ENSA 7 Flashcards
Refer to the exhibit. Which devices exist in the failure domain when switch S3 loses power?
S4 and PC_2
PC_3 and AP_2
AP_2 and AP_1
PC_3 and PC_2
S1 and S4
PC_3 and AP_2
A failure domain is the area of a network that is impacted when a critical device such as switch S3 has a failure or experiences problems.
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
For an extended ACL to meet these requirements the following need to be included in the access control entries:
identification number in the range 100-199 or 2000-2699
permit or deny parameter
protocol
source address and wildcard
destination address and wildcard
port number or name
Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?
5 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.255.255
15 deny 172.23.16.0 0.0.15.255
30 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.15.255
Explanation: The only filtering criteria specified for a standard access list is the source IPv4 address. The wild card mask is written to identify what parts of the address to match, with a 0 bit, and what parts of the address should be ignored, which a 1 bit. The router will parse the ACE entries from lowest sequence number to highest. If an ACE must be added to an existing access list, the sequence number should be specified so that the ACE is in the correct place during the ACL evaluation process.
Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?
executing the SPF algorithm
building the topology table
selecting the router ID
declaring a neighbor to be inaccessible
building the topology table
What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?
SYSLOG
TFTP
CBWFQ
SNMP
SNMP
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?
0.0.0.63
0.0.0.255
0.0.0.31
0.0.0.15
0.0.0.255
When will an OSPF-enabled router transition from the Down state to the Init state?
when an OSPF-enabled interface becomes active
as soon as the router starts
when the router receives a hello packet from a neighbor router
as soon as the DR/BDR election process is complete
when an OSPF-enabled interface becomes active
Explanation: When OSPFv2 is enabled, the enabled Gigabit Ethernet 0/0 interface transitions from the Down state to the Init state. R1 starts sending Hello packets out all OSPF-enabled interfaces to discover OSPF neighbors to develop adjacencies with.
What type of traffic is described as having a high volume of data per packet?
data
video
voice
VIDEO
What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?
LLDP
NTP
TFTP
SNMP
LLDP
Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?
building the topology table
selecting the router ID
declaring a neighbor to be inaccessible
executing the SPF algorithm
executing the SPF algorithm
Refer to the exhibit. Which conclusion can be drawn from this OSPF multiaccess network?
If the DR stops producing Hello packets, a BDR will be elected, and then it promotes itself to assume the role of DR.
With an election of the DR, the number of adjacencies is reduced from 6 to 3.
When a DR is elected all other non-DR routers become DROTHER.
All DROTHER routers will send LSAs to the DR and BDR to multicast 224.0.0.5.
With an election of the DR, the number of adjacencies is reduced from 6 to 3.
Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?
extended ACL outbound on R2 WAN interface towards the internet
standard ACL inbound on R1 vty lines
extended ACLs inbound on R1 G0/0 and G0/1
extended ACL outbound on R2 S0/0/1
standard ACL inbound on R1 vty lines
Explanation: Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible.
Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure.
Which type of VPN connects using the Transport Layer Security (TLS) feature?
SSL VPN
IPsec virtual tunnel interface
GRE over IPsec
dynamic multipoint VPN
SSL VPN
Explanation: When a client negotiates an SSL VPN connection with the VPN gateway, it connects using Transport Layer Security (TLS). TLS is the newer version of SSL and is sometimes expressed as SSL/TLS. The two terms are often used interchangeably
Which group of APIs are used by an SDN controller to communicate with various applications?
eastbound APIs
westbound APIs
northbound APIs
southbound APIs
northbound APIs
A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?
Cisco ACI
software defined networking
Type-1 hypervisor
APIC-EM
Type-1 hypervisor
What command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated?
ip nat inside source list 24 interface serial 0/1/0 overload
ip nat inside source list 14 pool POOL-STAT overload
access-list 10 permit 172.19.89.0 0.0.0.255
ip nat inside source list ACCTNG pool POOL-STAT
access-list 10 permit 172.19.89.0 0.0.0.255
Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting, what service or technology would support requirement?
Cloud services
Data center
APIC-EM
Cisco ACI
Cloud Services
Refer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the command copy usbflash0:/R1-config running-config on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem?
The file already exists on the USB drive and cannot be overwritten.
The drive was not properly formatted with the FAT16 file system.
There is no space left on the USB drive.
The USB drive is not recognized by the router.
The command that the administrator used was incorrect.
The command that the administrator used was incorrect.
Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)
Layer 3 MPLS VPN
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
clientless SSL VPN
client-based IPsec VPN
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation?
standard ACL inbound on R1 vty lines
extended ACL inbound on R1 G0/0
standard ACL inbound on R1 G0/1
extended ACL inbound on R3 S0/0/1
standard ACL inbound on R1 G0/1
