
What is the cause of this problem?
A. VLAN 107 is not configured on the trunk.
B. VLAN 107 does not exist on switch SWA.
C. VTP is pruning VLAN 107.
D. Spanning tree is not enabled on VLAN 107.
E. None of the other alternatives apply
Answer: C
Explanation:
In this example, VLAN 7, 101, 106, and 107 are being pruned. VLAN 107 is being pruned
incorrectly in this case. By disabling VTP pruning, VLAN 107 should be able to once again gain
access to the network resources.
Incorrect Answers:
A: Based on the output shown above, VLAN 107 is known and active within the management
domain. Therefore, it must have been configured and the VLAN is indeed allowed to traverse the
trunk. Only VLAN 101 has been configured to not pass along this trunk.
B: Based on the output shown above, VLAN 107 is known and active within the management
domain. Therefore, it must have been configured and the VLAN is indeed allowed to traverse the
trunk. Only VLAN 101 has been configured to not pass along this trunk.
D: By default, STP is enabled on all VLANs.
QUESTION NO: 115
Which of the following commands would you enter if you wanted to display spanning tree
statistical information?
A. show spantree backbonefast
B. show spantree statistics
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 110
Actu
alTe
sts.
com
C. show spantree uplinkfast
D. show spantree blockedports
E. show spantree portstate
F. show spantree portvlancost
Answer: B
Explanation:
The command 'show spantree statistics' is the correct IOS command to show spanning tree
statistical information and is obviously the correct answer choice.
The following list various commands to use for troubleshooting Catalyst switches:
show spantree vlan_id - Shows the current state of the spanning tree for the "vlan_id" entered
from the perspective of the switch on which it is entered.
show spantree summary - Provides a summary of connected spanning tree ports by VLAN.
show spantree statistics - Shows spanning tree statistical information.
show spantree backbonefast - Displays whether the spanning tree Backbone Fast Convergence
feature is enabled.
show spantree blockedports - Displays only the blocked ports.
show spantree portstate - Determines the current spanning tree state of a Token Ring port within a
spanning tree.
show spantree portvlancost - Shows the path cost for the VLANs on a port.
show spantree uplinkfast - Shows the uplinkfast settings.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/command/reference/sh_sp_
te.html
QUESTION NO: 116
Is the following statement True or False?
The "show spanning-tree" command only shows information about ports with their red or amber
lights on.
A. True
B. There is not enough information to determine
C. False
Answer: C
Explanation:
The show spanning-tree command only displays information for ports with an active link (green
light is on). If these conditions are not met, you can issue a show running-configuration command
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 111
Actu
alTe
sts.
com
to confirm the configuration.
Section 12: Troubleshoot Access Ports for the VLAN based solution (6 Questions)
QUESTION NO: 117
Refer to the show interface Gi0/1 switchport command output shown in the exhibit. Which two
statements are true about this interface? (Choose two.)
A. This interface is a member of a voice VLAN.
B. This interface is a dot1q trunk passing all configured VLANs.
C. This interface is a member of VLAN7.
D. This interface is configured for access mode.
E. This interface is a member of VLAN1.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 112
Actu
alTe
sts.
com
Answer: C,D
Explanation:
In Exhibit, Operation mode is in static access and Access mode VLAN is 7 so it means this port is
operating on access mode as a member of VLAN 7.
QUESTION NO: 118
Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude
about interfaces Fa0/13 and Fa0/14?
A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. that interfaces Fa0/13 and Fa0/14 are down
C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch
Answer: C
Explanation:
trunk -This setting places the port in permanent trunking mode. The corresponding switch port at
the other end of the trunk should be similarly configured because negotiation is not allowed. You
should also manually configure the encapsulation mode.
show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access
mode. It doesn't shows the port on trunk mode.
QUESTION NO: 119
Refer to the exhibit. On the basis of the output generated by the show commands, which two
statements are true? (Choose two.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 113
Actu
alTe
sts.
com
A. All interfaces on the switch have been configured as access ports.
B. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear
in the show vlan output.
C. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in
the show vlan output.
D. There are no native VLANs configured on the trunk.
E. VLAN 1 will not be encapsulated with an 802.1q header.
F. VLAN 2 will not be encapsulated with an 802.1q header.
Answer: C,E
Explanation:
The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame
identification method is standardized, allowing VLAN trunks to exist and operate between
equipment from multiple vendors.
In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided
with VLANs, and protocols and algorithms used to provide VLAN services.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 114
Actu
alTe
sts.
com
Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethernet trunks. Instead of
encapsulating each frame with a VLAN ID header and trailer, 802.1Q embeds its tagging
information within the Layer 2 frame. This method is referred to as single-tagging or internal
tagging .
802.1Q also introduces the concept of a native VLAN on a trunk. Frames belonging to this VLAN
are not encapsulated with any tagging information. In the event that an end station is connected to
an 802.1Q trunk link, the end station can receive and understand only the native VLAN frames.
This provides a simple way to offer full trunk encapsulation to the devices that can understand it,
while giving normal access stations some inherent connectivity over the trunk.
show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access
mode. It doesn't show the port on trunk mode.
QUESTION NO: 120
The administrator has issue the "show vlan id 5" command. What will this command display?
(Select two)
A. Ports in VLAN 5
B. Utilization
C. VLAN information on port 0/5
D. Filters
E. MTU and type
Answer: A,E
Explanation:
#show vlan id 5 : Shows all ports belonging to VLAN 5 and MTU of ports and type.
QUESTION NO: 121
You work as a network Technician. A new workstation has consistently been unable to obtain an
IP address from the DHCP server when the workstation boots. Older workstations function
normally, and the new workstation obtains an address when manually forced to renew its address.
What should be configured on the switch to allow the workstation to obtain an IP address at boot?
A. UplinkFast on the switch port connected to the server
B. BackboneFast on the switch port connected to the server
C. PortFast on the switch port connected to the workstation
D. trunking on the switch
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 115
Actu
alTe
sts.
com
Answer: C
Explanation:
Spanning tree PortFast is a Catalyst feature that causes a switch or trunk port to enter the
spanning tree Forwarding state immediately, bypassing the Listening and Learning states. IOS-
based switches only use PortFast on access ports connected to end stations.
When a device is connected to a port, the port normally enters the spanning tree Listening state.
When the Forward Delay timer expires, the port enters the Learning state. When the Forward
Delay timer expires a second time, the port is transitioned to the Forwarding or Blocking state.
When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to the
Forwarding state. As soon as the switch detects the link, the port is transitioned to the Forwarding
state (less than 2 seconds after the cable is plugged in).
QUESTION NO: 122
Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and
cannot access network resources. On the basis of the information in the exhibit, which command
sequence would correct the problem?
A. SW1(config)# interface fastethernet 0/1
SW1(config-if)# no shut
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 116
Actu
alTe
sts.
com
B. SW1(config)# interface fastethernet 0/1
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10
C. SW1(config)# vlan 10
SW1(config-vlan)# state active
D. SW1(config)# interface fastethernet 0/1
SW1(config-if)# switchport mode access
E. SW1(config)# vlan 10
SW1(config-vlan)# no shut
Answer: A
Explanation:
In Exhibit Operation Mode is down, it means interface is in down state. Just bring into up state
using no shutdown command
Section 13: Troubleshoot private VLANS (1 Question)
QUESTION NO: 123
Switch SW1 has been configured with Private VLANs. With that type of PVLAN port should the
default gateway be configured?
A. Trunk
B. Isolated
C. Primary
D. Community
E. Promiscuous
F. None of the other alternatives apply
Answer: E
Explanation:
Promiscuous: The switch port connects to a router, firewall, or other common gateway device.
This port can communicate with anything else connected to the primary or any secondary VLAN.
In other words, the port is in promiscuous mode, in which the rules of private VLANs are ignored.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 117
Actu
alTe
sts.
com
Section 14: Troubleshoot port security (4 Questions)
QUESTION NO: 124
A PC host is connected to a switch in the network shown below:
Configuration exhibit:
Study the exhibits carefully. The "show port-security interface fa0/1" command was issued on
switch SW1. Given the output that was generated, which security statement is true?
A. When the number of secure IP addresses reaches 10, the interface will immediately shut down.
B. Interface FastEthernet 0/1 was configured with the switchport port-security aging command.
C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict
command.
D. When the number of secure MAC addresses reaches 10, the interface will immediately shut
down and an SNMP trap notification will be sent.
E. Interface FastEthernet 0/1 was configured with the switchport port-security protect command.
F. None of the other alternatives apply.
Answer: D,E
Explanation:
Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a
specific set or number of MAC addresses. Those addresses can be learned dynamically or
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 118
Actu
alTe
sts.
com
configured statically. The port will then provide access to frames from only those addresses. If,
however, the number of addresses is limited to four but no specific MAC addresses are
configured, the port will allow any four MAC addresses to be learned dynamically, and port access
will be limited to those four dynamically learned addresses.
Port Security Implementation:
When Switch port security rules violate different action can be applied:
1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation.
2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a
Simple Network Management Protocol (SNMP) trap is sent.
3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log
entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery must be used
to make the interface usable.
The port will not be shutdown, because it is in protect mode -- not shutdown.
QUESTION NO: 125
The following show command was issued on switch SW1:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 119
Actu
alTe
sts.
com
Based on the output shown, what will happen when one additional user is connected to interface
FastEthernet 5/1?
A. The interface will be placed into the error-disabled state immediately, and an SNMP trap
notification will be sent.
B. The packets with the new source addresses will be dropped until a sufficient number of secure
MAC addresses are removed from the secure address list.
C. All secure addresses will age out and be removed from the secure address list. This will cause
the security violation counter to increment.
D. The first address learned on the port will be removed from the secure address list and be
replaced with the new address.
E. None of the other alternatives apply
Answer: A
Explanation:
Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a
specific set or number of MAC addresses. Those addresses can be learned dynamically or
configured statically. The port will then provide access to frames from only those addresses. If,
however, the number of addresses is limited to four but no specific MAC addresses are
configured, the port will allow any four MAC addresses to be learned dynamically, and port access
will be limited to those four dynamically learned addresses.
Port Security Implementation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 120
Actu
alTe
sts.
comWhen Switch port security rules violate different action can be applied:
1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation.
2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a
Simple Network Management Protocol (SNMP) trap is sent.
3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a
log entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery must be
used to make the interface usable.
Section 15: Troubleshoot general switch security (3 Questions)
QUESTION NO: 126
Exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 121
Actu
alTe
sts.
com
You issue the "show ip dhcp snooping" command on SW3 as shown in the exhibit. What type of
attack is being defended against?
A. Snooping attack
B. Rogue device attack
C. STP attack
D. VLAN attack
E. Spoofing attack
F. MAC flooding attack
G. None of the other alternatives apply
Answer: E
Explanation:
When DHCP snooping is configured, you can display its status with the following command:
Switch#show ip dhcp snooping [binding]
You can use the binding keyword to display all the known DHCP bindings that have been
overheard. The switch maintains these in its own database.
A switch can use the DHCP snooping bindings to prevent IP and MAC address spoofing attacks.
MAC spoofing attacks consist of malicious clients generating traffic by using MAC addresses that
do not belong to them. IP spoofing attacks are exactly like MAC spoofing attacks, except that the
client uses an IP address that isn't his.
Reference: LAN Switch Security: What Hackers Know About Your Switches, by Eric Vyncke -
CCIE No. 2659; Christopher Paggen - CCIE No. 2659, Cisco Press, Chapter 5.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 122
Actu
alTe
sts.
com
QUESTION NO: 127
The following "show" command was issued on SW1:
Study the exhibit carefully. What will happen to traffic within VLAN 14 with a source address of
172.16.10.5?
A. The traffic will be dropped.
B. The traffic will be forwarded to the router processor for further processing.
C. The traffic will be forwarded without further processing.
D. The traffic will be forwarded to the TCAM for further processing.
E. None of the other alternatives apply
Answer: A
Explanation:
VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN
maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or
are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike router
ACLs, VLAN maps are not defined by direction (input or output).
To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the
standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This
access-list will select the traffic that will be either forwarded or dropped by the access-map. Only
traffic matching the 'permit' condition in an access-list will be passed to the access-map for further
processing. Enter the vlan access-map access-map-name [ sequence ] global configuration
command to create a VLAN ACL map entry. Each access-map can have multiple entries. The
order of these entries is determined by the sequence . If no sequence number is entered, access-
map entries are added with sequence numbers in increments of 10. In access map configuration
mode, optionally enter an action forward or action drop . The default is to forward traffic. Also enter
the match command to specify an IP packet or a non-IP packet (with only a known MAC address),
and to match the packet against one or more ACLs (standard or extended). Use the vlan filter
access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 123
Actu
alTe
sts.
com
or more VLANs. A single access-map can be used on multiple VLANs.
Section 16: Troubleshoot VACL and PACL (3 Questions)
QUESTION NO: 128
What is true about access control on bridged and routed VLAN traffic? (Select three)
A. Router ACLs can be applied to the input and output directions of a VLAN interface.
B. Bridged ACLs can be applied to the input and output directions of a VLAN interface.
C. Only router ACLs can be applied to a VLAN interface.
D. VLAN maps and router ACLs can be used in combination.
E. VLAN maps can be applied to a VLAN interface
Answer: A,B,D
Explanation:
Router ACLs are applied on interfaces as either inbound or outbound.
To filter both bridged and routed traffic, VLAN maps can be used by themselves or in conjunction
with router ACLs.
VLAN ACLs, also called VLAN maps, which filter both bridged and routed packets. VLAN maps
can be used to filter packets exchanged between devices in the same VLAN.
QUESTION NO: 129
Switch SW1 has been configured with Private VLANs. With that type of PVLAN port should the
default gateway be configured?
A. Trunk
B. Isolated
C. Primary
D. Community
E. Promiscuous
F. None of the other alternatives apply
Answer: E
Explanation:
Promiscuous: The switch port connects to a router, firewall, or other common gateway device.
This port can communicate with anything else connected to the primary or any secondary VLAN.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 124
Actu
alTe
sts.
com
In other words, the port is in promiscuous mode, in which the rules of private VLANs are ignored.
QUESTION NO: 130
In the event that two devices need access to a common server, but they cannot communicate with
each other, which security feature should be configured to mitigate attacks between these
devices?
A. private VLANs
B. port security
C. BPDU guard
D. dynamic ARP inspection
E. DHCP snooping
Answer: A
Explanation:
Private VLANs partition a regular VLAN domain into subdomains and can have multiple VLAN
pairs, one for each subdomain. A subdomain is represented by a primary VLAN and a secondary
VLAN. All secondary (private vlan) share the same primary VLANs.
There are two types of secondary VLANs:
* Isolated VLANs-Ports within an isolated VLAN cannot communicate with each other at the Layer
2 level.
* Community VLANs-Ports within a community VLAN can communicate with each other but
cannot communicate with ports in other communities at the Layer 2 level.
Section 17: Troubleshoot switch virtual interfaces (SVIs) (1 Question)
QUESTION NO: 131
An SVI has been configured on a device. Which two statements are true about a switched virtual
interface (SVI)? (Select two)
A. An SVI is normally created for the default VLAN (VLAN1) to permit remote switch
administration.
B. Multiple SVIs can be associated with a VLAN.
C. SVI is another name for a routed port.
D. An SVI is created by entering the no switchport command in interface configuration mode.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 125
Actu
alTe
sts.
com
E. An SVI provides a default gateway for a VLAN.
Answer: A,E
Explanation:
On a multilayer switch, you can also enable Layer 3 functionality for an entire VLAN on the switch.
This allows a network address to be assigned to a logical interface-that of the VLAN itself. This is
useful when the switch has many ports assigned to a common VLAN, and routing is needed in and
out of that VLAN.
The logical Layer 3 interface is known as an SVI . However, when it is configured, it uses the
much more intuitive interface name vlan vlan-id , as if the VLAN itself is a physical interface. First,
define or identify the VLAN interface, and then assign any Layer 3 functionality to it with the
following configuration commands:
Switch(config)# interface vlan vlan-id
Switch(config-if)# ip address ip-address mask [secondary]
The VLAN must be defined and active on the switch before the SVI can be used. Make sure the
new VLAN interface is also enabled with the no shutdown interface configuration command
Section 18: Troubleshoot switch supervisor redundancy (3 Questions)
QUESTION NO: 132
Company has a Catalyst 6500 and you need to configure redundancy between the supervisor
modules. With route processor redundancy (RPR+), the redundant supervisor engine is fully
initialized and configured, which shortens the switchover time if the active supervisor engine fails.
Which three statements are true about the RPR + operations when the redundant supervisor
engine switched over the failed primary supervisor engine? (Choose three)
A. Static IP routes are maintained across a switchover because they are configured from entries in
the configuration file.
B. Information about dynamic routing states, maintained on the active supervisor engine, is
synchronized to the redundant supervisor engine and is transferred during the switchover.
C. Information about dynamic routing states, maintained on the active supervisor engine, is not
synchronized to the redundant supervisor engine and is lost on switchover.
D. The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed
traffic is interrupted until route tables reconverge.
E. Static IP routes are cleared across a switchover and recreated from entries in the configuration
file on the redundant supervisor engine.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 126
Actu
alTe
sts.
com
F. The Forwarding Information Base (FIB) tables are maintained during the switchover. As a
result, routed traffic continues without any interruption when the failover occurs.
Answer: A,C,D
Explanation:
The following guidelines and restrictions apply to RPR+:
RPR+ redundancy does not support configuration entered in VLAN database mode. Use global
configuration mode with RPR+ redundancy.
Configuration changes made through SNMP are not synchronized to the redundant supervisor
engine. Enter a " copy running-config startup-config " command to synchronize the configuration
on the redundant supervisor engine.
Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine
load balancing. Only one supervisor engine is active. Network services are disrupted until the
redundant supervisor engine takes over and the switch recovers.
With RPR+, both supervisor engines must run the same version of Cisco IOS software. If the
supervisor engines are not running the same version of Cisco IOS software, the redundant
supervisor engine comes online in RPR mode.
The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed
traffic is interrupted until route tables reconverge.
Static IP routes are maintained across a switchover because they are configured from entries in
the configuration file.
Information about dynamic states maintained on the active supervisor engine is not synchronized
to the redundant supervisor engine and is lost on switchover.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/r
edund.html
QUESTION NO: 133
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 127
Actu
alTe
sts.
com
Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy
using NSF? (Choose two.)
