Intranet, Password Encryption and Configuration

Questions and Answers

An employee at a branch office needs to access confidential pricing information from internal servers at the Head Office. What type of network is required?

• an extra net
• the Internet
• a local area network
• an intranet (correct)

Which command prevents unencrypted passwords from displaying in plain text in a configuration file?

• (config)# service password-encryption (correct)
• (config)# enable secret Encrypted_Password
• (config)# enable secret Secret_Password
• (config)# enable password secret

Which modes and interfaces can be protected with passwords on a Cisco IOS device? (Choose three.)

• Console interface (correct)
• VTY interface (correct)
• Boot IOS mode
• Ethernet interface
• Router configuration mode
• Privileged EXEC mode (correct)

After issuing the copy running-config startup-config command on a Cisco switch, what is the result?

The new configuration will be loaded if the switch is restarted. (A)

Which interface allows remote management of a Layer 2 switch?

the switch virtual interface (A)

Refer to the exhibit. What password is required to access user EXEC mode via a console connection?

lineconin (C)

How does SSH differ from Telnet?

SSH provides security to remote sessions by encrypting messages and using user authentication. Telnet sends messages in plaintext. (B)

While troubleshooting a network issue, a technician made multiple unsaved changes to the router configuration. How can the changes be discarded?

Issue the reload command without saving the running configuration. (B)

What does the service password-encryption command accomplish?

Prevents someone from viewing the running configuration passwords. (B)

When IPv4 addressing is manually configured, what identifies the network and host portions of an IPv4 address?

Subnet mask (D)

Why would a Layer 2 switch need an IP address?

to enable the switch to be managed remotely (B)

What information does the loopback test provide?

The TCP/IP stack on the device is working correctly. (D)

What routing table entry has a next hop address associated with a destination network?

Remote routes (B)

Why is NAT not needed in IPv6?

Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large. (A)

What is the purpose of configuring a switch with a default gateway address?

The default gateway address is used to forward packets originating from the switch to remote networks. (B)

A computer can access devices on the same network but not devices on other networks. What is the likely problem?

The computer has an invalid default gateway address. (B)

What happens when the transport input ssh command is entered on the switch VTY lines?

Communication between the switch and remote users is encrypted. (D)

Which commands are used to set up secure access to a router through a connection to the console interface? (Choose three.)

line console 0 (A), password cisco (E), login (F)

Which address prefix range is reserved for IPv4 multicast?

224.0.0.0 - 239.255.255.255 (B)

What is the broadcast address for the 172.16.16.0/22 network?

172.16.19.255 (C)

An administrator configures an end device with the IP address 209.165.201.10 but it fails, while school B uses 192.168.25.10. Why?

This is a private IP address. (C)

Match the subnetwork to a host address:

192.168.1.64/27 = 192.168.1.68 192.168.1.32/27 = 192.168.1.48 192.168.1.96/27 = 192.168.1.121

What is the usable number of host IP addresses with a /26 mask?

62 (B)

Which addresses are valid public addresses? (Choose three.)

128.107.12.117 (A), 198.133.219.17 (B), 64.104.78.227 (E)

How many host addresses are available with a subnet mask of 255.255.252.0?

1022 (A)

What is the network address and subnet mask of the second useable subnet from the network address 192.168.1.0/24?

subnetwork 192.168.1.64 subnet mask 255.255.255.192 (E)

Which three blocks of addresses are defined by RFC 1918 for private network use? (Choose three.)

192.168.0.0/16 (A), 10.0.0.0/8 (D), 172.16.0.0/12 (F)

What are two types of IPv6 unicast addresses? (Choose two.)

Loopback (B), link-local (D)

What type of IPv6 address is FE80::1?

link-local (A)

A company is deploying an IPv6 addressing scheme for its network. What is the maximum number of subnets achieved per sub-site?

16 (C)

Which of these addresses is the shortest abbreviation for the IP address: 3FFE:1044:0000:0000:00AB:0000:0000:0057?

3FFE:1044::AB::57 (C)

An IPv6 enabled device sends a data packet with the destination address of FF02::1. What is the target of this packet?

all IPv6 enabled devices on the local link or network (A)

What is the prefix for the host address 2001:DB8:BC15:A:12AB::1/64?

2001:DB8:BC15 (C)

What IPv6 prefix is reserved for communication between devices on the same link?

FE80::/10 (C)

What is used in the EUI-64 process to create an IPv6 interface ID on an IPv6 enabled interface?

the MAC address of the IPv6 enabled interface (C)

What IPv6 address refers to any unicast address that is assigned to multiple hosts?

anycast (A)

What is the purpose of ICMP messages?

to provide feedback of IP packet transmissions (D)

Which subnet would include the address 192.168.1.96 as a usable host address?

192.168.1.64/26 (A)

Match each description with an appropriate IP address:

a link-local address = 169.254.1.5 a TEST-NET address = 192.0.2.123 a loopback address = 127.0.0.1 a private address = 172.19.20.5 an experimental address = 240.2.6.255

A Windows PC cannot connect to the Internet, showing an IP address of 169.254.10.3. What conclusions can be drawn? (Choose two.)

The PC is configured to obtain an IP address automatically. (A), The PC cannot contact a DHCP server. (E)

Which command can an administrator execute to determine what interface a router will use to reach remote networks?

show ip route (B)

Why would a network administrator use the tracert utility?

to identify where a packet was lost or delayed on a network (D)

To complete the SSH configuration, what are the additional actions have to be performed? (Choose three.)

Generate the asymmetric RSA keys. (C), Create a valid local username and password database. (E), Configure the correct IP domain name. (F)

What causes a port to be placed in the err-disabled state?

port security violation (D)

Flashcards

What is an intranet?

A private network accessible only to an organization's employees, facilitating internal communication and collaboration.

What is service password-encryption?

This command encrypts all configured passwords in the configuration file, preventing them from appearing in plain text.

What does copy running-config startup-config do?

The command replaces the startup configuration with the current running configuration, which will be loaded upon device restart.

What is the purpose of a Switch Virtual Interface (SVI)?

It allows the device to be managed remotely over the network.

Why is SSH preferred over Telnet?

Because SSH encrypts messages and uses user authentication, preventing insecure comms.

What does the reload command do (without saving)?

It discards unsaved changes by reloading the saved configuration from NVRAM.

What is the service password-encryption command?

It encrypts all plain-text passwords in the configuration file.

What does the subnet mask identify?

The subnet mask identifies the network and host portions of an IPv4 address.

Why does a Layer 2 switch need an IP address?

It is for remote management using tools like Telnet or SSH.

loopback test does?

It checks if the device can communicate with itself using its own network software.

What are remote routes in a routing table?

Remote routes specify a next hop address to reach a destination network.

Why is NAT not needed in IPv6?

It allows for enough public IP addresses for every device, so NAT is unnecessary.

What is the purpose of a switch's default gateway address?

It is used to forward packets originating from the switch to remote networks.

Why can a computer access devices on same network but not other networks?

It is likely that the default gateway is incorrectly configured or missing on the computer.

What does the transport input ssh command do?

Communication between the switch and remote users is encrypted.

What address prefix range is reserved for IPv4 multicast?

Multicast IPv4 addresses use the reserved class D address range of 224.0.0.0 to 239.255.255.255.

Why will the IP address 192.168.25.10 not work for Internet videoconferencing?

A private IPv4 address. These addresses are not routed over the Internet.

What is the target of an IPv6 packet with destination address FF02::1

All IPv6-enabled devices on the local link are targeted.

How is the prefix for an IPv6 host address determined?

The prefix is determined by the first 64 bits of the address.

Which IPv6 prefix is reserved for communication between devices on the same link?

The FE80::/10 prefix is designated for link-local addresses in IPv6.

What is used in the EUI-64 process to create an IPv6 interface ID?

The MAC address of the interface is used.

Which type of IPv6 address refers to any unicast address that is assigned to multiple hosts?

An anycast address

What is the purpose of ICMP messages?

To provide feedback of IP packet transmissions

Which subnet includes the host address 192.168.1.96?

The 192.168.1.64/26 subnet

What does an IP address in the range 169.254.x.x indicate on a Windows PC?

When a Windows PC is assigned an IP address in the 169.254.x.x range, it indicates the PC is unable to reach a DHCP server.

What command displays a router's IP routing table?

The show ip route command.

Why would a network administrator use the tracert utility?

To identify where a packet was lost or delayed on a network.

What are three actions needed to complete SSH configuration?

The correct IP domain name needs to be configured, a valid local username and password database, symmetric RSA keys generated.

When does the system have this message: What causes a port to be placed in the err-disabled state?

A port enters the err-disabled state when a port security violation occurs.

What is the benefit of EtherChannel technology?

EtherChannel provides increased bandwidth by bundling existing FastEthernet or Gigabit Ethernet interfaces into a single EtherChannel.

Active channel is configured on, means?

Bundles the links unconditionally and no negotiation protocol is used.

Which is the best next step to take? What is the next configuration action in order to allow the port to learn the MAC address of the printer and insert it into the table automatically?

Sticky MAC addressing

If a shutdown message for violation detected on Fa0/1, this means?

The port security violation mode on Fa0/1 is set to shutdown.

One role of the Dynamic Host Configuration Protocol?

The DHCP server leases client IP addresses dynamically

SW1, which error must be corrected?

aThere is a native VLAN mismatch

Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?

B: R1 (config)#interface ethernet0/0.20

What action should be taken?

B. configure IEEE 802.1q

Which statement explains the configuration error message that is received?

A: It is a a broadcast IP address

Router(config)#interface GigabitEthernet 1/0/1 What is configured/What causes the error here?

D.

Study Notes

Intranet

• A private network of interconnected LANs and WANs owned by an organization
• Designed to be accessible only to the organization's employees or members
• Allows them to share information, communicate, and collaborate efficiently within a controlled environment

Service Password Encryption

• The command encrypts all configured passwords in the configuration file
• Prevents passwords from appearing in plain text

Password Protection

• Passwords can restrict access to parts of the Cisco IOS
• Secure the Console interface for direct, local access.
• Secure the Privileged EXEC mode to prevent unauthorized access to advanced commands.
• Secure the VTY interface for remote access via Telnet or SSH.

copy running-config startup-config Command

• Replaces the startup configuration with the current configuration
• This saved configuration then loads automatically when the device restarts

Switch Virtual Interface (SVI)

• A Layer 2 switch includes an SVI to allow remote management of the device over the network.

User EXEC Mode Access

• Access obtained through the console port requires the password set under the line console 0 command.
• Privileged EXEC mode access is granted by the enable and enable secret passwords.

SSH vs. Telnet

• SSH encrypts messages and uses user authentication for secure remote sessions.
• Telnet sends messages in plaintext and is considered insecure.
• SSH is the suggested protocol for network access due to its security features.

Discarding Router Configuration Changes

• The reload command discards unsaved changes in the current router configuration file.
• The command allows working with the file in NVRAM.

service password-encryption Command

• Encrypts all plain-text passwords (console, VTY, auxiliary) in the configuration file
• Makes the passwords appear as encrypted characters

Subnet Mask Definition

• It determines which part of an IPv4 address refers to the network, and which part refers to the host.
• Essential for routing and proper communication.

Layer 2 Switch IP Address

• Required only for remote management using tools like Telnet or SSH
• Not needed for forwarding packets.

Loopback Test Information

• Tests if a device can communicate with itself using its own network software
• Does not check the network, cables, or connections to other devices

Remote Routes

• Specify a next hop address to reach a destination network not directly connected to the router
• Typically come from other routers

NAT in IPv6

• Not needed because IPv6 provides enough public IP addresses for every device
• IPv6 eliminates the need to conserve address space

Default Gateway Address for a Switch

• Used to forward packets originating from a switch to remote networks
• Routes packets to the relevant network or device when the switch cannot send a packet locally.

Probable Cause of Network Access Issues

• An invalid default gateway address prevents a computer from accessing devices on other networks
• The default gateway is needed for routing packets to remote networks.

transport input ssh Command

• When entered on the switch VTY lines, communication becomes encrypted between the switch and remote users

Secure Access to a Router via Console Interface

• Use the line console 0 command to enter console line configuration mode
• Set a password with the password cisco command
• Apply the login command to require password authentication.

IPv4 Multicast Address Range

• Reserved Class D address range between 224.0.0.0 to 239.255.255.255

Broadcast Address of Network 172.16.16.0/22

• Network portion consists of 22 bits, and the host portion consists of 10 bits.
• The subnet mask is thus 255.255.252.0.
• Valid host addresses range between 172.16.16.1 and 172.16.19.254.
• The broadcast address is 172.16.19.255.

Unroutable IP Address

• The IP address 192.168.25.10 is an IPv4 private address
• Because it is private, it will not be routed over the Internet

IPv6 Link-Local Address

• Used for communication within the same network segment.
• Denoted by the prefix FE80::/10.
• Distinct from global unicast, multicast, and loopback addresses.

IPv6 Address Compression

• The longest consecutive group of zero segments can be replaced with a double colon :: (only once in an address)
• Leading zeros in each segment can be eliminated

IPv6 Multicast Packet Target

• Destination address of FF02::1 targets all IPv6-enabled devices on the local link.

IPv6 Prefix Determination

• Determined by the first 64 bits of an address
• For the address 2001:DB8:BC15:A:12AB::1/64, the prefix is 2001:DB8:BC15:A

EUI-64 Process

• Uses the MAC address to make an IPv6 interface ID

IPv6 Anycast Address

• A unicast address assigned to multiple hosts.
• Data is sent to the closest host based on routing, unlike multicast which sends data to multiple devices.

ICMP Messages

• Used to provide feedback on the status of IP packet transmissions
• Helps in reporting errors and to check connectivity between devices

192.168.1.64/26 Subnet

• Has usable host addresses from192.168.1.65 to 192.168.1.126
• 192.168.1.96 falls within this range and is a valid host address

Windows PC APIP Indication

• Indicates the PC is unable to reach a DHCP server
• PC automatically assigns itself a link-local address

Determining Router Interface for Remote Networks

• The show ip route command displays the IP routing table of the router
• Shows known local and remote networks and the interfaces the router uses to reach them.

Using the tracert Utility

• Used to identify the path a packet takes from source to destination.
• Determines where packets are dropped or delayed for troubleshooting.

SSH Configuration on a Router

• Configure the correct IP domain name
• Create a valid local username and password database
• Generate the asymmetric RSA keys

Port Security Violation

• Happens when a port enters the err-disabled state as when an unauthorized device with a different MAC address attempts to connect
• Protects the network from potential security threats

EtherChannel Technology

• Provides increased bandwidth by bundling existing FastEthernet or Gigabit Ethernet interfaces into a single channel
• Provides redundancy in case one or more links in the channel fail

EtherChannel Mode

• "On" mode bundles the links unconditionally.
• No negotiation protocol is used in this mode

Enable Sticky MAC Addressing

• Enables the switch to automatically add a printer's MAC address allowing it to communicate with other devices

Port Security Violation Mode Configuration

• Setting the port security violation mode to shutdown causes the port to enter an err-disable state

option D Correct Response Explanation

• Creates a backup route with a higher administrative distance
• Creates a lower chance of selecting the backup route.

Ethernet Switch Unused Ports

• Can be configured via admin shutdown to improve the security of a network

IPv6 Static Address Assignment

• To connect two ends and set and IPv6 address to the interface.

Trunking Protocol

• IEEE 802.1q is the industrial standard used for configuration of trunking on both sides of third party devices

Route Advertisement Prevention

• Router cannot have the same broadcast IP listed and as a result it drops the command and prevents route advertisement.

Static Route Recommendation

• Should involve a lower amount of hops

Default Route Advertisement Recommendation

• Requires advertising by 0.0.0.0

Network Operation

• Without access to the internet requires a private address