Are you ready for the CCNA exam? Test yourself with these questions
Infosec and Cyber Work Hacks are here to help you pass the CCNA exam! For today’s Hack, Wilfredo Lanz, Infosec boot camp instructor in charge of Cisco’s CCNA certification, walks us through four sample CCNA questions, walking through each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. And the only way you’re going to see it is by staying right here for this Cyber Work Hack!
0:00 - CCNA exam sample questions
1:31 - Different types of CCNA exam questions
3:34 - First CCNA exam sample question
8:34 - Second CCNA exam sample question
13:52 - Third CCNA exam sample question
20:47 - Fourth CCNA exam sample question
25:22 - Infosec CCNA boot camp practice exam
27:04 - Advice for CCNA exam day
28:46 - Outro
Learn more about the CCNA: https://www.infosecinstitute.com/training/ccna/
Transcript
Infosec and Cyborg hacks are here to help you pass the CCNA exam. For today's hack, wilfrid Alance, infosec's Bootcamp instructor in charge of Cisco's CCNA certification, walks us through four sample CCNA questions. He brings them up on the screen and he walks through each of the answers and discounts the wrong ones with explanations and reasons for doing so, which allows you to reach the right answer in a logical and stress-free way. It was really mind-blowing. I really enjoyed watching it. The only way you're going to see it is by staying right here for this Cyberwork hack.
Hello and welcome to a new episode of Cyberwork hacks. The purpose of this spin-off of our popular Cyberwork podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize Infosec products and training to achieve your work and career goals. My guest today, wilfrid Alance, is an Infosec instructor and he is the go-to person for Infosec study materials for the foundational Cisco certification, which is the Cisco Certified Network Associate, or CCNA. So for today's Cyberwork hack, wilfrid Alance has brought some practice questions, and these are similar to the type that you would find on the CCNA, and we're going to break them down together in order to hopefully give you some tips for making the most informed answer every every time you make an answer. So thank you for joining me today, wilfrid.
Oh, absolutely, thank you. My pleasure to be here.
My pleasure to have you. So, wilfrid, for people who are just thinking about taking the CCNA for the first time, can you break down the different types of exam questions on the CCNA? Is this a hands-on exam, a multiple choice, or is it somewhere in between?
In between, but I would say is mostly hands-on. The exam includes some labs in which you have to execute some commands to configure a device or to verify a configuration, but also many questions on the exam include exhibits. They show you an output of a switch or a router or a diagram of a network configuration and then having a good understanding, a hands-on understanding, of how that was configured, what is the meaning of the output, understanding how to read those commands and then the next execution is critical to be successful on the exam.
Yeah, so I'm assuming that means that there is some sort of a virtualization component to the exam, where you're actually sort of moving things around and actually doing the hands-on work while you're taking the test right?
Absolutely, that is part of the exam.
Okay, great, well, so I think the best way to get a feeling for each of these types of questions is to run a couple of example exam questions. That's enough to supply us with four sample CCNA exam questions. So I'm going to have Wilfredo share his screen here, and we've got a PowerPoint here, and Wilfredo let's sort of talk through some ways that the test takers can be parsing these problems.
Absolutely. Let me share my screen here right and then see if we can do that right.
All right, so here we go we have. This is Wilfredo's first of four sample questions. So, wilfredo, I'll have you take it away. What are we looking at here?
So this is a good example of the type of questions you get on the CCNA exam. This is the output of a routing table on a router. It's something that we emphasize a lot during the bootcamp how to read the routing table, where to find the information that you need to answer this type of question. So if you look at the question here right, they specifically refer to the exhibit, right, which is this here, and then they're saying that a packet is being sent across router one. So router one this is the exhibit for the routing table of router one and the packet is being sent to this host with this IP address. That is a very important piece of information here. So they're saying this packet is being sent to this address and the question is to which destination does the router send the packet? So all that information is here. It's our job to know how to read this routing table right, yes, to find that the correct answer. So the first approach you want to do here is to see where, if the packet is going to this address, on which route here on this routing table, we can find that address and then we can see what is the best match. So we look at this that the address starts with 172.16. So right away, we cross out all these ones here, right, because they start with 207.165. So we know that this can. There is no match there, right? Yes? And then there is a route here, a class full, that is, with two subnets. Right, there are specifically two routes that include the 172.163, this one here and this one here. All right, so we found two possible answers. So the next question is okay, if that IP address is included in these two routes, which one will be the best answer to the exam? And that's something that we emphasized a lot during the bootcamp, right, that the best route will be the match with the longest prefix, which is going to be this one here. So this, even though this is valid, this is best. All right, so the one with the longest prefix is this one. So when we look at that route, then we look at that line here and we see that the packet will be sent via 207.165.200.254. And the exit interface to send the packet will be serial 001. All right, so we know exactly what is the best match.
