CCIE Security FAQ General Networking Topics
Q1. Which layer of the OSI model is responsible for converting frames into bits and bits into frames?
a. Physical
b. Network
c. Transport
d. LLC sublayer
e. Data link
Explanation: The data link layer performs bit conversion to pass to the MAC sublayer.
Q2. Routing occurs at what layer of the OSI model?
a. Physical
b. Network
c. Transport
d. LLC sublayer
e. Data link
Explanation: Routing is a Layer 3 (network layer) function.
Q3. Bridging occurs at what layer of the OSI model?
a. Physical
b. Network
c. Transport
d. Data link
Explanation: The data link layer is where bridging is performed.
Q4. Which of the following is not part of the OSI model?
a. Network layer
b. Physical layer
c. Operational layer
d. Application layer
Explanation: The operational layer is not one of the seven OSI layers. The OSI model layers are physical, data link, network, transport, session, presentation, and application.
Q5. IP operates at what layer of the OSI model?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4
e. Layer 5
f. Layer 6
g. Layer 7
Explanation: IP operates at the network layer (Layer 3) and provides a path to a destination.
Q6. On which layer of the OSI model is data commonly referred to as segments?
a. Layer 4
b. Layer 3
c. Layer 2
d. Layer 1
Explanation: The data on Layer 4 is commonly referred to as segments.
Q7. On which layer of the OSI model is data commonly referred to as packets?
a. Layer 1
b. Layer 2
c. Layer 4
d. Layer 3
Explanation: The data on Layer 3 is commonly referred to as packets.
Q8. Which layer of the OSI model transmits raw bits?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4
Explanation: At Layer 1, the lowest layer of the OSI model, bits are transferred across the wire.
Q9. Which of the following protocols is not routable?
a. IP
b. IPX
c. NetBEUI
d. NetBIOS
Explanation: NetBEUI is not a routed protocol and must be bridged.
Q10. Which of the following is not a required step to enable FastEther Channel (FEC)?
a. Ensure that all ports share the same speed at 10 Mbps.
b. Ensure that all ports share the same parameter such as speed.
c. Ensure that all ports operate at 100 Mbps.
d. Only eight ports can be bundled into a logical link or trunk.
Explanation: FEC uses full-duplex Fast Ethernet (100 Mbps) links.
Q11. How is FastEther Channel best defined?
a. A bundle of 10-Mbps ports on a switch
b. Another name for half duplex 100 Mbps
c. Not available on Cisco Catalyst switches
d. The ability to bundle 100 Mbps ports into a logical link
e. Only supported with Gigabit ports
Explanation: The FastEther Channel feature bundles 100 Mbps Fast Ethernet ports into a logical link between two devices, such as Catalyst switches.
Q12. On what OSI layer does bridging occur?
a. Layer 1
b. Layer 2
c. Layer 3
d. Both Layer 1 and 2
Explanation: Bridging occurs at the data link layer (Layer 2) of the OSI model.
Q13. In spanning tree, what is a BPDU?
a. A break protocol data unit
b. A routable frame
c. A bridge protocol data unit
d. A frame sent out by end stations
Explanation: BPDU is a bridge protocol data unit.
Q14. An incoming frame on a Layer 2 switch is received on port 10/1 on a Catalyst 5000. If the destination address is known through port 10/2, what happens?
a. The frame is discarded.
b. The frame is sent via port 10/2.
c. The frame is broadcast to all ports on the switch.
d. The frame is sent back via 10/1.
e. None of the above.
Explanation: The destination MAC address has already been discovered through port 10/2, so the frame will only be sent to the known port or slot 10, port 2.
Q15. Which of the following are the four possible states of spanning tree?
a. Listening, learning, blocking, broadcasting
b. Listening, learning, blocking, connecting
c. Discovering, learning, blocking, connecting
d. Listening, learning, blocking, forwarding
Explanation: The four states of spanning tree are listening, learning, blocking, and forwarding.
Q16. How many bits make up an IP address?
a. 64 bits
b. 48 bits
c. 32 bits
d. 24 bits
e. 8 bits
Explanation: IP addresses for IPv4 are 32 bits in length.
Q17. Identify the broadcast address for the subnet 131.108.1.0/24.
a. 131.108.1.1
b. 131.108.1.254
c. 131.108.1.255
d. 131.108.1.2
e. More data required
Explanation: 131.108.1.0/24 is a Class B address with a Class C mask, and the all (all binary 1s) broadcast address is 131.108.1.255 (11111111).
Q18. Convert the following address to binary: 131.1.1.1/24
a. 10000011.1.1.1
b. 10000011.00000010.1.1
c. 10000011.1.1.01010101
d. 10000011.1.1.11111111
Explanation: 131.108.1.1 in binary is 10000011.00000001.00000001.00000001 or 10000011.1.1.1
Q19. How many subnets are possible in VLSM if the Class C address 131.108.255.0 is used with the subnet mask 255.255.255.252 in the fourth octet field?
a. None
b. 100
c. 255
d. 254
e. 253
f. 252
g. 64
h. 62
Explanation: 26–2 = 64–2 = 62.
Q20. How many hosts are available when a /26 subnet mask is used?
a. 254
b. 62
c. 64
d. 126
Explanation: 26–2 = 64–2 = 62.
Q21. How many hosts are available in a Class C or /24 network?
a. 255
b. 254
c. 253
d. 0
e. More data required
Explanation: A Class C or /24 network has 28–2 = 256–2 = 254 addresses available for host devices.
Q22. You require an IP network to support at most 62 hosts. What subnet mask will accomplish this requirement?
a. 255.255.255.255
b. 255.255.255.252
c. 255.255.255.224
d. 255.255.255.192
e. 255.255.255.240
Explanation: 62 hosts require 62+2 = 64 addresses. This needs 6 bits borrowed from the subnet mask. In binary, that number is 11000000.
Q23. Which of the following are multicast addresses? (Choose all that apply.)
a. 224.0.0.5
b. 224.0.0.6
c. 221.0.0.5
d. 192.1.1.1
e. 131.108.1.1
Explanation: 224.0.0.5 and 224.0.0.6 are multicast addresses.
Q24. Which of the following routing protocols does not support VLSM?
a. RIPv1
b. RIPv2
c. OSPF
d. EIGRP
e. BGP
Explanation: RIP version I is classful and does not carry subnet masks in routing updates.
Q25. What is the source TCP port number when a Telnet session is created by a PC to a Cisco router?
a. 23
b. Not a known variable
c. 21
d. 20
e. 69
Explanation: The source TCP port is a random number; the destination port is 23.
Q26. What best describes the ARP process?
a. DNS resolution
b. Mapping an IP address to a MAC address
c. Mapping a next-hop address to outbound interface on a Cisco router
d. Both a and b
Explanation: ARP maps an IP address to a MAC address.
Q27. If two Cisco routers are configured for HSRP and one router has a default priority of 100 and the other 99, which router assumes the role of active router?
a. The default priority cannot be 100.
b. The router with a higher priority.
c. The router with the lowest priority.
d. Neither router because Cisco routers do not support HSRP; only clients do.
Explanation: The highest priority assumes the role of active router.
Q28. A Cisco router has the following route table:
R1#show ip route 131.108.0.0/16 is variably subnetted, 17 subnets, 2 masks C 131.108.255.0/24 is directly connected, Serial0/0 C 131.108.250.0/24 is directly connected, Serial0/1 O 131.108.254.0/24 [110/391] via 131.108.255.6, 03:33:03, Serial0/1 [110/391] via 131.108.255.2, 03:33:03, Serial0/0 R 131.108.254.0/24 [120/1] via 131.108.255.6, 03:33:03, Serial0/1 [120/1] via 131.108.255.2, 03:33:03, Serial0/
What is the preferred path to 131.108.254.0/24? (Choose the best two answers.)
a. Via Serial 0/0
b. Via Serial 0/1
c. None
d. To null0
Explanation: OSPF is chosen because of the lower administrative distance of 110 compared to RIP’s 120. Also notice OSPF load balancing between Serial0/0 and Serial0/1. (The written examination always advises you how many answers to select. Practice on the CD provided.)
Q29. IP RIP runs over what TCP port number?
a. 23
b. 21
c. 69
d. 520
e. None of the above
Explanation: IP RIP does not use TCP port numbers; it uses UDP.
Q30. IP RIP runs over what UDP port number?
a. 23
b. 21
c. 69
d. 520
Explanation: UDP 520
Q31. An OSPF virtual link should .
a. Never be used
b. Allow nonpartitioned areas access to the backbone
c. Allow partitioned areas access to the backbone
d. Not be used in OSPF, but in ISDN
Explanation: Virtual links allow access to areas not directly connected to the backbone or partitioned areas.
Q32. What is the BGP version most widely used today?
a. 1
b. 2
c. 3
d. 4
e. 5
f. 6
Explanation: BGP4.
Q33. What is the destination port number used in a Telnet session?
a. 23
b. 69
c. 21
d. 161
Explanation: Telnet, an application layer protocol, uses destination port 23.
