CCNA-Study01 Flashcards
Which of the following is the most correct description about portfast?
It is the ability to shift from blocking state to forwarding state immediately
It is the ability to shorten the convergence time of STP
It is the ability to migrate from listening state to forwarding state immediately
It is the ability to shorten the time taken to restart the switch
It is the ability to shift from blocking state to learning state immediately
It is the ability to shift from blocking state to forwarding state immediately
Which of the following can control with QoS (select all that apply)
.delay .Bandwidth .load .Number of paths .Jitter .loss
.delay
.Bandwidth
.Jitter
.loss
(config) #enable password ccna
When this setting is made, which mode needs a password?
User mode Router configuration mode Global Configuration Mode Privileged mode Line configuration mode
Privileged mode
Which of the following is the protocol used during file transfer and needs a connection,?
SMTP SNMP DHCP TFTP FTP
FTP
Which of the following is HSRP’s virtual MAC address (select 2)
0C07.0000.acac 0000.0c07.ac05 0000.0c07.acac 0C07.0000.Ac05 0000.5E00.0101 0000.5E00.0105
- 0c07.ac05
0000. 0c07.acac
When there is an abnormality in the SNMP agent, which of the following is notified to SNMP manager?
TRAP GetRequest GetNextRequest SET REQUEST GetResponse
TRAP
In the switchport mode settings, which of the following can be a trunk port (select 3)
Dynamic Desirable Access server trunk Dynamic Auto Client
Dynamic Desirable
trunk
Dynamic Auto
Which are the correct WPA Descriptions (select 3)
.WPA2 Personal performs PSK certification
.Wireless LAN Security Standard
.It is a device that centrally manages access points
.PSK authentication is performed in WPA enterprise
.WPA3 is higher in security level than WPA
.RC4 is stronger than CNSA
.WPA2 Personal performs PSK certification
.Wireless LAN Security Standard
.WPA3 is higher in security level than WPA
Explanation:
Wireless LAN is provided with standards such as “WPA”, “WPA2” and “WPA3” with connection device authentication and communication encryption function.
[WPA Personal and WPA Enterprise]
WPA is called “WPA personal” or “WPA enterprise” by the authentication method used.
WPA Personal is a mode that does not use an authentication server. PSK (Pre-Shared Key: Pre-Shared Key) Authentication or SAE (Simultaneous Authentication of Equals: Simultane Equivalent Authentication) is called “WPA Personal”.
WPA Enterprise is a mode that uses an authentication server. If you are using IEEE 802.1x / EAP authentication, it is called “WPA Enterprise”.
Therefore, the correct answer · Wireless LAN security standard · WPA3 is higher security level than WPA · WPA2 Personal performs PSK certification is.
Other options are as follows.
· RC4 is stronger than CNSA
The encryption algorithm is incorrect because it is strong in the following order.
RC4
SUBNETTING On the subnetwork 192.168.2.0/26, which of the following IP addresses can be assigned to the host (select 3)
- 168.2.78
- 168.2.40
- 168.2.15
- 168.2.123
- 168.2.254
- 168.2.3
192.168.2.32
192.168.2.15
192.168.2.40
++++++++++++++++++++++++++++++
Explanation:
Convert the fourth field of the network address “192.168.2.0/26” to its binary number.
This 4th “0” will be written in binary as “00000000”.
Since this network is subnetted using /26, the upper two bits of the fourth octet are the network portion and the remaining six bits are the host portion.
Thus, the range of valid host addresses for this subnet is the fourth octet portion of the “00 000001” to The result is “00 111110”.
When this is converted to a decimal number from “1” to “62”, it can be seen that valid host addresses are in the range of “192.168.2.1” to “192.168.2.62”.
Therefore, the correct answer 192.168.2.15 · 192.168.2.32 · 192.168.2.40 is.
Other options are incorrect because they are not in the range of “192.168.2.1” to “192.168.2.62”.
Which of the following is the correct description of the access and distribution layers? (select 3)
End users directly connect to the access layer
The distribution layer is required to commicate with layer 3
The access layer aggregates the distribution of distribution layer
End users directly connect to the distribution layer
The access layer needs to correspond with Layer 3 routing
Distribution Layer aggregates access layer switches
End users directly connect to the access layer
The distribution layer is required to communicate with layer 3
Distribution Layer aggregates access layer switches
Which combination of multi-element authentication among options?
After entering your ID and password, answer the secret question
Perform retinal authentication after fingerprint authentication
Use a password that combines the number of characters and combining upper and lower case letters and symbols of alphabet
After entering your ID and password, enter the authentication code sent to your smartphone on a short message
After entering your ID and password, enter the authentication code sent to your smartphone on a short message
If multiple route’s information are listed in the routing table, which of the following information is prioritized for selecting a route to be used (Select 2)?
.Metric
.Longest match
.Administrative distance value
.The order in which they were learned
.Longest match
.The order in which they were learned
RouterA (config) #ntp server 192.168.1.254
Which is the most accurate description of this setting? (Select2)
RouterA is an NTP client Sets OSPF Sets static routing Sets IP address It is an NTP server using RouterA's own hardware clock
RouterA is an NTP client
It is an NTP server using RouterA’s own hardware clock
Which of the following are the correct descriptions of Layer 2 EtherChannel (select 2)
It is necessary to match in the opposite switch and access port mode or trunk port mode
Assign one IP address per port channel
Uses the “CHANNEL-GROUP” command
Uses the “no switchport” command
Assigns one IP address per physical interface
It is necessary to match in the opposite switch and access port mode or trunk port mode
Uses the “CHANNEL-GROUP” command
Which of the following is the correct statement about shaping.
(select 3)?
.Used to reduce delay
.Keep packets that exceed the delivery rate in queue
.Classification and marking for packets
.Processing important packets by CBWFQ and LLQ
.It is a QoS tool with a bandwidth control role
.Set the maximum number of deliverable metals available in advance
.Keep packets that exceed the delivery rate in queue
.It is a QoS tool with a bandwidth control role
.Set the maximum number of deliverable metals available in advance
Explanation:
【QoS Tool】
The function to achieve QoS is called “QoS Tool”. The QoS tool has the following:
· Congestion Management (Classification, Marking, Queing, Scheduling)
· Congestion avoidance (Red, WRED)
· Bandwidth control (shaping, policing)
Shaping is implemented on the sending side and the packet beyond the delivery rate is queued so as not to exceed the specified delivery rate, and transmitted when it becomes possible to transmit. Because it may not be sent in real time, it is a factor of delay and jitter.
If the amount of direct transmission data is low, you can permit transmission (burst) beyond the delivery rate.
Therefore, the correct answers are:
· It is a QoS tool with a bandwidth control role
· Set the maximum number of transmission rates available in advance
· Keep packet beyond the delivery rate
Other options are as follows.
· Classification and marking for packets
· Preatentially handling important packets by CBWFQ and LLQ
It is a role of congestion management.
· Used to reduce delay
Shaping is an incorrect because it causes delay and jitter generation.
Which of the following is the correct one in the description of the process ID of the OSPF. (select 3)
.Process ID can set any value from 1 to 65535
.Unable to assign multiple process IDs to a single router
.Process IDs are automatically assigned numbers from 1 to 1
.It is the number required to identify the information in the OSPF database
.All routers in the same area must use the same process ID
.Local meaningful number
.Process ID can set any value from 1 to 65535
.It is the number required to identify the information in the OSPF database
.Local meaningful number
Explanation:
The OSPF process ID is the number required to identify the information inside the router, and specifies an arbitrary value of 1 to 65535.
Because of the meaningful value, there is no need to specify the same number as other routers.
Therefore, the correct answer
· It is the number required to identify the information in the OSPF database
· Local is a number that is meaningful
• Process ID can set any value from 1 to 65535
is.
Other options are as follows.
· All routers in the same area must use the same process ID
The process ID is the number used for internal processing, so there is no need to make the same number as other routers.
• Process IDs are automatically assigned numbers from 1 to 1
Process IDs can be arbitrary values from “1 to 65535”.
· You can not assign multiple process IDs to a single router
Multiple process IDs can be assigned to one router.
Which are features of hub and spoke type. (select 2)
.Spokes can be used to facilitate access restrictions between spokes
.Using hubs can easily limit inter-spoke communication access restrictions
.Configuration to connect points 1 to 1
.Configuration via hub which is a central point in communication between point
.Configuration where all points can communicate directly
.Performance between bases via a hub which is a central base
.Use hubs to facilitate access restrictions for spoke communication
· Performance between bases via a hub which is a central base
· Use hubs to facilitate access restrictions for spoke communication
Explanation:
The hub and spoke type is a configuration that radially connects other locations centered on a site.
The central base is called “hub” and other bases are called spokes.
When communicating between spokes, it will go through the hub.
Therefore, access restrictions can be easily realized by access restrictions with hubs.
Therefore, the correct answers are:
· Performance between bases via a hub which is a central base
· Use hubs to facilitate access restrictions for spoke communication
Other options are as follows.
· Configuration that all sites can communicate directly
It is a full mesh type configuration.
· Configuration to connect between bases 1 to 1
It is a point-to-point type configuration.
· Use spokes to facilitate access restrictions for spoke communication
When communicating between spokes, be sure to pass access with hub access restrictions to facilitate access restrictions by accessing the hub. It is not a spoke access restriction to facilitate access restriction.
Subnetting
If a Class C address is subnetted using /27, which of the following would be the broadcast address for that subnet?
- 14.76.254
- 14.76.159
- 14.76.33
- 14.76.98
- 14.76.87
- 14.76.64
200.14.76.159
The Broadcast address of the class C address, which has been subnetted by / 27, is an address that is all “1”, indicating the value of the host part in binary number.
If you try all four octets of the address of the option, express them in binary numbers ….
33 → “001 00001”
64 → “010 00000”
87 → “010 10111”
98 → “011 00010”
159 → “100 11111”
254 → “111 11110”
It will be.
Because it is subnetized with / 27, the host will be 5 digits below.
Because the value of the host part is “1” is “159”, the correct answer is “200.14.76.159”.
How are ENABLE PASSWORD and ENABLE SECRET set?
.”Enable Password” is prioritized if both are set
.You need to set “enable password” before setting “Enable Secret”
.If both are set, both passwords will be required
.”Enable Password” is a command that has been added after .”Enable Secret”
.”Enable Password” is encrypted by default
“Enable Secret” is encrypted by MD5 by default
.”Enable Secret” is encrypted by MD5 by default
GRE Over IPSec VPN
Which of the following are correct descriptions of GRE Over IPSec VPN (select 2)
.Encrypts .Multicast can be used .Only Unicast can be used .Dynamic routing can not be used .Data can not be encrypted
.Encrypts
.Multicast can be used
Explanation:
GRE OVER IPSec VPN is a way to combine GRE and IPSec to build VPNs.
This allows you to build a VPN that combines the security features of IPSec and the benefits of enabling GRE multicast.
Therefore, the correct answers are:
· Multicast is available for use
· Encrypt
Other options are as follows.
· Dynamic routing can not be used
Because GRE supports multicast and broadcast, dynamic routing can be used.
· Only Unicast can be used
IPSec features.
By using GRE, multicast and broadcast also become available in addition to unicast.
· Can not encrypt data
It is a feature of GRE.
By using IPSec together, data encryption can also be performed.
Of the authentication elements, one is classified as a living element (select 2)
password
One-time password generator
fingerprint
MAC address
PIN number
retina
fingerprint
retina
Which of the following were added in SNMPv3 (select 3)
SET REQUEST .encryption .GetRequest .Message integrity .GetNextRequest .Username and password authentication
.encryption
.Message integrity
.Username and password authentication
Which of the following are the correct description of a optical fiber structure (select 2)
The core covers the cladding
Light signal passes through the cladding
Light signal passes through the core
Quartz glass is used as the core material
Copper wire is used for the core material
Light signal passes through the core
Quartz glass is used as the core material
Which is actually transferred packets or frames in network devices?
controller Service abstraction layer Data plane Control plane Management plane
Data plane
What is the benefit of using a point-to-point connection? (select 3)
.Flexible correspondence with the movement and expansion of connection points
.The contracted communication speed is guaranteed and highly available
.A dedicated line with a point-to-point connection is the cost of the WAN line service
.Communication quality is high without delay thanks to line congestion condition
.It is a simple configuration that connects the points 1 to 1
.Communication quality is high without delay thanks to line congestion condition
.It is a simple configuration that connects the points 1 to 1
.The contracted communication speed is guaranteed and highly available
Which one is explaining correctly for stateful inspection?
Intrusion detection system to network
Passing and discarding packets based on address, port number
Exchange and update route information dynamically
Network Intrusion Defense System
Monitor communication flow and deny inappropriate communication
Monitor communication flow and deny inappropriate communication
NMS sends which of the following messages to SNMP, in order to gain information?
(select 2)
TRAP
GetNext Request
Get response
Get request
SET REQUEST
Get request
GetNext Request
Which is the correct description of this command?
(Config) #LLDP HoldTime 200
Disables LLDP transmission with a specific interface
Discards the information obtained with LLDP after 200 seconds after the packets stop reaching LLDP
Sends the LLDP packet every 200 seconds
Receive LLDP with a specific interface
Makes the LLDP initialization delay time 200 ms
Discards the information obtained with LLDP after 200 seconds after the packets stop reaching LLDP
Which of the following correctly explains TFTP (select 2)
Has an encryption function
Cisco routers can operate as a TFTP servers
Has Active / Passive Mode
Does not have encryption function
You can specify a password for authentication
Cisco routers work only as TFTP clients
Cisco routers can operate as a TFTP servers
Does not have encryption function
Which of the following are descriptions about IaaS (select 2)
You can select the OS
Office 365 is an example of this
Places servers in your company and manages the servers in your company
The CPU and memory can be selected
Gmail is an example of this
You can select the OS
The CPU and memory can be selected
When the AP was added and set up manually, a decrease in communication speed and quality occurred. Which f the following can be considered as a cause? (select 2)
Assigned channels have overlaps in frequency
Connected wireless device authentication has failed
SSID and VLAN mapping is not correct
An incorrect SSID is set in the AP
The AP has not been installed in the appropriate place
Assigned channels have overlaps in frequency
The AP has not been installed in the appropriate place
When communicating between points, which configuration connects via a central point
Point-to-point
Partial mesh
Hub and Spoke
Full mesh
Hub and Spoke
Which is the correct description of a site VPN and client VPN (select 2)
The Client VPN connects to a VPN using TLS
The Client VPN is always connected
Only one terminal can communicate with site VPN
Within a site VPN, multiple terminals can use that one VPN
The Client VPN connects to a VPN using TLS
Within a site VPN, multiple terminals can use that one VPN
You want to reduce the cost of IT-related equipment currently in operation. Which one should you consider adopting?
On-premises
Cloud
WLAN
Cisco DNA Center
Cloud
Which one correctly explains the function of a switch?
