# Learn About Cisco Certified Network Associate (CCNA)

Posted on

These practice test questions from MeasureUp are based on Cisco’s exam 640-802: Cisco Certified Network Associate (CCNA).

The audience for this exam includes individuals who are responsible for installing, managing and troubleshooting a branch network of an enterprise. Experience with connecting a branch network to a wide area network (WAN); working with a variety of network types, network media and network connections; configuring IP addressing; and configuring IOS devices will help you prepare for this exam.

Note: To earn your CCNA certification, you may take the CCNA exam or two other
Cisco exams: 640-822 Interconnecting Cisco Network Devices Part 1 (ICND1) and 640-816 Interconnecting Cisco Network Devices Part 2 (ICND2).

Objective: Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network.
Sub-objective: Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment.

You are a network administrator for your company. Your Internet service provider has provided you an IP address 60.212.10.0/24. You want to divide the network into seven subnets, one having 50 hosts and the other having 20 hosts. Which could be the network address of the subnet that consists of 50 hosts?

A.    60.212.10.0/26
B.    60.212.10.0/27
C.    60.212.10.0/28
D.    60.212.10.0/29

A

Tutorial:
Of the choices, the network address of the subnet that consists of 50 hosts is 60.212.10.0/26.

Variable length subnet masking (VLSM) is used to divide a network into subnets having a different number of hosts. VLSM uses variable masks to accommodate the network requirements. The first step in a VLSM calculation is to determine the number of subnets necessary and determine the number of hosts necessary in each subnetwork. The number of IP addresses that can be assigned to hosts on a network is calculated using the formula 2^n – 2, where “n” is the number of host bits.

In the given scenario, one of the subnetworks has 50 hosts; therefore, the number of addresses required is 50 + 2 = 52. Rounding up to the next power of 2 gives you 64. Therefore, according to the formula, the number of host bits required for this subnet is 6. The prefix for this network would be 32-6= 26. You can divide 60.212.10.0/24 into the following four /26 subnets:

* 60.212.10.0/26

* 60.212.10.64/26

* 60.212.10.128/26

* 60.212.10.192/26

You can assign the first network address (60.212.10.0/26) to the subnet that has 50 hosts and divide the remaining /26 subnetwork addresses to accommodate the remaining subnets.

Reference:
Ciscopress.com
http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=2

Objective: Implement and verify WAN links.
Sub-objective: Troubleshoot WAN implementation issues.

You are the network administrator of your organization. You were assigned the task of establishing a Point-to-Point Protocol (PPP) WAN link using Cisco routers between the headquarters where you are located and a remote branch. As per the security policy of the organization, Challenge-Handshake Authentication Protocol (CHAP) is required to be configured on the PPP link.

However, after configuration, the CHAP authentication fails. You run the show running-config command on the local router and ask your colleague at the remote location to send the output of the show running-config command at the remote router. The partial configuration of both the routers "local" and "remote" is shown below:

Local Router
hostname local
int async 0
encapsulation ppp
ppp authentication CHAP

Remote router
hostname remote
int async 0
encapsulation ppp
ppp authentication CHAP

What is the cause of the problem? (Each correct answer presents part of the solution. Choose two.)

A.    The hostname is incorrectly defined at both routers.
B.    The username is incorrectly defined at the remote router.
C.    The username is incorrectly defined at the local router.
D.    The hostname and the username cannot be the same at both routers.
E.    The passwords are incorrectly defined at both routers.

C, E

Tutorial:
The username is incorrectly defined at the local router, and the passwords are incorrectly defined at both the routers. If not configured using the ppp chap hostname command, the username on both routers should be the hostname of the router at the other end (i.e., the local router should have the username as remote, and the remote router should have the username as local). Routers by default use their hostname as the username for PPP authentication.

For CHAP authentication, the password on both the routers should be identical.

Following are the steps to configure CHAP authentication on a pair of Cisco routers:

Step 1: Enable PPP by issuing the encapsulation ppp interface configuration command.

Step 2: Enable CHAP authentication on both routers using the ppp authentication chap interface configuration command.

Reference:
Understanding and Configuring PPP CHAP Authentication, Cisco.com, Configure CHAP
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml

Objective: Configure, verify and troubleshoot basic router operation and routing on Cisco devices.
Sub-objective: Configure, verify and troubleshoot OSPF.

