Saturday, 11 April 2015

Cisco CCNP 642-813 Exam Questions 27

QUESTION
Which three statements about the Multiple Spanning Tree (MST) protocol (IEEE 802.1s) are true? (Choose three.)
A. An MST region is a group of MST switches that appear as a single virtual bridge to adjacent CST and MST regions.
B. All switches in an MST region, except distribution layer switches, should have their priority lowered from the default value 32768.
C. All switches in the same MST region must have the same VLAN-to-instance mapping, but different configuration revision numbers.
D. Enabling MST with the spanning-tree mode mst global configuration command also enables RSTP.
E. To verify the MST configuration, the show pending command can be used in MST configuration mode.
F. When RSTP and MSTP are configured, UplinkFast and BackboneFast must also be enabled.
Correct Answers: A, D, E
QUESTION 157
A client is searching for an access point (AP). What is the correct process order that the client and access point go through to create a connection?
A. probe request/response, authentication request/response, association request/response
B. association request/response, authentication request/response, probe request/response
C. probe request/response, association request/response, authentication request/response
D. association request/response, probe request/response, authentication request/response
Correct Answers: A
QUESTION 158
Which three features are part of the Cisco Compatible Extensions program? (Choose three.)
A. security
B. routing and switching
C. VLAN and QoS
D. analog and digital voice
E. accounting
F. mobility
Correct Answers: A, C, F
QUESTION 159
Refer to the exhibit. Switch S2 contains the default configuration. Switches S1 and S3 both have had the command spanning-tree mode rapid-pvst issued on them. What will be the result?
A. Switches S1 and S3 will be able to exchange traffic but neither will be able to exchange traffic with Switch S2
B. Switches S1, S2, and S3 will be able to pass traffic between themselves. However, if there is a topology change, Switch S2 will not receive notification of the change.
C. Switches S1, S2, and S3 will be able to pass traffic between themselves.
D. IEEE 802.1D and IEEE 802.1w are incompatible. All three switches must use the same standard or no traffic will pass between any of the switches.
Correct Answers: C
QUESTION 160
Which statement is true about IP telephony calls?
A. A Voice over IP (VoIP) packet consists of the voice payload, IP header, TCP header, RTP header, and Layer 2 link header.
B. The voice carrier stream uses H.323 to set up, maintain, and tear down call endpoints.
C. Call control signaling uses Real-Time Transport Protocol (RTP) packets that contain actual voice samples.
D. The sum of bandwidth necessary for each major application, including voice, video, and data, should not exceed 75 percent of the total available bandwidth for each link.
Correct Answers: D

Practice TSHOOT Tickets with Packet Tracer

Special thanks to Buddy who sent us these files. Please say thanks to him. Now you can practice most TSHOOT Tickets with Packet Tracer v6.1. Please download all the tickets in one file here: http://www.networktut.com/download/Cisco_PT_6_1_TSHOOT_Package.zip. All the guides were included in that file.
Note: Please use at least the final Packet Tracer v6.1 (STUDENT Release) or above to open them. Below is a screenshot of the pkt files:
 TSHOOT_Tickets_PT61.jpg

Switch Sim

Refer to the topology
Switch_Topology.jpg
A customer network engineer has made configuration changes that have resulted in some loss of connectivity. You have been called in to evaluate a switch network and suggest resolutions to the problems.
Question 1
PC2 in VLAN 200 is unable to ping the gateway address 172.16.200.1; identify the issue.
A. VTP domain name mismatch on SW4
B. VLAN 200 not configured on SW1
C. VLAN 200 not configured on SW2
D. VLAN 200 not configured on SW4

Answer: D
Explanation
Check the interface E0/0 of SW4 via the “show running-config” command:
Sw4_show_run_missing_vlan.jpg
E0/0 is in access mode but no VLAN is associated with this interface so it belongs to VLAN 1 by default. Note: You can double check with the “show vlan” command to see no vlan 200 was created on SW4.
Question 2
Which of statement is true regarding STP issue identified with switches in the given topology?
A. Loopguard configured on the New_Switch places the ports in loop inconsistent state
B. Rootguard configured on SW1 places the ports in root inconsistent state
C. Bpduguard configured on the New_Switch places the access ports in error-disable
D. Rootguard configured on SW2 places the ports in root inconsistent state

Answer: A (?)
Explanation
We don’t have enough information to answer this question.. But under interface Ethernet2/1 of the New_Switch we see Loopguard is configured so answer A is correct. But it may not a STP issue if Ethernet2/1 is blocked because Loopguard should be placed on blocked/alternative ports to prevent unidirectional links.
New_Switch_show_run_spanning-tree_guard_loop.jpg
Question 3
You have configured PVST+ load balancing between SW1 and the New_Switch in such a way that both the links E2/2 and E2/3 are utilized for traffic flow, which component of the configuration is preventing PVST+ load balancing between SW1 and SW2 links?
A. Port priority configuration on SW1
B. Port priority configuration on the New_Switch
C. Path cost configuration on SW1
D. Path cost configuration on the New_Switch

Answer: D
Explanation
Check interfaces E1/2 & E1/3 of New_Switch which are directly connected to SW1 with the “show running-config” command:
New_switch_show_run_spanning-tree_cost.jpg
We can see the STP cost of E1/3 was configured to 250 so traffic will not go through this interface but E1/2 is still using the default value (STP cost of 100 for Ethernet port). If we use the default settings then traffic will go directly from SW1 to the New_Switch via E1/2. To force traffic to go through the links E2/2 and E2/3 of SW1 we can increase the cost of E1/2 (should be greater than 200 because by default the STP cost from SW1 -> SW2 -> New_Switch is 200).
Question 4
SW1 Switch Management IP address is not pingable from SW4. What could be the issue?
A. Management VLAN not allowed in the trunk links between SW1 and SW4
B. Management VLAN not allowed in the trunk links between SW1 and SW2
C. Management VLAN not allowed in the trunk link between SW2 and SW4
D. Management VLAN ip address on SW4 is configured in wrong subnet
E. Management VLAN interface is shutdown on SW4

Answer: D
Explanation
From the output of the “show vlan” (or “show running-config”) command on SW1, we learn VLAN 300 is named “Management_VLAN” so we need to check the connection of VLAN 300 between SW1 and SW4.
Issue the “show running-config” on SW1 & SW4 to check the IP addresses of their Interface VLAN:
Sw1_show_run_interface_vlan300.jpg
Sw4_show_run_interface_vlan300.jpg
We can see that the IP addresses of these two interfaces are not in the same subnets (192.168.10.1/24 & 192.168.100.4/24). We can double check the IP address of interface VLAN 30 on Sw2 to see it belongs to 192.168.10.0/24 subnet.

EIGRP Sim

Refer to the topology.
EIGRP_Topology.jpg
You have been brought in to troubleshoot an EIGRP network. A network engineer has made configuration changes to the network rendering some locations unreachable. You are to locate the problem and suggest solution to resolve the issue.
Question 1
R5 has become partially isolated from the remainder of the network. R5 can reach devices on directly connected networks but nothing else. What is causing the problem?
A. An outbound distribute list in R3
B. Inbound distribute lists in R5
C. An outbound distribute list in R6
D. Incorrect EIGRP routing process ID in R5

Answer: B
Explanation
R5_show_run_router_eigrp.jpg
R5 is using distribute-lists (with access-list 3) to filter traffic coming from E0/0 & E0/1. Therefore we continue checking access-list 3:
R5_show_run_access-list.jpg
There is no “permit” line in access-list 3 so all traffic is dropped because each access-list always has an implicit “deny all” statement at the end -> R5 cannot learn any routes advertised via EIGRP -> only directly connected will be in the routing table of R5.
Question 2
You have resolved the initial issue between routers R2 and R4, but another issue remains. You are to locate the problem and suggest solution to resolve the issue. The customer has disabled access to the show running-config command.
The network segment between R2 and R4 has become disconnected from the remainder of the network. How should this issue be resolved?
A. Change the autonomous system number in the remainder of the network to be consistent with R2 and R4.
B. Move the 192.168.24.0 network to the EIGRP 1 routing process in R2 and R4.
C. Enable the R2 and R4 router interfaces connected to the 192.168.24.0 network.
D. Remove the distribute-list command from the EIGRP 200 routing process in R2.
E. Remove the distribute-list command from the EIGRP 100 routing process in R2.

Answer: B
Explanation
Check on R2 & R4 with the “show ip eigrp neighbors” command (or maybe the “show ip eigrp interfaces” command also works for this sim):
R2_show_ip_eigrp_neighbors.jpg
R4_show_ip_eigrp_neighbors.jpg
We see the segments R1 – R2; R4 – R6 are running EIGRP AS 1 while the segment R2 – R4 is running EIGRP AS 100 -> These segments cannot see each other. Therefore we have move the segment R2 – R4 to EIGRP AS 1.

HSRP Sim

You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn’t appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems.
HSRP_Topology.jpg
Question 1
You have received notification from network monitoring system that link between R1 and R5 is down and you noticed that the active router for HSRP group 1 has not failed over to the standby router for group 1. You are required to troubleshoot and identify the issue.
A. There is an HSRP group track command misconfiguration
B. There is an HSRP group priority misconfiguration
C. There is an HSRP authentication misconfiguration
D. There is an HSRP group number mismatch
E. This is not an HSRP issue; this is routing issue.

Answer: A
Explanation
Check the configuration of R1 with the “show running-config” command:
R1_show_run_track.jpg
R1 connects to R5 via E0/1 interface but R1 is tracking E0/0 which connects to R2 -> when the link between R1 & R5 fails the HSRP priority of R1 is still the same. To correct this problem we have to change the tracking interface to E0/1.
Question 2
The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason causing the issue.
Note: only show commands can be used to troubleshoot the ticket.
R1#
‘Mar 26 11:17:39.234: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
‘Mar 26 11:17:40.034: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 172.16.10.254
R1#
‘Mar 26 11:17:40.364: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
R1#
‘Mar 26 11:17:41.969: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
‘Mar 26 11:17:42.719: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
‘Mar 26 11:17:42.918: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
R1#
‘Mar 26 11:17:44.869: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
‘Mar 26 11:17:45.485: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
‘Mar 26 11:17:45.718: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
R1#
‘Mar 26 11:17:47.439: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
‘Mar 26 11:17:48.252: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
‘Mar 26 11:17:48.322: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
R1#
‘Mar 26 11:17:50.389: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
‘Mar 26 11:17:50.735: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
‘Mar 26 11:17:50.921: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
R1#
‘Mar 26 11:17:53.089: HSRP: Et1/0 Grp2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
‘Mar 26 11:17:53.338: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
‘Mar 26 11:17:53.633: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
A. HSRP group priority misconfiguration
B. There is an HSRP authentication misconfiguration
C. There is an HSRP group number mismatch
D. This is not an HSRP issue: this is DHCP issue.
E. The ACL applied to interface is blocking HSRP hello packet exchange

Answer: E
Explanation
Check the link between R1 & R2 where HSRP group 2 is running (interface E1/0)
R1_show_run_access_list.jpg
As we see R1 is using access-list 102 to filter traffic coming to interface E1/0 (inbound direction). Continue checking the access-list 102 of R1:
R1_show_run_access_list2.jpg
R1 is blocking any traffic send to 224.0.0.102. Notice that in the syntax of an access-list, the source address is always defined before the destination address. “224.0.0.102” is the muticast address which HSRP version 2 uses to send Hello packets to (instead of 224.0.0.2 of HSRP version 1). Therefore all HSRP sent from neighbor (R2 in this case) to R1 is dropped. R1 keeps sending HSRP Hello packets and think it is the active HSRP router.
Question 3
Examine the configuration on R4. The routing table shows no entries for 172.16.10.0/24 and 172.16.20.0/24. Identify which of the following is the issue preventing route entries being installed on R4 routing table?
A. HSRP issue between R4 and R2
B. This is an OSPF issue between R4 and R2
C. This is a DHCP issue between R4 and R2
D. The distribute-list configured on R4 is blocking route entries
E. The ACL configured on R4 is blocking inbound traffic on the interface connected to R2

Answer: D
Explanation
Checking what is preventing the two networks 172.16.10.0/24 & 172.16.20.0/24 from learning on R4.
R4_show_run_distribute_list.jpg
There is a distribute-list applied on R4. Notice that a distribute-list is often used to control which routing updates should be sent or received on a router. So we should check what this distribute-list is used for. This distribute-list is based on access-list 1 so we will continue checking this access-list:
R4_show_run_access_list.jpg
This access-list explicitly blocks the two networks 172.16.10.0/24 & 172.16.20.0/24 from populating into R4 routing table.
Question 4
Examine the configuration on R5. Router R5 do not see any route entries learned from R4; what could be the issue?
A. HSRP issue between R5 and R4
B. There is an OSPF issue between R5 and R4
C. There is a DHCP issue between R5 and R4
D. The distribute-list configured on R5 is blocking route entries
E. The ACL configured on R5 is blocking traffic for the subnets advertised from R4.

Answer: B or D
Explanation
We don’t have enough information to solve this question. But check the OSPF neighbor between R4 and R5 via the command “show ip ospf neighbors” we will not see any entries so we can conclude there is a OSPF issue between R5 & R4 or a distribute-list configured on R5 is blocking the multicast address of OSPF (224.0.0.5 & 224.0.0.6) so you should check the configs of R4 & R5 carefully.

OSPF Sim

A customer network engineer has edited their OSPF network configuration and now your customer is experiencing network issues. They have contacted you to resolve the issues and return the network to full functionality.
OSPF.jpg
Question 1
The OSPF neighbor relationship has been lost between R1 and R3. What is causing this problem?
A. The serial interface in R1 should be taken out of the shutdown state.
B. A neighbor statement needs to be configured in R1 and R3 pointing at each other.
C. The R1 network type should be changed to point-to-multipoint non-broadcast.
D. The hello, dead and wait timers on R1 need to be reconfigured to match the values on R3.

Answer: C
Explanation
Check the ports connecting between R1 and R3 via the “show running-config” command:
R1#show running-config
<>
interface Serial0/0
ip address 192.168.13.1 255.255.255.0
ip ospf network non-broadcast
R3#show running-config
<>
interface Serial1/1
ip address 192.168.13.3 255.255.255.0
ip ospf network point-to-multipoint non-broadcast
Or you can check these interfaces via the “show ip ospf interface S0/0″ on R1 or “show ip ospf interface S1/1″ on R3 you will see the Network types are “NON_BROADCAST” or “POINT_TO_MULTIPOINT”, respectively. For example:
R1_show_ip_ospf_interface_serial.jpg
Question 2
Connectivity from R3 to R4, R5 and R6 has been lost. How should connectivity be reestablished?
A. Configure R4 with a virtual link to 192.168.13.2
B. Change the R3 and R4 hello-interval and retransmit-interface timers to zero so the link won’t go down.
C. Add an OSPF network statement for 4.4.4.4 0.0.0.0 area 1 in R3
D. Add an OSPF network statement for 192.168.34.3 0.0.0.255 area 2 in R3
E. Add an OSPF network statement for 192.168.34.0 0.0.0.255 area 1 in R3

Answer: E
Explanation
We can check the OSPF neighborship on R3 first via the “show ip ospf neighbor” command:
R3_show_ip_ospf_neighbor.jpg
We don’t see the OSPF neighborship between R3 and R4 (neighbor 4.4.4.4) so something was wrong with OSPF. So we continue checking with the “show running-config” command and pay attention to the OSPF config between R3 and R4.
R3_show_running-config_missing_network.jpg
We can realize the link between R3 and R4 is not running OSPF (missing the command “network 192.168.34.0 0.0.0.255 area 1″).
Question 3
After resolving the issues between R3 and R4, Area 2 is still experiencing routing issues. Based on the current router configurations, what needs to be resolved for routes to the networks behind R5 to be seen in the company intranet?
A. Configure R4 and R5 to use MD5 authentication on the Ethernet interfaces that connect to the common subnet.
B. Configure Area 1 in both R4 and R5 to use MD5 authentication.
C. Add “ip ospf authentication-key 7 BEST” to the R4 Ethernet interface that connects to R5 and “ip ospf authentication-key 7 BEST” to R5 Ethernet interface that connects to R4.
D. Add “ip ospf authentication-key CISCO” to R4 Ethernet 0/1 and add “area 2 authentication” to the R4 OSPF routing process.

Answer: D
Explanation
Check the configuration of R5 with the “show running-config” command:
R5_show_running-config_authentication.jpg
Interface E0/0 of R5 is configured with OSPF authentication so we should check the configuration on interface E0/0 of R4:
R4_show_running-config_no_authentication.jpg
There is no OSPF authentication under E0/1 of R4 so R4 cannot establish OSPF neighborship with R5.
Question 4
The 6.6.0.0 subnets are not reachable from R4. how should the problem be resolved?
A. Edit access-list 46 in R6 to permit all the 6.6.0.0 subnets.
B. Apply access-list 46 in R6 to a different interface.
C. Apply access-list 1 as a distribute-list out under router ospf 100 in R4.
D. Remove distribute-list 64 out on R6.
E. Remove distribute-list 1 in ethernet 0/1 in R4.
F. Remove distribute-list 1 in ethernet 0/0 in R4.

Answer: D
Explanation
Only the 6.6.0.0 subnets are not reachable from R4 so maybe something blocking it (OSPF neighborship is still formed between R4 and R6. You can verify with the “show ip ospf neighbor” command). Check the configuration of R6 with the “show running-config” command and pay attention to the OSPF part of R6:
R6_show_running-config-distribute-list.jpg
From the output we learn that R6 is using distribute-lists to filter routes. Especially distribute-list 64 (note: 64 is the access-list number) is applied to:
+ Inbound direction on E0/1 (distribute-list 64 in Ethernet0/1): this distribute-list is no harm because it only prevents 6.0.0.0/8 prefix from learning back from E0/1. Notice that R6 can still advertise this prefix to the outside.
+ Outbound direction of all interfaces (distribute-list 64 out): this distribute-list is causing problem because it prevents 6.0.0.0/8 prefix from advertising to the outside ->R4 does not know how to reach 6.6.0.0 subnets. To fix this problem we should remove “distribute-list 64 out” on R6.
Note: Although the next line of this distribute-list allows prefix 6.6.0.0/16 but traffic for this prefix can never reach this line because the above line “access-list 64 deny 6.0.0.0 0.255.255.255″ is always matched first and this prefix is dropped.

Friday, 3 April 2015

Windows XP clings to No. 2 spot as Windows 10 gets closer

With Microsoft on the cusp of its next OS leap forward, the 13-year-old XP still is more popular than Windows 8 and 8.1 combined.

net-apps-mar-2015.jpg
Windows XP is still alive and kicking.Net Applications
Windows XP continues its descent among desktop operating systems, though it's far from dead and buried.
Looking at the overall Web traffic for desktop operating systems across the globe, Net Applications gave XP a 16.9 percent share for the month of March, a hefty drop from the 19.1 percent recorded in February.
Though XP's grip on the market continues to loosen, it remains the No. 2 most-used operating system based on Net Application's Web stats, beating Windows 8 and 8.1 and their collective share of 14 percent. Windows 8.1 took the third spot with a 10.5 percent share, leaving Windows 8 in fifth place with just 3.5 percent.
Windows 7 holds the top spot, with a share of 58 percent.
The enduring hold of the 13-year-old Windows XP on PC users underscores the challenges Microsoft has faced as it tries to move ahead with new versions of its flagship operating system, which the company says has more than 1.5 billion users around the world. The staying power has even proven resistant to Microsoft's end of support for XP a year ago, which put an end to bug fixes and and other patches, leaving users more vulnerable to security threats.
There are ripple effects as well. Last month, chipmaker Intel slashed nearly $1 billion off its quarterly revenue outlook, in large part because small and midsize businesses have been reluctant to upgrade from Windows XP -- a popular but now 13-year-old operating system. PC makers, such as Hewlett-Packard, Lenovo and Acer, would also feel a pinch from slower refreshes from Windows XP.
The next leap forward comes this summer when Microsoft plans to release Windows 10, which among other things aims to avoid the missteps of Windows 8 and to provide a consistent software experience across devices including desktops, laptops, smartphones and even Internet of Things gear including ATMs and ultrasound machines.
With Windows 10 arriving soon, what choices are available to those who want to upgrade?
For users of Windows 7 and Windows 8.1, Microsoft is offering free upgrades to Windows 10 for the first year. That means you can download and install Windows 10 for free and directly upgrade your existing PC. But users still running Windows XP or Vista won't be able to ugprade their PCs directly to Windows 10, according to Microsoft. That leaves them the choice of upgrading to Windows 8.1 and then to Windows 10 or simply buying a new PC this summer already equipped with Windows 10.
Currently available as a technical preview, Windows 10 has been showing up as a blip on Net Applications' radar. For March, the new OS took home a share of just under 0.1 percent.