cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1323
Views
16
Helpful
11
Replies

Need help with practice questions

Hi Guys,

I was doing a practice test and I am unsure about the four questions mentioned below. Can anyone please help in giving the correct options for the questions?

All four question images are uploaded to the below link.

 https://imgur.com/a/mkjm11T

1 Accepted Solution

Accepted Solutions

"I think for 1st it will be A. Though I am not sure why we need to create a route if both routers are directly connected."

I would agree A is correct.  Information provided, is missing precise information on how the routers are connected.

Likely what you have is something like: 192.168.2.0/24 RtrFloor1 #.#.#.#/# RtrFloor2 192.168.3.0/24

Is so, as routers only know of directly connected networks, you need to inform RtrFloor1 about and how to reach 192.168.3.0/24 and inform RtrFroor2 about how to reach 192.168.2.0/24.  That can be accomplished by using static routes.

"I don't have any clue about the second question."

Laugh, fair enough answer.

What we want to insure is that the two hosts are in different VLANs, V10 for port 7 host and V20 for port 9 host.

We're also told hosts don't tag their frames, so frames to/from switch should be untagged too.  That eliminates answers A and E.

Answer C says port is without a VLAN (like a L3 switch routed port), but if so, a host connected to it would also not be in a VLAN, which is one of our requirements.

This leaves answers B and D, which also correctly match the VLANs desired for ports 7 and 9.

What also might be confusing, and not really relevant to answering the questions, the link between port 1 on the edge switch and the firebox switch, might be a Cisco trunk port, which allows one of the VLANs, on the trunk to be untagged.  By default, with Cisco, that's VLAN 1, but it can be changed to any other VLAN.  (Cisco calls untagged VLANs, on a trunk port, the "native" VLAN.)

"for 3rd it will be A since FW needs to know how to reach 10.0.20.0/24 as it is a different subnet."

Correct, but not so much a different subnet but one not directly connected to the Firebox (similar to 1st question resolution).

"And for the 4th I think it will be A and B because the other three don't make sense as per the question."

Likely that's the correct/intended answer.

Reason I say likely, the server's default gateway could, indeed, be misconfigured (answer B), or it might be not present/configured at all.  These are not exactly the same, because if the router at 10.0.2.254 was proxy enabled on 10.0.20.0/24, a non-configured gateway should work fine.

Further, for answer D it's unclear about "needs an IP address in the 10.0.10.0/24 network." means, because you could have one or more host routes to specific IPs in the 10.0.10.0/24 (e.g. 10.0.10.2/32, 10.0.10.200/32), but, of course, only such specific defined hosts IPs, in 10.0.10.0/24 would be reachable.

Just for extra learning, you could also have part of the 10.0.10.0/24 network as a route (e.g. 10.0.10.0/28, 10.0.10.128/25, ), you might have a super network (e.g. 10.0.0.0/16), or you might have just a default route (e.g. 0.0.0.0).  Each of these, could get traffic to the 10.0.10.0/24 network, but each has its own implications, and these, are not really what answer D describes.

All in all, you did well.  Hopefully the above helps your understanding.  If you have additional question, please post them.

View solution in original post

11 Replies 11

Hello,

the answer(s) to the first two questions:

A/Add a static route to both the Floor 1 and Floor 2 routers

A/Configure port 9 as Vlan 20 tagged
D/Configure port 7 as Vlan 10 untagged

As for the remaining questions, is that a Watchguard Firebox exam ? On Cisco devices, you would not need any static routing, as the networks are all directly connected.

Hi George,

Thanks for replying. This is the internal test in our company, we can get different OEM firewalls and switches questions. No OEM is fixed. What do you think will be the answer for the 3rd and 4th if we replace firebox with a router?

Hello,

in that case (replacing the Firebox with a (Cisco) router), you would not need any routes at all, since (as it looks like from the picture) the networks are local and directly connected.

But since you are supposed to answer the question as is, I'll look into the Watchguard config for these devices...

