Appendix A. Answers to the “Check Your Understanding” Questions

2. Scalability, security, data integrity, and fault tolerance. Explanation: In order, the best terms are scalability, security, data integrity, and fault tolerance.

3. D. Explanation: Packet switching allows for messages to be sent along multiple paths. Circuit switching and leased lines use dedicated paths.

4. C. Explanation: Intranets connect LANs and WANs that should only be accessible by internal employees, whereas an extranet allows an organization to do business directly with other, external organizations by allowing them access to part of the internal network.

5. B. Explanation: In a BYOD environment, an organization can accommodate a variety of devices and access methods, including personal devices that are not under company control.

6. A. Explanation: Podcasting is an audio-based medium that enables people to record audio and use the Web to deliver their recordings to a wide audience.

7. D. Explanation: Collaboration tools give people the opportunity to work together on shared documents without the constraints of location or time.

8. C. Explanation: Message complexity might require special handling and delivery, whereas clear and concise messages are usually easier to understand. The other choices are external factors.

9. C. Explanation: Traditional networks used separate, dedicated networks for voice, video, and data. A converged network combines all three types of traffic on a single network.

10. B. Explanation: The Internet is a network composed of local networks connected by WANs.

11. A. Explanation: A router is a device that helps connect end devices. The other choices are end devices.

12. B. Explanation: A network infrastructure designed to support file servers and provide data storage is a SAN, or storage-area network.

13. A. Explanation: A WLAN is similar to a LAN but wirelessly interconnects users and end points in a small geographical area.

14. C. Explanation: The farther from the central office, the slower the connection. Cable companies provide cable modems, not DSL.

15. A, B, and D. Explanation: Availability is the assurance of timely and reliable access to data services. Network firewall devices, desktop and server antivirus software, and redundant network devices can ensure system reliability and mitigate threats.

2. C. Explanation: The IOS is usually stored in flash and is copied to RAM when the device boots.

3. B. Explanation: The console port is the only out-of-band option offered here (an AUX port can work as well but it does not use a serial cable). The console port requires a console cable.

4. D. Explanation: The running configuration resides in RAM. If it is copied to NVRAM, it becomes the startup configuration. The startup configuration that is stored in NVRAM is copied to RAM and becomes the running configuration.

5. A. Explanation: User executive mode is the default access level. It does not require authentication until an access password is set. The debugging commands are not available at this level.

6. C. Explanation: Choice A is the command prompt for line configurations, B is not in configuration mode, and D is the prompt for interface configuration mode.

7. D. Explanation: Choices A and C require the device to already be in enable mode or configuration mode. Entering enable does not require a password if no password is set.

8. C. Explanation: The exit command moves the mode back one level. In this case, the router would return to global configuration mode from the more specific router configuration mode.

9. C. Explanation: The argument of a command is a variable; for example, following the word show in a show command there are many available variables (arguments) that can be entered.

10. B. Explanation: The help function assists the user in finding available valid syntax options or arguments when a space followed by a question mark is entered.

11. C. Explanation: Option C is the only option that will interrupt a process.

12. B and D. Explanation: The Up Arrow and Down Arrow keys are used to scroll through previous commands. The Left Arrow and Right Arrow keys move the cursor on a line.

13. B. Explanation: A and C are in configuration mode, and show commands need extra text to work on that level. The running configuration does not contain IOS information.

14. A and C. Explanation: Switches do not require configuration before being used on a LAN.

15. B. Explanation: The switch booted, so the IOS was present. With the default configuration present, the administrator was not locked out. The startup configuration is stored in NVRAM, not flash. B is the only likely answer.

16. C. Explanation: Dynamic Host Configuration Protocol (DHCP) allows end devices to have IP information automatically configured.

2. A. Explanation: A group of interrelated protocols necessary to perform a communication function is called a protocol suite.

3. A, C, E. Explanation: Only A, C, and E are legitimate standards organizations.

4. B. Explanation: A protocol model closely matches the structure of a particular protocol suite. The hierarchical set of related protocols in a suite typically represents all the functionality required to communicate across a data network.

5. C. Explanation: The upper three layers of the OSI model are incorporated into the TCP/IP application layer.

6. A and C. Explanation: Standards do allow for proprietary protocols and encourage competition, so B and D are false.

7. D. Explanation: OSI Layer 7 is the application layer. Layer 1 is the physical layer, Layer 3 is the network layer, and Layer 4 is the transport layer.

8. B. Explanation: IP addressing and routing occur at the network layer, or Layer 3.

9. B. Explanation: Frame encapsulation occurs at the data link layer, which is OSI Layer 2.

10. A. Explanation: Physical media is described at the physical layer, or OSI Layer 1. If the NIC was the problem, then the issue would be at Layer 2.

11. D. Explanation: OSI Layers 1 (physical) and 2 (data link) combine to make the TCP/IP network access layer.

12. A. Explanation: Request for Comments, or RFCs, was the name of the initial documents describing protocols, and the name has remained in use.

13. A and C. Explanation: Bits are part of the TCP/IP network access layer and packets are part of the Internet layer.

14. D. Explanation: De-encapsulation occurs when the encapsulated frame arrives at its next-hop address.

15. A and D. Explanation: Packet PDUs have OSI Layer 3 source and destination IP addresses. MAC addresses are added in the framing process at OSI Layer 2.

16. B and E. Explanation: Ethernet frame PDUs have OSI Layer 2 source and destination MAC addresses.

2. D. Explanation: All four are applications. Layer 7 is the application layer.

3. C. Explanation: The session layer, Layer 5, maintains dialogs between source and destination applications.

4. A. HTTP, SMTP, and POP, in that order, provide the services described.

5. B. Explanation: The protocol is indicated by http://, the server name is cisco.com, and the file is /index. DNS does convert cisco.com to an IP address, but DNS does not use tags.

6. C. Explanation: HTTPS is a secure form of HTTP, and the added security features require more processing power.

7. B and D. Explanation: HTTP does not use SSL, and HTTPS was developed after HTTP and uses more computing resources than HTTP.

8. C. Explanation: POP and POP3 are used to let the client retrieve mail from the server. SNMP is a network management protocol.

9. B. Explanation: POP is an email protocol, UDP is a transport protocol, and NDS is a Novell proprietary protocol.

10. D. Explanation: The DNS structure is like an inverted tree, and the root is the top level.

11. B. Explanation: nslookup provides information about the local network, including the default name server for the host on which the command is entered.

12. A. Explanation: DHCP provides IP addresses for devices to access a network.

13. A and C. Explanation: DHCP OFFER and DHCP ACK are issued by the DHCP server.

14. B. Explanation: FTP requires one connection for data transfer and another for commands to control the transfer.

15. A. Explanation: DNS resolves IP addresses. All others are functions of SMB, or Server Message Block.

2. B and C. Explanation: B and C are transport layer functions. Frames are a data link layer function, and the presentation layer is not responsible for data delivery.

3. B. Explanation: TCP is the only transport layer protocol listed that reassembles data in a correct order.

4. A. Explanation: MAC addresses function at OSI Layer 2, and IP functions at OSI Layer 3. VLAN tags are a LAN process. Port numbers keep application conversations separate.

5. D and E. Explanation: Because of the ability of TCP to track actual conversations, TCP is considered a stateful protocol. A stateful protocol is a protocol that keeps track of the state of the communication session. UDP does not keep track, and is thus stateless. UDP does not establish a connection between the hosts before data can be sent and received, and is considered connectionless. TCP does establish the connection and is considered connection-oriented.

