New CCNA – IOS Questions
Note: If you are not sure about Cisco IOS, please read our Cisco Router Boot Sequence Tutorial and Cisco Command Line Interface CLI.
Question 1
Which command encrypts all plaintext passwords?
A. Router# service password-encryption
B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption
Answer: C
Question 2
What can be done to secure the virtual terminal interfaces on a router? (Choose two)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.
Answer: D E
Explanation
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -> A is not correct.
We can not physically secure a virtual interface because it is “virtual” -> B is not correct.
To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct; E is correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login -> D is correct.
Question 3
Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?
|
Router# copy tftp flash verifying checksum… OK (0x7BF3) |
A. The router cannot verify that the Cisco IOS image currently in flash is valid
B. Flash memory on Cisco routers can contain only a single IOS image.
C. Erasing current flash content is requested during the copy dialog.
D. In order for the router to use the new image as the default, it must be the only IOS image in flash.
Answer: C
Explanation
During the copy process, the router asked “Erasing flash before copying? [confirm]” and the administrator confirmed (by pressing Enter) so the flash was deleted.
Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:
| %Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device) |
Question 4
How does using the service password encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
Answer: B
Explanation
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.
Question 5
What is a global command?
A. a command that is available in every release of IOS, regardless of the version or deployment status
B. a command that can be entered in any configuration mode
C. a command that is universal in application and supports all protocols
D. a command that is implemented in all foreign and domestic IOS versions
E. a command that is set once and affects the entire router
Answer: E
Explanation
A global command is a command in this form:
Device(config)#
This mode can affect the entire router/switch.
For more information about modes in Cisco devices, please read my Cisco Command Line Interface CLI tutorial.
Question 6
Refer to the exhibit.
| line vty 0 4 password 7 030752180599 login transport input ssh |
What is the effect of the configuration that is shown?
A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSh connection first and if that foils to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
Answer: D
Question 7
Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three)
A. ping
B. tracert
C. ipconfig
D. show ip route
E. winipcfg
F. show interfaces
Answer: A D F
Explanation
The ping command can be used to test if the local device can reach a specific destination -> A is correct.
“tracert” is not a valid command in Cisco IOS commands, the correct command should be “traceroute” -> B is not correct.
The ipconfig command is not a valid command in Cisco IOS too -> C is not correct.
The “show ip route” command can be used to view the routing table of the router. It is a very useful command to find out many connectivity problems (like directly connected networks, learned network via routing protocols…) -> D is correct.
“winipcfg” is an old tool in Windows 95/98 to view IP settings of the installed network interfaces. But it is not a valid command in Cisco IOS commands -> E is not correct.
The “show interfaces” command is used to check all the interfaces on the local device only. It has very limited information to trouble LAN connectivity problem but it is the most reasonable to choose -> F is acceptable.
Question 8
Which command shows your active Telnet connections?
A. show sessions
B. show cdp neighbors
C. show users
D. show queue
Answer: A
Question 9
Which command would you configure globally on a Cisco router that would allow you to view directly connected Cisco devices?
A. enable cdp
B. cdp enable
C. cdp run
D. run cdp
Answer: C
Question 10
A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the confguration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?
A. service password-encryption
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4
login
password cisco
access-class 1
B. enable password secret
line vty 0
login
password cisco
C. service password-encryption
line vty 1
login
password cisco
D. service password-encryption
line vty 0 4
login
password cisco
Answer: C
Question 11
What is the effect of using the service password-encryption command?
A. Only passwords configured after the command has been entered will be encrypted.
B. Only the enable password will be encrypted.
C. Only the enable secret password will be encrypted
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.
Answer: E
Explanation
The secret password (configured by the command “enable secret “) is always encrypted even if the “service password-encryption” command is not used. Moreover, the secret password is not removed from the configuration with this command, we still see it in encrypted form in the running-config -> D is not correct.
The “enable password ” does not encrypt the password and can be viewed in clear text in the running-config. By using the “service password-encryption” command, that password is encrypted (both current and future passwords) -> A is not correct, E is correct.
Answer B – Only the enable password will be encrypted seems to be correct but it implies the secret password will not be encrypted and stay in clear text, which is not correct.
For your information, the secret password is encrypted with MD5 one-way hash algorithm which is harder to break than the encryption algorithm used by the “service password-encryption” command.
Passed yesterday with score 1000 Thank God
The exam was 51 questions, only one drag and drop about cable types, all questions are very easy just similar to 9tut.
The lab simulations were Eigrp , ACL1 (similar to 9tut exactly) and ACL2 (modification 3 but with host B to access the finance server)
Good luck for everyone, just be relaxed its very very easy :)
questions 7,8 were on it
hi Ghada…….is tab and ? keys r working in the exam ?
Similar or identical?
@girish
I read that they are working, but actually i didnt use them cuz i knew it might reduce some few marks.