A switch reduces the number of broadcast domains
The switch learns the MAC address of the devices which are directly connected
The switch operates in the physical layer
You can not set an IP address on the switch
The switch has less ports than the bridge=
The switch reduces the number of collision domains
The switch learns the MAC address of the devices which are directly connected
What should be done to activate a high priority value router regardless of the current state of HSRP?
Make the current standby’s priority value 150
Enable EIGRP
Enable preemption
Disable CDP
Set the priority value of the current active router 1
Disable preemption
Enable preemption
Select the correct command for setting static NAT with the following goal:
Convert local address 172.31.1.1 to global address 200.190.10.30
(CONFIG) #IP NAT static 200.190.10.30 172.31.1.1
(CONFIG-IF) #IP NAT INSIDE SOURCE STATIC 172.31.1.1 200.190.10.30
(CONFIG) #IP NAT INSIDE SOURCE STATIC 172.31.1.1 200.190.10.30
(CONFIG) #IP NAT INSIDE STATIC 172.31.1.1 200.190.10.30
(CONFIG) #IP NAT INSIDE SOURCE STATIC 200.190.10.30 172.31.1.1
(CONFIG) #IP NAT INSIDE SOURCE STATIC 172.31.1.1 200.190.10.30
Which one is correct about virtualized servers? (select 2)
.Can share one OS with multiple virtual machines
.You can install multiple OSs on one physical server
.Create a virtual machine using a hypervisor
.Necessary physical servers as virtual machines are required
.Can share one application with multiple virtual machines
.You can install multiple OSs on one physical server
.Create a virtual machine using a hypervisor
Which of the following is correct IPv6 notation (select 2)
FE80: 2A20: 193C: B30F: A: B: 332F: A
210.128.20.1
FE80: 143T: 5C66: 91ZZ: 4264: 35AA: 4365: 3214
FE80: 1315 :: 2245 :: 909A
2001 :: 402
FE80: 2A20: 193C: B30F: A: B: 332F: A
2001 :: 402
Explanation:
The incorrect options are as follows.
· FE80: 1315 :: 2245 :: 909A
It is incorrect because it has used “::” twice.
210.128.20.1
Separator characters are dots, which is incorrect for IPv6.
FE80: 143T: 4264: 35AA: 4365: 3214
It is incorrect because t and z are used, which are not hexadecimal characters.
What are the features of GRE Tunnel (select 3)?
.Unicast can not be transferred .Encapsulation .Support of dynamic routing .Does not encrypt .Supports multicast
.Support of dynamic routing
.Does not encrypt
.Supports multicast
Which of the following are the correct description of IPv6 address (select 3)
They are separated every 16 bits IPv6 addresses are 64 bits IPv6 addresses are 128 bits They are separated using a colon (:) They are separate every 8 bits They are seperated using dots (.)
IPv6 addresses are 128 bits
Separated every 16 bits
They are separated using a colon (:)
Which of the following field configures Ethernet frames (select 3)?
.Fcs .Destination IP address .type .Ttl .Source MAC address .Tos
.Source MAC address
.Fcs
.type
Explanation:
Ethernet frames consist of the following fields
· Preamble: bit string (10101010 repetition) for synchronizing the sender and receiver (10101010 …
SFD (Start Frame Delimiter): A mark to notify that the frame begins (10101011)
-Destination MAC address (DA: DESTINATION MAC address): Frame destination MAC address
-Source MAC address (SA: Source MAC Address): Source MAC address of the frame
· Type: Type of data carried by frame (0x0800: IPv4, 0x86dd: IPv6, etc.)
· Data: Data carried by the frame
FCS (Frame Check Sequence): CRC (Circuit Redundancy Check) Checksum Data for Frame Error (Data Defect) Detection
Which of the following are the correct description about DNS?
A protocol for requesting IP address based on MAC address
A protocol used to monitor and manage network devices
Aprotocol for requesting MAC address based on IP address
A protocol that automatically assigns IP address
A system deriving IP address from domain name
Technology to prevent switching group in switched network of redundant structure
A system deriving IP address from domain name
Explanation:
DNS (Domain Name System) is a system that supports domain names and IP addresses.
Which of the following is the benefit of QoS?
Detects failure occurrences Synchronizes time Makes default gateway redundant Improves IP phone call quality exchange dynamic routing information
Improves IP phone call quality
Which of the following is correct about local database authentication (select 2)
.Available as an AAA authentication method
.Create a database with the username command
.Can not be used for AAA
.Use the information registered on the external server
.Create a database with the service password-encryption command
Which of the following is correct about local database authentication (select 2)
.Available as an AAA authentication method
.Create a database with the username command
Explanation:
Other options are as follows.
• Create a database with the service password-encryption command
This creates a database with the username command.
The service password-encryption is a command to encrypt password.
· Can not be used for AAA
It can be used as AAA authentication method.
· Use the information registered on the external server
Using the information registered on the external server is RADIUS and TACACS + authentication, so it is incorrec
Which of the following are the correct description of the Longest Match (select 2)?
Its priority is lower than the AD value
List for filtering packets under conditions such as source IP address and protocol
Uses prefix length
Values that represent reliability for routing protocols
One of the criteria for selecting the optimal route
Uses prefix length
One of the criteria for selecting the optimal route
Explanation:
[Selection criteria for optimal route]
The optimal path is selected in this order :
1. Longest Match (Longest Match)
2. Ad value (administrative distance value)
3. Metric
Longest match is a rule that gives priority to the route of the prefix length (detailed) route of the destination network in the routing table.
Therefore, the correct answers are:
· One of the criteria for selecting the optimal route
· Uses prefix length
For example, when there are three paths below for the routing table
· Route 1: 0.0.0/0 (default route)
· Route 2: 172.16.0.0/16
· Route 3: 172.16.2.0/24
If it receives a packet addressed to the destination “192.168.1.1”, it uses route 1 as it applies only to route 1.
If it receives a packet addressed to “172.16.1.1”, it corresponds to route 1 and path 2, but it uses route 2 as the Longest Match.
If it receive a packet addressed to “172.16.2.1”, all routes are applicable, but it uses route 3 as its the longest Match.
Other options are as follows.
· Value representing reliability for routing protocol
The above is a description of the AD value.
· The priority is lower than the AD value
Longest match takes precedence over AD value.
· List for filtering packets under conditions such as source IP address and protocol
The above is a description about the access list.
Which of the following is an Internet VPN form (select 2)?
.High speed VPN .Client VPN .Secure VPN .Site-to-site VPN .Public line VPN
.Client VPN
.Site-to-site VPN
Explanation:
Internet VPN has two connection forms.
· Site-to-site VPN
The VPN end point sits in between points. A tunnel connection using IPsec is performed between the routers that become endpoints.
Client VPN (Remote Access VPN) A tunnel connection is made with the VPN device at the base where you want to connect to the client PC. VPN (SSL / TLS VPN) connections using IPSec and SSL or TLS is performed.
Therefore, the correct answers are:
· Site-to-site VPN
· Client VPN
The other options are not valid forms.
SUBNETTING
Which of the following subnet masks should you use when using a class B address and ensuring at least 300 subnets with 50 host per subnet. (select 2)?
- 255.255.192
- 255.255.0
- 255.255.224
- 255.248.0
- 255.255.128
- 255.252.0
- 255.255.192
- 255.255.128
Explanation:
First, to secure 300 subnets and 50 hosts, we must calculate the required number of bits.
To create 300 subnets, the formula “n squared of 2 ≥ 300” is used to calculate n ≥ 9.
In other words, you can create 300 subnets if you have at least 9 bits.
Next, to prepare 50 hosts, it is the formula of “2 N-2 50 50”, and it is 6 at N ≧.
If you have 6 bits or more, you can prepare 50 hosts.
