Thursday, July 31, 2008

Cisco Has Announced Three Additional CCNA Certifications -

But To Earn Them, You've Got To Be CCNA Certified, So Get Started Today!


Cisco has announced three brand-new CCNA-level Certifications:

CCNA Security

CCNA Voice

CCNA Wireless


Those links go to new resource pages on the main website, where I'll post free tutorials and video training for all three certifications in the days and weeks ahead - be sure to bookmark them! (There's a new CCNA Security tutorial on that particular page.)

These new certifications are going to be a tremendous career boost to those who earn them.

Why? Just look at these statistics!

Security: Right now, 46% of companies included in the survey have a position dedicated to security - that's going to almost double over the next five years to 80%.

Voice: Currently, 40% of surveyed customers have a voice specialist. That number will rise to 69% in the next five years.

Wireless: While 33% of surveyed companies currently have a position dedicated to wireless, that value will double over the next five years to 66%.

(Stats were arrived at by Forrester Consulting during a study sponsored by Cisco. You can get a copy here.)


Those statistics tell a simple tale:

Network admins who have knowledge and certification in security, wireless, and voice will have a huge advantage over network admins who do not.

That's why Cisco is introducing these new certifications, and exactly why I'll be releasing Study Packages for all three of these specializations, beginning in September!

There's one detail you need to take care of now, though.

To earn any of these CCNA specialist certifications, you must earn your CCNA first, by either the one-exam (640-802) path or the two exam path (ICND 1 and 2).

This announcement by Cisco makes it more important than ever to be CCNA certified. Be ready to earn these new certifications by earning your CCNA now!

Thousands of CCNA candidates around the world have used my CCNA Study Package to do just that. Take five minutes to read this page - it's more important than ever.

The Ultimate CCNA Study Package

Starting this September, I'll be releasing Study Packages for CCNA Security, CCNA Voice, and CCNA Wireless. While I'm working on those, you need to be working on your CCNA to take advantage of these vital new certifications.

Click that link and let's get started!

The Ultimate CCNA Study Package

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
It's Thursday, July 31, and here are your free Cisco certification exam training questions for today!

Be sure to read today and yesterday's blog postings for new practice exams and tutorials that have been posted on the main site!

CCNA Certification:

You've configured OSPF on four routers on a broadcast segment. You notice that a DR and BDR have been elected, but some adjacencies are stopping at the 2-way state. What should you do?

A. Nothing - that's what you're supposed to see.

B. Use the ip ospf priority 0 command on the appropriate interfaces on the DROTHER routers.

C. Use the ip ospf priority 0 command on the appropriate interfaces on the DR and BDR.

D. Use the neighbor command on the DR and BDR to complete the incomplete adjacencies.



CCENT Certification:


How many wires "roll over" in a rollover cable?

A. 2

B. 3

C. 4

D. 6

E. 8



CCNA Security Certification / CCNP ISCW Exam:

There are three basic methods IPS uses to identify potentially malicious traffic. Name all three and give a brief definition of each.


CCNP Certification / BSCI Exam:

You've run the show ip bgp command and note a value under "LocPrf". If that value is the default, what is it? And what is this particular value used for?



CCNP Certification / BCMSN Exam:

What command resulted in the following output?

SW1# ?
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 2
Configured MAC Addresses : 2
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0





CCNP / ONT Exam:

What's the difference between an ad hoc wireless network and an infrastructure wireless network?

I'll have the answers for you on Friday, August 1!

While you're here, take a few minutes to visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials - and find out how you can start working on your CCNA Security certification immediately!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
It's Thursday, July 31, and here are the answers to yesterday's Cisco practice exam questions!

Be sure to check out yesterday's blog postings as well for links to new tutorials and practice exams that have been posted on the main site.

All of yesterday's questions were short answer - some were not-so-short answer, so let's get started!

CCNA Certification:

What's the main difference between the default-information originate command with and without the always option? Be specific.

Answer: Let's use IOS Help to look at our options for this command.

R1(config)#router ospf 1
R1(config-router)#default-information originate ?


always Always advertise default route
metric OSPF default metric
metric-type OSPF metric type for default routes
route-map Route-map reference


The always option allows the router to propagate a default route without actually having one in its routing table. Without that option, the router must have a default route in its table in order to advertise one.


CCENT Certification:


You're using Setup Mode to configure a Cisco router. You decide halfway through that you'd rather write the configuration at the CLI. How can you exit Setup Mode and not save the configuration you're in the process of writing?

Answer: Use the ctrl-c keystroke combination to exit Setup Mode without saving your configuration. You'll then be placed back at the command prompt.




CCNA Security Certification / CCNP ISCW Exam:

The SA state of your VPN is shown as QM_IDLE. Is this good? If not, what do we need to do to resolve the issue?

Answer: There is no issue - that's what we want the SA state to be!


CCNP Certification / BSCI Exam:

What command allows you to add protocols to those forwarded by the ip helper-address command? And just to review, what protocols are forwarded by the helper-address command?

Answer: Nine common UDP service broadcasts are "helped" by default:

TIME, port 37
TACACS, port 49
DNS, port 53
BOOTP/DHCP Server, port 67
BOOTP/DHCP Client, port 68
TFTP, port 69
NetBIOS name service, port 137
NetBIOS datagram service, port 138
IEN-116 name service, port 42


You can use the ip forward-protocol command to add any UDP port number to the list.


To remove protocols from the default list, use the no ip forward-protocol command.



R1(config)#ip forward-protocol udp 123

R1(config)#no ip forward-protocol udp 137

R1(config)#no ip forward-protocol udp 138






CCNP Certification / BCMSN Exam:

You've just enabled password encryption on a Cisco switch. When you attempt to view the VTP password, what will you see? And what command did you run to see the VTP password?



Answer: You'll see the password clear as day - the password encryption service has no effect on the VTP password. You can view the password with the "top-secret" show vtp password command.



CCNP / ONT Exam:

What's the major difference between RED and WRED? (The answer "one letter" is not acceptable.)



Answer: RED is a major improvement over Tail Drop, but it still doesn't give us a great deal of control over the entire queueing and dropping process. With one simple word, though, we do gain that control - when we use Weighted Random Early Detection (WRED).


I'll have new questions for you later today, along with a brand-new CCNA practice exam on a major exam topic!


Which one? Come back later today and find out! :)


To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Wednesday, July 30, 2008

Check Out These Practice Exams And Network Challenges!

Over on the main site, I've got over 250 free tutorials, practice exams, and other goodies! Here are some Network Troubleshooting Challenges posted earlier this summer, and some recent CCNA and CCENT practice exams as well. Enjoy!

Network Troubleshooting Exercises

CCNA Practice Exam: Frame Relay

CCNA Practice Exam: HDLC, PPP, And Debugs

CCNA Practice Exam: Static Routing And RIP

CCNA / CCENT Practice Exam: Router Commands And Memory

And on my Cisco Tutorials page, you'll find over 250 tutorials, exams, and articles on everything from the new CCNA certifications to getting an IT career started. Get over there and start reading! :)

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Here's a brand-new CCNA Security training exam for you...

CCNA Security Exam: Network Attacks And Defenses

I'll be back later today with a new CCNA / CCENT exam, the answers to yesterday's blog questions, a new set of Cisco training questions, and more!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
It's Wednesday, July 30, and here are your free Cisco certification exam training questions for today!
Be sure to read today and yesterday's blog postings for new CCNA and CCNA Security exams that have been posted on the main site!


All of today's questions are short answer. No need to thank me! ;)

CCNA Certification:

What's the main difference between the default-information originate command with and without the always option? Be specific.


You're using Setup Mode to configure a Cisco router. You decide halfway through that you'd rather write the configuration at the CLI. How can you exit Setup Mode and not save the configuration you're in the process of writing?



CCNA Security Certification / CCNP ISCW Exam:

The SA state of your VPN is shown as QM_IDLE. Is this good? If not, what do we need to do to resolve the issue?


CCNP Certification / BSCI Exam:

What command allows you to add protocols to those forwarded by the ip helper-address command? And just to review, what protocols are forwarded by the helper-address command?



CCNP Certification / BCMSN Exam:

You've just enabled password encryption on a Cisco switch. When you attempt to view the VTP password, what will you see? And what command did you run to see the VTP password?



CCNP / ONT Exam:

What's the major difference between RED and WRED? (The answer "one letter" is not acceptable.)


I'll have the answers for you on Thursday, July 31!

While you're here, take a few minutes to visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials - you'll be glad you did!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Tuesday, July 29, 2008

It's Wednesday, July 30, and here are the answers to yesterday's Cisco practice exam questions!


I posted a new CCNA Security practice exam yesterday, and I'll have a new CCNA / CCENT practice test for you today as well! Answers to both exams will be posted Friday on those pages.


CCNA Certification:

How do you hardcode RIP to accept and send only Version 2 updates?

Extra credit: What is RIP's default for versions sent and accepted?

Answer: Use the version 2 command under the RIP process, as shown here:

BRYANT_ADV_5(config)#router rip


BRYANT_ADV_5(config-router)#version 2

The default for RIP is to send Version 1 updates only, but to accept either Version 1 or 2 updates.


CCENT Certification:

What Virtual LANs, if any, cannot be deleted from a Cisco switch?

A. VLAN 1

B. VLAN 100

C. VLAN 0

D. No VLANs are exempt from deletion.

Answer: A. You cannot delete VLAN 1.



CCNA Security Certification / CCNP ISCW Exam:

Short answer: In SDM, you might see a green square next to a signature. What does that symbol indicate?

Answer: The green square indicates the signature is at its default setting. Here are the two possibilities, as shown in this image from my CCNA Security Study Package. (Click the image for a larger view.)








CCNP Certification / BSCI Exam:

What two symbols should you expect to see next to a valid and best BGP path in the output of show ip bgp?

A. ^


B. $



C. >



D. <



E. *


F. +




Answer: C, E. A valid and best BGP route will have both an asterisk and a "greater than" sign to the left.


CCNP Certification / BCMSN Exam:

HSRP uses the concept of an Active router. What is VRRP's equivalent to that router type?

A. Up

B. Master

C. Available

D. InCharge

E. VirtualUp





Answer: B.


CCNP / ONT Exam:

Which of the following statements regarding GRE are true?

A. Uses IP protocol 47

B. Defined in RFC 1702

C. Is considered to be a carrier protocol

D. Is considered to be a passenger protocol




Answers: A, B, C. The passenger protocol will be the protocol type that is encapsulated by GRE.


New questions for you later today!

While you're here, take a few minutes to visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials - you'll be glad you did!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Here are your Cisco certification exam training questions for Tuesday, July 29!

Be sure to read today's other blog posts for new CCNA Security questions, and I'll have a new CCNA / CCENT question set on the main site for you later today!

CCNA Certification:

How do you hardcode RIP to accept and send only Version 2 updates?

Extra credit: What is RIP's default for versions sent and accepted?



CCENT Certification:

What Virtual LANs, if any, cannot be deleted from a Cisco switch?

A. VLAN 1

B. VLAN 100

C. VLAN 0

D. No VLANs are exempt from deletion.



CCNA Security Certification / CCNP ISCW Exam:

Short answer: In SDM, you might see a green square next to a signature. What does that symbol indicate?



CCNP Certification / BSCI Exam:

What two symbols should you expect to see next to a valid and best BGP path in the output of show ip bgp?

A. ^

B. $

C. >

D. <

E. *

F. +


CCNP Certification / BCMSN Exam:

HSRP uses the concept of an Active router. What is VRRP's equivalent to that router type?

A. Up

B. Master

C. Available

D. InCharge

E. VirtualUp


CCNP / ONT Exam:

Which of the following statements regarding GRE are true?

A. Uses IP protocol 47

B. Defined in RFC 1702

C. Is considered to be a carrier protocol

D. Is considered to be a passenger protocol


Answers will be posted right here on Wednesday, July 30!

While you're here, take a few minutes to visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials - you'll be glad you did!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Here are the answers to the Cisco certification exam practice questions posted on Monday, July 28.

Be sure to read today's other blog posts for links to new practice exam question sets posted on the main website!

CCNA Certification:

What single command would double every RIP value show in the following command output?

R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds
Invalid after 180 seconds, hold down 180, flushed after 240

Answer: Use the timers basic command to change RIP values. IOS Help shows how to use this command to double each value:


R1(config)#router rip


R1(config-router)#timers basic
R1(config-router)#timers basic ?



<0-4294967295> Interval between updates
R1(config-router)#timers basic 60 ?



<1-4294967295> Invalid
R1(config-router)#timers basic 60 360 ?