Joseph W. Doherty
Hall of Fame
Hall of Fame

And what do you believe the answers should be, and why?

I think for 1st it will be A.

for 3rd it will be A, since FW 10.0.2.254

And for 4th I think it will be A and B

Uh-huh, but why did you select those answers?

Reason I ask, why you selected the answers you do, insures you truly understand the correct answers, or perhaps us help explain, to you, why a wrong answer is wrong.

No idea for 2nd question?

Hi Joseph,

I didn't submit that but the options I mentioned in the above comment I think are correct.

I think for 1st it will be A. Though I am not sure why we need to create a route if both routers are directly connected.

I don't have any clue about the second question.

for 3rd it will be A since FW needs to know how to reach 10.0.20.0/24 as it is a different subnet.

And for the 4th I think it will be A and B because the other three don't make sense as per the question.

Also, I don't have any clue about the second question.

"I think for 1st it will be A. Though I am not sure why we need to create a route if both routers are directly connected."

I would agree A is correct.  Information provided, is missing precise information on how the routers are connected.

Likely what you have is something like: 192.168.2.0/24 RtrFloor1 #.#.#.#/# RtrFloor2 192.168.3.0/24

Is so, as routers only know of directly connected networks, you need to inform RtrFloor1 about and how to reach 192.168.3.0/24 and inform RtrFroor2 about how to reach 192.168.2.0/24.  That can be accomplished by using static routes.

"I don't have any clue about the second question."

Laugh, fair enough answer.

What we want to insure is that the two hosts are in different VLANs, V10 for port 7 host and V20 for port 9 host.

We're also told hosts don't tag their frames, so frames to/from switch should be untagged too.  That eliminates answers A and E.

Answer C says port is without a VLAN (like a L3 switch routed port), but if so, a host connected to it would also not be in a VLAN, which is one of our requirements.

This leaves answers B and D, which also correctly match the VLANs desired for ports 7 and 9.

What also might be confusing, and not really relevant to answering the questions, the link between port 1 on the edge switch and the firebox switch, might be a Cisco trunk port, which allows one of the VLANs, on the trunk to be untagged.  By default, with Cisco, that's VLAN 1, but it can be changed to any other VLAN.  (Cisco calls untagged VLANs, on a trunk port, the "native" VLAN.)

"for 3rd it will be A since FW needs to know how to reach 10.0.20.0/24 as it is a different subnet."

Correct, but not so much a different subnet but one not directly connected to the Firebox (similar to 1st question resolution).

"And for the 4th I think it will be A and B because the other three don't make sense as per the question."

Likely that's the correct/intended answer.

Reason I say likely, the server's default gateway could, indeed, be misconfigured (answer B), or it might be not present/configured at all.  These are not exactly the same, because if the router at 10.0.2.254 was proxy enabled on 10.0.20.0/24, a non-configured gateway should work fine.

Further, for answer D it's unclear about "needs an IP address in the 10.0.10.0/24 network." means, because you could have one or more host routes to specific IPs in the 10.0.10.0/24 (e.g. 10.0.10.2/32, 10.0.10.200/32), but, of course, only such specific defined hosts IPs, in 10.0.10.0/24 would be reachable.

Just for extra learning, you could also have part of the 10.0.10.0/24 network as a route (e.g. 10.0.10.0/28, 10.0.10.128/25, ), you might have a super network (e.g. 10.0.0.0/16), or you might have just a default route (e.g. 0.0.0.0).  Each of these, could get traffic to the 10.0.10.0/24 network, but each has its own implications, and these, are not really what answer D describes.

All in all, you did well.  Hopefully the above helps your understanding.  If you have additional question, please post them.

Hi. Are you sure about the VLAN question? I am taking the exam and have asked two people at my office and they both said to untag VLAN 10 and 20. Meaning answer B and D

Ah, a "typo" error.

Thanks catching it.

Thank you for the well explained answer to this guys questions.

Review Cisco Networking for a $25 gift card