CCNA Exploration 1 - Module 9 Exam Answers Version 4.0

1.


In the graphic, Host A has reached 50% completion in sending a 1 KB Ethernet frame to Host D when Host B wishes to transmit its own frame to Host C. What must Host B do?
• Host B can transmit immediately since it is connected on its own cable segment.
• Host B must wait to receive a CSMA transmission from the hub, to signal its turn.
• Host B must send a request signal to Host A by transmitting an interframe gap.
• Host B must wait until it is certain that Host A has completed sending its frame.
2. Ethernet operates at which layers of the OSI model? (Choose two.)
• Network layer
• Transport layer
• Physical layer
• Application layer
• Session layer
• Data-link layer
3. Which of the following describe interframe spacing? (Choose two.)
• the minimum interval, measured in bit-times, that any station must wait before sending another frame.
• the maximum interval, measured in bit-times, that any station must wait before sending another frame.
• the 96-bit payload padding inserted into a frame to achieve a legal frame size
• the 96-bit frame padding transmitted between frames to achieve proper synchronization
• the time allowed for slow stations to process a frame and prepare for the next frame.
• the maximum interval within which a station must send another frame to avoid being considered unreachable
4. What three primary functions does data link layer encapsulation provide? (Choose three.)
• addressing
• error detection
• frame delimiting
• port identification
• path determination
• IP address resolution
5. When a collision occurs in a network using CSMA/CD, how do hosts with data to transmit respond after the backoff period has expired?
• The hosts return to a listen-before-transmit mode.
• The hosts creating the collision have priority to send data.
• The hosts creating the collision retransmit the last 16 frames.
• The hosts extend their delay period to allow for rapid transmission.
6. What are three functions of the upper data link sublayer in the OSI model? (Choose three.)
• recognizes streams of bits
• identifies the network layer protocol.
• makes the connection with the upper layers.
• identifies the source and destination applications
• insulates network layer protocols from changes in physical equipment.
• determines the source of a transmission when multiple devices are transmitting
7. What does the IEEE 802.2 standard represent in Ethernet technologies?
• MAC sublayer
• Physical layer
• Logical Link Control sublayer
• Network layer
8. Why do hosts on an Ethernet segment that experience a collision use a random delay before attempting to transmit a frame?
• A random delay is used to ensure a collision-free link.
• A random delay value for each device is assigned by the manufacturer.
• A standard delay value could not be agreed upon among networking device vendors.
• A random delay helps prevent the stations from experiencing another collision during the transmission.

9. Refer to the exhibit. Which option correctly matches the frame field type with the contents that frame field includes?
• header field - preamble and stop frame
• data field - network layer packet
• data field - physical addressing
• trailer field - FCS and SoF
10. Host A has an IP address of 172.16.225.93 and a mask of 255.255.248.0. Host A needs to
communicate with a new host whose IP is 172.16.231.78. Host A performs the ANDing operation on the destination address. What two things will occur? (Choose two.)
• Host A will change the destination IP to the IP of the nearest router and forward the packet.
• Host A will broadcast an ARP request for the MAC of its default gateway.
• A result of 172.16.225.0 will be obtained.
• Host A will broadcast an ARP request for the MAC of the destination host.
• A result of 172.16.224.0 will be obtained.
• A result of 172.16.225.255 will be obtained.
11 Which of the following is a drawback of the CSMA/CD access method?
• Collisions can decrease network performance.
• It is more complex than non-deterministic protocols.
• Deterministic media access protocols slow network performance.
• CSMA/CD LAN technologies are only available at slower speeds than other LAN technologies.
12. Ethernet operates at which layer of the TCP/IP network model?
• application
• physical
• transport
• internet
• data link
• network access
13. What is the primary purpose of ARP?
• translate URLs to IP addresses
• resolve IPv4 addresses to MAC addresses
• provide dynamic IP configuration to network devices
• convert internal private addresses to external public addresses.
14.


Refer to the exhibit. The switch and workstation are administratively configured for full-duplex
operation. Which statement accurately reflects the operation of this link?
• No collisions will occur on this link.
• Only one of the devices can transmit at a time.
• The switch will have priority for transmitting data.
• The devices will default back to half duplex if excessive collisions occur.
15.