You are the network administrator for your company. You are in the process of configuring Open Shortest Path First (OSPF) as the routing protocol for the network. Which set of commands would you use to enable OSPF on the network?

B

Tutorial:

To configure OSPF, the following set of commands would be used:

router ospf process-id

The router ospf process-id command is used to enable OSPF routing. You enter the router configuration mode when you use this command.

The network address wildcard-mask area area-id command is used to enable an interface for running OSPF. It also configures the area ID for that interface.

Examining the other options:

router ospf process-id

You cannot enable OSPF using this set of commands because the area area-id parameter also needs to be specified.

router ospf

You cannot enable OSPF using this set of commands because the OSPF process-id needs to be specified at the time of enabling OSPF on a router.

router ospf network-ip

You cannot enable OSPF using this set of commands because the OSPF process-id, not the network-ip, needs to be specified when you enable OSPF on a router.

References:
Configuring OSPF
Cisco.com
http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cospf.html

Objective: Implement, verify and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network.
Sub-objective: Configure and apply ACLs based on network filtering requirements (including CLI/SDM).

You are the network administrator for your company. You configure a Web server on the network using the IP address 64.12.13.15. You want to allow users outside the network to access this Web site. You want to configure an access list on the router connecting the network to the Internet. Which access list should you configure to accomplish the task?

A.    access-list 1 permit ip any host 64.12.13.15
B.    access-list 101 permit ip any host 64.12.13.15
C.    access-list 1 permit ip host 64.12.13.15 any
D.    access-list 101 permit ip host 64.12.13.15 any

B

Tutorial:
Access-list 101 permit ip any host 64.12.13.15 allows users outside the network to access the Web site hosted on the server having an IP address of 64.12.13.15.

There are two broad categories of access lists:

* Standard access lists are applied as close to the destination as possible. These access lists filter the network traffic based on the source IP address in the packet. The range used for standard access list is 1 to 99 and 1300 to 1999.

* Extended access lists are applied as close to the source as possible. These access lists can filter the network traffic based on the source and destination IP addresses in the packet. You can also specify additional protocol information to make the access list more specific. The range used for the extended access list is 100 to 199 and 2000 to 2699.

In this scenario, the packets destined for the IP address 64.12.13.15 are permitted access. The decision is based on the destination IP address in the packet; therefore, you should configure an extended access list. The range used for numbering the extended access lists is 100 to 199 and 2000 to 2699. Extended access lists are configured using the following command:

access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [established] [log | log-input] [time-range time-range-name] [fragments]

According to the above explanation, the access list should be configured as follows:
access-list 101 permit ip any host 64.12.13.15

You should not configure the access list as access-list 1 permit ip any host 64.12.13.15 or access-list 1 permit ip host 64.12.13.15 any because you will get a syntax error. The list is an extended access lists and should be numbered in range 100 to 199 and 2000 to 2699, not 1.

You should not configure the access list as access-list 101 permit ip host 64.12.13.15 any because this access list will permit the packets from host 64.12.13.15 to any destination.

Reference:
Configuring IP Access Lists
Cisco.com
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Objective: Describe how a network works.
Sub-objective: Determine the path between two hosts across a network.

You are the network administrator for your company. One of your hosts cannot communicate with a host on a different network. Which Cisco Internetwork Operating System (IOS) command should you issue on the router to find the network route taken by the packets that are getting dropped?

A.    Traceroute.
B.    Tracert.
C.    Ping.
D.    extended ping.

A

Tutorial:
You use the traceroute command to find the network route taken by the packets that are getting dropped. The traceroute command identifies the network route taken by the packet to reach the destination. This command is used to find the routing breaks in the network. Sample output for the command is as follows:

Router# traceroute 192.168.1.6

Type escape sequence to abort.
Tracing the route to 192.168.1.6

1 172.16.17.30 msec 4 msec 4 msec
2 192.168.1.1 msec 16 msec 16 msec
3 192.168.1.6 msec * 16 msec

The tracert command cannot be used to accomplish the task. The tracert command is used by Microsoft Windows and is not a valid Cisco utility that can be run via the Cisco IOS command line interface.

The ping command cannot be used to accomplish the task. The ping command tests connectivity between two devices.

The extended ping cannot be used to accomplish the task. The extended ping command can be issued on a router to test connectivity between two devices, with parameters other than the default.

Reference:
The Traceroute Command
Cisco.com
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml#traceroute

Like what you see? Share it.