CSMA

CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection.
In an Ethernet LAN,
before transmitting, a computer first listens to the network media. If the media is idle, the computer
sends its data. If the media is not idle (another station is talking), the computer must wait for some
time.
When a station transmits, the signal is referred to as a carrier. Carrier Sense means that before a
station can send data onto an Ethernet wire, it have to listen to see if another “carrier” (of another
station) is present. If another station is talking, this station will wait until there is no carrier present.
Multiple Access means that stations can access the network at any time. It is opposed to Token-Ring
network where a station must have the “token” so that it can send data.
Although Carrier Sense help two stations not send data at the same time but sometimes two stations
still send data at the same time! This is because two stations listen for network traffic, hear none, and
transmit simultaneously -> a collision occurs and both stations must retransmit at some later
time. Collision Detection is the ability of the media to detect collisions to know that they must
retransmit.
Basically, the CSMA/CD algorithm can be summarized as follows:
+ A device that wants to send a frame must wait until the LAN is silent (no one is “talking”)
+ If a collision still occurs, the devices that caused the collision wait a random amount of time and
then try to send data again.
Note: A switch separates each station into its own collision domain. It means that station can send
data without worrying its data is collided with the data of other stations. It is as opposed to a hub
which can cause collision between stations connected to it.
Only two commands “show interfaces” and “show ip interface brief” reveal the status of router
interfaces (up/up, for example).
The outputs of two commands are shown below:

Question 3
Explanation
HTTP is based on TCP connection so a TCP connection must be established first between the
workstation and the web server.
Question 4
Explanation
Hubs do not separate collision domains so if hub is used in the topology above, we will have only 1
collision domain. Switches do separate collision domains so if hubs are replaced by switches, we would
have 22 collision domains (19 collision domains for hosts and 3 collision domains among three
switches. Please notice that the WAN (serial) connection is not counted as a collision (or broadcast)
domain.
Question 5
Explanation
A broadcast storm can cause congestion within a network. For more information about broadcast
storm please read my STP tutorial.
Question 6
Explanation
Before a host can send ICMP (ping) packets to another device, it needs to learn the MAC address of
the destination device so it first sends out an ARP Request. In fact, the first ping packet is dropped
because the router cannot create a complete packet without learning the destination MAC address.
Question 7
Explanation
The “show running-config” command displays active configuration in memory.
Question 8
Question 9
Question 10
Explanation
Full-duplex communication allows both sending and receiving of data simultaneously. Switches provide
full-duplex communication capability. Half-duplex communication only allows data transmission in only
one direction at a time (either sending or receiving).
ICND1 – Basic Questions 2

June 26th, 2017133 comments
Question 1
Explanation
Only a router or a Layer 3 switch can mitigate a broadcast storm because they separate broadcast
domains -> B and D are correct.
Question 2
Explanation
AREA 1 has “multiple collision domains” so Network Device A must be a device operating in Layer 2 or
above (a router or switch) -> A & E are correct.
AREA 2 only has “single collision domain” so Network Device B must be a device operating in Layer 1
(a hub or repeater) -> D is correct.
Question 3
Explanation
The “Ctrl-Shift-6” and “x” is used to suspend the telnet session. In this case, the telnet session from
Router1 to Router2 will be suspended.
If we enter the keyword “resume”, Router1 will try to resume the telnet session to Router2 (you will
see the line [Resuming connection 1 to 192.168.9.2 … ]) and we will get back the Router2>
prompt.
Question 4
Explanation
In the topology above only routers and switches are used so for each link we have one collision
domains. In the picture below each pink ellipse represents for one collision domain.
Question 5
Explanation
Star topology is the most popular topology for the network which allows all traffic to flow through a
central device.
Question 6
Question 7
Explanation
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is the LAN access method used in
Ethernet. When a device wants to gain access to the network, it checks to see if the network is free. If
the network is not free, the device waits a random amount of time before retrying. If the network is
free and two devices access the line at exactly the same time, their signals collide. When the collision
is detected, they both back off and wait a random amount of time before retrying.
CSMA/CD is used with devices operating in half-duplex mode only. CSMA/CD helps devices connecting
to half-duplex switch ports operate correctly.
Question 8
Explanation
Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer while MTU
size refers only to Ethernet payload. Baby giant frames refer to Ethernet frame size up to 1600 bytes,
and jumbo frame refers to Ethernet frame size up to 9216 bytes (according to this
link: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/29805-
175.html)
For example, standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header
and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet
frame size of 1518.
So according to strict definition, MTU size of 1600 cannot be classified as baby giant frames as the
whole Ethernet frames will surely larger than 1600 -> Answer C is not correct.
Answer D is a better choice as the MTU is 1518, so the whole Ethernet frame would be 1536 (1518 +
18 Ethernet header and CRC trailer). This satisfies the requirement of baby giant frames “Baby giant
frames refer to Ethernet frame size up to 1600 bytes”.
Question 9
Question 10
Question 11
Explanation
To remember which type of cable you should use, follow these tips:
– To connect two serial interfaces of 2 routers we use serial cable

– To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
For example: we use straight-through cable to connect switch to router, switch to host, hub to host,
hub to server… and we use crossover cable to connect switch to switch, switch to hub, router to
router, host to host… )
Notice in this question, connecting to the Frame Relay means connecting to another router. Also we
must use serial cable (or Fiber Optic cable) because the distance to the Frame Relay is far so we can’t
use Ethernet cables.
Rollover cable can be used to connect a computer terminal to a network router’s console port. This is
often used when we turn on the router for the first time.
Question 12
Question 13
Question 14
Question 15
Explanation
Both switch and router separate collision domains. In other words, each port of the switch and router
creates one collision domain so we have 15 collision domains in this topology.
ICND1 – OSI & TCP/IP Model

Note: If you are not sure about OSI Model, please read my OSI Model Tutorial.
Question 1
Question 2
Explanation
CDP runs at Layer 2 (Data Link) of the OSI model -> E is correct.
Question 3
Explanation
SMTP stands for Simple Mail Transfer Protocol. It’s a set of communication guidelines that allow
software to transmit email over the Internet while File Transfer Protocol (FTP) is a standard network
protocol used to transfer files from one host to another host over TCP-based network.
Note: Simple Network Management Protocol (SNMP) uses UDP as the transport protocol for passing
data between managers and agents. SNMP uses UDP to help reduce the impact on your network’s
performance. Although SNMP can be configured to run on TCP but we should only do it in special
situations. SNMP uses the UDP port 161 for sending and receiving requests, and port 162 for receiving
traps from managed devices.
DNS work on both the TCP and UDP protocols. DNS uses TCP for zone exchanges between servers and
UDP when a client is trying to
resolve a hostname to an IP address. Therefore in most cases we say “DNS uses UDP”.
Question 4
Explanation
The primary function of an access-layer is to provide network access to the end user.
The hardware and software attributes of the access layer that support high availability include security
services for additional security against unauthorized access to the network through the use of tools
such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source Guard.
Question 5
Explanation
The picture below compares the two TCP/IP and OSI models:
Question 6
Explanation
Transmission Control Protocol (TCP) has all the features mentioned above and TCP resides in
Transport Layer (Layer 4) of the OSI model.
Flow control: A methodology used to ensure that receiving units are not overwhelmed with data from
sending devices when buffers at a receiving unit are full, a message is transmitted to the sending unit
to temporarily halt trans-missions until all the data in the receiving buffer has been processed and the
buffer is again ready for action.
Sequencing: is used to number segments before sending so they can be put back together again in
the correct order at the receiving side.
Acknowledgment: When the receiver gets the data, it sends a response telling the sender that the
data have been safely arrived.
Question 7
Explanation
In CCNA, the popular devices operate in Layer 1 are hub and repeater.
Question 8
Question 9
ICND1 – TCP & UDP Questions