We come down here and we see that this one here is the same as this here. But be careful, because the exit interface does not match. So we know this is not the answer. So we go to the next one. This has a 246. Here we know we're looking for a 254. No, the answer. 212.50 again, we're looking for a 254. It's not the answer. And then D over here says that it will be sent via 207.165.200.254,. Right, with this serial 001 as the exit interface. So we got the right answer and we know which is very important why the other ones are wrong.
So this is a good example, for the example, absolutely. Yeah, so if you look at the answer there, it is indeed letter D. Yeah, that's interesting. So there it is, answer D. Very good, that's incredibly helpful, and that's exactly what I know people are going to be very interested in finding out is how to narrow these things down, because there are a couple that look very similar there, and so that's a very good distinction. So, okay, so we've definitely got the memo on that one. Well, frito, can you jump to the next question here?
So the next one. Again, there's a lot of these questions have exhibits like this one here. Right, it tells you that they show you an access list that has been applied to the VTY lines on a router, right, or an old switch, and then they tell you that PC1, using these address which is the one here, right, yes, it's denied, very important tell net access and they want to deny that. So that part, they want it. However, right, they are saying that PC2 would tend to do too. It's also been denied and it seemed that they want to fix that. So they want to deny this IP. But they want to allow this, and this is a classic on Cisco, right? They tell you, well, why is this being denied? And there is no other information there? Right, we approach this with the same understanding, right, that we have of how access list work. Right, and the bottom line here, right, to be able to answer this question is to understand that an access list must have at least one upper mid a statement, because if the access list does not have at least one permit a statement, it will explicitly deny an IP address like this one here and it will implicitly deny everything else, Right, Okay, so that's the problem here Interesting Whatever is now explicitly allowed, explicitly permitted, it will be implicitly denied.
So based on that, then we look at the possible answers right and again this will require that something we do in the bootcamp we emphasize the important, we highlight the critical factors to understand these questions. For example, D over here says that we should remove the access class one from the line VTY and apply that to line con. This means the console. So this cannot be the answer because this is telnet access and we do telnet access through the VTY lines and not through the console. So this one is wrong because of that. So no, D cannot be the answer.
Then we look at all the options like A. A says to remove access class one, in that in mean in the inbound direction, right, and apply out, that means on the outbound direction. However, that cannot be the answer because they are talking about access and access means inbound, right. Access is inbound, so outbound. No, that cannot be the answer. Then they go and say okay, how about V?
V says that to use the IP access group command. No, access class command. You see, this is a legit command. I mean, it's all good, but that command is used to apply an access list on a physical interface or sub interface, it never it cannot be used on a telnet line, on a VTY line like this one here. So based on our understanding, this will not work either. Then we now go to C. C says add this command, access list one, permit any. And you see, this does not include the specific IP address that I mentioned in here. But when you do this, that will be a second command here that the router is going to use, and if the IP address is 10111, it's going to be denied here. If it's different and this is different then it's going to be permitted by this.
Okay. Yeah, so you're basically giving permission to everything except 10111 at that point.
Absolutely. One thing we tell students here is there are many different ways to solve the problem. Don't think about those. The choice is given, work with the choice is given, and the best answer here will be C.
Okay, fabulous, oh yeah, that's great. That also really gives you a good insight into how, practically speaking, you would do this in a real-world scenario. So that's excellent, absolutely All right. So let's move on to question three here.
So for this one the answer is C, right, yes, you got it right.
Okay, here we go.
