CCNA FAQ: Understanding the Cisco SDM

CCNA FAQ: Understanding the Cisco SDM

Q1. What is the Cisco SDM?

Answer: The Cisco Security Device Manager (SDM) is a web-based tool that Cisco developed for its IOS software-based routers. SDM allows users to configure and monitor a router without using CLI.

Q2. What are the ten tasks listed in the vertical sidebar of the SDM?

Answer:

  1. Interfaces and Connections
  2. Firewall and ACL
  3. VPN
  4. Security Audit
  5. Routing
  6. NAT
  7. Intrusion Prevention
  8. Quality of Service
  9. NAC
  10. Additional Tasks

Q3. What four properties can be configured in the Router Properties section of the SDM?

Answer:

    1. Host Name
    2. Domain Name
    3. Banner (Message of the Day)
    4. Secret Password

.

Q4. What options can be configured in the Router Access portion of the SDM?

Answer:
User Accounts
VTY Line Configuration
SSH
Management Access

Q5. What steps would you take to configure the WAN IP address on a router using SDM?

Answer: From the Home page, select Configure, Interfaces and Connections, Edit Interface/Connection and then double-click the WAN interface. On the Connection tab, select static or dynamic IP address and enter the IP address and subnet mask

ccna-faq-understanding-cisco-sdm
For questions 6 through 10, refer to Figure.
FIGURE: Cisco SDM: home page example.

Q6. What is the router’s hostname?
A. Router
B. CCNA
C. CCNAPrep
D. CCNA851

Answer: C. The hostname of the router shown is CCNAPrep.

Q7. From the home page of the Cisco SDM, what would you click to see the router’s running configuration?
A. Configure
B. View Running Config
C. Monitor
D. Search

Answer: B. To see the running configuration of your router, click View Running Config.

Q8. Which feature is not available on the router shown in Figure 9.25?
A. IP
B. Firewall
C. VPN
D. IPS

Answer: D. IPS has a red circle with an X next to it, indicating that it is unavailable on this router. Answers A, B, and C are incorrect because they have a green circle with a check mark, indicating that these are available features on the router.

Q9. From the home page of the Cisco SDM, what would you click to configure the router’s hostname?
A. Configure
B. View Running Config
C. Monitor
D. Search

Answer: A. To get to router configuration options, the best answer to this question is to click the Configure button. Answer B is incorrect because it shows the router’s running configuration. Answers C and D are incorrect because they do not allow for device configuration.

Q10. To send a copy running-config startup-config command to the router with the SDM, which button would you click?
A. Configure
B. Monitor
C. Refresh
D. Save

Answer: D. With SDM, you click the Save button to send a copy running-config startup-config command to the router.

Q11. How would you navigate the SDM to find and enable an interface?
A. Configure, Interfaces and Connections
B. Configure, Additional Tasks, Router Properties
C. Configure, Additional Tasks, Router Access
D. Configure, Interfaces and Connections, Edit Interface Connections

Answer: D. To find and enable an interface, you need to select Configure, Interfaces and Connections, Edit Interface Connections. Answer A is incorrect because it does not continue to the Edit Interface Connections tab. Answers B and C are incorrect because they refer to sections of the SDM that are used for general router properties or router access configurations.

Q12. The Monitor screen on the SDM gives statistics for what three types of usage?
A. Memory
B. CPU
C. Disk Activity
D. Flash

Answer: A, B, D. The Monitor screen gives statistics on memory, CPU, and flash usage.

Q13. Which of the following is configured from Router Properties?
A. IP Address
B. DHCP
C. SNMP
D. Secret Password

Answer: D. The secret password is configured in the Router Properties section of the SDM. Answer A is incorrect because the IP address is configured in the Interfaces and Connections section. Answers B and C are incorrect because they are not configured from Router Properties.

Q14. What privilege level is assigned to an account that is given a secret password?
A. 15
B. 10
C. 5
D. 0

Answer: A. A secret password is given a privilege level of 15.