<0-4294967295> Holddown
R1(config-router)#timers basic 60 360 360 ?



<1-4294967295> Flush
R1(config-router)#timers basic 60 360 360 480




CCENT Certification:

You're configuring a Cisco switch and attempt to place a port into a VLAN that has not yet been created. What will happen, and what message should you expect to see?


Answer: The switch will dynamically create the VLAN and send you a message indicating just that. Here's the message I received when placing a port into VLAN 500, a VLAN that did not previously exist on this switch:


SW1(config)#int fast 0/1


SW1(config-if)#switchport mode access


SW1(config-if)#switchport access vlan 500


% Access VLAN does not exist. Creating vlan 500


CCNA Security Certification / CCNP ISCW Exam:

You're working in SDM to configure an Easy VPN Server. You'll have three options for authenticating your Easy VPN Clients. What are they?


Answer: The choices are Pre-shared key, Digital Certificates, and Both, as shown here in this screen shot from my CCNA Security Study Package. (Click the image for a larger view.)







CCNP Certification / BSCI Exam:

What do the following IPv4 fields have in common as they relate to IPv6?

Header Length
Identification
Flags
Fragment Offset
Header Checksum


Answer: None of them made the cut to IPv6 - they're IPv4-only fields.


CCNP Certification / BCMSN Exam:

What single word allows an HSRP router to take over as the Active router even if the current Active route is online?


Answer: preempt. In the following example, R2 was not the Active router even though its priority was higher than the current Active router. After reconfiguring R2's priority statement with the preempt option, R2 becomes the Active router.


Note that may preempt now appears in the output of show standby on R2.



R2(config-if)#standby 5 priority 150 preempt

1d11h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Standby -> Active

R2#show standby
Ethernet0 - Group 5
Local state is Active, priority 150, may preempt
Hellotime 4 sec, holdtime 12 sec
Next hello sent in 1.844
Virtual IP address is 172.12.23.10 configured
Active router is local
Standby router is 172.12.23.3 expires in 10.204
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:00:13



CCNP / ONT Exam:

What headers are compressed by RTP Header Compression?


RTP HC will compress RTP headers, certainly - but it will also compress IP and UDP headers.


RTP compression can result in quite a bit of overhead reduction. Consider those three headers and their size:

IP Header: 20 bytes

UDP Header: 8 bytes

RTP Header: 12 bytes

RTP HC will result in that overall header size being reduced to anywhere from 2 to 4 bytes, depending on whose documentation you're reading.

I'll post new questions for you later today!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Welcome!

It's Tuesday, July 29, and I've got several new features coming up for you later today...

-- A brand-new CCNA Security practice exam / tutorial (link goes to the CCNA Security Resource Page)

-- A brand-new CCNA / CCENT practice exam (link goes to my CCNA / CCENT Practice Exam Page)

-- The answers to yesterday's questions posted here on the blog, as well as a brand-new set of CCNA, CCNP, CCENT, and CCNA Security questions

.. and anything else I can think of! There's plenty for you to read in the meantime, both on the above links and well over 200 free Cisco tutorials on my website!

Enjoy, and I'll see you later today!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Monday, July 28, 2008

Here are your Cisco CCNA, CCNP, CCENT, and CCNA Security practice exam questions for today!

Be sure to read today and yesterday's blog postings for...

-- The answers to last week's CCNA Security practice exam

-- The answers to yesterday's Cisco certification exam practice questions

-- A new CCNA / CCENT practice exam

Let's get to work with today's questions!


CCNA Certification:

What single command would double every RIP value show in the following command output?

R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds
Invalid after 180 seconds, hold down 180, flushed after 240


CCENT Certification:

You're configuring a Cisco switch and attempt to place a port into a VLAN that has not yet been created. What will happen, and what message should you expect to see?



CCNA Security Certification / CCNP ISCW Exam:

You're working in SDM to configure an Easy VPN Server. You'll have three options for authenticating your Easy VPN Clients. What are they?


CCNP Certification / BSCI Exam:

What do the following IPv4 fields have in common as they relate to IPv6?

Header Length
Identification
Flags
Fragment Offset
Header Checksum


CCNP Certification / BCMSN Exam:

What single word allows an HSRP router to take over as the Active router even if the current Active route is online?


CCNP / ONT Exam:

What headers are compressed by RTP Header Compression?


Answers will be posted right here on Tuesday, July 28!

While you're here, take a few minutes to visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials - you'll be glad you did!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
I've posted the answers to this week's CCNA Security practice exam:

CCNA Security Exam: Passwords, Telnet, SSH, And SDM

I'll have a new CCNA / CCENT practice question set for you later today, a new CCNA Security exam for you later this week, and some other surprises are on the way!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Welcome back! It's Monday, July 28, and here are the answers to yesterday's Cisco practice exam questions.


Be sure to read today's other blog posts for links to the answers to my latest CCNA Security exam, a new CCNA / CCENT practice exam, and other surprises!


CCNA Certification:

Examine the following output and tell me what defaults have been changed.

R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds
Invalid after 180 seconds, hold down 180, flushed after 240


Answer: None of the RIP default timers have been changed.


CCENT Certification:

At which layer of the OSI model do the following protocols run?

SMTP, Telnet, HTTP, FTP, SNMP


Answer: They all run at the Transport layer - Layer 7 - of the OSI model.


CCNA Security Certification / CCNP ISCW Exam:

You're working in SDM to create a VPN. What service must be running on the router to do so? (Hint: If the router isn't already running it, SDM will prompt you to activate it.)



Answer: AAA must be running. As shown here, the Launch Easy VPN Server Wizard button will not even be enabled if AAA is not running. Note that SDM has an Enable AAA option on the right-hand side of the window.








Clicking Enable AAA brings up the following prompt:








Answering Yes will enable AAA on the router and the Launch Easy VPN Server Wizard button will then be enabled.


CCNP Certification / BSCI Exam:

When you enter the command shown below, what unusual characteristic will the route to 16.0.0.0 252.0.0.0 have that no other route in the EIGRP routing table will have?