Subnet masks that meet these two conditions are correct.
“255.255.255.128” will be when converted to a binary number and “11111111 11111111 11111111 10000000”.
The third octet 8-bit + fourth octet is used as the sub net part and 7 bits of the remaining fourth octets as the host.
Therefore, the above condition is met, so it is correct.
“255.255.255.192” is converted to binary number to “1111111111111111111111111111111111111 11000000”.
Using 2 bits of 8-bit + fourth octets of the third octet and 6 bits of the remaining fourth octets as the host.
Therefore, this subnet mask also meets the above conditions as it meets the above conditions.
Which of the following protocols used for monitoring network devices can achieve the highest security level?
Ssh SNMPv2C Tftp SNMPv3 Telnet
SNMPv3
Which information can be confirmed by LLDP (select 3)?
.OS information of adjacent devices .Interface of adjacent device .VTP domain Name of adjacent device .VTP password for adjacent devices .Administrative device management address
.OS information of adjacent devices
.Interface of adjacent device
.Administrative device management Address
Explanation:
LLDP is an “IEEE standard protocol” that sends a frame with its own information on adjacent devices.
LLDP can check the following information:
· Port ID (adjacent device interface)
· System name (host name of adjacent device)
· System Description (OS information of adjacent device)
· Time Remaining (the number of seconds to hold LLDP information)
· System Capabilities (Device Type of Adjacent Device)
· Management Addresses (Administrative Device Administration Address)
Therefore, the correct answers are :
· Interface of adjacent device
· OS information of adjacent device
· Admin address of adjacent device
Other options are as follows:
· VTP domain name of adjacent device
· VTP password for adjacent devices
Because VTP is a Cisco proprietary protocol, LLDP, an IEEE standard does not contain VTP information.
Which command should be used to wait for LACP negotiation from the other party without starting the negotiation by LACP?
channel-group 1 mode auto
channel-group 1 mode desirable
channel-group 1 mode passive
channel-group 1 mode active
channel-group 1 mode on
channel-group 1 mode passive
Explanation
To wait for LACP negotiation from the other party, set the mode to “Passive”.
Which is selected if the route to the same destination is learned by the following three routing protocols?
RIP: Hop Count 1
OSPF: Cost 66
EIGRP: Metric 2174976
The route learned by OSPF
The route learned by EIGRP
Load balancing with the routes learned by OSPF and EIGRP
Load balancing with the routes learned by RIP and OSPF,
Load balancing with the routes learned by RIP and EIGRP
Load balancing with the three routes
The route learned by EIGRP
Explanation:
If you learn a route to the same destination in multiple routing protocols, the routing protocol route with the lowest value (AD value) called Administrative Distance is used in the routing table.
AD value (administrative distance value) is a value that represents the reliability of the routing protocol. If routing information for the same destination network is learned by multiple routing protocols, use route information learned by the low AD value routing protocol.
Comparing the AD value of RIP, OSPF, EIGRP, since the value of EIGRP is lower, the route learned by EIGRP is selected. The metric (hop count and cost) is the value used for route selection if multiple paths are learned in the same routing protocol.
Therefore, the correct answer is:
· Route learned by EIGRP
Other options are as follows:
· Route learned by OSPF
These AD values are higher than EIGRP.
· Load balancing with RIP and OSPF route
· Load balancing with RIP and EIGRP route
· Load balancing with OSPF and EIGRP route
· Load balancing with three routes
It is incorrect because it does not perform load balancing using routes learned by different routing protocols.
Which command changes the severity level of Syslog message to “Warning”? (select 2)
.(Config) #logging Trap 5 .(Config) #logging Console 4 .(CONFIG) #Logging Monitor 5 .(Config) #logging Trap 4 .(Config) #logging buffered 3 .(Config) #logging Monitor 3
.(Config) #logging Console 4
.(Config) #logging Trap 4
Explanation: Other options are as follows. · (Config) #logging Monitor 3 · (Config) #logging buffered 3 These are commands that change the severity level to "error".
· (Config) #logging trap 5
· (Config) #logging Monitor 5
These are commands that change the severity level to “notification”.
Which of the following are correct descriptions about ROMMON (select 2)?
.It is a Mode used for password recovery and iOS recovery
.Where startup-config is saved
.Where iOS is saved
.ROMMON occurs after sending a break signal within 60 seconds from turning on the router
.ROMMON occurs by setting the configuration register as “0x2102”
.ROMMON occurs after sending a break signal within 60 seconds from turning on the router
.It is a Mode used for password recovery and iOS recovery
Which object is subject to physical security measures. (select 2)?
Private Network File system Cloud environment Network device Data center
Network device
Data center
Explanation:
Physical security measures are one of the security programs.
[Main security program]
The security program has three main things.
■ Training
It is an educational program that regularly carries out users.
It should be noted that it should be aware of the system and the security policy of the organization and recognize how to act to the user.
■ User awareness (user’s awareness)
It is a program that educates attention to pay attention when the user uses system. You may want to make sure that you are taking action as learned in training
For example, there is an effort to send a person who created a simulatedly created fraudulent mail from the security department to the employee, and the person who clicked on the link in the mail is a re-training target person.
■ Physical Security Measures
It is a security program such as ID card and living room authentication, so that the user does not stand in the unlimited area.
The numerical value of “Collisions” displayed when using the “show interfaces” command is increasingly increased. Which one of these is the best reason?
Communication in full duplex CDP is disabled Using DHCP RIP is working Face and Duplex do not match
Face and Duplex do not match
Which routing protocol uses “cost” as a metric?
EIGRP rip OSPF RIP and OSPF RIP and EIGRP
OSPF
Explanation
Cost is calculated from the bandwidth of the interface. Therefore, the correct answer is: · OSPF
Port Security Protect Mode Any of the correct description (Select 2)?
.Do not send SNMP traps even if a security violation occurs
.Send SNMP trap if a security violation occurs
.After a security violation occurs, the frame of the permitted MAC address does not forward
.Even after a security violation occurs, the frame of permitted MAC address is transferred
.Transfer the not permitted MAC address frame even after a security violation occurs
.Do not send SNMP traps even if a security violation occurs
.Even after a security violation occurs, the frame of permitted MAC address is transferred
Explanation:
Other options are as follows.
· Transfer the not permitted MAC address frame even after a security violation occurs
Frames with unauthorized MAC addresses are not forwarded.
· Send SNMP trap if a security violation occurs
Sending an SNMP trap is RESTRICT mode and SHUTDOWN mode.
· After a security violation occurs, not the frame of the permitted MAC address is not forwarded
The above is the operation of Shutdown mode.
Which of the following are the correct description of VTP transparent mode (select 3)
.Does not synchronize other switches and VLAN information
.Sends your own VLAN information from the access port
.Synchronizes other switches and VLAN information
.Can create and delete VLANs
.Does not transfer VLAN information sent from other switches
.Transfers VLAN information sent from other switches
.Does not synchronize other switches and VLAN information
.Can create and delete VLANs
.Transfers VLAN information sent from other switches
Explanation:
VTP is a protocol for synchronizing VLAN information between switches.
VTP has three modes: Server Mode, Client Mode, and Transparent Mode.
Server mode is a mode in synchronizing VLAN information. It can create and delete VLANs.
Client mode is a mode in synchronizing VLAN information. It can not create and delete VLANs.
Transparent mode is a mode that does not synchronize VLAN information. It can create and delete VLANs.
Both modes transfers VLAN information from ton rank port.
Transparent mode does not synchronize, but transfers VLAN information sent from other switches.
