Chapter 13

Question 1

Which of the following statements are true regarding NTP when implemented on Cisco devices? (Select two.)

• NTP packets are sent every 100 milliseconds to provide extremely accurate time synchronization.
• When NTP is enabled, NTP packets are received on all interfaces.
• NTP runs over UDP port 123.
• The NTP protocol uses TCP packets to send time data .
• By default, NTP services are enabled on all interfaces.

Answer 1

• When NTP is enabled, NTP packets are received on all interfaces.
• NTP runs over UDP port 123.

Question 2

You check the time on a router and find that it is off by several minutes. To fix this issue, you configure NTP on the router to get time from a Stratum 2 time provider on the internet.

The time difference is large, and it is taking some time for NTP to synchronize the time on the local router. To speed synchronization, you use NTP commands to immediately synchronize the time on the router with the time on the time provider.

Which NTP term best describes this process?

• Skew
• Slew
• Jitter
• Slam

Answer 2

Slam

Question 3

You check the time on a router and find that it is off by about 10 minutes. To fix this issue, you configure NTP on the router to get time from a Stratum 2 time provider on the internet.

It is taking some time for NTP to synchronize the time on the local router. After about 15 minutes, the time finally synchronizes.

Which NTP term best describes this process?

• Slew
• Slam
• Skew
• Jitter

Answer 3

Slew

Question 4

You check the time on a router and find that it is behind by several minutes. To fix this issue, you decide to configure NTP on the router to get time from a Stratum 2 time provider on the internet with a hostname of 0.pool.ntp.org.

Which command should you use?

• ntp status
• ntp server 0.pool.ntp.org
• feature ntp 0.pool.ntp.org
• ntp master 0.pool.ntp.org

Answer 4

ntp server 0.pool.ntp.org

Question 5

You check the time on a router and find that it is out of sync with the time on the other routers and switches in your network. To fix this issue, you decide to configure NTP on the router to get time from an internal authoritative (master) NTP server with an IP address of 172.17.8.254.

Which command should you use?

• ntp status
• ntp server 172.17.8.254
• ntp master 172.17.8.254
• feature ntp 172.17.8.254

Answer 5

ntp server 172.17.8.254

Question 6

Currently, all of the routers in your network are configured to use NTP to synchronize time with a public Stratum 2 time provider on the internet. To reduce redundant network traffic, you decide to configure one internal router as an authoritative NTP time provider with a stratum value of 5 and then configure all other routers to synchronize time with it. This router has an IP address of 172.17.8.254 assigned.

Which commands should you use? (Select two. Each response is a part of the complete solution.)

• ntp master 5 172.17.8.254 on all routers except the time provider.
• ntp master 5 on the NTP time provider router.
• ntp server 172.17.8.254 on the NTP time provider router.
• ntp server 172.17.8.254 on all routers except the time provider.
• ntp master on the NTP time provider router.

Answer 6

ntp master 5 on the NTP time

ntp server 172.17.8.254 on all routers except the time provider. provider router.

Question 7

You need to verify that time is synchronized on a router.

Which commands could you use to do this? (Select two. Each response is a complete solution.)

• clock summer-time
• ntp server <address></address>
• show ntp associations
• show ntp status
• feature ntp

Answer 7

• show ntp associations
• show ntp status

Question 8

You have noticed that every two weeks or so, a client’s clock is off by two minutes, even after you have adjusted it. What is this issue known as?

• Stratum level
• Slew
• Time drift
• Jitter

Answer 8

Time drift

Question 9

You need to set the time zone for Pacific Daylight Time. Which two of the following commands will allow you to do this?

• Clock timezone -8
• Clock timezone -6
• Clock timezone PST
• Clock timezone UTC

Answer 9

Clock timezone PST

Clock timezone -8

Question 10

How many packets per minutes are required to keep two machines synchronized to an accuracy of a millisecond of each other?

• 1
• 5
• 10
• 2

Answer 10

1

Question 11

What is true regarding the following partial output in the running configuration file? (Select two.)

Router#show run
!interface fa 0/0
ip address 10.2.30.2 255.255.255.224
!

!
logging on
logging host 10.2.30.253
logging trap 4
logging source-interface fa 0/0
!

• A syslog server will receive debug messages sent from 10.2.30.2.
• A syslog server will receive warning messages sent from 10.2.30.2.
• A syslog server will receive alert messages sent from 10.2.30.253.
• A syslog server will receive notification messages sent from 10.2.30.2.
• A syslog server will receive error messages sent from 10.2.30.2.

Answer 11

A syslog server will receive warning messages sent from 10.2.30.2.

A syslog server will receive error messages sent from 10.2.30.2.

Question 12

Consider the following log message generated by a router:

*Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

What facility generated this message?

• -5-
• UPDOWN
• %LINEPROTO
• FastEthernet0/0

Answer 12

%LINEPROTO

Question 13

Consider the following log message generated by a router:

*Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

What is the severity level of this message?

%LINEPROTO

-5-

UPDOWN

FastEthernet0/0

Answer 13

-5-

Question 14

Your router generates a log message with a severity level of 1.

What does this indicate?

• Immediate action is needed.
• The message is only informational in nature.
• A critical condition exists.
• The system is unusable.

Answer 14

Immediate action is needed.

Question 15

Your router generates a log message with a severity level of 6.

What does this indicate?

Immediate action is needed.

A critical condition exists.

An informational message only.

The system is unusable.

Answer 15

An informational message only.

Question 16

You want to redirect log messages from a router to a Syslog server. The IP address of the Syslog server is 172.17.8.5. You want only serious log messages with a severity level of emergency, alert, critical, error, or warning to be redirected. Notifications and informational messages as well as debug messages should not be redirected.

You just entered the logging on command. Which other commands must be used to accomplish this task? (Select two. Both responses are part of the complete solution.)

• logging trap 4
• logging server 172.17.8.5
• logging severity 4
• logging severity warning
• show logging
• logging host 172.17.8.5

Answer 16

• *logging trap 4**
• *logging host 172.17.8.5**

Question 17

You want to redirect log messages from a router to a Syslog server. The IP address of the Syslog server is 192.168.1.2. You want only serious log messages with a severity level of Emergency, Alert, or Critical to be redirected. Notification, Error, Warning, Informational, and Debug messages should not be redirected.

Which commands are used to accomplish this? (Select three. All responses are part of the complete solution.)

• logging server 192.168.1.2
• logging severity 2
• logging source-interface < interface>
• logging trap 2
• logging host 192.168.1.2
• logging on

Answer 17

• logging trap 2
• logging host 192.168.1.2
• logging on

Question 18

You are configuring a router to redirect and consolidate log messages to a Syslog server. The router has multiple interfaces. However, you want all log messages being sent to the Syslog server to be seen as coming from the same IP address on the router, regardless of which interface the message actually exits the router from.

Which command is used to accomplish this?

• show logging
• logging trap
• logging host <address></address>
• logging source-interface

Answer 18

logging source-interface

Question 19

Consider the following log message generated by a router:

*00019: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

What is being used to identify when the message is generated?

• Facility
• Sequence number
• Timestamp
• Mnemonic

Answer 19

Sequence number

Question 20

What happens to the history table and log files when the device loses power?

• Everything is retained in the system memory.
• The history table remains, but log files are lost.
• The history table is cleared, but the logs remain.
• The history table and log files are all lost.

Answer 20

The history table and log files are all lost.

Question 21

Which of the following are true regarding SNMP? (Select two.)

1. SNMPv2 implements message integrity verification to ensure that an SNMP packet has not been modified during transit.
2. SNMPv2 implements encryption to obscure data during transmission.
3. SNMPv2 requires authentication for the SNMP manager and agents to communicate with each other.
4. SNMPv3 employs the encryption of packets to prevent unauthorized sources from snooping.
5. SNMPv2c can be compromised because the community string for authentication is sent in clear text.

Answer 21

1. SNMPv3 employs the encryption of packets to prevent unauthorized sources from snooping.
2. SNMPv2c can be compromised because the community string for authentication is sent in clear text.

Question 22

Which component is responsible for collecting and consolidating data from network devices that are being monitored with SNMP?

1. SNMP Manager
2. SNMP Management Information File (MIF)
3. SNMP Management Information Base (MIB)
4. SNMP Agent

Answer 22

SNMP Manager

Question 23

Which SNMP component monitors individual network devices?

1. SNMP Agent
2. SNMP MIB
3. SNMP Trap
4. SNMP Manager

Answer 23

SNMP Agent

Question 24

Which method is used by the SNMP manager when it contacts an SNMP agent and requests information about a monitored network device?

1. Poll
2. Broadcast
3. Interrupt
4. Trap

Answer 24

Poll

Polling is used when an SNMP manager contacts an SNMP agent and requests information about a monitored network device.

Question 25

Which method is used when an SNMP agent detects that the system it monitors has exceeded a configured threshold and sends an event to the SNMP manager?

1. Interrupt
2. Poll
3. Broadcast
4. Trap

Answer 25

Trap

Question 26

A configured threshold has been exceeded by a network host that is being monitored by an SNMP agent. The agent sends a trap to its SNMP manager with a notification that the threshold has been exceeded.

Which IP port does the agent use to send the trap?

1. 123
2. 80
3. 162
4. 161
5. 389

Answer 26

162

Question 27

You implemented SNMPv2 as a part of your overall network management plan. You configured an SNMP manager to gather traps from SNMP agents that run on monitored network devices. To secure communications between the manager and the agents, you configured a trap community name of abc123.

After running the system for some time, you notice that traps containing questionable events are being sent to the SNMP manager. Upon investigation, you discover that a malicious insider has been spoofing these events, attempting to cover her tracks as she tried to compromise several network hosts.

What could have been done to prevent this from happening?

1. SNMPv3 should have been implemented instead of SNMPv2.
2. SNMPv2 message integrity verification should have been enabled.
3. Traps should have been disabled in favor of polling.
4. A stronger community name should have been used.

Mark this question for review

Answer 27

SNMPv3 should have been implemented instead of SNMPv2.

SNMPv3 should have been implemented instead of SNMPv2. SNMPv2 can be compromised easily because the community name is sent in clear text during communications. SNMPv3 implements the following features to make it more secure than earlier versions:

• Authentication
• Encryption
• Message integrity verification

Because the community name is sent clear text, using a stronger community name would have no effect on the situation in this scenario.

Question 28

Which SNMPv3 security level requires authentication with a username, but does not implement encryption?

1. authPriv
2. authNoPriv
3. Community Name
4. noAuthnoPriv

Answer 28

noAuthnoPriv

Question 29

Which SNMPv3 security level requires MD5 or SHA authentication and implements DES encryption?

1. authNoPriv
2. authPriv
3. Community Name
4. noAuthnoPriv

Answer 29

authPriv

Question 30

The following image shows a standard Object Identifier Tree structure. Based on this structure, what would the OID be for a Microsoft device?

4. 1.9
5. 3.6.1.4.1.311

311

1.3.6.1.311

Answer 30

1.3.6.1.4.1.311

Question 31

Which fields in an IP packet header are examined by NetFlow to determine whether or not a given packet is part of a flow? (Select two.)

1. Time To live
2. Source address
3. Type of service
4. Fragment offset
5. Header checksum

Answer 31

Source address

Type of service

Question 32

You are configuring NetFlow on a router. You want to monitor both incoming and outgoing traffic on an interface.

You’ve used the interface command to allow you to configure the interface. What commands should you use next? (Select two. Both responses are part of the complete solution.)

1. ip flow ingress
2. ip flow-export source < interface>
3. ip flow-import source
4. ip flow egress
5. ip flow-export destination <address></address>

Answer 32

ip flow ingress

ip flow egress

Question 33

Currently, your NetFlow router is configured to redirect records to a NetFlow Collector with an IP address of 172.17.8.25 on UDP port 2055.

By default, NetFlow uses the IP address of the interface that packets are sent from as the source IP address for records. However, for security reasons, you want to obscure the source address of the NetFlow router by specifying that all NetFlow records originate from the loopback interface of the router.

Which command should you use?

1. ip flow egress loopback 0
2. ip flow-export source loopback 0
3. ip flow-export version loopback 0
4. ip flow-export destination loopback 0

Answer 33

ip flow-export source loopback 0

Question 34

Consider the following output from the show ip cache flow command.

Which type of service was accessed on the destination host?

1. DNS server
2. Standard HTTP web server
3. Email server
4. Secure HTTP web server

Answer 34

Secure HTTP web server

Question 35

Consider the output from the show ip cache flow command shown.

Which statements are true regarding the flow represented in the statistics? (Select two.)

1. 128 incoming packets were monitored.
2. 255 packets were monitored.
3. 128 outgoing packets were monitored.
4. Most of the packets monitored were 1536 bytes in size.
5. Most of the packets monitored were 1024 bytes in size.

Answer 35

255 packets were monitored.

Most of the packets monitored were 1536 bytes in size.

Question 36

Which of the following cannot be analyzed using the data collected by NetFlow?

1. Departmental billings for network usage
2. CPU usage
3. Potential security issues
4. Network baselines

Answer 36

CPU usage

Question 37

Which device does NetFlow operate on?

1. Network adapter
2. Host device
3. Operating system
4. Network device

Answer 37

Network device

Question 38

The storage area where NetFlow data is stored on a device is known as what?

1. Export or transport mechanism
2. NetFlow management collector
3. NetFlow Ccche
4. Packet header

Answer 38

NetFlow Ccche

Question 39

Your NetFlow records are currently formatted for version 5. You need to change to version 9. Which of the following commands would you use?

1. ip flow-export destination 5
2. ip flow-export destination 9
3. ip flow-export version 9
4. ip flow-export version 5

Answer 39

ip flow-export version 9

Question 40

You have set up a NetFlow collector using IP address 172.17.8.25 on UDP port 2055. Which of the following commands will redirect records to the new collector?

1. ip flow-export destination 172.17.8.25 2055
2. ip flow-export source 172.17.8.25 2055
3. ip flow ingress 172.17.8.25 2055
4. ip flow-export interface 172.17.8.25 2055

Answer 40

ip flow-export destination 172.17.8.25 2055

Question 41

Queue schedulers are used for congestion management and define how a device will work through its queue.

Match the names of the most commonly used queue schedulers on the left with the appropriate description on the right. (Each name can only be used once.)

Round Robin—-Labels one queue as priority. Rotates through the queues and sends out multiple packets from the priority queue.

Class-Based Weighted Fair —-Queuing Labels one queue as priority. Rotates through the queues and sends out multiple packets from the priority queue.

Weighted Round Robin—-Assigns each queue a minimum bandwidth percentage.

Answer 41

Weighted Round Robin=Labels one queue as priority. Rotates through the queues and sends out multiple packets from the priority queue.

Round Robin=Rotates through each queue and processes and sends the next available packet.