R1(config)#interface serial0
R1(config-if)#ip summary-address eigrp 100 16.0.0.0 252.0.0.0


Answer: The exit interface for the summary route will be Null0, as shown in this routing table excerpt:


R1#show ip route

<>

100.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 100.4.0.0/16 is directly connected, Loopback4
C 100.5.0.0/16 is directly connected, Loopback5
C 100.6.0.0/16 is directly connected, Loopback6
C 100.7.0.0/16 is directly connected, Loopback7
D 100.0.0.0/13 is a summary, 00:07:32, Null0
C 100.1.0.0/16 is directly connected, Loopback0
C 100.2.0.0/16 is directly connected, Loopback2
C 100.3.0.0/16 is directly connected, Loopback3


On R1, the summary route is seen as a route to Null0, which is basically a route to the trash can. If a packet comes into this router that doesn't match one of the seven more-specific routes, it will be "black-holed" - dropped by the router.


This default behavior of EIGRP route summarization helps to prevent routing loops.


This null route will only be seen on the router performing the manual summarization.


CCNP Certification / BCMSN Exam:

What two protocols are used to negotiate Etherchannel parameters between switches?


Answer: LAPB and PAgP.


CCNP / ONT Exam:

At what layer of the Cisco Hierarchical Switching Model should packet classification not take place?


Answer: You should perform packet classification as close to the end user as possible - and never classify packets at the Core layer!



I'll have new questions for you later today here on the blog and on the main website, and in the meantime, visit my new CCNA Security Certification Resource Page for practice exams and fully-illustrated tutorials - you'll be glad you did!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Sunday, July 27, 2008

CCNA Security Practice Exam Answers Have Been Posted!

Here's my latest practice exam, a 10-question set of CCNA Security questions.

CCNA Security: NTP, Telnet, SSH, And More!

The answers to those questions have just been posted. When you're done there, tackle these practice exams as well!

CCNA Certification: Frame Relay Questions

CCNA Certification: HDLC And PPP Questions

CCNA Certification: Static Routing And RIP Questions

The questions on static routing and RIP includes a tutorial on floating static routes that you CCNP candidates should read as well!

CCNA Certification Training Questions: RAM, ROM, Flash, And More!


I'll have more free practice exams, tutorials, and coming later this summer - free video training for your Cisco certification exams and home lab setup!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
It's Sunday, July 27, and there's a lot going on here today at The Bryant Advantage!

-- The answers to my first CCNA Security practice exam

-- The answers to yesterday's Cisco certification exam practice questions (posted earlier today)

-- A new CCNA / CCENT practice exam

-- And the following brand-new set of CCNA, CCENT, and CCNP questions! All questions today are short answer.


CCNA Certification:

Examine the following output and tell me what defaults have been changed.

R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds
Invalid after 180 seconds, hold down 180, flushed after 240


CCENT Certification:

At which layer of the OSI model do the following protocols run?

SMTP, Telnet, HTTP, FTP, SNMP


CCNA Security Certification / CCNP ISCW Exam:

You're working in SDM to create a VPN. What service must be running on the router to do so? (Hint: If the router isn't already running it, SDM will prompt you to activate it.)


CCNP Certification / BSCI Exam:

When you enter the command shown below, what unusual characteristic will the route to 16.0.0.0 252.0.0.0 have that no other route in the EIGRP routing table will have?

R1(config)#interface serial0
R1(config-if)#ip summary-address eigrp 100 16.0.0.0 252.0.0.0



CCNP Certification / BCMSN Exam:

What two protocols are used to negotiate Etherchannel parameters between switches?


CCNP / ONT Exam:

At what layer of the Cisco Hierarchical Switching Model should packet classification not take place?


I'll have the answers for you on Monday, July 27!

In the meantime, take a few minutes to visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials - you'll be glad you did!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Here are the answers to yesterday's questions! All questions were short answer.

CCNA Certification:

Identify the numeric ranges for standard and extended ACLs.

Answer: Here's the IOS Help readout that shows all of our ACL ranges. Standard ranges are bolded.

R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit Simple rate-limit specific access list



CCENT Certification:

What's the basic purpose of the exec-timeout 0 0 command?

Answer: This disables the console session default inactivity timeout of 5 minutes and 0 seconds.

If you want to change that timer rather than disabling it, the first number represents the number of minutes in the inactivity timer and the second number is the number of seconds.

R1(config)#line con 0
R1(config-line)#exec-timeout ?
<0-35791> Timeout in minutes

R1(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds


R1(config-line)#exec-timeout 0 0 (disables the inactivity timer)


This command can also be configured on the VTY lines to set or disable the inactivity timer for Telnet and SSH users. Here, we'll set the VTY line inactivity timer to 10 minutes, double the default time.

R1(config)#line vty 0 4
R1(config-line)#exec-timeout ?
<0-35791> Timeout in minutes

R1(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds


R1(config-line)#exec-timeout 10 ?
<0-2147483> Timeout in seconds


R1(config-line)#exec-timeout 10 0


They're great commands for your present or future home lab, and I also recommend you know them for your CCENT and CCNA exams!



CCNA Security Certification / CCNP ISCW Exam:

What's the purpose of the ip inspect tcp idle-time command?

Answer: ip inspect tcp idle-time sets the amount of time an idle TCP connection is kept in the state table. Default is 3600 seconds.


CCNP Certification / BSCI Exam:

When you enter the command shown below, what is the first thing that will happen?

R1(config)#interface serial0
R1(config-if)#ip summary-address eigrp 100 16.0.0.0 252.0.0.0

Answer: When you configure EIGRP address summarization, any and all EIGRP adjacencies formed via that interface will be torn down. That little detail gets left out of a lot of BSCI study guides, but it's obviously an important point!

Don't just take my word for it - here's the proof! The EIGRP adjacency message even indicates why the adjacency was torn down:

R1(config)#interface ethernet0
R1(config-if)#ip summary-address eigrp 100 100.0.0.0 255.248.0.0

2d11h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.123.3 (Serial0) is down: summary configured
2d11h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.123.2 (Serial0) is down: summary configured


CCNP Certification / BCMSN Exam:

What is the net effect of the following command?

SW2(config)#errdisable recovery cause all

Answer: A switch port will be placed into error-disabled state, referred to on the switch as err-disabled, under certain circumstances such as a violation of port security.

By default, a port in err-disabled state has to be manually reopened. (The port LED will go out as well; as you'd suspect, a green LED indicates an active port.)

You may have a situation where you want the port to re-enable itself after a certain period of time, and this can be configured with the errdisable recovery interval command.

Before doing so, though, you must define the causes from which the port can recover automatically. We'll use the "all" option here to allow the port to autorecover from any err-disabled state.

SW2(config)#errdisable recovery cause all

SW2(config)#errdisable recovery interval ?
<30-86400> timer-interval(sec)

SW2(config)#errdisable recovery interval 300

As with any command involving time, you should first check the unit of time this particular command uses. Some Cisco commands use seconds, some use minutes, some use hours. If you want a five-minute interval before the port re-enables, you need to enter 300, not 5.


CCNP / ONT Exam:

Define per-hop behavior as the term relates to DiffServ.

DiffServ doesn't use RSVP, but instead uses Per-Hop Behavior (PHB) to allow each router across the network to examine the packet and decide what service level it should receive.

With DiffServ, one router along the path from source to destination could consider a packet to be of the highest priority, while another router could consider it "just another packet".

There is no advance signaling with DiffServ - no "hey, here comes a really important packet!" advance notice. Each hop along the way from source to destination makes its own decision as to how important a packet is or isn't.

This lack of advance signaling is why DiffServ is considered more scalable than IntServ, since no bandwidth is reserved in advance of the actual transmission.

I'll have brand-new questions for you later today here on the blog, a new CCNA / CCENT practice exam on the main website, and the answers to the first in my upcoming series of CCNA Security pracitce exams as well.

Visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/


Hi there! It's Sunday, July 27, and coming up later today....

The answers to last week's CCNA Security practice exam

A brand-new CCNA and CCENT practice exam (link goes to a page with several previous exams and their answers)

The answers to yesterday's Cisco certification exam training questions

A new CCNP ONT exam tutorial

A new set of practice questions posted here on the blog

... and more! It's a busy day, so I'm getting back to work - see you later today!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Saturday, July 26, 2008

It's Saturday, July 26, and here are your Cisco certification practice exam questions for today!

Today's questions are all short answer.


CCNA Certification:

Identify the numeric ranges for standard and extended ACLs.


CCENT Certification:

What's the basic purpose of the exec-timeout command?


CCNA Security Certification / CCNP ISCW Exam:

What's the purpose of the ip inspect tcp idle-time command?


CCNP Certification / BSCI Exam:

When you enter the command shown below, what is the first thing that will happen?

R1(config)#interface serial0
R1(config-if)#ip summary-address eigrp 100 16.0.0.0 252.0.0.0



CCNP Certification / BCMSN Exam:

What is the net effect of the following command?

SW2(config)#errdisable recovery cause all


CCNP / ONT Exam:

Define per-hop behavior as the term relates to DiffServ.



I'll have the answers for you on Sunday, July 26!

Visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Welcome back! It's Saturday, July 26, and here are the answers to yesterday's Cisco practice exam questions!

Coming up later today....

1. The answers to my latest CCNA Security practice exam - the answers will be posted on that page, not here in the blog.

2. A new CCNA practice exam, this one on routing protocols.

3. A new set of practice exam questions right here in the blog

.... and anything else I can think of! :)


CCNA Certification:

What command results in the following output?

R3#
00:11:37: RIP: received v2 update from 172.12.123.1 on Serial0
00:11:37: 172.12.123.0/24 via 0.0.0.0 in 1 hops

Answer: That's the output of debug ip rip.


CCENT Certification:

What's the basic purpose of the logging synchronous command?

When the router wants you to know something, it wants you to know right now. If the router sends a message to the console while you're entering a command, by default the router will interrupt your work to show you this message.

In the following example, I opened a Serial interface, which will always result in at least two messages relating to the physical and logical state of the interface. I started typing a sentence immediately after I opened the interface to show you what happens. I've bolded the sentence I was entering.

R1(config)#int s0
R1(config-if)#no shut
R1(config-if)#^Z
R1#so here i am
4d04h: %SYS-5-CONFIG_I: Configured from console by consoletyp
4d04h: %LINK-3-UPDOWN: Interface Serial0, changed state to uping and
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to upi've been interrupted quite badly!
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down

This may seen trivial, but when you have a long command entry interrupted by a console message, you'll wonder how to prevent that from happening. (After you stop yelling at the router, that is.)

By configuring the logging synchronous command on the console port, you're telling the router to hold such messages until it detects no input from the keyboard and no other output from the router, such as a show command's output.

R1(config)#line console 0
R1(config-line)#logging ?
synchronous Synchronized message output



CCNA Security Certification / CCNP ISCW Exam:

When configuring a basic firewall in SDM, what are the three options for the preconfigured security levels? Can you create your own custom security levels?

Answer: The options are High, Medium, and Low. In the Basic Firewall Wizard, you cannot create your own custom security levels, but you can do so in the Advanced Wizard.


CCNP Certification / BSCI Exam:

In the following output, describe....

1. Why we would use this command in the first place

2. The meaning of "100"

3. The meaning of "300"

4. The default setting for this particular value, and what we're changing it to.


Answers: By default, EIGRP uses up to 50 percent of a given interface's bandwidth. If you wish to change this default, it can be done with the interface-level command ip bandwidth-percent eigrp.

R1(config)#int s0
R1(config-if)#ip bandwidth-percent eigrp ?
<1-65535> Autonomous system number

R1(config-if)#ip bandwidth-percent eigrp 100 ?
<1-999999> Maximum bandwidth percentage that EIGRP may use

R1(config-if)#ip bandwidth-percent eigrp 100 300


I am showing you this command's values with IOS Help to remind you that you should develop the habit of always taking a few extra seconds to check the values - because in this command, the values look really strange. How in the world can I set EIGRP 100 to use 300% of an interface's bandwidth? And why would I ever do that?

There is always the chance that the actual physical speed of the interface exceeds the logical setting. You could take an interface with a 512 kbps interface and give it a logical setting of 56 kbps.

If you then wanted the line to allow EIGRP to use 168 kbps of the physical bandwidth, you'd set the bandwidth-percent value to 300, which allocates 300% of 56kbps to EIGRP traffic - which is 3 x 56, or 168.

I know it sounds crazy, so here's the proof that you can actually do this:

R3(config)#interface serial0
R3(config-if)#bandwidth 56
R3(config-if)#ip bandwidth-percent eigrp ?
<1-65535> Autonomous system number

R3(config-if)#ip bandwidth-percent eigrp 100 ?
<1-999999> Maximum bandwidth percentage that EIGRP may use

R3(config-if)#ip bandwidth-percent eigrp 100 300



Watch that syntax - the first number is the EIGRP AS; the second number is the bandwidth percentage.


CCNP Certification / BCMSN Exam:

What router redundancy protocol is defined by RFC 2281?

Answer: Our old friend HSRP - the Hot Standby Routing Protocol.



CCNP / ONT Exam:

IntServ uses RSVP, but DiffServ does not. What does DiffServ use in place of RSVP?

Answer: DiffServ uses PHB - Per-Hop Behavior.



New qustions for you later today

Visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/


Friday, July 25, 2008

It's Friday, July 25, and here are your Cisco certification practice exam questions for today!

Like yesterday, all of today's questions are short answer.

Be sure to read today's other blog posts for links to brand-new CCNA Security practice exams and tutorials!


CCNA Certification:

What command results in the following output?

R3#
00:11:37: RIP: received v2 update from 172.12.123.1 on Serial0
00:11:37: 172.12.123.0/24 via 0.0.0.0 in 1 hops



CCENT Certification:

What's the basic purpose of the logging synchronous command?


CCNA Security Certification / CCNP ISCW Exam:

When configuring a basic firewall in SDM, what are the three options for the preconfigured security levels? Can you create your own custom security levels?


CCNP Certification / BSCI Exam:

In the following output, describe....

1. Why we would use this command in the first place

2. The meaning of "100"

3. The meaning of "300"

4. The default setting for this particular value, and what we're changing it to


R3(config-if)#ip bandwidth-percent eigrp 100 300


CCNP Certification / BCMSN Exam:

What router redundancy protocol is defined by RFC 2281?



CCNP / ONT Exam:

IntServ uses RSVP, but DiffServ does not. What does DiffServ use in place of RSVP?



I'll have the answers for you on Saturday, July 25!

Visit my CCNA Security Certification Resource Page for new practice exams and fully-illustrated tutorials!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
It's Friday, July 25, and here are the answers to yesterday's complimentary Cisco certification practice exam questions!

CCNA Certification:

What command disables Proxy ARP on a Cisco router interface?

Answer: no ip proxy-arp


CCENT Certification:

What single word describes a major advantage of using UDP over TCP?

Answer: Overhead. There's much more overhead to using TCP as compared to UDP.


CCNA Security Certification / CCNP ISCW Exam:

In terms of network security, what purpose does a honeypot serve?


Answer: A honeypot is a network device that is purposely left open to attack. The attack methods are then analyzed in order to develop a defense against that attack type. (Obviously, this will not be a production server!)


CCNP Certification / BSCI Exam:

In the following output, describe....

1. The meaning of "EX"

2. The value replaced by the question mark

3. The default setting of the value replaced by the question mark

4. The meaning of "2195456"

D EX 14.14.14.14 [ ? /2195456] via 172.12.123.1, 00:11:41, Serial0

Answer:

1. The "EX" indicates an external EIGRP route. External EIGRP routes are routes learned via the route redistribution process.

2 & 3. The value replaced by the "?" is 170, the default administrative distance of an external EIGRP route.

4. The second number in the brackets is the route metric.


CCNP Certification / BCMSN Exam:

What command resulted in the following output?

SW1#

Vlan33 is up, line protocol is up
Hardware is EtherSVI, address is 0012.7f02.4b42 (bia 0012.7f02.4b42)
Internet address is 30.1.1.11/24

Answer: show interface vlan33.


CCNP / ONT Exam:

What modules allow you to extend NBAR capabilities without having to reload the router or update the IOS?

Answer: NBAR's capabilities are continually extended through the development of Packet Description Language Modules (PDLM). Not only do these PDLMs allow your NBAR deployment to identify more and more different types of traffic, but a router reload is not necessary, and you don't need a new IOS image.

Be sure to visit my CCNA Security Certification Resource Page for the latest information on this important new Cisco certification, including a new CCNA Security practice exam and the first in a series of SDM tutorials.

I'll also have more brand-new practice exam questions for you later today!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Thursday, July 24, 2008

It's Thursday, July 24, and here are your Cisco certification practice exam questions for today! Just for fun, all questions today are short answer. After all, there's no multiple choice on the command line!

Be sure to read today's other blog posts for links to brand-new CCNA Security practice exams and tutorials!


CCNA Certification:

What command disables Proxy ARP on a Cisco router interface?


CCENT Certification:

What single word describes a major advantage of using UDP over TCP?


CCNA Security Certification / CCNP ISCW Exam:

In terms of network security, what purpose does a honeypot serve?


CCNP Certification / BSCI Exam:

In the following output, describe....

1. The meaning of "EX"

2. The value replaced by the question mark

3. The default setting of the value replaced by the question mark

4. The meaning of "2195456"

D EX 14.14.14.14 [ ? /2195456] via 172.12.123.1, 00:11:41, Serial0


CCNP Certification / BCMSN Exam:

What command resulted in the following output?

SW1#

Vlan33 is up, line protocol is up
Hardware is EtherSVI, address is 0012.7f02.4b42 (bia 0012.7f02.4b42)
Internet address is 30.1.1.11/24


CCNP / ONT Exam:

What modules allow you to extend NBAR capabilities without having to reload the router or update the IOS?

I'll have the answers for you on Friday, July 24!

Visit my CCNA Security certification resource page for the latest information on this important new Cisco certification, including a new CCNA Security practice exam and the first in a series of SDM tutorials.

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Welcome back! It's Thursday, July 24, and here are the answers to yesterday's free Cisco certification practice exam questions!


CCNA Certification:

In an OSPF hub-and-spoke NBMA network, which router(s) require the neighbor command?

A. The DR

B. The DROthers

C. The BDR

D. All of these

E. None of these

Answer: A. The DR requires the neighbor command. It will not hurt anything to have it configured on the DROthers in real-world networks, but I wouldn't put it there on exam day. There are no BDRs in an OSPF hub-and-spoke network.



CCENT Certification:

What mode is the following router in?

Router1(config)#

Answer: Global configuration mode.


CCNA Security Certification / CCNP ISCW Exam:

You're configuring IPS in SDM, and you just enabled the Fail Closed option. What's the net effect?

Answer: Here's the exact description of Fail Closed from SDM itself:

"By default, while IOS compiles a new signature for a particular engine, it allows packets to pass through without scanning for the corresponding engine. Enable this option to make IOS drop packets during the compilation process."

Fail Closed is disabled by default.


CCNP Certification / BSCI Exam:

Which of the following are Cisco recommendations for OSPF deployments?

A. No router in more than three areas.

B. No area should contain more than 50 routers.

C. No router should have more than 60 neighbors.

D. No ABR should run more than one OSPF process.

Answer: A, B, C, D. Those are all Cisco best practices for OSPF.


CCNP Certification / BCMSN Exam:

You're examining the lights on a Cisco Aironet card. The green light is blinking slowly, the amber light is off. What does this generally indicate?

Answer: Here's a quick review of what those lights are and what the different combinations indicate.

We have two lights on a Cisco Aironet card. The green light is the Status LED, and the amber light is the Activity LED. We've got quite a few combinations with those two lights, so let's take a look at what each of the following LED readouts indicates.

Status off, Activity off - Naturally, this means the card isn't getting power!

Status blinking slowly, Activity off - the adapter's in Power Save mode.

Status on, Activity off - adapter has come out of Power Save mode.

Both lights blinking in an alternating fashion - adapter is scanning for its network.

Both lights blinking slowly at the same time - adapter has successfully associated with an AP (or other client if you have an Ad Hoc network)

Both lights blinking quickly at the same time - adapter is associated and is sending or receiving data


CCNP / ONT Exam:

What is Global Synchronization? Is it a benefit or a detriment to network performance?

Answer: Here's a review of tail drop and how it can cause Global Synchronization. Usually synchronization is good, but this kind isn't!

When the queue is full, packets that are trying to queue up for transmission literally have nowhere to be put! These packets are then subject to tail drop, which is a fancy way of saying "you're being dropped because we have no place to put you".

You know that TCP has a detection and recovery scheme when it comes to missing segments, so tail drop is no big deal, right? Quite the opposite, it's a huge deal.

The problem starts innocently enough, as the senders realize their TCP packets are being dropped. As we'd expect, the senders then throttle back on their transmission speed. After doing so, the senders will then gradually speed their transmission rates back up.

As multiple senders increase their transmission rates, the queue will fill up again, and the senders will again almost simultaneously slow their tranmission rates, followed by another near-simultaneous increase.

As a result of this global synchronization, the links are perpetually in one of two states - congested or underused. Basically, the network ends up being either hammered or not being used to its full potential, and those are both circumstances we want to avoid.

One way to avoid global synchronization is though the use of Random Early Detection (RED).


More brand-new Cisco practice exam questions will be posted later today, along with the answers to my latest CCNA Security practice exam!


To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Wednesday, July 23, 2008

Here are your Cisco practice exam questions for Wednesday, July 23!


CCNA Certification:

In an OSPF hub-and-spoke NBMA network, which router(s) require the neighbor command?

A. The DR

B. The DROthers

C. The BDR

D. All of these

E. None of these



CCENT Certification:

What mode is the following router in?

Router1(config)#


CCNA Security Certification / CCNP ISCW Exam:

You're configuring IPS in SDM, and you just enabled the Fail Closed option. What's the net effect?


CCNP Certification / BSCI Exam:

Which of the following are Cisco recommendations for OSPF deployments?

A. No router in more than three areas.

B. No area should contain more than 50 routers.

C. No router should have more than 60 neighbors.

D. No ABR should run more than one OSPF process.



CCNP Certification / BCMSN Exam:

You're examining the lights on a Cisco Aironet card. The green light is blinking slowly, the amber light is off. What does this generally indicate?


CCNP / ONT Exam:

What is Global Synchronization? Is it a benefit or a detriment to network performance?

Answers posted right here on Thursday, July 24!

Visit my CCNA Security certification resource page for the latest information on this important new Cisco certification, including a new CCNA Security practice exam and the first in a series of SDM tutorials.

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Welcome back! It's Wednesday, July 23, and here are the answers to yesterday's Cisco practice exam questions!

CCNA Certification:

In the world of wireless networking, what's the basic difference between an ESS and a BSS?

Answer: While a Basic Service Set (BSS) will have a single AP, Extended Service Set WLANs (ESS) have multiple access points.


CCENT Certification:

Give the port numbers for each of these TCP-based protocols. (Answers are now listed.)


FTP, port 20 and 21
SMTP, port 25
Telnet, port 23
HTTP, port 80
DNS, port 53
POP3, port 110
NNTP, port 119



CCNA Security Certification / CCNP ISCW Exam:

In SDM, what does an asterisk indicate when it's used in a graphical representation of an ACL?

Answer: An asterisk represents the ACL option "any".



CCNP Certification / BSCI Exam:


What is the shortest possible legal representation of the following IP version 6 address?

1234:1234:0000:0000:0000:0000:3456:3434

Answer: If you have consecutive fields of zeroes, as that address does, they can be expressed with two colons.

It doesn't matter if you have two fields or eight, you can simply type two colons and that will represent all of the consecutive fields.

The key here is that you can only do this once in an IPv6 address. This is zero compression.

Original format: 1234:1234:0000:0000:0000:0000:3456:3434


Using zero compression: 1234:1234::3456:3434

CCNP Certification / BCMSN Exam:

The use of Dynamic ARP Inspection is used to defend our network's switches against what network attack?

Answer: DAI is used on switches to fight man-in-the-middle attacks. I'll have an illustrated tutorial on this subject on the main site next week.


CCNP / ONT Exam:

What are the four basic steps of the analog-to-digital signal conversion process?

Analog-to-digital steps:


Sample the analog signal
Quantize that sample
Encode the signal
Compress the samples (optional, helps to conserve bandwidth)


Be sure to read today's other blog posts for exciting news about the new CCNA certifications, especially the CCNA Security certification! I also have a new CCNA Security practice exam waiting for you on that page, along with the first in a series of SDM tutorials. Enjoy!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Tuesday, July 22, 2008

It's Tuesday, July 22, and here are your Cisco practice exam questions for today!


CCNA Certification:

In the world of wireless networking, what's the basic difference between an ESS and a BSS?


CCENT Certification:

Give the port numbers for each of these TCP-based protocols.

FTP
SMTP
Telnet
HTTP
DNS
POP3
NNTP



CCNA Security Certification / CCNP ISCW Exam:

In SDM, what does an asterisk indicate when it's used in a graphical representation of an ACL?



CCNP Certification / BSCI Exam:


What is the shortest possible legal representation of the following IP version 6 address?

1234:1234:0000:0000:0000:0000:3456:3434



CCNP Certification / BCMSN Exam:

The use of Dynamic ARP Inspection is used to defend our network's switches against what network attack?


CCNP / ONT Exam:

What are the four basic steps of the analog-to-digital signal conversion process?


Answers posted right here on Wednesday, July 23!

Be sure to read today's other blog posts for exciting news about the new CCNA certifications, especially the CCNA Security certification! I also have a new CCNA Security practice exam waiting for you on that page, along with the first in a series of SDM tutorials. Enjoy!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
Here are the answers to Monday's CCNA, CCNP, CCENT, and CCNA Security practice exam questions!


Be sure to read yesterday's posts for a link to a new CCNA Security practice exam!



CCNA Certification:

What configuration register value boots the router into ROM Monitor mode?

A. 0x2142

B. 0x2100

C. 0x2001

D. 0x2102



Answer: B. The config register setting 0x2100 will have the router boot into ROM Monitor mode.

0x2142 will have the router ignore the contents of NVRAM when it boots; that means the starting configuration is ignored.

The default config register setting is 0x2102, which means the router will look in NVRAM for a valid startup configuration file and to Flash for a valid IOS image.




CCENT Certification:

If an IP address has a first octet of 127, what can you assume regarding that address?


A. The address is reserved for loopbacks.

B. The address is from one of the reserved address ranges for Class A, B, and C addresses.

C. The address can be assigned to a Cisco router's loopback interface.

D. The address is not a reserved address of any kind.



Answer: A. An address that begins with 127 is reserved for loopbacks, but not for Cisco router loopbacks - you can't assign an address from this range to a Cisco loopback interface.




CCNA Security Certification / CCNP ISCW Exam:

Name two major differences between the capabilities between the Basic and Advanced Firewall Wizards in Security Device Manager.



Answer: The Advanced Wizard allow you to configure multiple outside interfaces as well as a DMZ. The Basic Wizard allows neither of these.



Additionally, the Advanced Wizard allows you to define your own customized rules, where the Basic Wizard does not. Here's a screen shot of SDM's Firewall And ACL menu that mentions these differences. (Click the illustration to enlarge.)


















CCNP Certification / BSCI Exam:

Identify the correct statements regarding the contents of the EIGRP route table.

A. Multiple successors are a possibility.

B. Multiple feasible successors are a possibility.

C. There can be only one successor in this table.

D. There can be only one feasible successor in this table.

E. Successors cannot be found in this table.

F. Feasible successors cannot be found in this table.

Answer: A. You can have multiple successors in the EIGRP route table if the successors have the exact same metric. You can see feasible successors in the routing table if the variance command is in effect, but the question did not mention that command.




CCNP Certification / BCMSN Exam:

What are the two major components of the Cisco Unified Wireless Network?

Answer: Lightweight Access Points and WLAN Controllers.


CCNP / ONT Exam:

Identify the true statements regarding traffic shaping.

A. Drops excess packets without exception

B. Queues excess packets whenever possible

C. Only incoming traffic can be shaped

D. Only outgoing traffic can be shaped

E. Both incoming and outgoing traffic can be policed

F. Generally results in fewer TCP retransmissions than traffic policing

G. Generally results in more TCP retransmissions than traffic policing

Answers: B, D, F. Traffic shaping queues excess packets whenever possible, and only outgoing traffic can be shaped. Since we're generally not dropping as many packets with traffic shaping as we will with traffic policing, there will be few TCP retransmissions with traffic shaping.

I'll have brand-new questions for you later today! Be sure to read yesterday's and today's blog posts for link to new CCNA Security tutorials and practice exams!


To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Monday, July 21, 2008

New CCNA Security Training Questions Have Been Posted!


CCNA Security Training: 10 Questions On NTP And Passwords

Be sure to bookmark the CCNA Security Resource Page for links to fully-illustrated tutorials and practice exam questions!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
My YouTube Channel Is On The Way, And Videos Will Be Added To The Main Website As Well --

What Training Videos Would YOU Like To See?

I'll be adding quite a bit of video content on my new YouTube channel over the next few months, and to the main website as well.

Are there specific topics or non-certification videos you'd like to see covered in video format?

I'm planning to start a series of CCNA and CCNP home lab videos to compliment the website's written content (which you can access by clicking that link!) - showing you how to configure a frame relay switch, cabling a pod, etc.

If you have ideas on what you'd like to see in these videos (literally!), feel free to comment here on the blog, or even better, drop me a line at cbryant@bryantinstruction.com.

After all, it's not just my website - it's yours, too!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/
It's Monday, July 21, and here are your CCNA, CCENT, CCNP, and CCNA Security questions for today!

CCNA Wireless and Voice questions join the daily question posts on August 1! Also, look for a new CCNA Security tutorial later today as well. Click that link to read the first in this ongoing series.


CCNA Certification:

What configuration register value boots the router into ROM Monitor mode?

A. 0x2142

B. 0x2100

C. 0x2001

D. 0x2102


CCENT Certification:

If an IP address has a first octet of 127, what can you assume regarding that address?


A. The address is reserved for loopbacks.

B. The address is from one of the reserved address ranges for Class A, B, and C addresses.

C. The address can be assigned to a Cisco router's loopback interface.

D. The address is not a reserved address of any kind.




CCNA Security Certification / CCNP ISCW Exam:

Name two major differences between the capabilties between the Basic and Advanced Firewall Wizards in Security Device Manager.



CCNP Certification / BSCI Exam:

Identify the correct statements regarding the contents of the EIGRP route table.

A. Multiple successors are a possibility.

B. Multiple feasible successors are a possibility.

C. There can be only one successor in this table.

D. There can be only one feasible successor in this table.

E. Successors cannot be found in this table.

F. Feasible successors cannot be found in this table.




CCNP Certification / BCMSN Exam:

What are the two major components of the Cisco Unified Wireless Network?


CCNP / ONT Exam:

Identify the true statements regarding traffic shaping.

A. Drops excess packets without exception

B. Queues excess packets whenever possible

C. Only incoming traffic can be shaped

D. Only outgoing traffic can be shaped

E. Both incoming and outgoing traffic can be policed

F. Generally results in fewer TCP retransmissions than traffic policing

G. Generally results in more TCP retransmissions than traffic policing


Answers posted right here on Tuesday, July 22!

Be sure to read today's other blog posts for exciting news about the new CCNA certifications, especially the CCNA Security certification!

To your success,

Chris Bryant
CCIE #12933
http://www.thebryantadvantage.com/

Blog Archive