Therefore, even if there is a switch in transparent mode between server mode switches and client mode switches, switches in server mode and client mode can be synchronized.
Therefore, the correct answers are:
· Does not synchronize other switches and VLAN information
· Can create and delete VLANs
· Transfer VLAN information sent from other switches
Other options are as follows.
• Synchronizes other switches and VLAN information
Transparent mode is incorrect because VLAN information is not synchronized.
· Sends from access port of own VLAN information
Transparent mode is incorrect because it does not send its own VLAN information.
· Does not transfer VLAN information sent from other switches
VLAN information sent from other switches is transferred.
What is the correct description of the voice VLAN settings? (select 2)
.When setting a voice VLAN, you also need settings for enabling PortFast
.It is a setting that is necessary to connect a PC and IP Phone to a single port of the switch
.CDP is disabled when you set voice VLAN
.The port voice VLAN is set to is the access port
.When setting a voice VLAN, you also need settings for enabling CDP
.it is a setting that is necessary to connect a PC and IP Phone to a single port of the switch
.The port voice VLAN is set to is the access port
Explanation:
Audio VLAN is a function to separate IP Phone and PC data into separate VLANs.
Voice traffic can be processed preferentially by setting voice VLANs and logically separating voice traffic and data traffic.
When setting a voice VLAN, you need to be aware of the following:
· The port you set voice VLAN to is the access port
• In the Voice VLAN’s setting port, you can enable CDP (CDP is enabled by default, so no CDP settings are required)
· PortFast is enabled automatically when you set a voice VLAN
Therefore, the correct answers are:
· It is a setting that is necessary when connecting the PC and IP Phone to a single port of the switch
· The port to set voice VLAN to is the access port
Other options are as follows:
· When setting a voice VLAN, you need to disable CDP
The CDP must be enabled, as it will be required by IP Phone detection and voice VLAN notification.
• When setting a voice VLAN, you also need settings for enabling CDP
CDP is enabled by default, so CDP settings are not required.
• When setting a voice VLAN, you also need settings for enabling PortFast
When you set the audio VLAN, PortFast is automatically enabled.
Which of the options is in the ERR-DISABLED state (two selected)
Connect a PC to the default state switch
Enter the “no shutdown” command on the interface
Enter the “shutdown” command on the interface
Generation of security violation
BPDU Guard Violation
Generation of security violation
BPDU Guard Violation
Explanation:
“Err-Disabled” is automatically invalidated by the switch behavior.
The main reason for Err-Disabled is as follows.
· BPDU Guard Violation (STP Operation, which is a function to prevent Layer 2 loop)
· Security violation (port security behavior that is a function to prevent unauthorized connection)
Therefore, the correct answer
· Generation of BPDU guard violation
· Generation of security violation
is.
Other options are as follows.
· Connect a PC to the default state switch
If port security is enabled, it may be an err-disabled state, but by default it is an error because port security is disabled.
• Enter the “Shutdown” command on the interface
SHUTDOWN is an error because it is a command to disable the port with “Manual”.
The SHUTDOWN state is “AdministrativeY DOWN”.
• Enter the “no shutdown” command on the interface
No shutdown is an error because it is a command to manually enable port.
The SERIAL0 interface of the router was shut down with the “SHUTDOWN” command. If you execute the “show interface serial 0” command, which of the following results is displayed.
Serial 0 is administratively down, line protocol is down
Serial 0 is down, line protocol is up
Serial 0 is down, line protocol is administratively down
Serial 0 is down, line protocol is down
Serial 0 is up, line protocol is down
Serial 0 is up, line protocol is up
Serial 0 is administratively down, line protocol is down
Explanation:
The output of the show interfaces serial0 command indicates the state of the first serial0 IS.
The next LINE PROTOCOL IS ~ part represents the state of the data link layer.
“Administratively Down” is displayed when the administrative interface is shut down.
Which of the following are the correct description of Syslog’s “Notifications” (select 2)
When an error has occurred Severity level 5 It is a common occurrence but you should consider giving it attention Severity level 3 Severity level 1
Severity Level 5
It is a common occurrence but you should consider giving it attention
Explanation:
Syslog classifies messages by severity.
Severity Level 5 “Notifications” represents a normal operation but a status that requires attention.
For example, there are changes in interface status and state changes in routing processes.
Therefore, the correct answers are:
· Severity level 5
· Is a common occurance but you should consider giving it attention
Other options are as follows.
· Severity level 3
· When an error has occurred
Severity level 3 represents an error.
· Severity level 1
Severity level 1 represents “alerts” which should be addressed immediately.
Severity level 0 to 4 are the level of equipment that affects the functionality of the device, but it does not require immediately attention.
Which of the following are the characteristics of a network using Cisco DNA Center (select 2)?
.Unwanted communication is registered in a rejection list and security is maintained
.Communication is defined by the policy
.You must verify the settings you will apply in advance
.The main constituent is the network
.Each device is managed individually
.Communication is defined by the policy
.The main constituent is the network
Explanation:
With only setting the policy describing inbound/outbound communication permissions, without consideration to kind of equipment or settings chosen on Cisco DNA CENTER, all required settings are reflected from the Cisco DNA Center to SD-Access fabric. This is a network implemented by an intent based network.
As a result, the network administrator will be able to switch the implementation of the following:
· Manage the network instead of the individual equipment
· Cearly set the communication you want to implement and the network defined in the policies.
Therefore, the correct answers are:
· The network is the main constituent
· Communication is defined by policy.
Other options are as follows.
· Manage each device individually
· In advance verification is necessary for what setting
Cisco DNA Center is automatically configured by the policy. It is not necessary to manage individual settings for each device.
· Unnecessary communication is registered in a rejection list and secuity is maintained
Cisco DNA Center allows the communications defined by the policy. It is not a denial list (blacklist) method.
SUBNETTING
Which of the following are the decimal and hexadecimal numbers converted from the binary 10111011 :
Decimal number: 191 hexadecimal: BF
Decimal number: 187 hexadecimal: BB
Decimal number: 178 hexadecimal: B2
Decimal number: 180 hexadecimal: B4
Decimal number: 187 hexadecimal: BB
Explanation:
It is useful to remember the line “128, 64, 32, 16, 8, 4, 2 and 1” to convert binary numbers into decimal numbers.
If the binary digit is “1”, add its correspondings numeric number from the above list (with mind to the order of the digits)
In this way, “10111011” is “128 + 0 + 32 +16 + 8 + 0 + 2 + 1 = 187”.
To convert from binary to hexadecimal, we will divide binary lines into the first 4 digits last 4 digits.
We will first convert the divided numbers into decimal numbers and convert it into a hexadecimal number.
Doing this, we can split “10111011” into 4 digits “1011” and “1011” . Now we convert them to decimal numbers.
In the same way as with binary conversion above convert the first 4 digit number like this “1011” is “8 + 0 + 2 + 1 = 11”, and converting “13” to hexadecimal gives “D”.
Since the lower 4 digit is the same number, it is also “B”.
Therefore, the correct answer is “0xbb”.
Two routers have been set with HSRP and the default gateway is now redundant .
Which of the following correctly describe the above situation (select 2)
.Both routers become active
.Load balancing is performed on the two routers
.PC specifies HSRP virtual IP address as default gateway
.The PC specifies the router’s real IP address as the default gateway
.Only one router is activated
.PC specifies HSRP virtual IP address as default gateway
.Only one router is activated
Explanation:
HSRP (Hot Standby Router Protocol) is a Cisco proprietary protocol that makes the default gateway redundant using virtual IP addresses and virtual MAC addresses.
The virtual IP address to be held in HSRP sets an arbitrary IP address from the free IP address that belongs to the same network as the interface to enable HSRP.
For example, if you want to enable HSRP with FA0 / 0 with an address of “192.168.1.1/24”, select and configure any IP address from “192.168.1.2 to 192.168.1.254”.
The HSRP virtual MAC address is automatically determined by the group number of HSRP (number specified at the time of setting).
Therefore, the correct answers are:
• Only one is activated `
• PC specifies HSRP virtual IP address as default gateway
Other options are as follows.
• Both become active
HSRP is incorrect because it is active / standby configuration.
Normally, the active router acts as a default gateway and the standby tower replaces the active router when the active router fails.
• Load balancing is performed on two routers
It is incorrect because only one is active.
• PC specifies the router’s real IP address as the default gateway
If you specify an actual IP address as a default gateway, you must manually specify the IP address of another default gateway when a router with that IP address has failed. It is incorrect because it can not benefit from HSRP.
R1 (config) #logging buffered [Level]
This is a command to change the output syslog level.
Which output destination syslog level changes depending on this command?
R1 own RAM
R1 own VTY
External storage location
R1 own console
R1 own RAM
Explanation:
“Logging Buffered [Level]” is a command to change the output message level to the buffer.
By entering the question command, the Syslog level saved in the R1 buffer (RAM) changes.
Therefore, the correct answer
· R1 own RAM
is.
Other options are as follows.
· R1 own console
The Logging Console command applies.
· R1 own VTY
The Logging Monitor command applies.
· External storage location
The Logging Trap command applies.
Any of the correct description about Missage Integrity Check (select 2)?
Michael, CBC-MAC, GMAC in MIC algorithm Used as Layer 2 address It is an algorithm for encrypting data WPA authentication method Used to check if the data has not been tampered with
Michael, CBC-MAC, GMAC in MIC algorithm
Used to check if the data has not been tampered with
Explanation:
Other options are as follows.
· It is an algorithm for encrypting data
The algorithm for encrypting data is “RC4” and “AES”.
· WPA authentication method
The WPA authentication method is an incorrect because it is “PSK” or “IEEE 802.1X / EAP”.
· Used as Layer 2 address
It is an error because it is a description about MAC address.
How is congestion management implemented?
.Sends routing update when path information changes
.Classifies packets and performs queuing according to priority
.Discards a low priority packet before congestion occurs and prevents congestion
.Saves SYSLOG
.Classifies packets and performs queuing according to priority
Explanation:
Congestion Management is performed by classification and marking packets for each type, allocating to the specified queue and scheduling.
Congestion management can reduce the impact on important communication even if congestion occurs.
Therefore, the correct answer is:
· Classifies packets and performs queuing according to priority
· Discards low priority packets before congestion occurs and prevents congestion
The above falls under “congestion avoidance”.
· Saves Syslog
This is not congestion management.
· Send routing updates when path information changes
The above is a description of dynamic routing.
Which of the following is correct about the congestion management policy
Uses LLQ for video and audio of surveillance camera
Uses LLQ for business web application traffic
Speech queues maintain a minimal queue size
IP Phone and Video Conference Traffic uses LLQ
Assigns a large amount of bandwidth to IP phone
IP Phone and Video Conference Traffic uses LLQ
Explanation:
In principle, congestion management is performed based on the following policy.
· Non-dialogue data transfer (such as backup), non-dialogue audio and video (such as monitoring application recording and video recording) use round robin queues such as CBWFQ
· Set the guaranteed bandwidth as needed for commercial packets
· Interactive voice and video, such as IP telephones and video conferencing, use a queue that is prioritized (such as LLQ PQ)
· Voice and video assign to different classes and make flexible configuration changes
· In the LLQ settings, sufficient PQ size and prevent discarding packets due to queue shortages
Therefore, the correct answer is:
· Traffic for IP phones and video conferencing uses LLQ
Other options are as follows:
· Use LLQ for video and audio of surveillance camera
Even with voice and video traffic, it is incorrect because it does not have to be a top priority.
· Use LLQ for business web application traffic
Even if it is a business traffic, it is not necessary to use LLQ because it does not require low delay, low jitter, low loss, so it is not necessary to use LLQ.
· Assign a large amount of bandwidth to IP phone
IP phones do not require much bandwidth, but requires low latency, low jitter, low loss. You need to use LLQ to achieve this, so it is incorrect
· Voice queue secures minimum queue size
PQ (Priority Queue) is used by LLQ specifies the maximum value to be secured during congestion. It is incorrect because it will ensure the largest queue size you need so as not to overflow the packet from PQ during congestion.
You would like to set up NAT on a network where 40 computers are used. You want to allow all computers to be connected at the same time when connecting to Internet connection, even though there are only four global IP addresses that can be used. Which NAT format is suitable for this?
Static NAT Dynamic NAT Nat pool Overload overhead
Overload
Explanation:
Overload (PAT) is appropriate for getting all 40 computers to connect to the Internet at the same time with four global addresses.
Overload (PAT) is a NAT format that maps multiple IP addresses to a single global address using different port numbers.
Static NAT is a method of mapping a private IP address and a global IP address 1 to 1.
Dynamic NAT is a method of creating a group of private IP addresses in advance and mapping it to a global IP address.
Which of the following are features of SDN compatible network? (select 3)
.The controller communicates with network devices via SBI and sets equipment
.Concentration of settings and policies can be maintained by centralized management
.The controller communicates with network device via NBI and sets equipment
.Makes setting changes for each network device
.The controller has the role of the control plane
.The controller communicates with network devices via SBI and sets equipment
.Concentration of settings and policies can be maintained by centralized management
.The controller has the role of the control plane
Explanation:
In SDN, the control plane, which is distributed across each network device, is centrally managed and defines how packets and frames are forwarded.
The replacement for the control plane is the controller.
The controller has two major types of interfaces. Southbound Interface (SBI) is an interface that network devices and controllers communicate.
Therefore, the correct answer
· Concentration of settings and policies can be maintained by centralized management
· Controller has the role of control plane
• The controller communicates with the network device via SBI and sets the device
is.
Other options are as follows.
· Set settings for each network device
It is an error because it is a feature of a conventional network.
· Controller communicates with network device via NBI and set equipment
NBI is an interface that programs and controllers communicate. The interface communicating with the network device and the controller is an error because it is SBI.
Which of the following is the correct description of the TCP connection (select 3)
.Confirm that data has arrived by the “ACK” packet
.Does not retransmit even if the data was not received
.Establishes a connection between “ACK + SYN” over one transaction
.Establish a connection with “SYN”, “ACK + SYN”, “ACK” over three transactions
.TCP connection establishes before starting to send data
.Confirm that data has arrived by the “ACK” packet
.Establish a connection with “SYN”, “ACK + SYN”, “ACK” over three transactions
.TCP connection establishes before starting to send data
Explanation:
TCP establishes a virtual channel (TCP connection) before starting to transmit data to ensure communication.
The behavior of establishing a TCP connection is called “3 way hand shake” from where the communication partner and packet are exchanged three times.
[Process of connection establishment]:
1. The source (the side to start communication) sends a packet with the SYN Bit turned on
2. The communication partner replies the with “ACK” (acknowledgment) and “SYN” bit turned on
3. The source reply packet with “ACK” bit turned on
This establishes a two-way connection.
Therefore, the correct answers are:
· TCP connection establishes before sending the data
· Establish connections with “SYN”, “ACK + SYN”, “ACK” exchanges (over 3 transactions)
· Verifies that data has arrived by the “ACK” packet
Other options are as follows.
· Establish connection connection once each other once “ACK + SYN”
It is an error to establish a connection in three times exchanges “SYN”, “ACK + SYN”, “ACK”.
