Ccna 2 Final Skills Exam
30 community-sourced questions and answers. Free — no login.
Configure Static Routes
ip route (destination network) (destination subnet mask) (exit interface)
Configure Default Routes
ip route 0.0.0.0 0.0.0.0 (exit interface)
Steps to configure OSPFv2
1. create OSPF and name process ID 2. create router-id, such as 1.1.1.1 3. create network statement(s) for area 4. prevent routing updates on LAN interfaces 5. optional - OSPF cost 6. optional - bandwidth
Steps 1-4: Configure OSPFv2
R2(config)# router ospf 10 (process ID) R2(config-router)# router-id 2.2.2.2 R2(config-router)# network 192.168.10.104 0.0.0.3 area 0 R2(config-router)#passive-interface g0/0
Steps 5-6: Configure OSPF cost of link and bandwidth
R2(config)# int s0/0/0 R2(config-if)# ip ospf cost 7500 R2(config-if)# bandwidth 128
Steps to configure VLANs on switches
1. name VLANs 2. configure trunk ports 3. configure access ports 4. shut down unused ports 5. configure management VLAN 101
Step 1. Name VLANs on switches
S1(config)# vlan 45 S1(config-vlan) name finance
Step 2. Configure trunk ports on switches
S1(config)# int g1/1 S1(config-if)# switchport mode trunk S1(config-if)# no shut
Step 3. Configure access ports on switches
S1(config)# int f0/10 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 45 S1(config-if)# no shut
Step 4. Configure unused ports as access ports and shut down
S1(config)# int range f0/1-9, f0/11-14, f0/16-24 S1(config-if-range)# switchport mode access S1(config-if-range)# shutdown
Step 5. Configure management VLAN 101
S1(config)#ip default-gateway 192.168.101.1 S1(config)#int vlan 101 S1(config-if)#ip address 192.168.101.2 255.255.255.0
Steps to configure DHCP Server
1. exclude range of static addresses 2. configure address pool name 3. define address range with network statement 4. define default gateway 5. optional - define dns server
Step 1: Exclude static address on DHCP Server
R1(config)#ip dhcp excluded-address 192.168.45.1 192.168.45.20
Step 2: Create the address pool name for the DHCP server
R1(config)#ip dhcp pool VLAN45
Step 3: Use a network statement to define the DHCP server with the range of available addresses
R1(dhcp-config)#network 192.168.45.0 255.255.255.0
Steps 4 & 5: Define default gateway & dns server on DHCP Server
R1(dhcp-config)#default-router 192.168.45.1 R1(dhcp-config)#dns-server 192.168.18.100
Steps to configure static NAT
1. create mapping between inside local and inside global addresses 2. configure interface as inside 3. configure interface as outside
Step 1: Translate inside source static local address to inside global address - NAT
R2(config)#ip nat inside source static 192.168.18.46 198.51.100.14
Steps 2 & 3: Configure interfaces participating in the translation as inside (connects to inside network) or outside (connects to outside network) relative to NAT.
R2(config)#interface g0/0 R2(config-if)#ip nat inside R2(config)#interface s0/1/0 R2(config-if)#ip nat outside
Steps to configure dynamic NAT
1. define pool of inside global addresses 2. configure a standard ACL to permit inside local addresses to be translated 3. bind the ACL to the pool 4. configure inside interfaces 5. configure outside interfaces
Step 1: Configure a pool of public addresses for dynamic NAT
R2(config)#ip nat pool INTERNET 198.51.100.3 198.51.100.13 netmask 255.255.255.240
Step 2: Configure a standard access-list (ACL) to permit addresses to be translated using dynamic NAT
R2(config)# access-list 1 permit 192.168.45.0 0.0.0.255
Step 3: Bind the ACL to the pool - identify which devices (list) receive which addresses (pool)
ip nat inside source list 1 pool INTERNET
Steps 4 & 5: Identify interfaces participating in the translation as inside (connects to inside network) or outside (connects to outside network)
int s0/0/0 ip nat inside int s0/1/0 ip nat outside
Steps to create a named standard ACL
1. create named standard ACL 2. create permit or deny statement 3. link ACL to an interface
Step 1: Configure a named standard ACL, use MANAGE
R2(config)# ip access-list standard MANAGE
Step 2: create permit or deny standard ACL statement
R2(config-std-nacl)# permit host 203.0.113.18 R2(config-std-nacl)# deny any R2(config-std-nacl)# exit
Step 3: apply ACL to an interface - IN (as packets enter into the interface) or OUT (as packets exit the interface)
R2(config)# int s0/1/0 R2(config-if)# ip access-group MANAGE IN
Standard ACL rules:
1. used to permit or deny traffic only from source IPv4 addresses 2. to permit/deny 1 host, use address + wildcard, or host + address 3. to permit/deny all hosts, use any 4. ACL is applied inbound or outbound on the router interface closest to the destination of the traffic
Rules to create an extended ACL:
1. create & name access-list - use both host & destination address and wildcard 2. keyword host can be used before address so that you don't have to state the wildcard 3. keyword any can be used instead of host source address or instead of destination address 4. put a protocol after deny/permit, such as tcp 5. if you want to permit traffic back to the host from a website, use keyword established in the statement 6. an extended ACL is applied inbound or outbound on the router interface that is closest to the source of the traffic
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials