CCENT 100-101 ICND1 Exam InfoThe 100-101 Interconnecting Cisco
Networking Devices Part 1 (ICND1) is the exam associated with
theCCENT certificationand the first step in achieving theCCNA
Routing and Switching certification. Candidates can prepare for
this exam by taking the Interconnecting Cisco Networking Devices
Part 1 (ICND1) v2.0 course. This exam tests a candidate's knowledge
and skills required to successfully install, operate, and
troubleshoot a small branch office network. The exam includes
topics on the Operation of IP Data Networks; LAN Switching
Technologies; IP Addressing (IPv4 & IPv6); IP Routing
Technologies; IP Services (DHCP, NAT, ACLs); Network Device
Security; Basic Troubleshooting.
http://www.dummies.com/how-to/content/ccent-certification-allinone-for-dummies-cheat-she.html
CCENT 100-101 ICND1 Exam TopicsOperation of IP Data Networks
Recognize the purpose and functions of various network devices such
as Routers, Switches, Bridges and Hubs. Select the components
required to meet a given network specification. Identify common
applications and their impact on the network Describe the purpose
and basic operation of the protocols in the OSI and TCP/IP models.
Predict the data flow between two hosts across a network. Identify
the appropriate media, cables, ports, and connectors to connect
Cisco network devices to other network devices and hosts in a
LAN
LAN Switching Technologies Determine the technology and media
access control method for Ethernet networks Identify basic
switching concepts and the operation of Cisco switches. Collision
Domains Broadcast Domains Types of switching CAM Table Configure
and verify initial switch configuration including remote access
management. Cisco IOS commands to perform basic switch setup Verify
network status and switch operation using basic utilities such as
ping, telnet and ssh. Describe how VLANs create logically separate
networks and the need for routing between them. Explain network
segmentation and basic traffic management concepts Configure and
verify VLANs Configure and verify trunking on Cisco switches DTP
Auto negotiationIP addressing (IPv4 / IPv6) Describe the operation
and necessity of using private and public IP addresses for IPv4
addressing Identify the appropriate IPv6 addressing scheme to
satisfy addressing requirements in a LAN/WAN environment. Identify
the appropriate IPv4 addressing scheme using VLSM and summarization
to satisfy addressing requirements in a LAN/WAN environment.
Describe the technological requirements for running IPv6 in
conjunction with IPv4 such as dual stack Describe IPv6 addresses
Global unicast Multicast Link local Unique local eui 64
autoconfigurationIP Routing Technologies Describe basic routing
concepts CEF Packet forwarding Router lookup process Configure and
verify utilizing the CLI to set basic Router configuration Cisco
IOS commands to perform basic router setup Configure and verify
operation status of an ethernet interface Verify router
configuration and network connectivity Cisco IOS commands to review
basic router information and network connectivity Configure and
verify routing configuration for a static or default route given
specific routing requirements Differentiate methods of routing and
routing protocols Static vs. Dynamic Link state vs. Distance Vector
next hop ip routing table Passive interfaces Configure and verify
OSPF (single area) Benefit of single area Configure OSPF v2
Configure OSPF v3 Router ID Passive interface Configure and verify
interVLAN routing (Router on a stick) sub interfaces upstream
routing encapsulation Configure SVI interfacesIP Services Configure
and verify DHCP (IOS Router) configuring router interfaces to use
DHCP DHCP options excluded addresses lease time Describe the types,
features, and applications of ACLs Standard Sequence numbers
Editing Extended Named Numbered Log option Configure and verify
ACLs in a network environment Named Numbered Log option Identify
the basic operation of NAT Purpose Pool Static 1 to 1 Overloading
Source addressing One way NAT Configure and verify NAT for given
network requirements Configure and verify NTP as a clientNetwork
Device Security Configure and verify network device security
features such as Device password security Enable secret vs enable
Transport Disable telnet SSH VTYs Physical security Service
password Describe external authentication methods Configure and
verify Switch Port Security features such as Sticky MAC MAC address
limitation Static / dynamic Violation modes Err disable Shutdown
Protect restrict Shutdown unused ports Err disable recovery Assign
unused ports to an unused VLAN Setting native VLAN to other than
VLAN 1 Configure and verify ACLs to filter network traffic
Configure and verify an ACLs to limit telnet and SSH access to the
routerTroubleshooting Troubleshoot and correct common problems
associated with IP addressing and host configurations.
Troubleshootand Resolve VLAN problems identify that VLANs are
configured port membership correct IP address configured
Troubleshoot and Resolve trunking problems on Cisco switches
correct trunk states correct encapsulation configured correct vlans
allowed Troubleshoot and Resolve ACL issues Statistics Permitted
networks Direction Interface Troubleshoot and Resolve Layer 1
problems Framing CRC Runts Giants Dropped packets Late collision
Input / Output errors
OSI Model for the CCENT Certification ExamThe CCENT
certification tests you heavily on the OSI model and the different
protocols and devices that run at each layer of the OSI model. The
following table reviews the OSI model by giving you a description
of each layer and examples of protocols and devices that run at
each layer.LayerDescriptionExamples
7.ApplicationResponsible for initiating or services the
request.SMTP, DNS, HTTP, and Telnet
6.PresentationFormats the information so that it is understood
by the receiving system.Compression and encryption depending on the
implementation
5.SessionResponsible for establishing, managing, and terminating
the session.NetBIOS
4.TransportBreaks information into segments and is responsible
for connection and connectionless communication.TCP and UDP
3.NetworkResponsible for logical addressing and routingIP, ICMP,
ARP, RIP, IGRP, and routers
2.Data LinkResponsible for physical addressing, error
correction, and preparing the information for the mediaMAC address,
CSMA/CD, switches, and bridges
1.PhysicalDeals with the electrical signal.Cables, connectors,
hubs, and repeaters
Cisco IOS Basics for the CCENT Certification ExamThe CCENT
certification exam will test you on the basics of the Cisco
Internetwork Operating System (IOS) and how to configure the IOS.
The following are some key points that summarize the IOS basics to
remember for the CCENT certification exam: Types of Memory:There
are different types of memory on a Cisco device:. ROM:The Read-Only
Memory (ROM) on a Cisco device is like the ROM on a computer in the
sense that it stores the POST and the boot loader program. The boot
loader program is responsible for locating the IOS.. Flash:The
flash memory is used to store the Cisco IOS.. RAM:RAM is used to
store things like the routing table on a router, or the MAC address
table on a switch. It is also used to store the running-config. RAM
is also known as volatile RAM, or VRAM.. NVRAM:Non-volatile RAM
(NVRAM) is used to store the startup-config, which is copied to the
running-config on bootup after the IOS is loaded. The Boot
Process:For the CCENT certification exam, you need to know the
high-level steps that occur when a Cisco device starts up. The
following is a quick review of the boot process of a Cisco router:.
POST:The first thing that occurs when a Cisco device boots up is
the POST routine, which is responsible for performing a self
diagnostic to verify everything is functioning on the router or
switch.. Locate IOS:After the POST, the bootloader program, which
is stored in ROM, locates the IOS in flash memory and loads it into
RAM.. Startup-configapplied:After the IOS is loaded into memory,
the bootloader program then locates the startup-config and applies
it to the device. Configuration Modes:When making changes to the
Cisco device, there are a number of different configuration modes,
and each change is made in a specific configuration mode. The
following summarizes the major configuration modes:. User Exec:When
you connect to a Cisco device, the default configuration mode is
user exec mode. With user exec mode, you can view the settings on
the device but not make any changes. You know you are in user exec
mode because the IOS prompt displays a ">".. Priv Exec:In order
to make changes to the device, you must navigate to priv exec mode,
where you may be required to input a password. Priv exec mode
displays with a "#" in the prompt.. Global Config:Global
configuration mode is where you go to make global changes to the
router, such as the hostname. To navigate to global configuration
mode from priv exec mode, you typeconfig term, where you will be
placed at the "(config)#" prompt.. Sub Prompts:You can navigate to
a number of different sub prompts from global configuration, such
as the interface prompts to modify settings on a specific interface
and the line prompts to modify the different ports on the
device.Configuring Users and Passwords for the CCENT Certification
ExamThe CCENT certification exam will test you on basic
configuration of the Cisco IOS, including setting passwords and
creating users. The following are some key points that summarize
configuring passwords on Cisco devices:Command(s)Result
R1>enableR1#config termR1(config)#enable password
mypassR1(config)#enable secret mysecretThese commands are used to
create an enable password and an enable secret. Remember that the
enable password is stored in clear text within the configuration
file while the enable secret is encrypted.
R1>enableR1#config termR1(config)#line con
0R1(config-line)#password conpassR1(config-line)#loginThese
commands are used to create a console password on the console port.
Remember that after the password is set, you must specify the login
command to require authentication on the port.
R1>enableR1#config termR1(config)#line aux
0R1(config-line)#password auxpassR1(config-line)#loginThese
commands are used to create an auxiliary port password on the
router. Again, notice the use of the login command after setting
the password; if you forget to use it then the router will not
prompt for a password on that port.
R1>enableR1#config termR1(config)#line vty 0
15R1(config-line)#password vtypassR1(config-line)#loginThese
commands are used to create a password for telnet connections that
are made to the device.
R1>enableR1#config termR1(config)#username glen password
glenpass
R1(config)#line con 0R1(config-line)#login local
R1(config)#line vty 0 15R1(config-line)#login localThese
commands are used to create a username calledglenwith a password
ofglenpass. You then use thelogin localcommand on each of the
console port, auxiliary port, and vty ports to require
authentication with a usernameandpassword.
R1(config)#banner motd #Enter TEXT message. End with the
character'#'.This device is for authorized personnel only.Please
disconnect at once if you have not been given permission to access
this device#R1(config)#This command creates a message-of-the-day
banner, which displays before someone logs in. This is used to give
legal notice that unauthorized access is prohibited.
Configuring Interfaces for the CCENT Certification ExamThe CCENT
certification exam requires you to know how to configure basic
settings on the router, such as the hostname and the interfaces.