· Do not retransmit even if data not reach
It is an error because it is the characteristic of UDP.
What is the method of calculating the cost of OSPF?
(Bandwidth + delay) × 256
1Mbps ÷ bandwidth of interface
Number of routers to reach the destination
Reference bandwidth ÷ bandwidth of interface
Reference bandwidth ÷ bandwidth of interface
Explanation
Other options are as follows.
-1Mbps ÷ bandwidth of interface
It is incorrect because it results in “1 Mbps”.
The default bandwidth default is 100Mbps, so it is correctly “100 Mbps ÷ bandwidth bandwidth”.
· (Bandwidth + delay) × 256
It is incorrect because it is a method of calculating “composite metric” which is a metric used in EIGRP.
· Number of routers via the destination
It is incorrect because it is a method of calculating the “hop number” which is a metric used in RIP.
- DEC 6 16: 23: 44.387:% DUAL-5-NBRCHANGE: EIGRP-IPv4 1: NEIGHBOR 192.168.12.2 (Serial1 / 0) Is Down: Interface Down
Which of the following is the correct description of the above information (select 2)
.The IP address of the router displaying this message is “192.168.12.2”
.The severity level is “Debugging”
.There was a change in EIGRP’s neighbor state
.The severity level is “Errors”
.The severity level is “Notifications”
.The severity level is “Notifications”
.There was a change in EIGRP’s neighbor state
Explanation:
The question log message (% dual-5-nbrchange) is the message output when there is a change in the nebar state of EIGRP. From the output, the following can be understood:
· Neighbor at address 192.168.12.2 at the end of the Serial1/0 interface is down.
· The factor down is “Interface Down”
Therefore, the correct answer
· Severity level is “Notifications”
· There was a change in EIGRP’s neibba state
is.
Other options are as follows.
· Severity level is “Debugging”
· Severity level is “Errors”
From “-5-“, you can see that the severity level is “5 = Notifications”.
· The IP address of the router that displays this message is “192.168.12.2”
“192.168.12.2” is an error because it is the IP address of the neighbor.
Which of the following are the correct descriptions of a VPN (select 2)
There is no function regarding security Can not be used on the Internet Communication is encrypted It is a termination device that multiplexes the signal sent from the candidates home Communication partner authentication
Communication is encrypted
Communication partner authentication
Explanation
VPN (Virtual Private Network) is a service that can virtually use public lines like a dedicated line.
VPNs have secure connections that perform secure connections and provide security through mutual authentication and encryption. Such connections are called tunnels, and devices between tunnels can not directly refer to the communications in the tunnel.
Therefore, the correct answers are:
· Encrypts communication
· Certification of communication partner
Other options are as follows.
· Can not be used on the Internet
VPN is used to ensure security on public lines such as the Internet.
· There is no function of security
VPNs can encrypt and authenticate.
· A termination device that multiplexes the signal sent from the subscriber’s home
The above is a description of DSLAM.
Which of the following are correct descriptions about the layers defined in the architecture of SDN? (select 2)
.The application layer corresponds to the control plane
.The application layer corresponds to the data plane
.The control layer corresponds to the data plane
.The infrastructure layer corresponds to the control plane
.The infrastructure layer corresponds to the data plane
.The control layer corresponds to the control plane
.The infrastructure layer corresponds to the data plane
.The control layer corresponds to the control plane
Explanation
In the SDN (Software-Defined Networking) architecture, each network feature defines the layer as follows:
Administrators use controller attachments and self-made programs that belong to application layers to control networks.
From the application layer to which the self-made program belongs, you can change the control layer (corresponding to the control plane) through the NBI.
Changes to the control layer are reflected in the infrastructure layer (equivalent to the data plane) through SBI.
Therefore, the correct answers are:
· The control layer corresponds to the control plane
· The infrastructure layer corresponds the to data plane
Which of the following are IP (Internet Protocol) characteristics (select 3)
Hierarchical address method best effort Connectionless type Connection type Guarantee type
Hierarchical address method
best effort
Connectionless type
Explanation
IP (Internet Protocol) is the communication protocol used to transfer packets.
IP is characterized as “connectionless type”, “best effort” and “hierarchical address method”.
· Connectionless type
IP communication does not establish connections between the sender and the recipient before communication.
By using TCP, which is the upper layer protocol, it is possible to establish a connection and communication.
·best effort
IP communication does not guarantee bandwidth. Therefore, when the amount of communication increases, the communication speed may be reduced or packets can not reach their destination..
By using TCP, which is the upper layer protocol, it is possible to retransmit packets that have not reached the destination.
· Hierarchical address method
The IP address is a hierarchical address method that consists of two hierarchies between the network part and the host part.
Which command displays information of adjacent devices acquired by IEEE standard protocol
show cdp neighbors show lldp show lldp interface show cdp show lldp neighbors
Show lldp neighbors
Explanation
LLDP is an “IEEE standard protocol” that sends a frame with its own information on adjacent devices.
Use the “show lldp neighbors” command to view information about adjacent devices obtained by LLDP.
Therefore, the correct answer is:
Show LLDP NEIGHBORS
Other options are as follow:
· Show LLDP
This is a command to check the operating status of LLDP.
· Show lldp interface
it is a command to check the operation status of LLDP per interface.
· SHOW CDP
· Show CDP Neighbors
Commands for Cisco Discovery Protocol (Cisco Discovery Protocol). LLDP information can not be displayed with these.
Which item can be confirmed with the “show snmp host” command?
Host that receives traps Agent IP Address serial number Security model Manager IP address
Host that receives traps
Explanation:
The show snmp host command allows you to check the information of the host that received the trap notification from the SNMP agent.
Therefore, the correct answer is:
The host that receives traps
Which one is correct in verifying interface reliability with the “show interfaces” command? (select 2)
.”TXLOAD” represents the reliability of the interface
.”Reliability” represents the reliability of the interface
.”Rxload” represents the reliability of the interface
.The most reliable value is “255/255”, and the most reliable value is “0/255”
.The most reliable value is “0/255” and the most reliable value is “255/255”
.”Reliability” represents the reliability of the interface
.The most reliable value is “255/255”, and the most reliable value is “0/255”
Explanation:
If reliability is reduced, an interface error can occur and packet could be lost etc.
Check the “Reliability” value to verify interface reliability with the “show interfaces” command.
The most reliable value is “255/255”, and packet loss has not occurred and 100% reliable.
Therefore, the correct answers are:
· “Reliability” represents the reliability of the interface
· The most reliable value is “255/255”, and the most reliable value is “0/255”
Other options are as follows.
· “TXLOAD” indicates the reliability of the interface
“TXLOAD” represents the load of the interface transmission state.
· “RXLOAD” indicates the reliability of the interface
“Rxload” represents the load on the interface reception state.
· The most reliable value is “0/255”, and the most reliable value is “255/255”
The most reliable value is “255/255”, and the most reliable value is “0/255” and is incorrect.
In the Cisco 3-tier model, Which of the following is a star-type topology?
Core layer Physical layer Application layer Distribution layer Access layer
Access Layer
Explanation:
A star-type topology is a configuration in which other devices are radially connected around a device.
In the Cisco 3-layer model, the access layer device constitutes a star topology.
Therefore, the correct answer is:
· Access layer
Other options are as follows:
· Core layer
· Distribution layer
These mainly configure a partial mesh topology.
· Physical layer
· Application layer
These do not exist in the Cisco 3-tier model.