Class-Based Weighted Fair Queuing=Assigns each queue a minimum bandwidth percentage.

Question 42

Many queue schedulers are able to identify a low-latency queue. What do queue schedulers do when processing low-latency queues?

1. As the scheduler rotates through the queues, packets in the low-latency queue must be streamed to the buffer.
2. Before the scheduler moves on to other queues, the low-latency queue must first be cleared.
3. The scheduler labels these queues as high priority. When the scheduler gets to one of these queues, it sends out multiple packets instead of just one.
4. The scheduler labels these queues as low priority. The scheduler processes packets in these queues last.

Answer 42

Before the scheduler moves on to other queues, the low-latency queue must first be cleared.

Question 43

Quality of Service (QoS) is particularly important when implementing Voice over IP (VoIP), Video over IP, online gaming, or unified communications, in which delay or data loss make the overall experience unacceptable. QoS uses certain metrics to determine communication quality.

Match the names of the metrics on the left with the appropriate description on the right. (Each metric name can only be used once.)

The amount of time that passes from when a packet is sent to when it arrives.

Delay

The percentage of packets that do not arrive at their destination.

Loss

The variation in delay when sending multiple packets from the same device.

Jitter

The capacity of a connection between two or more devices.

Bandwidth

Answer 43

The amount of time that passes from when a packet is sent to when it arrives.

Delay

The percentage of packets that do not arrive at their destination.

Loss

The variation in delay when sending multiple packets from the same device.

Jitter

The capacity of a connection between two or more devices.

Bandwidth

Question 44

During a heavy network traffic period, the maximum traffic rate is exceeded. To handle this, QoS drops all incoming traffic.
Which QoS method is being used?

1. Shaping
2. Policing
3. Queuing
4. Marking

Answer 44

Policing

Question 45

Real-time voice and video communications require a minimum level of quality in order to provide adequate services. The tables shown below contain the minimum metric specifications for real-time voice and video.

From the drop-down lists below each table, select the communication type that the table pertains to.

Video/VoIP

Metric

Description

Bandwidth> 384 KbpsDelay< 400 msJitter< 50 msLoss< .1%-1%

Metric

Description

BandwidthN/ADelay< 150 msJitter< 30 msLoss< 1%

Answer 45

Metric

Description

Bandwidth> 384 KbpsDelay< 400 msJitter< 50 msLoss< .1%-1%

Video

Metric

Description

BandwidthN/ADelay< 150 msJitter< 30 msLoss< 1%

VoIP

Question 46

Data on the network is being processed as it comes in. Which QoS method is being used?

1. Classification and Marking
2. Differentiated Services
3. Integrated Services
4. Best Effort

Answer 46

Best Effort

Question 47

A user is playing an online game. When they press a key to perform an action, it takes at least one second for the action to be performed on screen.

Which QoS metric is having issues?

1. Jitter
2. Delay
3. Bandwidth
4. Loss

Answer 47

Delay

Question 48

You have implemented a QoS model where each application must request network resources. The router will approve or deny the request based on available resources.

Which QoS model is being used?

1. Differentiated Services
2. Classification and Marking
3. Integrated Services
4. Best Effort

Answer 48

Integrated Services

Question 49

Which of the following are common network traffic types that QoS is used to manage? (Select two.)

1. Streaming video
2. Email
3. Data migration
4. Interactive applications
5. Server backups

Answer 49

Streaming video

Interactive applications

Question 50

Quality of Service (QoS) prioritizes traffic from different data streams by using two classification systems.

Match the name of the QoS classification system on the left with the appropriate descriptions on the right. (Each classification system may be used once, more than once, or not at all.)

Individual frames are marked and classified at Layer 2.

Class of Service (COS)

Classification occurs at Layer 3.

Differentiated Services Code Point (DSCP)

Precedence values are inserted in the DiffServ field of an IP packet.

Differentiated Services Code Point (DSCP)

A priority value between 0 and 7 is assigned to a 3-bit field.

Class of Service (COS)

Up to 64 different classifications are possible.

Differentiated Services Code Point (DSCP)

Answer 50

Class of Service (COS)

Classification occurs at Layer 3.

Differentiated Services Code Point (DSCP)

Precedence values are inserted in the DiffServ field of an IP packet.

Differentiated Services Code Point (DSCP)

A priority value between 0 and 7 is assigned to a 3-bit field.

Class of Service (COS)

Up to 64 different classifications are possible.

Differentiated Services Code Point (DSCP)

Question 51

Match each component of the software-defined network (SDN) model on the left with the appropriate description on the right. Each component may be used more than once.

Northbound controller interface

Southbound controller interface

API

1. Used by the applications on the controller to obtain information about the network.
2. Performs the function of monitoring network traffic.
3. Used to communicate with all of the physical network devices on the network.
4. Used by software applications on the controller to obtain information about the network.
5. Performs the function of learning about the network topology.
6. Controller
7. Designates the accepted method of communication between the controller, network devices, and installed applications.

Answer 51

1. Used by the applications on the controller to obtain information about the network.
   
   1. Northbound controller interface
2. Performs the function of monitoring network traffic.
   
   1. Controller
3. Used to communicate with all of the physical network devices on the network.
   
   1. Southbound controller interface
4. Performs the function of learning about the network topology.
   
   1. Controller
5. Designates the accepted method of communication between the controller, network devices, and installed applications.
   
   1. API
6. Used by software applications on the controller to obtain information about the network.
   
   1. API

Question 52

Packet switching, packet routing, and packet interpretation are examples of network communications. On which plane do these network communications occur?

1. The data plane
2. The management plane
3. The distributed plane
4. The control plane

Answer 52

The data plane

Question 53

In traditional networking models, the data plane, control plane, and management plane are all contained within the firmware of networking devices.

This is known as what kind of architecture?

Answer 53

distributed

Question 54

Enterprise networks are simplifying network management by moving away from the distributed architecture model for managing network communications.

What is the name of the network management model that replaces the distributed architecture model?

1. Software-defined networking (SDN)
2. Graphical network usability (GNU)
3. Automated management programming (AMP)
4. Centralized network control (CNC)

Answer 54

Software-defined networking (SDN)

Question 55

Software-defined networking (SDN) works by using software to configure and control the network, rather than relying on device-specific static configurations. The SDN model creates a centralized architecture that replaces the distributed architecture model.

How does this shift to a centralized architecture affect the three planes of network communication?

1. The data plane and control plane have to be combined into one data-control plane.
2. The data plane and control plane have to be separated.
3. The three planes are flattened into one central management plane.
4. The planes of network communication become obsolete.

Answer 55

The data plane and control plane have to be separated.

Question 56

rag each network plane on the left to the appropriate troubleshooting task on the right. Each plane may be used once, more than one, or not at all.

Determine how traffic moves from one place to another.

Management plane

Control plane

Data plane

1. Determine whether VLANs are configured on each switch.
2. Examine the forwarding logic on each device.
3. Use SNMP to monitor network switches.
4. Isolate filtering and port security problems.
5. Determine how traffic moves from one place to another.

Answer 56

Determine whether VLANs are configured on each switch. Data plane

Examine the forwarding logic on each device. Data plane

Isolate filtering and port security problems. Data plane

Use SNMP to monitor network switches. Management plane

Determine how traffic moves from one place to another. Control plane

Question 57

You have a small network as shown. You are troubleshooting connectivity issues at Wrk1.

From Wrk1, you are able to ping hosts Wrk2 and Wrk3. A ping to any host in the main office fails. From Wrk2, you can ping any host in the branch office, but you cannot ping any host in the main office.

What is the most likely cause of the problem? (Select two.)

1. Incorrect IP address or subnet mask setting on the switch.
2. Bad cable between the switch and the SFO router.
3. Incorrect default gateway address on the switch.
4. Fa0/24 on the switch is bad.
5. Incorrect default gateway address on Wrk1.

Answer 57

Bad cable between the switch and the SFO router.

Fa0/24 on the switch is bad.

Question 58

You have a small network as shown.

Wrk1 is unable to communicate with Wrk2. Wrk1 can ping the router and all internet hosts. Wrk2 can ping Wrk3.

What is the most likely cause of the problem?

1. Port security is configured for Fa0/2.
2. The cable connecting Wrk2 to Fa0/2 is bad.
3. An access list on the switch prevents communications between Wrk1 and Wrk2.
4. Wrk1 and Wrk2 are on separate VLANs.
5. Wrk2 is configured with an incorrect default gateway address.

Answer 58

1. Wrk1 and Wrk2 are on separate VLANs.

Question 59

Put the 7-step troubleshooting process in order.

1. Define the problem
2. Gather information
3. Analyze information
4. Eliminate probable causes
5. Propose hypothesis
6. Test hypothesis
7. Solve the problem

Answer 59

1. Define the problem
2. Gather information
3. Analyze information
4. Eliminate probable causes
5. Propose hypothesis
6. Test hypothesis
7. Solve the problem

Question 60

Which of the following troubleshooting methods is based on the troubleshooting experience and the ability of the technician?

1. Divide-and-Conquer
2. Educated Guess
3. Substitution
4. Bottom-Up

Answer 60

Educated Guess

Question 61

In reference to cloud computing, what does the term cloud mean?

1. It is a metaphor for a data storage service with an ever-growing capacity, like storm clouds.
2. It refers to the virtual hardware that cloud computing is built on.
3. It is a metaphor for the internet based on the basic cloud drawing used to represent the telephone network.
4. It is the name of an operating system that is very flexible and easy to use so anyone can design, build, and provide cloud services, such as Infrastructure as a Service, Platform as a Service, and Software as a Service.

Answer 61

It is a metaphor for the internet based on the basic cloud drawing used to represent the telephone network.

Question 62

Cloud resources are implemented in several ways.

Match the cloud implementations listed on the left with the appropriate descriptions on the right. (Each implementation type may be used once, more than once, or not at all.)

Designed to be shared by several organizations.

Community cloud

Examples: Gmail and Google Docs.

Public cloud

Provides resources to a single organization.

Private cloud

Accessible to everyone.

Public cloud

Accessible only by users within the single organization.

Private cloud

Answer 62

Designed to be shared by several organizations.

Community cloud

Examples: Gmail and Google Docs.

Public cloud

Provides resources to a single organization.

Private cloud

Accessible to everyone.

Public cloud

Accessible only by users within the single organization.

Private cloud

Question 63

Cloud resource service models include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

Match each service model listed on the left with the appropriate description on the right. (Each service model may be used once, more than once, or not at all.)

Provider delivers everything a developer needs to build an application.

PaaS

Providers deliver processing, storage, networks, and virtualized environment services.

IaaS

Clients deploy and run software without purchasing servers, data center space, or network equipment.

IaaS

Provider delivers applications to the client either over the internet or on a local area network.

Saas

Client avoids the cost and complexity of buying and managing the underlying hardware and software layers.

PaaS

Answer 63

Provider delivers everything a developer needs to build an application.

PaaS

Providers deliver processing, storage, networks, and virtualized environment services.

IaaS

Clients deploy and run software without purchasing servers, data center space, or network equipment.

IaaS

Provider delivers applications to the client either over the internet or on a local area network.

Saas

Client avoids the cost and complexity of buying and managing the underlying hardware and software layers.

PaaS

Question 64

What type of resources offer the following advantages?

• Flexibility of access
• Ease of use
• Self-service provisioning of resources
• API availability
• Metering of services
• Ability to try out software applications

Answer 64

Cloud

Question 65

Which of the following allows multiple virtual machines to exist on the same physical machine and share its underlying physical resources?

1. Cloud
2. Hypervisor
3. Virtualization
4. Operating system

Answer 65

Virtualization

Question 66

When additional resources are needed on a virtual machine, the hypervisor increases available resources up to the maximum set amount. What is this process called?

1. Resource pooling
2. Rapid elasticity
3. On-demand self service
4. Thin provisioning

Answer 66

Thin provisioning

Question 67

What are the main types of cloud services? (Select two.)

1. Infrastructure cloud services
2. External cloud services
3. Platform cloud services
4. Internal cloud services
5. Software cloud services

Answer 67

Internal cloud services

External cloud services

Question 68

Cloud services can also offer virtual network infrastructures, which include a variety of virtual components.

Match each virtual component on the left with the appropriate description on the right. (Each component may be used only once.)

Uses Ethernet standards to transmit and receive frames on the network.

Virtual network interface

Implemented within the hypervisor to monitor and filter traffic on the virtual network as it flows between virtual machines.

Virtual firewall

Can be defined within the virtual switch and associated with specific hosts.

Virtual VLAN

Can support multiple networks on each of its interfaces, unlike the physical version.

Virtual router

Builds a table that identifies which MAC addresses are connected to each of its ports.

Virtual switch

Answer 68

Uses Ethernet standards to transmit and receive frames on the network.

Virtual network interface

Implemented within the hypervisor to monitor and filter traffic on the virtual network as it flows between virtual machines.

Virtual firewall

Can be defined within the virtual switch and associated with specific hosts.

Virtual VLAN

Can support multiple networks on each of its interfaces, unlike the physical version.

Virtual router

Builds a table that identifies which MAC addresses are connected to each of its ports.

Virtual switch

Question 69

Which of the following solutions can help with security when you are implementing an external cloud service?

1. Private WAN connection
2. Intercloud exchange
3. VPN
4. VLAN

Answer 69

VPN

Question 70

The National Institute of Standards and Technology (NIST) has established five characteristics that a true cloud service must have.

Match each characteristic to its description.

Seamlessly increasing and decreasing resources as needed.

Rapid elasticity

The service needs to be provided over a network and be available in multiple platforms.

Broad network access

Resources can be controlled and optimized automatically.

Measured service

On-demand self service users must be able to dynamically obtain resources.

On-demand self service

Multiple resources can be used by multiple users and can scale dynamically.

Resource pooling

Answer 70

Seamlessly increasing and decreasing resources as needed.

Rapid elasticity

The service needs to be provided over a network and be available in multiple platforms.

Broad network access

Resources can be controlled and optimized automatically.

Measured service

On-demand self service users must be able to dynamically obtain resources.

On-demand self service

Multiple resources can be used by multiple users and can scale dynamically.

Resource pooling

Question 71

You are providing a VPN solution for employees who work remotely. When these employees change locations, they lose their VPN connection, so you want them to automatically reconnect if the VPN connection is lost or disconnected.

Which VPN security protocol supports VPN reconnect functionality?

1. PPTP
2. IKEv2
3. L2TP
4. SSTP

Answer 71

IKEv2

Question 72

A VPN (Virtual Private Network) is primarily used for which purpose?

1. Allow remote systems to save on long distance charges.
2. Allow the use of network-attached printers.
3. Support secured communications over an untrusted network.
4. Support the distribution of public web documents.

Answer 72

Support secured communications over an untrusted network.

Question 73

You need to implement a solution for the sales reps who complain that they are unable to establish VPN connections when they travel because the hotel or airport firewalls block the necessary VPN ports.

Which VPN security protocol can you use to resolve this issue?

1. IPsec
2. PPTP
3. SSTP
4. L2TP

Answer 73

SSTP

Question 74

Which of the following provides a VPN gateway that encapsulates and encrypts outbound traffic from a site and sends the traffic through the VPN tunnel to the VPN gateway at the target site?

1. SSL VPN
2. Remote access VPN
3. GRE over IPsec
4. Site-to-site IPsec VPN

Answer 74

Site-to-site IPsec VPN

Question 75

Which of the following are benefits a VPN provides? (Select two.)

1. Cost savings
2. Faster connection
3. Easy setup
4. Compatibility

Answer 75

Cost savings

Compatibility

Question 76

In addition to AH, IPsec is composed of which other service?

Extended Authentication Protocol (EAP)

Encryption File System (EFS)

Advanced Encryption Standard (AES)

Encapsulating Security Payload (ESP)

Answer 76

Encapsulating Security Payload (ESP)

Question 77

Which IPsec subprotocol provides data encryption?

1. Secure Sockets Layer (SSL)
2. Encapsulating Security Payload (ESP)
3. Authentication Header (AH)
4. Advanced Encryption Standard (AES)

Answer 77

Encapsulating Security Payload (ESP)

Question 78

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)

L2TP

SSL

AH

ESP

EPS

Answer 78

AH

ESP

Question 79

IPSec uses which method for key exchange?

1. Tunnel Mode
2. Rivest-Shamir-Adleman
3. SSL
4. Diffie-Hellman

Answer 79

Diffie-Hellman

Question 80

Which of the following are IPsec methods of operation? (Select two.)

1. Tunnel Mode
2. Single Mode
3. Secure Mode
4. Multimode
5. Transport Mode

Answer 80

Tunnel Mode

Transport Mode

Question 81

Which of the following gateway redundancy protocols are Cisco proprietary? (Select two.)

1. PoE
2. GLBP
3. HSRP
4. STP
5. VRRP

Answer 81

1. GLBP
2. HSRP

Question 82

A router serving as the AVG in a GLBP group has which of the following responsibilities? (Select two.)

1. The AVG forwards all ARP requests to the default virtual gateway.
2. The AVG assigns a virtual MAC address to each router of the GLBP group.
3. The AVG dynamically configures the host with the GLBP group’s virtual IP address.
4. The AVG is responsible for answering Address Resolution Protocol (ARP) requests for the virtual IP address.
5. The AVG cannot assume the responsibilities of an AVF.

Answer 82

The AVG assigns a virtual MAC address to each router of the GLBP group

The AVG is responsible for answering Address Resolution Protocol (ARP)

Question 83

What happens when an HSRP active router fails? (Select two.)

1. The virtual IP address is cleared from the virtual router’s ARP cache and repopulated with the standby router’s virtual IP address.
2. Additional HSRP member routers transition from the listen state after the holdtime expires on the hello message.
3. The HSRP original active router cannot be preempted.
4. The active router returns to service within the holdtime amount on the hello message.
5. The HSRP standby router becomes the active router after the holdtime expires on the hello message.

Answer 83

Additional HSRP member routers transition from the listen state after the holdtime expires on the hello message.

The HSRP standby router becomes the active router after the holdtime expires on the hello message.

Question 84

What effect does the standby 2 track serial 0/0 25 interface configuration command have? (Select two.)

It decrements the HSRP group priority by 10 if the interface goes down.

Changes the default standby priority value from 100 to 25 for the interface.

The HSRP standby router will become the active router if the active router has default configurations and the standby router is configured with a group priority of 150.

It decrements the HSRP group priority by 25 if the interface goes down.

The HSRP standby router will become the active router if both routers have default configurations.

Answer 84

It decrements the HSRP group priority by 25 if the interface goes down.

The HSRP standby router will become the active router if both routers have default configurations.

Question 85

You have two routers that should be configured for gateway redundancy. The following commands are entered for each router:

Which of the following is true? (Select two.)

1. Router B needs to be configured with the virtual IP address for the group.
2. Router B will serve as active router, and Router A will serve as standby router.
3. Router A will serve as master router, and Router B will serve as backup router.
4. The virtual IP address is 172.16.0.1.
5. Router A will serve as active router, and Router B will serve as standby router.

Answer 85

Router B will serve as active router, and Router A will serve as standby router.

The virtual IP address is 172.16.0.1.

Question 86

You have two routers that should be configured for gateway redundancy. The following commands are entered for each router.

Which of the following is true? (Select two.)

1. Router B will serve as the active router for HSRP group 2 and the backup router for HSRP group 5.
2. Router A will serve as the active router for GLBP group 5 and the backup router for GLBP group 2.
3. Router B will serve as the active router for HSRP group 5 and the backup router for HSRP group 2.
4. Router A will serve as the active router for HSRP group 5 and the backup router for HSRP group 2.
5. Router A will serve as the active router for HSRP group 2 and the backup router for HSRP group 5.

Answer 86

Router B will serve as the active router for HSRP group 5 and the backup router for HSRP group 2.

Router A will serve as the active router for HSRP group 2 and the backup router for HSRP group 5.

Question 87

Which of the following best describes the various HSRP group roles? (Select two.)

1. An active router defers forwarded traffic through the master router if it is destined for a virtual IP address.
2. An active router forwards traffic destined to the virtual IP address.
3. A master router forwards traffic destined to the virtual IP address.
4. A standby router will become the active router should the existing active router fail.
5. A backup router will become the master router should the existing master router fail.

Answer 87

A standby router will become the active router should the existing active router fail.

An active router forwards traffic destined to the virtual IP address.

Question 88

How does standby preemption affect the router configured with the highest priority in the HSRP group? (Select two.)

1. If the active router fails and then regains service, it does not become the active router again when preemption is not enabled.
2. If the standby router fails and then regains service, it becomes the active router if preemption is enabled.
3. If the active router fails and then regains service, it becomes the active router again if preemption is enabled.
4. If the active router fails and then regains service, it becomes the active router again, regardless of whether preemption is enabled.
5. If preemption is disabled, the standby router takes over as the active router.

Answer 88

If the active router fails and then regains service, it does not become the active router again when preemption is not enabled.

If the active router fails and then regains service, it becomes the active router again if preemption is enabled.

Question 89

In which of the following scenarios would a router send a resign message?

1. If an active router fails, the standby router becomes the active router. If the former active router regains service and does not have preemption enabled, it sends a coup message. The current active router sends the resign message after receiving the coup message.
2. If a preempted active router fails, the standby router becomes the active router. If the preempted active router regains service, it sends a hello message. The current active router will continue to send hello messages, indicating that the router states will remain the same.
3. If an active router fails, the standby router becomes the active router. If the former active router regains service, it sends a hello message. The current active router sends the resign message after receiving the hello message.
4. If a preempted active router fails, the standby router becomes the active router. If the preempted active router regains service, it sends a coup message. The current active router sends the resign message after receiving the coup message.

Answer 89

If a preempted active router fails, the standby router becomes the active router. If the preempted active router regains service, it sends a coup message. The current active router sends the resign message after receiving the coup message.

Question 90

Which effect does the standby 2 priority 110 interface configuration command have?

The priority is decreased below the default.

The interface will participate in HSRP group 110.

The interface will participate in HSRP.

The group priority is increased above the default.

Answer 90

The group priority is increased above the default.

Question 91

Which of the following are configuration management tools? (Select two.)

1. Manifest
2. SaltStack
3. Ansible
4. Cookbook
5. Playbook

Answer 91

SaltStack

Ansible

Question 92

Which data format is the following snippet in?

success 1560789260

25. 9990
    - 132.6992
26. Python
27. XML
28. JSON
29. YAML

Answer 92

XML

Question 93

Which data format is the following snippet in?

message: success
timestamp: 1560789260 iss_position:
latitude: ‘25.9990’ longitude: ‘-132.6992’

1. XML
2. YAML
3. Python
4. JSON

Answer 93

YAML

Question 94

Arranging multiple automated tasks together to create a workflow is known as what?

1. Orchestration
2. Configuration management
3. API
4. Automation

Answer 94

Orchestration

Question 95

Which of the following API types can be used with no restrictions?

1. Internal
2. Open
3. Partner
4. Private

Answer 95

Open

Question 96

When you request a web page from a server, which type of HTTP command is sent?

1. PUT
2. POST
3. GET
4. REST

Answer 96

GET

Question 97

Any API that follows the rules of the REST architecture is considered RESTful. Which of the following features must an API have to be considered RESTful? (Select three.)

Stateful

Agentless

Stateless

Server-only

Client-server

Cacheable

Agent-based

Answer 97

Stateless

Client-server

Cacheable

Question 98

A fully automated network that focuses on using software to maintain the network is known as what?

1. Intent-based network
2. Software-defined network
3. Traditional network
4. Automated network

Answer 98

Intent-based network

Question 99

Which of the following are essential functions of IBN? (Select three.)

Speed

Assurance

Translation

Security

Activation

Easily configured

Answer 99

Assurance

Translation

Activation

Question 100

Match each Cisco DNA solution to its associated benefit.

Machine learning continually improves network intelligence to predict problems before they occur.-Cisco DNA Assurance

Delivers better user experiences for applications residing on-premise or in the cloud.-SD-WAN

Enables network access in minutes for any user or device to any application without compromising security.-SD-Access

Reduces risk and protects the organization from threats - even in encrypted traffic.-Cisco DNA Security

Answer 100

Machine learning continually improves network intelligence to predict problems before they occur.-Cisco DNA Assurance

Delivers better user experiences for applications residing on-premise or in the cloud.-SD-WAN

Enables network access in minutes for any user or device to any application without compromising security.-SD-Access

Reduces risk and protects the organization from threats - even in encrypted traffic.-Cisco DNA Security