Q15. User accounts can be added and edited in which section of the SDM?
A. Router Properties
B. Router Access
C. ACL Editor
D. DHCP

Answer: B. User accounts can be added and edited in the Router Access section of the SDM. Answer A is incorrect because it can only be used to add a secret password on the router. Answers C and D are also incorrect because they are not used to configure user accounts.

Q16. Which of the following is a standards-based protocol that works much like CDP?
A. DHCP
B. LLDP
C. DDNS
D. SSTP

Answer: B. The IEEE created a new standardized discovery protocol called 802.1AB for Station and Media Access Control Connectivity Discovery. We’ll just call it Link Layer Discovery Protocol (LLDP).

Q17. Which command can be used to determine a router’s capacity to generate debug output?
A. show version
B. show controllers
C. show processes cpu
D. show memory

Answer: C. The show processes (or show processes cpu) is a good tool for determining a given router’s CPU utilization. When it is high, it is not a good time to execute a debug command.

Q18. You are troubleshooting a connectivity problem in your corporate network and want to isolate the problem. You suspect that a router on the route to an unreachable network is at fault. What IOS user exec command should you issue?
A. Router>ping
B. Router>trace
C. Router>show ip route
D. Router>show interface
E. Router>show cdp neighbors

Answer: B. The command traceroute (trace for short), which can be issued from user mode or privileged mode, is used to fid the path a packet takes through an internetwork and will also show you where the packet stops because of an error on a router.

Q19. You copy a configuration from a network host to a router’s RAM. The configuration looks correct, yet it is not working at all. What could the problem be?
A. You copied the wrong configuration into RAM.
B. You copied the configuration into flash memory instead.
C. The copy did not override the shutdown command in running-config.
D. The IOS became corrupted after the copy command was initiated.

Answer: C. Since the confiuration looks correct, you probably didn’t screw up the copy job. However, when you perform a copy from a network host to a router, the interfaces are automatically shut down and need to be manually enabled with the no shutdown command.

Q20. In the following command, what does the IP address 10.10.10.254 refer to?

A. IP address of the ingress interface on the router
B. IP address of the egress interface on the router
C. IP address of the next hop on the path to the DHCP server
D. IP address of the DHCP server

Answer: D. Specifying the address of the DHCP server allows the router to relay broadcast traffi destined for a DHCP server to that server.

Q21. The corporate office sends you a new router to connect, but upon connecting the console cable, you see that there is already a configuration on the router. What should be done before a new configuration is entered in the router?
A. RAM should be erased and the router restarted.
B. Flash should be erased and the router restarted.
C. NVRAM should be erased and the router restarted.
D. The new configuration should be entered and saved.

Answer: C. Before you start to confiure the router, you should erase the NVRAM with the erase startup-config command and then reload the router using the reload command.

Q22. What command can you use to determine the IP address of a directly connected neighbor?
A. show cdp
B. show cdp neighbors
C. show cdp neighbors detail
D. show neighbor detail

Answer: C. This command can be run on both routers and switches and it displays detailed information about each device connected to the device you’re running the command on, including the IP address.

Q23. According to the output, what interface does SW-2 use to connect to SW-3?

A. Fas 0/1
B. Fas 0/16
C. Fas 0/2
D. Fas 0/5

Answer: C. The Port ID column describes the interfaces on the remote device end of the connection.

Q24. What command can you use to determine the IP address of a directly connected neighbor?
A. show cdp
B. show cdp neighbors
C. show cdp neighbors detail
D. show neighbor detail

Answer: C. This command can be run on both routers and switches, and it displays detailed information about each device connected to the device you’re running the command on, including the IP address.

Q25. You save the configuration on a router with the copy running-config startup-config command and reboot the router. The router, however, comes up with a blank configuration. What can the problem be?
A. You didn’t boot the router with the correct command.
B. NVRAM is corrupted.
C. The configuration register setting is incorrect.
D. The newly upgraded IOS is not compatible with the hardware of the router.
E. The configuration you saved is not compatible with the hardware.

Answer: C. If you save a confiuration and reload the router and it comes up either in setup mode or as a blank confiuration, chances are you have the confiuration register setting incorrect.

Q26. If you want to have more than one Telnet session open at the same time, what keystroke combination would you use?
A. Tab+spacebar
B. Ctrl+X, then 6
C. Ctrl+Shift+X, then 6
D. Ctrl+Shift+6, then X

Answer: D. To keep open one or more Telnet sessions, use the Ctrl+Shift+6 and then X keystroke combination.

Q27. You are unsuccessful in telnetting into a remote device from your switch, but you could telnet to the router earlier. However, you can still ping the remote device. What could the problem be? (Choose two.)
A. IP addresses are incorrect.
B. Access control list is filtering Telnet.
C. There is a defective serial cable.
D. The VTY password is missing.

Answer: B, D. The best answers, the ones you need to remember, are that either an access control list is fitering the Telnet session or the VTY password is not set on the remote device.

Q28. What information is displayed by the show hosts command? (Choose two.)
A. Temporary DNS entries
B. The names of the routers created using the hostname command
C. The IP addresses of workstations allowed to access the router
D. Permanent name-to-address mappings created using the ip host command
E. The length of time a host has been connected to the router via Telnet

Answer: A, D. The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command.

Q29. Which three commands can be used to check LAN connectivity problems on a switch? (Choose three.)
A. show interfaces
B. show ip route
C. tracert
D. ping
E. dns lookups

Answer: A, B, D. The tracert command is a Windows command and will not work on a router or switch! IOS uses the traceroute command.

Q30. You telnet to a router and make your necessary changes; now you want to end the Telnet session. What command do you type in?
A. close
B. disable
C. disconnect
D. exit

Answer: D. Since the question never mentioned anything about a suspended session, you can assume that the Telnet session is still open, and you would just type exit to close the session.

Q31. You telnet into a remote device and type debug ip icmp, but no output from the debug command is seen. What could the problem be?
A. You must type the show ip icmp command first.
B. IP addressing on the network is incorrect.
C. You must use the terminal monitor command.
D. Debug output is sent only to the console.

Answer: C. To see console messages through your Telnet session, you must enter the terminal monitor command.

Q32. You need to view console messages on a device to which you have connected through telnet. The command you need to execute to see these is ___________.

Answer: terminal monitor When you telnet into a remote device, you will not see console messages by default. For example, you will not see debugging output. To allow console messages to be sent to your Telnet session, use the terminal monitor command.

Q33. You need to gather the IP address of a remote switch that is located in Hawaii. What can you do to find the address?
A. Fly to Hawaii, console into the switch, then relax and have a drink with an umbrella in it.
B. Issue the show ip route command on the router connected to the switch.
C. Issue the show cdp neighbor command on the router connected to the switch.
D. Issue the show ip arp command on the router connected to the switch.
E. Issue the show cdp neighbors detail command on the router connected to the switch.

Answer: E. Although option A is certainly the “best” answer, unfortunately option E will work just fie and your boss would probably prefer you to use the show cdp neighborsdetail command.

Q34. You need to configure all your routers and switches so they synchronize their clocks from one time source. What command will you type for each device?
A. clock synchronization ip_address
B. ntp master ip_address
C. sync ntp ip_address
D. ntp server ip_address version number

Answer: D. To enable a device to be an NTP client, use the ntp server IP_address version number command at global confiuration mode. That’s all there is to it! Assuming your NTP server is working of course.

Q35. What two commands can you use to verify your NTP client?
A. show ntp server
B. show ntp status
C. show vtp status
D. show ntp associations
E. show clock source

Answer: B, D. You can verify your NTP client with the show ntp status and show ntp associations commands.
CCNA Frequently Asked Questions CCNA Exam Questions with Explanation

About the author

Prasanna

Leave a Comment