1. Which two conditions have favored adoption of 802.11g over 802.11a? (Choose two.)
802.11a suffers from a shorter range than 802.11g.
The 2.4 GHz frequency band is not as crowded as the 5 GHz band.
802.11a is more susceptible to RF interference from common commercial items.
802.11a uses a more expensive modulation technique than 802.11g.
802.11g is backward compatible with 802.11b, but 802.11a is not.

2. Which two statements concerning network security are accurate? (Choose two.)
802.11i uses 3DES for encryption.
Open authentication uses no client or AP verification.
The 802.11i protocol is functionally identical to WPA.
802.11i incorporates a RADIUS server for enterprise authentication.
A wireless client first associates with an AP and then authenticates for network access.

3. Which installation method will allow connectivity for a new wireless network?
set up WEP on the access point only
set up open access on both the access point and each device connected to it
set up full encryption on the access point while leaving each device connected to the network open
set up full encryption on each device of the WLAN while leaving the access point settings open

4. Refer to the exhibit. When configuring the wireless access point, which setting does the network administrator use to configure the unique identifier that client devices use to distinguish this wireless network from others?
Network Mode
Network Name (SSID)
Radio Band
Wide Channel
Standard Channel

5. Which two statements are true regarding wireless security? (Choose two.)
MAC address filtering prevents the contents of wireless frames from being viewable.
Providing a wireless client with the network key allows an available network to be visible.
Disabling an access point from broadcasting the SSID prevents the access point from being discovered.
Default SSIDs on specific manufacturer APs are generally known and may permit hostile wireless connections.
Manually adding a network and setting the known SSID on a wireless client makes the network visible even if the SSID is not being broadcast.

6. Wireless users on a network complain about poor performance within a small area of a room. Moving away from this area in any direction improves performance dramatically. What is the first step in designing a solution to this problem?
This might be RF channel overlap, so the technician should verify the channels in use on each wireless access point and change to non-overlapping channels.
The RF power settings might be set too low on the wireless access points servicing the room. Increase the RF output power on all wireless access points.
Install a new wireless access point in this center area to provide coverage.
Verify that the wireless access points have sufficient in-line power and connectivity to the wired network.

7. Which three devices do many wireless routers incorporate? (Choose three.)
gateway for connecting to other network infrastructures
built-in Ethernet switch
network management station
VTP server
wireless access point
VPN concentrator

8. Which access method does a wireless access point use to allow for multiple user connectivity and distributed access?
CSMA/CD
token passing
CSMA/CA
polling

9. Why is security so important in wireless networks?
Wireless networks are typically slower than wired networks.
Televisions and other devices can interfere with wireless signals.
Wireless networks broadcast data over a medium that allows easy access.
Environmental factors such as thunderstorms can affect wireless networks.

10. Which wireless technology standard provides the most compatibility with older wireless standards, but has greater performance?
802.11a
802.11b
802.11g
802.11n

11. Which two statements characterize wireless network security? (Choose two.)
A rogue access point represents a security risk for the local network.
Wireless networks offer the same security features as wired networks.
Using encryption prevents unauthorized clients from associating with an access point.
An attacker needs physical access to at least one network device to launch an attack.
With SSID broadcast disabled, an attacker must sniff the SSID before being able to connect.

12. Which network design process identifies where to place access points?
site survey
risk assessment
scalability design
network protocol analysis

13. What wireless security feature allows a network administrator to configure an access point with wireless NIC unique identifiers so that only these NICs can connect to the wireless network?
authentication
SSID broadcasting
MAC address filtering
EAP (Extensible Authentication Protocol)
Radius (Remote Authentication Dial-In User Service)

14. What will a wireless client transmit to discover the available WLAN networks?
beacon
password
probe request
association request

15. In a WLAN network, why should wireless access points be implemented with each access point using a different channel?
to keep users segregated on separate subnets
to control the amount of bandwidth that is utilized
to keep signals from interfering with each other
to keep traffic secure

16. What purpose does authentication serve in a WLAN?
converts clear text data before transmission
indicates which channel the data should flow on
determines that the correct host is utilizing the network
allows the host to choose which channel to use

17. What occurs when a rogue access point is added to a WLAN?
Authorized access points can transmit excess traffic to rogue access points to help alleviate congestion.
Unauthorized users can gain access to internal servers, thus causing a security hole.
All traffic that uses the same channel as the rogue access point will be encrypted.
All traffic that uses the same channel as the rogue access point will be required to authenticate.

18. What procedure can prevent man-in-the-middle attacks?
Force all devices on a WLAN to authenticate and monitor for any unknown devices.
Enable access points to send an SSID to each device wanting to use the network.
Configure MAC filtering on all authorized access points.
Disable SSID broadcasts.

19. Which function is provided by a wireless access point?
dynamically assigns an IP address to the host
provides local DHCP services
converts data from 802.11 to 802.3 frame encapsulation
provides a gateway for connecting to other networks

20. Which major problem does CSMA/CA overcome in wireless networks?
bandwidth saturation
privacy concerns
media contention
device interoperability

21. What does a wireless access point use to allow WLAN clients to learn which networks are available in a given area?
association response
beacon
key
probe request

source : modules4ccna.blogspot.com

[learn-ccna.com]

1
Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router?
The new commands overwrite the current Managers ACL.
The new commands are added to the end of the current Managers ACL. *****
The new commands are added to the beginning of the current Managers ACL.
An error appears stating that the ACL already exists.

2.
Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the show access-list command. What sequence number does the new entry have?
0
10, and all other items are shifted down to the next sequence number
50
60 *****

3
Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem?

The public IP address of the server, 209.165.201.5, should be specified as the destination.
The ACL should be applied on the s0/0 outbound interface.
The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL.

4
ACL logging generates what type of syslog message?
unstable network
warning
critical situation

informational *****

5
Why are inbound ACLs more efficient for the router than outbound ACLs?
Inbound ACLs deny packets before routing lookups are required. *****
Inbound ACL operation requires less network bandwidth than outbound.
Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs.
Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfaces.

Reduced: 85% of original size [ 597 x 291 ] – Click to view full image

6
Which two host addresses are included in the range specified by 172.16.31.64 0.0.0.31? (Choose two.)
172.16.31.95
172.16.31.96

172.16.31.64
172.16.31.77 ****
172.16.31.78 ****

7
ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.)
reorganizing traffic into VLANs
filtering VTP packets
specifying source addresses for authentication
specifying internal hosts for NAT ****
identifying traffic for QoS ****

8
What can an administrator do to ensure that ICMP DoS attacks from the outside are mitigated as much as possible, without hampering connectivity tests initiated from the inside out?
Permit ICMP traffic from only known external sources.
Create an access list with the established keyword at the end of the line.
Create an access list permitting only echo reply and destination unreachable packets from the outside. ****
Create an access list denying all ICMP traffic coming from the outside.

9
Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard mask would the network administrator configure in

the access list to cover this range?
0.0.47.255
0.0.63.255
255.255.240.0

0.0.15.255 *****

10
What effect does the command reload in 30 have when entered into a router?
If a router process freezes, the router reloads automatically.
If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads in 30 minutes.
If a remote connection lasts for longer than 30 minutes, the router forces the remote user off.
A router automatically reloads in 30 minutes. *****

Reduced: 93% of original size [ 546 x 245 ] – Click to view full image

11
Refer to the exhibit. The following commands were entered on RTB.

RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15
RTB(config)# access-list 4 permit any
RTB(config)# interface serial 0/0/0
RTB(config-if)# ip access-group 4 in

Which addresses do these commands block access to RTB?
192.168.20.16 to 192.168.20.32
192.168.20.16 to 192.168.20.33
192.168.20.17 to 192.168.20.31
192.168.20.16 to 192.168.20.31 ******

12
Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy?

access-list 165 permit ip 192.0.2.0 0.0.0.255 any
access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip any any

access-list 197 permit ip 192.0.2.0 0.0.0.255 any
access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www

access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www ******

access-list 89 permit 192.0.2.0 0.0.0.255 any
access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www

13
Which three statements are true concerning standard and extended ACLs? (Choose three.)

Standard ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source.

Extended ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow.
Extended ACLs are usually placed so that all packets go through the network and are filtered at the destination.
Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination. ****
Standard ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow. ****
Extended ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source. ****

Reduced: 85% of original size [ 597 x 273 ] – Click to view full image

14
Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines:

1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network.
2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network.
3) All other traffic originating from the 192.168.3.0 network should be denied.

Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction?
access-list 101 deny ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 ********
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any

access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255

15
Hosts from the Limerick LAN are not allowed access to the Shannon LAN but should be able to access the Internet. Which set of commands will create a standard ACL that will apply to traffic on the Shannon router interface Fa0/0 implementing this security?
access-list 42 deny 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255
access-list 42 permit any

access-list 61 deny 172.19.123.0 0.0.0.0
access-list 61 permit any

access-list 87 deny ip any 192.0.2.0 0.0.0.255

access-list 87 permit ip any

access-list 56 deny 172.19.123.0 0.0.0.255****
access-list 56 permit any

16
Refer to the exhibit. A network administrator needs to configure an access list that will allow the management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA. All vty and enable passwords are configured on the router. Which group of commands will accomplish this task?

Router(config)# int s0/0
Router(config-if)# ip access-group 101 in
Router(config-if)# int fa0/0
Router(config-if)#ip access-group 101 in
Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet
Router(config)# access-list 101 deny ip any any ******

Router(config)# access-list 10 permit 192.168.10.25 eq telnet
Router(config)# access-list 10 deny any
Router(config)# line vty 0 4
Router(config-line)#access-group 10 in

Router(config)# access-list 86 permit host 192.168.10.25
Router(config)# line vty 0 4
Router(config-line)# access-class 86 in

Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet
Router(config)# access-list 125 deny ip any any
Router(config)# int s0/0
Router(config-if)# ip access-group 125 in

17
Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244?
access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80 *****

access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80

18
Which wildcard mask would match the host range for the subnet 192.16.5.32 /27?
0.0.0.31 *****
0.0.0.63
0.0.63.255
0.0.0.32

19
A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network?
Use Telnet with an authentication server to ensure effective authentication.

Use only Secure Shell (SSH) on the vty lines. *****
Apply an access list on the router interfaces to allow only authorized computers.
Apply an access list on the vty line to allow only authorized computers.

Reduced: 92% of original size [ 556 x 104 ] – Click to view full image

20
Refer to the exhibit. An administrator notes a significant increase in the amount of traffic entering the network from the ISP. The administrator clears the access-list counters. After a few minutes, the administrator again checks the access-list table. What can be concluded from the most recent output shown?
A small amount of HTTP trafic is an indication that the web server was not configured correctly.

A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attack. *****
A larger amount of POP3 traffic (compared with SMTP traffic) indicates that there are more POP3 email clients than SMTP clients in the enterprise.
A larger amount of email traffic (compared with web traffic) is an indication that attackers mainly targeted the email server.

[learn-ccna.com]