Question 1
Explanation
Three types of flow control are buffering, windowing & congestion avoidance:
+ Buffering: If a device receives packets too quickly for it to handle then it can store them in a
memory section called a buffer and proceed them later.
+ Windowing: a window is the quantity of data segments that the transmitting device is allowed to
send without receiving an acknowledgment for them. For example:
With the window size of 1, the sending device sends 1 segment and the receiving device must reply
with 1 ACK before the sending device can send the next segment. This “waiting” takes some time.
By increasing the window size to 3, the sending device will send up to 3 segments before waiting an
ACK -> helps reduce the waiting time.
+ Congestion avoidance: lower-priority traffic can be discarded when the network is overloaded ->
minimize delays.
Question 2
Question 3
Explanation
HTTP is based on TCP connection so a TCP connection must be established first between the
workstation and the web server.
Question 4
Explanation
Before two computers can communicate over TCP, they must synchronize their initial sequence
numbers (ISN) -> B is correct.
TCP uses a sequence number to identify each byte of data. The sequence number identifies the order
of the bytes sent from each computer so that the data can be reconstructed in order, regardless of
any fragmentation, disordering, or packet loss that may occur during transmission -> D is correct.
Question 5
Question 6
ICND1 – Switch Questions

Question 1
Explanation
Each port on a switch is a collision domain while each VLAN is a broadcast domain because broadcast
is only forwarded within that VLAN so we have 48 collision domains and 4 broadcast domains on this
switch (if all ports are used).
Question 2
Question 3
Explanation
When a switch receives a frame, it first checks for the destination MAC address and tries to find a
matching entry in its MAC address table. If found, the switch then forwards that frame on the
corresponding port associated with that MAC address. If no entry is found, the switch will flood that
frame out of all (active) ports except the port that sent it.
Question 4
Question 5
Question 6
Explanation
A hub is not as “intelligent” as a switch because a hub does not try to remember anything passing to
it. It just floods out all the ports (except the one that sent it) when it receives a frame.
Question 7
Explanation
frame out of all active ports except the port that sent it. In this case, the destination MAC address
0000.00dd.dddd has not been in the MAC address table so the switch will flood the frame out all of its
ports except fa0/0 (the port that it received the frame) -> D is correct.
Also, the switch learns that the MAC address 0000.00aa.aaaa is received on fa0/0 -> the switch adds
0000.00aa.aaaa and its corresponding port fa0/0 to the MAC address table -> A is correct.
Question 8
Explanation
The destination MAC address is ffff.ffff.ffff so this is a broadcast frame so the switch will forward the
frame out all active switch ports except for port fa0/0.
Question 9
Explanation
In this case the destination MAC address has been learned so the switch just forwards the frame to
the corresponding port. It also learn that the source MAC address of host A has not been existed in
the MAC address table so it will add it (and port fa0/3) to its MAC address table.
Question 10
Question 11
Question 12
Question 13
Explanation
The system LED shows whether the system is receiving power and functioning properly. Below lists
the LED colors and meanings:
Color System Status
Off System is not powered up.
Green System is operating normally.
Amber System is receiving power but is not functioning properly.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/hardware/installation/guide
/hgovrev.html)
Question 14
ICND1 – Switch Questions 2

Question 1
Explanation
In this case the destination MAC address has been learned so the switch just forwards the frame to
the corresponding port. It also learn that the source MAC address of host A has not been existed in
the MAC address table so it will add it (and port fa0/3) to its MAC address table.
Question 2
Question 3
Explanation
All ports on a Layer 2 switch are in the same broadcast domain. Only router ports separate broadcast
domains.
Question 4
Explanation
When you connect an IP phone to a switch using a trunk link, it can cause high CPU utilization in the
switches. As all the VLANs for a particular interface are trunked to the phone, it increases the number
of STP instances the switch has to manage. This increases the CPU utilization. Trunking also causes
unnecessary broadcast / multicast / unknown unicast traffic to hit the phone link.
In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured
along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN
Access Port (MVAP). Because voice and data traffic can travel through the same port, you should
specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and
data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This
configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary
VLANs.
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can
configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full
configuration is shown below:
Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#switchport voice vlan 20
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4500-series-
switches/69632-configuring-cat-ip-phone.html
Question 5
Explanation
frame out of all (active) ports except the port that sent it.
Question 6
Explanation
The system LED shows whether the system is receiving power and functioning properly. Below lists
the LED colors and meanings:
Color System Status
Off System is not powered up.
Green System is operating normally.
Amber System is receiving power but is not functioning properly.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/hardware/installation/guide
/hgovrev.html)
Question 7
Explanation
The “!” is an invalid letter for a hostname.
Question 8
Explanation
frame out of all active ports except the port that sent it. In this case, the destination MAC address
0000.00dd.dddd has not been in the MAC address table so the switch will flood the frame out all of its
ports except fa0/0 (the port that it received the frame) -> D is correct.
Also, the switch learns that the MAC address 0000.00aa.aaaa is received on fa0/0 -> the switch adds
0000.00aa.aaaa and its corresponding port fa0/0 to the MAC address table -> A is correct.
Question 9
Explanation
In short, TCAM (Ternary Content Addressable Memory) is used for faster IP look up while ARP table is
Layer3 address to Layer2 address resolution so they are not correct.
The Content Addressable Memory (CAM) table on a switch keeps track of MAC addresses and on what
port they appear, along with some other stuff like age. When a device that’s plugged into a particular
port sends a frame to the switch, the switch makes note of the source MAC and the port and checks
the CAM table. Notice that the CAM table is built on the source MAC addresses (while the destination
MAC addresses are ignored).
ICND1 – LAN Questions

June 23rd, 2017No comments
Question 1
Explanation
A broadcast storm can cause congestion within a network. For more information about broadcast
storm please read my STP tutorial.
Question 2
Explanation
The primary function of an access-layer is to provide network access to the end user.
The hardware and software attributes of the access layer that support high availability include security
services for additional security against unauthorized access to the network through the use of tools
such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source Guard.
ICND1 – VLAN Questions

June 23rd, 20175 comments
Question 1
Explanation
With the configuration above, when we type “do show vlan” we would not see VLAN 10 in the VLAN
database because it has not been created yet. VLAN 10 is only created when we exits VLAN
configuration mode (with “exit” command).
Question 2
Explanation
Traffic on the native VLAN is untagged -> Answer B is not correct.
Control plane traffic (like CDP, VTP, STP…) runs on VLAN 1 by default. They are not blocked on the
native VLAN -> Answer C is not correct.
If the answer says “the native VLAN should be set so that no real traffic running on it for security
reasons” then it is correct but the native VLAN is not typically disabled -> Answer D is not correct.
CDP runs on VLAN 1 by default and the native VLAN is also VLAN 1 by default so answer A is the best
choice here.
Question 3
Explanation
IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.
When a frame enters the VLAN-aware portion of the network (a trunk link, for example), a VLAN ID
tag is added to represent the VLAN membership of that frame. The picture below shows how VLAN tag
is added and removed while going through the network.
Question 4
Question 5
Explanation
The VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or
modify them so they are the correct answers.
Note:
+ VLAN 0 and 4095 are reserved for system use only. You cannot see or use these VLANs.
+ VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and
cannot be configured or deleted by users.
+ VLAN 2 to 1001 are normal VLANs. You can create, use and delete them.
+ VLAN 1002 to 1005 are normal VLANs too but Cisco reserved for FDDI an Token Ring. You cannot
delete these VLANs.
+ VLAN 1006 to 4094 are extended VLANs (for Ethernet VLANs only)
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/ht_xvlan.html and http://www.

cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/vlans.html
Question 6
ICND1 – InterVLAN Routing