Q34. In what fields does the IP checksum calculate the checksum value?
a. Data only
b. Header and data
c. Header only
d. Not used in an IP packet
Explanation: The IP checksum calculation only covers the IP header.
Q35. The TCP header checksum ensures integrity of what data in the TCP segment?
a. The data only.
b. The header only.
c. The data and header.
d. There are no TCP header checksums; IP covers the calculation.
Explanation: The TCP checksum calculation covers the TCP header and data.
Q36. ISDN BRI channels are made up of what?
a. 1 × 64 kbps channel and one D channel at 64 kbps
b. 2 × 64 kbps channels and one D channel at 64 kbps
c. 2 × 64 kbps channels and one D channel at 16 kbps
d. 32 × 64 kbps channels and one D channel at 16 kbps
Explanation: ISDN basic rate interface (BRI) is two 64-kbps data channels and one signaling channel (D Channel at 16 Kb).
Q37. What services can ISDN carry?
a. Data only
b. Data and voice only
c. Voice and video
d. Data, voice, and video
Explanation: ISDN supports data, video, and voice.
Q38. Place the following steps in the correct order for PPP callback, as specified in RFC 1570.
1. A PC user (client) connects to the Cisco access server.
2. The Cisco IOS Software validates callback rules for this user/line and disconnects the caller for callback.
3. PPP authentication is performed.
4. Callback process is negotiated in the PPP link control protocol (LCP) phase.
5. The Cisco Access Server dials the client.
a. 1, 2, 3, 4, 5
b. 1, 3, 2, 5, 4
c. 1, 4, 5, 3, 2
d. 5, 4, 3, 2, 1
Explanation: RFC 1570 dictates how PPP callback is to be followed. For more information, refer to https://tools.ietf.org/rfc/rfc1570.txt
Q39. What hardware port is typically designed to connect a Cisco router for modem access?
a. The console port
b. The vty lines
c. The auxiliary port
d. The power switch
e. The Ethernet interface
Explanation: The auxiliary port on Cisco routers can be used for modem access. The console port can also be used but, typically, the Aux port is applied for remote access or dialup access for network failures.
Q40. The AS5300 series router can support which of the following incoming connections?
a. Voice
b. Dialup users via PSTN
c. ISDN
d. All the above
Explanation: The AS5300 series router can support both digital (ISDN) and analogue connections, and also supports voice traffic.
Q41. What are the seven layers of the OSI model?
Answer:The seven layers of the OSI model are as follows:
- Application
- Presentation
- Session
- Transport
- Network
- Data link
- Physical
Q42. What layer of the OSI model is responsible for ensuring that IP packets are routed from one location to another?
Q43. What mechanism is used in Ethernet to guarantee packet delivery over the wire?
Q44. Name two physical characteristics of 10BaseT?
Q45. What Catalyst command displays the bridging or CAM table on a Cisco 5000 series switch?
Q46. What are the possible states of spanning tree?
Answer: The possible states of spanning tree are as follows:
- Disabled—The port is not participating in spanning tree and is not active.
- Listening—The port has received data from the interface and will listen for frames. In this state, the bridge only receives data and does not forward any frames to the interface or to other ports.
- Learning—In this state, the bridge still discards incoming frames. The source address associated with the port is added to the CAM table. BPDUs are sent and received.
- Forwarding—The port is fully operational; frames are sent and received.
- Blocking—The port has been through the learning and listening states and, because this particular port is a dual path to the root bridge, the port is blocked to maintain a loop-free topology.
The order of spanning tree states is listening, then learning, and, finally, forwarding or blocking. Typically, each state takes around 15 seconds on Cisco Catalyst switches.
Q47. FastEther Channel (FEC) allows what to occur between Cisco Catalyst switches?
Answer: FEC is a Cisco method that bundles 100 MB/s fast Ethernet ports into a logical link between Cisco Catalysts switches, such as the Catalyst 5000 or 6000 series switches.
Up to four ports can be bundled together to scale bandwidth up to 800 Mbps.
Q48. What field in the IP packet guarantees data delivery?
Q49. Name some examples of connection-orientated protocols used in TCP/IP networks.
Q50. Given the address, 131.108.1.56/24, what are the subnet and broadcast addresses? How many hosts can reside on this network?
Q51. How many hosts can reside when the subnet mask applied to the network 131.108.1.0 is 255.255.255.128 (or 131.108.1.0/25)?
Q52. Name five routing protocols that support VLSM.
Answer: Routing protocols that support VLSM include the following:
- RIP Version II
- OSPF
- IS-IS
- EIGRP
- BGP4
Q53. What is the destination port number used in a Telnet session?
