Drag and Drop Questions
Here you will find answers to ICND 2 – Drag And Drop Questions
Question 1
Two offices are displayed below
You work as a network technician at 9tut.net. Study the exhibit carefully. The company has a main office in Los Angeles and a satellite office in Boston. The offices are connected through two Cisco routers. The Boston satellite office is connected through the R2 router s0 interface to the Los Angeles office R1 router s1 interface. R1 has two local area networks. Boston users receive Internet access through the R1 router. Drag the boxes on the top to complete the goal on the left.
Answer:
1) Prevent all users from outside the enterprise network from accessing the server: permit ip 192.168.35.0 0.0 0.255 host 192.168.35.66
2) Block a user from R1 e0 network from accessing the server: deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66
3) Block only the users attached to the e0 interface of the R2 router from accessing the server: deny ip 192.168.35.16 0.0.0.15 host 192.168.35.66
Question 2
You are configuring the 9tut.net office. In particular the host C, with the IP address 192.168.125.34/27, needs to be configured so that it cannot access hosts outside its own subnet. You decide to use the following command:
access-list 100 deny protocol address mask any
You are required to fill in the protocol, address, and mask in this command using the choices below:
Answer:
1) protocol: ip
2) address: 192.168.125.34
3) mask: 0.0.0.0
Explanation
The syntax of extended access-list:
access-list 100-199 {permit|deny} {ip|tcp|udp|icmp} source source-mask [lt|gt|eq|neq] [source-port] destination dest-mask [lt|gt|eq|neq] [dest-port]
By telling the router to drop traffic originated from host C (source), we can guarantee that host C can just communicate with hosts inside its own subnet (because this kind of traffic does not need to pass the router and will not be prevented).
Question 3
Exhibit:
| Router# show interfaces s1/0 Seria11/0 is up, line protocol is up Hardware is CD2430 in sync mode Internet address is 192.168.0.10/30 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: CDPCP. IPCP, loopback not set Last input 00:00:00, output 00:00:00, output hang never Last clearing of “show interface” counters 4d21h |
Study the exhibit carefully. You need to match output lines in the exhibit with the proper OSI layer. One line will not be used.
Answer:
Data Link Layer:
+ Encapsulation PPP
+ Line protocol is up
Physical Layer:
+ Serial 1/0 is up
+ Hardware is CD2430 in sync mode
Question 4
You work as a network administrator for your corporation, your boss is interested in switch ports. Match the options to the appropriate switch ports
Answer:
Access Port:
+ carries traffic for a single VLAN
+ uses a straight-through cable to connect a device
+ connects an end-user workstation to a switch
Trunk Port:
+ carries traffic for a multiple VLAN
+ Facilitates interVLAN communications when connected to a Layer 3 device
+ uses 802.1q to identify traffic from different VLANs
Question 5
Below is the configuration of the R1 router:
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
R1(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
R1(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3
Drag each destination IP address on the top to its correct next hop address at the bottom.
Answer:
Next hop 192.168.1.1:
+ 10.2.1.3
+ 10.6.8.4
Next hop 192.168.2.2:
+ 10.1.0.14
+ 10.1.0.123
Next hop 192.168.3.3:
+ 10.1.1.10
+ 10.1.4.6
Hi, 9tut,
could you please be so kind to explain the answers to question nr. 5?
Thank you!
entri
When you see a Zero in the SUBNET think of it as a (WHATEVER Number it wants to be 1-255)
That being said. start at the second line of the drag and drop the most Specific.
R1(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
This Route is saying it will send anything to 10.1.0.Whatever
This route will take any traffic to 10.1.0.1-255
10.1.0.14, 10.1.0.123
so any time it needs to send to a 10.1.0.WHATEVER address it will go here
R1(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3
this one is claiming any 10.1.WHATEVER.WHATEVER
this one will take any traffic going to 10.1.0-255.0-255
so any time it needs to send to a 10.1.WHATEVER.WHATEVER address it will go here
10.1.1.10, 10.1.4.6
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
This route is a Default route it will go to any thing that is not more specific
so less Specific
all the rest of the traffic will go out 192.168.1.1 that leave the final 2
10.2.1.3, 10.6.8.4
Anon_mcitp
thank you for the explanation
Took ICND2 today, did not have any of these.
@ none…….
What did you have on your exam ????
None of these on there today 9/6. Was an acl drag and drop for ip / address / subnet… was very easy even if you only know the basics of acl
September to November a
@Anon_mcitp
Thanks for the explanation.ΓΌ
October to December a
thanks
Question 2 was on the exam, too this 11/4/10
I took ICND2 today (failed barely) none of this was on the test. :o/
Took ICND2 today and failed it with a 798/825 didn’t see any of these. . . i took it once before though too and I think i remember seeing the next hop drag and drop.
hi 9tut or anyone..i still didn’t get the number 5. can someone send a layout or anything please.
thank you
Q2 was on my exam today.
question 1 was also on my exam (back on Feb 15)
Great site, many thanks.
@Cabbs
Anon_mcitp explained it pretty well. Point is that if you look at the ip route statements you see they match the ip’s for next hop in the config. So looking at the ip addresses you figure out which hop it will take.
I hate to be rational, but we (myself included) shouldn’t be testing solely on braindumps. They are there and should be used more as a test prep or practice. My point is, dont get mad if none of these were on your test, especially if you didn’t study concepts
Doesnt answer to Q1.1 obviate the 1.2 and 1.3 answers? Thats sneaky I think, or perhaps I am misunderstanding it?
chris, once you pass the CCNA, land a Cisco gig..you WILL be expected to know your stuff.
Use the Brain Dumps to Get through the BS/Politics, Learn you cisco…because once your hired on, doing Cisco as a career..you will be Fired just as soon as they find out your a fake… So get your XP, the certs are merely to accentuate your Resume along the way.
IF your going down the Cisco Cert path and expect to get HIRED, you also have to know your STUFF! Get some Hands-on experience, but some Router’s off E-Bay!
Take it from a Veteran…Now, go on and make us proud!
guys, those brain dumps on my own opinion is solely an aid to understand more..but it won’t help you on the real world..if you get hired as a cisco network engineer..and your network goes down..i believe none of those braind dumps will be able to help you..
best thing is study hard learn the concepts..and you’ll be on your way to a great career.. π
No company in the world is going to expect you to walk in and know sh*t just because you got your CCNA. Do you think they are going to expect you to just waltz in the door and start running their network? No, you are just getting in the door because of your CCNA. Nothing in the world is wrong with doing whatever you have to in order to pass it. You are going to have to get on the job training and experience no matter what. These holier than thou’s telling you not to take advantage of every resource you can are full of themselves.
Q1’s permit statement is not helping ACL
permit ip 192.168.35.0 0.0 0.255 host 192.168.35.66 — will give the permission all hosts from the R2 and host on R1 on e0 interface to access server.
Agreed w/ Kevin.
If your company is smart they will have Smartnet and you can call ….. CISCO.
they will have a live CCIE (probably triple CCIE) help you through the process.
In regards to the ACL, it would depend on the order you list them in the ACL.The correct order for creating a single list would be:
deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66
deny ip 192.168.35.16 0.0.0.15 host 192.168.35.66
permit ip 192.168.35.55 0.0.0.255 host 192.168.35.66
Because filtering based on ACL stops as soon as it hits a match, this single list would provide the required filtering.
Had a drag and drop on my exam with CHAP and and about 8 other authentication/security protocols to match with very long and vague descriptions about the subtle differences of each of them. Anyone seen that??
I think what people are saying is that cramming dumps as the only method to get quals is not a good idea. You will look stupid at interview… You think if you get a written test they will just copy dumps? What if they have a practical test and actually get you to do something on real kit? (Both common at it interviews) Not everywhere will give training (if they do and you know nothing you may just get fired then) have smartnet and a lifeline, We have a cisco wireless network (40 ish APS) and no smartnet contract, it’s all been there longer than any of us and we support it, If It goes wrong it’s up to us to fix it. I’m not saying dumps are a bad thing (would I be here now if I thought that) They are just one tool in your studys, You will have far more career success if you know your stuff as well as having certs
question 1 seems to be wrong…permit all users with a 0.0.0.255 mask would not deny them as the question ask for…
#1 seems clearly to be wrong. You mean to say permit any user? 0.0.0.255 will permit any user not deny them. In the case of allow any other trafic we should use ip permit any any
No number 1 is correct. You are permitting the subnet 192.168.35.0 access and then the denies are denying the specific user/users. As access lists apply from top down until a match is found and there is the implicit deny at the end of every access list. This access list will prevent outside users from accessing the server due to the implicit deny. Hope this helps.
Gavin, the Drag and Drop you are asking about is under the CCNA Drag and Drop questions on 9tut….
I failed ICND2 on Aug 8, 720/1000….after the exam I looked at the CCNA/ICND1/ICND2 portion of 9tut and noticed alot of the questions came from all areas….many Drag and Drops were under the CCNA portion….
I am now looking through the entire CCNA/ICND1/ICND2 portion of 9tut for a refresher for my next attempt/////
Passed ICND 2 today 960. Q2 was on exam. It was not as hard as I thought it would be but better to over prepared
On Question 1, the e0 interface is .49/28. If I want to deny users from that subnet, it should be deny ip 192.168.35.48 0.0.0.15 and not 192.168.35.16 0.0.0.15. Using .16 0.0.0.15 will deny users .17 to .30. E0 however belongs to .48.
Sorry, I was looking at router 1 interface, not router 2. deny .16 is correct.
@jeff
hint: “router 2” π
look at the router on the left
Took tests on 08/29 and 09/06 and none of these were on it.
Question 5
when the router is luking for a route,dus it compare all routs or dus it work like it on a access-list from top to down? If it has a match it stops?
1 R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
2 R1(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
3 R1(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3
Great question!
If you study the concept of routing look up process which is a chapter for itself, it is easier
to understand. At the begining it is really tricky to understand. To come back to your question, the router doesn’t do from top to down searching. If you look at the routing table, you will see there is an entry with the classfull address at the top of every group of routes. That is automatically generated, and is called the parent route. The looking process is different depending if the behaviour is classfull or classless. You have to read about this by yourself since it is a little messy to explain. BUT remember the router will select the route with the longest match. By that means it will compare bit by bit until the route with the most matching bits is found. That sounds like it searches through the whole table before deciding hu???
One important detail here is that the mask used to AND is the route’s in the routing table and not the destination!!! I hope that was a little help. But reading the Routing look-up process will give you more satisfaction.
Hello Faruk,
In your specifik question the route 2 R1(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2 would win, since it has the mask /24, i.e. it has the longest match. The default route has the least or zero matching bits, so it will be considered last.
Q1: Question 1 is really confusing when looking at it at the begining. But as I understand it, it demands that one takes own responsibility to understand the order of the entries. I think the “permit ip 192.168.35.0 0.0 0.255 host 192.168.35.66” must be placed last on the ACL. As we know the most specific entries must be placed on the top. The lastly the Implicit Deny will come and stop everything from the outside. Am I wrong???
q1 on 10/02
So the point is: study the concepts and know them well…use previous questions as guides only. Yes, it’s true that you can know the concepts well but the way that they ask the questions can through you for a loop…that’s why it is not a bad idea to review previous questions
Q1: You would put the deny statements first if all the statements were put in the same access list, but with extended access lists you put them as close to the source as possible to limit unnecessary traffic in your network. So for that question it depends on the answers they give you to pick from. You could have 3 seperate access lists or they could all be in a single access list.
@Anon_mcitp
Thank you for taking the time to explain Question.5. it’s a big help
Passed ICND2 today with 944!! I had question #2 on my test today
I have passes the exam with 944 marks question #2 came into my exam.
Passed with 944. Did not have any of these questions on my exam, but had Q1 of the drag and drop from http://www.9tut.com/ccna-drag-and-drop-3
Passed ICND2 today with 986/1000 π
none of these were there
I passed ICND2 today and scored 902 thanks to this site. God Bless. I had question #4 on my certification test.
took icnd2 had none of these questinos
@Bruno You’re right! the “permit ip 192.168.35.0 0.0 0.255 host 192.168.35.66” should be placed after the two deny statements, otherwise it will make the two deny statements meaningless. And the implicit deny all will stop everything outside from accessing the network.
Could anyone please explain Q1, please? I still donΒ΄t understand why those answers are correct, tx
@al
* prevent all users from outside the enterprise network from accessing the server
the answer to this one is to permit only addresses that are on the network.
but the task is to block all the others… yes, it is and the blocking is done by the implied “deny ip any any” at the end of any ACL.
second task is to block a user. bottom left one is the solution as it is the only one that has a wildcard of 0.0.0.0
third task is to block users from a subnet. bottom right one is the solution as it is the only one with a wildcard mask that covers a possible subnet.
as you can see i didnt look for the elaborated explanation, i just assumed which one could be correct and ruled out the others.
805/1000 on ICND2 last Friday (September 14, 2012)
Friend told me about this site literally 3 hours before the exam. >.<
Everything seems legit. I had a ton of matching questions, most if not all are here.