A. independent of SSO
B. NSF combined with SSO enables supervisor engine load balancing
C. supported by RIPv2, OSPF, IS-IS, and EIGRP
D. supports IPv4 and IPv6 multicast
E. prevents route flapping
F. dependent on FIB tables
Answer: E,F
Explanation:
The purpose of NSF is to enable the Layer 3 switch to continue forwarding packets from an NSF-
capable neighboring router when the primary route processor (RP) is failing and the backup RP is
taking over. So it prevents the route flapping and it depends on FIB (Forwarding Information Base)
table.
QUESTION NO: 134
Which statement best describes Cisco supervisor engine redundancy using Stateful Switchover?
A. Switchover ensures that Layer 2 through Layer 4 traffic is not interrupted.
B. Redundancy requires BGP, OSPF, EIGRP, or IS-IS.
C. Redundancy provides fast supervisor switchover for all Cisco Catalyst 6500 series switches.
D. Switchover can be caused by clock synchronization failure between supervisors.
Answer: D
Explanation:
Section 19: Troubleshoot switch support of advanced services (i.e., Wireless, VOIP and Video) (8
Questions)
QUESTION NO: 135
Exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 128
Actu
alTe
sts.
com
You work as a network technician. Please study the exhibit carefully. In this wireless network, the
LAP (lightweight access point) attempts to register to a WLC (Wireless LAN Controller). What kind
of message is transmitted?
A. The lightweight access point will send Layer 2 and Layer 3 Lightweight Access Point (LWAPP)
mode discovery request messages at the same time.
B. The lightweight access point will send Layer 3 Lightweight Access Point (LWAPP) mode
discovery request messages only.
C. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode
discovery request messages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery.
D. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode
discovery request messages only.
Answer: C
Explanation:
This procedure for a LAP to register with a WLC is: The LAP issues a DHCP request to a DHCP
server in order to get an IP address, unless an assignment was made previously with a static IP
address. If Layer 2 LWAPP mode is supported on the LAP, the LAP broadcasts an LWAPP
discovery message in a Layer 2 LWAPP frame. Any WLC that is connected to the network and
that is configured for Layer 2 LWAPP mode responds with a Layer 2 discovery response. If the
LAP does not support Layer 2 mode, or if the WLC or the LAP fails to receive an LWAPP
discovery response to the Layer 2 LWAPP discovery message broadcast, the LAP proceeds to
step 3. If step 1 fails, or if the LAP or the WLC does not support Layer 2 LWAPP mode, the LAP
attempts a Layer 3 LWAPP WLC discovery. If step 3 fails, the LAP resets and returns to step 1.
Reference:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
QUESTION NO: 136
Exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 129
Actu
alTe
sts.
com
In this scenario the signal transmitted from the AP is reflected off a wall, resulting in multipath
interference at the client end (ClientA). Which of the following statements is true?
A. The transmitted signal from the AP arrives at the client at slightly different times resulting in
phase shifting.
B. Multipath interference can be solved by using dual antennas.
C. If signal 2 is close to 360 degrees out of phase with signal 1, the result is essentially zero signal
or a dead spot in the WLAN.
D. Multipath interference is less of an issue when using a DSSS technology because multipath is
frequency selective.
E. If signal 1 is in phase with signal 2, the result is essentially zero signal or a dead spot in the
WLAN.
F. None of the other alternatives apply.
Answer: B
Explanation:
In order to understand diversity using dual antenna's, you must understand multipath distortion.
When a radio frequency (RF) signal is transmitted towards the receiver, the general behavior of
the RF signal is to grow wider as it is transmitted further. On its way, the RF signal encounters
objects that reflect, refract, diffract or interfere with the signal. When an RF signal is reflected off
an object, multiple wavefronts are created. As a result of these new duplicate wavefronts, there
are multiple wavefronts that reach the receiver.
Diversity is the use of two antennas for each radio, to increase the odds that you receive a better
signal on either of the antennas. The antennas used to provide a diversity solution can be in the
same physical housing or must be two separate but equal antennas in the same location. Diversity
provides relief to a wireless network in a multipath scenario. Diversity antennas are physically
separated from the radio and each other, to ensure that one encounters less multipath
propagation effects than the other. Dual antennas typically ensure that if one antenna is in an RF
null then the other is not, which provides better performance in multipath environments. You can
move the antenna to get it out of the null point and provide a way to receive the signal correctly.
Reference:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008019f646.shtml
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 130
Actu
alTe
sts.
com
QUESTION NO: 137
On the wireless LAN, A client is searching for an access point (AP). What is the correct process
order that this client and access point goes through in order to create a connection?
A. association request/response, probe request/response, authentication request/response
B. association request/response, authentication request/response, probe request/response
C. probe request/response, authentication request/response, association request/response
D. probe request/response, association request/response, authentication request/response
E. None of the other alternatives apply
Answer: C
Explanation:
From the Cisco FAQ on Cisco Aironet Wireless Security:
What steps does Open Authentication involve for a client to associate with the AP? The client
sends a probe request to the APs. The APs send back probe responses. The client evaluates the
AP responses and selects the best AP. The client sends an authentication request to the AP. The
AP confirms authentication and registers the client. The client then sends an association request
to the AP. The AP confirms the association and registers the client.
Reference:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.sht
ml
QUESTION NO: 138
Network topology exhibit:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 131
Actu
alTe
sts.
com
In this WLAN segment, what are three requirements for configuring these Aironet access points
(APs) that will allow for all wireless clients to work without service interruption while roaming from
access point to access point? (Select three)
All access points should be configured....
A. ...with a unique IP subnet range.
B. ... with identical SSIDs.
C. ...within the same IP subnet.
D. ...with the same guest mode SSID.
E. ...only with the native VLAN.
F. ...with the native VLAN.
Answer: B,C,E
Explanation:
This question shows an example of layer 2 roaming. A L2 roam occurs when a WLAN client
moves from one access point to another within the same subnet. If the client moves to a new
access point on a different IP subnet, L3 roaming occurs after the L2 roam has completed.
Roaming is always a client station decision. The client station is responsible for detecting,
evaluating, and roaming to an alternative access point. Figure 3 Sequence of Events for L2 Roam
illustrates a L2 roam.
Figure: Sequence of Events for L2 Roam
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 132
Actu
alTe
sts.
com
The arrows in the figure indicate the following events:
1.
A client moves from access point A coverage area into access point B coverage area ( with both
access points in the same subnet ). As the client moves out of the range of access point A, a
roaming event (for example, maximum retries) is triggered.
2.
The client scans all IEEE 802.11 channels for alternative access points. In this case, the client
discovers access point B and reauthenticates and reassociates to it. After associating to the new
access point B, if it is configured for 802.1X, the client begins IEEE 802.1X authentication.
3.
Access point B sends a null media access control (MAC) multicast, on the client's virtual local area
network (VLAN), using the source address of the client. This updates the content addressable
memory ( CAM ) tables of the upstream switch and directs further LAN traffic for the client to
access point B and not access point A.
4.
Using its own source address, access point B sends a MAC multicast, on the native VLAN , telling
access point A that access point B now has the client associated to it. Access point A receives this
multicast and removes the client MAC address from its association table.
When a roaming event occurs, the client station scans each 802.11 channel. 2 On each channel
the client station sends a probe, and waits for a probe responses or beacons from access points
on that channel. The probe responses and beacons received from access points are discarded
unless they have matching Service Set Identifier (SSID) and encryption settings.
Reference:
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c
5223.html
QUESTION NO: 139
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 133
Actu
alTe
sts.
com
Which three statements are true about implementing wireless LANs in the network using Cisco
devices? (Select three)
A. Antenna power is a relative value reference to dBi.
B. LWAPP allows encrypted communications between lightweight access points and WLAN
controllers.
C. Characteristics of antennas are directionality, gain, and polarization.
D. Power over Ethernet (PoE) is only available when a WLAN controller is integrated into the
network.
E. The WLAN solution Engine (WLSE) is used to control lightweight access points.
F. One of the advantages of the lightweight WLAN solution is that the devices act indepently.
Answer: A,B,C
Explanation:
DBi is a unit measuring the gain of an antenna. The reference level or dBi is the strength of the
signal that would be transmitted by a non-directional isotropic antenna i.e.radiates equally in all
directions. This antenna exists as a mathematical concept used only as a known reference to
measure antenna gain per dBi. In electronics, the term "gain" is often repeated but misunderstood.
Gain implies increase e.g 20 dBi but without respect to where the increase originated.
LWAPP is a draft Internet Engineering Task Force (IETF) standard, authored by Cisco Systems,
that standardizes the communications protocol between lightweight access points and WLAN
systems such as controllers, switches, and routers. Its goals are to:
Reduce the amount of processing within access points, freeing up their computing resources to
focus exclusively on wireless access instead offiltering and policy enforcement
Enable centralized traffic handling, authentication, encryption , and policy enforcement for an
entire WLAN system
Provide a generic encapsulation and transport mechanism for multivendor access point
interoperability, using either a Layer 2 infrastructure oranIP-routed network
When a Cisco LWAPP-enabled access point boots up, it immediately looks for a wireless LAN
controller within the network. After it finds a wireless LAN controller, the LWAPP-enabled access
point sends out encrypted "neighbor" messages.
An antenna gives the wireless system three fundamental properties: gain, direction and
polarization. Gain is a measure of increase in power. Gain is the amount of increase in energy that
an antenna adds to a radio frequency (RF) signal. Direction is the shape of the transmission
pattern. Polarization is the physical orientation of the element on the antenna that actually emits
the RF energy. An omnidirectional antenna, for example, is usually a vertical polarized antenna.
References:
http://wireless-network.wireless-computer-networking.com/dBi.htm
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807f34d3.shtml
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 134
Actu
alTe
sts.
com
QUESTION NO: 140
An IP phone connects a user to a switch as shown below:
Based on the diagram shown above, which statement is true about the voice traffic coming to the
switch access port that is connected to the IP phone?
A. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.
B. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on
the same LAN segment with a PC.
C. To improve the quality of the voice traffic, no other devices should be attached to the IP phone.
D. The voice VLAN must be configured as a native VLAN on the switch.
E. A PC connected to a switch port via an IP phone must support a trunking encapsulation.
Answer: A
Explanation:
The new voice VLAN is called an auxiliary VLAN in the Catalyst software command-line interface
(CLI). In the traditional switched world, data devices reside in a data VLAN. The new auxiliary
VLAN is used to represent other types of devices collectively. Today those devices are IP phones
(hence the notion of a voice VLAN), but, in the future, other types of non-data devices will also be
part of the auxiliary VLAN. Just as data devices come up and reside in the native VLAN (default
VLAN), IP phones come up and reside in the auxiliary VLAN, if one has been configured on the
switch.
When the IP phone powers up, it communicates with the switch using CDP. The switch then
provides the phone with its configured VLAN ID (voice subnet), also known as the voice VLAN ID
or VVID. Meanwhile, data devices continue to reside in the native VLAN (or default VLAN) of the
switch. A data device VLAN (data subnet) is referred to as a port VLAN ID or PVID.
QUESTION NO: 141
Look at the graphic below, the connectivity between Cisco IP phone access port and the
workstation CK-PC has been established, how to manage the traffic?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 135
Actu
alTe
sts.
com
A. The IP phone access port will override the priority of the frames received from the CK-PC.
B. The IP phone access port would trust the priority of the frames received from the CK-PC.
C. The switch port FaO/4 would neglect the priority of the frames received from the CK-PC.
D. The switch port FaO/4 would trust the priority for the frames received from the CK-PC.
Answer: A
Explanation:
The CK-PC connected to the phone, however, should normally be untrusted and have all inbound
CoS values set to 0. This is mentioned here to show how trust boundaries also exist at any
connected IP Phones.
Example:
interface fastethernet 0/1
switchport voice vlan 200
switchport priority extend cos 0
A switch instructs an attached IP Phone through CDP messages as to how it should extend QoS
trust to its own user data switch port. To configure the trust extension, use the following interface
configuration command:
Switch(config-if)# switchport priority extend {cos value | trust}
Normally, the QoS information from a PC connected to an IP Phone should not be trusted. This is
because the PC's applications might try to spoof CoS or Differentiated Services Code Point
(DSCP)
settings to gain premium network service. In this case, use the cos keyword so that the CoS bits
are
overwritten to value by the IP Phone as packets are forwarded to the switch. If CoS values from
the
PC cannot be trusted, they should be overwritten to a value of 0.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 136
Actu
alTe
sts.
com
QUESTION NO: 142
You need to configure a new Cisco router to be installed in the VOIP network. Which three
interface commands will configure the switch port to support a connected Cisco phone and to trust
the CoS values received on the port if CDP discovers that a Cisco phone is attached? (Select
three)
A. switchport voice vlan vlan-id
B. mls qos trust device cisco-phone
C. switchport priority extend cos_value
D. mls qos trust cos
E. mls qos trust override cos
Answer: A,B,D
Explanation:
1. To configure the IP Phone uplink, just configure the switch port where it connects. The switch
instructs the phone to follow the mode that is selected. In addition, the switch port does not need
any special trunking configuration commands if a trunk is wanted. If an 802.1Q trunk is needed, a
special-case trunk is negotiated by Dynamic Trunking Protocol (DTP) and CDP. Use the following
interface configuration command to select the voice VLAN mode that will be used:
Switch(config-if)# switchport voice vlan { vlan-id | dot1p | untagged | none}
2. mls qos trust [ cos ] : Configure the port trust state.
By default, the port is not trusted. All traffic is sent through one egress queue. Use the cos
keyword to classify ingress packets with the packet CoS values. The egress queue assigned to
the packet is based on the packet CoS value
3. mls qos trust device cisco-phone : Configure the Cisco IP Phone as a trusted device on the
interface.
Section 20: Troubleshoot a VoIP support solution (7 Questions)
QUESTION NO: 143
Based on the graphic below, which Catalyst switch interface command should be issued in order
for the switch to instruct the phone to override the incoming CoS from the CK-PC before sending
the packet to the switch?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 137
Actu
alTe
sts.
com
A. switchport priority extend cos 11
B. switchport priority extend cos 2
C. mis qos cos 2
D. mis qos cos 2 override
Answer: B
Explanation:
Overriding the CoS Priority of Incoming Data Frames
You can connect a PC or other data device to a Cisco7960 IP Phone port. The PC can generate
packets with an assigned CoS value. You can configure the switch to override the priority of
frames arriving on the IP phone port from connected devices.
Beginning in privileged EXEC mode, follow these steps to override the CoS priority received from
the nonvoice port on the Cisco7960 IP Phone:
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_14_ea1/config
uration/guide/swvoip.html
QUESTION NO: 144
Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is
configured on the switch port interface connected to the IP phone?
A. Effectively, the trust boundary has been moved to the PC attached to the IP phone.
B. The computer is now establishing theCoS value and has effectively become the trust boundary.
C. The IP phone is enabled to override with aCoS value of 3 the existing CoS marking of the PC
attached to the IP phone.
D. The switch will no longer tag incoming voice packets and will extend the trust boundary to the
distribution layer switch.
E. RTP will be used to negotiate aCoS value based upon bandwidth utilization on the link.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 138
Actu
alTe
sts.
com
Answer: C
Explanation:
The "switchport priority extend cos <priority>" is used to set the IP phone access port to override
the priority received from the PC or the attached device. The CoS value is a number from 0 to 7.
Seven is the highest priority. The default is 0. In this case, it has been set to mark all traffic with a
class of service value of 3.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_14_ea1/config
uration/guide/swvoip.html
QUESTION NO: 145
VOIP is being implemented in the network and you need to assess the need for QoS. Which of the
following network problems would indicate a need to implement QoS features? (Select three)
A. Mis-routed packets
B. Excess jitter
C. Delay of critical traffic
D. Packet loss due to congestion
E. Data link layer broadcast storms
F. FTP connections unsuccessful
Answer: B,C,D
Explanation:
Loss, jitter, and delay are the three reasons for implementing QoS features on modern networks.
Loss is when a packet disappears on a network. Jitter is a timing mismatch between two way
traffic, and delay is when a packet takes too long to get somewhere.
Incorrect Answers:
A: This would indicate a routing problem, or packets being "black-holed." QoS would not help in
this situation.
E: Broadcast storms indicate a problem on a LAN segment, such as a babbling host, too many
hosts, a segment that is too large, a bad application, etc. QoS would not help in this situation.
F: If only FTP sessions were having issues, then the FTP application or FTP server should be
corrected. Normally, FTP sessions are not delay sensitive due to the re-transmission nature of
TCP and do not require QoS.
QUESTION NO: 146
Jitter is causing problems with the VOIP application in the network. What causes network jitter?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 139
Actu
alTe
sts.
com
A. Variable queue delays
B. Packet drops
C. Transmitting too many small packets
D. Compression
Answer: A
Explanation:
Delay variation or jitter is the difference in the delay times of consecutive packets. A jitter buffer is
often used to smooth out arrival times, but there are instantaneous and total limits on buffering
ability. Any type of buffering used to reduce jitter directly increases total network delay. In general,
traffic requiring low latency also requires a minimum variation in latency.
Note: Jitter in Packet Voice Networks :
Jitter is defined as a variation in the delay of received packets. At the sending side, packets are
sent in a continuous stream with the packets being spaced evenly apart. Due to network
congestion, improper queuing, or configuration errors, this steady stream can become lumpy, or
the delay between each packet can vary instead of remaining constant.
QUESTION NO: 147
According to the information presented in the following exhibit, can you tell me the reason that the
trust state of interface FastEthernet 0/3 displays "not trusted"?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 140
Actu
alTe
sts.
com
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 141
Actu
alTe
sts.
com
A. The command mis qos needs to be turned on in global configuration mode.
B. DSCP map needs to be configured for VOIP.
C. ToS has not been configured.
D. There is not a Cisco Phone attached to the interface.
Answer: D
Explanation:
CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-
manufactured devices (routers, bridges, access servers, and switches) and allows network
management applications to discover Cisco devices that are neighbors of already known devices.
With CDP, network management applications can learn the device type and the Simple Network
Management Protocol (SNMP) agent address of neighboring devices running lower-layer,
transparent protocols. This feature enables applications to send SNMP queries to neighboring
devices.
CDP runs on all media that support Subnetwork Access Protocol ( SNAP). Because CDP runs
over the data-link layer only, two systems that support different network-layer protocols can learn
about each other.
Communication between Switch and IP Phone is performed by CDP protocol. There is no CDP
neighbor and trusted state also no trusted.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 142
Actu
alTe
sts.
com
QUESTION NO: 148
You are a network administrator of a large investor relations company that uses a switched
network to carry both data and IP telephony services. Why should you carry voice traffic on a
separate VLAN?
A. IP phones require inline power and must be in separate VLAN to receive inline power.
B. IP telephony applications require prioritization over other traffic as they are more delay
sensitive.
C. IP phones can only receive IP addresses through DHCP if they are in separate VLAN.
D. The CDP frames from the IP phone can only be recognized by the switch if the phone is in an
auxiliary vlan.
Answer: B
Explanation:
Voice conversations don't take up a lot of bandwidth, but the bandwidth they do is very delicate. If
anything happens with the connection or the integrity of the data transfer in either direction the
conversation won't seam natural. To ensure the highest degree of integrity you should put voice
traffic on its own separate VLAN and give that VLAN the highest priority.
QUESTION NO: 149
Which QoS mechanisms can you use on a converged network to improve VoIP quality? (Select
three)
A. The use of a queuing method that will give VoIP traffic strict priority over other traffic.
B. The use of RTP header compression for the VoIP traffic.
C. The proper classification and marking of the traffic as close to the source as possible.
D. The use of 802.1QinQ trunking for VoIP traffic.
E. The use of WRED.
Answer: A,C,E
Explanation:
In order to optimize the quality of VOIP calls, QoS should be implemented to ensure that VOIP
traffic is prioritized over other traffic types.
By providing a strict queue for VOIP traffic, you will ensure that voice calls take precedence over
the other traffic types.
In order to properly provide for QoS across the network, the voice traffic should be marked to give
priority as close to the source as possible. This will ensure that the traffic is prioritized end to end.
Finally, WRED (Weighted Random Early Detection) could be configured to prevent congestion.
WRED can be used to selectively drop less important traffic types, instead of dropping the voice
packets when links become busy.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 143
Actu
alTe
sts.
com
Incorrect Answers:
B: Compression can be used to lower the bandwidth required to transmit VOIP calls, but it will not
help with improving the voice quality. In general, compression of any kind lowers the quality of
VOIP.
D: The trunking method used will have no bearing on the VOIP quality.Section 21: Troubleshoot a
video support solution(3 Questions)
QUESTION NO: 150
The Company is rolling out Cisco's Architecture for Voice, Video and Integrated Data (AVVID).
Which of the following choices represent the fundamental intelligent network services in Cisco's
AVVID? (Select all that apply.)
A. Quality of Service (QoS)
B. Intelligent platforms
C. Mobility and scalability
D. Security
E. High availability
Answer: A,C,D,E
Explanation:
By creating a robust foundation of basic connectivity and protocol implementation, Cisco AVVID
Network Infrastructure addresses five primary concerns of network deployment: High availability
Quality of service (QoS) Security Mobility and Scalability
Reference:
http://www.cisco.com/en/US/netsol/netwarch/ns19/ns24/networking_solutions_audience_business
_benefit09186a008009d678.html
QUESTION NO: 151
Which of the characteristics below is associated with the (QoS) Integrated Services Model?
A. QoS classified at layer 3 using IP precedence or DSCP.
B. Guaranteed rate service.
C. Implemented using FIFO queues.
D. All traffic has an equal chance of being dropped.
Answer: B
Explanation:
Cisco IOS QoS includes the following features that provide controlled load service, which is a kind
of integrated service:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 144
Actu
alTe
sts.
com
Resource Reservation Protocol (RSVP) can be used by applications to signal their QoS
requirements to the router.
Intelligent queuing mechanisms can be used with RSVP to provide the following kinds of services:
Ø Guaranteed Rate Service, which allows applications to reserve bandwidth to meet their
requirements. For example, a Voice over IP (VoIP) application can reserve 32 Mbps end to end
using this kind of service. Cisco IOS QoS uses weighted fair queuing (WFQ) with RSVP to provide
this kind of service.
Ø Controlled Load Service, which allows applications to have low delay and high throughput even
during times of congestion. For example, adaptive real-time applications such as playback of a
recorded conference can use this kind of service. Cisco IOS QoS uses RSVP with Weighted
Random Early Detection (WRED) to provide this kind of service.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter0
9186a008007ff07.html#1000946
QUESTION NO: 152
You work as a network technician. Your boss is interested in the QoS technology in the context of
video traffic. What can be said of application of this technology in this type of network? (Select
three)
A. The access layer is the initial point at which traffic enters the network. Traffic is marked (or
remarked) at Layers 2 and 3 by the access switch as it enters the network, or is "trusted" that it is
entering the network with the appropriate tag.
B. No traffic marking occurs at the core layer. Layer 2/3 QoS tags are trusted from distribution
layer switches and used to prioritize and queue the traffic as it traverses the core.
C. Traffic inbound from the access layer to the distribution layer can be trusted or reset depending
upon the ability of the access layer switches. Priority access into the core is provided based on
Layer 3 QoS tags.
D. IP precedence, DSCP, QoS group, IP address, and ingress interface are Layer 2
characteristics that are set by the access layer as it passes traffic to the distribution layer. The
distribution layer, once it has made a switching decision to the core layer, strips these off.
E. MAC address, Multiprotocol Label Switching (MPLS); the ATM cell loss priority (CLP) bit, the
Frame Relay discard eligible (DE) bit, and ingress interface are established by the voice
submodule (distribution layer) as traffic passes to the core layer.
F. The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic
within a certain time frame, which is typically a fixed number internal to the switch. If a frame is
determined to be in excess of the predefined rate limit, the CoS value can be marked up in a way
that results in the packet being dropped.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 145
Actu
alTe
sts.
com
Answer: A,B,C
Explanation:
Three main types of QoS policies are required within the Campus:
1)Classification and Marking
2)Policing and Markdown
3)Queuing
Classification, marking, and policing should be performed as close to the traffic-sources as
possible, specifically at the Campus Access-Edge. Queuing, on the other hand, needs to be
provisioned at all Campus Layers (Access, Distribution, Core) due to oversubscription ratios.
Distribution and edge switches can be configured to trust the COS markings of incoming traffic,
rest the COS value to 0, or reset the COS value to a different value. These switches also perform
the necessary functions to map the layer 2 COS values to a layer 3 TOS or DSCP value when
sending traffic into the cloud.
Section 22: Troubleshoot Layer 3 Security (4 Questions)
QUESTION NO: 153
Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been
assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration.
Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the
output displayed in the exhibit, which statement is true?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 146
Actu
alTe
sts.
com
A. HSRP must be configured on SW1.
B. A separate router is required to support interVLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global config command ip routing must be configured on the SW1 switch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support interVLAN routing.
Answer: D
Explanation:
To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been
a router's function. The router must have a physical or logical connection to each VLAN so that it
can forward packets between them. This is known as interVLAN routing .
Multilayer switches can perform both Layer 2 switching and interVLAN routing, as appropriate.
Layer 2 switching occurs between interfaces that are assigned to Layer 2 VLANs or Layer 2
trunks. Layer 3 switching can occur between any type of interface, as long as the interface can
have a Layer 3 address assigned to it.
Switch(config)# ip routing command enables the routing on Layer 3 Swtich
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 147
Actu
alTe
sts.
com
QUESTION NO: 154
Refer to the exhibit. VLAN2, VLAN3, and VLAN10 are configured on the switch D-SW1.
Host computers are on VLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the
management VLAN is on VLAN10 (10.1.10.0). Hosts are able to ping each other but are unable to
reach the servers. On the basis of the exhibited output, which configuration solution could rectify
the problem?
A. Enable IP routing on the switch D-SW1.
B. Configure a default route that points toward network 200.1.1.0/24.
C. Assign an IP address of 10.1.3.1/24 to VLAN3.
D. Configure default gateways to IP address 10.1.2.1 on each host.
E. Configure default gateways to IP address 10.1.10.1 on each host.
F. Configure default gateways to IP address 200.1.1.2 on each host.
Answer: C
Explanation:
Although a routed port is configured for connectivity with an external router, Inter-VLAN routing
would most likely be achieved through the use of a virtual interface.
Example:
To route between VLANs 10 and 20 which have been configured on the multilayer switch use the
following configuration:
RouteSwitch(config)# interface vlan 10 RouteSwitch(config-if)# ip address 10.0.10.1
255.255.255.0 RouteSwitch(config)# interface vlan 20 RouteSwitch(config-if)# ip address
10.0.20.1 255.255.255.0
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 148
Actu
alTe
sts.
com
QUESTION NO: 155
The network is displayed in the following network topology exhibit:
Router configuration exhibit:
Based on the network diagram and routing table output in the exhibit, which of these statements is
true?
A. Although interVLAN routing is not enabled, both workstations will have connectivity to each
other.
B. Although interVLAN routing is enabled, the workstations will not have connectivity to each
other.
C. InterVLAN routing has been configured properly, and the workstations have connectivity to
each other.
D. InterVLAN routing will not occur since no routing protocol has been configured.
E. None of the other alternatives apply.
Answer: C
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 149
Actu
alTe
sts.
com
A Layer 2 network can also exist as a VLAN inside one or more switches. VLANs are essentially
isolated from each other so that packets in one VLAN cannot cross into another VLAN.
To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been
a router's function. The router must have a physical or logical connection to each VLAN so that it
can forward packets between them. This is known as interVLAN routing . InterVLAN routing can
be performed by an external router that connects to each of the VLANs on a switch. Separate
physical connections can be used, or the router can access each of the VLANs through a single
trunk link.
The Switch Port which is connected with Router should be trunk link, You need to configure like:
Switch(config)# interface fa 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)#
switchport trunk encapsulation dot1q
In Router you need to configure like:
Router(config)# interface fa 0/0 Router(config-if)# description VLAN 1 Router(config-if)# ip address
192.168.10.1 255.255.255.0
Router(config)# interface fa 0/0.10 Router(config-subif)# description Management VLAN 10
Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip address 192.168.91.1
255.255.255.0
Router(config)# interface fa 0/0.20 Router(config-subif)# description Engineering VLAN 20
Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip address 192.168.20.1
255.255.255.0
QUESTION NO: 156
Study the following graphic carefully Host1 and Host2, which belong to different VLANs, are in the
same subnet. According to the information displayed, which description is correct when trying to
ping from host to host?
A. A trunk port should be configured on the link between CK-SW1 and CK-SW2 to ping
successfully.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 150
Actu
alTe
sts.
com
B. The two hosts should be in the same VLAN in order to ping successfully.
C. A Layer 3 device is a must in order for the ping command to be successful.
D. The ping command will be successful without any further configuration changes.
Answer: D
Explanation:
Normally, to transport packets between VLANs, you must use a Layer 3 device. However, in this
case the "switchport mode access" command has been used for these ports so the VLAN
information will be sent along untagged. Devices that are in different VLANs can ping each other
as long as they are in the same subnet when the VLAN information is untagged.
Section 23: Troubleshoot issues related to ACLs used to secure access to Cisco routers (2
Questions)
QUESTION NO: 157
The following "show" command was issued on R1:
Study the exhibit carefully. What will happen to traffic within VLAN 14 with a source address of
172.16.10.5?
A. The traffic will be dropped.
B. The traffic will be forwarded to the router processor for further processing.
C. The traffic will be forwarded without further processing.
D. The traffic will be forwarded to the TCAM for further processing.
E. None of the other alternatives apply
Answer: A
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 151
Actu
alTe
sts.
com
Explanation:
VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN
maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or
are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike router
ACLs, VLAN maps are not defined by direction (input or output).
To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the
standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This
access-list will select the traffic that will be either forwarded or dropped by the access-map. Only
traffic matching the 'permit' condition in an access-list will be passed to the access-map for further
processing. Enter the vlan access-map access-map-name [ sequence ] global configuration
command to create a VLAN ACL map entry. Each access-map can have multiple entries. The
order of these entries is determined by the sequence . If no sequence number is entered, access-
map entries are added with sequence numbers in increments of 10. In access map configuration
mode, optionally enter an action forward or action drop . The default is to forward traffic. Also enter
the match command to specify an IP packet or a non-IP packet (with only a known MAC address),
and to match the packet against one or more ACLs (standard or extended). Use the vlan filter
access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one
or more VLANs. A single access-map can be used on multiple VLANs.
QUESTION NO: 158
Refer to the exhibit. Based upon the configuration, you need to understand why the policy routing
match counts are not increasing. Which would be the first logical step to take? Select the best
response.
A. Confirm if there are other problematic route-map statements that precede divert.
B. Check the access list for log hits.
C. Check the routing table for 212.50.185.126.
D. Remove any two of the set clauses. (Multiple set clause entries will cause PBR to use the
routing table.)
Answer: B
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 152
Actu
alTe
sts.
com
Explanation:
Section 24: Troubleshoot configuration issues related to accessing the AAA server for
authentication purposes (1 Questions)
QUESTION NO: 159
Exhibit:
You work as a network administrator. You study the exhibit carefully. What is the function of this
configuration?
A. mitigates the risk of rogue devices gaining unauthorized access to the network
B. sets the port state to authorized
C. sets the maximum number of retries to supplicant for EAP-request frames of types other than
EAP-Request/Identify
D. sets the port state to unauthorized
E. configures a guest VLAN on this interface
Answer: A
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 153
Actu
alTe
sts.
com
Explanation:
Cisco switches supports port-based authentication with combination of AAA, which is known as
dot1x authentication. When it is enabled, a switch port will not pass any traffic until a user has
authenticated with the switch. If the authentication is successful, the user can use the port
normally.
Section 25: Troubleshoot security issues related to IOS services (i.e.,finger, NTP, HTTP, FTP,
RCP etc.) (4 Questions)
QUESTION NO: 160
You want to enhance the security within the LAN and prevent VLAN hopping. What two steps can
be taken to help prevent this? (Select two)
A. Enable BPD guard
B. Disable CDP on ports where it is not necessary
C. Place unused ports in a common unrouted VLAN
D. Prevent automatic trunk configuration
E. Implement port security
Answer: C,D
Explanation:
To prevent VLAN hoping you should disable unused ports and put them in an unused VLAN, or a
separate unrouted VLAN. By not granting connectivity or by placing a device into a VLAN not in
use, unauthorized access can be thwarted through fundamental physical and logical barriers.
Another method used to prevent VLAN hopping is to prevent automatic trunk configuration.
Hackers used 802.1Q and ISL tagging attacks, which are malicious schemes that allow a user on
a VLAN to get unauthorized access to another VLAN. For example, if a switch port were
configured as DTP auto and were to receive a fake DTP packet, it might become a trunk port and
it might start accepting traffic destined for any VLAN. Therefore, a malicious user could start
communicating with other VLANs through that compromised port.
Reference: VLAN Security White Paper, Cisco Systems
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00801315
9f.shtml
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 154
Actu
alTe
sts.
com
QUESTION NO: 161
The network is being flooded with invalid Layer 2 addresses, causing switch CAM tables to be
filled and forcing unicast traffic to be transmitted out all switch ports. Which type of Layer 2 attack
is being used here?
A. MAC spoofing
B. VLAN hopping
C. MAC address flooding
D. DHCP flooding
E. Session hijacking
Answer: C
Explanation:
Port security is especially useful in the face of MAC address flooding attacks. In these attacks, an
attacker tries to fill up a switch's CAM tables by sending a large number of frames to it with source
MAC addresses that the switch is unaware of at that time. The switch learns about these MAC
addresses and puts them in its CAM table, thinking that these MAC addresses actually exist on
the port on which it is receiving them. In reality, this port is under the attacker's control and a
machine connected to this port is being used to send frames with spoofed MAC addresses to the
switch. If the attacker keeps sending these frames in a large-enough quantity, and the switch
continues to learn of them, eventually the switch's CAM table becomes filled with entries for these
bogus MAC addresses mapped to the compromised port.
Under normal operations, when a machine receiving a frame responds to it, the switch learns that
the MAC address associated with that machine sits on the port on which it has received the
response frame. It puts this mapping in its CAM table, allowing it to send any future frames
destined for this MAC address directly to this port rather than flood all the ports on the VLAN.
However, in a situation where the CAM table is filled up, the switch is unable to create this CAM
entry. At this point, when the switch receives a legitimate frame for which it does not know which
port to forward the frame to, the switch floods all the connected ports belonging to the VLAN on
which it has received the frame. The switch continues to flood the frames with destination
addresses that do not have an entry in the CAM tables to all the ports on the VLAN associated
with the port it is receiving the frame on.
Reference: http://book.soundonair.ru/cisco/ch05lev1sec2.html
QUESTION NO: 162
A MAC address flood attack is occurring on the LAN. During this attack, numerous frames are
forwarded to a switch which causes the CAM table to fill to capacity. How does this action benefit
the attacker?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 155
Actu
alTe
sts.
com
A. All traffic is tagged with a specific VLAN ID from the VLAN of the attacker and is now viewable.
B. Clients will forward packets to the attacking device, which will in turn send them to the desired
destination but not before recording the traffic patterns.
C. All traffic is redirected to the VLAN that the attacker used to flood the CAM table.
D. All traffic is flooded out all ports and an attacker is able to capture all data.
E. None of the other alternatives apply
Answer: D
Explanation:
MAC flooding basically involves bombarding the switch with spoofed ARP requests in the hope of
making the switch "fail open". This, in essence, makes the switch display the characteristics of a
hub, where it sends packets to all ports. A MAC flooding attack looks like traffic from thousands or
computers moving into one port, but it's actually the attacker spoofing the MAC address of
thousands of non-existent hosts. The goal is to flood the switches CAM (content addressable
memory) table, or port/MAC table with these bogus requests, and once flooded, the switch will
broadcast openly onto a LAN, allowing the attacker to start sniffing. The success of this attack is
almost completely dependant on the model and manufacturer of the switch.
Reference: http://www.governmentsecurity.org/archive/t2605.html
QUESTION NO: 163
Which of the following characteristics describe the BPDU Guard feature? (Choose all that apply.)
A. A BPDU Guard port should only be configured on ports with PortFast enabled.
B. BPDU Guard and PortFast should not be enabled on the same port.
C. BPDU Guard is used to ensure that superior BPDUs are not received on a switch port.
D. A BPDU Guard port receiving a BPDU will go into err-disable state.
E. A BPDU Guard port receiving a BPDU will be disabled.
F. BPDU Guard can be enabled on any switch port.
Answer: A,E
QUESTION NO: 164
Which of the following are valid modes of accessing the data plane? (Choose all that apply.)
A. Serial connection
B. Secure Shell
C. RADIUS
D. Simple Network Management Protocol
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 156
Actu
alTe
sts.
com
E. HTTP
F. Telnet
Answer: A,B,D,E,F
QUESTION NO: 165
Which of the following is not an essential prerequisite for AutoQoS to be correctly applied to an
interface? (Choose all that apply.)
A. The interface must be configured as a Multilink PPP interface.
B. The correct bandwidth should be configured on the interface.
C. A QoS policy must not be currently attached to the interface.
D. CEF must be enabled.
E. AutoQoS must be enabled globally before it can be enabled on the interface.
F. An IP address must be configured on the interface if its speed is equal to or less than 768 kbps.
Answer: A,E
QUESTION NO: 166
Which of the following topology situations would be a qood candidate for configuring DMVPN?
A. Extranet VPN
B. Managed overlay VPN topology
C. Hub-and-spoke VPN topology
D. Central-site VPN topology
E. Full mesh VPN topology
F. Remote-access VPN topology
Answer: E
QUESTION NO: 167
Which of the following is not considered a common approach to narrow the field of potential
problem causes? (Choose the best answer.)
A. Following the traffic path
B. Top-down
C. Comparing configurations
D. Bottom-up
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 157
Actu
alTe
sts.
com
E. Divide and conquer
F. Examine SLAs
Answer: F
QUESTION NO: 168
Which of the following best describes the following command: ip flow-export destination
192.168.1.50 1500?
A. it is not a valid NetFlow command.
B. it is an SNMP command that exports 1500-byte packets to IP address 192.168.1.50.
C. it is a NetFlov/ command that v/ill export 1500-byte packets to IP address 192.168.1.50.
D. it is a NetFlov/ command that allows IP address 192.168.1.50 to send traffic to port 1500.
E. It is a NetFlov/ command that v/ill specify that the NetFlov/ collector's IP address is
192.168.1.50 over UDP port 1500.
F. It is an SNMP command that exports flows to destination address 1Q2.168.1.50 for packets up
to an MTU of 1500.
Answer: E
QUESTION NO: 169
Which of the following are valid methods of providing a router with information concerning the
location of the RP? (Choose all that apply.)
A. Statically defined RP
B. Bootstrap Router
C. Auto-RP
D. RP Discovery Protocol (RDP)
E. RP Helios
F. RPARP(RARP)
Answer: A,B,C
QUESTION NO: 170
Which of the following are shared distribution tree characteristics? (Choose all that apply.)
A. Memory requirements are higher for shared distribution tree than for source distribution tree.
B. Creates a tree from a central RP to all last-hop routers.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 158
Actu
alTe
sts.
com
C. Uses a rendezvous point.
D. An optimal path is created between each source router and each last-hop router.
E. Place (S,G) entry in each router's multicast routing table.
F. Place (*,G) entry in a router's multicast routing to table.
Answer: C,F
QUESTION NO: 171
Given the multicast IP address of 224.193.5.10, what would the corresponding multicast MAC
address be?
A. 00-00-0c-c0-05-0a
B. 00-00-0c-cl-05-0a
C. 01-00-5e-00-00-0c
D. 01-00-5e-41-05-0a
E. 00-00-0c-01-00-5e
F. 01-00-5e-cl-05-0a
Answer: D
QUESTION NO: 172
Which of the following is an accurate description of the command copy startup-config
ftp://kevin:[email protected]?
A. The configuration on the FTP server is copied to RAM.
B. The command is not valid on a Cisco router.
C. The configuration file in RAM is copied to an FTP server.
D. The configuration file in NVRAM is copied to an FTP server.
E. The configuration on the FTP server is copied to NVRAM.
F. The configuration will be copied from NVRAM to an FTP server with a filename of Kevin.
Answer: D
QUESTION NO: 173
Which of the following commands can be used to gather information about the AS-PATH of a BGP
route? (Choose all that apply.)
A. show ip bgp neighbors
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 159
Actu
alTe
sts.
com
B. debug ip bgp updates
C. show ip route bgp
D. show ip bgp
E. show ip bgp summary
F. sh ip bgp database
Answer: B,D,E
QUESTION NO: 174
How long will a port remain in the listening state by default?
A. Depends on the number of switches in the spanning tree domain
B. 50 seconds
C. 15 seconds
D. Until the root directs it to start forwarding
E. 20 seconds
F. Depends on the pott speed
Answer: C
QUESTION NO: 175
A new router is added to an existing HSRP standby group. One of the existing routers is in an
active state, the other is in a standby state. Under what circumstance will the new router become
the active router?
A. The new router will become active immediately because it's the newest router introduced into
the group.
B. The new router can become active only when the existing active router and the existing standby
router become unavailable.
C. The new router has a lower priority value.
D. The new router will never become active unless the existing active router becomes unavailable.
E. The new router has preempt configured and a higher priority
F. The new router has a higher priority value.
Answer: E
QUESTION NO: 176
Which of the following is not a valid reason for a packet to be punted?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 160
Actu
alTe
sts.
com
A. The TCAM has reached capacity
B. An unknown destination MAC address
C. A packet being discarded due to a security violation
D. A Telnet packet from a session being initiated with the switch
E. Routing protocols sending broadcast traffic
F. A packet belonging to a GRE tunnel
Answer: B,C
QUESTION NO: 177
Which of the following are not true OSPF LSA rules?
A. OSPF LSA type 5 triggers an LSA type 7 at an ABR between an NSSA and the backbone area.
B. OSPF LSA type 1 triggers an LSA type 3 at an ABR.
C. OSPF LSA type 7 triggers an LSA type 5 at an ABR between an NSSA and the backbone area.
D. OSPF LSA type 3 triggers an LSA type 4 at an ABR.
E. OSPF LSA type 5 triggers an LSA type 7 at an A5BR but only in N5SAs.
F. OSFP LSA type 2 triggers an LSA type 3 at an ABR.
Answer: A,D,E
QUESTION NO: 178
Several troubleshooters are about to work on the same problem. Which of the following
troubleshooting methods would be most appropriate to make the best use of the troubleshooters1
time?
A. Bottom up
B. Component swapping
C. Top down
D. Shoot from the hip
E. Divide and conquer
F. Follow the traffic path
Answer: E
QUESTION NO: 179
Which of the following are not BGRP data structures? (Choose all that apply.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 161
Actu
alTe
sts.
com
A. EIGRP database table
B. EIGRP CEF table
C. EIGRP neighbor table
D. EIGRP adjacency table
E. EIGRP interface table
F. EIGRP topology table
Answer: A,B,D
QUESTION NO: 180
Which of the following is a valid host IPv6 address? (Choose all that apply.)
A. ff02:a:b:c::l/64
B. 2001:aaaa: 1234:456c: 1/64
C. 2001:000a:lb2c::/64
D. 2fff:f:f:f::f/64
E. ff02:33ab:l:32::2/128
F. 2001:bad:2345:a:b::cef/128
Answer: B,D,F
QUESTION NO: 181
You examine the port statistics on a Cisco Catalyst switch and notice an excessive number of
frames are being dropped. Which of the following are possible reasons for the drops?
A. Unknown destination MAC address
B. Bad cabling
C. MAC forwarding table is full
D. Port configured for half duplex
E. Port configured for full duplex
F. Network congestion
Answer: B,F
QUESTION NO: 182
Which of the following would be considered reasonable network maintenance tasks? (Choose all
that apply.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 162
Actu
alTe
sts.
com
A. Ensuring compliance with legal regulations and corporate policies
B. Troubleshooting problem reports
C. Planning for network expansion
D. Providing support to sales and marketing
E. Giving presentations to management
F. Monitoring and tuning network performance
Answer: A,B,C,F
QUESTION NO: 183
Which of the following options represents the correct sequence of DHCP messages after a client
initially boots?
A. DHCPREQUEST, DHCPOFFER, DHCPDISCOVER, DHCPACK
B. DHCPDISCOVER, DHCPOFER, DHCPREQUEST, DHCPACK
C. DHCPOFFER, DHCPACK, DHCPREQUEST, DHCPDISCOVER
D. DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, DHCPACK
E. DHCPREQUE5T, DHCPDISCOVER, DHCPOFFER, DHCPACK
F. DHCPDISCOVER, DHCPACK, DHCPREQUEST, DHCPOFFER
Answer: B
QUESTION NO: 184
Which of the following statements regarding documentation would not be considered a helpful step
in the troubleshooting process?
A. Use the Cisco Auto Configuration tool.
B. Use the Cisco Rollback feature.
C. Automate documentation.
D. Schedule documentation checks.
E. Use the Cisco Configuration Archive tool.
F. Require documentation prior to a ticket being closed out.
Answer: A
QUESTION NO: 185
Which of the following statements are true concerning the command ip sla monitor responder type
tcpconnect ipaddress 10.1.1.1 port 23? (Choose all that apply.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 163
Actu
alTe
sts.
com
A. The command will initiate a probe with a destination IP address of 10.1.1.1.
B. The command is used on the IP SLA responder and the IP SLA source.
C. The command will allow only source address 10.1.1.1 to source probes.
D. The command will initiate a probe with a destination Telnet port.
E. The command is used to make the router a responder.
F. The command will initiate a probe with a source port of 23.
Answer: A,D
QUESTION NO: 186
In what situation would the command ip helper-address be required? (Choose the best answer.)
A. Only when there is a duplicate IP address caused by a combination of static and dynamic IP
address allocations
B. On each router that exists between the client and the server
C. Only when a router separates the client from the server
D. Only if the DHCP sever issues a DHCPNAK to the initial request
E. Only when the client is on the same subnet as the server
F. Only when the DHCP pool is out of IP addresses
Answer: C
QUESTION NO: 187
Which of the following commands will restore a previously archived configuration by replacing the
running configuration with the archived configuration?
A. configure archive running-config
B. configure replace
C. copy archive running config
D. copy startup-config running-config
E. copy tftp running-config
F. configure tftp running-config
Answer: B
QUESTION NO: 188
Which of the following is not a characteristic of fast switching?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 164
Actu
alTe
sts.
com
A. Fast switching reduces a routers CPU utilization, compared to process switching.
B. All packets of a flow, except for the first packet, use the information in the fast cache.
C. It can be enabled with the interface command ip route-cache.
D. Fast switching uses a fast cache maintained in a router's control plane.
E. The fast cache contains information about how traffic from different data flows should be
forwarded.
F. Even though the fast switching is enabled, the first packet of a flow is still process switched.
Answer: D
QUESTION NO: 189
Which of the following commands will display a router's crypto map IPsec security association
settings?
A. show crypto map ipsec sa
B. show crypto map
C. show crypto engine connections active
D. show ipsec crypto map
E. show crypto map sa
F. show ipsec crypto map sa
Answer: A
QUESTION NO: 190
Which of the following pieces of information will the command show interface provide? (Choose all
that apply.)
A. Layer 1 status
B. Output queue drops
C. Interface CPU utilization
D. Cable type connected to interface
E. Layer 2 status
F. Input queue drops
Answer: A,B,E,F
QUESTION NO: 191
Which of the following statements concerning IGMP are correct? (Choose all that apply.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 165
Actu
alTe
sts.
com
A. With IGMPvl, queries are sent to a specific group.
B. Hosts issuing IGMPvl requests will be correctly interpreted by IGMPv2 hosts due to backward
compatibility.
C. An IGMPv2 router will ignore IGMPv2 leave messages when IGMFVl hosts are present.
D. With IGMFV2, a leave message is supported.
E. An IGMPv2 host will send an IGMFVl report on an IGMFVl router.
F. An IGMPv2 router can only allow IGMPv2 hosts to execute a join request.
Answer: C,D,E
QUESTION NO: 192
Which of the following are byproducts of a structured maintenance plan? (Choose all that apply.)
A. Predictable security vulnerabilities
B. Economies of scale
C. Improved expenditure forecasts
D. Increased downtime
E. Predictable equipment obsolescence
F. Consumption of fewer resources
Answer: A,B,C,E,F
QUESTION NO: 193
Which of the following are correct statements?
A. EIGRP advertises the best routes to its neighbor.
B. EIGRP uses "cost" to determine best path.
C. EIGRP allows unequal cost load balancing.
D. OSPF requires neighbor adjacencies before updates are sent.
E. EIGRP advertises all routes to its neighbor.
F. OSPF allows unequal cost load balancing.
Answer: A,C,D
QUESTION NO: 194
Which of the following commands will remove all dynamic entries for a router's NAT table?
A. clear nat translations
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 166
Actu
alTe
sts.
com
B. clear ip nat translations*
C. clear ip nat statistics
D. clear ip nat transactions *
E. clear ip nat translations
F. clear ip nat translations all
Answer: B
QUESTION NO: 195
Which of the following are TACACS+ characteristics? (Choose all that apply.)
A. Cisco proprietary
B. Standards-based protocol
C. Provides separate services for authentication, authorization, and accounting
D. Encrypts only the password
E. Uses UDP for a transport layer
F. Encrypts the entire packet
Answer: A,C,F
QUESTION NO: 196
Which of the following are common issues that should be considered when establishing or
troubleshooting site-to-site VPNs? (Choose all that apply.)
A. User authentication
B. Overlapping IP address space
C. GRE or IPsec configuration
D. MTU size
E. VPN client software
F. Authentication server configured ly
Answer: B,C,D
QUESTION NO: 197
Which of the following would provide good baseline documentation to have on hand when
analyzing potential problems? (Choose all that apply.)
A. User authentication ID and password
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 167
Actu
alTe
sts.
com
B. User profile
C. Output of debug
D. Output of show interface
E. Result of ping
F. Output of show process cpu
Answer: C,D,E,F
QUESTION NO: 198
Which of the following characteristics describe the Root Guard feature? (Choose all that apply.)
A. The port must be put into forwarding state manually after root-inconsistent state has been
corrected.
B. A Root Guard port receiving superior BPDU goes into a root-inconsistent state.
C. A Root Guard port receiving inferior BPDU goes into a root-inconsistent state.
D. While the port is in a root-inconsistent state no user data is sent across that port.
E. The port returns to a forwarding state if inferior BPDUs stop.
F. It should be applied to all switch ports.
Answer: B,D
QUESTION NO: 199
Which of the following commands provides data plane information required to forward a packet to
a specific ip address?
A. sh ip route
B. sh ip cef <ip_address>
C. sh adjacency <ip_address>
D. sh ip route <ip_addres$>
E. sh ip adjacency </p_address>
F. sh ip cef <mac_addrQss> <ip_address>
Answer: B
QUESTION NO: 200
Which of the following management types can be used to deploy appropriate quality-of-service
solutions to make the most efficient use of bandwidth?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 168
Actu
alTe
sts.
com
A. Fault management
B. Accounting management
C. Operations management
D. Performance management
E. Security management
F. Configuration management
Answer: D
QUESTION NO: 201
Whichof the following are valid modes of packet switching on most routers? (Choose all that
apply.)
A. Cisco Express Fonvarding
B. FIB switching
C. Cache switching
D. Optimized switching
E. Process switching
F. Fast switching
Answer: A,E,F
QUESTION NO: 202
Which of the following is an unlikely reason for the ARP process to fail?
A. CEF switching is disabled on the switch
B. The source device and destination device are in different VLANs
C. The VLAN is excluded from the trunk
D. The host is connected to the switch through an IP phone
E. A faulty cable from host to switch or between switches
F. The trunking encapsulation type is inconsistent on the two ends of the link
Answer: A,D
QUESTION NO: 203
Which of the following is not a characteristic of Cisco Express Forwarding?
A. The adjacency table is populated from a router's ARP cache.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 169
Actu
alTe
sts.
com
B. CEF does not require the first packet of a data flow to be process switched.
C. CEF maintains the Forward Information Base and the adjacency table.
D. CEF can be enabled with the interface command ip cef.
E. The FIB is populated from a router's IP routing table.
F. On most router platforms CEF is enabled by default.
Answer: D
QUESTION NO: 204
Which of the following are considered subcomponents of the problem diagnosis step of the
troubleshooting flow? (Choose all that apply.)
A. Eliminate potential causes
B. Collect information
C. Document causes
D. Hypothesize underlying causes
E. Verif/ hypothesis
F. Examine collected information
Answer: A,B,D,E,F
QUESTION NO: 205
Which of the following virtual MAC addresses is correct for the HSRP group 22?
A. 0000.0c70.ac22
B. 0000.0c07.22ac
C. 0000.0c07.acl6
D. 0000.0c07.ac22
E. 0000.0c70.cala
F. 0000.0d22.ac07
Answer: C
QUESTION NO: 206
Which of the following procedures are involved in the recommended three-step troubleshooting
flow? (Choose the best three answers.)
A. Problem report
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 170
Actu
alTe
sts.
com
B. Problem collaboration
C. Problem diagnosis
D. Problem resolution
E. Problem documentation
F. Probiem authentication
Answer: A,C,D
QUESTION NO: 207
Which of the following data structures exist on a router for the OSPF routing protocol?
A. OSPF topology table
B. OSPF interface table
C. OSPF routing information base
D. OSPF link-state database
E. OSPF adjacency table
F. OSPF neighbor table
Answer: B,C,D,F
QUESTION NO: 208
A router simultaneously receives all the following routes in various routing updates. Which of the
following routes would end up in the routing table? (Choose all that apply.)
A. RIP route 10.1.2.0/24
B. EIGRP route 10.1.2.0/24
C. RIP route 10.1.0.0/16
D. OSPF route 10.1.0.0/16
E. RIP route 10.0.0.0/16
F. OSPF route 10.1.2.0/24
Answer: B,D,E
QUESTION NO: 209
Which of the following commands would result in the following output: M.M.M
A. Ping 10.1.1.1 Data Pattern M.
B. Ping 10.1.1.1 timeout 0
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 171
Actu
alTe
sts.
com
C. Ping 10.1.1.1 size 1500 df-bit
D. Ping 10.1.1.1 source loopback 0
E. Ping 10.1.1.1 size 1500
F. Ping 10.1.1.1 size 1500 Strict
Answer: C
QUESTION NO: 210
Which of the following commands will cause RIPng to originate a default route advertisement while
suppressing all other routes?
A. Rl(config-if)#ipv6 default-information originate
B. Rl(config-router)#ipv6 rip <process-name> default-information only
C. Rl(config)#ipv6 route ::/0 null 0
D. Rl(config-if)#ipv6 rip <process-name> default-information only
E. Rl(config-router)#ipv6 rip route ;:/0 originate
F. Rl(config-router)#aggregate-address ::/0 summarize-routes
Answer: D
QUESTION NO: 211
The 0SPFv3 process will send hello packets to which of the follov/ing well-known addresses?
A. 255.255.255.255
B. 224.0.0.6
C. FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFF:FFF
D. FF02::10
E. 224.0.0.10
F. FF02::5
Answer: F
QUESTION NO: 212
Which of the following commands shows all routes learned via EIGRP? (Choose all that apply.)
A. show ip eigrp topology
B. show ip eigrp adjacency
C. show ip eigrp routes
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 172
Actu
alTe
sts.
com
D. show ip eigrp database
E. show ip route eigrp
F. show ip eigrp forwarding
Answer: A
QUESTION NO: 213
Which of the following three port types are valid Spanning Tree port types? (Choose the best three
answers.)
A. Designated port
B. Nonswitch port
C. Switch port
D. Nonroot port
E. Nondesignated port
F. Root port
Answer: A,E,F
QUESTION NO: 214
Which of the following is a valid method for defining a seed metric? (Choose all that apply.)
A. The default-metric command configured under the appropriate interface
B. The metric parameter in the network command of a routing process
C. The metric parameter in the redistribute command
D. The default-metric command
E. A route-map containing a seed command
F. A route map containing a metric command
Answer: C,D,F
QUESTION NO: 215
Which of the following characteristics are common to both RIPv2 and RIPng? (Choose all that
apply.)
A. Link-local address used for next-hop addresses
B. Interface can be added to RIP routing process in either interface configuration mode or in router
configuration mode
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 173
Actu
alTe
sts.
com
C. Uses a multicast to send routing updates
D. Use hop count as a metric
E. Distance-vector routing protocol
F. Maximum hop count is 15 with 16 being "unreachable"
Answer: C,D,E,F
QUESTION NO: 216
Which of the following commands will enable you to see the contents of the IP routing table and
send the output to a TFTP server at the same time?
A. show ip route | to tftp://192.168.1.1/route.txt
B. show ip route | tee tftp://192.168.1.1/route.txt
C show ip route | include tftp://192.168.1.1/route.txt
D. show ip route ft include tJtp://19Z168.1.1/route.txt
E. show ip route | redirect tftp://192.168.1.1/route.txt
Answer: B
QUESTION NO: 217
Which of the following solutions will encapsulate IPv6 packets with IPv4 headers?
A. Create an IPv4 tunnel and assign the tunnel IPv6 addresses.
B. Create IPv4 interfaces on both ends of the network, and use either static routes or a routing
process to direct IPv6 packets through those interfaces.
C. IPv6 packets cannot be encapsulated with IPv4 headers because the addresses are not
compatible.
D. Create IFV6 interfaces on both ends of the network, and use static routes to point the IPv4
address to those interfaces.
E. Use an IPv6 routing protocol like OSPFv3 and assign IPv4 packets to that process.
F. Create an IPv4 tunnel and use the tunnel mode ipv6ip command.
Answer: F
QUESTION NO: 218
Which of the following is not a typical wireless troubleshooting target?
A. Quality of Service
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 174
Actu
alTe
sts.
com
B. Trunk configuration
C. Access lists
D. Routing protocol configuration
E. Power over Ethernet
F. DHCP configuration
Answer: D
QUESTION NO: 219
Which of the following is a valid representation of the following IPv6 address:
2001:0000:0000:0abc:0000:0000:000a:000b? Choose the answer with the least number of digits.
A. 2001:0000:0:abc:0000:0000:a:b
B. 2001::abc::a:b
C. 2001::abc:0:0:000a:000b
D. 2001::0abc:0000:0000:a:b
E. 2001:0000:0000:abc::a:b
F. 2001::abc:0:0:a:b
Answer: F
QUESTION NO: 220
Which of the following are troubleshooting targets common to both site-to-site and remote-access
VPNs? (Choose all that apply.)
A. Routing loops
B. Misconfiguration of VPN end points
C. Overiapping IP address space
D. DMVPN
E. User profiles
F. MTU
Answer: A,B,F
QUESTION NO: 221
You are using NBAR to get a statistical baseline for the applications running on your network but
discover that some applications are not being recognized. Which of the following are possible
solutions? (Choose all that apply.)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 175
Actu
alTe
sts.
com
A. Use the ip nbar pdlm command to allow NBAR to reference a new PDLM in flash memory.
B. If NBAR doesn't recognize certain applications you must contact Cisco and ask them to email
you a new PDLM for that application.
C. Use the ip nbar port-map command to allow NBAR to recognize certain applications with anev/
port number.
D. The applications not being recognized can be rerouted to an NBAR collector, which has a more
complete list of applications.
E. Use the copy nbar flash: command to download a new PDLM file to flash.
F. Use the ip nbar pdlm command to download a new NBAR reference file from the Cisco website.
Answer: A,C
QUESTION NO: 222
Which of the following statements are true for routers but not true for Layer 3 Ethernet switches?
(Choose all that apply.)
A. May have Ethernet as well as non-Ethernet interfaces
B. Traditionally used as a standalone device for inter-VLAN communication
C. Makes use of TCAMs
D. Uses subinterfaces to define trunks
E. Can use both Layer 2 and Layer 3 to make forwarding decisions
F. Allows the definition of Switched Virtual Interfaces (SVI)
Answer: A,B,D
QUESTION NO: 223
Which of the following events would not explain excessive CPU utilization?
A. A large number of BGP sessions.
B. A large BGP table.
C. A router is configured with the following command: ip route 0.0.0.0 0.0.0.0 fa 0/1.
D. All interface buffers are continually in use.
E. A flapping interface.
F. The router sends a large number of ARP requests.
Answer: B
QUESTION NO: 224
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 176
Actu
alTe
sts.
com
Which of the following correctly fills in the missing words of this sentence: An ARP request uses a
address, whereas an ARP reply uses a address.
A. broadcast, multicast
B. unicast, broadcast
C. broadcast, unicast
D. multicast, unicast
E. broadcast, broadcast
F. unicast, multicast
Answer: C
QUESTION NO: 225
Which of the following is not a typical maintenance task within a network maintenance model?
A. Providing technical customer support
B. Changing configurations
C. Updating software
D. Monitoring network performance
E. Replacing hardware
F. Scheduling backups
Answer: A
QUESTION NO: 226
Which of the following router models will support 1000 tunnels?
A. 2811
B. 2801
C. 2851
D. 2821
E. 1841
F. 3825
Answer: A,B,C,D,F
QUESTION NO: 227
A network administrator enters the command clear ip route * and as a result he sees the message,
"Please update the network documentation to record why the ip routing table was cleared." Which
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 177
Actu
alTe
sts.
com
router feature was used in this case?
A. NetFlow
B. SNMP
C. Debug
D. SysLog
E. EEM
F. CEF
Answer: E
QUESTION NO: 228
Which of the following types of attacks does DHCP snooping prevent? (Choose all that apply.)
A. Attacker sends multiple DHCP requests flooding DHCP server
B. Attacker connects rogue server initiating DHCP requests
C. Attacker connects rogue server replying to DHCP requests
D. Attacker sends DHCP jam signal causing DHCP server to crash
E. Attacker sends gratuitous ARP replies, thereby jamming the DHCP server
F. Attacker sends unsolicited DHCP replies, thereby jamming the DHCP server
Answer: A,C
QUESTION NO: 229
You issue the command show process memory | include BGP and notice that BGP is consuming a
large percentage of the router's memory. Which of the following steps would result in lowering the
amount of memory being consumed by BGP? (Choose all that apply.)
A. Filter unneeded BGP routes.
B. Run BGP on a different platform that already has more memory.
C. Upgrade the router memory.
D. Increase the BGP update timer.
E. Compress the BGP table.
F. Use a default route instead of maintaining a full BGP table.
Answer: A,C,F
QUESTION NO: 230
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 178
Actu
alTe
sts.
com
Which of the following characteristics applies only to OSPFv3 and not to OSPFv2?
A. Several processes can exist simultaneously
B. Requires direct connectivity from the backbone area to all other areas
C. Has the same packet types
D. Can support multiple subnets on a single link
E. Uses a hierarchical structure divided into areas
F. Adjacencies formed with neighbors
Answer: D
QUESTION NO: 231
A router has been configured with an EIGRP variance of 3. Which of the following statements is
true?
A. An error will result because a router cannot be configured with an EIGRP variance of 3 because
the maximum variance number is 2.
B. The successor route will end up in the routing table, and so will any route with a metric at most
three times greater than the value of the successor's metric.
C. EIGRP will only advertise routes that are within three hops of the current router.
D. The successor route will end up in the routing table, and so will any route with a metric at least
one third the value of the successor's metric.
E. The best three routes with equal cost paths will end up in the routing table.
F. The successor route will be any route with three times the value of the advertised distance.
Answer: B
QUESTION NO: 232
Which of the following statements is correct?
A. A route's feasible distance is the sum of the router's metric to reach the neighbor, plus the
advertised distance.
B. A route's feasible distance is calculated as the advertised distance plus the feasible successor's
distance.
C. A route's successor route is the feasible distance plus the advertised distance.
D. A route's feasible distance is the sum of the advertised distance and the successor distance.
E. A route's feasible successor is calculated as the successor plus the feasible distance.
F. A route's feasible successor is the sum of the router's metric to reach the neighbor, plus the
advertised distance.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 179
Actu
alTe
sts.
com
Answer: A
QUESTION NO: 233
Which of the following are considered common elements found in a set of network documents?
(Choose all that apply.)
A. Building schematic
B. IGP community elements
C. Listing of interconnections
D. Physical topology diagram
E. Logical topology diagram
F. Inventory of network equipment
Answer: C,D,E,F
QUESTION NO: 234
Which of the following troubleshooting targets is considered to be a Layer 2 issue? (Choose all
that apply.)
A. Spanning Tree Protocol
B. Cabling
C. Frame forwarding
D. Packet forwarding
E. EtherChannel
F. Routing protocols
Answer: A,C,E
QUESTION NO: 235
You are using AutoQoS Enterprise and realize that the results are not what you expected. Which
of the following are possible reasons for AutoQoS not functioning correctly? (Choose all that
apply.)
A. The interface you configured for AutoQoS is set to half-duplex.
B. AutoQoS was configured on only one end of the link.
C. The interface you configured for AutoQoS has no IP address.
D. The interface's bandwidth is not correctly configured.
E. CEF is not enabled on the interface.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 180
Actu
alTe
sts.
com
F. You enabled AutoQoS on the interface but forgot to enable globally first.
Answer: B,C,D,E
QUESTION NO: 236
Which of the following statements are true regarding Layer 3 switches? (Choose all that apply.)
A. A routed port does not run STP or DTP.
B. A routed port is considered to be in a down state if it is not operational at both Layer 1 and
Layer 2.
C. An SVI is considered to be in a down state if it is not operational at both Layer 1 and Layer 2.
D. An SVI is considered to be in a down state only when none of the ports in the corresponding
VLAN are active.
E. An SVI port does not run 5TP or DTP.
F. To create a trunk, an SVI can be logically divided into subinterfaces.
Answer: A,B,D
QUESTION NO: 237
Which of the following characteristics are true assuming you are troubleshooting a network
currently enabled for VRRP? (Choose all that apply.)
A. The network is load balancing among different members of the VRRP group.
B. The default hello timers are 1 second.
C. The interface IP address is being used as the virtual IP address.
D. There are several routers in the group simultaneously forwarding traffic for the group.
E. It is a Cisco Proprietary protocol.
F. The default hello timers are 3 seconds.
Answer: B,C
QUESTION NO: 238
Which of the following types of NAT allows multiple private internal IP addresses to use a single
public external IP address?
A. NAT mapping
B. NAT overloading
C. NAT caching
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 181
Actu
alTe
sts.
com
D. Static NAT
E. Dynamic NAT
F. Overlapping NAT
Answer: B
QUESTION NO: 239
Which of the following scenarios are likely reasons for an EtherChannel to fail?
A. Mismatched EtherChannel protocol
B. Mismatched EtherChannel port selection
C. Mismatched EtherChannel distribution algorithm
D. Mismatched trunk mode
E. Mismatched native VLAN
F. Mismatched link speed
Answer: A,D,E,F
QUESTION NO: 240
Which of the following NTP command specifies that a router is in the Eastern time zone, which is
five hours behind GMT?
A. timezone EST -5
B. clock timezone GMT -5
C. dock GMT -5
D. clock EST-5
E. NTP timezone EST -5
F. dock timezone EST -5
Answer: F
Explanation:
Topi 4: More Questions (50 Questions)
QUESTION NO: 241
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 182
Actu
alTe
sts.
com
You are working as a network technician, study the exhibit carefully. Your boss has informed you
that there have been problems with the WAN that is using EIGRP routing protocol. You are
required to troubleshoot these problems.
Before going to the questions of this sim, we should have a quick review about GRE tunneling:
GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two
routers, notice that the "tunnel destination" must be the IP address of the interface, not of the
opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the other
router.
Below are the questions of this lab-sim.
What is preventing the 192.168.1.150 network from appearing in the HQ router's routing table?
A. The default route is missing from the Branch4 router.
B. The IP address on the E0/0 interface for the Branch4 router has the wrong IP mask. It should
be 255.255.255.252.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 183
Actu
alTe
sts.
com
C. The network statement under router EIGRP on the Branch4 router is incorrect. It should be
network 192.168.1.0 0.0.0.255.
D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address
using the eigrp neighbor ipaddress command.
E. The IP address on the tunnel interface on P4S-Branch4 is incorrect. It should be 192.168.1.12
255.255.255.252.
Answer: C
Explanation:
As you can guess, you will need to use the show running-config command on Branch4 router
From the
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 184
Actu
alTe
sts.
com
From the show running-config output of Branch4, we learn that the EIGRP network was wrongly
configured on this router. By configuring "network 192.168.1.14 0.0.0.0" the Branch4 will only
advertise host 192.168.1.14 to HQ so HQ router will not know about the existence of
192.168.1.150 network.
QUESTION NO: 242
You are working as a network technician, study the exhibit carefully. Your boss has informed you
that there have been problems with the WAN that is using EIGRP routing protocol. You are
required to troubleshoot these problems.
Before going to the questions of this sim, we should have a quick review about GRE tunneling:
GRE Quick Summary
The picture below shows how to configure a GRE Tunnel between two routers, notice that the
"tunnel destination" must be the IP address of the interface, not of the opposite tunnel.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 185
Actu
alTe
sts.
com
Notice: The tunnel source on one router must be specified as the tunnel destination on the other
router.
Below are the questions of this lab-sim.
What is the reason that tunnel 5 on the HQ router is down when its companion tunnel on the
Branch5 router is up?
A. The IP address on the tunnel interface on Branch5 is incorrect. It should be 192.168.1.16
255.255.255.252.
B. The tunnel source for tunnel 5 is incorrect on the HQ router. It should be serial 2/0.
C. The tunnel numbers for tunnel between the HQ router and the Branch5 router do not match.
D. The tunnel destination address for tunnel 5 is incorrect on the HQ router. It should be 10.2.5.1
to match the interface address of the Branch5 router.
E. The tunnel interface for tunnel 5 on the HQ router is in the administrative down state.
Answer: B
Explanation:
Section: (none)
Use the show running-config command on HQ router, we learn that the tunnel source configured
on HQ is Serial1/0 but HQ router connects to the Internet via Serial2/0 interface -> the tunnel
source configured on HQ router was incorrect.
QUESTION NO: 243
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 186
Actu
alTe
sts.
com
You are working as a network technician, study the exhibit carefully. Your boss has informed you
that there have been problems with the WAN that is using EIGRP routing protocol. You are
required to troubleshoot these problems.
Before going to the questions of this sim, we should have a quick review about GRE tunneling:
GRE Quick Summary
The picture below shows how to configure a GRE Tunnel between two routers, notice that the
"tunnel destination" must be the IP address of the interface, not of the opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the other
router.
Below are the questions of this lab-sim.
What is preventing the HQ router and the Branch1 router from building up an EIGRP neighbor
relationship?
A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address
using the eigrp neighbor ipaddress command.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 187
Actu
alTe
sts.
com
B. The tunnel destination address is incorrect on the HQ router. It should be 10.2.1.1 to match the
interface address of the Branch1 router.
C. The tunnel source is incorrect on the Branch1 router. It should be serial 2/0.
D. The default route is missing from the Branch1 router.
E. The tunnel interface numbers for the tunnel between the HQ router and Branch1 router do not
match.
Answer: B
Explanation:
Use the show running-config command on HQ and Branch1 routers and we will see the tunnel
destination address was wrongly configured on HQ router.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 188
Actu
alTe
sts.
com
QUESTION NO: 244
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 189
Actu
alTe
sts.
com
You are working as a network technician, study the exhibit carefully. Your boss has informed you
that there have been problems with the WAN that is using EIGRP routing protocol. You are
required to troubleshoot these problems.
Before going to the questions of this sim, we should have a quick review about GRE tunneling:
GRE Quick Summary
The picture below shows how to configure a GRE Tunnel between two routers, notice that the
"tunnel destination" must be the IP address of the interface, not of the opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the other
router.
Below are the questions of this lab-sim.
For the following statements, what is preventing a successful ping between the HQ router and the
192.168.1.10 interface on the Branch3 router?
A. The default route is missing from the Branch3 router.
B. The tunnel interface numbers for the tunnel between the HQ router and the Branch3 router do
not match
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 190
Actu
alTe
sts.
com
C. The tunnel source is incorrect on the Branch3 router. It should be serial 2/0.
D. The IP address on the tunnel interface for the Branch3 router has wrong IP mask. It should be
255.255.255.252
E. The network statement under router EIGRP on the Branch3 router is incorrect. It should be
network 192.168.2.0.0.0.0.255.
Answer: A
Explanation:
The Branch3 router is missing the default route to HQ router's interface (Serial2/0) so the ping
command will not work.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 191
Actu
alTe
sts.
com
QUESTION NO: 245
You are working as a network technician, study the exhibit carefully. Your boss has informed you
that there have been problems with the WAN that is using EIGRP routing protocol. You are
required to troubleshoot these problems.
Before going to the questions of this sim, we should have a quick review about GRE tunneling:
GRE Quick Summary
The picture below shows how to configure a GRE Tunnel between two routers, notice that the
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 192
Actu
alTe
sts.
com
"tunnel destination" must be the IP address of the interface, not of the opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the other
router.
Below are the questions of this lab-sim.
What is the reason for the ping between the HQ router and the 192.168.1.193 interface on the
Branch2 router failing?
A. The default route is missing from the Branch2 router.
B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address
using the eigrp neighbor ip address command.
C. The tunnel numbers for the tunnel between the HQ router and the Branch2 router do not match.
D. The tunnel source is incorrect on the Branch2 router. It should be serial 2/0.
E. The AS number for the EIGRP process on Branch2 should be 1 and not 11.
Answer: E
Explanation:
First we should check the configuration of both HQ and Branch 2 routers by using the show
running-config command
On HQ router:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 193
Actu
alTe
sts.
com
On Branch2 router
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 194
Actu
alTe
sts.
com
From the outputs we learn that the AS numbers in two routers are not the same. They therefore do
not become EIGRP neighbors and the ping between two routers should fail.
QUESTION NO: 246
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible.
To gain access to either the topology or the SDK click on the button to left side of the screen that
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 195
Actu
alTe
sts.
com
corresponds to the section you wish to access. When you have finished viewing the topology the
SDK you can return to your questions by clicking on the Questions button to the left.
Which peer authentication method and which IPSEC mode is used to connect to the branch
locations? (Choose two)
A. Digital Certificate
B. Pre-Shared Key
C. Transport Mode
D. Tunnel Mode
E. GRE/IPSEC Transport Mode
F. GRE/IPSEC Tunnel Mode
Answer: B,D
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 196
Actu
alTe
sts.
com
QUESTION NO: 247
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible. To gain access to either the
topology or the SDK click on the button to left side of the screen that corresponds to the section
you wish to access. When you have finished viewing the topology the SDK you can return to your
questions by clicking on the Questions button to the left.
Which algorithm as defined by the transform set is used for providing data confidentiality when
connected to Tyre?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 197
Actu
alTe
sts.
com
A. ESP-3DES-SHA
B. ESP-3DES-SHA1
C. ESP-3DES-SHA2
D. ESP-3DES
E. ESP-SHA-HMAC
Answer: D
Explanation:
In the site-to-site VPN branch we see something like this
so the answer should be ESP-3DES-SHA2 or ESP-3DES?
To answer this question, we should review the concept:
"Data confidentiality is the use of encryption to scramble data as it travels across an insecure
media". Data confidentiality therefore means encryption.
"The transform set is a group of attributes that are exchanged together, which eliminates the need
to coordinate and negotiate individual parameters". In the picture above, we can see 3 parts of the
transform-set ESP-3DES-SHA2:
IPsec protocol: ESP
IPsec encryption type: 3DES
IPsec authentication: SHA2
The question wants to ask which algorithm is used for providing data confidentiality (encryption),
therefore the answer should be D - ESP-3DES.
QUESTION NO: 248
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 198
Actu
alTe
sts.
com
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible.
To gain access to either the topology or the SDK click on the button to left side of the screen that
corresponds to the section you wish to access. When you have finished viewing the topology the
SDK you can return to your questions by clicking on the Questions button to the left.
Which defined peer IP address an local subnet belong to Crete? (Choose two)
A. peer address 192.168.55.159
B. peer address 192.168.89.192
C. peer address 192.168.195.23
D. subnet 10.5.15.0/24
E. subnet 10.7.23.0/24
F. subnet 10.4.38.0/24
Answer: A,D
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 199
Actu
alTe
sts.
com
QUESTION NO: 249
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible. To gain access to either the
topology or the SDK click on the button to left side of the screen that corresponds to the section
you wish to access. When you have finished viewing the topology the SDK you can return to your
questions by clicking on the Questions button to the left.
Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)
A. 102
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 200
Actu
alTe
sts.
com
B. 116
C. 127
D. IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN
E. IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
F. IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.
Answer: B,E
Explanation:
From the output above, we learn that the IPSec Rule is 116. Next click on "IPSec Rules" and
select the Name/Number of 116 to view the rule applied to it. You will see a "permit" rule for traffic
from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard which are inverse
subnet masks)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 201
Actu
alTe
sts.
com
QUESTION NO: 250
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible. To gain access to either the
topology or the SDM, click on the button to left side of the screen that corresponds to the section
you wish to access. When you have finished viewing the topology the SDM, you can return to your
questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its
Internet connectivity. As a recent addition to the network engineering team, you have been tasked
with documenting the active Firewall configurations on the Annapolis router using the Cisco Router
and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks
under the Configure tab, answer the following questions:
Which two options would be correct for a permissible incoming TCP packet on an untrusted
interface in this configuration? (Choose two)
A. The packet has a source address of 172.16.29.12
B. The packet has a source address of 10.94.61.29
C. The session originated from a trusted interface
D. The application is not specified within the inspection rule SDM_LOW
E. The packet has a source address of 198.133.219.144
Answer: C,E
Explanation:
The "incoming TCP packet on an untrusted interface" refers to the traffic sent from the outside to
the outer interface of the router.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 202
Actu
alTe
sts.
com
(Notice: In the real exam, there may be more filter rules than the ones shown above) The access
list denies traffic from 172.16.29.12/30 and 10.0.0.0/8 networks so A and B are not correct. D is
obviously incorrect because the SDM_LOW did specify the filter rule. The access list 101 only filter
packets from "returning traffic" and it does not proceed traffic originated from a trusted (inside)
interface so C is correct. E is correct because the IP address of 198.133.219.144 is not in the
"deny" lists so it satisfies the "permit any" line.
QUESTION NO: 251
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible. To gain access to either the
topology or the SDM, click on the button to left side of the screen that corresponds to the section
you wish to access. When you have finished viewing the topology the SDM, you can return to your
questions by clicking on the Questions button to the left.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 203
Actu
alTe
sts.
com
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its
Internet connectivity. As a recent addition to the network engineering team, you have been tasked
with documenting the active Firewall configurations on the Annapolis router using the Cisco Router
and Security Device Manager (SDM) utility.
Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following
questions:
Which two statements would specify a permissible incoming TCP packet on a trusted interface in
this configuration? (Choose two)
A. The packet has a source address of 10.79.233.107
B. The packet has a source address of 172.16.81.108
C. The packet has a source address of 198.133.219.40
D. The destination address is not specified within the inspection rule SDM_LOW.
Answer: A,C
Explanation:
The "incoming TCP packet on a trusted packet" refers to the packet originates from the inside
(trusted) interface.
The configured access list denies packets in the 172.16.81.108/30 subnetwork so it will only drop
packets that have a source address of 172.16.81.108 while allow other packets to go through
(except 255.255.255.255 and 127.0.0.0/8)
QUESTION NO: 252
This item contains several questions that you must answer. You can view these questions by
clicking on the Questions button to the left. Changing questions can be accomplished by clicking
the numbers to the left of each question. In order to complete the questions, you will need to refer
to the SDM and the topology, neither of which is currently visible. To gain access to either the
topology or the SDM, click on the button to left side of the screen that corresponds to the section
you wish to access. When you have finished viewing the topology the SDM, you can return to your
questions by clicking on the Questions button to the left.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 204
Actu
alTe
sts.
com
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its
Internet connectivity. As a recent addition to the network engineering team, you have been tasked
with documenting the active Firewall configurations on the Annapolis router using the Cisco Router
and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks
under the Configure tab, answer the following questions:
Which statement is true?
A. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface.
B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces.
C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface
D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.
Answer: C
Explanation:
The trusted interface is the inside interface and the untrusted interface is the outside interface.
Moreover, from the above picture we see that the "Originating traffic" starts from FastEthernet0/0
to Serial0/0/0. So Fa0/0 is the inside interface and S0/0/0 is the outside interface.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 205
Actu
alTe
sts.
com
QUESTION NO: 253
Which three statements accurately describe IOS Firewall configurations? (Choose three)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the inbound direction on the unsecured interface should be an extended
ACL.
D. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the
returning traffic must be a standard ACL.
Answer: A,B,C
QUESTION NO: 254
Study this exhibit carefully. What information can be derived from the SDM firewall configuration
displayed?
A. Access-list 101 was configured for the trusted interface, and access-list 100 was configured for
the untrusted interface
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 206
Actu
alTe
sts.
com
B. Access-list 100 was configured for the trusted interface, and access-list 101 was configured for
the untrusted interface.
C. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for
the outbound direction on the trusted interface.
D. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for
the outbound direction on the untrusted interface.
Answer: B
Explanation:
The last line of access-list 100 is used to "permit" all the traffic so it is the inside (trusted) interface.
The last line of access-list 101 is used to "deny" all traffic so it is the outside (untrusted) interface.
QUESTION NO: 255
Which two statements are true about the Cisco Classic (CBAC) IOS Firewall set? (Choose two)
A. It can be used to block bulk encryption attacks.
B. It can be used to protect against denial of service attacks
C. Traffic originating from the router is considered trusted, so it is not inspected.
D. Based upon the custom firewall rules, an ACL entry is statically created and added to the
existing ACL permanently.
E. Temporary ACL entries that allow selected traffic to pass are created and persist for the
duration of the communication session.
Answer: B,E
QUESTION NO: 256
Which two encapsulation methods require that an 827 ADSL router be configured with a PPP
username and CHAP password? (Choose two)
A. PPPoE with the 827 configured as a bridge
B. PPPoE with the 827 configured as the PPPoE client
C. PPPoA
D. RFC 1483 Bridged with the 827 configured as the PPPoE client
E. RFC 1482 Bridged with the 827 configured as a bridge
Answer: B,C
Explanation:
When configuring PPPoE (as the PPPoE client) and PPPoA, we need a username and password
to match with those configured at the Internet Service Provider (ISP).
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 207
Actu
alTe
sts.
com
QUESTION NO: 257
Router NetworkTut is configured as shown below:
Given the above configuration, which statement is true?
A. This device is configured as a PPPoE client
B. This device is configured as a PPPoA client
C. This device is configured as RFC 1483/2684 bridge
D. This device is configured an an aggregation router
Answer: B
Explanation:
Notice that the command "encapsulation aaa15mux ppp dialer" is configured under interface
ATM0/0. This configuration is used for PPPoA client.
QUESTION NO: 258
As a network engineer, study the exhibit carefully. Router Net is unable to establish an ADSL
connection with its provider. Which action would correct this problem?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 208
Actu
alTe
sts.
com
A. On the Dialer0 interface, add the pppoe enable command
B. On the Dialer0 Interface, add the ip mtu 1496 command
C. On the ATM0/0 interface, add the dialer pool-member 1 command
D. On the ATM0/0 interface, add the dialer pool-member 0 command.
Answer: C
QUESTION NO: 259
Which statement about PPPoA configuration is correct?
A. The dsl operating-mode auto command is required if the default mode has been changed.
B. The ip mtu 1496 command must be applied on the dialer interface
C. The encapsulation ppp command is required
D. The ip mtu 1492 command must be applied on the dialer interface
Answer: A
QUESTION NO: 260
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 209
Actu
alTe
sts.
com
Network Topology Exhibit:
Configuration Exhibit:
NET(config)# access-list 112 deny icmp any any echo log
NET(config)# access-list 112 deny imp any any redirect log
NET(config)# access-list 112 deny icmp any any mask-request log
NET(config)# access-list 112 permit icmp any 10.1.1.0 0.0.0.255
NET(config)# interface Fa0/1
NET(config-if)# ip access-group 112 in
You work as a network administrator at networkTut.com, study the exhibit carefully. The
configuration has been applied to router NET to mitigate the threat of certain types of ICMPbased
attacks while allowing some ICMP traffic to the corporate LAN to work. However, the configuration
is incorrect. On the basis of the information in the exhibit, which configuration option would
correctly configure router NET?
A. The first three statements of ACL 112 should have permitted the ICMP traffic and the last
statement should deny the identified traffic.
B. The last statement of ACL 112 should have been "access-list 112 deny icmp any 10.2.1.0
0.0.0.255".
C. The last statement of ACL 112 should have been "access-list 112 permit icmp any 10.2.1.0
0.0.0.255".
D. ACL 112 should have been applied to interface Fa0/0 in an inbound direction.
E. The last statement of ACL 112 should have been "access-list 112 deny icmp any 10.1.1.0
0.0.0.255".
F. ACL 112 should have been applied to interface Fa0/1 in an outbound direction
G. None of the above.
Answer: C
Explanation:
The network 10.2.1.0 is the internal LAN network. If the last statement is "access-list 112 permit
icmp any 10.1.1.0 0.0.0.255", it will allow ICMP traffic sent from the Internet to work and thus
makes the router vulnerable to ICMP-based attacks
QUESTION NO: 261
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 210
Actu
alTe
sts.
com
As a network technician, do you know what is a recommended practice for secure configuration
management?
A. Disable post scan
B. Use SSH or SSL
C. Enable trust levels
D. Deny echo replies on all edge routers
Answer: B
QUESTION NO: 262
As a network engineer, do you know for what purpose SDM uses Security Device Event Exchange
(SDEE)?
A. to provide a keepalive mechanism
B. to pull event logs from the router
C. to extract relevant SNMP information
D. to perform application-level accounting
Answer: B
QUESTION NO: 263
Authentication is the process of determining if a user or identity is who they claim to be. Refer to
the exhibit. Which statement about the authentication process is correct?
A. The LIST1 list will disable authentication on the console port.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 211
Actu
alTe
sts.
com
B. All login requests will be authenticated using the group tacacs+ method
C. The default login authentication will automatically be applied to all login connections
D. Because no method list is specified, the LIST1 list will not authenticate anyone on the console
port.
Answer: A
Explanation:
The command "aaa authentication login LIST1 none" tells the router not to use any authentication
method for the LIST1. The command "login authentication LIST1" under console mode applies the
LIST1 for the logging using console port.
QUESTION NO: 264
In computer security, AAA stands for authentication, authorization and accounting. Which option
about the AAA authentication enable default group radius enable command is correct?
A. If the radius server returns an error, the enable password will be used.
B. If the radius server returns a 'failed' message, the enable password will be used.
C. The command login authentication group will associate the AM authentication to a specified
interface.
D. If the group database is unavailable, the radius server will be used.
Answer: A
QUESTION NO: 265
Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two)
A. A good security practice is to have the none parameter configured as the final method used to
ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be
able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode
as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method
previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command
Answer: D,F
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 212
Actu
alTe
sts.
com
Explanation:
The aaa new-model command will override previously configured authentication method -> D is
correct.
Two authentication options are prescribed by the above command. They are tacacs+ and none
QUESTION NO: 266
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configure
a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface
information? (Select two)
A. The crypto ACL number
B. The IPSEC mode (tunnel or transport)
C. The GRE tunnel interface IP address
D. The GRE tunnel source interface or IP address, and tunnel destination IP address
E. The MTU size of the GRE tunnel interface
Answer: C,D
QUESTION NO: 267
Which statement correctly describes IPsec VPN backup technology?
A. The cypto isakmp keepalive command is used to configure the Stateful Switchover (SSO)
protocol.
B. Reverse Route Injection (RRI) is configured on at the remote site to inject the central site
networks
C. Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MAC
addresses and a virtual IP address.
D. The cypto isakmp keepalive command is used to configure stateless failover
Answer: D
QUESTION NO: 268
IPSec VPN is a widely-acknowledged solution for enterprise network. What are the four steps to
setup an IPsec VPN?
A. Step 1: Interesting traffic initiates the IPsec process.
Step 2: ESP authenticates IPsec peers and negotiates IKE SAs.
Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.
Step 4: Data is securely transferred between IPsec peers.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 213
Actu
alTe
sts.
com
B. Step 1: Interesting traffic initiates the IPsec process.
Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.
Step 3: IKE authenticates IPsec peers and negotiates IKE SAs.
Step 4: Data is securely transferred between IPsec peers.
C. Step 1: Interesting traffic initiates the IPsec process.
Step 2: IKE authenticates IPsec peers and negotiates IKE SAs.
Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.
Step 4: Data is securely transferred between IPsec peers.
D. Step 1: Interesting traffic initiates the IPsec process.
Step 2: AH authenticates IPsec peers and negotiates IKE SAs.
Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers.
Step 4: Data is securely transferred between IPsec peers.
Answer: C
QUESTION NO: 269
Study the exhibit carefully. The Cisco IOS IPsec High Availability (IPsec HA) Enhancements
feature provides an infrastructure for reliable and secure networks to provide transparent
availability of the VPN gateways - that is, Cisco IOS Software-based routers. What are the two
options that are used to provide High Availability IPsec? (Choose two)
A. HSRP
B. Dual Router Mode (DRM) IPsec
C. IPsec Backup Peerings
D. RRI
Answer: A,D
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 214
Actu
alTe
sts.
com
Explanation:
The "standby ip" command specifies HSRP is being used (and it establishes 192.168.0.3 as the IP
of the virtual router).
The "crypto map" and "reverse-route" lines specify Reverse Route Injection (RRI) is being used.
Reverse Route Injection (RRI) is the process of injecting a static route into the Interior Gateway
Protocol (IGP) routing table.
To configure RRI under a static crypto map, we perform the following steps:
1. configure terminal
2. crypto map {map-name} {seq-name} ipsec-isakmp (creates or modifies a crypto map entry and
enters crypto map configuration mode)
3. reverse-route [static | tag tag-id [static] | remote-peer [static] | remote-peer ip-address [static]]
(creates source proxy information for a crypto map entry)
QUESTION NO: 270
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPN
statements are true? (Choose three)
A. IKE keepalives are unidirectional and sent every ten seconds
B. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)
protocol for exchanging keys.
C. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three
packets.
D. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers.
Answer: A,C,D
QUESTION NO: 271
A new router was configured with the following commands:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 215
Actu
alTe
sts.
com
The configuration above was found on an Internet Service Provider's (ISP) Multiprotocol Label
Switching (MPLS) network. What is its purpose?
A. To prevent customers from running TDP with the ISP routers
B. To prevent customers from running LDP with the ISP routers
C. To prevent other ISPs from running LDP with the ISP routers
D. To prevent man-in-the-middle attacks
E. To use CBAC to shut down Distributed Denial of Service attacks
F. To use IPS to protect against session-replay attacks
G. None of the above
Answer: A
Explanation:
The 711 port is used for Tag Distribution Protocol (TDP) and the administrator usually wants to
block this type of traffic between the ISP and customer routers due to security reason. By doing
this, the TDP neighbor session between the customer and ISP routers will not be formed.
QUESTION NO: 272
Study the exhibit carefully.
Routers A and B are customer routers. Routers 1, 2, 3 and 4 are provider routers. The routers are
operating with various IOS versions. Which frame mode MPLS configuration statement is true?
A. Before MPLS is enabled, the ip cef command is only requited on routers 1 and 4.
B. After MPLS is enabled, the ip cef command is only required on routers 1 and 4.
C. Before MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of
routers 1 and 4.
D. After MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of
routers 1 and 4.
E. Before MPLS is enabled, the ip cef command must be applied to all provider routers.
Answer: E
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 216
Actu
alTe
sts.
com
CEF is the fundamental requirement of the MPLS architecture and must be enabled globally on all
routers that want to use MPLS.
QUESTION NO: 273 DRAG DROP
Drag each type of attack on the left to the description on the left.
Answer:
Explanation:
1) Trojan horse: Programs that appear desirable but actually contain something harmful.
2) Virus: Malicious software attached to other programs and which execute a particular unwanted
function on a user workstation.
3) Port redirection: Compromised system that is used as a jump-off point for attacks against other
targets.
4) Worm: Executes arbitrary code and installs copies of itself in the memory of the Infected
computer
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 217
Actu
alTe
sts.
com
QUESTION NO: 274 DRAG DROP
Drag and drop question. The upper gives the MPLS functions, the bottom describes the planes.
Drag the above items to the proper location at the below
Answer:
Explanation:
Control Plane:
Exchange routing updates between neighboring devices
Exchanges labels between peer devices
Compiles a list of all labels advertised and received
Data Plane:
Performs label swapping
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 218
Actu
alTe
sts.
com
Performs packet forwarding
Builds a mapping of destination networks to active labels
QUESTION NO: 275 DRAG DROP
Drag the protocols that are used to distribute MPLS labels from the above to the target area on the
below.(Not all options will be used)
Answer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 219
Actu
alTe
sts.
com
1) LDP
2) RSVP
3) BGPv4
QUESTION NO: 276 DRAG DROP
Drag each element of the Cisco IOS Firewall Feature Set from the above and drop onto its
description on the below.
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 220
Actu
alTe
sts.
com
Explanation:
QUESTION NO: 277 DRAG DROP
Match the xDSL type on the above to the most appropriate implementation on the below.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 221
Actu
alTe
sts.
com
Answer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 222
Actu
alTe
sts.
com
QUESTION NO: 278 DRAG DROP
Drag and drop the xDSL type on the above to the appropriate xDSL description on the below.
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 223
Actu
alTe
sts.
com
Explanation:
QUESTION NO: 279 DRAG DROP
Identify the recommended steps for worm attack mitigation by dragging and dropping them into the
target area in the correct order.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 224
Actu
alTe
sts.
com
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 225
Actu
alTe
sts.
com
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 226
Actu
alTe
sts.
com
1) Containment - stop the spread of the worm inside your network and within your network
2) Inoculation - upgrade all systems to the lastest operating system code version
3) Quarantine - track down each infected machine inside your network
4) Treatment - clean and patch each infected system
QUESTION NO: 280 DRAG DROP
Drag the IOS commands from the left that would be used to implement a GRE tunnel using the
10.1.1.0.30 network on interface serial 0/0 to the correct target area on the right.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 227
Actu
alTe
sts.
com
Answer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 228
Actu
alTe
sts.
com
Global-level commands:
1) interface tunnel 0
Interface-level commands:
1) ip address 10.1.1.1 255.255.255.252
2) tunnel source serial 0/0
3) tunnel destination 10.1.1.2
4) tunnel mode gre ip
QUESTION NO: 281 DRAG DROP
Drag the DSL local loop topic on the left to the correct descriptions on the right.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 229
Actu
alTe
sts.
comAnswer:
QUESTION NO: 282 DRAG DROP
Drag the DSL technologies on the left to their maximum(down/up) data rate values on the below.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 230
Actu
alTe
sts.
com
Answer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 231
Actu
alTe
sts.
com
QUESTION NO: 283 DRAG DROP
Drag and drop each function on the above to the hybrid fiber-coaxial architecture component that it
describes on the below.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 232
Actu
alTe
sts.
com
Answer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 233
Actu
alTe
sts.
com
QUESTION NO: 284 DRAG DROP
Drag and drop each management protocol on the above to the correct category on the below.
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 234
Actu
alTe
sts.
com
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 235
Actu
alTe
sts.
com
Secure:
1) SSH
2) SSL
3) IPSec
4) SNMPv3
Unsecure:
1) NTP
2) Telnet
3) Syslog
4) SNMPv2
QUESTION NO: 285 DRAG DROP
Drag the IPsec protocol description from the above to the correct protocol type on the below.(Not
all descriptions will be used)
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 236
Actu
alTe
sts.
com
Drag and Drop question, drag each item to its proper location.
Answer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 237
Actu
alTe
sts.
com
1) AH: Provides a framework for authenticating and securing data.
2) ESP: Provides a framework for encrypting, authenticating and securing data.
3) IKE: Provides a framework for the negotiation on security parameters and establishes
authenticated keys.
QUESTION NO: 286 DRAG DROP
Drag and drop the steps in the process for provisioning a cable modem to connect to a headend
on the above to the below in the order defined by the DOCSIS standard.
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 238
Actu
alTe
sts.
com
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 239
Actu
alTe
sts.
com
1) Scan and lock the downstream frequency: At power-on, the cable modem scans and locks the
downstream path for the allocated RF data channel in order for physical and data link layers to be
established.
2) Obtain upstream parameters: The cable modem listens to the management messages arriving
via the downstream path. These include information regarding how and when to communicate in
the upstream path. These are used to establish the upstream physical and data link layers.
3) Establish Layer 1 and 2 communications: Connection established from Cable modem (CM) to
Cable modem termination system (CMTS) to build physical and data link layers.
4) Acquire IP configuration parameters via DHCP: After Layer 1 and 2 are established, Layer
3 can be allocated as well. This is done by the DHCP server.
5) Register and ensure QoS settings with the CMTS: The CM negotiates traffic types and QoS
settings with the CMTS.
6) IP network initialization: Once Layers 1, 2, and 3 are established and the configuration file is
pulled from the TFTP server, the CM provides routing services for hosts on the subscriber side of
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 240
Actu
alTe
sts.
com
the CM. It also performs some Network Address Translation (NAT) functions so that multiple hosts
might be represented by a single public IP address.
QUESTION NO: 287 DRAG DROP
Drag the correct statements about MPLS-based VPN on the left to the boxes on the right .(Not all
statements will be used)
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 241
Actu
alTe
sts.
com
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 242
Actu
alTe
sts.
com
1) The VPN routers are contained in the IPv4 routing tables of the PE routers
2) RT are attributes attached to VPNv4 BGP routes to indicate their VPN memberships
3) RD are attributes attached to VPNv4 BGP routes to allow overlapping VPN address spaces
QUESTION NO: 288 DRAG DROP
cisco ios command to interface dialer 0
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 243
Actu
alTe
sts.
comAnswer:
Explanation:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 244
Actu
alTe
sts.
com
The dialer interface indicates how to handle traffic from the clients. For example, default routing
information, the encapsulation protocol, the dialer pool to use. Notice that we have to use the "ip
nat outside", not "ip nat inside" because the dialer 0 interface is the logical interface connecting to
the Internet.
QUESTION NO: 289
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 245
Actu
alTe
sts.
com
NetworkTut is a small export company .This firm has an existing enterprise network that is made
up exclusively of routers that are using EIGRP as the IGP. Its network is up and operating
normally. As part of its network expansion, NetworkTut has decided to connect to the internet by a
broadband cable ISP. Your task is to enable this connection by use of the information below.
Connection Encapsulation: PPP
Connection Type: PPPoE client
Connection Authentication: None
Connection MTU: 1492 bytes
Address: Dynamically assigned by the ISP
Outbound Interface: E0/0
You will know that the connection has been successfully enabled when you can ping the simulated
Internet address of 172.16.1.1
Note: Routing to the ISP: Manually configured default route
Explanation:
Enter the outbound e0/0 interface to enable PPPoE and bind the dialer profile 1 to this interface:
R3(config)#interface e0/0
R3(config-if)#pppoe enable
R3(config-if)#pppoe-client dial-pool-number 1 (interface E0/0 is bound to the logical dialer 1
interface)
R3(config-if)#no shutdown
R3(config-if)#exit
Create and configure the dialer interface of the router R3 for PPPoE with a maximum transmission
unit (MTU) size of 1492 bytes and a negotiated IP address (dynamically assigned)
R3(config)#interface dialer 1 (define a dialer rotary group and enters interface configuration mode)
R3(config-if)#ip address negotiated
R3(config-if)#ip mtu 1492
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 246
Actu
alTe
sts.
com
R3(config-if)#encapsulation ppp
R3(config-if)#dialer pool 1
R3(config-if)#exit
The "ip address negotiated" command instructs the client to use an IP address provided by the
PPPoE server (using DHCP).
The "dialer pool 1" command associates the dialer back to the "pppoe-client dialpool-number 1" on
the Ethernet interface. Notice that the pool numbers must match on the Ethernet interface and the
dialer interface for the configuration to operate.
Manually configured a default route on router R3
R3(config)#ip route 0.0.0.0 0.0.0.0 dialer 1
R3(config)#exit
Try pinging the simulated Internet address
R3#ping 172.16.1.1
The ping should work well and you will receive replies from the simulated Internet address.
Save the configuration
R3#copy running-config startup-config
QUESTION NO: 290
You are a network support specialist for NetworkTut, an IT training firm. They have just installed a
new router (R1) into their network. The router was successfully installed and is passing traffic.
However, your manager is concerned about security and has tasked you with implementing
access security for the new router R1.
The portion of NetworkTut's security policy related to router access states:
# The default user access authentication scheme requires that the user be authenticated using the
router's local database.
# User console access should be authenticated using the default authentication scheme.
# User aux port access should be authenticated using the default authentication scheme.
# User vty access should be protected via a password that is validated using only the corporate
Tacacs server.
For this router installation:
# The corporate Tacacs server has an IP address of 10.6.6.254 and uses a shared key of
Training.
# The enable password for R1 is New1
You have successfully completed your task when you have verified that you can login into:
# R1's console using the local user's ID of Net1 with a password of Sel
# R2's console using the username of Net2 with a password of Loc and establish a SSH session
from R2 to R1 using the test Tacacs user's ID of cisco with a password ofcisco123
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 247
Actu
alTe
sts.
com
Explanation:
R1>enable
password: New1
R1#configure terminal
R1(config)#aaa new-model (enable the AAA security services)
R1(config)#tacacs-server host 10.6.6.254 key Training (notice that the key is case sensitive)
The default user access authentication scheme requires that the user be authenticated using the
router's local database
R1(config)#aaa authentication login default local (verify login authentication using the local user
database. The "aaa authentication login" specifies the authentication will take place at login.
Because we used the list "default", login authentication is automatically applied for all login
connections, such as tty, vty, console and aux).
Define the MY_VTY_LIST (or another name) group to use the corporate Tacacs server for the
authentication
R1(config)#aaa authentication login MY_VTY_LIST group tacacs+
Configure user console access using the default authentication scheme
R1(config)#line console 0
R1(config-line)#login authentication default
R1(config-line)#exit
Configure user aux port access using the default authentication scheme
R1(config)#line aux 0
R1(config-line)#login authentication default
R1(config-line)#exit
Configure vty access using TACACS server by applying MY_VTY_LIST to the vty lines
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 248
Actu
alTe
sts.
com
R1(config)#line vty 0 15
R1(config-line)#login authentication MY_VTY_LIST
R1(config-line)#end
R1#copy running-config startup-config
Logout R1 to test the console password of R1
R1#exit
Press RETURN to get started.
(Press Enter here)
Username: Net1
Password: Sel
R1> (Now you see you are in User Mode, that means you configured the console password
correctly! If you wish to continue entering privileged EXEC mode again, use the password New1).
Login to R1 using SSH from R2
R2>enable
username: Net2
password: Loc
R2#ssh 10.2.1.1 (10.2.1.1 is the IP address of R1 shown in the picture)
You will be asked for the user ID(cisco) and password (cisco123).
QUESTION NO: 291
The following commands are issued on a Cisco Router:
Router(configuration)#access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1
Router(configuration)#access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1
Router(configuration)#exit
Router#debug ip packet 199
What will the debug output on the console show?
A. All IP packets passing through the router
B. Only IP packets with the source address of 10.1.1.1
C. All IP packets from 10.1.1.1 to 172.16.1.1
D. All IP Packets between 10.1.1.1 and 172.16.1.1
Answer: D
QUESTION NO: 292
What level of logging is enabled on a Router where the following logs are seen?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 249
Actu
alTe
sts.
com
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
A. alerts
B. critical
C. errors
D. notifications
Answer: D
QUESTION NO: 293
You have the followings commands on your Cisco Router:
ip ftp username admin
ip ftp password backup
You have been asked to switch from FTP to HTTP. Which two commands will you use to replace
the existing commands?
A. ip http username admin
B. ip http client username admin
C. ip http password backup
D. ip http client password backup
E. ip http server username admin
F. ip http server password backup
Answer: B,D
QUESTION NO: 294
You have 2 NTP servers in your network - 10.1.1.1 and 10.1.1.2. You want to configurationure a
Cisco router to use 10.1.1.2 as its NTP server before falling back to 10.1.1.1. Which commands
will you use to configurationure the router?
A. ntp server 10.1.1.1
ntp server 10.1.1.2
B. ntp server 10.1.1.1
ntp server 10.1.1.2 primary
C. ntp server 10.1.1.1
ntp server 10.1.1.2 prefer
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 250
Actu
alTe
sts.
com
D. ntp server 10.1.1.1 fallback
ntp server 10.1.1.2
Answer: C
QUESTION NO: 295
The following command is issued on a Cisco Router:
Router(configuration)#logging console warnings
Which alerts will be seen on the console?
A. Warnings only
B. debugging, informational, notifications, warnings
C. warnings, errors, critical, alerts, emergencies
D. notifications, warnings, errors
E. warnings, errors, critical, alerts
Answers: C
warnings, errors, critical, alerts
Answers: C
QUESTION NO: 296
Which two of the following options are categories of Network Maintenance tasks?
A. warnings, errors, critical, alerts
Answers: C
warnings, errors, critical, alerts
Answers: C
B. Firefighting
C. Interrupt-driven
D. Policy-based
E. Structured
F. Foundational
Answers: B, D
Foundational
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 251
Actu
alTe
sts.
com
Answers: B, D
QUESTION NO: 297
You enabled CDP on two Cisco Routers which are connected to each other. The Line and
Protocol status for the interfaces on both routers show as UP but the routers do not see each
other a CDP neighbors. Which layer of the OSI model does the problem most likely exist?
A. Foundational
Answers: B, D
Foundational
Answers: B, D
B. Physical
C. Session
D. Application
E. Data-Link
F. Network
Answer: D
QUESTION NO: 298
FCAPS is a network maintenance model defined by ISO. It stands for which of the following ?
A. Fault Management
B. Action Management
C. Configurationuration Management
D. Protocol Management
E. Security Management
Answer: A,C,E
QUESTION NO: 299 DRAG DROP
FCAPS is a network maintenance model defined by ISO. FCAPS stands for:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 252
Actu
alTe
sts.
com
Answer:
Explanation:
F-> Fault Management
C-> Configurationuration Management
A -> Accounting Management
QUESTION NO: 300 DRAG DROP
There are many Network Maintenance models. Match the model names on the left to the options
on the right:
Answer:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 253
Actu
alTe
sts.
com
Explanation:
FCAPS -> Fault, Configurationuration, Accounting, Performance and Security (ISO)
ITIL -> A collection of best practice recommendations
Cisco Lifecycle -> Often referred to as the PPDIOO model
TMN -> Telecommunications Management Network
QUESTION NO: 301 DRAG DROP
Match the items on the left to their purpose on the right
Answer:
Explanation:
EEM -> CLI based Management and Monitoring
SDM -> Provides a GUI for Administration
FTP -> Used for Backup and Restore
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 254
Actu
alTe
sts.
com
QUESTION NO: 302
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Figure 2
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 255
Actu
alTe
sts.
com
Trouble Ticket Statement:
Client 1 is able to ping 10.1.1.2 but not 10.1.1.1. Initial troubleshooting shows that R1 does not
have any OSPF neighbors or any OSPF routes
Configuration on R1:
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
default-information originate always
!
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
Configuration on R2:
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
!
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
On which device is the fault condition located?
A. R1
B. R2
C. DSW1
D. Client1
Answer: A
QUESTION NO: 303
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 256
Actu
alTe
sts.
com
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Figure 2
Trouble Ticket Statement:
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 257
Actu
alTe
sts.
com
Client 1 is able to ping 10.1.1.2 but not 10.1.1.1. Initial troubleshooting shows that R1 does not
have any OSPF neighbors or any OSPF routes
Configuration on R1:
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
default-information originate always
!
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
Configuration on R2:
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
!
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
Fault Condition is related to which technology?
A. NAT
B. OSPF
C. Static Routing
D. Switch to Switch Connectivity
Answer: B
QUESTION NO: 304
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 258
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement:
Client 1 is able to ping 10.1.1.2 but not 10.1.1.1. Initial troubleshooting shows that R1 does not
have any OSPF neighbors or any OSPF routes
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 259
Actu
alTe
sts.
com
Configuration on R1:
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
default-information originate always
!
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
Configuration on R2:
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
!
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
What is the solution of the fault condition?
A. ip ospf authentication message-digest command has to be added on S0/0/0/0.12
B. ip ospf authentication message-digest command has to be added under the OSPF routing
process
C. A static route to 10.1.1.4 must be added on R1
D. ip nat outside must be added on S0/0/0/0.12
Answer: A
QUESTION NO: 305
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 260
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
HSRP has been configurationured between DSW1 and DSW2. DSW1 is configurationured to be
active router but it never becomes active even though the HSRP communication between DSW1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 261
Actu
alTe
sts.
com
and DSW2 is working.
Configuration on DSW1
track 1 ip route 10.1.21.128 255.255.0.0 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.2.21.128 255.255.255.0 metric threshold
threshold metric up 63 down 64
!
interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60
Configuration on R4
interface loopback0
ip address 10.2.21.128 255.255.255.0
On which device is the fault condition located?
A. R4
B. DSW2
C. DSW1
D. R3
Answer: C
QUESTION NO: 306
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 262
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
HSRP has been configurationured between DSW1 and DSW2. DSW1 is configurationured to be
active router but it never becomes active even though the HSRP communication between DSW1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 263
Actu
alTe
sts.
com
and DSW2 is working.
Configuration on DSW1
track 1 ip route 10.1.21.128 255.255.0.0 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.2.21.128 255.255.255.0 metric threshold
threshold metric up 63 down 64
!
interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60
Configuration on R4
interface loopback0
ip address 10.2.21.128 255.255.255.0
Fault Condition is related to which technology?
