[Free] 2017(July) EnsurePass Examcollection Cisco 100-105 Dumps with VCE and PDF 191-200

2017 July Cisco Official New Released 100-105
100% Free Download! 100% Pass Guaranteed!

Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0)

Question No: 191 – (Topic 5)

Refer to the exhibit.


The DHCP settings have recently been changed on the DHCP server and the client is no longer able to reach network resources. What should be done to correct this situation?

  1. Verify that the DNS server address is correct in the DHCP pool.

  2. Ping the default gateway to populate the ARP cache.

  3. Use the tracert command on the DHCP client to first determine where the problem is located.

  4. Clear all DHCP leases on the router to prevent address conflicts.

  5. Issue the ipconfig command with the /release and /renew options in a command window.

Answer: E Explanation:

A PC will retain its DHCP assigned IP address until the lease time expires, which often times is 24 hours or more. When changes are made to the DHCP server, the client should issue the ipconfig/release and then ipconfig/renew commands to obtain a new IP address lease.

Question No: 192 – (Topic 5)



Select three options which are security issues with the current configuration of SwitchA. (Choose three.)

  1. Privilege mode is protected with an unencrypted password

  2. Inappropriate wording in banner message

  3. Virtual terminal lines are protected only by a password requirement

  4. Both the username and password are weak

  5. Telnet connections can be used to remotely manage the switch

  6. Cisco user will be granted privilege level 15 by default

Answer: A,B,D

Question No: 193 – (Topic 5)

From which of the following attacks can Message Authentication Code (MAC) shield your network?

  1. DoS

  2. DDoS

  3. spoofing

  4. SYN floods

Answer: C Explanation:

Message Authentication Code (MAC) can shield your network from spoofing attacks. Spoofing, also known as masquerading, is a popular trick in which an attacker intercepts a network packet, replaces the source address of the packets header with the address of the authorized host, and reinserts fake information which is sent to the receiver. This type of attack involves modifying packet contents. MAC can prevent this type of attack and ensure data integrity by ensuring that no data has changed. MAC also protects against frequency analysis, sequence manipulation, and ciphertext-only attacks.

MAC is a secure message digest that requires a secret key shared by the sender and receiver, making it impossible for sniffers to change both the data and the MAC as the receiver can detect the changes.

A denial-of-service (DoS) attack floods the target system with unwanted requests, causing the loss of service to users. One form of this attack generates a flood of packets requesting a TCP connection with the target, tying up all resources and making the target unable to service other requests. MAC does not prevent DoS attacks. Stateful packet filtering is the most common defense against a DoS attack.

A Distributed Denial of Service attack (DDoS) occurs when multiple systems are used to flood the network and tax the resources of the target system. Various intrusion detection systems, utilizing stateful packet filtering, can protect against DDoS attacks.

In a SYN flood attack, the attacker floods the target with spoofed IP packets and causes it to either freeze or crash. A SYN flood attack is a type of denial of service attack that exploits the buffers of a device that accept incoming connections and therefore cannot be prevented by MAC. Common defenses against a SYN flood attack include filtering, reducing the SYN-RECEIVED timer, and implementing SYN cache or SYN cookies.

Question No: 194 DRAG DROP – (Topic 5)

Drag the appropriate command on the left to the configuration task it accomplishes. (Not all options are used.)




Question No: 195 – (Topic 5)

What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.)

  1. Allow unrestricted access to the console or VTY ports.

  2. Use a firewall to restrict access from the outside to the network devices.

  3. Always use Telnet to access the device command line because its data is automatically encrypted.

  4. Use SSH or another encrypted and authenticated transport to access device configurations.

  5. Prevent the loss of passwords by disabling password encryption.

Answer: B,D Explanation:

Using a firewall is a must for networks of any size to protect the internal network from outside threats and unauthorized access. SSH traffic is encrypted while telnet is not, so it is always recommended to use SSH.

Question No: 196 – (Topic 5)

Refer to the exhibit.


A user cannot reach any web sites on the Internet, but others in the department are not having a problem.

What is the most likely cause of the problem?

  1. IP routing is not enabled.

  2. The default gateway is not in the same subnet.

  3. A DNS server address is not reachable by the PC.

  4. A DHCP server address is not reachable by the PC.

  5. NAT has not been configured on the router that connects to the Internet.

Answer: C Explanation:

Answer C is only answer that makes sense. IP routing does not need to be enabled on PC’s, this is a router function. We can see from the output that the PC and default gateway are on the same subnet. DHCP has not been enabled on this PC so it has been configured

with a static address so reaching the DHCP server is not the issue. Finally, NAT must be configured correctly or the other users in the department would also be having issues.

Question No: 197 – (Topic 5)

The following commands are entered on the router:

Burbank(config)# enable secret fortress Burbank(config)# line con 0 Burbank(config-line)# login Burbank(config-line)# password n0way1n Burbank(config-line)# exit

Burbank(config)# service password-encryption What is the purpose of the last command entered?

  1. to require the user to enter an encrypted password during the login process

  2. to prevent the vty, console, and enable passwords from being displayed in plain text in the configuration files

  3. to encrypt the enable secret password

  4. to provide login encryption services between hosts attached to the router

Answer: B Explanation:

Certain types of passwords, such as Line passwords, by default appear in clear text in the configuration file. You can use the service password-encryption command to make them more secure. Once this command is entered, each password configured is automatically encrypted and thus rendered illegible inside the configuration file (much as the Enable/Enable Secret passwords are). Securing Line passwords is doubly important in networks on which TFTP servers are used, because TFTP backup entails routinely moving config files across networks-and config files, of course, contain Line passwords.

Question No: 198 – (Topic 5)

An administrator has connected devices to a switch and, for security reasons, wants the dynamically learned MAC addresses from the address table added to the running configuration.

What must be done to accomplish this?

  1. Enable port security and use the keyword sticky.

  2. Set the switchport mode to trunk and save the running configuration.

  3. Use the switchport protected command to have the MAC addresses added to the configuration.

  4. Use the no switchport port-security command to allow MAC addresses to be added to the configuration.

Answer: A Explanation:



One can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts, hence enabling security as desired.

Question No: 199 – (Topic 5)

Refer to the exhibit.


A network technician is asked to design a small network with redundancy. The exhibit represents this design, with all hosts configured in the same VLAN. What conclusions can be made about this design?

  1. This design will function as intended.

  2. Spanning-tree will need to be used.

  3. The router will not accept the addressing scheme.

  4. The connection between switches should be a trunk.

  5. The router interfaces must be encapsulated with the 802.1Q protocol.

Answer: C Explanation:

The proposed addressing scheme is on the same network. Cisco routers will not allow you to assign two different interfaces to be on the same IP subnet.

Question No: 200 – (Topic 5)

What is the effect of using the service password-encryption command?

  1. Only the enable password will be encrypted.

  2. Only the enable secret password will be encrypted.

  3. Only passwords configured after the command has been entered will be encrypted.

  4. It will encrypt the secret password and remove the enable secret password from the configuration.

  5. It will encrypt all current and future passwords.

Answer: E Explanation:

Encryption further adds a level of security to the system as anyone having access to the database of passwords cannot reverse the process of encryption to know the actual passwords which isn’t the case if the passwords are stored simply.

Topic 6, Simulation

100% Free Download!
Download Free Demo:100-105 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 100-105 Full Exam PDF and VCE
Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply