Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Ccna4-7 > CCNA3-FINAL EXAM > Flashcards

CCNA3-FINAL EXAM Flashcards

1
Q

What functionality does mGRE provide to the DMVPN technology?

It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.

It provides secure transport of private information over public networks, such as the Internet.

It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.

It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.

A

It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a characteristic of a Trojan horse as it relates to network security?

An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.

Malware is contained in a seemingly legitimate executable program.

Extreme quantities of data are sent to a particular network device interface.

Too much information is destined for a particular memory block, causing additional memory areas to be affecte

A

Malware is contained in a seemingly legitimate executable program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

data integrity
non-repudiation
origin authentication
data confidentiality

A

origin authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?

to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

to detect any evidence of a hack or malware in a computer or network

to probe and test the robustness of a firewall by using specially created forged packets

to capture and analyze packets within traditional Ethernet LANs or WLANs

A

to capture and analyze packets within traditional Ethernet LANs or WLANs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?

to activate the OSPF neighboring process

to influence the DR/BDR election process

to provide a backdoor for connectivity during the convergence process

to streamline and speed up the convergence process

A

to influence the DR/BDR election process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .
If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?

A

permitted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?

top-down

bottom-up

divide-and-conquer

substitution

A

divide-and-conquer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

MD5
AES
IPsec
ESP

A

IPsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are two benefits of using SNMP traps? (Choose two.)

They eliminate the need for some periodic polling requests.

They reduce the load on network and agent resources.

They limit access for management systems only.

They can provide statistics on TCP/IP packets that flow through Cisco devices.

They can passively listen for exported NetFlow datagrams.

A

They eliminate the need for some periodic polling requests.

They reduce the load on network and agent resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which statement accurately describes a characteristic of IPsec?

IPsec works at the application layer and protects all application data.

IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.

IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.

IPsec works at the transport layer and protects data at the network layer.

IPsec is a framework of open standards that relies on existing algorithms.

A

IPsec is a framework of open standards that relies on existing algorithms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

to scan for accessibility
to retrieve and modify data

to gather information about the network and devices

to prevent other users from accessing the system

to escalate access privileges

A

to scan for accessibility

to gather information about the network and devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

botnet
spyware
virus
rootkit

A

botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .
If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?

A

denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What QoS step must occur before packets can be marked?

classifying
shaping
queuing
policing

A

classifying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .
If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied?

A

denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?

a less-structured approach based on an educated guess

an approach comparing working and nonworking components to spot significant differences

a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified

an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified

A

a less-structured approach based on an educated guess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?

The inside and outside NAT interlaces have been configured backwards

The inside global address is not on the same subnet as the ISP

The address on Fa0/0 should be 64.100.0.1.

The NAT source access list matches the wrong address range.

A

The inside global address is not on the same subnet as the ISP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

Cisco Secure Mobility Clientless SSL VPN
Frame Relay
remote access VPN using IPsec
Cisco AnyConnect Secure Mobility Client with SSL
site-to-site VPN

A

site-to-site VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?

CDP
SNMP
NTP
LLDP

A

CDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Refer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:
access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5
access-list 100 permit ip any any

Where should the administrator place this ACL for the most efficient use of network resources?

inbound on router A Fa0/0
outbound on router B Fa0/0
outbound on router A Fa0/1
inbound on router B Fa0/1

A

inbound on router A Fa0/0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What protocol synchronizes with a private master clock or with a publicly available server on the internet?

MPLS
CBWFQ
TFTP
NTP

A

NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?

SYSLOG
TFTP
CBWFQ
SNMP

A

SNMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?

LLDP
NTP
TFTP
SNMP

A

LLDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?

Cisco ACI
software defined networking
Type-1 hypervisor
APIC-EM

A

Type-1 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated?

ip nat inside source list 24 interface serial 0/1/0 overload

ip nat inside source list 14 pool POOL-STAT overload

access-list 10 permit 172.19.89.0 0.0.0.255

ip nat inside source list ACCTNG pool POOL-STAT

A

access-list 10 permit 172.19.89.0 0.0.0.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Refer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the command copy usbflash0:/R1-config running-config on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem?

The file already exists on the USB drive and cannot be overwritten.

The drive was not properly formatted with the FAT16 file system.

There is no space left on the USB drive.

The USB drive is not recognized by the router.

The command that the administrator used was incorrect.