I had a Hotspot Frame Relay SIM I didn't find here in the ICND2 section, but did find here: http://www.9tut.com/ccna-hotspot-questions
the frame relay hotspot was on my ICND2 test yesterday see above link
question 2 was on test yesterday
Anon_mcitp
thnx
anon-mcitp-thanks a lot for the explanation-
xallax-for the question 1 -ur explanation is nice- but the question is answered only if all the ACL sttmts are viewed together- when i saw the question first- i was loookin @ it individually-so got the 1st and 3rd one wrong- but then looking at the bigger picture-and cumulatively using ACL sttmts it makes sense- also because there are only 2 deny sttmts
@ bo beep- q2 seems very easy ? I am wondering y will cisco ask this ? was it exactly framed this way as on here, or was worded differently
Q5 i didnt get it any one explain 4 me plz
@Burka
ip route 10.1.0.0 255.255.255.0 192.168.2.2 – means send all packets with 10.1.0.0/24
through 192.168.2.2 (range = 10.1.0.1 – 10.1.0.255)
looking at the address range, these 2 ip addresses are within that range.
+ 10.1.0.14
+ 10.1.0.123
= notice that the first three octets are the same (/24)
ip route 10.1.0.0 255.255.0.0 192.168.3.3 -> means send all packets with 10.1.0.0/16
through 192.168.3.3 (range = 10.1.0.1 = 10.1.255.255)
looking at the address range, these 2 are within that range
+ 10.1.1.10
+ 10.1.4.6
= first 2 octets are the same (/16)
ip route 0.0.0.0 0.0.0.0 192.168.1.1 -> means all other packets with no matching routes send it through 192.168.1.1 (Default route)
+10.2.1.3
+10.6.8.4
= no specific routes configured for these two so they go through the default route.
hope this helped. thanks
had question 2 on my test today.
Dear Friend ,can anyone tell me the passing score of icnd2……..
825 out of 1000 is the passing score for ICND2
can explain Q1
I think a mistake answer
Passed exam 3 days ago.
There was drag & drop questions from CCNA. Specially first one with deferent IP Address.
Review these..
http://www.9tut.com/ccna-drag-and-drop-questions
Thanks guys
passed today i had q 2 in the exam
Just wrote my ICND2 today, and i got 902/1000.. Question 2 was in the exam.. Thanks to the 9tut team..
q2 today
thanks 9 tut, passed today. most of this site came up for me
Q1 on the second subset is not making sense to me. To block e0 interface in R2 from accessing the server, should it be blocking 192.168.35.49 and not 192.168.35.55. Thanks in advance!
latest CCNA 640-802 pass4sure dumps in PDF format is available in http://url.mn/h/5a9ca34
@Outcast- I’m having the same question, it must be .49
@Outcast, @fabian,
The question is not about blocking the e0 interface. It says it want to a block “a user from e0 network”.
So this can be any user from the e0 network. Let’s see what’s the address range for the e0 network:
e0 interface address is 192.168.35.49/28
so the network it belongs to is: 192.168.35.48/28
so from this we know that the valid hosts range for this network(excluding the IP address allocated for the e0 interface) is:
192.168.35.50 – 192.168.35.62
so the answer where it simply block the host address 192.168.35.55 is correct! Because it is “a user from e0 network”.
hth
@Nimal
sweet thanks!! Taking ICND 2 in 2 weeks, been preping for the last couple of weeks. Wish me luck
None of these were on the exam today. Passed with 916
Fail. Took the supposed ICND2 640-816 today and there was nothing like the material contained on this site. No VTP, No VLSM, No Drags and Drop (except 1, had Split Horizon), no ACL or NAT. It was all about SNMP and Netflow. 2 Different SIMS OSPF and EIGRP (not on this site or dump) A lot IPV6. I nailed ICND1 exam but this wasnt the test I prepared for. Please reply.
For some reason my exam overlapped and I got 200-100. Didnt know was there already and Fail. 640-816 next Monday.
Hi All…stupid question I’m sure but…for question 5 does it make any difference which order the IPs are listed? I can’t see why it should but I have seen this question and it is always answered in this order.
Thanks all for the help!
Q 2 on today’s exam. Nailed it with 888/1000. Thanks to 9tut, CBT Nuggets, CiscoPress, HeavyMod.
I don’t understand how the answer is derived for Q1 (answer 2) deny ip 192.168.35.55. It is so off to me I don’t see the correlation. Can someone help.
Oh I just saw your comment Nimal. That makes sense. Thank you so much for explaining!