Refer to the exhibit. Host_A is attempting to contact Server_B. Which statements correctly describe the addressing Host_A will generate in the process? (Choose two.)
• A packet with the destination IP of Router_B.
• A frame with the destination MAC address of Switch_A.
• A packet with the destination IP of Router_A.
• A frame with the destination MAC address of Router_A.
• A packet with the destination IP of Server_B.
• A frame with the destination MAC address of Server_B.
16 Which statements correctly describe MAC addresses? (Choose three.)
• dynamically assigned
• copied into RAM during system startup
• layer 3 address
• contains a 3 byte OUI
• 6 bytes long
• 32 bits long
17. Which two features make switches preferable to hubs in Ethernet-based networks? (Choose two.)
• reduction in cross-talk
• minimizing of collisions
• support for UTP cabling
• division into broadcast domains
• increase in the throughput of communications
18. What are the two most commonly used media types in Ethernet networks today? (Choose two.)
• coaxial thicknet • copper UTP
• coaxial thinnet
• optical fiber
• shielded twisted pair

19. Convert the binary number 10111010 into its hexadecimal equivalent. Select the correct answer from the list below.
• 85
• 90
• BA
• A1
• B3
• 1C
20. After an Ethernet collision, when the backoff algorithm is invoked, which device has priority to transmit data?
• the device involved in the collision with the lowest MAC address
• the device involved in the collision with the lowest IP address
• any device in the collision domain whose backoff timer expires first
• those that began transmitting at the same time

The Mind-set of a Hacker

Hackers can use a variety of tools and techniques to “hack” into a system (that is, gain

unauthorized access to a system). Although these methods vary, the following steps illustrate one example of a hacker’s methodical process for hacking into a system:

Step 1 Learn more about the system by performing reconnaissance. In this step, also known as “footprinting,” the hacker learns all he can about the system. For example, he might learn the target company’s domain names and the range of IP addresses it uses. He might perform a port scan to see what ports are open on a target system.

Step 2 Identify applications on the system, as well as the system’s operating system. Hackers can use various tools to attempt to connect to a system, and the prompt they receive (for example, an FTP login prompt or a default web page) could provide insight into the system’s operating system. Also, the previously mentioned port scan can help identify applications running on a system.

Step 3 Gain access to the system. Social engineering is one of the more popular ways to obtain login credentials. For example, public DNS records provide contact information for a company’s domain name. A hacker might be able to use this information to convince the domain administrator to reveal information about the system. For example, the hacker could pretend to be a representative of the service provider or a government agency. This approach is called pretexting .

Step 4 Log in with obtained user credentials, and escalate the hacker’s privileges. For example, a hacker could introduce a Trojan horse (a piece of software that appears to be a legitimate application but that also performs some unseen malicious function) to escalate his privileges.

Step 5 Gather additional usernames and passwords. With appropriate privileges, hackers can run utilities to create reports of usernames and/or passwords.

Step 6 Configure a “back door.” Accessing a system via a regular username/ password might not be how a hacker wants to repeatedly gain access to a system. Passwords can expire, and logins can be logged. Therefore, hackers might install a back door, which is a method of gaining access to a system that bypasses normal security measures.

Step 7 Use the system. After a hacker gains control of a system, he might gather protected information from that system. Alternatively, he might manipulate the system’s data or use the system to launch attacks against other systems with which the system might have an established trust relationship.

Potential Attackers

Another element of defending your data is identifying potential attackers who might want to steal or manipulate that data. For example, a company might need to protect its data from corporate competitors, terrorists, employees, and hackers, to name just a few.

The term “hacker” is often used very generically to describe attackers. However, not all hackers have malicious intent.

Table : lists various types of “hackers.”