Q54. What TCP/IP services are common in today’s large IP networks?
Answer: TCP/IP has a number of applications or services in use:
- Address Resolution protocol (ARP)
- Reverse Address Resolution protocol (RARP)
- Dynamic Host Configuration Protocol (DHCP)
- Hot Standby Router Protocol (HSRP)
- Internet Control Message Protocol (ICMP)
- Telnet
- File transfer protocol (FTP)
- Trivial File Transfer Protocol (TFTP)
Q55. What IOS command displays the IP ARP table on a Cisco IOS router?
Q56. Cisco routers use what mechanism to determine the routing selection policy for remote networks if more than one routing protocol is running?
Q57. What is the administrative distance for OSPF, RIP, and external EIGRP?
Q58. Name five characteristics of distance vector routing protocols and provide two examples of routing protocols classified as distance vector.
Answer: Distance vector characteristics and example protocols are as follows:
Periodic updates | Periodic updates are sent at a set interval; for IP RIP, this interval is 30 seconds. |
Broadcast updates | Updates are sent to the broadcast address 255.255.255.255. Only devices running routing algorithms will listen to these updates. |
Full table updates | When an update is sent, the entire routing table is sent. |
Triggered updates | Also known as Flash updates, triggered updates are sent when a change occurs outside the update interval. |
Split horizon | This method stops routing loop. Updates are not sent out an outgoing interface from which the route was received. This also saves bandwidth. |
Maximum Hop Count limit |
For RIP, the limit is 15, and for IGRP it’s 255 |
Algorithm | An example is Bellman-Ford for RIP. |
Examples | RIP and IGRP |
Q59. IP RIP runs over what protocol and port number when sending packets to neighboring routers?
Q60. How many networks can be contained in an IP RIP update?
Q61. Specify three main differences between RIPv1 and RIPv2?
Q62. What is an EIGRP Feasible Successor?
Q63. What is the metric used by OSPF?
Q64. If OSPF is configured for one area, what area assignment should be used?
Q65. What LSA types are not sent in a total stubby area?
Q66. What IOS command disables an interface from participating in the election of an OSPF DR/BDR router?
Q67. On an Ethernet broadcast network, a DR suddenly reboots. When the router recovers and discovers neighboring OSPF routers, will it be the designated router once more?
Q68. What Layer 4 protocol does BGP use to guarantee routing updates, and what destination port number is used?
Q69. What are ISDN BRI and PRI?
Q70. What are the three phases that occur in any PPP session?
Answer: The three phases that occur in any PPP session are
- Link establishment—Link Control Program (LCP) packets are sent to configure and test the link.
- Authentication (optional)—After the link is established, authentication can be used to ensure that link security is maintained.
- Network layers—In this phase, NCP packets determine which protocols will be used across the PPP link. An interesting aspect of PPP is that each protocol (IP, IPX, and so on) supported in this phase is documented in a separate RFC that discusses how it operates over PPP.
Q71. Define what BECN and FECN mean in a Frame Relay network?
Backward explicit congestion notification (BECN)—Bit set by a Frame Relay network device in frames traveling in the opposite direction of frames encountering a congested path. DTE receiving frames with the BECN bit set can request that higher-level protocols take flow-control action, as appropriate.
Q72. Frame Relay DLCI values are used for what purpose?
Q73. What is the IP address range used in IP multicast networks?
Q74. What type of network environment typically uses an AS5300?
Q75. PC1 cannot communicate with PC2. What is the likely cause of the problem assuming that the router is configured correctly?
a. Router R1 requires a routing protocol to route packets from Ethernet0 to Ethernet1.
b. There is a problem with the IP address configuration on Router R1.
c. The gateway address on PC1 is wrong.
d. The gateway address on the router is wrong.
Q76. In Figure 2-21, what will be the ping response display when an exec user on Router R1 pings PC1’s IP address for the first time? Assume that all configurations are correct.
a. !!!!!
b. !!!!.
c. …..
d. .!!!!
e. .!!!!!
Q77. What IOS command was used to display the following output taken from Router R1? Protocol Address Age (min) Hardware Addr Type Interface
Internet 1.1.1.100 - 333.3333.3333 ARPA Ethernet0 Internet 2.1.1.100 - 4444.4444.4444 ARPA Ethernet1 Internet 1.1.1.1 10 1111.1111.1111 ARPA Ethernet0 Internet 2.1.1.1 10 2222.2222.2222 ARPA Ethernet1
a. show ip arpa
b. show ip arp
c. show interface ethernet0
d. show interface ethernet1
More Resources