Number three so the next one is also an exhibit and most questions on the CCNA exam are going to be exhibits of a diagram or an output. Right On this one, they show you a network diagram with two routers that are directly connected. Right, or they show you the interfaces being used for that connection and they tell you the output of the running configuration for router one and the output of the running configuration for router two. And they're saying look, these two routers cannot become neighbors. Right, you need to find the problem. Which configuration is preventing the OSPF-nabled relationship from being established between these two routers? Bottom line is these routers should be OSPF-neighbors but they are not. And they are saying look at this here, look at this here and, given these options, what is the reason these routers are not OSPF-neighbors? Right, and again, we emphasize all these details. We go line by line in the bootcamp how to read these configurations and what the requirements are for routers to become neighbors, and we do the actual labs troubleshooting to find out, when they are not neighbors, what the problem may be. So in this case, we use that knowledge from the bootcamp to address this type of question.
On this one, we can go from the bottom up and this says that Router1 has an incorrect network command for interface gigabit 1.0. All right, so we are talking Router1 over here and we see the network command, which is this one over here. Right, it says 182.168.01, with that mask on area zero. Then we look at the IP address right on that interface and we see that this is all right. This command here is compatible with the IP address configured on that interface. So this is not a problem.
So we need to look for something else. Again, we look at the IP, we look at the command. It matches, it's all good. Then we go to okay, so that's not the answer. We go to the next one. He says that Router2 should have his network command in area one. All right, so we now look at the output for Router2. On Router2, we look at the network command and it says that the network command, this network, is on area zero, no one. So for them to become neighbors they must both be on area zero. Because this is on area zero. So this cannot be the answer. Area one actually will prevent them.
Those two are working fine.
Okay, yeah, so this is not the answer either. So we go to B. B says that Router2 is using the passive interface default command. All right, so let's look at that output here. That is true, the Router2 is using the passive interface default command and this will prevent actually routers from becoming neighbors. But here they also have a command saying that even though we want all the interfaces to be passive, this command here.
No passive interface, gigabit to zero is this one here. So we are making an exception for the passive interface for gigabit zero zero. Bottom line for gigabit two zero. So the bottom line is that gigabit two zero is not in passive mode. So this cannot be the problem. So we actually rule out B, c and D. That's something we emphasize a lot. Know why those are wrong answers. And then we go to A and A says that Router 1 interface gigabit 1.0, has a larger MTU size. All right, so let's take a look at these then. Right, y, a may be the correct answer. A says that MTU is 1600. All right, so we look at Router 2 and there is no MTU here. Yes, so basically this is part of what we do in the boot camp Multiple times. We emphasize this right. The running configuration will not show the default settings. It will show only when you have manually changed some of those settings right OK.
Modified them In this case because the running configuration does not show any MTU value on this interface. It must be using the default, which is 1500. So if it's using the default 1500 and somebody changes to 1600, that is the reason these routers are no neighbors, OK. So, again as important for a student to know why this is the right answer, equally important is to know why these are wrong, and that's something we emphasize very much during the practice. Right? Yes, so in this case, the answer then is A. There it is.
Very good, ok, yeah, and I think that's something that a lot of people. They get overwhelmed by all four of them and you can maybe eliminate one or two easily, but once you've got it down to three things that don't work. It really does sort of clarify what's being asked of you. So that's great.
Absolutely so. One more yes.
Let's do a fourth here.
Yeah, this one another exhibit. Again, the most common type of questions are like this right, it's civics of configuration diagrams. So that's why we emphasize so much how to read these outputs and really the only way to know that is by doing labs, right. Yes, on the lab, learn how to do this, right. So this one is saying that this output here is the result of executing this command Show IP OSPF interface that has been executed on router one. Right, they're asking you, based on this output, how is OSPF configured? So, again, this was executed on an interface and they're saying what is correct here, based on that right. So we can go from the bottom up again, understanding why these answers are wrong and which one is correct. Yes, so Delta here says that the interface is not participating in OSPF. Well, they run this command on the interface and they got OSPF output. This is not true. Yes, because if the interface is not participating in OSPF, you shouldn't get anything all blank. But you got OSPF output here. So Delta is not the right answer.
Then C says that a point-to-point network type is configured. Well, again, based on our understanding, what we do during the boot camp, we there, we will know that if the network is point-to-point. There is no designated router or backup designated router in a point-to-point network. So because there is a designated and a backup designated router, that means that this is not a point-to-point network. So that rules out. See them, this is a broadcast or multi-axis. It's not point-to-point. So we know that. Because, again, based on the output, then B says that there are six OSPF neighbors on this interface. Well, that's something that we can verify, it on the output. And the output says that the neighbor count is three. You see that, no six. So that rules out. B then right, there are three neighbors, no six.
