CCNA:ICND2 ?'s - sec 2

Card Set Information

Author:
shamgar_bn
ID:
264249
Filename:
CCNA:ICND2 ?'s - sec 2
Updated:
2014-05-20 21:09:01
Tags:
Cisco CCNA ICND2
Folders:

Description:
Open ended questions for section 2 of Cisco's CCNA ICND2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user shamgar_bn on FreezingBlue Flashcards. What would you like to do?


  1. Name the parts of an IP address.
    Network, subnet, and host are the three parts of an IP address. However, many people commonly treat the network and subnet parts as a single part, leaving only two parts, the subnet and host.
  2. Define subnet mask. What do the bits in the mask whose values are binary 0 tell you about the corresponding IP address(es)?
    A subnet mask defines the number of host bits in an address. The bits of value 0 define which bits in the address are host bits. The mask is an important ingredient in a formula to dissect an IP address.
  3. What type of routing protocol algorithm uses a hold-down timer? What is its purpose?
    Distance Vector. Hold-down helps prevent counting to infinity problems. After learning that a route has failed, a router waits for a hold-down timer before believing any new information about the route.
  4. Define what split horizon means to the contents of a routing update. Does this apply to both the distance vector algorithm and the link-state algorithm?
    Routing updates sent out an interface do not contain routing information about subnets learned from updates entering the same interface. Split horizon is used only by distance vector routing protocols.
  5. From a router’s user mode, without using debugs or privileged mode, how can you determine what routers are sending you routing updates?
    The "show ip protocol" command output lists the routing sources (the IP addresses of routers sending updates to this router). The "show ip route" command lists next-hop router IP addresses.
  6. When you’re using RIP, what configuration command controls the number of equal-cost routes that can be added to the routing table at the same time? What is the maximum number of equal-cost routes to the same destination that can be included in the IP routing table at once?
    The "maximum-paths xxx router" subcommand is used in RIP configuration mode to set the number. The maximum is 16, and the default is 4.
  7. True or false: Distance vector routing protocols learn routes by transmitting routing updates.
    False. Routes are learned by receiving updates from neighboring routers.
  8. Assume that a router is configured to allow only one route in the routing table to each destination network. If more than one route to a particular subnet is learned, and if each route has the same metric value, which route is placed in the routing table if the routing protocol uses distance vector logic?
    In this scenario, the first route learned is placed in the table. If that route is removed later, the next routing update received after the original route has been removed is added to the routing table.
  9. Describe the purpose and meaning of route poisoning.
    Route Poisoning is the distance vector routing protocol feature in which a newly ad route is advertised with an infinite metric. Routers receiving this routing information then can mark the route as a bad route immediately. The purpose is to prevent routing loops.
  10. Describe the meaning and purpose of triggered updates.
    A triggered update is the routing protocol feature in which an update is sent immediately when new routing information is learned rather than waiting on a timer to complete before sending another routing update.
  11. What term describes the underlying logic behind the OSPF routing protocol?
    Link State
  12. Configure a numbered IP access list that stops packets from subnet 134.141.7.0 255.255.255.0 from exiting serial 0 on a router. Allow all other packets.
    • access-list 4 deny 134.141.7.0 0.0.0.255
    • access-list 4 permit any
    • interface serial 0
    • ip access-group 4 out
  13. Configure an IP access list that allows only packets from subnet 193.7.6.0 255.255.255.0, going to hosts in network 128.1.0.0 and using a web server in 128.1.0.0, to enter serial 0 on a router.
    • access-list 105 permit top 193.7.6.0 0.0.0.255 128.1.0.0 0.0.255.255 eq www
    • interface serial 0
    • ip access-group 105 in
  14. How would a user who does not have the enable password find out what access lists have been configured and where they are enabled?
    The "show access-list" command lists all access lists. The "show ip interfaces" command identifies interfaces on which the access lists are enabled.
  15. Configure and enable an IP access list that allows packets from subnet 10.3.4.0/24, to any web server, to exit serial interface S0. Also allow packets from 134.141.5.4 going to all TCP-based servers using a well-known port to enter serial 0. Deny all other traffic.
    • access-list 101 permit tcp 10.3.4.0 0.0.0.255 any eq www
    • access-list 102 permit tcp host 134.141.5.4 any lt 1023
    • interface serial 0
    • ip access-group 101 out
    • ip access-group 102 in
  16. Can standard IP access lists be used to check the source IP address when enabled with the ip access-group 1 in command, and can they check the destination IP addresses when using the ip access-group 1 out command?
    No. Standard IP access lists check only the source IP address, regardless of whether the packets are checked when inbound or outbound
  17. True or false: If all IP access-list statements in a particular list define the deny action, the default action is to permit all other packets.
    False. The default action at the end of any IP access list is to deny all other packets.
  18. How many IP access lists of either type can be active on an interface at the same time?
    Only one IP access list per interface, per direction can be active. In other words, one inbound and one outbound are allowed, but no more.
  19. Name all the items that a standard IP access list can examine to make a match.
    • Source IP address
    • Subset of the entire source address (using a mask)
  20. Name all the items that an extended IP access list can examine to make a match.
    • Protocol type
    • Source port
    • Source IP address
    • Subset of the entire source address (using a mask)
    • Destination port
    • Destination IP address
    • subset of the entire destination address (using a mask)
  21. True or false: When you use extended IP access lists to restrict vty access, the matching logic is a best match of the list rather than a first match in the list.
    False. Access list logic is always a first match for any application of the list.
  22. In a standard numbered IP access list with three statements, a no version of the first statement is issued in configuration mode. Immediately following, another access list configuration command is added for the same access list. How many statements are in the list now, and in what position is the newly added statement?
    Only one statement remains in the list: the newly added statement. The "no access-list x" command deletes the entire access list, even if you enter all the parameters in an individual command when using the no version of the command.
  23. In a standard named IP access list with three statements, a no version of the first statement is issued in configuration mode. Immediately following, another access list configuration command is added for the same access list. How many statements are in the list now, and in what position is the newly added statement?
    Three statements remain in the list, with the newly added statement at the end of the list. The no deny | permit… command deletes only that single named access list subcommand in named lists. However, when the command is added again, it cannot be placed anywhere except at the end of the list.
  24. Configure a named IP access list that stops packets from subnet 134.141.7.0 255.255.255.0 from exiting serial 0 on a router. Allow all other packets.
    • ip access-list standard fred
    • deny 134.141.7.0 0.0.0.255
    • permit any
    • interface serial 0
    • ip access-group fred out
  25. Configure a named IP access list that allows only packets from subnet 193.7.6.0 255.255.255.0, going to hosts in network 128.1.0.0 and using a web server in 128.1.0.0, to enter serial 0 on a router.
    • ip access-list extended barney
    • permit tcp 193.7.6.0 0.0.0.255 128.1.0.0 0.0.255.255 eq www
    • interface serial 0
    • ip access-group barney in
  26. List the types of IP access lists (numbered standard, numbered extended, named standard, named extended) that can be enabled to prevent Telnet access into a router. What commands would be used to enable this function, assuming that access-list 2 was already configured to match the right packets?
    Any type of IP access list can be enabled to prevent vty access. The command "line vty 0 4", followed by "ip access-class 2 in", enable the feature using access list 2. Because ACLs used for preventing Telnet access into a router check only the source IP address, there is no need for an extended ACL in this case, anyway.
  27. What command lists the IP extended access lists enabled on serial 1 without showing other interfaces?
    The "show ip interface serial 1" command lists the names and numbers of the IP access lists enabled on serial 1.

What would you like to do?

Home > Flashcards > Print Preview