6. B. Explanation: IP, UDP, and IPX are connectionless, but FTP requires TCP’s reliability to function successfully.

7. C. Explanation: TCP functions at OSI Layer 4, so C is not true.

8. B. Explanation: The transport layer does not perform any functions in the application layer.

9. D. Explanation: TCP provides methods of managing these segment losses, including retransmission of segments with unacknowledged data. It does not resend the entire message (B), and the user does not request missing data (A).

10. A. Explanation: UDP does not resend data (C, D), and it is commonly preferred to TCP when the needs of the application require the connectionless features.

11. B. Explanation: A, C, and D are false statements. UDP is better if an application can tolerate data loss, and TCP uses more processing overhead than UDP.

12. D. Explanation: A, B, and C are applications that require the connectionless nature of UDP. TCP’s reliability processes would disrupt the flow of video, voice, and music.

13. B. Explanation: A, C, and D are all characteristics of UDP. TCP does provide ordered data reconstruction.

14. B. Explanation: A, C, and D are all characteristics of TCP. UDP provides best-effort delivery but does not know if data was successfully delivered.

15. C. Explanation: Each TCP segment has 20 bytes of overhead in the header encapsulating the application layer data. A UDP segment has 8 bytes of overhead.

16. C. Explanation: The combination of the source and destination IP addresses and the source and destination port numbers is known as a socket pair. The socket is used to identify the server and service being requested by the client. MAC addresses and SYN/ACK flags are not involved in the process.

17. D. Explanation: Port 80 is the well-known port for HTTP. Port 110 is POP3, port 21 is FTP control, and port 23 is Telnet.

18. B. Explanation: Port 110 is the well-known port for the Post Office Protocol (POP).

19. C. Explanation: The window size is measured in bytes and sends an acknowledgement indicating the next byte expected by the receiver.

20. D. Explanation: The first acknowledgement would be 2501. The second would add 2500 bytes.

21. B. Explanation: The SWQ and ACK messages indicate which data was successfully delivered. If data is sent and no ACK message is returned, data is re-sent. The three-way handshake establishes communication, and the window size controls how much data is sent at any given time.

22. C and D. Explanation: With a smaller window comes more overhead, thus more transmission time. The question is an example of dynamic, not static, window sizing. A smaller window would indicate there is more traffic and congestion on the network. The process is dynamic and the flow of data does not stop while windows are adjusted.

2. B and D. Explanation: Layer 3 addresses are encapsulated at the network layer. IP addresses can be changed.

3. B. Explanation: Though some systems may still run IPX, AppleTalk, and DECNet, their use is relatively rare and unsupported.

4. A. Explanation: IP is the only connectionless technology and the only Layer 3 technology.

5. C and D. Explanation: Layer 3 does not involve reliability. Application data is at Layer 7.

6. B, E, and F. Explanation: Only B, E, and F relate to Layer 3.

7. B and E. Explanation: route print and netstat work on hosts. A, C, and D are router commands.

8. A, C, and D. Explanation: Only A, C, and D are in the routing table output.

9. A, B, and D. Explanation: A, B, and D are the only effects of broadcast storms.

10. C. Explanation: IP is media independent and not reliable, and gives packets IP addresses.

11. C and D. Explanation: Deliverability is a Layer 4 issue, and application data is a Layer 7 issue.

12. B and E. Explanation: B and E are the only possible choices.

13. C. Explanation: De-encapsulation removes Layer 2 data to expose Layer 3 data.

14. C. Explanation: Both routers and hosts need IP addresses to send and receive messages.

15. A and D. Explanation: Layer 2 data may change between the IP source and destinations; encapsulation happens in the sending host, and converts data into packets.

16. B and C. Explanation: B and C are the only true combinations.

17. B. Explanation: IP works on copper, fiber, and wireless technologies.

18. C. Explanation: TCP is OSI Layer 4.

19. C. Explanation: There are 32 bits, usually represented in four 8-bit numbers separated by a decimal.

20. D. Explanation: The local default route; that is, all packets with destinations that do not match other specified addresses in the routing table are forwarded to the gateway.

2. C and D. Explanation: A unicast is sent to a specific host on a network. Directed broadcasts can be used to target both remote (distant) networks and local networks. Limited broadcasts are limited to the hosts that exist on the local network.

3. C. Explanation: The binary format for 255.255.255.224 is 11111111.11111111.11111111.11100000. The prefix length is the number of consecutive 1s in the subnet mask. Therefore, the prefix length is /27.

4. B. Explanation: When comparing the entire range of numbers used by private and public addresses, most of the IPv4 addresses are in the public address range.

5. 2001:DB8:0:AB00::AB. Explanation: The double colon can be used only once to substitute for continuous hextets consisting of all 0s. Leading 0s can also be suppressed. Therefore, the correct representation is 2001:DB8:0:AB00::AB.

6. B. Explanation: Link-local addresses have relevance only on the local link. Routers will not forward packets that include a link-local address as either the source or destination address.

7. D. Explanation: The current practice is that ISPs assign a /48 global routing prefix to customers. This global routing prefix is the first 48 bits of a global unicast address. If /64 addresses are being used, then 16 bits are being used for Subnet IDs. 2^16 = 65,536, so 65,536 different subnets can be created.

8. Answer: A = Subnet ID, B = Global routing prefix, and C= Interface ID. Explanation: A global IPv6 unicast address contains three parts. The global routing prefix of an IPv6 address is the prefix, or network, portion of the address assigned by the provider, such as an ISP, to a customer or site. The Subnet ID field is used by an organization to identify a subnet within its site. The Interface ID field of the IPv6 Interface ID is equivalent to the host portion of an IPv4 address.

9. C and E. Explanation: ICMPv6 includes four new message types: Router Advertisement, Neighbor Advertisement, Router Solicitation, and Neighbor Solicitation.

10. B and D. Explanation: Answers B and D are the two options that depict network addresses. Answer B – 192.168.12.64/26 represents the .64 network. Answer D –18.18.12.16/28 represents the .16 network.

11. D. Explanation: The other choices are private, nonroutable IP addresses.

12. C. Explanation: Answer C represents two octets of eight ones or 16 ones, the third octet, 255, represent 6 ones, so if you add the first two octets number of ones, 16, plus the third octets 6 ones, you come up with the 22 ones or /22.

13. B. Explanation: This address block would give you 14 useful hosts plus a network address and a broadcast address. You could subnet these 16 IP addresses into four point-to-point link addresses. Sixteen addresses divided by four per network results in the answer of four WAN links.

14. C. Explanation: 255.255.255.224 would provide 30 hosts, enough for the 16 usable hosts you require. A 255.255.255.240 would only give you 14 usable hosts, enough for the computers but not for the two router interfaces.

15. B. Explanation: IPv4 goes from /2 to /30.

2. E. Explanation: A /26 subnet has 6 bits for host addressing (32 – 26 = 6); 6 host bits gives 64 possible addresses (2^6 = 64). This means the range of addresses in the subnet is 192.168.1.0 through 192.168.1.63. However, the first address, 192.168.1.0, is the network address, and the last address, 192.168.1.63, is the broadcast address. Therefore, the first valid host address is 192.168.1.1 and the last valid host address is 192.168.1.62.

3. B. Explanation: A /29 mask means that 3 bits have been left for host bits. Using the formula 2^x – 2, where x is the number of host bits, we know 2^3 – 2 = 6; i.e., there are six valid host addresses on this network. Because one IP address (192.168.0.168) has already been assigned to a PC and there are six valid addresses, five more host addresses are left to be assigned on this network.

4. D. Explanation: The host 192.168.1.59 resides on network 192.168.1.48. The range of addresses on this network is 192.168.1.48 through 192.168.1.63. 192.168.1.48 is the network address, and 192.168.1.63 is the broadcast address for the network. The next subnet with a /28 network prefix will start at 192.168.1.64.

5. C. Explanation: Of the hosts listed, only host A: 192.168.1.59/26 and host B: 192.168.1.71/26 will require a router. This is because they are on two different subnets. Host A is on the 192.168.1.0/26 network and host B is on the 192.168.1.64/26 network. All other hosts in the other options reside on common subnets.

6. A. Explanation: The prefix notation is shown as /n, where n indicates the number of consecutive 1s in a subnet mask shown in binary form. /23 has 23 consecutive 1s in the subnet mask, where 16 of the 1s create the 255.255 part of the subnet mask. The next seven 1s in the mask represent the decimal values of 128, 64, 32, 16, 8, 4, and 2. 128 + 64 + 32 + 16 + 8 + 4 + 2 = 254 (the third number of the subnet mask of 255.255.254.0).

7. A. Explanation: A mask of 255.255.255.128 will result in 1 network bit and 7 host bits. This will satisfy the problem by yielding two subnets, each with 126 usable host addresses.

8. C and F. Explanation: To calculate the network number, write the host IP address in binary. Draw a line showing where the subnet mask 1s end. For example, with the IP address 192.31.7.200, the final octet (200) is 11001000. The line would be drawn between the 1100 and the 1000 because the subnet mask is /28. Change all the bits to the right of the line to 0s to determine the network number (11000000 or 192). Change all the bits to the right of the line to 1s to determine the broadcast address (11001111 or 207). Numbers that can be assigned to hosts on the same network are unassigned usable host addresses within the range of the network 192.31.7.192/28.

9. C. Explanation: When using VLSM, the network administrator can allocate host addresses more efficiently than with traditional subnetting. With traditional subnetting, every network has the same maximum number of hosts. With VLSM, the number of valid host addresses can vary according to the needs of each network.

10. B. Explanation: A nibble is 4 bits in length.

11. E. Explanation: The subnet mask is /20 or 255.255.240.0. This mask assigns 20 bits for the network portion of the IPv4 address. The host portion has 12 bits or 2^12 addresses (including the broadcast and network addresses). So, there are 4096 – 2 = 4094 addresses available to be assigned to hosts.

12. A. Explanation: Note that sometimes VLSM stands for variable-length subnet masking, which refers to the process of using different masks in the same classful network, whereas variable length subnet mask refers to the subnet mask itself.

13. A. Explanation: Subnet 10.5.0.0 255.255.240.0 implies range 10.5.0.0 to 10.5.15.255, which does not overlap. Subnet 10.4.0.0 255.254.0.0 implies range 10.4.0.0 to 10.5.255.255, which does overlap. Subnet 10.5.32.0 255.255.224.0 implies range 10.5.32.0 to 10.5.63.255, which does overlap. Subnet 10.5.0.0 255.255.128.0 implies range 10.5.0.0 to 10.5.127.255, which does overlap.

14. D. Explanation: The four answers imply the following ranges: 172.16.0.0/21 = 172.16.0.0 to 172.16.7.255; 172.16.6.0/23 = 172.16.6.0 to 172.16.7.255; 172.16.16.0/20 =172.16.16.0 to 172.16.31.255; and 172.16.11.0/25 = 172.16.11.0 to 172.16.11.127. The subnet in the question, 172.16.8.0/22, implies a range of 172.16.8.0 to 172.16.11.255, which includes the range of numbers in subnet 172.16.11.0/25.

15. C. Explanation: The question lists three existing subnets, which together consume part of class C network 192.168.1.0. Just listing the last octet values, these subnets consume 0 to 63, 128 to 131, and 160 to 167. The new subnet, with a /28 mask, needs 16 consecutive numbers, and the subnet numbers will all be a multiple of 16 in the last octet (0, 16, 32, etc.). Looking at the consumed numbers again, the first opening starts at 64, and runs up through 127, so it has more than enough space for 16 addresses. So the numerically lowest subnet number is 192.168.1.64/28, with range 192.168.1.64 to 192.168.1.79.

2. A. Addressing                           Physical addresses

B. Control                               Flow control services

C. Data                                   Payload

D. Frame Check      Error detection Sequence

E. Frame Start                         Beginning of the frame

F. Frame Stop                         End of the frame

G. Type                                   Layer 3 protocol

Explanation: The Frame Start and Frame Stop fields are used to identify the beginning and the end of the frame. The Addressing field contains the physical addresses, also known as MAC addresses. The Type field identifies the Layer 3 protocol. The Control field identifies special flow control services, and the Error Detection field contains the frame check sequence(FCS). The FCS contains a checksum used to ensure that the data in the frame was received the same as how it was sent. The Data field contains the payload.

3. A and C. Explanation: The IANA is responsible for overseeing and managing IP address allocation, domain name management, and protocol identifiers. The EIA is an international standards and trade alliance for electronics organizations, and is best known for its standards related to electrical wiring, connectors, and the 19-inch racks used to mount networking equipment. The ISOC promotes the open development, evolution, and use of the Internet throughout the world.

4. C. Explanation: A point-to-point topology only connects two nodes. A bus is a legacy topology for LANs. Mesh and full mesh topologies have more connectivity than needed (all or most of the branches will be connected to each other). A hub and spoke design will connect the headquarters to all its branches, as desired.

5. B. Explanation: Both CSMA/CD and CSMA/CA are contention-based access control methods. With CSMA/CD, each end device monitors the media for the presence of a data signal. If the media is free, the device transmits data. With CSMA/CA, each end device also examines the media for the presence of a data signal. If the media is free, the device sends a notification across the media of its intent to use it. The device then sends data. With this method, CSMA/CA avoids possible collisions but does not completely stop them.

6. A, B, and C. Explanation: The Layer 2 address refers to the MAC address, a 48-bit address generally represented in hexadecimal format, and burned into the NIC.

7. B. Explanation: The physical layer is responsible for transmitting the actual signals across the physical media as bits. Exchanging frames, controlling media access, and performing error detection are all functions of the data link layer.

8. D. Explanation: DSSS and OFDM are encoding techniques used for wireless transmission. NRZ is the technique used for copper cable. Wavelength multiplexing is used to encode data for fiber-optic cable, resulting in different colors.

9. A. Explanation: The electromagnetic field allows information to pass from one cable pair to another.

10. D. Explanation: Wi-Fi is a trademark of the Wi-Fi Alliance and is used with certified products that belong to WLAN devices based on the IEEE 802.11 standards. It uses a contention system with CSMA/CA as the media access process. Bluetooth is a WPAN standard and is not considered to be Wi-Fi.

2. B. Explanation: The Ethernet LLC sublayer has the responsibility to handle communication between the upper layers and the lower layers of the protocol stack. The LLC is implemented in software and communicates with the upper layers of the application to transition the packet to the lower layers for delivery.

3. A and C. Explanation: The MAC sublayer is the lower of the two data link sublayers and is closest to the physical layer. The two primary functions of the MAC sublayer are to encapsulate the data from the upper layer protocols and to control access to the media.

4. A. Explanation: On Ethernet networks, the broadcast MAC address is 48 binary 1s displayed as hexadecimal FF-FF-FF-FF-FF-FF.

5. D. Explanation: The multicast MAC address is a special value that begins with 01-00-5E in hexadecimal. It allows a source device to send a packet to a group of devices.

6. C. Explanation: The purpose of an ARP request is to find the MAC address of the destination host on an Ethernet LAN. The ARP process sends a Layer 2 broadcast to all devices on the Ethernet LAN. The frame contains the IP address of the destination and the broadcast MAC address, FFFF.FFFF.FFFF. The host with the IP address that matches the IP address in the ARP request will reply with a unicast frame that includes the MAC address of the host. Thus, the original sending host will obtain the destination IP and MAC address pair to continue the encapsulation process for data transmission.

7. C. Explanation: In order to encapsulate a Layer 3 PDU into a frame, the sending host needs to know the MAC address of the destination host. The sending host first checks the ARP table. If a match is found in the table, the host uses the MAC address as the destination MAC in the frame. Otherwise, it will initiate an ARP request to obtain the destination MAC.

8. B. Explanation: An ARP spoofing attack is based on an ARP reply (a unicast message). The intruder sends many ARP replies with its own MAC address and an IP address that is within the same network. The unsuspecting node receives this fake ARP reply and adds this entry to its ARP cache. Traffic from that unsuspecting node will be sent to the MAC address of the intruder. Authorized MAC addresses can be configured on some network devices to restrict network access to only those devices listed.

9. B and C. Explanation: ARP requests are sent as broadcasts: (1) All nodes will receive them, and they will be processed by software, interrupting the CPU. (2) The switch forwards (floods) Layer 2 broadcasts to all ports. A switch does not change its MAC table based on ARP request or reply messages. The switch populates the MAC table using the source MAC address of all frames. The ARP payload is very small and does not overload the switch.

10. D. Explanation: A switch virtual interface (SVI) is a logical interface associated with a specific VLAN. This logical interface can have an IP address assigned to it to allow for routing packets between VLANs or for remote management purposes. Routed ports are not associated with any specific VLANs and are configured on a single physical interface similar to an interface on a router. EtherChannel is used to combine multiple physical links into a single logical link in order to aggregate the bandwidth of the links.

2. C. Explanation: With a separate DSL connection to another ISP, the company will have a redundancy solution for the Internet connection, in case the leased line connection fails. The other options provide other aspects of redundancy, but not the Internet connection. The options of adding a second NIC and adding multiple connections between the switches and the edge router will provide redundancy in case one NIC fails or one connection between the switches and the edge router fails. The option of adding another web server provides redundancy if the main web server fails.

3. A and E. Explanation: Maintenance threats are types of physical threats to the network. They include routine maintenance tasks that, if ignored, could lead to disruptions in service. Examples include poor documentation, lack of spare parts, and using improper procedures when working with hardware. Unconditioned power is an example of an electrical threat, temperature extremes are an example of an environmental threat, and physical damage is an example of a hardware threat.

4. D. Explanation: A vulnerability is a weakness in the security of the network. Vulnerabilities include technology weaknesses such as the inherent insecurity of the Telnet protocol, configuration weaknesses such as a router configured with a weak password, and policy weaknesses such as a security policy that doesn’t define a password policy. Threats involve people with the knowledge and motivation to take advantage of vulnerabilities in the network, such as a disgruntled employee with access to the network.

5. B. Explanation: A worm is a computer program that is self-replicated with the intention of attacking a system and trying to exploit a specific vulnerability in the target. Both viruses and Trojan horses rely on a delivery mechanism to carry them from one host to another. Social engineering is not a type of malicious code attack.

6. C. Explanation: Authorization is what assigns levels of right to users of a network resource.

7. C. Explanation: The login local command designates that the local username database is used to authenticate interfaces such as console or vty.

8. C. Explanation: The ping 127.0.0.1 command is used to verify the proper operation of the TCP/IP protocol stack from the network layer to the physical layer and back. The operation of this command does not actually put a signal on the network media.

9. B. Explanation: The result shows a number of things. There are 11 hops between the workstation and the website (www.cisco.com). The first entry is the immediate router (default gateway) and the last entry is the website itself (see the IP address). Thus, the total number of hops is 11. The IP address of the next hop (router) is 192.168.10.254. The second router is not responding to the ping command, but is operational. A ping to the website takes 63 milliseconds. Tracert sends three pings, with the time 65/58/66.

10. A. Explanation: ! mark is the icon used to show transfer is in progress.