The following commands review those configuration tasks.The
following commands are used to configure the name of the router
with thehostnamecommand. The name of the router appears in the
prompt once it is set. Notice that the hostname is changed in
global configuration mode.Router>enableRouter#config
termRouter(config)#hostname R2The following commands are used to
configure the FastEthernet port on the router. Notice that the
interface is referenced with the slot/port syntax on
theinterfacecommand. The IP address is set and then the description
of the interface, the speed and duplex mode are then set, and
finally the port is enabled with the no shutdown
command.R2(config)#interface f0/0R2(config-if)#ip address 25.0.0.1
255.0.0.0R2(config-if)#description Private LANR2(config-if)#speed
100R2(config-if)#duplex fullR2(config-if)#no shutdownThe following
commands are used to configure the Serial port on the router.
Notice that the interface is referenced with the slot/port syntax
on theinterfacecommand. The IP address is set and then the
encapsulation protocol (PPP or HDLC) is set. Because this is the
DCE end of a back-to-back serial cable, the clock rate needs to be
set, otherwise the service provider sets that. Finally, the
interface is enabled with theno
shutdowncommand.R1>enableR1#config termR1(config)#interface
serial 0/0R1(config-if)#ip address 24.0.0.1
255.0.0.0R1(config-if)#encapsulation hdlcR1(config-if)#clock rate
64000 (only set for DCE device)R1(config-if)#no shutdownConfiguring
Network Services for the CCENT Certification ExamThis section
reviews popular commands used when configuring a Cisco device for
name resolution, DHCP services, and NAT. You'll need to know these
for the CCENT Certification exam.The following commands configure
the hostname table on a router and display the entries in the
hostname table:NY-R1>enableNY-R1#config termNY-R1(config)#ip
host BOS-R1 24.0.0.2To verify that the entry has been
added:NY-R1(config)#exitNY-R1#show hostsThe following commands
enable DNS lookups and specify the DNS server of 23.0.0.200 to send
DNS queries to. The domain name is also set to
gleneclarke.com.NY-R1>enableNY-R1#config termNY-R1(config)#ip
domain-lookupNY-R1(config)#ip name-server
23.0.0.200NY-R1(config)#ip domain-name gleneclarke.comThe following
commands configure your router as a DHCP server by setting an
address pool (range of addresses to give out) and setting up
excluded addresses that are not to be given out. The lease time is
set to 7 days in this example.NY-R1(config)#ip dhcp pool
NY_NetworkNY-R1(dhcp-config)#network 23.0.0.0
255.0.0.0NY-R1(dhcp-config)#default-router
23.0.0.1NY-R1(dhcp-config)#dns-server
23.0.0.200NY-R1(dhcp-config)#lease 7 0
0NY-R1(dhcp-config)#exitNY-R1(config)#ip dhcp excluded-address
23.0.0.1 23.0.0.15The following commands configure NAT overload
services on a router called NY-R1. In this example, a list of
source addresses is created in access list #1, which is then used
as the inside source list. The FastEthernet 0/0 port is the
overloaded public address port that all inside addresses get
translated to.NY-R1(config)#Access-list 1 permit 10.0.0.0
0.255.255.255NY-R1(config)#ip nat inside source list 1 interface
FastEthernet 0/0 overloadNY-R1(config)#interface
FastEthernet0/0NY-R1(config-if)#ip nat
outsideNY-R1(config-if)#interface
FastEthernet0/1NY-R1(config-if)#ip nat insideBasic Switch Commands
to Remember for the CCENT Certification ExamThis section outlines
some of the popular commands you use on a Cisco switch for the
CCENT certification exam. Most of the basic router commands, such
as setting passwords and banners, work on the
switch.Command(s)Result
Switch#show mac-address-tableUsed to display the MAC address
table on the switch.
Switch>enableSwitch#config termSwitch(config)#hostname
NY-SW1NY-SW1(config)#Used to change the hostname on the switch.
NY-SW1>enableNY-SW1#config termNY-SW1(config)#interface
vlan1NY-SW1(config-if)#ip address 23.0.0.25
255.0.0.0NY-SW1(config-if)#no
shutdownNY-SW1(config-if)#exitNY-SW1(config)#ip default-gateway
23.0.0.1Configures the switch for an IP address so that you can
remotely connect to the switch and manage it. Also notice that the
default gateway is set. If you do not set the default gateway, you
will be unable to manage the switch from a different network.
Switch>enableSwitch#config termSwitch(config)#interface
f0/5Switch(config-if)#speed 100Switch(config-if)#duplex
fullSwitch(config-if)#description Web ServerSwitch(config-if)#no
shutdownThese commands are used to manually configure a port for
100 Mbps, full duplex, and assigns a description to the port. The
port is then enabled with theno shutdowncommand.
Switch(config-if)#shutdownDisables the port.
SW1>enableSW1#config termSW1(config)#interface
f0/6SW1(config-if)#switchport mode accessSW1(config-if)#switchport
port-securitySW1(config-if)#switchport port-security mac-address
stickySW1(config-if)#switchport port-security maximum
1SW1(config-if)#switchport port-security violation shutdownThis
group of commands configures port security on port #6. Port
security is a way to limit which systems can connect to a switch.