Then we go to this one here that says that the default hello and the timers are in use. This is the output on that specific interface and it's saying that the hello timer is 10 and the dead timer is 40. Something that we verify many times during the boot camp week running these commands that these are the default value. So, based on that, output them a. It will be the correct answer. Again, because we practice, we run the commands. This may be a little confusing the first time you go to see these questions, but after a few days you will be good.
Can I ask about answer B there there's six OSPF neighbors on this interface and I noticed that it says neighbor count is three but also that adjacent neighbor count is three. I'm assuming those two are not meant to be added together, Because that also adds up to six when you look at both.
Oh, good point, Actually, great point. No, typically this is going to be the same In most cases. It could be different, but the adjacent and neighbor could be different in OSPF, but they're referring in this case to the same three.
The actual neighbor.
Okay good observation there.
Okay, I figure you know, sometimes out of the mouths of babes you know comes in. I don't know anything about this stuff. So anything that looks unusual I'm going to, I'm going to bring it up, but okay, well, this is great.
So I'm going to. I'm going to stop the share here and I have a couple last questions for you. So, Wilfredo, infosex, CCNA boot camp ends with a practice exam before the exam. Is that correct? Can you tell us how that works and whether this practice exam helps you to retain knowledge better than the one? Once it's the moment of truth, take the actual exam.
It is very important, it is critical that the students do the practice exams. No ones, but multiple times is needed if needed, because with a practice exam you see, having a good understanding of the CCNA content is very important. But developing testing skills, knowing how to read between the lines, ruling out wrong answers, that is what you learn with the infosex practice exam. And I will tell people never, never, go to the CCNA the actual real exam without doing the practice exam multiple times. It will help you tremendous the time you take the actual exam.
Yeah, yeah. And I think also I mean not just learning how to deduce answers, but also to completely understand how the how the exam is structured right. Like if you know if it's never going to be more than one answer, then you you'll know that by taking practice exams, if it's sometimes more than one answer is possible. Like, sometimes you can get really tripped up by just not knowing a nuance that's in the test, but that if you've seen it, if you've not seen it for the first time you're getting, you could get dinged for something that's not even your fault. Yeah, absolutely, yeah, absolutely. So, all right, this has been great. So, as we wrap up this episode, wilfredo, what's your best piece of advice for the day when you're going to take the CCNA exam?
So the day you're going to take the exam, you must have been, you know, doing multiple labs and practice questions. So one of the things that you are going to get is confidence. Right, you are going to feel confident. So just relax, feel confident that you can do that thing right, that you can get that exam. You know, get your certification. And during the exam, it always happened that you may get one or two questions on a topic that you have no idea. They do that. So don't get upset, remain cool, answer the best. You can, go to the next one and you will see that, if you have done your homework, you will get your certification.
Speaking to ones that you know nothing about. Is there any weight or preference answering, just answering based on your best guess versus not answering at all? Is there any benefits in not answering if you don't know?
You do not get penalized for one answer, so you do want to answer, and that's that's when we went over those questions. We always emphasize ruling out the wrong answer, because if you can rule out one or two, then you get better chances. If you have to guess, you know only between two instead of four. Right, so right.
Oh, it's fantastic. Well, fredo Lance, thank you so much for taking some of the mystery out of the CCNA exam. This was a whole lot of fun and I really appreciate it.
Absolutely. Thank you, Chris.
And thank you all for watching this episode. If you enjoyed today's video and felt it really helped you, I hope you'll please share it with your colleagues on forums, on your social media accounts, anywhere, let people know that you really like this and definitely subscribe to our podcast feed and our YouTube page. You can just type in cyber work info sec into any of those places and you'll be well on your way. And there's plenty more to come, including several more from Wilfredo here. So if you have any topics that you'd like us to cover, please drop them in the comments below. We'd love to hear from you and until then, we will see you next time and happy learning.
Subscribe to podcast
How does your salary stack up?
Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.
Weekly career advice
Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.
Q&As with industry pros
Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.
Level up your skills
Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.