Which command can check the connectivity of the network layer (Layer 3) (select 3)
.Traceroute .telnet .show ip route .ping .show interface
.Traceroute
.Ping
.Show Ip route
Explanation
Of the options, the commands that can check the connectivity of the network layer are “ping” and “traceroute” and “show IP Route”.
You can use the “Ping” or “traceroute” command to see the connectivity at the network layer level by looking at the response from the destination.
You can use the “show ip route” command to see the connectivity at the network layer level by looking at or without route information to the destination network.
[About other options]
· Show interfaces
By using the above command, you can check the physical layer and data link layer status (such as UP / UP or UP / DOWN), but you can not confirm the connectivity of the network layer.
· Telnet
If there is a problem with the transport layer or higher, Telnet fails even if there is a network layer level connectivity.
Therefore, the telnet command is used to check the operation of the transport layer (Layer 4) or higher without using the network layer level connectivity.
Which combination of two of the following options are describe the differences in traditional networks and networks using Cisco DNA Center?(Select 2)
.When setting up the device, the network using Cisco DNA Center is set from the console for each device
.When setting up the device, the controller is set according to the definition in the conventional network
.For security, we think in networks using Cisco DNA CENTER
.When a failure occurs, a network using Cisco DNA Center can quickly solve problems with machine learning
.When a failure occurs, the conventional network requires manual troubleshooting
.Conventional networks regarding security
.When a failure occurs, a network using Cisco DNA Center can quickly solve problems with machine learning
.When a failure occurs, the conventional network requires manual troubleshooting
Explanation: Cisco DNA (Digital Network Architecture) is an architecture for applying Cisco's Intent-based Network (IBN) to enterprise networks. Intent-based Network (IBN) is an architecture proposed by Cisco to apply to enterprise networks. With intent-based networking, there is no need to be aware of individual configuration commands and values for each network device, and configuration changes are automatically made according to the administrator's objectives (intent). The interface for centralized management of Cisco DNA products and solutions is the "Cisco DNA Center"; the Cisco DNA Center also serves as the SDN controller.
In an SDN-enabled network (controller-based), the way the network is managed is also very different from a traditional network.
Therefore, the correct answer is
In the event of a failure, a network using Cisco DNA Center can quickly resolve the problem using machine learning.
In the case of a failure, manual troubleshooting is required in a conventional network.
The other options are listed below.
Other options are as follows.
When configuring devices, networks using Cisco DNA Center configure from a console on a per-device basis
This is incorrect because it is a traditional network where each device is configured from a console.
When configuring a device, in a traditional network, the controller configures it according to definitions.
This is incorrect because the controller is configured according to definitions in a network using the Cisco DNA Center.
In a network using Cisco DNA Center, security is thought of in terms of perimeter protection.
This is incorrect because a perimeter defense is considered a traditional network.
In a conventional network, security is considered on a network-wide basis.
This is incorrect because a network using Cisco DNA Center is a network using Cisco DNA Center.
Full-duplex communication is better than half-duplex communication in what ways (select 2)
VLAN can be used Two-way communication is possible Operate without collision EIGRP can be used STP can be use
Two-way communication is possible
Operate without collision
Explanation:
As half duplex communication is a method of communicating while switching between outbound and inbound wires, one wire alone cannot be used.
Therefore, if you try to communicate in both directions at the same time, a collision will occur.
On the other hand, full duplex communication is a communication method that can use the outbound wire and the inbound wire separately to simultaneously transmit and receive.
In this case, communication can be performed without collisions.
Other incorrect options are as follows: · STP can be used · You can use VLAN · EIGRP can be used STP, VLAN, and EIGRP can not be used with half-duplex and full-duplex.
Under what circumstances will the late collision counter increases (select 2)
The duplex Matches When using CDP While a broadcast storm is occurring The duplex does not match When a collision is detected after sending the 64th byte
The duplex does not match
When a collision is detected after sending the 64th byte
Explanation
The Late Collision counter indicates the number of collisions detected after 64 bytes (512 bits) are sent.
The main cause of Late Collision increases is the use of cables exceeding the default length and a duplex mismatch (half duplex).
Therefore, the correct answers are:
· When a collision is detected after sending the 64th byte
· The duplex does not match
Other options are as follows.
· While a broadcast storm is occurring
“No Buffer” and “IGNORED” values increase if broadcast storms occur.
· The duplex matches
· When using CDP
The above do not cause the error counter to increase.
Select the highest priority item that is used to determine DR (representative router) in OSPF.
.IP Address .Router ID .Process ID .IP Address .Priority Value .Metric
· Priority value
Explanation:
The selection of OSPF DR first examines the priority value and selects the highest value router.
If the priority value is the same, select the router ID and select the larger one as DR.
The second priority value is elected by the BDR (backup representative router).
Therefore, the correct answer is:
· Priority value
Other options are as follows.
· Router ID
Compare router ID if the priority value is the same.
It is incorrect because the priority is lower than the priority value.
· Process ID
· IP address
·metric
It is incorrect because it does not used for DR selection.
Router (config) #boot system flash c181x-advIpservicesk9-mz.124-15.t11.bin
Which is the correct description of this command?
Saves the current settings in RAM to NVRAM Sets the default gateway Sets time zone Specify where to search for iOS Changes the host name
Specify where to search for iOS
Explanation
The incorrect options are as follows:
· Host name is changed
The command to change the host name is “hostname”.
· Save the current setting in RAM to NVRAM
The command to save the current setting in RAM to NVRAM is “COPY RUNNING-CONFIG STARTUP-CONFIG”.
· Sets time zone
The command to set the time zone is “Clock TimeZone”
· Sets the default gateway
it is the command “(config) #IP DEFAULT-GATEWAY {IP address}”.
Which port security mode that meets the following conditions?
1 Record the number of security violations
2 Leave the port that detected security violations
3 Send SNMP trap
.Restrict .Shutdown .Static .Dynamic .Protect .Sticky
.Restrict
Explanation:
If the security violation continues if the security violation is continuing if the security violation mode is continuous, the value of the Security Violation Count can not be detected because the port is shut down (Err-Disabled state) and the security violation is continuing. After increasing, the value does not change until the err-disabled is released.
By changing from the default shutdown mode to Restrict mode, you can balance security violation and continuing successful communication.
Therefore, the correct answer
· RESTRICT
is.
Which feature is to prevent attacks using an incorrect DHCP server?
Spurious DHCP server DHCP DISCOVER DHCP Relay Agent DHCP snooping DHCP OFFER DHCP spoofing
DHCP snooping
Explanation:
【DHCP Snooping】
DHCP Snooping is a function to monitor DHCP packets.
DHCP snooping classifies each port into “trusted port” and “Untrusted port” (untrusted port).
All DHCP packets arriving on the Trusted port allow.
DHCP packets incoming on the Untrusted port allow DHCP packets (Discover, Request) sent from the client to the server, but reject DHCP packets (OFFER, ACK) sent to the client.
This prevents DHCP spoofing.
【DHCP spoofing】
DHCP spoofing is an attack that an attacker launches an incorrect DHCP server and notifies the DHCP Offer to make your IP address to the default gateway and eavesdrop on packets from the user.
Therefore, the correct answer
· DHCP snooping
is.
Other options are as follows.
· DHCP spoofing
An attacker is an attacking method that will be a legitimate DHCP server or a DHCP client.
· DHCP Relay Agent
It is a function that transfers DHCP messages sent by broadcast to unicast.
· Spriers DHCP server
The DHCP server that exists on the Untrusted port side is called “spurious DHCP server” (fake DHCP server).
DHCP snooping prevents attacks from spurious DHCP servers.
· DHCP Discover
· DHCP OFFER
It is an error because it is the message used by DHCP.
