CCNA3-FINAL EXAM Flashcards
What functionality does mGRE provide to the DMVPN technology?
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
It provides secure transport of private information over public networks, such as the Internet.
It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
What is a characteristic of a Trojan horse as it relates to network security?
An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
Malware is contained in a seemingly legitimate executable program.
Extreme quantities of data are sent to a particular network device interface.
Too much information is destined for a particular memory block, causing additional memory areas to be affecte
Malware is contained in a seemingly legitimate executable program.
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
data integrity
non-repudiation
origin authentication
data confidentiality
origin authentication
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to detect any evidence of a hack or malware in a computer or network
to probe and test the robustness of a firewall by using specially created forged packets
to capture and analyze packets within traditional Ethernet LANs or WLANs
to capture and analyze packets within traditional Ethernet LANs or WLANs
What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?
to activate the OSPF neighboring process
to influence the DR/BDR election process
to provide a backdoor for connectivity during the convergence process
to streamline and speed up the convergence process
to influence the DR/BDR election process
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .
If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?
permitted
A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?
top-down
bottom-up
divide-and-conquer
substitution
divide-and-conquer
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
MD5
AES
IPsec
ESP
IPsec
What are two benefits of using SNMP traps? (Choose two.)
They eliminate the need for some periodic polling requests.
They reduce the load on network and agent resources.
They limit access for management systems only.
They can provide statistics on TCP/IP packets that flow through Cisco devices.
They can passively listen for exported NetFlow datagrams.
They eliminate the need for some periodic polling requests.
They reduce the load on network and agent resources.
Which statement accurately describes a characteristic of IPsec?
IPsec works at the application layer and protects all application data.
IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
IPsec works at the transport layer and protects data at the network layer.
IPsec is a framework of open standards that relies on existing algorithms.
IPsec is a framework of open standards that relies on existing algorithms.
What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
to scan for accessibility
to retrieve and modify data
to gather information about the network and devices
to prevent other users from accessing the system
to escalate access privileges
to scan for accessibility
to gather information about the network and devices
A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?
botnet
spyware
virus
rootkit
botnet
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .
If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?
denied
What QoS step must occur before packets can be marked?
classifying
shaping
queuing
policing
classifying
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .
If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied?
denied
Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
a less-structured approach based on an educated guess
an approach comparing working and nonworking components to spot significant differences
a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
a less-structured approach based on an educated guess
Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?
The inside and outside NAT interlaces have been configured backwards
The inside global address is not on the same subnet as the ISP
The address on Fa0/0 should be 64.100.0.1.
The NAT source access list matches the wrong address range.
The inside global address is not on the same subnet as the ISP
Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
Cisco Secure Mobility Clientless SSL VPN
Frame Relay
remote access VPN using IPsec
Cisco AnyConnect Secure Mobility Client with SSL
site-to-site VPN
site-to-site VPN
What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?
CDP
SNMP
NTP
LLDP
CDP
Refer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:
access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5
access-list 100 permit ip any any
Where should the administrator place this ACL for the most efficient use of network resources?
inbound on router A Fa0/0
outbound on router B Fa0/0
outbound on router A Fa0/1
inbound on router B Fa0/1
inbound on router A Fa0/0
What protocol synchronizes with a private master clock or with a publicly available server on the internet?
MPLS
CBWFQ
TFTP
NTP
NTP
What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?
SYSLOG
TFTP
CBWFQ
SNMP
SNMP
What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?
LLDP
NTP
TFTP
SNMP
LLDP
A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?
Cisco ACI
software defined networking
Type-1 hypervisor
APIC-EM
Type-1 hypervisor
What command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated?
ip nat inside source list 24 interface serial 0/1/0 overload
ip nat inside source list 14 pool POOL-STAT overload
access-list 10 permit 172.19.89.0 0.0.0.255
ip nat inside source list ACCTNG pool POOL-STAT
access-list 10 permit 172.19.89.0 0.0.0.255
Refer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the command copy usbflash0:/R1-config running-config on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem?
The file already exists on the USB drive and cannot be overwritten.
The drive was not properly formatted with the FAT16 file system.
There is no space left on the USB drive.
The USB drive is not recognized by the router.
The command that the administrator used was incorrect.
The command that the administrator used was incorrect.
Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)
Layer 3 MPLS VPN
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
clientless SSL VPN
client-based IPsec VPN
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)
It can be viewed by using the show ip ospf database command.
A neighbor table is created based on the LSDB.
It contains a list of only the best routes to a particular network.
It contains a list of all neighbor routers to which a router has established bidirectional communication.
All routers within an area have an identical link-state database.
It can be viewed by using the show ip ospf database command.
All routers within an area have an identical link-state database.
In an OSPF network which OSPF structure is used to create the neighbor table on a router?
adjacency database
link-state database
routing table
forwarding database
adjacency database
What protocol is used in a system that consists of three elements–a manager, agents, and an information database?
MPLS
SYSLOG
SNMP
TFTP
SNMP
Refer to the exhibit. Router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity?
Interface Fa0/0 should be configured with the command ip nat outside.
The inside global address is incorrect.
The router NAT configuration has an incorrect inside local address.
The NAT configuration on interface S0/0/1 is incorrect.
The router NAT configuration has an incorrect inside local address.
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet .
If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170, and a protocol of 23 is received on the interface, is the packet permitted or denied?
DENIED
How does virtualization help with disaster recovery within a data center?
Hardware does not have to be identical.
Power is always provided.
Less energy is consumed.
Server provisioning is faster.
Hardware does not have to be identical.
What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?
NTP
LLDP
SNMP
MPLS
LLDP