Type of “Hacker”	Description
White hat hacker	A white hat hacker has the skills to break into computer systems and do damage. However, he uses his skills to help organizations. For example, a white hat hacker might work for a company to test the security of its network.
Black hat hacker	A black hat hacker, also known as a “cracker,” uses his skills for unethical reasons (for example, to steal funds).
Gray hat hacker	A gray hat hacker can be thought of as a white hat hacker who occasionally strays and acts unethically. For example, a gray hat hacker might be employed as a legitimate network security tester. However, in the course of his ethical duties, he finds an opportunity for personal gain and acts unethically to obtain that personal gain.
Phreaker	A phreaker is a hacker of a telecommunications system. For example, a phreaker known as “Captain Crunch” used a toy whistle he found in a box of Captain Crunch cereal (which generated a 2600-Hz tone) to trick phone systems into letting him place free long distance calls. Convincing a telecommunications carrier to permit free long distance calls in this manner is an example of “phreaking.”
Script kiddy	A script kiddy is a user who lacks the skills of a typical hacker. Rather, he downloads hacking utilities and uses those utilities to launch attacks, rather than writing his own programs.
Hacktivist	A hacktivist is a hacker with political motivations, such as someone who defaces the website of a political candidate.
Computer security hacker	A computer security hacker is knowledgeable about the technical aspects of computer and network security systems. For example, this person might attempt to attack a system protected by an IPS by fragmenting malicious traffic in a way that would go undetected by the
Academic hacker	An academic hacker typically is an employee or student at an institution of higher education. The academic hacker uses the institution’s computing resources to write “clever” programs. Typically, these hackers use their real names (unlike the pseudonyms often used by computer security hackers), and they tend to focus on open-standards-based software and operating systems (for example, Linux).
Hobby hacker	A hobby hacker tends to focus on home computing. He might modify existing hardware or software to, for example, use software without a legitimate license. For example, code that “unlocks” an Apple iPhone might be the work of a hobby hacker.

As shown in Table , “hackers” come in many flavors, which leads to the question, “What motivates a hacker?” Some hackers might work for governments to try to gather intelligence from other governments. Some attackers seek financial gain through their attacks. Other hackers simply enjoy the challenge of compromising a protected information system.

However, at this point, you should be familiar with five broad categories of attacks:

¦ Passive: A passive attack is difficult to detect, because the attacker isn’t actively sending traffic (malicious or otherwise). An example of a passive attack is an attacker capturing packets from the network and attempting to decrypt them (if the traffic was encrypted originally).

¦ Active: An active attack is easier to detect, because the attacker is actively sending traffic that can be detected. An attacker might launch an active attack in an attempt to access classified information or to modify data on a system.

¦ Close-in: A close-in attack, as the name implies, occurs when the attacker is in close physical proximity with the target system. For example, an attacker can bypass password protection on some routers, switches, and servers if he gains physical access to those devices.

¦ Insider: An insider attack occurs when legitimate network users leverage their credentials and knowledge of the network in a malicious fashion.

¦ Distribution: Distribution attacks intentionally introduce “back doors” to hardware or software systems at the point of manufacture. After these systems have been distributed to a variety of customers, the attacker can use his knowledge of the implanted back door to, for example, access protected data, manipulate data, or make the target system unusable by legitimate users.

Vulnerabilities

A vulnerability in an information system is a weakness that an attacker might leverage to gain unauthorized access to the system or its data. In some cases, after a vulnerability is discovered, attackers write a program intended to take advantage of the vulnerability. This type of malicious program is called an exploit.
However, even if a system has a vulnerability, the likelihood that someone will use that vulnerability to cause damage varies. This likelihood is called risk. For example, a data center might be vulnerable to a fire breaking out in the building. However, if the data center has advanced fire suppression systems and hot standby backups at another physical location, the risk to the data is minimal.
When you make plans to address vulnerabilities, consider the varied types of vulnerabilities. For example, consider the following broad categories of vulnerabilities:
¦ Physical vulnerabilities, such as fire, earthquake, or tornado
¦ Weaknesses in a system’s design
¦ Weaknesses in the protocol(s) used by a system
¦ Weaknesses in the code executed by a system
¦ Suboptimal configuration of system parameters
¦ Malicious software (for example, a virus)
¦ Human vulnerabilities (whether intentional or unintentional)

For example, consider human vulnerabilities. Because most attacks against information systems are launched from people on the “inside,” controls should be set up to prevent the intentional or unintentional misuse of information systems.

Social engineering is an example of unintentional misuse. To illustrate this concept, consider a situation in which an outside attacker calls a receptionist. The attacker pretends to be a member of the company’s IT department, and he convinces the receptionist to tell him her username and password. The attacker then can use those credentials to log into the network.

To prevent a single inside user from accidentally or purposefully launching an attack, some organizations require that two users enter their credentials before a specific act can be carried out, much like two keys being required to launch a missile.

Also, many employees are concerned with accomplishing a particular task. If stringent security procedures seem to stand in their way, the employees might circumnavigate any safeguards to, in their minds, be more productive. Therefore, user education is a critical component of any organizational security policy.

Responding to a Security Incident

Responding to a Security Incident

Many deterrent controls might display warnings such as “Violators will be prosecuted to

the fullest extent of the law.” However, to successfully prosecute an attacker, litigators

typically require the following elements to present an effective argument:

¦ Motive: A motive describes why the attacker committed the act. For example, was he

a disgruntled employee? Also, potential motives can be valuable to define during an

investigation. Specifically, an investigation might begin with those who had a motive

to carry out the attack.

¦ Means: With all the security controls in place to protect data or computer systems, you

need to determine if the accused had the means (for example, the technical skills) to

carry out the attack.

¦ Opportunity: The question of whether the accused had the opportunity to commit the

attack asks if the accused was available to commit the attack. For example, if the

accused claims to have been at a ball game at the time of the attack, and if witnesses

can verify this statement, it is less likely that the accused did indeed commit the attack.

Another challenge with prosecuting computer-based crime stems from the fragility of data. For

example, a time stamp can easily be changed on a file without detection. To prevent such

evidence tampering, strict policies and procedures for data handling must be followed. For

example, before any investigative work is done on a computer system, a policy might require

that multiple copies of the hard drive be made. One or more master copies could be locked up,

and copies could also be given to the defense and prosecution for their investigation.

Controls in a Security Solution

Controls in a Security Solution

As just mentioned, the work of actually securing data is the responsibility of the custodian.

However, if security is applied only through technical means, the results will not be highly effective. Specifically, because most attacks originating inside a network are not technical attacks, nontechnical mitigation strategies are required to thwart them. Cisco defines three security controls contained in a more all-encompassing security solution:

¦ Administrative controls are primarily policy-centric. Examples include the following:

— Routine security awareness training programs

— Clearly defined security policies

— A change management system, which notifies appropriate parties of

system changes

— Logging configuration changes

— Properly screening potential employees (for example, performing

criminal background checks)

¦ Physical controls help protect the data’s environment and prevent potential attackers

from readily having physical access to the data. Examples of physical controls are

— Security systems to monitor for intruders

— Physical security barriers (for example, locked doors)

— Climate protection systems, to maintain proper temperature and

humidity, in addition to alerting personnel in the event of fire

— Security personnel to guard the data

¦ Technical controls use a variety of hardware and software technologies to protect

data. Examples of technical controls include the following:

— Security appliances (for example, firewalls, IPSs, and VPN termination

devices)

— Authorization applications (for example, RADIUS or TACACS+

servers, one-time passwords (OTP), and biometric security scanners)

Individual administrative, physical, and technical controls can be further classified as one

of the following control types:

¦ Preventive: A preventive control attempts to prevent access to data or a system.

¦ Deterrent: A deterrent control attempts to prevent a security incident by influencing

the potential attacker not to launch an attack.

¦ Detective: A detective control can detect when access to data or a system occurs.

Interestingly, each category of control (administrative, physical, and technical) contains

components for these types of controls (preventive, deterrent, and detective). For example,

a specific detective control could be one of the following:

¦ An administrative control, such as a log book entry that is required by a security policy

¦ A physical control, such as an alarm that sounds when a particular door is opened

¦ A technical control, such as an IPS appliance generating an alert

Understanding the Methods of Network Attacks

You might have noticed that this book has thus far referred to computer criminals as “attackers”

rather than “hackers.” This wording is intentional, because not all hackers have malicious intent,

even though the term “hacker” often has a negative connotation. In this section, you will gain

additional insight into the mind-set and characteristics of various hackers.



Additionally, you will be introduced to a variety of methods that attackers can use to

infiltrate a computing system. To help mitigate such attacks, Cisco recommends the

Defense in Depth design philosophy, which also is covered in this section, in addition to a

collection of best practices for defending your network.

Lab 1 - CCNA Implementation SIM

This topology contains 3 routers and 1 switch. Complete the topology.

Drag the appropriate device icons to the labeled Device
Drag the appropriate connections to the locations labeled Connections.
Drag the appropriate IP addresses to the locations labeled IP address

(Hint: use the given host addresses and Main router information)
To remove a device or connection, drag it away from the topology.

Use information gathered from the Main router to complete the configuration of any additional routers. No passwords are required to access the Main router. The config terminal command has been disabled for the HQ router. The router does not require any configuration.

Configure each additional router with the following:

Configure the interfaces with the correct IP address and enable the interfaces.
Set the password to allow console access to consolepw
Set the password to allow telnet access to telnetpw
Set the password to allow privilege mode access to privpw

Note: Because routes are not being added to the configurations, you will not be able to ping through the internetwork.
All devices have cable autosensing capabilities disabled.
All hosts are PC’s

Answer and explanation:

Specify appropriate devices and drag them on the "Device" boxes

For the device at the bottom-right box, we notice that it has 2 interfaces Fa0/2 and Fa0/4 -> it is a switch

The question stated that this topology contains 3 routers and 1 switch -> two other devices are routers

Place them on appropriate locations as following:

(Host D and host E will be automatically added after placing two routers. Click on them to access neighboring routers)

Specify appropriate connections between these devices:

+ The router on the left is connected with the Main router through FastEthernet interfaces: use a crossover cable
+ The router on the right is connected with the Main router through Serial interfaces: use a serial cable
+ The router on the right and the Switch: use a straight-through cable
+ The router on the left and the computer: use a crossover cable

Assign appropriate IP addresses for interfaces:

From Main router, use show running-config command:

(Notice that you may see different IP addresses in the real CCNA exam, the ones shown above are just used for demonstration)

From the output we learned that the ip address of Fa0/0 interface of the Main router is 192.168.152.178/28. This address belongs to a subnetwork which has:

Increment: 16 (/28 = 255.255.255.240 or 1111 1111.1111 1111.1111 1111.1111 0000)
Network address: 192.168.152.176 (because 176 = 16 * 11 and 176 < 178)
Broadcast address: 192.168.152.191 (because 191 = 176 + 16 - 1)

And we can pick up an ip address from the list that belongs to this subnetwork: 192.168.152.190 and assign it to the Fa0/0 interface the router on the left

Use the same method for interface Serial0/0 with an ip address of 192.168.152.172

Increment: 16
Network address: 192.168.152.160 (because 160 = 16 * 10 and 160 < 172)
Broadcast address: 192.168.152.175 (because 176 = 160 + 16 - 1)

-> and we choose 192.168.152.174 for Serial0/0 interface of the router on the right

Interface Fa0/1 of the router on the left

IP (of the computer on the left) : 192.168.152.129/28

Increment: 16
Network address: 192.168.152.128 (because 128 = 16 * 8 and 128 < 129)
Broadcast address: 192.168.152.143 (because 143 = 128 + 16 - 1)

-> we choose 192.168.152.142 from the list

Interface Fa0/0 of the router on the right

IP (of the computer on the left) : 192.168.152.225/28

Increment: 16
Network address: 192.168.152.224 (because 224 = 16 * 14 and 224 < 225)
Broadcast address: 192.168.152.239 (because 239 = 224 + 16 - 1)

-> we choose 192.168.152.238 from the list

Let's have a look at the picture below to summarize

Configure two routers on the left and right with these commands:

Router1 = router on the left

Assign appropriate IP addresses to Fa0/0 & Fa0/1 interfaces:

Router1>enable
Router1#configure terminal
Router1(config)#interface fa0/0
Router1(config-if)#ip address 192.168.152.190 255.255.255.240
Router1(config-if)#no shutdown

Router1(config)#interface fa0/1
Router1(config-if)#ip address 192.168.152.142 255.255.255.240
Router1(config-if)#no shutdown