This code example uses a "sticky" MAC address that tells the switch
to configure the port for whatever MAC uses the port first. It then
sets the maximum number of MACs for the port to 1 and shuts down
the port if there is a violation.
show port-security addressShow the MAC addresses that have been
configured for each port.
show port-security interface f0/6Show the configuration of port
security on port 6.
Switch>enableSwitch#vlan databaseSwitch(vlan)#vlan 2 name
ExecutivesVLAN 2 added:Name: ExecutivesSwitch(vlan)#exitConfigures
a VLAN namedExecutivesin the VLAN database.
Switch#show vlanDisplay a list of VLANs.
Switch(config)#interface range f0/6 -
9Switch(config-if-range)#switchport access vlan 2Place ports 69 in
the newly created VLAN 2.
Troubleshooting Commands for the CCENT Certification ExamWhen
problems arise on Cisco devices, there are a number ofshowcommands
you can use to help identify what the problem is. The following
table lists popularshowcommands:Command(s)Result
show running-configDisplays the running configuration stored in
VRAM.
show startup-configDisplays the startup configuration stored in
NVRAM.
show ip interface briefShows a summary of the interfaces and
their status.
show interfacesDisplays detailed information about each
interface.
show interface serial 0/0Displays detailed information about a
specific interface.
show ip routeDisplays the routing table.
show hostsDisplays the host name table.
show controller serial0/1Displays whether the serial interface
is a DCE or DTE device.
show ip protocolsDisplays what routing protocols are loaded.
show cdp neighborsDisplays basic information about neighboring
devices such as name, type of device, and model.
show cdp neighbors detailDisplays detailed information about
neighboring devices such as name, type of device, model, and IP
address.
Security Best Practices for the CCENT Certification ExamOne of
the most important skills to have as a CCENT is the capability of
implementing basic security practices on your Cisco devices. The
following are some key points to remember about securing devices
when you take the CCENT exam: Secure Location:Be sure to locate
your Cisco routers and switches in a secure location a locked room
where limited access is permitted. Disable Ports:In high secure
environments, you should disable unused ports so that unauthorized
systems cannot connect to the network. Configure Port Security:In
order to control which systems can connect to the enabled ports,
use port security to limit which MAC addresses can connect to which
ports. Set Passwords:Be sure to configure passwords on the console
port, auxiliary port, and the vty ports. Also configure the enable
secret for access to priv exec mode. Login Command:Do not forget
the login command after setting the password on the port. The login
command tells the Cisco device that anyone connecting must log in
and forces the prompt for a password. Login Local Command:If you
are looking to create usernames and passwords for login, then use
thelogin localcommand to tell the Cisco device that you wish to
authenticate persons by the usernames and password configured on
the device. Encrypt Passwords:Be sure to encrypt all passwords in
the configuration with theservice password-encryptioncommand!
Banners:Be sure to configure banners that do not have the word
"welcome" in the message or any other inviting phrases. You want to
make sure that the banners indicate that unauthorized access is
prohibited. Secure Communication:To remotely manage the device, use
SSH instead of telnet as the communication is encrypted.Network
Cabling for the CCENT Certification ExamThe CCENT certification
tests you on the different types of cabling that are used in
different scenarios. The following are some key points to remember
about network cabling. Rollover cable:A rollover cable is also
known as aconsole cableand gets the namerolloverbecause the order
of the wires from one end of the cable to the other are totally
reversed, or rolled over. The rollover/console cable is used to
connect a computer to the console port or auxiliary port of the
router for administration purposes. Back-to-back serial cable:The
back-to-back serial cable is used to connect two Cisco routers
directly together over a serial link. A back-to-back serial link
will have one router act as the DCE device with the clock rate set
and the other router act as the DTE device. Straight-through
cable:A straight-through cable is used to connect dissimilar
devices together. Scenarios that use straight-through cables are
computer-to-switch and switch-to-router. Crossover cable:A
crossover cable has wires 1 and 2 switch positions with wires 3 and
6 on one end and is used to connect similar devices together.
Scenarios that use crossover cables are computer-to-computer,
switch-to-switch, and computer-to-router (they are both hosts).
Coaxial cable:A network cable type used in old Ethernet
environments, such as 10Base2 and 10Base5. Coaxial cable is seen in
high-speed Internet connections with cable companies today. Fiber
optic cable:A unique cable type that has a glass core which carries
pulses of light as opposed to copper cable carrying electrical
signals (coax and twisted pair cabling).Network Devices and
Services Overview for the CCENT Certification ExamYou can be sure
to get a few questions on the CCENT certification exam that test
your knowledge of types of devices and different network services.
The following are some key points to remember about devices and
services:Network devices Hub:A hub is a layer-1 device that is used
to connect systems together. When a hub receives data in the form
of an electrical signal, it sends the data to all other ports in
hopes the destination system is at one of those ports. All ports on
the hub create a single collision domain and a single broadcast
domain. Repeater:A repeater is a layer-1 device that is used to
amplify the signal. As the signal travels along the network, it
gets weaker due to interference, so the purpose of the repeater is
to regenerate that signal so it can travel more distance. Bridge:A
bridge is a layer-2 device that creates multiple network segments.
The bridge maintains a table in memory of what systems reside on
what segments by their MAC addresses. When data reaches the bridge,
the bridge filters the traffic by only sending the data to the
network segment that the destination system resides on. The purpose
of the bridge is that it filters traffic by sending the data only
to the segment where the destination system resides. Each segment
on the bridge creates a separate collision domain, but it is all
one broadcast domain. Switch:The switch, another layer-2 device, is
an improvement on a bridge in the sense that each port on the
switch acts as a network segment. The switch filters traffic by
sending the data only to the port on the switch where the
destination MAC address resides. The switch stores each MAC address
and the port the MAC address resides on in an area of memory known
as theMAC address table. Each port on the switch creates a separate
collision domain, but all ports are part of the same broadcast
domain. Router:A router is a layer-3 device that handles routing of
data from one network to another network. The router stores a
listing of destination networks in the routing table which is found
in memory on the router.Network services DHCP:The DHCP service is
responsible for assigning IP addresses to hosts on the network.
When a client boots up, it sends a DHCP discover message, which is
a broadcast message designed to locate a DHCP server. The DHCP
server responds with a DHCP Offer, offering the client an IP
address. The client then responds with a DHCP request message
asking for the address before the server responds with a DHCP ACK
to acknowledge that the address has been allocated to that client.
DNS:The DNS service is responsible for converting the Fully
Qualified Domain Name, (FQDN) such as www.gleneclarke.com to an IP
address. NAT:Network Address Translation is responsible for
converting the internal address to a public address that is used to
access the Internet. NAT offers the benefit of being able to
purchase only one public IP address and have a number of clients on
the network use that one IP address for Internet access. NAT also
offers the security benefit that the internal addresses are not
used on the Internet helping to keep the internal addresses unknown
to the outside world. There are two types of NAT to know for the
CCENT certification exam:. Static NAT:Static NAT is the mapping of
one internal address to one public address. With static NAT, you
will need multiple public addresses to allow internal clients to
access the Internet.. NAToverloading:A more popular form of NAT,
NAT overloading is the concept that all internal address get
translated to the one public address on the NAT device. Web
services:There are a number of Web services you should be familar
with for the CCENT certification exam:. POP3/IMAP4:POP3 and IMAP4
are the Internet protocols for receiving email over the Internet..
SMTP:SMTP is the Internet protocol for sending email over the
Internet. SMTP servers are also known asemail servers.. HTTP:HTTP
servers are also known asWeb serversand are used to host Web sites.
HTTP is a protocol that is used to send the Web page from the Web
server to the Web client.. FTP:FTP is an Internet protocol used to
transfer files over the Internet. The files are hosted on FTP
servers, which are then downloaded to any clients on the
Internet.Configuring Routing for the CCENT Certification
ExamRouting protocols will certainly come up on your CCENT
certification exam. This section reviews popular commands that deal
with routing and routing protocols, such as RIPv1 and
RIPv2.Command(s)Result
ip routingEnables routing on the router. Should be on by
default.
no ip routingDisables routing on the router.
show ip routeDisplays the routing table.
ip route 23.0.0.0 255.0.0.0 22.0.0.2Adds a static route to the
router for the 23.0.0.0 network and sends any data for that network
to the 22.0.0.2 address (next hop).
no ip route 23.0.0.0 255.0.0.0 22.0.0.2Deletes the static route
from the routing table.
ip route 0.0.0.0 0.0.0.0 22.0.0.2Sets the gateway of last resort
on the router to forward any packets with unknown destinations to
the 22.0.0.2 address.
ROUTERB>enableROUTERB#config termROUTERB(config)#router
ripROUTERB(config-router)#network
26.0.0.0ROUTERB(config-router)#network 27.0.0.0Configures the
router for RIPv1. RIP is a dynamic routing protocol that is used to
share routing information with other routers running RIP. In this
example, RIP will share knowledge of the 26.0.0.0 and the 27.0.0.0
networks.
ROUTERB>enableROUTERB#config termROUTERB(config)#router
ripROUTERB(config-router)#network
26.0.0.0ROUTERB(config-router)#network
27.0.0.0ROUTERB(config-router)#version 2To configure the router for
RIPv2, you use the same commands but add the "version 2" command at
the end.
show ip protocolsDisplay what routing protocols are running on
the router.
debug ip ripEnable RIP debugging, which will display RIP related
messages on the screen as RIP-related events occur (packets are
sent and received).
no debug allTurns off debugging once you are done
troubleshooting RIP.
Wireless Networking Terminology for the CCENT Certification
ExamAt its most basic, wireless communication is the sending and
receiving of data through airwaves. But the CCENT certification
exam expects you to understand wireless terminology and concepts.
The following are some key points to remember for the exam:Know the
following organizations that help define wireless: Institute of
Electrical and Electronics Engineers (IEEE):Creates the wireless
standards, such as 802.11a/b/g/n Federal Communications Commission
(FCC):Regulates the use of wireless devices (licenses of
frequencies) WiFi-Alliance:Ensures compatibility of wireless
components. The WiFi-Alliance is responsible for testing and
certification of wireless devices.Know the two types of wireless
networks: Ad hoc mode:No wireless access point is used. The
wireless clients communicate in a peer-to-peer environment.
Infrastructure mode:Uses a wireless access pointKnow the IEEE
Standards for wireless: 802.11a:A wireless standard that uses the 5
GHz frequency range and runs at 54 Mbps. 802.11b:A wireless
standard that uses the 2.4 GHz frequency range and runs at 11 Mbps.
The WiFi standard was created and 802.11b is part of that standard.
This is the frequency used by cordless phones and microwaves, so
you may experience interference from those devices. As a
correction, you can change the channel of the wireless network or
purchase phones that use a different frequency. 802.11g:A wireless
standard, which is compatible with 802.11b, that also uses the 2.4
GHz frequency range and runs at 54 Mbps. 802.11n:A new wireless
standard that can use either the 2.4 GHz frequency range or the 5
GHz frequency range and is compatible with 802.11a/b/g. 802.11n has
a transfer rate of approximately 150 Mbps.Other wireless terms to
know for the exam: Basic Service Set (BSS):A wireless network
consisting of one access point using an SSID. If you had three
access points, each using a different SSID, then this would be
three BSS networks. Extended Service Set (ESS):A wireless network
comprising multiple access points using the same SSID.Be sure to
know the configuration requirements to set up an ESS: The SSID on
each access point must be the same. The range of the access points
must overlap by 10% or more. Each access point must use a different
channel.Know the difference between the different wireless
encryption types: Wired Equivalent Privacy (WEP):An old wireless
encryption protocol that involves configuring a pre-shared key on
the access point and the wireless client that is used to encrypt
and decrypt data. WEP uses the RC4 encryption algorithm with the
pre-shared key and is not considered secure due to the way the key
is used. WEP supports 64-bit and 128-bit encryption. WiFi Protected
Access (WPA):The improvement on WEP that adds the TKIP protocol in
order to perform key rotation to help improve on the fact that WEP
uses a static key. WPA has two modes:personal modeinvolves
configuring a pre-shared key, andenterprise modecan use an
authentication server such as RADIUS. WiFi Protected Access 2
(WPA2):Improves upon WPA by changing the encryption algorithm to
theAdvanced Encryption Standard(AES) and supports both personal
mode and enterprise mode.The following are some key points
regarding best practices to improve the security of your wireless
network: Disable wireless:If you aren't using wireless, then
disable the wireless functionality on the wireless router. Change
the SSID:Make sure you change the SSID to something meaningless.
You don't want the SSID set to a value that will help the hacker
identify the building you're in because he could move closer to the
building to get a stronger signal. Disable SSID broadcasting:After
disabling SSID broadcasting. the router won't advertise the
existence of the wireless network. This makes it harder for someone
to connect because they have to manually configure their client for
the SSID name. Implement MAC filtering:MAC filtering allows you to
limit who can connect to the wireless network by the MAC address of
the network card. Implement encryption:Be sure to encrypt wireless
traffic with WEP, WPA, or WPA2. WPA2 is the most secure of the
three.
CCENT/CCNA Certification Practice Quiz 1
Question 1:The frame shown enters the switch. Select the
operation or operations the switch will perform:
Top of FormWill forward the frame out all portsWill forward the
frame out fa0/2 and add 0000.00cc.cccc to the MAC address tableWill
forward the frame out fa0/3 and add 0000.00bb.bbbb to the MAC
address tableWill forward the frame out all active portsWill drop
the frame because it is invalidBottom of Form
Question 2:Top of FormYou need to configure a default gateway
for management access to a switch. Select the command you would
type in the switch CLI to learn the ip address of an attached
router.Show neighborShow cdp neighbor detailShow peripheralsShow ip
neighborshow iptablesBottom of FormQuestion 3:
The network with ip address 192.168.100.0/27 is to be used on a
router. If ip subnet-zero is configured, which statement describe
the resulting number of available subnets and hosts?Top of Form7
usable subnets, each with 32 host addresses8 usable subnets, each
with 30 host addresses8 usable subnets, each with 27 host
addresses7 usable subnets, each with 24 host addresses9 usable
subnets, each with 24 host addressesQuestion 4:Top of FormAfter the
devices have been configured as shown, it is determined that the
branch office in Chicago doesn't have connectivity to the Internet
through the headquarters in Dallas. How would you fix the
problem?
Change ip address on the WAN side of the Chicago routerChange
subnet mask on the WAN side of the Chicago routerChange ip address
on the LAN side of the Chicago routerChange ip address on the LAN
side of the Dallas routerChange ip address on the WAN side of the
Dallas routerQuestion 5:Top of FormYou are a network administrator
at a branch office and received a router from the headquarters. The
router had previously been in production and still has the old
configuration. You want to erase the configuration. What command
would you type at the CLI?erase nvramclear configThis cannot be
done, you need to restore the router to factory defaultsdelete
memoryCycle the power 3 times, then type clrsetQuestion 6:Top of
FormWhich of the following will prevent workstations with
unauthorized MAC address from connecting to the network through a
switch?BPDUDTPRSTPPort securityVTPNoneQuestion 7:Top of FormYou are
a network administrator at a branch office and received a router
from the headquarters. When you try to login to the router to clear
the configuration you find you don't have access to it. Nobody
knows the password to the router so you need to reset it. What
value should you set in the registry and how does the router
accomplish this? (Choose 2)0x21020x2142The router will ignore the
configurationThe router will prompt you to enter a new passwordIt
can't be doneQuestion 8:Top of FormThe exhibit below shows the
output of a show ip interface brief on a Cisco router.r1#show ip
interface brief
Serial0/0 does not respond to ping requests. What step would you
take to resolve the problem?Change ip address on Serial0/0Enable
the interface Serial0/0The interface looks fine in status up,
problem must be somewhere elseCheck the physical connection in
Serial 0/0Change the ip address on Serial 0/1Question 9:Top of
FormA junior network administrator configured and installed an
802.11g access point in the center of a square office. Some users
are experiencing slow performance and drops while most users are
operating normally. What are the likely causes of the problem?
(Choose 2)mismatched TKIP encryptionnull ssidcordless
phonesmismatched ssidmetal file cabinetsQuestion 10:Top of
FormWhich IOS command enters global configuration
mode?startupenableinterface vlan 0initconfigure terminalQuestion
11:Top of FormWhich IOS command enables access to high-level
commands?susu rootadmin 0initenableQuestion 12:Top of FormWhich IOS
command will create interface vlan 10 if it doesn't exist?interface
vlan 10enable vlan 10config vlan 10init vlan 10enable interface
10Question 13:Top of FormWhich IOS command will configure a default
gateway for management purposes?ip default gatewayinterface
defaultconfig default gatewayinit defaultenable interface 10
defaultQuestion 14:Top of FormWhich two statements describe the
operation of the CSMA/CD access method?(Choose 2)In a CSMA/CD
collision domain, multiple stations can successfully transmit data
simultaneouslyIn a CSMA/CD collision domain, stations must wait
until the media is not in use before transmitting.The use of hubs
to enlarge the size of collisions domains is one way to improve the
operation of the CSMA/CD access methodAfter a collision, the
station that detected the collision has first priority to resend
the lost dataAfter a collision, all stations involved run an
identical back off algorithm and then synchronize with each other
prior to transmitting data.
CCENT/CCNA Certification Practice Quiz 2Question 1:You enter the
partial configuration shown in a router.interface s0/0ip address
160.1.1.1 255.255.255.252No shutdownip nat outside
interface fa0/0ip address 10.2.2.254 255.255.255.0No shutdownip
nat inside
ip subnet-zero
ip nat pool first 66.150.4.49 66.150.4.54 netmask
255.255.255.248ip nat inside source list 1 pool first
Access-list 1 permit 10.2.2.0 0.0.0.255
Which would be a valid "inside global address" after this router
performs NAT?Top of
Form10.2.2.166.150.4.5366.150.4.4810.2.2.25410.2.2.255Question
2:Which best describes the wireless security standard that is
defined by WPA? (Choose 2 statements)Top of FormIt specifies the
use of dynamic encryption keys that change each time a client
establishes a connectionIt specifies use of a static encryption key
that must be changed frequently to enhance securityIt includes
authentication by PSKIt requires use of an open authentication
methodIt requires that all access points and wireless devices use
the same encryption keyQuestion 3:Your organization doubled in size
during the past year and more growth is projected in the near
future as shown in the exhibit:
Accounting: Currently 50 users. Projected growth 100
usersMarketing: Currently 20 users. Projected growth 60 usersIT:
Currently 15 users. Projected growth 32 usersClient services:
Currently 50 users. Projected growth 100 users
Currently all hosts in the organization are in the 10.20.20.0/24
range. What steps should you take to correct the situation and
guarantee future expansion? Choose the best answer.Top of
FormChange the subnet mask of all hosts to 255.255.255.0No action,
the current range will accommodate future growthChange the subnet
mask of all hosts to 255.255.254.0Change the subnet mask of all
hosts to 255.255.252.0Question 4:
You are a network administrator at a branch office and have been
assigned the 192.168.20.0/24 range for internal use. You need to
subnet the range so 20 valid ip addresses are in the SERVER vlan,
32 valid ip addresses are in the EXECUTIVE vlan, 50 valid addresses
are in the IT vlan, 50 for the ACCOUNTING vlan and the rest in the
USERS vlan. At least 40 valid ip addresses must be in the USERS
vlan. How would you accomplish this? (Choose the best answer)Top of
FormSubnet as shown:SERVER: 192.168.20.0/27EXECUTIVE:
192.168.20.64/26IT: 192.168.20.128/26ACCOUNTING:
192.168.20.192/26USERS: 192.168.20.32/27
Subnet as shown:SERVER: 192.168.20.0/28EXECUTIVE:
192.168.20.32/26IT: 192.168.20.96/26ACCOUNTING:
192.168.20.160/26USERS: 192.168.20.224/27
Subnet as shown:SERVER: 192.168.20.0/27EXECUTIVE:
192.168.20.32/26IT: 192.168.20.96/26ACCOUNTING:
192.168.20.160/26USERS: 192.168.20.32/26
This cannot be accomplished with the current address
spaceQuestion 5:You are a network administrator at a branch office
and received a router from the headquarters. You have been told the
ip address of the router's eth0/0 interface is 192.168.1.254/24.
You need to configure the router, but when attempting to locate a
console cable, you cannot find one. What can you do to try to
connect to the router? (Choose 3)
a) From your computer open up a tftp session to 192.168.1.254.b)
Connect a straight through cable between your computer and the
router's eth0/0c) Assign 192.168.1.255/24 to your computer's NICd)
Connect a crossover cable between your computer and the router's
eth0/0e) Assign 192.168.1.1/24 to your computer's NICf) From your
computer open up a telnet session to 192.168.1.254.Top of Formb, c,
ab, e, ad, e, aQuestion 6:Exhibit
A junior network administrator enters the following
configuration in the new routers:R1 configurationinterface fa0/0ip
address 10.4.101.254 255.255.255.0no shutdowninterface s0/0ip
address 10.4.1.1 255.255.255.252no shutdownR2
configurationInterface fa0/010.4.102.254 255.255.255.0no
shutdowninterface s0/0ip address 10.4.1.2 255.255.255.252ip route
10.4.101.0 255.255.255.0 10.4.1.1What is missing from the
configuration so H1 can talk to H2?Top of FormEnable routing on
R1Nothing, the hosts should be able to ping each otherOn R1, enter
a static route to the 10.4.102.0/24 network pointing to R2Enter cdp
run on R1Page 7 of 15Question 7:What type of cable would you employ
to establish the following types of connections:Host to Host:Top of
FormCrossover cableStraight through cableRollover cableHost to
Switch:Bottom of FormTop of FormCrossover cableStraight through
cableRollover cableSwitch to Switch:Bottom of FormTop of
FormCrossover cableStraight through cableRollover cableHost to
Console:Bottom of FormTop of FormCrossover cableStraight through
cableRollover cableQuestion 8:You are tasked with developing a
comprehensive network security plan, which of the following should
be a part of it?Top of FormEncourage users write down their
passwords so they don't get locked out if they forget them.Secure
network equipment from access by unauthorized individuals.Delay
deployment of software patches and updates until they are
absolutely necessary.Allow users to choose whether they want to
have security or not.Activate automatic antivirus client updates
late at night only to minimize network traffic during the
day.Question 9:What are the advantages of using switches over hubs?
(select all that apply)Top of FormIncrease the number of collision
domainsSimultaneous frame transmissionsIncrease size of broadcast
domainsIncrease the maximum length of cabling between devicesFilter
frames based on MAC addressesQuestion 10:In the exhibit, what is
the correct addressing for a frame and packet received by H2 from
H1?
Top of FormDestination MAC: 0001.0002.5678Destination IP:
10.4.22.21Source MAC: 0001.0002.aaaaSource IP: 10.4.21.21
Destination MAC: 0001.0002.5678Destination IP: 10.4.22.21Source
MAC: 0001.0002.1234Source IP: 10.4.22.2
Destination MAC: 0001.0002.5678Destination IP: 10.4.22.21Source
MAC: 0001.0002.aaaaSource IP: 10.4.21.1
Destination MAC: 0001.0002.5678Destination IP: 10.4.22.21Source
MAC: 0001.0001.5678Source IP: 10.4.21.21Question 11:How will R1
handle a data frame received from H1 destined to H2? (Choose 2)Top
of FormTake out the source ip address and replace it with the ip
address on the forwarding Ethernet interfaceTake out the source mac
address and replace it with the mac address on the forwarding
Ethernet interfaceTake out the destination mac address and replace
it with the mac address of H2Take out the destination ip address
and replace it with the ip address of H2Question 12:You are a
network administrator at a branch office and just purchased a new
router. The serial interface is already configured and connects to
the ISP. You need to configure the fa0/0 interface on the router so
it serves as the default gateway for internal hosts.You enter the
following in global config mode:
Interface fa0/0ip address 192.168.100.1 255.255.255.0
What command would you more likely enter next in the
configuration?
Top of Formno shutdownenableenable default-gatewayenable DHCPcdp
runQuestion 13:Which two addresses below are available for host
addresses in the 172.16.240.32/27 subnet?Top of
Form172.16.240.63172.16.240.62172.16.240.33172.16.240.32172.16.240.65172.16.240.64Question
14:You are a network administrator at a branch office and received
a router from the headquarters. You enter the following:R1>show
versionThe router displays the following (partial output):Cisco
2610 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of
memory(TOTAL DRAM: 26624K + 6144K = 32MB)Processor board ID
TG9RFTGRF56 (34525435)M860 processor: part number 0, mask
49Bridging softwareX.25 software, Version 3.0.0.1 Ethernet/IEEE
820.3 interface(s)32K bytes of non-volatile configuration
memory.8192K bytes of processor board System flash
(Read/Write)(TOTAL FLASH 8192K = 8MB)Configuration register is
0x2102What is the largest configuration file that can be stored on
this router?Top of Form32Mbytes32Kbytes8192Kbytes8MbytesBottom of
FormBottom of FormBottom of FormBottom of FormBottom of FormBottom
of FormBottom of FormBottom of FormBottom of FormBottom of
FormBottom of FormBottom of FormBottom of FormBottom of FormBottom
of FormBottom of FormBottom of FormBottom of FormBottom of
FormBottom of FormBottom of FormBottom of FormBottom of FormBottom
of FormBottom of FormBottom of Form