A

The command that the administrator used was incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)

Layer 3 MPLS VPN
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
clientless SSL VPN
client-based IPsec VPN

A

IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN

28
Q

In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)

It can be viewed by using the show ip ospf database command.

A neighbor table is created based on the LSDB.

It contains a list of only the best routes to a particular network.

It contains a list of all neighbor routers to which a router has established bidirectional communication.

All routers within an area have an identical link-state database.

A

It can be viewed by using the show ip ospf database command.

All routers within an area have an identical link-state database.

29
Q

In an OSPF network which OSPF structure is used to create the neighbor table on a router?

adjacency database
link-state database
routing table
forwarding database

A

adjacency database

30
Q

What protocol is used in a system that consists of three elements–a manager, agents, and an information database?

MPLS
SYSLOG
SNMP
TFTP

A

SNMP

31
Q

Refer to the exhibit. Router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity?

Interface Fa0/0 should be configured with the command ip nat outside.

The inside global address is incorrect.

The router NAT configuration has an incorrect inside local address.

The NAT configuration on interface S0/0/1 is incorrect.

A

The router NAT configuration has an incorrect inside local address.

32
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet .
If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170, and a protocol of 23 is received on the interface, is the packet permitted or denied?

A

DENIED

33
Q

How does virtualization help with disaster recovery within a data center?

Hardware does not have to be identical.
Power is always provided.
Less energy is consumed.
Server provisioning is faster.

A

Hardware does not have to be identical.

34
Q

What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?

NTP
LLDP
SNMP
MPLS

A

LLDP

35
Q

Which type of VPN uses a hub-and-spoke configuration to establish a full mesh topology?

MPLS VPN
GRE over IPsec
IPsec virtual tunnel interface
dynamic multipoint VPN

A

dynamic multipoint VPN

36
Q

What is a characteristic of the REST API?

evolved into what became SOAP

used for exchanging XML structured
information over HTTP or SMTP

considered slow, complex, and rigid

most widely used API for web services

A

most widely used API for web services

37
Q

A student, doing a summer semester of study overseas, has taken hundreds of pictures on a smartphone and wants to back them up in case of loss. What service or technology would support this requirement?

Cisco ACI
cloud services
software defined networking
dedicated servers

A

cloud services

38
Q

Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

Filter unwanted traffic before it travels onto a low-bandwidth link.

Place standard ACLs close to the destination IP address of the traffic.

Place standard ACLs close to the source IP address of the traffic.

Place extended ACLs close to the destination IP address of the traffic.

Place extended ACLs close to the source IP address of the traffic.

For every inbound ACL placed on an interface, there should be a matching outbound ACL.

A

Filter unwanted traffic before it travels onto a low-bandwidth link.

Place standard ACLs close to the destination IP address of the traffic.

Place extended ACLs close to the source IP address of the traffic.

39
Q

Which queuing mechanism has no provision for prioritizing or buffering but simply forwards packets in the order they arrive?

FIFO
LLQ
CBWFQ
WFQ

A

FIFO

40
Q

Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers. The routers are unable to form a neighbor adjacency. What should be done to fix the problem on router R2?

Implement the command no passive-interface Serial0/1.

Implement the command network 192.168.2.6 0.0.0.0 area 0 on router R2.

Change the router-id of router R2 to 2.2.2.2.

Implement the command network 192.168.3.1 0.0.0.0 area 0 on router R2.

A

Implement the command no passive-interface Serial0/1.

41
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 100 permit tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq www .
If a packet with a source address of 192.168.10.244, a destination address of 172.17.200.56, and a protocol of 80 is received on the interface, is the packet permitted or denied?

A

permitted

42
Q

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner?

to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

to detect any evidence of a hack or malware in a computer or network

to reverse engineer binary files when writing exploits and when analyzing malware

to probe network devices, servers, and hosts for open TCP or UDP ports

A

to probe network devices, servers, and hosts for open TCP or UDP ports

43
Q

What protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers?

TFTP
SYSLOG
NTP
MPLS

A

NTP

44
Q

Which type of VPN provides a flexible option to connect a central site with branch sites?

IPsec VPN
client-based IPsec VPN
Layer 3 MPLS VPN
clientless SSL VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN

A

Cisco Dynamic Multipoint VPN

45
Q

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use fuzzers?

to discover security vulnerabilities of a computer

to detect any evidence of a hack or malware in a computer or network

to reverse engineer binary files when writing exploits and when analyzing malware

to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

A

to discover security vulnerabilities of a computer

46
Q

Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface, but not the G0/0 interface. When following the best practices, in what location should the standard ACL be applied?

R1 S0/0/0 outbound
R2 G0/0 outbound
R2 S0/0/1 outbound
R1 S0/0/0 inbound
R2 G0/1 inbound

A

R2 G0/0 outbound

47
Q

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use forensic tools?

to obtain specially designed operating systems preloaded with tools optimized for hacking

to detect any evidence of a hack or malware in a computer or network

to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

to reverse engineer binary files when writing exploits and when analyzing malware

A

to detect any evidence of a hack or malware in a computer or network

48
Q

Which type of VPN involves the forwarding of traffic over the backbone through the use of labels distributed among core routers?

MPLS VPN
GRE over IPsec
IPsec virtual tunnel interface
dynamic multipoint VPN

A

MPLS VPN

49
Q

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use hacking operation systems?

to detect any evidence of a hack or malware in a computer or network

to obtain specially designed operating systems preloaded with tools optimized for hacking

to encode data, using algorithm schemes, to prevent unauthorized access to the encrypted data

to reverse engineer binary files when writing exploits and when analyzing malware

A

to obtain specially designed operating systems preloaded with tools optimized for hacking

50
Q

What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network?

ip pat inside
access-list 10 permit 172.19.89.0 0.0.0.255
ip nat inside
ip nat outside

A

ip nat outside

51
Q

What type of traffic is described as using either TCP or UDP depending on the need for error recovery?
video
voice
data

A

data

52
Q

What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation?

ip nat inside source static 172.19.89.13 198.133.219.65
ip nat inside source list 24 interface serial 0/1/0 overload
ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240
ip nat outside

A

ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240

53
Q

What is the name of the layer in the Cisco borderless switched network design that is considered to be the backbone used for high-speed connectivity and fault isolation?
data link
access
core
network
network access

A

core

54
Q

An ACL is applied inbound on router interface. The ACL consists of a single entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.47 any eq ftp
If a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2, and a protocol of 21 is received on the interface, is the packet permitted or denied?

A

permitted

55
Q

Which OSPF table is identical on all converged routers within the same OSPF area?
routing
neighbor
adjacency
topology

A

topology

56
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www .
If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27, and a protocol of 80 is received on the interface, is the packet permitted or denied?

A

permitted

57
Q

What protocol allows the manager to poll agents to access information from the agent MIB?
CBWFQ
SYSLOG
TFTP
SNMP

A

SNMP

58
Q

What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy?

policing
traffic marking
weighted random early detection (WRED)
traffic shaping
tail drop

A

traffic marking

59
Q

Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.)

cost of the link
amount of traffic
distance between sites
reliability
security needs
type of traffic

A

amount of traffic

security needs

type of traffic

60
Q

What command would be used as part of configuring NAT or PAT to link the inside local addresses to the pool of addresses available for PAT translation?

ip nat inside source list ACCTNG pool POOL-STAT

ip nat translation timeout 36000

ip nat inside source list 14 pool POOL-STAT overload

ip nat inside source static 172.19.89.13 198.133.219.65

A

Ip nat inside source list 14 pool POOL-STAT overload

61
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp . If a packet with a source address of 172.18.20.55, a destination address of 172.18.20.3, and a protocol of 21 is received on the interface, is the packet permitted or denied?

A

DENIED

62
Q

Refer to the exhibit. Corporate policy demands that access to the server network be restricted to internal employees only. What is the best ACL type and placement to use in this situation?

extended ACL outbound on R2 S0/0/1
standard ACL outbound on R2 S0/0/0
standard ACL inbound on R2 WAN interface connecting to the internet
extended ACL inbound on R2 S0/0/0

A

extended ACL outbound on R2 S0/0/1

63
Q

Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. When following the best practices, in what location should the standard ACL be applied?

R2 G0/1 inbound
R2 S0/0/1 outbound
R1 S0/0/0 outbound
R2 G0/1 outbound
R2 G0/0 outbound

A

R2 G0/1 outbound

64
Q

Which OSPF database is identical on all converged routers within the same OSPF area?

neighbor
forwarding
link-state
adjacency

A

link-state

65
Q

Which QoS technique smooths packet output rate?
policing
shaping
weighted random early detection
Integrated Services (IntServ)
marking

A

shaping

Ccna4-7 (25 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions