Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Ccna4-7 > CCNA3-FINAL EXAM > Flashcards

CCNA3-FINAL EXAM Flashcards

1
Q

What functionality does mGRE provide to the DMVPN technology?

It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.

It provides secure transport of private information over public networks, such as the Internet.

It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.

It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.

A

It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a characteristic of a Trojan horse as it relates to network security?

An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.

Malware is contained in a seemingly legitimate executable program.

Extreme quantities of data are sent to a particular network device interface.

Too much information is destined for a particular memory block, causing additional memory areas to be affecte

A

Malware is contained in a seemingly legitimate executable program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

data integrity
non-repudiation
origin authentication
data confidentiality

A

origin authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?

to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

to detect any evidence of a hack or malware in a computer or network

to probe and test the robustness of a firewall by using specially created forged packets

to capture and analyze packets within traditional Ethernet LANs or WLANs

A

to capture and analyze packets within traditional Ethernet LANs or WLANs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?

to activate the OSPF neighboring process

to influence the DR/BDR election process

to provide a backdoor for connectivity during the convergence process

to streamline and speed up the convergence process

A

to influence the DR/BDR election process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .
If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?

A

permitted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?

top-down

bottom-up

divide-and-conquer

substitution

A

divide-and-conquer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

MD5
AES
IPsec
ESP

A

IPsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are two benefits of using SNMP traps? (Choose two.)

They eliminate the need for some periodic polling requests.

They reduce the load on network and agent resources.

They limit access for management systems only.

They can provide statistics on TCP/IP packets that flow through Cisco devices.

They can passively listen for exported NetFlow datagrams.

A

They eliminate the need for some periodic polling requests.

They reduce the load on network and agent resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which statement accurately describes a characteristic of IPsec?

IPsec works at the application layer and protects all application data.

IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.

IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.

IPsec works at the transport layer and protects data at the network layer.

IPsec is a framework of open standards that relies on existing algorithms.

A

IPsec is a framework of open standards that relies on existing algorithms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

to scan for accessibility
to retrieve and modify data

to gather information about the network and devices

to prevent other users from accessing the system

to escalate access privileges

A

to scan for accessibility

to gather information about the network and devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

botnet
spyware
virus
rootkit

A

botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .
If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?

A

denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What QoS step must occur before packets can be marked?

classifying
shaping
queuing
policing

A

classifying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .
If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied?

A

denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?

a less-structured approach based on an educated guess

an approach comparing working and nonworking components to spot significant differences

a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified

an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified

A

a less-structured approach based on an educated guess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?

The inside and outside NAT interlaces have been configured backwards

The inside global address is not on the same subnet as the ISP

The address on Fa0/0 should be 64.100.0.1.

The NAT source access list matches the wrong address range.

A

The inside global address is not on the same subnet as the ISP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

Cisco Secure Mobility Clientless SSL VPN
Frame Relay
remote access VPN using IPsec
Cisco AnyConnect Secure Mobility Client with SSL
site-to-site VPN

A

site-to-site VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?

CDP
SNMP
NTP
LLDP

A

CDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Refer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:
access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5
access-list 100 permit ip any any

Where should the administrator place this ACL for the most efficient use of network resources?

inbound on router A Fa0/0
outbound on router B Fa0/0
outbound on router A Fa0/1
inbound on router B Fa0/1

A

inbound on router A Fa0/0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What protocol synchronizes with a private master clock or with a publicly available server on the internet?

MPLS
CBWFQ
TFTP
NTP

A

NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?

SYSLOG
TFTP
CBWFQ
SNMP

A

SNMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?

LLDP
NTP
TFTP
SNMP

A

LLDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?

Cisco ACI
software defined networking
Type-1 hypervisor
APIC-EM

A

Type-1 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated? ip nat inside source list 24 interface serial 0/1/0 overload ip nat inside source list 14 pool POOL-STAT overload access-list 10 permit 172.19.89.0 0.0.0.255 ip nat inside source list ACCTNG pool POOL-STAT
access-list 10 permit 172.19.89.0 0.0.0.255
26
Refer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the command copy usbflash0:/R1-config running-config on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem? The file already exists on the USB drive and cannot be overwritten. The drive was not properly formatted with the FAT16 file system. There is no space left on the USB drive. The USB drive is not recognized by the router. The command that the administrator used was incorrect.
The command that the administrator used was incorrect.
27
Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.) Layer 3 MPLS VPN IPsec VPN Cisco Dynamic Multipoint VPN GRE over IPsec VPN clientless SSL VPN client-based IPsec VPN
IPsec VPN Cisco Dynamic Multipoint VPN GRE over IPsec VPN
28
In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.) It can be viewed by using the show ip ospf database command. A neighbor table is created based on the LSDB. It contains a list of only the best routes to a particular network. It contains a list of all neighbor routers to which a router has established bidirectional communication. All routers within an area have an identical link-state database.
It can be viewed by using the show ip ospf database command. All routers within an area have an identical link-state database.
29
In an OSPF network which OSPF structure is used to create the neighbor table on a router? adjacency database link-state database routing table forwarding database
adjacency database
30
What protocol is used in a system that consists of three elements--a manager, agents, and an information database? MPLS SYSLOG SNMP TFTP
SNMP
31
Refer to the exhibit. Router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity? Interface Fa0/0 should be configured with the command ip nat outside. The inside global address is incorrect. The router NAT configuration has an incorrect inside local address. The NAT configuration on interface S0/0/1 is incorrect.
The router NAT configuration has an incorrect inside local address.
32
An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet . If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170, and a protocol of 23 is received on the interface, is the packet permitted or denied?
DENIED
33
How does virtualization help with disaster recovery within a data center? Hardware does not have to be identical. Power is always provided. Less energy is consumed. Server provisioning is faster.
Hardware does not have to be identical.
34
What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices? NTP LLDP SNMP MPLS
LLDP
35
Which type of VPN uses a hub-and-spoke configuration to establish a full mesh topology? MPLS VPN GRE over IPsec IPsec virtual tunnel interface dynamic multipoint VPN
dynamic multipoint VPN
36
What is a characteristic of the REST API? evolved into what became SOAP used for exchanging XML structured information over HTTP or SMTP considered slow, complex, and rigid most widely used API for web services
most widely used API for web services
37
A student, doing a summer semester of study overseas, has taken hundreds of pictures on a smartphone and wants to back them up in case of loss. What service or technology would support this requirement? Cisco ACI cloud services software defined networking dedicated servers
cloud services
38
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.) Filter unwanted traffic before it travels onto a low-bandwidth link. Place standard ACLs close to the destination IP address of the traffic. Place standard ACLs close to the source IP address of the traffic. Place extended ACLs close to the destination IP address of the traffic. Place extended ACLs close to the source IP address of the traffic. For every inbound ACL placed on an interface, there should be a matching outbound ACL.
Filter unwanted traffic before it travels onto a low-bandwidth link. Place standard ACLs close to the destination IP address of the traffic. Place extended ACLs close to the source IP address of the traffic.
39
Which queuing mechanism has no provision for prioritizing or buffering but simply forwards packets in the order they arrive? FIFO LLQ CBWFQ WFQ
FIFO
40
Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers. The routers are unable to form a neighbor adjacency. What should be done to fix the problem on router R2? Implement the command no passive-interface Serial0/1. Implement the command network 192.168.2.6 0.0.0.0 area 0 on router R2. Change the router-id of router R2 to 2.2.2.2. Implement the command network 192.168.3.1 0.0.0.0 area 0 on router R2.
Implement the command no passive-interface Serial0/1.
41
An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 100 permit tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq www . If a packet with a source address of 192.168.10.244, a destination address of 172.17.200.56, and a protocol of 80 is received on the interface, is the packet permitted or denied?
permitted
42
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner? to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network to detect any evidence of a hack or malware in a computer or network to reverse engineer binary files when writing exploits and when analyzing malware to probe network devices, servers, and hosts for open TCP or UDP ports
to probe network devices, servers, and hosts for open TCP or UDP ports
43
What protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers? TFTP SYSLOG NTP MPLS
NTP
44
Which type of VPN provides a flexible option to connect a central site with branch sites? IPsec VPN client-based IPsec VPN Layer 3 MPLS VPN clientless SSL VPN Cisco Dynamic Multipoint VPN GRE over IPsec VPN
Cisco Dynamic Multipoint VPN
45
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use fuzzers? to discover security vulnerabilities of a computer to detect any evidence of a hack or malware in a computer or network to reverse engineer binary files when writing exploits and when analyzing malware to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to discover security vulnerabilities of a computer
46
Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface, but not the G0/0 interface. When following the best practices, in what location should the standard ACL be applied? R1 S0/0/0 outbound R2 G0/0 outbound R2 S0/0/1 outbound R1 S0/0/0 inbound R2 G0/1 inbound
R2 G0/0 outbound
47
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use forensic tools? to obtain specially designed operating systems preloaded with tools optimized for hacking to detect any evidence of a hack or malware in a computer or network to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network to reverse engineer binary files when writing exploits and when analyzing malware
to detect any evidence of a hack or malware in a computer or network
48
Which type of VPN involves the forwarding of traffic over the backbone through the use of labels distributed among core routers? MPLS VPN GRE over IPsec IPsec virtual tunnel interface dynamic multipoint VPN
MPLS VPN
49
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use hacking operation systems? to detect any evidence of a hack or malware in a computer or network to obtain specially designed operating systems preloaded with tools optimized for hacking to encode data, using algorithm schemes, to prevent unauthorized access to the encrypted data to reverse engineer binary files when writing exploits and when analyzing malware
to obtain specially designed operating systems preloaded with tools optimized for hacking
50
What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network? ip pat inside access-list 10 permit 172.19.89.0 0.0.0.255 ip nat inside ip nat outside
ip nat outside
51
What type of traffic is described as using either TCP or UDP depending on the need for error recovery? video voice data
data
52
What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation? ip nat inside source static 172.19.89.13 198.133.219.65 ip nat inside source list 24 interface serial 0/1/0 overload ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240 ip nat outside
ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240
53
What is the name of the layer in the Cisco borderless switched network design that is considered to be the backbone used for high-speed connectivity and fault isolation? data link access core network network access
core
54
An ACL is applied inbound on router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.47 any eq ftp If a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2, and a protocol of 21 is received on the interface, is the packet permitted or denied?
permitted
55
Which OSPF table is identical on all converged routers within the same OSPF area? routing neighbor adjacency topology
topology
56
An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www . If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27, and a protocol of 80 is received on the interface, is the packet permitted or denied?
permitted
57
What protocol allows the manager to poll agents to access information from the agent MIB? CBWFQ SYSLOG TFTP SNMP
SNMP
58
What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy? policing traffic marking weighted random early detection (WRED) traffic shaping tail drop
traffic marking
59
Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.) cost of the link amount of traffic distance between sites reliability security needs type of traffic
amount of traffic security needs type of traffic
60
What command would be used as part of configuring NAT or PAT to link the inside local addresses to the pool of addresses available for PAT translation? ip nat inside source list ACCTNG pool POOL-STAT ip nat translation timeout 36000 ip nat inside source list 14 pool POOL-STAT overload ip nat inside source static 172.19.89.13 198.133.219.65
Ip nat inside source list 14 pool POOL-STAT overload
61
An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp . If a packet with a source address of 172.18.20.55, a destination address of 172.18.20.3, and a protocol of 21 is received on the interface, is the packet permitted or denied?
DENIED
62
Refer to the exhibit. Corporate policy demands that access to the server network be restricted to internal employees only. What is the best ACL type and placement to use in this situation? extended ACL outbound on R2 S0/0/1 standard ACL outbound on R2 S0/0/0 standard ACL inbound on R2 WAN interface connecting to the internet extended ACL inbound on R2 S0/0/0
extended ACL outbound on R2 S0/0/1
63
Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. When following the best practices, in what location should the standard ACL be applied? R2 G0/1 inbound R2 S0/0/1 outbound R1 S0/0/0 outbound R2 G0/1 outbound R2 G0/0 outbound
R2 G0/1 outbound
64
Which OSPF database is identical on all converged routers within the same OSPF area? neighbor forwarding link-state adjacency
link-state
65
Which QoS technique smooths packet output rate? policing shaping weighted random early detection Integrated Services (IntServ) marking
shaping
66
devices and inside wiring that are located on the enterprise edge and connect to a carrier link CPE DCE local loop DTE
CPE
67
devices that provide an interface for customers to connect to within the WAN cloud DTE CPE DCE local loop
DCE
68
customer devices that pass the data from a customer network for transmission over the WAN DTE CPE DCE local loop
DTE
69
a physical connection from the customer to the service provider POP DTE CPE DCE local loop
LOCAL LOOP
70
http
protocol
71
www.buycarsfromus.com/2020models/ford/suv.html
Uniform Resource Name (URN)
72
http://www.buycarsfromus.com/2020models/ford/suv.html
Uniform Resource Locator (URL)
73
http://www.buycarsfromus.com/2020models/ford/suv.html#Escape
Uniform Resource Identifier (URI)
74
#Escape
fragment
75
A network administrator is troubleshooting an OSPF problem that involves neighbor adjacency. What should the administrator do? Make sure that the router priority is unique on each router. Make sure that the DR/BDR election is complete. Make sure that the router ID is included in the hello packet. Make sure that the hello and dead interval timers are the same on all routers.
Make sure that the hello and dead interval timers are the same on all routers.
76
provides network access to the user
access layer
77
represents the network edge
access layer
78
provides high-speed backbone connectivity
core layer
79
implements network access policy
distribution layer
80
functions as an aggregator for all the campus blocks
core layer
81
establishes Layer 3 routing boundaries
distribution layer
82
DEVICES AND INSIDE WIRING LOCATED ON THE ENTERPRISE EDGE AND WHICH CONNECT TO CARRIER LINK
CUSTOMER PREMISES EQUIPMENT
83
CUSTOMER DEVICES THAT PASS THE DATA FROM A CUSTOMER NETWORK OR HOST COMPUTER FOR TRANSMISSION OVER THE WAN
DATA TERMINAL EQUIPMENT
84
A POINT THAT IS ESTABILISHED IN A BUILDING OR COMPLEX TO SEPARATE CUSTOMER EQUIPMENT FROM SERVICE PROVIDER EQUIPMENT
DEMARCATION POINT
85
DEVICES THAT PUT DATA ON THE LOCAL LOOP
DATA COMMUNICATIONS EQUIPMENT
86

Ccna4-7 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions