CCIE Security FAQ General Networking Topics


CCIE Security FAQ General Networking Topics

Q1. Which layer of the OSI model is responsible for converting frames into bits and bits into frames?
a. Physical
b. Network
c. Transport
d. LLC sublayer
e. Data link

Answer: e
Explanation: The data link layer performs bit conversion to pass to the MAC sublayer.

Q2. Routing occurs at what layer of the OSI model?
a. Physical
b. Network
c. Transport
d. LLC sublayer
e. Data link

Answer: b
Explanation: Routing is a Layer 3 (network layer) function.

Q3. Bridging occurs at what layer of the OSI model?
a. Physical
b. Network
c. Transport
d. Data link

Answer: d
Explanation: The data link layer is where bridging is performed.

Q4. Which of the following is not part of the OSI model?
a. Network layer
b. Physical layer
c. Operational layer
d. Application layer

Answer: c
Explanation: The operational layer is not one of the seven OSI layers. The OSI model layers are physical, data link, network, transport, session, presentation, and application.

Q5. IP operates at what layer of the OSI model?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4
e. Layer 5
f. Layer 6
g. Layer 7

Answer: c
Explanation: IP operates at the network layer (Layer 3) and provides a path to a destination.

Q6. On which layer of the OSI model is data commonly referred to as segments?
a. Layer 4
b. Layer 3
c. Layer 2
d. Layer 1

Answer: a
Explanation: The data on Layer 4 is commonly referred to as segments.

Q7. On which layer of the OSI model is data commonly referred to as packets?
a. Layer 1
b. Layer 2
c. Layer 4
d. Layer 3

Answer: d
Explanation: The data on Layer 3 is commonly referred to as packets.

Q8. Which layer of the OSI model transmits raw bits?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4

Answer: a
Explanation: At Layer 1, the lowest layer of the OSI model, bits are transferred across the wire.

Q9. Which of the following protocols is not routable?
a. IP
b. IPX
c. NetBEUI
d. NetBIOS

Answer: c
Explanation: NetBEUI is not a routed protocol and must be bridged.

Q10. Which of the following is not a required step to enable FastEther Channel (FEC)?
a. Ensure that all ports share the same speed at 10 Mbps.
b. Ensure that all ports share the same parameter such as speed.
c. Ensure that all ports operate at 100 Mbps.
d. Only eight ports can be bundled into a logical link or trunk.

Answer: a
Explanation: FEC uses full-duplex Fast Ethernet (100 Mbps) links.

Q11. How is FastEther Channel best defined?
a. A bundle of 10-Mbps ports on a switch
b. Another name for half duplex 100 Mbps
c. Not available on Cisco Catalyst switches
d. The ability to bundle 100 Mbps ports into a logical link
e. Only supported with Gigabit ports

Answer: d
Explanation: The FastEther Channel feature bundles 100 Mbps Fast Ethernet ports into a logical link between two devices, such as Catalyst switches.

Q12. On what OSI layer does bridging occur?
a. Layer 1
b. Layer 2
c. Layer 3
d. Both Layer 1 and 2

Answer: b
Explanation: Bridging occurs at the data link layer (Layer 2) of the OSI model.

Q13. In spanning tree, what is a BPDU?
a. A break protocol data unit
b. A routable frame
c. A bridge protocol data unit
d. A frame sent out by end stations

Answer: c
Explanation: BPDU is a bridge protocol data unit.

Q14. An incoming frame on a Layer 2 switch is received on port 10/1 on a Catalyst 5000. If the destination address is known through port 10/2, what happens?
a. The frame is discarded.
b. The frame is sent via port 10/2.
c. The frame is broadcast to all ports on the switch.
d. The frame is sent back via 10/1.
e. None of the above.

Answer: b
Explanation: The destination MAC address has already been discovered through port 10/2, so the frame will only be sent to the known port or slot 10, port 2.

Q15. Which of the following are the four possible states of spanning tree?
a. Listening, learning, blocking, broadcasting
b. Listening, learning, blocking, connecting
c. Discovering, learning, blocking, connecting
d. Listening, learning, blocking, forwarding

Answer: d
Explanation: The four states of spanning tree are listening, learning, blocking, and forwarding.

Q16. How many bits make up an IP address?
a. 64 bits
b. 48 bits
c. 32 bits
d. 24 bits
e. 8 bits

Answer: c
Explanation: IP addresses for IPv4 are 32 bits in length.

Q17. Identify the broadcast address for the subnet
e. More data required

Answer: c
Explanation: is a Class B address with a Class C mask, and the all (all binary 1s) broadcast address is (11111111).

Q18. Convert the following address to binary:
a. 10000011.1.1.1
b. 10000011.00000010.1.1
c. 10000011.1.1.01010101
d. 10000011.1.1.11111111

Answer: a
Explanation: in binary is 10000011.00000001.00000001.00000001 or 10000011.1.1.1

Q19. How many subnets are possible in VLSM if the Class C address is used with the subnet mask in the fourth octet field?
a. None
b. 100
c. 255
d. 254
e. 253
f. 252
g. 64
h. 62

Answer: h
Explanation: 26–2 = 64–2 = 62.

Q20. How many hosts are available when a /26 subnet mask is used?
a. 254
b. 62
c. 64
d. 126

Answer: b
Explanation: 26–2 = 64–2 = 62.

Q21. How many hosts are available in a Class C or /24 network?
a. 255
b. 254
c. 253
d. 0
e. More data required

Answer: b
Explanation: A Class C or /24 network has 28–2 = 256–2 = 254 addresses available for host devices.

Q22. You require an IP network to support at most 62 hosts. What subnet mask will accomplish this requirement?

Answer: d
Explanation: 62 hosts require 62+2 = 64 addresses. This needs 6 bits borrowed from the subnet mask. In binary, that number is 11000000.

Q23. Which of the following are multicast addresses? (Choose all that apply.)

Answer: a and b
Explanation: and are multicast addresses.

Q24. Which of the following routing protocols does not support VLSM?
a. RIPv1
b. RIPv2
e. BGP

Answer: a
Explanation: RIP version I is classful and does not carry subnet masks in routing updates.

Q25. What is the source TCP port number when a Telnet session is created by a PC to a Cisco router?
a. 23
b. Not a known variable
c. 21
d. 20
e. 69

Answer: b
Explanation: The source TCP port is a random number; the destination port is 23.

Q26. What best describes the ARP process?
a. DNS resolution
b. Mapping an IP address to a MAC address
c. Mapping a next-hop address to outbound interface on a Cisco router
d. Both a and b

Answer: b
Explanation: ARP maps an IP address to a MAC address.

Q27. If two Cisco routers are configured for HSRP and one router has a default priority of 100 and the other 99, which router assumes the role of active router?
a. The default priority cannot be 100.
b. The router with a higher priority.
c. The router with the lowest priority.
d. Neither router because Cisco routers do not support HSRP; only clients do.

Answer: b
Explanation: The highest priority assumes the role of active router.

Q28. A Cisco router has the following route table:

What is the preferred path to (Choose the best two answers.)
a. Via Serial 0/0
b. Via Serial 0/1
c. None
d. To null0

Answer: a and b
Explanation: OSPF is chosen because of the lower administrative distance of 110 compared to RIP’s 120. Also notice OSPF load balancing between Serial0/0 and Serial0/1. (The written examination always advises you how many answers to select. Practice on the CD provided.)

Q29. IP RIP runs over what TCP port number?
a. 23
b. 21
c. 69
d. 520
e. None of the above

Answer: e
Explanation: IP RIP does not use TCP port numbers; it uses UDP.

Q30. IP RIP runs over what UDP port number?
a. 23
b. 21
c. 69
d. 520

Answer: d
Explanation: UDP 520

Q31. An OSPF virtual link should .
a. Never be used
b. Allow nonpartitioned areas access to the backbone
c. Allow partitioned areas access to the backbone
d. Not be used in OSPF, but in ISDN

Answer: c
Explanation: Virtual links allow access to areas not directly connected to the backbone or partitioned areas.

Q32. What is the BGP version most widely used today?
a. 1
b. 2
c. 3
d. 4
e. 5
f. 6

Answer: d
Explanation: BGP4.

Q33. What is the destination port number used in a Telnet session?
a. 23
b. 69
c. 21
d. 161

Answer: a
Explanation: Telnet, an application layer protocol, uses destination port 23.

Q34. In what fields does the IP checksum calculate the checksum value?
a. Data only
b. Header and data
c. Header only
d. Not used in an IP packet

Answer: c
Explanation: The IP checksum calculation only covers the IP header.

Q35. The TCP header checksum ensures integrity of what data in the TCP segment?
a. The data only.
b. The header only.
c. The data and header.
d. There are no TCP header checksums; IP covers the calculation.

Answer: c
Explanation: The TCP checksum calculation covers the TCP header and data.

Q36. ISDN BRI channels are made up of what?
a. 1 × 64 kbps channel and one D channel at 64 kbps
b. 2 × 64 kbps channels and one D channel at 64 kbps
c. 2 × 64 kbps channels and one D channel at 16 kbps
d. 32 × 64 kbps channels and one D channel at 16 kbps

Answer: c
Explanation: ISDN basic rate interface (BRI) is two 64-kbps data channels and one signaling channel (D Channel at 16 Kb).

Q37. What services can ISDN carry?
a. Data only
b. Data and voice only
c. Voice and video
d. Data, voice, and video

Answer: d.
Explanation: ISDN supports data, video, and voice.

Q38. Place the following steps in the correct order for PPP callback, as specified in RFC 1570.
1. A PC user (client) connects to the Cisco access server.

2. The Cisco IOS Software validates callback rules for this user/line and disconnects the caller for callback.

3. PPP authentication is performed.

4. Callback process is negotiated in the PPP link control protocol (LCP) phase.

5. The Cisco Access Server dials the client.
a. 1, 2, 3, 4, 5
b. 1, 3, 2, 5, 4
c. 1, 4, 5, 3, 2
d. 5, 4, 3, 2, 1

Answer: d.
Explanation: RFC 1570 dictates how PPP callback is to be followed. For more information, refer to

Q39. What hardware port is typically designed to connect a Cisco router for modem access?
a. The console port
b. The vty lines
c. The auxiliary port
d. The power switch
e. The Ethernet interface

Answer: c.
Explanation: The auxiliary port on Cisco routers can be used for modem access. The console port can also be used but, typically, the Aux port is applied for remote access or dialup access for network failures.

Q40. The AS5300 series router can support which of the following incoming connections?
a. Voice
b. Dialup users via PSTN
d. All the above

Answer: d.
Explanation: The AS5300 series router can support both digital (ISDN) and analogue connections, and also supports voice traffic.

Q41. What are the seven layers of the OSI model?

Answer:The seven layers of the OSI model are as follows:

  • Application
  • Presentation
  • Session
  • Transport
  • Network
  • Data link
  • Physical

Q42. What layer of the OSI model is responsible for ensuring that IP packets are routed from one location to another?

Answer: The network layer is primarily responsible for routing IP packets from one destination to another.

Q43. What mechanism is used in Ethernet to guarantee packet delivery over the wire?

Answer: Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is the Ethernet mechanism used to ensure that when devices detect collisions, other devices on the segment are sent a jam signal. CSMA/CD ensures that when collisions occur, other devices (such as PCs or routers) back off (do not transmit) for a specified period of time. When a device receives a jam signal, it will wait a random amount of time to retransmit. This lowers the chance of another collision. All devices that detect a jam signal can transmit up to 16 times before sending an error message to the application layer.

Q44. Name two physical characteristics of 10BaseT?

Answer: 10BaseT is an Ethernet physical layer standard that defines a maximum length of 100 m and a network speed of 10 Mbps.

Q45. What Catalyst command displays the bridging or CAM table on a Cisco 5000 series switch?

Answer: show cam dynamic

Q46. What are the possible states of spanning tree?

Answer: The possible states of spanning tree are as follows:

  • Disabled—The port is not participating in spanning tree and is not active.
  • Listening—The port has received data from the interface and will listen for frames. In this state, the bridge only receives data and does not forward any frames to the interface or to other ports.
  • Learning—In this state, the bridge still discards incoming frames. The source address associated with the port is added to the CAM table. BPDUs are sent and received.
  • Forwarding—The port is fully operational; frames are sent and received.
  • Blocking—The port has been through the learning and listening states and, because this particular port is a dual path to the root bridge, the port is blocked to maintain a loop-free topology.

The order of spanning tree states is listening, then learning, and, finally, forwarding or blocking. Typically, each state takes around 15 seconds on Cisco Catalyst switches.

Q47. FastEther Channel (FEC) allows what to occur between Cisco Catalyst switches?

Answer: FEC is a Cisco method that bundles 100 MB/s fast Ethernet ports into a logical link between Cisco Catalysts switches, such as the Catalyst 5000 or 6000 series switches.

Up to four ports can be bundled together to scale bandwidth up to 800 Mbps.

Q48. What field in the IP packet guarantees data delivery?

Answer: The IP frame format has no settings that guarantee packet delivery, so IP is termed connectionless. The error check is only performed on the IP header fields, not the data in the packet.

Q49. Name some examples of connection-orientated protocols used in TCP/IP networks.

Answer: Connection-orientated protocols include TCP, FTP, and Telnet.

Q50. Given the address,, what are the subnet and broadcast addresses? How many hosts can reside on this network?

Answer: The subnet is and the broadcast address is The number of hosts is defined by the formula 28-2=256-2=254.

Q51. How many hosts can reside when the subnet mask applied to the network is (or

Answer: The number of hosts is 27-2=128-2=126.

Q52. Name five routing protocols that support VLSM.

Answer: Routing protocols that support VLSM include the following:

  • RIP Version II
  • OSPF
  • IS-IS
  • BGP4

Q53. What is the destination port number used in a Telnet session?

Answer: The TCP port number is 23, and the source port is a random number generated by the host device.

Q54. What TCP/IP services are common in today’s large IP networks?

Answer: TCP/IP has a number of applications or services in use:

  • Address Resolution protocol (ARP)
  • Reverse Address Resolution protocol (RARP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Hot Standby Router Protocol (HSRP)
  • Internet Control Message Protocol (ICMP)
  • Telnet
  • File transfer protocol (FTP)
  • Trivial File Transfer Protocol (TFTP)

Q55. What IOS command displays the IP ARP table on a Cisco IOS router?

Answer: The IOS command is show ip arp. This command displays IP ARP entries only. IOS command, show arp, displays all ARP entries for all protocols in use.

Q56. Cisco routers use what mechanism to determine the routing selection policy for remote networks if more than one routing protocol is running?

Answer: Cisco IOS routers use administrative distance, which defines a set number for every routing protocol in use. The lower the AD, the more trustworthy the network. For example, a static route (AD is 1) is preferred to an OSPF (AD is 110) discovered route. A static route pointing to a directly connected interface, for example, via ethernet0, has an AD set to 0, the same as a directly connected interface even though a static route is enabled.

Q57. What is the administrative distance for OSPF, RIP, and external EIGRP?

Answer: The AD for RIP is 120, 110 for OSPF, and 170 for external EIGRP (internal EIGRP is 90).

Q58. Name five characteristics of distance vector routing protocols and provide two examples of routing protocols classified as distance vector.

Answer: Distance vector characteristics and example protocols are as follows:

Periodic updates Periodic updates are sent at a set interval; for IP RIP, this interval is 30 seconds.
Broadcast updates Updates are sent to the broadcast address Only devices running routing algorithms will listen to these updates.
Full table updates When an update is sent, the entire routing table is sent.
Triggered updates Also known as Flash updates, triggered updates are sent when a change occurs outside the update interval.
Split horizon This method stops routing loop. Updates are not sent out an outgoing interface from which the route was received. This also saves bandwidth.
Maximum Hop Count
For RIP, the limit is 15, and for IGRP it’s 255
Algorithm An example is Bellman-Ford for RIP.
Examples RIP and IGRP

Q59. IP RIP runs over what protocol and port number when sending packets to neighboring routers?

Answer: UDP port number 520

Q60. How many networks can be contained in an IP RIP update?

Answer: Up to 25 networks

Q61. Specify three main differences between RIPv1 and RIPv2?

Answer: RIPv1 does not support VLSM, authentication, or multicast updates. RIPv2 supports VLSM, authentication, multicast updates, and unicast updates to remote routers.

Q62. What is an EIGRP Feasible Successor?

Answer: An EIGRP Feasible Successor is a neighboring EIGRP Cisco router with a lower AD.

Q63. What is the metric used by OSPF?

Answer:The metric used by OSPF is cost and is defined by the formula 108 Bandwidth for a given interface. The cost to a remote path is the sum of all the costs that a packet will transverse to reach the remote network.

Q64. If OSPF is configured for one area, what area assignment should be used?

Answer: Good OSPF design defines area 0, or the backbone, as the core area, and area 0 should always be used. If the OSPF network resides in one area only, theoretically, any area assignment is possible.

Q65. What LSA types are not sent in a total stubby area?

Answer: Totally stubby areas block LSA types 3, 4, and 5. Although similar to a stub area, a totally stubby area blocks LSAs of type 3, as well. This solution is Cisco proprietary and is used to further reduce a topological database. The only Link State Advertisement (LSA) type permitted is a specific type 3 LSA advertising a default router only.

Q66. What IOS command disables an interface from participating in the election of an OSPF DR/BDR router?

Answer: To disable an interface on a Cisco router when electing a DR, the IOS command is ip ospf priority 0. The router with the highest priority (range is between 0 and 255) will be elected the DR.

Q67. On an Ethernet broadcast network, a DR suddenly reboots. When the router recovers and discovers neighboring OSPF routers, will it be the designated router once more?

Answer: Once the router fails, the Backup DR (BDR) assumes the functions of the DR and another OSPF router (if it exists) is elected the BDR. After the failed router recovers, neighboring OSPF hello packets will advise that a DR/BDR already exists and there is no need to assume the functions of DR or BDR until another election process is initiated.

Q68. What Layer 4 protocol does BGP use to guarantee routing updates, and what destination port number is used?

Answer: BGP4 uses TCP and the destination port number is 179.

Q69. What are ISDN BRI and PRI?

Answer: ISDN can be supplied by a carrier in two main forms: Basic Rate Interface (BRI) and Primary Rate Interface (PRI). An ISDN BRI consists of two 64-kbps services (B channels) and one 16-kbps signaling channel (D channel). An ISDN PRI consists of 23 B or 30 B channels and a 64-kbps D channel, depending on the country. In North America and Japan, a PRI service consists of 23 B channels for a total bit rate of up to 1.544 Mbps. In Asia and Australia, a PRI delivers 30 B-channels and one 64-kbps D channel, delivering a total bit rate of 2.048 Mbps.

Q70. What are the three phases that occur in any PPP session?

Answer: The three phases that occur in any PPP session are

  • Link establishment—Link Control Program (LCP) packets are sent to configure and test the link.
  • Authentication (optional)—After the link is established, authentication can be used to ensure that link security is maintained.
  • Network layers—In this phase, NCP packets determine which protocols will be used across the PPP link. An interesting aspect of PPP is that each protocol (IP, IPX, and so on) supported in this phase is documented in a separate RFC that discusses how it operates over PPP.

Q71. Define what BECN and FECN mean in a Frame Relay network?

Answer: Forward explicit congestion notification (FECN)—Bit set by a Frame Relay network device to inform DTE receiving the frame that congestion was experienced in the path from source to destination. DTE receiving frames with the FECN bit set can request that higher-level protocols take flow-control action, as appropriate.
Backward explicit congestion notification (BECN)—Bit set by a Frame Relay network device in frames traveling in the opposite direction of frames encountering a congested path. DTE receiving frames with the BECN bit set can request that higher-level protocols take flow-control action, as appropriate.

Q72. Frame Relay DLCI values are used for what purpose?

Answer: The data-link connection identifier (DLCI) value specifies a PVC or SVC in a Frame Relay network. DLCIs are locally significant. There are globally significant DLCIs used for LMI communication between Frame Relay switches.

Q73. What is the IP address range used in IP multicast networks?

Answer: The range of networks is from to

Q74. What type of network environment typically uses an AS5300?

Answer: The AS5300, or universal Access Server (AS), is a versatile data communications platform that provides the functions of an access server, router, and digital modems in a single modular chassis. Internet Service Providers typically use AS5300 to allow clients to use ISDN or PSTN when accessing the Internet. The AS5300 also supports voice communication.

Q75. PC1 cannot communicate with PC2. What is the likely cause of the problem assuming that the router is configured correctly?
a. Router R1 requires a routing protocol to route packets from Ethernet0 to Ethernet1.
b. There is a problem with the IP address configuration on Router R1.
c. The gateway address on PC1 is wrong.
d. The gateway address on the router is wrong.

Answer: c. Cisco IOS routers will route between directly connected interfaces and, because PC1 cannot ping PC2 on another subnet, the PC1 gateway address must not be configured correctly.

Q76. In Figure 2-21, what will be the ping response display when an exec user on Router R1 pings PC1’s IP address for the first time? Assume that all configurations are correct.
a. !!!!!
b. !!!!.
c. …..
d. .!!!!
e. .!!!!!

Answer: d. The first request will fail because of the ARP broadcast. The subsequent pings (five in total: one for an ARP request and four successful replies) will reply successfully

Q77. What IOS command was used to display the following output taken from Router R1? Protocol Address Age (min) Hardware Addr Type Interface

a. show ip arpa
b. show ip arp
c. show interface ethernet0
d. show interface ethernet1

Answer: b. show ip arp displays the correct ARP address table for the devices.

More Resources

About the author


Leave a Comment