Set passwords (configure on two routers)

+ Console password:

Router1(config-if)#exit
Router1(config)#line console 0
Router1(config-line)#password consolepw
Router1(config-line)#login
Router1(config-line)#exit

+ Telnet password:

Router1(config)#line vty 0 4
Router1(config-line)#password telnetpw
Router1(config-line)#login
Router1(config-line)#exit

+ Privilege mode password:

Router1(config)#enable password privpw

Save the configuration:

Router1(config)#exit
Router1#copy running-config startup-config

Configure IP addresses of Router2 (router on the right)

Router2>enable
Router2#configure terminal
Router2(config)#interface fa0/0
Router2(config-if)#ip address 192.168.152.238 255.255.255.240
Router2(config-if)#no shutdown

Router2(config-if)#interface serial0/0
Router2(config-if)#ip address 192.168.152.174 255.255.255.240
Router2(config-if)#no shutdown

and set console, telnet and privilege mode passwords for Router2 as we did for Router1, remember to save the configuration when you finished

CCNA 640-802 VLAN / VTP Practice Questions

Brief: CCNA exam requires a good understanding of VLAN / VTP concepts, terminology, and implementation using Cisco switches. We have given a few multiple choice questions to gauge your preparedness (yourself) of the subject before taking the exam!

Q1: Match the trunking protocols with respective media:

1. Inter Switch Link A. FDDI
2. LANE B. Fast Ethernet
3. 802.10 C. ATM

Choose the correct choice.

A. 1-> C, 2->B, 3->A B. 1->B, 2->C, 3->A C. 1->B, 2->A, 3->C D. 1->A, 2->B, 3->C

Ans:B

Explanation:

ISL, 802.1Q are the VLAN trunking protocols associated with Fast Ethernet. The VLAN trunking protocol defined by 802.10 is associated with FDDI. LANE (LAN Emulation) is associated with ATM.

Brief: CCNA exam requires a good understanding of VLAN / VTP concepts, terminology, and implementation using Cisco switches. We have given a few multiple choice questions to gauge your preparedness (yourself) of the subject before taking the exam!

Q1: Match the trunking protocols with respective media:

1. Inter Switch Link A. FDDI
2. LANE B. Fast Ethernet
3. 802.10 C. ATM

Choose the correct choice.

A. 1-> C, 2->B, 3->A B. 1->B, 2->C, 3->A C. 1->B, 2->A, 3->C D. 1->A, 2->B, 3->C

Ans:B

Explanation:

ISL, 802.1Q are the VLAN trunking protocols associated with Fast Ethernet. The VLAN trunking protocol defined by 802.10 is associated with FDDI. LANE (LAN Emulation) is associated with ATM.

Q3: You have configured your network to have 3 VLANs. How many broadcast domains do you have?

A. 1 B. 2 C. 3 D. 4

Ans.: C

Explanation: It is important to know the difference between a collision domain and a broadcast domain. When you use Hubs, all the nodes connected to the hub will be in the same collision domain. However, when you use switches and implement VLANs, each VLAN will be in a separate broadcast domain. The packet forwarding between VLANs is achieved through the use of routing.

Q4: Your network has 100 nodes on a single broadcast domain. You have implemented VLANs and segmented the network to have 2 VLANs of 50 nodes each. The resulting broadcast traffic effectively:

A. Increases two fold B. Remains same C. Decreases by half D. Increases 4 fold

Ans: C

Explanation: By implementing VLANs,

1. The effective broadcast traffic decreases, since VLANs do not forward the broadcast traffic from one VLAN to another.

2. The security can be improved by implementing a router (A layer 3 device) to route the packets among VLANs.

Q5: Which of the following are valid VLAN Trunk Protocols over Fast Ethernet? [Select 2].

A. Inter-Switch Link B. 802.10 C. LANE D. 802.1Q

Ans: A, D

Expl.: Inter-Switch Link and 802.1Q are two VLAN Trunking Protocols used with Fast Ethernet, that Cisco supports. LANE is associated with ATM and 802.10 is associated with FDDI. Also, it is important to note that ISL, 802.1Q, and 802.10 use Frame Tagging to identify the VLANs.