June 22nd, 20171 comment
Question 1
ICND1 – STP Questions
June 21st, 20173 comments
Question 1
ICND1 – Port Security

Question 1
Explanation
By default, port security limits the MAC address that can connect to a switch port to one. If the
maximum number of MAC addresses is reached, when another MAC address attempting to access the
port a security violation occurs.
Question 2
Explanation
Shutdown is the default switch port port-security violation mode. When in this mode, the switch will
automatically force the switchport into an error disabled (err-disable) state when a violation occurs.
While in this state, the switchport forwards no traffic. The switchport can be brought out of this error
disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling
the switchport.
Question 3
Question 4
Question 5
ICND1 – Router Questions

Question 1
Explanation
When packets travel through many routers, the source and destination IP addresses do not change
but the source and destination MAC do change.
Question 2
Explanation
The output above is unclear. Normally when we use this command we can see the type of serial
connection on this interface, for example “V.35 DCE cable. Below is an example of the same command
as above:
RouterA#show controllers serial 0

HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0x62, eda = 0x403C, cda = 0x4050
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22
Or
RouterB#show controllers serial 0

buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 0x62, eda = 0x408C, cda = 0x40A0
00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22
but in this case we only get “V.35 cable”. So in fact we are not sure about the answer C. But the
output above also does not have any information to confirm other answers are correct or not.
Just for your information, the V.35 male and V.35 female cable are shown below:
Question 3
Question 4
Question 5
Explanation
The outputs of “show protocols” and “show ip interface” are shown below:
Global values:
Internet Protocol routing is enabled
Serial0/0 is up, line protocol is down
Internet address is 10.1.1.1/30
NVI0 is up, line protocol is up
Interface is unnumbered. Using address of NVI0 (0.0.0.0)
Loopback0 is up, line protocol is up

Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Question 6
Explanation
The “Ctrl-Shift-6” and “x” is used to suspend the telnet session. In this case, the telnet session from
Router1 to Router2 will be suspended.
If we enter the keyword “resume”, Router1 will try to resume the telnet session to Router2 (you will
see the line [Resuming connection 1 to 192.168.9.2 … ]) and we will get back the Router2>
prompt.
Question 7
Explanation
The Layer 2 information (source and destination MAC) would be changed when passing through each
router. The Layer 3 information (source and destination IP addresses) remains unchanged.
Question 8
Explanation
When packets travel through many routers, the source and destination IP addresses do not change
but the source and destination MAC do change.
Question 9
Explanation
Change the configuration register to 0x2142. With this setting when that router reboots, it bypasses
the startup-config and no password is required.
Question 10
ICND1 – Router Questions 2

Question 1
Explanation
Each interface on a router must be in a different network. If two interfaces are in the same network,
the router will not accept it and show error when the administrator assigns it.
Question 2
Question 3
Question 4
Question 5
Explanation
From the output of the “show version” command, we learn that there are only 2 FastEthernet
interfaces (2 FastEthernet/IEEE 802.3 interfaces) and this router does not have any Ethernet interface
so an error will occur when we enter the “interface e0” command.
Question 6
Question 7
Question 8
Question 9
Question 10
Explanation
The “exec-timeout” command is used to configure the inactive session timeout on the console port or
the virtual terminal. The syntax of this command is:
exec-timeout minutes [seconds]
Therefore we need to use the “exec-timeout 30” command to set the user inactivity timer to 30
minutes. To set the user inactivity timer to 30 seconds we use the “exec-timeout 0 30”.
Question 11
Explanation
On each router interface we can only assign one primary IPv4 address (but we can assign many IPv6
addresses).
ICND1 – Access list Questions

June 19th, 20171 comment
Question 1
Question 2
Explanation
ACL Logging means to use the “log” or “log-input” parameters at the end of the ACL statements. For
example: “access-list 100 deny icmp any any echo reply log-input”. In either situation, remember that
using either of these two parameters disables CEF switching, which seriously impacts the performance
of the router.
ICND1 – CDP & LLDP

June 18th, 2017No comments
Question 1
Explanation
CDP runs at Layer 2 so it can recognize a switch (if that switch also runs CDP).
Question 2
Explanation
Cisco Discovery Protocol (CDP) is a proprietary protocol of Cisco so if you can see the VoIP phone via
the “show cdp neighbors” command on a Cisco switch then that phone is from Cisco.
Question 3
Explanation
CDP runs at Layer 2 (Data Link) of the OSI model -> E is correct.
Question 4
ICND1 – Protocols & Services

Question 1
Explanation
File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to
another host over TCP-based network, such as the Internet.
Question 2
Explanation
Cisco Discovery Protocol (CDP) is a proprietary protocol of Cisco so if you can see the VoIP phone via
the “show cdp neighbors” command on a Cisco switch then that phone is from Cisco.
Question 3
Explanation
User Datagram Protocol (UDP) provides a connectionless datagram service that offers best-effort
delivery, which means that UDP does not guarantee delivery or verify sequencing for any datagrams.
UDP is typically used by programs that transmit small amounts of data at one time or have real-time
requirements (voice, for example).
Question 4
Explanation
CDP is a device discovery protocol that runs over Layer 2. We can view the CDP information with
the show cdp neighbors command (thus the provided information is at layer 2), notice this
command only shows information about directly connected devices. The output of the show cdp
neighborscommand is shown below:
There are 3 columns you must pay attention to:

* Local interface: type & ID of the local interface on which CDP information of the neighbor were
received.
* Device platform: the neighboring device model.
* Port ID: the connected interface of the neighbor.
Question 5
Explanation
After resolving a browser URL to an IP address (via DNS server), the workstation must learn the MAC
address of the server so that it can create a complete packet (a complete packet requires destination
MAC and IP address, source MAC and IP address). Therefore the workstation must use ARP to find out
the MAC address from the IP address.
Question 6
Explanation
Before two computers can communicate over TCP, they must synchronize their initial sequence
numbers (ISN) -> B is correct.
TCP uses a sequence number to identify each byte of data. The sequence number identifies the order
of the bytes sent from each computer so that the data can be reconstructed in order, regardless of
any fragmentation, disordering, or packet loss that may occur during transmission -> D is correct.
Question 7
Explanation
By default CDP is enabled on Cisco routers -> A is not correct.
CDP runs at Layer 2 in the OSI model and it does not need an IP address to run -> C & D are not
correct.
Question 8
Explanation
Tracert (or traceroute) is used to trace the path between the sender and the destination host.
Traceroute works by sending packets with gradually increasing Time-to-Live (TTL) value, starting with
TTL value = 1. The first router receives the packet, decrements the TTL value and drops the packet
because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the
source. The next set of packets are given a TTL value of 2, so the first router forwards the packets,
but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way,
traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets
traverse, until the destination is reached and returns an ICMP Echo Reply message -> C is correct.
ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP

payload part of an IP datagram -> D is correct.
Note: The TRACERT command on Windows Operating System uses ICMP while MAC OS X and Linux
TRACEROUTE use UDP.
Question 9
Question 10
ICND1 – IP Address
Question 1
Explanation
The RFC 1518 is Classless Interdomain Routing (CIDR). CIDR is a mechanism developed to help
alleviate the problem of exhaustion of IP addresses and growth of routing tables.
The problems were:
+ With the classful routing system, individual networks were either limited to 254 hosts (/24) or
65,534 hosts (/16). For many network enterprises, 254 hosts were not enough and 65,534 were too
large to be used efficiently.
+ Routing information overload. The size and rate of growth of the routing tables in Internet routers is
beyond the ability of current software (and people) to effectively manage.
+ Eventual exhaustion of IP network numbers.
To solve these problem, CIDR was selected as the solution in 1992.
In contrast to classful routing, which categorizes addresses into one of three blocks, CIDR allows for
blocks of IP addresses to be allocated to Internet service providers. The blocks are then split up and
assigned to the provider’s customers.
According to the CIDR standard, the first part of an IP address is a prefix, which identifies the
network. The prefix is followed by the host identifier so that information packets can be sent to
particular computers within the network. A CIDR address includes the standard 32-bit IP address and
also the network prefix. For example, a CIDR address of 200.1.45.2/26, the “/26” indicates the first
26 bits are used to identify the unique network, leaving the remaining bits to identify the specific
hosts.
Therefore, instead of assigning the whole block of a class B or C address, now smaller blocks of a class
can be assigned. For example, instead of assigning a whole block of 200.1.45.0/24, a smaller block,
like 200.1.45.0/27 or 200.1.45.32/27, can be assigned.
In fact, CIDR is specified in RFCs 1518,1519 and 1520 so answer “RFC 1519” is also acceptable.
Question 2
Explanation
In order to send traffic to multiple devices (not all) across different subnets we need to use multicast
addresses, which are in the range 224.0.0.0 through 239.255.255.255 -> D is correct.
Question 3
Question 4
Question 5
Question 6
Question 7
ICND1 – Subnetting
Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.
Question 1
Explanation
From the /28 we can find all information we need:
Increment: 16 (/28 = 11111111.11111111.11111111.11110000)

Network address: 172.19.20.16 (because 16 < 23)
Broadcast address: 172.16.20.31 (because 31 = 16 + 16 – 1)
In fact we don’t need to find out the broadcast address because the question only asks about subnet
address (network address).
Question 2
Explanation
Increment: 16 (/28 = 11111111.11111111.11111111.11110000)

Network address: 192.168.23.48 (because 48 = 16 * 3 and 48 < 61)
Question 3
Explanation
From the subnet mask of 255.255.255.248 we learn:
Increment: 8 (248 = 11111111.11111111.11111111.11111000)

Question 4
Explanation
Increment: 16 (/20 = 11111111.11111111.11110000.00000000). This is applied for the 3rd octet.

Network address: 10.1.160.0 (because 160 = 16 * 10 and 160 = 160 -> the IP address above is also
the network address.
Therefore only 10.1.168.0, 10.1.174.255 and 10.1.160.255 are in this range. Please notice
10.1.174.255 is not a broadcast address and can be assigned to host.
Question 5
Explanation
Increment: 32 (224 = 11111111.11111111.11111111.11100000)

Network address: x.x.x.(0;32;64;96;128;160;192;224)
Broadcast address: x.x.x.(31;63;95;127;159;191;223)
-> Last valid host (reduced broadcast addresses by 1): x.x.x.(30;62;94;126;158;190;222) -> Only B
is correct.
Question 6
Explanation
Increment: 64 (/26 = 11111111.11111111.11111111.11000000)

The IP 192.168.4.0 belongs to class C. The default subnet mask of class C is /24 and it has been
subnetted with a /26 mask so we have 2(26-24) = 22 = 4 sub-networks:
1st subnet: 192.168.4.0 (to 192.168.4.63)

2nd subnet: 192.168.4.64 (to 192.168.4.127)
3rd subnet: 192.168.4.128 (to 192.168.4.191)
4th subnet: 192.168.4.192 (to 192.168.4.225)
In all the answers above, only answer C and D are in the same subnet.
Therefore only IPs in this range can be assigned to hosts.
Question 7
Explanation
With network 192.168.20.24/29 we have:
Increment: 8 (/29 = 255.255.255.248 = 11111000 for the last octet)

Network address: 192.168.20.24 (because 24 = 8 * 3)
Therefore the first usable IP address is 192.168.20.25 (assigned to the router) and the last usable IP
address is 192.168.20.30 (assigned to the sales server). The IP address of the router is also the
default gateway of the sales server.
Question 8
Explanation
The number of valid host IP addresses depends on the number of bits 0 left in the subnet mask. With
a /30 subnet mask, only two bits 0 left (/30 = 11111111.11111111.11111111.11111100) so the
number of valid host IP addresses is 22 – 2 = 2. Also please notice that the /30 subnet mask is a
popular subnet mask used in the connection between two routers because we only need two IP
addresses. The /30 subnet mask help save IP addresses for other connections. An example of the use
of /30 subnet mask is shown below:
Question 9
Explanation
Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)

Broadcast address: 10.16.3.255 (because 2 + 2 – 1 = 3 for the 3rd octet)
-> The lowest (first assignable) host address is 10.16.2.1 and the broadcast address of the subnet is
10.16.3.255 255.255.254.0
Question 10
Explanation
Increment: 4 (/22 = 11111111.11111111.11111100.00000000)

Network address: 172.16.156.0 (156 is multiple of 4 and 156 < 159)
ICND1 – Subnetting 2
Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.
Question 1
Explanation
AREA 1 has 500 users but it uses class C which only supports 254 users (from 192.168.1.1 to
192.168.1.254)-> A is correct.
AREA 3 also uses class C and as mentioned above it supports 254 users so it is enough for 200 users -
> B is incorrect.
In AREA 2 there are only 60 users < 64 = 26 so we can use a subnet mask which has 6 bits 0 -> /26.
Of course we can use larger subnets (like /25) for future expansion -> C is correct.
A large network should never use a single network-wide mask. It should be some different subnet
masks to make the network flexible and easy to be summarized -> D is incorrect.
For router-to-router connection we should use a subnet mask of /30 which supports 2 hosts per
subnet. This subnet mask is ideal for router-to-router connection -> E is correct.
There is no limit for IP to function if we know how to organize our network -> F is incorrect.
Question 2
Explanation
The maximum number of hosts in this question is 50 hosts so we have to use /26 subnet mask or
above.
Question 3
Explanation
To support 300 workstations in a single broadcast domain, we need to use a subnet mask which
supports 512 hosts = 29 -> /23 or 255.255.254.0 in decimal form -> A is correct.
If we use 48-port switches we need 300/48 = 6.25 -> seven 48-port switches are enough because we
also need trunking between them -> D is correct.
We only need one router interface and it is connected with one of seven switches -> E is correct.
Question 4
Explanation
/19 = 255.255.224.0. The fast way to find out this subnet mask is to remember /16 = 255.255.0.0
and we need 3 more bits 1 for 3rd octet: 1110 0000 which is 224.
Question 5
Question 6
Explanation
Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)

Broadcast address: 10.16.3.255 (because 2 + 2 – 1 = 3 for the 3rd octet)
-> The lowest (first assignable) host address is 10.16.2.1 and the broadcast address of the subnet is
10.16.3.255 255.255.254.0
Question 7
Explanation
255.255.255.224 = 1111 1111.1111 1111.1111 1111.1110 0000 (binary form)
Increment: 32
First subnetwork: 192.168.1.0 -> 192.168.1.31 (A is incorrect because 192.168.1.31 is a broadcast

address)
Second subnetwork: 192.168.1.32 -> 192.168.1.63
Third subnetwork: 192.168.1.64 -> 192.168.1.95 (B is incorrect because 192.168.1.64 is a network
address)
Fourth subnetwork: 192.168.1.96 -> 192.168.1.127 (C is incorrect because 192.168.1.127 is a
broadcast address)
Fifth subnetwork: 192.168.1.128 -> 192.168.1.159
Sixth subnetwork: 192.168.1.160 -> 192.168.1.191 (D is correct because 192.168.1.190 is the last
assignable host address of this subnetwork)
Seventh subnetwork: 192.168.1.192 -> 192.168.1.224 (E is incorrect because 192.168.1.192 is a
network address)
Question 8
Question 9
Question 10
Question 11
Explanation
The IP address of host B must be in the range of 192.168.10.32/28 subnet, which ranges from
192.168.10.32 to 192.168.10.47 (Increment: 16), except the IP addresses of 192.168.10.32,
192.168.10.46 (which are the network and broadcast addresses of the subnet), 192.168.10.33,
192.168.10.34 (which have been assigned to the interface’s router and the switch). Therefore there
are only two IP addresses of 192.168.10.38 & 192.168.10.46.
Question 12
Question 13
Question 14
Question 15
Explanation
Increment: 16 (/28 = 11111111.11111111.11111111.11110000)

Network address: 172.19.20.16 (because 16 < 23)
In fact we don’t need to find out the broadcast address because the question only asks about subnet
address (network address).
ICND1 – IP Routing
Note: The ICND1 exam requires candidates to understand basic knowledge of dynamic routing
protocols (RIP, EIGRP, OSPF).
Question 1
Question 2
Explanation
By default, Cisco routers do not forward broadcast address. So what will happen if your PC does not in
the same LAN with DHCP Server? Your PC (also a DHCP Client) will broadcast a packet but it is
dropped by the router -> Your PC cannot get the IP from DHCP Server. So the “ip helper-address”
command enables the DHCP broadcast to be forwarded to the DHCP server. For example, the IP
address of your DHCP Server is 10.10.10.254 then we can type in the interface connecting with the
DHCP Client (fa0/0 in this case) this command: “ip helper-address 10.10.10.254”.
Note: When a client boots up for the first time, it transmits a DHCPDISCOVER message on its local
physical subnet. Because the client has no way of knowing the subnet to which it belongs, the
DHCPDISCOVER is an all-subnets broadcast (destination IP address of 255.255.255.255, which is a
layer 3 broadcast address). The client does not have a configured IP address, so the source IP address
of 0.0.0.0 is used.
Question 3
Explanation
Routers do not look to the destination MAC address to forward packet. It will find the next destination
MAC address itself to replace the old destination MAC address of the received packet.
Hubs do not care about MAC addresses, it just flood the frames out of all its port except the port that
sent it.
Therefore only three switches in the exhibit above use destination MAC address to determine the next
hops.
Question 4
Explanation
The destination MAC address at point A must be the MAC address of the interface fa0/0 of Toronto
router -> E is correct.
Question 5
Explanation
The simple syntax of static route:
ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}

+ destination-network-address: destination network address of the remote network
+ subnet mask: subnet mask of the destination network
+ next-hop-IP-address: the IP address of the receiving interface on the next-hop router
+ exit-interface: the local interface of this router where the packets will go out
Therefore the purpose of this command is to send any packets with destination IP address in the
range of 192.168.100.160/27 subnet to 192.168.10.2. In fact, answer C is a bit weird when saying
“host 192.168.100.160” because 192.168.100.160 is the network address in this case and it cannot
be assigned to a host. But answer C is the most suitable answer for this question.
Question 6
Question 7
Explanation
After receiving a packet, the router will keep the source and destination IP addresses while change the
source MAC address (to the MAC address of its outgoing interface) and the destination MAC address
(to the MAC address of the next-hop interface). Therefore when the packet reaches host B, the source
MAC address must be the MAC address of the outgoing interface of R1.
Question 8
Explanation
Host A knows the IP address of Host B but it does not know the MAC address of host B, so it have to
create an ARP Request (which is a broadcast frame) to ask for the MAC address of host B. When
Router1 receives this ARP Request, it answers with its own MAC address.
Question 9
Question 10
Explanation
Along the routing path, the source and destination IP address will not change so the source IP will
always be 10.1.1.16.
ICND1 – IP Routing 2
Question 1
Explanation
After receiving a packet, the router will keep the source and destination IP addresses (10.1.3.3 and
10.1.2.2, respectively) while change the source MAC address (to the MAC address of its outgoing
interface) and the destination MAC address (to the MAC address of the next-hop interface). Therefore
when the packet leaves Router1, the source MAC address must be the MAC address of the outgoing
interface of Router1 (0000.000c.0124) and the destination MAC address must be the MAC of fa0/1 of
R2 (0000.000c.0123).
Question 2
Explanation
A static route with 0.0.0.0 0.0.0.0 will become a default route. The default route means: “send all
traffic to this IP address”. So the default route “ip route 0.0.0.0 0.0.0.0 172.16.2.2” will send all traffic
to 172.16.2.2.
Question 3
Explanation
The Administrative Distance (AD) parameter must be put at the end of the “ip route” command. The
default AD is 1.
Question 4
Explanation
This router only have directly connected networks (symbolized by letter “C”) and one default route out
of Serial0/0. Maybe this is a stub router with only one connection to the Headquarter or to the
Internet.
Question 5
Explanation
In this topology, R2 is a stub router with only one connection to the HQ network so the best way to
configure routing is to set a static route (default route) to R1.
Question 6
Explanation
Host A is in a different subnet of SW-A so SW-A does not know how to send data to host A so it needs
to be assigned with a default gateway. The command to assign a default gateway to a switch is “ip
default-gateway “. Please notice this command only has effect when “ip routing” is disabled on SW-A.
Question 7
Explanation
The default gateway of Host A should be the connected interface of the router, except host A is
connected with a Layer 3 switch. In this case, Switch A is a pure Layer 2 switch and Switch A IP
address is just for management purpose.
Question 8
Question 9
Question 10
Explanation
The administrative distance of each protocol is compared to see if that route is better or not.
Question 11
Explanation
Letter “D” is used to symbolize for EIGRP (with a default AD of 90). Letter “E” is not used for EIGRP
because it has been used for Exterior Gateway Protocol (EGP) which is a obsolete routing protocol
now.
Question 1
Question 2
Explanation
The Administrative Distance (AD) of popular routing protocols is shown below. You should learn them
by heart:
Note: The AD of iBGP is 200
The smaller the AD is, the better it is. The router will choose the routing protocol with smallest AD.
In this case EIGRP with AD of 90 is the smallest one.
Question 3
Question 4
Question 5
Question 6
Explanation
After resolving a browser URL to an IP address (via DNS server), the workstation must learn the MAC
address of the server so that it can create a complete packet (a complete packet requires destination
MAC and IP address, source MAC and IP address). Therefore the workstation must use ARP to find out
the MAC address from the IP address.
Question 7
Explanation
In this topology, R2 is a stub router with only one connection to the HQ network so the best way to
configure routing is to set a static route (default route) to R1.
Question 8
Question 9
Question 10
Explanation
Link-state protocol uses hello packets to discover neighbors and establish adjacencies. After that, the
routers begin sending out LSAs to every neighbor (each received LSA is copied and forwarded to every
neighbor except the one that sent the LSA)
Question 11
Explanation
When one route is advertised by more than one routing protocol, the router will choose to use the
routing protocol which has lowest Administrative Distance. The Administrative Distances of popular
routing protocols are listed below:
Question 1
Question 2
Question 3
Explanation
A and E are correct according to the theory of RIP.
RIP version 1 updates are broadcasts, and RIP version 2 updates are multicast to 224.0.0.9 -> B is
not correct.
RIP v1 is a classful routing protocol but RIP v2 is a classless routing protocol -> C is correct.
RIPv1 and RIPv2 have the same default administrative distance of 120 -> D is not correct.
RIPv2 is a classless routing protocol so it does send the subnet mask in updates -> F is not correct.
Question 4
Explanation
Host1 can ping the Serial interface of R2 because R1 has the network of 192.168.1.4/30 as directly
connected route. But R1 does not know how to route to the network of Host2 (192.168.1.128/26) so
R1 will drop that ping without trying to send it out S0/0 interface. To make the ping work, we have to
configure a route pointing to that network (for example: ip route 192.168.1.128 255.255.255.192
s0/0 on R1).
Question 5
Explanation
The route 192.168.5.0/24 currently has the metric of 15 so this router will add 1 hop count before
sending out to its neighboring router. With RIP, a metric of 16 means that network is down -> it will
not be installed in the routing table of the neighboring router.
Question 6
Question 7
Explanation
The passive interface only prevents routing updates from being sent and received on that interface. It
does not affect the default route. But if we configure a default route like this:
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
Then if the next-hop address is down (unreachable) then this default route would be removed from
the routing table.
Question 8
ICND1 – OSPF Questions

Note: If you are not sure about OSPF, please read my OSPF tutorial first.
Question 1
Question 2
Question 3
Explanation
Answer A and C are obviously correct. For answer E, it allows extensive control of routing updates via
Link-State Advertisement (LSA). Administrators can filter these LSAs to meet their requirements
easily.
Question 4
Explanation
A is not correct because the backbone area of OSPF is always Area 0.
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency
with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses
multicast address 224.0.0.5 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will
force these routers to run EIGRP, not OSPF.
D and F are correct because these entries must match on neighboring routers:
– Hello and dead intervals

– Area ID (Area 0 in this case)
– Authentication password
– Stub area flag
Question 5
Question 6
Explanation
The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the
router ID.
Question 7
Explanation
OSPF uses a metric referred to as cost. The cost of the entire path is the sum of the costs of the
outgoing interfaces along the path. Cisco uses a simple formula to calculate OSPF cost:
OSPF cost = 108 / Bandwidth (bit)
Therefore, a 100 Mbps FastEthernet interface will have the cost of 10 8 / 100,000,000 (bps) = 1
Note: Cost for interfaces with bandwidth equal or larger than 10^8 bps is normalized to 1 so a 1Gbps
interface will also have OSPF cost of 1.
For “O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0″ line, the first number in
the brackets is the administrative distance of the information source; the second number is the metric
for the route -> In this case the second number is the OSPF cost.
Question 8
Explanation
There are 2 segments on the topology above which are separated by Corp-3 router. Each segment will
have a DR so we have 2 DRs.
To select which router will become DR they will compare their router-IDs. The router with highest
(best) router-ID will become DR. The router-ID is chosen in the order below:
+ The highest IP address assigned to a loopback (logical) interface.
+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces
will be chosen.
In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP
addresses of all active router’s physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2
(10.2.20.20) have highest “active” IP addresses so they will become DRs.
Question 9
Question 10
ICND1 – DHCP Questions

Question 1
Explanation
We can use the “lease” command to specify the duration of the lease: lease {days [hours][minutes] |
infinite}
The default is a one-day lease.
Question 2
Question 3
Explanation
The local router in this case is called a DHCP server. The main purpose of a DHCP server is to assign
IP addresses to the clients. Besides that, a DHCP server can also specify the IP address of the DNS
server and specify the domain name for the clients.
For more information about configuring a DHCP server, please

read: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-
4t-book/config-dhcp-server.html
ICND1 – NAT/PAT
Note: If you are not sure about NAT/PAT, please read my Network Address Translation NAT Tutorial.
Question 1
Explanation
Port Address Translation (PAT) can support thousands of users connect to the Internet using only one
real global IP address. With PAT, each computer will be assigned a separate port number so that the
router can identify which computer should receive the return traffic.
Question 2
Explanation
The keyword “overload” specifies we are using NAT Overload (PAT) in which multiple internal hosts will
use only one IP address to access external network resources.
Question 3
Explanation
On the interface connecting to the Internet of the router we have to use the command “ip nat outside”
for NAT to work. It identifies that interface as the outside interface.
Question 4
Explanation
There are two types of NAT translation: dynamic and static.
Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor
requires you to have one real Internet IP address for every host on your network
Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of
registered IP addresses. You don’t have to statically configure your router to map an inside to an
outside address as in static NAT, but you do have to have enough real IP addresses for everyone who
wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with
more IP addresses in the inside local address list than in the inside global address pool. When being
defined in the inside global address pool, the router allocates registered public IP addresses from the
pool until all are allocated. If all the public IP addresses are already allocated, the router discards the
packet that requires a public IP address.
In this question we only want to translate a single inside address to a single outside address so static
NAT should be used.
Question 5
Explanation
When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we
are specifying the source IP addresses. Later in the “ip nat” command under global configuration
mode, we will specify the access or route map for these source addresses.
For example the command:
Router(config)# ip nat inside source list 1 pool PoolforNAT
after the keyword “source” we need to specify one of the three keywords:
+ list: specify access list describing local addresses (but this command does not require an “inside”
interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping
Question 6
Question 7
Question 8
Question 9
Explanation
After configuring all the requirements for NAT, we need to apply them to “source interface” and
“outgoing” interface by going to the appropriate interfaces and type the “ip nat inside” and “ip nat
outside” commands.
Question 10
Question 11
Explanation
The command ip nat inside source list 90 interface ethernet 0/0 overload means:
+ “ip nat inside”: “I want to NAT from inside to outside”

+ “list 90” means “the source IP addresses to NAT are included in Access-list 90”
+ “interface ethernet 0/0” means “NAT out of this interface”
+ “overload” means “use PAT for the IP translation”
Question 12
Explanation
The “ip nat inside” command can be applied to an interface to indicate this interface is the source NAT.
Question 13
Explanation
The outputs of the two commands “show ip nat statistics” and “show ip nat translation” are shown
below:
Router#show ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 2 extended)
Peak translations: 3, occurred 5d04h ago
Outside interfaces:
Serial1/0
Inside interfaces:
Ethernet0/1
Hits: 34531 Misses: 0
CEF Translated packets: 34526, CEF Punted packets: 0
Expired translations: 11
Dynamic mappings:
-- Inside Source
[Id: 1] access-list nat_traffic interface Serial1/0 refcount 2
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global
icmp 201.15.3.5:628 10.1.1.7:628 201.15.3.17:628 201.15.3.17:628
icmp 201.15.3.5:629 10.1.1.7:629 201.15.3.6:629 201.15.3.6:629
icmp 201.15.3.5:610 10.1.1.8:610 201.15.3.17:610 201.15.3.17:610
icmp 201.15.3.5:611 10.1.1.8:611 201.15.3.6:611 201.15.3.6:611
icmp 201.15.3.5:727 10.1.1.17:727 201.15.3.17:727 201.15.3.17:727
icmp 201.15.3.5:728 10.1.1.17:728 201.15.3.6:728 201.15.3.6:728
icmp 201.15.3.5:633 10.1.1.21:633 201.15.3.17:633 201.15.3.17:633
icmp 201.15.3.5:634 10.1.1.21:634 201.15.3.6:634 201.15.3.6:634
icmp 201.15.3.5:480 10.2.2.1:480 201.15.3.17:480 201.15.3.17:480
icmp 201.15.3.5:481 10.2.2.1:481 201.15.3.6:481 201.15.3.6:481
icmp 201.15.3.5:840 10.10.123.2:840 201.15.3.17:840 201.15.3.17:840
icmp 201.15.3.5:841 10.10.123.2:841 201.15.3.6:841 201.15.3.6:841
icmp 201.15.3.5:578 10.10.123.3:578 201.15.3.17:578 201.15.3.17:578
icmp 201.15.3.5:579 10.10.123.3:579 201.15.3.6:579 201.15.3.6:579
icmp 201.15.3.5:595 192.168.1.1:595 201.15.3.17:595 201.15.3.17:595
icmp 201.15.3.5:596 192.168.1.1:596 201.15.3.6:596 201.15.3.6:596
From that we can see the correct answer should be “show ip nat statistics”.
Question 14
ICND1 – Troubleshooting
Question 1
Question 2
Question 3
Explanation
The ports on the switch are not up indicating it is a layer 1 (physical) problem so we should check
cable type, power and how they are plugged in.
Question 4
Question 5
Question 6
Question 7
Question 8
Question 9
Explanation
Serial0/0 is “administratively down”, that means this interface is shutting down.
Question 10
Question 11
ICND1 – Troubleshooting 2
Question 1
Question 2
Question 3
Question 4
Question 5
Explanation
A late collision is defined as any collision that occurs after the first 512 bits of the frame have been
transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable
length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the
network, or a bad NIC.
Late collisions should never occur in a properly designed Ethernet network. They usually occur when
Ethernet cables are too long or when there are too many repeaters in the network.
Reference: https://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1904.html
ICND1 – IPv6 Questions

Question 1
Explanation
There are several ways to assign IPv6 to a device:
+ Static IPv6: The IPv6 address, subnet prefix length and default gateway are configured manually
in the system configuration file.
+ Dynamic Host Configuration Protocol for IPv6 (DHCPv6): this mode requires a DHCPv6 server
in your LAN. This is the most used mode for IPv6 assignment. There are two methods of DHCPv6:
– stateless mode: Only extended information, such as primary and optional secondary DNS server, is
obtained from a DHCPv6 server. IPv6 address is not assigned, so the IPv6 address from the Ethernet
configuration is set for a Static address of Ethernet interface.
– stateful mode: DHCPv6 server maintains a database of leased IPv6 addresses, and assigns to the
client an unused IPv6 address. The DHCPv6 server specifies also a primary and optional secondary
DNS server. The DNS server is used to resolve the IP address for a known host name.
+ IPv6 Stateless Address Autoconfiguration (SLAAC): provides the ability to address a host
based on a network prefix that is advertised from a local network router via Router Advertisements
(RA). Notice that with this mode, the device which requires an IPV6 always receive a dynamic IPv6
address.
The question asks about “stateless assignment of IPv6 addresses” which means stateless mode of
DHCPv6.
Question 2
Explanation
According to the official IANA website “Users are assigned IP addresses by Internet service providers
(ISPs). ISPs obtain allocations of IP addresses from a local Internet registry (LIR) or National Internet
Registry (NIR), or from their appropriate Regional Internet Registry
(RIR): https://www.iana.org/numbers
Question 3
Explanation
To run IPv6 on an interface we have to configure an IPv6 on that interface somehow -> A is correct.
IPv6 must be enabled first but with the “ipv6 unicast-routing”, not “ipv6 enable” command -> D is not
correct.
Question 4
Question 5
Question 6
Explanation
Leading zeros in IPv6 are optional do that 05C7 equals 5C7 and 0000 equals 0 -> D is not correct.
Question 7
Question 8
Question 9
Question 10
ICND1 – IPv6 Questions 2

Question 1
Explanation
Answers B E F are correct because A and B are the short form of 0:0:0:0:192:168:0:1 and
2002:c0a8:0101:0:0:0:0:0042 while C are normal IPv6 address.
Answer A is correct because “::” is named the “unspecified” address and is typically used in the source
field of a datagram that is sent by a device that seeks to have its IP address configured.
Answer C is not correct because a global-unicast IPv6 address is started with binary 001, denoted as
2000::/3 in IPv6 and it also known as an aggregatable global unicast address. The 2000:: (in
particular, 2000::/3) is just a prefix and is not a valid IPv6 address.
In fact answer D is acceptable but it is considered the network portion of an IPv6 address so it is a
worse choice than others.
The entire global-unicast IPv6 address range is from 2000::/128 to

3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128, resulting in a total usable space of over
42,535,295,865,117,307,932,921,825,928,971,000,000 addresses, which is only 1/8th of the entire
IPv6 address space!
Question 2
Explanation
Below is the list of common kinds of IPv6 addresses:

Loopback address ::1
Link-local address FE80::/10
Site-local address FEC0::/10
Global address 2000::/3
Multicast address FF00::/8
From the above table, we learn that A and D are correct while B and C are incorrect. Notice that the
IPv6 unicast loopback address is equivalent to the IPv4 loopback address, 127.0.0.1. The IPv6
loopback address is 0:0:0:0:0:0:0:1, or ::1.
E is not correct because of anycast addresses which are indistinguishable from normal unicast
addresses. You can think of anycast addresses like this: “send it to nearest one which have this
address”. An anycast address can be assigned to many interfaces and the first interface receives the
packet destined for this anycast address will proceed the packet. A benefit of anycast addressing is the
capability to share load to multiple hosts. An example of this benefit is if you are a Television provider
with multiple servers and you want your users to use the nearest server to them then you can use
anycast addressing for your servers. When the user initiates a connection to the anycast address, the
packet will be routed to the nearest server (the user does not have to specify which server they want
to use).
Question 3
Question 4
Question 5
Explanation
“6to4 tunneling” is a technique which enables encapsulation of IPv6 packets into IPv4 for transport
across an IPv4 network.
Question 6
Explanation
The IPv4 and IPv6 headers are shown below for your comparison. As we can see the Flow Label, Hop
Limit, Traffic Class fields are all new but in fact Hop Limit in IPv6 is same as Time to live (TTL) in IPv4.
Traffic Class is the equivalent of the DiffServ/DSCP portion of the IPv4 packet (in “Type of service”
field) which carries the QoS markings of the packet. Just like in IPv4 the first 6 bits are designated for
the DSCP value, and the next 2 bits are for ECN (Explicit Congestion Notifications) capable devices.
Flow-Label: This 20-bit field provides a special service for real-time applications. It can be used to
inform routers and switches to maintain the same path for the packet flow so that packets are not
reordered.
IPv4 Header fields
IPv6 Header fields
IPv6 eliminates the Header Checksum field, which handles error checking in IPv4.
Question 7
Explanation
A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6
counterpart of the IPv4 private address. It is not routable on the global Internet. Therefore FC00::/7 is
equivalent to 1111 1100 0000 0000::/7 in binary notation.
Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private IP addresses in IPv4 but
now they are deprecated.
ICND1 – NTP Questions

Question 1
Explanation
If you want your system to become an authoritative NTP server from which other internal routers or
machines can synchronise, you can achieve this with the “ntp master” command.
Note: Use the “ntp server” to form an association with a NTP server.
Question 2
Explanation
NTP uses a stratum to describe the distance between a network device and an authoritative time
source:
+ A stratum 1 time server is directly attached to an authoritative time source (such as a radio or
atomic clock or a GPS time source).
+ A stratum 2 NTP server receives its time through NTP from a stratum 1 time server.
Question 3
Explanation
There is no document saying the default mode of NTP is server so we assume answer A is not correct.
There is no default authentication key number -> B is not correct.
If the network has “ntp master” configured and it cannot reach any clock with a lower stratum
number, the system claims to be synchronized at the configured stratum number, and other systems
synchronize to it via NTP. By default, the master clock function is disabled. When enabled, the default
stratum is 8 -> Answer C is not correct.
NTP sets the source IP address for all NTP packets based on the address of the interface through
which the NTP packet are sent. But there is no correct answer so maybe answer D is the best choice.
ICND1 – Security Questions

Question 1
Explanation
This is the full command mentioned in answer A:
switchport port-security mac-address sticky [MAC]
If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the
attached MAC Address and place it into your running-configuration.
Question 2
Explanation
The “service password-encryption” command encrypts passwords used by “enable password” global
configuration command, as well as the password line configuration command (VTY, console) that are
saved in the router configuration file.
Note: The secret password (configured by the command “enable secret fortress”) is always encrypted
even if the “service password-encryption” command is not used.
Also, the “service password-encryption” command encrypts both current and future passwords.
Question 3
Question 4
Explanation
By configuring the port connected with the directory PC as access port the network administrator will
mitigate a lot of security issues because access port does not have as much privilege as a trunk port -
> C is correct.
The port security feature can also help mitigate security issue because it can learn the MAC address of
the directory PC. When another laptop is plugged into the port, the switch will automatically block or
shut down that port (if suitable configuration is used) -> A is correct. But nowadays a hacker can fake
the MAC address of the directory PC.
By statically assigning the MAC address to the address table, only that MAC address can access to the
network -> F is correct.
Question 5
Explanation
The “service password-encryption” command encrypts passwords used by “enable password” global
configuration command, as well as the password line configuration command (VTY, console) that are
saved in the router configuration file.
The “service password-encryption” command encrypts both current and future passwords.
Question 6
Explanation
The command to configure port security on a switch is (in interface configuration mode):
switchport port-security mac-address sticky [MAC]
In this case we will type the server MAC address. That MAC address will be stored in the address
table, and added to the switch running configuration.
Note: If we don’t specify the MAC address then the switch will dynamically learn the attached MAC
Address and place it into your running-configuration
Question 7
Explanation
In the configuration above we have three passwords:
+ The “enable secret” password: sanfran

+ The “enable password” password: cisco
+ The VTY line password: sanjose
The two first “enable secret” and “enable password” are used to set password for entering privilege
mode (an example of privilege mode: Router#). Both of them will be stored in the running
configuration. But the password in “enable secret” command is always encrypted using MD5 hash
while the password in “enable password” is in plain text.
Note: If you want to encrypt “enable password” you can use the command “service password-
encryption” but it will be encrypted with a very basic form of encryption called vigenere cipher, which
is very weak.
When you configure both an enable and a secret password, the secret password will be used -> B is
correct.
Question 8
Explanation
All other answers are not recommended for a network security plan so only B is the correct answer.
Question 9
Question 10
ICND1 – Miscellaneous Questions

Question 1
Explanation
Tracert (or traceroute) is used to trace the path between the sender and the destination host.
Traceroute works by sending packets with gradually increasing Time-to-Live (TTL) value, starting with
TTL value = 1. The first router receives the packet, decrements the TTL value and drops the packet
because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the
source. The next set of packets are given a TTL value of 2, so the first router forwards the packets,
but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way,
traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets
traverse, until the destination is reached and returns an ICMP Echo Reply message -> C is correct.
ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP

payload part of an IP datagram -> D is correct.
Note: The TRACERT command on Windows Operating System uses ICMP while MAC OS X and Linux
TRACEROUTE use UDP.
Question 2
Explanation
The output above is unclear. Normally when we use this command we can see the type of serial
connection on this interface, for example “V.35 DCE cable. Below is an example of the same command
as above:
RouterA#show controllers serial 0
HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0x62, eda = 0x403C, cda = 0x4050
00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22
Or
RouterB#show controllers serial 0

buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 0x62, eda = 0x408C, cda = 0x40A0
00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22
but in this case we only get “V.35 cable”. So in fact we are not sure about the answer C. But the
output above also does not have any information to confirm other answers are correct or not.
Just for your information, the V.35 male and V.35 female cable are shown below:
Question 3
Question 4
Question 5
Explanation
The ping command first sends an echo request packet to an address, then waits for a reply. The ping
is successful only if:
+ The echo request gets to the destination, and
+ The destination is able to get an echo reply back to the source within a predetermined time called a
timeout. The default value of this timeout is two seconds on Cisco routers.
(Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-
121-mainline/12778-ping-traceroute.html)
ICND1 – Wireless Questions

Question 1
Explanation
Many Cisco access points offer single or double (dual) radio (2.4 and 5.0 GHz).
Note: The wireless controller automates wireless configuration and management functions. It does not
connect directly to users.
ICND1 – Drag and Drop

Question 1
+ ARP: A PC sends packets to the default gateway IP address the first time since the PC turned on.
+ ICMP: The network administrator is checking basic IP connectivity from a workstation to a server.
+ DNS: The TCP/IP protocol stack must find an IP address for packets destined for a URL.
+ DHCP: A network device will automatically assign IP addresses to workstations.
Question 2
+ NAT: A PC with address 10.1.5.10 must access devices on the Internet.

+ DHCP: Only routers and servers require static IP addresses. Easy IP administration is required.
+ DNS: A PC only knows a server as MediaServer. IP needs to send data to that server.
+ OSPF: A protocol is needed to replace current static routes with automatic route updates.
Question 3
+ SNMP: a protocol used to monitor and manage network devices

+ FTP: a reliable, connection-oriented service that uses TCP to transfer files between systems
+ TFTP: a connectionless service that uses UDP to transfer files between systems
+ DNS: a protocol that converts human-readable names into machine-readable addresses
+ DHCP: used to assign IP addresses automatically and set parameters such as subnet mask and
default gateway
Question 4
service password-encryption encrypt all clear text passwords
line console 0 protect access to the user mode prompt

password friendS0nly
enable secret noWay1n4u set privileged mode encrypted password
line vty 0 4 set password to allow Telnet connections

password 2hard2Guess
enable password uwi11NeverNo set privileged mode clear text password
Question 5
+ application layer: SMTP

+ transport layer: TCP
+ internet layer: IP
+ network access layer: Ethernet

CSMA

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSMA

Uploaded by

Copyright:

Available Formats

CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection.

Basically, the CSMA/CD algorithm can be summarized as follows:

The outputs of two commands are shown below:

The “show running-config” command displays active configuration in memory.

ICND1 – Basic Questions 2

– To connect two serial interfaces of 2 routers we use serial cable

ICND1 – OSI & TCP/IP Model

ICND1 – TCP & UDP Questions

ICND1 – Switch Questions

Off System is not powered up.

Green System is operating normally.

Amber System is receiving power but is not functioning properly.

ICND1 – Switch Questions 2

Color System Status

Off System is not powered up.

Green System is operating normally.

Amber System is receiving power but is not functioning properly.

The “!” is an invalid letter for a hostname.

ICND1 – LAN Questions

ICND1 – VLAN Questions

Traffic on the native VLAN is untagged -> Answer B is not correct.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/ht_xvlan.html and http://www.

ICND1 – InterVLAN Routing

ICND1 – Port Security

ICND1 – Router Questions

RouterA#show controllers serial 0

RouterB#show controllers serial 0

Serial0/0 is up, line protocol is down

ICND1 – Router Questions 2

exec-timeout minutes [seconds]

ICND1 – Access list Questions

ICND1 – CDP & LLDP

ICND1 – Protocols & Services

There are 3 columns you must pay attention to:

By default CDP is enabled on Cisco routers -> A is not correct.

ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP

The problems were:

To solve these problem, CIDR was selected as the solution in 1992.

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)

From the subnet mask of 255.255.255.248 we learn:

Increment: 8 (248 = 11111111.11111111.11111111.11111000)

From the /20 we can find all information we need:

Increment: 16 (/20 = 11111111.11111111.11110000.00000000). This is applied for the 3rd octet.

Increment: 32 (224 = 11111111.11111111.11111111.11100000)

Increment: 64 (/26 = 11111111.11111111.11111111.11000000)

1st subnet: 192.168.4.0 (to 192.168.4.63)

Therefore only IPs in this range can be assigned to hosts.

With network 192.168.20.24/29 we have:

Increment: 8 (/29 = 255.255.255.248 = 11111000 for the last octet)

Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)

Increment: 4 (/22 = 11111111.11111111.11111100.00000000)

Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)

255.255.255.224 = 1111 1111.1111 1111.1111 1111.1110 0000 (binary form)

First subnetwork: 192.168.1.0 -> 192.168.1.31 (A is incorrect because 192.168.1.31 is a broadcast

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)

The simple syntax of static route:

ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}

Note: The AD of iBGP is 200

In this case EIGRP with AD of 90 is the smallest one.

A and E are correct according to the theory of RIP.

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2