A. GLBP
B. HSRP
C. OSPF
D. Switch to Switch Connectivity
Answer: B
QUESTION NO: 307
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 264
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
HSRP has been configurationured between DSW1 and DSW2. DSW1 is configurationured to be
active router but it never becomes active even though the HSRP communication between DSW1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 265
Actu
alTe
sts.
com
and DSW2 is working.
Configuration on DSW1
track 1 ip route 10.1.21.128 255.255.0.0 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.2.21.128 255.255.255.0 metric threshold
threshold metric up 63 down 64
!
interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60
Configuration on R4
interface loopback0
ip address 10.2.21.128 255.255.255.0
What is the solution of fault condition?
A. Change standby priority to 140
B. Change standby priority to 260
C. Change standby 10 track 1 decrement 60 to standby 10 track 10 decrement 60
D. Change standby 10 track 1 decrement 60 to standby 10 track 1 decrement 100
Answer: C
QUESTION NO: 308
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 266
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 is able to ping 209.65.200.226 but not the Web Server at 209.65.200.241. Initial
troubleshooting shows and R1 does not have any BGP routes. R1 also does not show any active
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 267
Actu
alTe
sts.
com
BGP neighbor
Configuration on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary
On which device is the fault condition located?
A. R1
B. DSW1
C. R4
D. R2
Answer: A
QUESTION NO: 309
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 268
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 is able to ping 209.65.200.226 but not the Web Server at 209.65.200.241. Initial
troubleshooting shows and R1 does not have any BGP routes. R1 also does not show any active
BGP neighbor
Configuration on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary
The Fault Condition is related to which technology?
A. EIGRP
B. HSRP
C. BGP
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 269
Actu
alTe
sts.
com
D. OSPF
Answer: C
Explanation:
:
QUESTION NO: 310
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 270
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is able to ping 209.65.200.226 but not the Web Server at 209.65.200.241. Initial
troubleshooting shows and R1 does not have any BGP routes. R1 also does not show any active
BGP neighbor
Configuration on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary
What is the solution of the fault condition?
A. Enable BGP synchronization
B. Change neighbor 209.56.200.226 remote-as 65002 statement to neighbor 209.56.200.226
remote-as 65001
C. Change neighbor 209.56.200.226 remote-as 65002 statement to neighbor 209.65.200.226
remote-as 65002
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 271
Actu
alTe
sts.
com
D. Change neighbor 209.56.200.226 remote-as 65002 statement to neighbor 209.65.200.226
remote-as 65001
Answer: C
QUESTION NO: 311
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 272
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are not able to reach the WebServer at 209.65.200.241. Initial
troubleshooting shows that DSW1, DSW2 and all the routers are able to reach the WebServer
Configuration on R1
ip nat inside source list nat_pool interface Serial0/0/0/1 overload
!
ip access-list standard nat_pool
permit 10.1.0.0
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
!
interface Serial0/0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospd authentication message-digest
On Which device is the fault condition located?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 273
Actu
alTe
sts.
com
A. R1
B. DSW1
C. R4
D. R2
Answer: A
QUESTION NO: 312
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 274
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are not able to reach the WebServer at 209.65.200.241. Initial
troubleshooting shows that DSW1, DSW2 and all the routers are able to reach the WebServer
Configuration on R1
ip nat inside source list nat_pool interface Serial0/0/0/1 overload
!
ip access-list standard nat_pool
permit 10.1.0.0
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
!
interface Serial0/0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospd authentication message-digest
The Fault Condition is related to which technology?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 275
Actu
alTe
sts.
com
A. EIGRP
B. HSRP
C. BGP
D. NAT
Answer: D
QUESTION NO: 313
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 276
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are not able to reach the WebServer at 209.65.200.241. Initial
troubleshooting shows that DSW1, DSW2 and all the routers are able to reach the WebServer
Configuration on R1
ip nat inside source list nat_pool interface Serial0/0/0/1 overload
!
ip access-list standard nat_pool
permit 10.1.0.0
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
!
interface Serial0/0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospd authentication message-digest
What is the solution of the fault condition?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 277
Actu
alTe
sts.
com
A. Add permit 10.2.0.0 statement in nat_pool access-list
B. Remove permit 10.1.0.0 statement from nat_pool access-list
C. Change ip nat inside source list nat_pool interface Serial0/0/0/1 overload to ip nat inside source
list nat_pool interface Serial0/0/0/0.12 overload
D. Change ip nat outside statement under Serial0/0/0/1 configuration to ip nat inside
Answer: A
QUESTION NO: 314
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 278
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that
R1 is also not able to reach the WebServer. R1 also does not have any active BGP neighbor.
Config on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
access-list 30 permit host 209.65.200.241
access-list 30 deny 10.1.0.0 0.0.255.255
access-list 30 deny 10.2.0.0 0.0.255.255
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group 30 in
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 279
Actu
alTe
sts.
com
On which device is the fault condition located?
A. R1
B. DSW1
C. R4
D. R2
Answer: A
QUESTION NO: 315
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 280
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that
R1 is also not able to reach the WebServer. R1 also does not have any active BGP neighbor.
Config on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
access-list 30 permit host 209.65.200.241
access-list 30 deny 10.1.0.0 0.0.255.255
access-list 30 deny 10.2.0.0 0.0.255.255
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group 30 in
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 281
Actu
alTe
sts.
com
The Fault Condition is related to which technology?
A. IP Access
B. IP NAT
C. BGP
D. IP Access List
Answer: D
QUESTION NO: 316
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 282
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that
R1 is also not able to reach the WebServer. R1 also does not have any active BGP neighbor.
Config on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
access-list 30 permit host 209.65.200.241
access-list 30 deny 10.1.0.0 0.0.255.255
access-list 30 deny 10.2.0.0 0.0.255.255
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group 30 in
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 283
Actu
alTe
sts.
com
What is the solution of the fault condition?
A. Add permit statement for 209.65.200.224/30 network in access list 30
B. Remove Deny Statements from access-list 30
C. Change neighbor 209.65.200.226 remote-as 65002 statement to neighbor 209.65.200.226
remote-as 65001
D. Use extended access-list instead of standard access-list
Answer: A
QUESTION NO: 317
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 284
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP
Server
Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
Interface VLAN10
ip address 10.2.1.1 255.255.255.0
!
On which device is the fault condition located?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 285
Actu
alTe
sts.
com
A. R4
B. DSW1
C. Client 1
D. FTP Server
Answer: B
QUESTION NO: 318
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 286
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP
Server
Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
Interface VLAN10
ip address 10.2.1.1 255.255.255.0
!
The Fault Condition is related to which technology?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 287
Actu
alTe
sts.
com
A. VLAN Access Map
B. InterVLAN communication
C. DHCP
D. IP Access List
Answer: A
QUESTION NO: 319
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 288
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP
Server
Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
Interface VLAN10
ip address 10.2.1.1 255.255.255.0
!
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 289
Actu
alTe
sts.
com
What is the solution of the fault condition?
A. Configurationure Static IP Address on Client 1
B. Change the IP Address of VLAN 10 on DSW1
C. Add Permit any statement to access-list 10
D. Remove VLAN filter test1 from DSW1
Answer: D
QUESTION NO: 320
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 290
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital
troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
On which device is the fault condition located?
A. DSW1
B. ASW1
C. Client 1
D. FTP Server
Answer: B
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 291
Actu
alTe
sts.
com
QUESTION NO: 321
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Figure 2
Trouble Ticket Statement
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 292
Actu
alTe
sts.
com
Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital
troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
The Fault Condition is related to which technology?
A. VLAN Access Map
B. InterVLAN communication
C. DHCP
D. Port Security
Answer: D
QUESTION NO: 322
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 293
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital
troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
What is the solution of the fault condition?
A. Configurationure Static IP Address on Client 1
B. Change the IP Address of VLAN 10 on DSW1
C. Issue shutdown command followed by no shutdown command on port fa1/0/1 on ASW1
D. Issue no switchport port-security mac-address 0000.0000.0001 command followed by
shutdown and no shutdown command on port fa1/0/1 on ASW1
E. Issue no switchport port-security mac-address 0000.0000.0001 command on port fa1/0/1 on
ASW1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 294
Actu
alTe
sts.
com
Answer: D
QUESTION NO: 323
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 295
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP
Server. They are able to ping each other.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1
On which device is the fault condition located?
A. DSW1
B. ASW1
C. Client 1
D. FTP Server
Answer: B
QUESTION NO: 324
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 296
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP
Server. They are able to ping each other.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 297
Actu
alTe
sts.
com
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1
The Fault Condition is related to which technology?
A. VLAN
B. InterVLAN communication
C. DHCP
D. Port Security
Answer: A
QUESTION NO: 325
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 298
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP
Server. They are able to ping each other.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1
What is the solution of the fault condition?
A. Given an IP address to VLAN 1 on DSW1
B. Change the IP Address of VLAN 10 on DSW1
C. Issue switchport access vlan 10 command on interfaces fa1/0/1 and fa1/0/2 on ASW1
D. Give static IP addresses to Client 1 and Client 2
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 299
Actu
alTe
sts.
com
Answer: C
QUESTION NO: 326
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 300
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP
Server. They are able to ping each other.
Configuration on ASW1
Interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9
!
Interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9
!
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10
!
On Which device is the fault condition located?
A. ASW1
B. DSW1
C. Client 1
D. FTP Server
Answer: A
QUESTION NO: 327
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 301
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP
Server. They are able to ping each other.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 302
Actu
alTe
sts.
com
Configuration on ASW1
Interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9
!
Interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9
!
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10
!
The Fault Condition is related to which technology?
A. VLAN
B. InterVLAN communication
C. DHCP
D. Switch to Switch Connectivity
Answer: D
QUESTION NO: 328
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 303
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP
Server. They are able to ping each other.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 304
Actu
alTe
sts.
com
Configuration on ASW1
Interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9
!
Interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9
!
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10
!
What is the solution of the fault condition?
A. Change the VLAN assignment on fa1/0/1 and fa1/0/2 on ASW1 to VLAN 1
B. Change the IP Address of VLAN 10 on DSW1
C. Issue switchport trunk allowed vlan 10,200 on interface portchannel13 and portchannel23 on
ASW1
D. Issue switchport trunk allowed vlan none on interface portchannel13 and portchanngel23 on
ASW1
Answer: C
QUESTION NO: 329
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 305
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the
Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 306
Actu
alTe
sts.
com
Configuration on DSW1
router eigrp 10
network 10.1.4.4 0.0.0.0
network 10.2.1.1 0.0.0.0
network 10.2.4.13 0.0.0.0
no auto-summary
Configuration on DSW2
router eigrp 10
network 10.1.4.8 0.0.0.0
network 10.2.2.1 0.0.0.0
network 10.2.4.14 0.0.0.0
no auto-summary
Configuration on R4
router eigrp 1
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1
On which device is the fault condition located?
A. DSW1
B. DSW2
C. Client 1
D. R4
Answer: D
QUESTION NO: 330
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 307
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the
Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 308
Actu
alTe
sts.
com
Configuration on DSW1
router eigrp 10
network 10.1.4.4 0.0.0.0
network 10.2.1.1 0.0.0.0
network 10.2.4.13 0.0.0.0
no auto-summary
Configuration on DSW2
router eigrp 10
network 10.1.4.8 0.0.0.0
network 10.2.2.1 0.0.0.0
network 10.2.4.14 0.0.0.0
no auto-summary
Configuration on R4
router eigrp 1
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1
The Fault Condition is related to which technology?
A. EIGRP
B. InterVLAN communication
C. OSPF
D. Switch to Switch Connectivity
Answer: A
QUESTION NO: 331
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 309
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the
Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 310
Actu
alTe
sts.
com
Configuration on DSW1
router eigrp 10
network 10.1.4.4 0.0.0.0
network 10.2.1.1 0.0.0.0
network 10.2.4.13 0.0.0.0
no auto-summary
Configuration on DSW2
router eigrp 10
network 10.1.4.8 0.0.0.0
network 10.2.2.1 0.0.0.0
network 10.2.4.14 0.0.0.0
no auto-summary
Configuration on R4
router eigrp 1
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1
What is the solution of the fault condition?
A. Change the EIGRP AS to 1 on DSW1
B. Change the routing protocol on DSW1 and DSW2 to OSPF
C. Change the EIGRP AS to 10 on R4
D. Advertise 10.1.1.8/30 network in EIGRP on R4
Answer: C
QUESTION NO: 332
Following ticket consists of a problem description and existing configuration on the device.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 311
Actu
alTe
sts.
com
Figure 1
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the
Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 312
Actu
alTe
sts.
com
Configuration on DSW1
router eigrp 10
network 10.1.4.4 0.0.0.0
network 10.2.1.1 0.0.0.0
network 10.2.4.13 0.0.0.0
no auto-summary
Configuration on DSW2
router eigrp 10
network 10.1.4.8 0.0.0.0
network 10.2.2.1 0.0.0.0
network 10.2.4.14 0.0.0.0
no auto-summary
Configuration on R4
router eigrp 10
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF
!
router ospf 1
network 10.1.1.8 0.0.0.0 area 34
redistribute eigrp 10 subnets
!
route-map EIGRP->OSPF
match ip address 1
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 209.0.0.0 0.255.255.255
The Fault Condition is related to which technology?
A. EIGRP
B. Route Redistribution
C. OSPF
D. IP Addressing
Answer: B
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 313
Actu
alTe
sts.
com
QUESTION NO: 333
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Figure 2
Trouble Ticket Statement
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 314
Actu
alTe
sts.
com
Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the
Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.
Configuration on DSW1
router eigrp 10
network 10.1.4.4 0.0.0.0
network 10.2.1.1 0.0.0.0
network 10.2.4.13 0.0.0.0
no auto-summary
Configuration on DSW2
router eigrp 10
network 10.1.4.8 0.0.0.0
network 10.2.2.1 0.0.0.0
network 10.2.4.14 0.0.0.0
no auto-summary
Configuration on R4
router eigrp 10
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF
!
router ospf 1
network 10.1.1.8 0.0.0.0 area 34
redistribute eigrp 10 subnets
!
route-map EIGRP->OSPF
match ip address 1
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 209.0.0.0 0.255.255.255
What is the solution of the fault condition?
A. Remove the redistribute command from OSPF process on R4
B. Change the route-map name in the redistribute command under OSPF process to EIGRP-
>OSPF on R4
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 315
Actu
alTe
sts.
com
C. Change EIGRP AS to 1 on R4
D. Advertise 10.1.1.8/30 network in EIGRP on R4
Answer: B
QUESTION NO: 334
Following ticket consists of a problem description and existing configuration on the device.
Figure 1
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 316
Actu
alTe
sts.
com
Figure 2
Trouble Ticket Statement
Client 1 is not able to reach the WebServer. Initial troubleshooting shows that DSW1 can ping the
Fa0/1 interface of R4 but not the s0/0/0/0.34 interface.
Configuration on DSW1
router eigrp 10
network 10.1.4.4 0.0.0.0
network 10.2.1.1 0.0.0.0
network 10.2.4.13 0.0.0.0
no auto-summary
Configuration on DSW2
router eigrp 10
network 10.1.4.8 0.0.0.0
network 10.2.2.1 0.0.0.0
network 10.2.4.14 0.0.0.0
no auto-summary
Configuration on R4
router eigrp 10
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 317
Actu
alTe
sts.
com
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF
!
router ospf 1
network 10.1.1.8 0.0.0.0 area 34
redistribute eigrp 10 subnets
!
route-map EIGRP->OSPF
match ip address 1
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 209.0.0.0 0.255.255.255
On Which device is the fault condition located?
A. DSW1
B. DSW2
C. Client 1
D. R4
Answer: D
QUESTION NO: 335
The network setup for this trouble ticket is shown in Figure 3.
Trouble Ticket Statement
DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0.12 IPv6 address. Initial troubleshooting
shows and R2 is not an OSPFv3 neighbor on R3.
Configuration on R2
ipv6 unicast-routing
!
ipv6 router ospf 6
router-id 2.2.2.2
!
interface s0/0/0/0.23
ipv6 address 2026::1:1/122
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 318
Actu
alTe
sts.
com
Configuration R3
ipv6 unicast-routing
!
ipv6 router ospf 6
router-id 3.3.3.3
!
interface s0/0/0/0.23
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0
Figure 3
On Which device is the fault condition located?
A. DSW1
B. DSW2
C. R2
D. R3
Answer: C
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 319
Actu
alTe
sts.
com
QUESTION NO: 336
The network setup for this trouble ticket is shown in Figure 3.
Trouble Ticket Statement
DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0.12 IPv6 address. Initial troubleshooting
shows and R2 is not an OSPFv3 neighbor on R3.
Configuration on R2
ipv6 unicast-routing
!
ipv6 router ospf 6
router-id 2.2.2.2
!
interface s0/0/0/0.23
ipv6 address 2026::1:1/122
Configuration R3
ipv6 unicast-routing
!
ipv6 router ospf 6
router-id 3.3.3.3
!
interface s0/0/0/0.23
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 320
Actu
alTe
sts.
com
Figure 3
The Fault Condition is related to which technology?
A. IPv6 Addressing
B. Route Redistribution
C. OSPFv3
D. RIPng
Answer: C
QUESTION NO: 337
The network setup for this trouble ticket is shown in Figure 3.
Trouble Ticket Statement
DSW1 and R4 cannot ping R2's loopback or R2's s0/0/0/0.12 IPv6 address. Initial troubleshooting
shows and R2 is not an OSPFv3 neighbor on R3.
Configuration on R2
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 321
Actu
alTe
sts.
com
ipv6 unicast-routing
!
ipv6 router ospf 6
router-id 2.2.2.2
!
interface s0/0/0/0.23
ipv6 address 2026::1:1/122
Configuration R3
ipv6 unicast-routing
!
ipv6 router ospf 6
router-id 3.3.3.3
!
interface s0/0/0/0.23
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0
Figure 3
What is the solution of the fault condition?
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 322
Actu
alTe
sts.
com
A. Add ipv6 ospf 6 area 0 under S0/0/0/0.23 on R2
B. Add ipv6 ospf 6 area 6 under s0/0/0/0.23 on R2
C. Remove IPv6 address from s0/0/0/0.23 on R2
D. Enable IPv6 routing on s0/0/0/0.23 on R2
Answer: A
Cisco 642-832: Practice Exam
"Pass Any Exam. Any Time." - www.actualtests.com 323