a. Physical

b. Application

c. Presentation

d. Session

e. Transport

f. Network

g. Data Link

2. Communication between VLANs is provided by which of the following?

a. SNAP (Subnetwork Access Protocol)

b. A bridge

c. ISL (Interswitch Link Protocol )

d. A router

3. What mechanism is used to address problems in link-state routing protocols?

a. sending periodic updates

b. triggered updates

c. exchanging route summaries at border areas

d. defining infinity as some maximum number

e. split horizon

4. Your customer uses private network 10.0.0.0/20 throughout his domain. The business presently has 450 offices and 200 computers per office.

What technique is necessary in order for all internal network users to have simultaneous access to the Internet through the single company firewall and the service provider's frame relay network?

a. CIDR

b. VLSM

c. NAT

d. PAT

5. The following statement encompasses which range of addresses?

access-list 1 permit 172.30.16.0 0.0.15.255

a. 172.30.16.0 through 172.30.16.255

b. 172.30.16.0 through 172.30.29.255

c. 172.30.16.0 through 172.30.255.255

d. 172.30.16.0 through 172.30.31.255

6. You have expanded your network and have added a second Cisco 2950 switch. You want to configure a trunk between the original switch and the new switch.

Which command is used to configure the new switch to negotiate the link between the switches between trunking mode and non-trunking mode?

a. switch(config)#interface fastethernet 0/17
switch(config-if)#switchport mode dynamic desirable

b. switch(config)#interface fastethernet 0/17
switch(config-if)#switchport mode dynamic auto

c. switch(config)#interface fastethernet 0/17
switch(config-if)#switchport mode trunk

d. switch(config)#interface fastethernet 0/17
switch(config-if)#switchport mode access

7. You are asked to design a subnet mask scheme for a Class C network with 10 subnets and 14 hosts per subnet. Which subnet mask will meets your needs?

a. 255.255.255.192

b. 255.255.255.224

c. 255.255.255.240

d. 255.255.255.248

8. Which command correctly specifies a static route from Router_C to the Ethernet LAN of Router_A? (Refer to the topology map.)

a. ip route 172.16.30.0 255.255.255.0 serial0

b. ip rip network 172.16.30.0 serial0

c. ip route network 172.16.30.0 serial 0

d. route 172.16.30.0 via serial 0

9. You need to develop an access list statement that will deny access to all users from network number 172.16.0.0. Which ACL statement will accomplish this?

a. access-list 10 deny 172.16.0.0 0.0.255.255

b. access-list 15 deny 172.16.0.0 0.0.255.255 any

c. access-list 20 deny 172.16.0.0 255.255.0.0

d. access-list 50 deny 172.16.0.0 0.0.0.0

The Presentation layer's main purpose is to define data formats, such as American Standard Code for Information Interchange (ASCII) text, Extended Binary Coded Decimal Interchange Code (EBCDIC) text, binary, and Joint Photographic Experts Group (JPEG). Encryption also is defined as a Presentation layer service.

Most graphic file formats (BMP, GIF, JPEG, and MPEG) employ some kind of compression or optimization routine in their creation to shrink file size.

Just about all audio files (WAV, AU, and MP3) do this as well, since their file size can grow quite large depending on content. In their raw format, these files are pretty much unusable. The Presentation layer takes these files and deciphers the compression/optimization routines and makes them usable to the Application layer.

ASCII and EBCDIC are incompatible character sets used by a large number of computers around the world. The Presentation layer takes an outgoing ASCII transmission and converts it to Unicode. The receiving station takes the Unicode and converts it to EBCDIC. This process allows the two systems to communicate.

The Open Systems Interconnect (OSI) reference model defines the communication process between two network functions using a modular seven-layer approach.

The seven layers of the OSI model, numbered from the bottom up are:

7 - Application
6 - Presentation
5 - Session
4 - Transport
3 - Network
2 - Data Link
1 - Physical

Each layer provides an interface service to the layer above and below. The relationship between the layers is mirrored on both ends of the conversation.

The Application layer defines the interface between the communication software and any applications that need to communicate outside the computer on which the application resides.

The Presentation layer's main purpose is to define data formats, such as ASCII, EBCDIC, binary, and JPEG. Encryption also is defined as a Presentation layer service.

The Session layer defines how to start, control, and end communication sessions.

The Transport layer is responsible for end-to-end reliable data delivery. Transport Control Protocol (TCP) and User Datagram Protocol (UDP) operate at the Transport layer.

The Network layer (Layer 3) handles network addressing and decides the best path to reach a remote network. Layer 3 of the OSI model defines the network or logical addressing of packets. Segments formed at the Transport layer are converted to datagrams or packets.

The Data Link layer specifications deliver data across one particular link or medium. Protocols such as Ethernet, Token Ring, HDLC, Frame Relay, and ATM are Data Link protocols. The Data Link layer is subdivided into Logical Link Control and Media Access Control.

The Physical layer specifications deal with the physical characteristics of the transmission medium.

2. Answer D is correct. Virtual Local Area Networks (VLANs) create a separate broadcast domain, and each broadcast domain represents a separate network or subnet. In order to communicate between network segments or subnets, you need to install either a Route Switch Module (RSM) in the switch or provide an external router to handle the routing tasks.

Bridges merely connect two network segments. They cannot provide routing functions.

ISL is a trunking protocol for joining switches. ISL maintains the VLAN identity information as the traffic is passed from switch to switch.

Subnetwork Access Protocol (SNAP) is one of two Logical Link Control (LLC) frame types that deal with Layer 2 addresses.

3. Answer C is correct. Link-state protocols may have to be tuned to avoid information overload.

This can mean:

• Limiting the distribution of information (exchanging summaries at border areas)
• Flooding information at vulnerable times (dampening the update frequencies)
• Not bothering all stations on the links they run over (targeting updates to multicast addresses instead of broadcasting)

Distance vector protocols need to avoid the effects of wrong routing information. This is done by:

• Recognizing when information is wrong quicker (defining infinity)
• Not assuming they know more than they really do (split horizon)
• Some distance vector protocols passing on network changes immediately (triggered updates)

Sending periodic updates is a feature of distance vector protocols.

4. Answer D is correct. Network address translation (NAT) and port address translation (PAT) are used to permit users on private networks using private IP addressing with only one public IP address open to the Internet to access Internet servers, effectively sharing the one public address with all users in the private network.

NAT uses a valid registered IP address to represent the private address to the rest of the Internet. Static NAT requires a one-to-one mapping of private address to registered address. Dynamic NAT maps a private IP address to a registered IP address dynamically, which helps minimize the number of registered addresses necessary for all users of the network. NAT cannot support hundreds of simultaneous users over one registered address. PAT is used instead.

PAT uses the combination of an IP address and Transport layer port number with the Application layer protocol combined to create sockets. Instead of mapping a simple IP address to a registered IP address like NAT, PAT uses the registered IP address and port number combination to effectively provide for over 65,000 unique registered sockets. Internal addresses are mapped to the registered sockets, allowing all users simultaneous access to the Internet.

Classless Interdomain Routing (CIDR) is used when one domain uses contiguous blocks of networks such as the Class C group of networks, 195.0.0.0 through 195.255.255.0. Since all routers and hosts in this block of addresses have IP addresses that begin with 195, all other routers need only to route their packets to the gateway router separating the block of hosts controlled by the ISP from the rest of the Internet. This would be noted with the IP route to 195.0.0.0/8.

CIDR helps reduce the chance that there will not be enough IP addresses in the future. It also allows an ISP to allocate a subset of a class A, B, or C network to a single customer.

Implementing CIDR allows all other routers to only have one entry in their routing table to be able to route to all addresses in the ISP domain. This greatly minimizes the size and memory requirements for the routing tables.

Variable length subnet masking (VLSM) refers to the technique where different subnet masks are used at different locations in the network.

5. Answer D is correct. The correct range is 172.30.16.0 through 172.30.31.255 because the wildcard says that you do not care about the last 12 bits of the address. This means those 12 bits could be any value. The lowest value is when all 12 of those bits are 0's, the highest value is when all 12 bits are 1's.

The command "access-list 1 permit 172.30.16.0 0.0.15.255" tells you:

1) You are looking for traffic that matches the source IP address as governed by the wildcard mask of 0.0.15.255.
2) Once you determine what traffic is a match, you will permit traffic from the 172.30.16.0 network and deny everything else.

The key to this question is that the wildcard mask determines what is significant about the address. Wildcard masks define the portion of the IP address that should be examined for denial or permission. The format of the wildcard mask can be modified to specifically identify which part of an IP address must be compared to the access list.

A wildcard mask looks like a subnet mask backwards. Like subnet masks, a wildcard mask is written in decimal but to use it you must convert it to binary. Like subnet masks, the binary bits in the wildcard mask are compared with the binary bits in the IP address being tested by the access list. However, wherever a binary 0 is in the wildcard mask, the corresponding bits in the IP address must be compared. Wherever the binary 1's are in the wildcard mask, the corresponding bits in the IP address are not compared.

A wildcard mask of 0.0.15.255 means to check the first 20 bits of the IP address and if they match exactly to an access list statement, perform the access list statement to the packet. The last 12 bits can be anything.

If you look at the wildcard mask 0.0.15.255, you'll see that it leads off with 0's. Zeros in a wildcard mask mean consider this a match. 255's mean "I don't care what value is here". This is the opposite of a subnet mask.

So when you apply the wildcard mask to the IP address of 172.30.16.0 you'll see that the access list will examine only the first three octets and ignore the last one completely. The number "15" in the third octet means to ignore the last four bits of the third octet. This allows you to include a subset of subnet addresses when you solve for a match.

Any address that is made up of bits that include the first four bits is considered a match (subnets 16 - 31). Any other address is denied.

Wildcard Mask 0.0.15.255 converted to binary is:

00000000.00000000.0000 1111.11111111

This mask is applied to the source IP address 172.30.16.0 which in binary format is:

10101100.00011110.00010000.00000000

Wherever the binary zeros are in the wildcard mask, the corresponding bits in the IP address must match. So the first 20 bits in the IP address must be:

10101100.00011110.0001

and the remaining 12 bits can be any combination of 0's or 1's and still be considered to match. This means that only IP addresses that are exactly 172 in decimal in the first octet match, 30 exactly in the second octet match, and since the first four bits in the third octet must be 0001, only the numbers 16 through 31 will begin with 0001. The fourth octet can be anything.

IP access lists are either standard or extended. They are assigned a number which indicates what kind of access list it is.

Standard access lists are numbered 1 to 99.

Extended access lists are numbered 100 to 199.

Since the access list in the question is numbered 1, you know it is a standard access list, which means that you can only block traffic based on source IP address.

6. Answer A is correct. Cisco switches use an Internetwork Operating System (IOS) for configuration very similar to the one that is used on routers. The only differences are in the choices for each command. The command using the "switchport mode dynamic desirable" syntax is used to configure the new switch to negotiate the link between the switches between trunking mode and non-trunking mode.

To configure trunking on a switch, you must first be in interface configuration mode. This is similar to the configuration terminal mode used in a Cisco router in terms of operation, but the syntax is quite different. After entering the command "interface fastethernet 0/17," the command prompt changes to:

switch(config-if)#

Notice the similarity to the interface configuration mode prompt of a router:

router(config-if)#

Trunking must be configured between two switches when Virtual Local Area Networks (VLANs) span the two switches. The trunking configuration identifies the ports on the switch that will pass the VLAN information between the switches.

Once in the interface configuration mode, the "switchport mode" command is used to set how the port is used.

• switchport mode access - is used if the port is not being used as a trunk.
• switchport mode trunk - permanently sets the port in trunking mode.
• switchport mode dynamic desirable - triggers the port to negotiate the link from non-trunking mode to trunking mode as needed.
• switchpoort mode dynamic auto - sets a port to trunking only if the connected device is in dynamic desirable or trunk mode.

To enter the interface configuration mode on a switch, if the ports support Fast Ethernet, the port is identified with the "fastethernet" designation instead of "ethernet," which is used for 10Mbps ports. The numbering on the ports follows the same convention used on all Cisco equipment; that is, each port is labeled by the slot number/port number convention. On a switch, all ports are designated in slot 0. Port 12 on a switch that supports Fast Ethernet is identified as "fastethernet 0/12".

The command "switchport mode" is an interface subcommand to configure an interface for trunking.

7. Answer C is correct. You are given a Class C network, which has a default subnet mask of 255.255.255.0. It does not matter what the actual network number is to create a subnet mask to meet your needs. The problem is to determine which subnet mask will provide for 14 host addresses and 10 subnets.

To determine the number of subnets, use the 2^N-2 formula on the number of subnet bits. Knowing this, find the value of N that will provide at least 10 subnets.

You might find it helpful to use the following chart of the powers of 2 here and on the exam. The chart shows the value of N on the top row and the corresponding value of 2^N on the bottom row. This is easy to develop by simply doubling each result as you go from left to right. You should make this table on the scrap paper given to you at the exam as soon as you start so you will have it to refer to during the test. Due to time constraints on the exam, you need to answer a problem like this in less than two minutes.

If N = 2 3 4 5 6 7 8 9 10 11 12 13 14 15

2^N= 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768

Using this table, you can quickly see that for 10 subnets, the value of N must be at least 4.

To calculate the range of host addresses per subnet, use the 2^N-2 formula on the number of host bits. Using the same powers of 2 table, to have 14 hosts, N must be equal to 4.

2^4 - 2 = 14 (hosts per subnet)

Now write out the subnet mask in binary notation. Starting with the default subnet mask, (in this case it is 255.255.255.0 for a Class C network) and add an additional 4 subnet bits as follows.

11111111.11111111.11111111.11110000

The first three octets are the first three 255.255.255 of the default subnet mask. Then there are four more 1's, which translates into a subnet mask of:

255.255.255.240

An easy way to determine the subnet mask numbers is to use the following table:

subnet bit 128 64 32 16 8 4 2 1

subnet mask 128 192 224 240 248 252 254 255

Notice that this table is built by first writing the number 1 starting at the right margin, and then doubling it successively from right to left like this: 128, 64, 32, 16, 8, 4, 2, 1. These represent the 8 bits in an octet. Next, starting from the left, add the number in the top row to the previous number in the bottom row like this: 128, 128 + 64 = 192, 192 + 32 = 224, 224 + 16 = 240, 240 + 8 = 248, 248 + 4 = 252, 252 + 2 = 254, 254 + 1 = 255.

Using this table, you can quickly find the subnet mask number in the lower row. In this case you need 5 subnet bits in the fourth octet. Put a 1 in a third row under each column where a subnet bit belongs. You work with one octet at a time. For the fourth octet, you would place a 1 under each column up to the fifth column because you need five subnet bits. It should look like this:

subnet bit 128 64 32 16 8 4 2 1

subnet mask 128 192 224 240 248 252 254 255

binary value 1 1 1 1 0 0 0 0

Wherever the last 1 is in the binary value row, the number directly above it in the subnet mask row is the subnet mask number for the associated octet. In this case it is 240.

This gives you a subnet mask of 255.255.255.240.

Notice that there are four (4) host bits for this subnet mask. Host bits are the bits identified by the 0's in the binary value row. This provides for up to 14 subnets and up to 14 hosts per subnet.

8. Answer A is correct. You can configure static routes using the "ip route" command. The syntax for this command is:

ip route {destination_network_address destination_network_subnet_mask} {source_port}

Alternatively, you can use the next hop router interface IP address as follows:

ip route {destination_network_address destination_network_subnet_mask} {next_hop_router_interface_ip_address}

For the topology shown here, the correct syntax is:

ip route 172.16.30.0 255.255.255.0 serial0

The other choices all use incorrect syntax.

9. Answer A is correct. You can determine the type of access list by examining the access list number. Access lists are classified by ranges:

1-99 = standard access lists

100 - 199 = extended access list

Standard access lists can only examine the source IP address. Extended access lists can check source and destination IP addresses, as well as source and destination port numbers and the protocol type.

To meet the access control list (ACL) requirements, either a standard or extended ACLs can be used.

Access list statements use the following syntax:

access-list number- type [permit|deny] [source details] [destination details]

The secret to understanding extended ACL statements is to be able to identify where the source detailed information ends and the destination details begins. There will be two IP address sets of details in an extended ACL statement. The first will either explicitly identify a source address and wildcard mask or it will be substituted by the word "any" or the word "host". If "any" is used, it means all IP addresses match. If "host" is used, it will be followed by the IP address without a wildcard mask and represents a wildcard mask of 0.0.0.0 meaning exactly the IP address specified.

The destination details will begin with the second IP address stated. The second address can also substitute either the word "any" or "host" with the exact same connotations as when they are used with the source address.

The correct answer, "access-list 10 deny 172.16.0.0 0.0.255.255", means:

1) It is a standard access list so it can check only source addresses.
2) It will deny any node if the IP address begins with 172.16 exactly and the third and fourth octet can be anything.

"access-list 15 deny 172.16.0.0 0.0.255.255 any" is invalid because it specifies a standard ACL, which cannot use destination details.

"access-list 20 deny 172.16.0.0 255.255.0.0" is invalid because it has reversed the wildcard mask.

"access-list 50 deny 172.16.0.0 0.0.0.0" is invalid because it denies access to exactly IP address 172.16.0.0, which is a network number, not an IP address.

Questions and answers provided by MeasureUp. To order the full version of this exam simulation, click here.

More Pop Quiz:

• Cisco Exam #642-871: ARCH Exam (MeasureUp, set 2)
• Cisco Exam #642-811: BCMSN Exam (Whizlabs, set 2)
• Cisco Exam #642-811: BCMSN Exam (Whizlabs, set 1)
• Cisco Exam #642-871: ARCH Exam (MeasureUp, set 1)