Good luck :)
@Ghada
Can u mail me please?
I need 2 ask u some questions about the exam.
husam.alsairi@gmail.com
Thx
@ghada
i want to know if we read these questions is that enough to crack the exam. i would like to contact you my mail id is prabhu1912@gmail.com. send me dumps if u have.
can anybody explain me question number 10 please….
because we use ”login” command after giving ”password” command..
am i right???
subodh@ when we use “line vty 1″ then we are in that perticular mode only..so it doesn’t make any difference if we use 1st login n then password OR 1st password n then login .
passed 1000/1000 (17 march)
thanks 9tut
99% from 9tut..
new question are…. (or u can say that questions which are not on 9tut)
1.which protocol uses both TCP and UDP port?
answer:DNS
2.at which layer ipsec is used ?
answer:Network
In fact none of these answers is correct. To limit access to one user requires configuring “line vty 0″ only, configuring “vty 1″ will not allow any telnet access to the device.
Then the correct answer as below:
service password-encryption
line vty 0
login
password cisco
is this write???
yes its right
May i please have the latest dumps, anyone, having my exam on the 27th. email me at jackiejsour@gmail.com, thanx ;)
Q8
hi Ahtesham. can you please email me dumps at babar.raees@gmail.com. Thanks
have exam 2mrw…any tips or suggestions guys???
alhamdulillah passed today….thank u so much 9tut
tomorroww isss my exam i’m so exited about ccna exam …my friend pawan is waiting for my certification ..because he is my best friend and his expectation are so huge ..i will share with you my experience okay .see u tomarooooooo
@nandan dangwal we are waiting for you to share the experience with us. how was it???
Q3
anyone pls send me latest dumps…….
m.gupta60@gmail.com
good a..ghada, can you send me ccna reviewer or latest dmps…tnx..
here is my email-ad engr.neilmar@gmail.com
good, I did these and buy a switch for learning
to Question 10.
C is CORRECT – Look at it again.
“Line VTY 1″ is only opening ONE user access – “Line VTY 0 1″ would open TWO users access.
It could be “Line VTY 99″ and it would still only grant 1 user access but it would be on session 99.
there is no Line VTY 99 it was just an example
Hello Guys good news for you that now New CCNA (200-120) vouchers on special discount of 58% for World wide, with three months expiry date till you purchase.
Two latest & 100% valid dumps are also available on a reasonable price.
Details Required For CCNA Voucher For Discount Processing:
1-First Name.
Last Name. (as your name written in your National Identity card)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
cisco.vouchers@gmail.com
If you have any Questions feel free to contact me.
Thanks,
Best regards,
I passed the Ccna exam on 6/MAY/2015 972/1000 , thaaaaaaaaaaaanks 9tut
EXAM :
EIGRP 212 – ACL modification 3 .
congratz Mustafa
I’m a littl ebit surprised by Q8 answer A !!
Router#show users
Line User Host(s) Idle Location
* 1 vty 0 SV1048 idle 00:00:00 111.246.244.7
Interface User Mode Idle Peer Address
Router#show sessions
% No connections open
Thanks anonymous for posting about Q8. I would have guessed “show sessions”, but in reality it looks like you are right. I checked this link: https://learningnetwork.cisco.com/thread/30423 and the explanation basically says: “Show users display inbound connections to your router on the VTY interface(telnet,ssh). Show sessions displays outbound connections to other devices(from your router,switch)”.
Hope this helps someone.
On second thought. The question says “show your telnet connections”. In this case, it may mean it wants to see the router’s connections, not connections TO the router.
If I telnet to a router, and then inside that router I telnet to another router, I can then use CTRL+SHIFT+6+X to return to my original telnet session on the first router. Then I can run these commands:
Router1#sh sessions
Conn Host Address Byte Idle Conn Name
* 1 10.xxx.xxx.248 10.xxx.xxx.248 0 0 10.xxx.xxx.248
Router1#resume 1
[Resuming connection 1 to 10.xxx.xxx.248 ... ]
Router2# (session resumed)
As we can see above, running the “sh sessions” command shows me MY router connections outbound to another router via telnet with a session number of 1. In order to go back to that telnet session, I can type “resume” and the session number and I am back into the second router.
The problem is you don’t know what is really being asked here, but I would hope the Cisco test would make it clear. So in closing, I think the answer on 9tut is correct, because I think it’s asking to see the routers outbound telnet connections using the “show sessions” command. If it were asking to see inbound telnet connections the “show users” command could be used.
Feel free to verify if anyone understands it better.
Can someone please send me latest dumps? for New CCNA 200-120 (osagyefo.oakg4@gmail.com) taking test in a week and getting nervous by the day! Any help is greatly welcomed.
Can someone send me latest dump at rivera_jmc@yahoo.com
Thanks a lot!
@Stephen. Thanks for the brief description.