Final Exam CCNA 3 V7 Flashcards
Which design feature will limit the size of a failure domain in an enterprise network?
the purchase of enterprise equipment that is designed for large traffic volume
the installation of redundant power supplies
the use of a collapsed core design
the use of the building switch block approach
the use of the building switch block approach
Which two things should a network administrator modify on a router to perform password recovery? (Choose two.)
the system image file the NVRAM file system the configuration register value the startup configuration file system ROM
the configuration register value
the startup configuration file
What type of network uses one common infrastructure to carry voice, data, and video signals?
borderless
converged
managed
switched
converged
What are three advantages of using private IP addresses and NAT? (Choose three.)
hides private LAN addressing from outside devices that are connected to the Internet
permits LAN expansion without additional public IP addresses
reduces CPU usage on customer routers
creates multiple public IP addresses
improves the performance of the router that is connected to the Internet
conserves registered public IP addresses
hides private LAN addressing from outside devices that are connected to the Internet
permits LAN expansion without additional public IP addresses
conserves registered public IP addresses
Which two scenarios are examples of remote access VPNs? (Choose two.)
All users at a large branch office can access company resources through a single VPN connection.
A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
What are three benefits of cloud computing? (Choose three.)
It utilizes end-user clients to do a substantial amount of data preprocessing and storage.
It uses open-source software for distributed processing of large datasets.
It streamlines the IT operations of an organization by subscribing only to needed services.
It enables access to organizational data anywhere and at any time.
It turns raw data into meaningful information by discovering patterns and relationships.
It eliminates or reduces the need for onsite IT equipment, maintenance, and management.
It streamlines the IT operations of an organization by subscribing only to needed services.
It enables access to organizational data anywhere and at any time.
It eliminates or reduces the need for onsite IT equipment, maintenance, and management.
What is a characteristic of a single-area OSPF network?
All routers share a common forwarding database.
All routers have the same neighbor table.
All routers are in the backbone area.
All routers have the same routing table.
All routers are in the backbone area.
What is a WAN?
a network infrastructure that spans a limited physical area such as a city
a network infrastructure that provides access to other networks over a large geographic area
a network infrastructure that provides access in a small geographic area
a network infrastructure designed to provide data storage, retrieval, and replication
a network infrastructure that provides access to other networks over a large geographic area
A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?
data center
virtualization
dedicated servers
software defined networking
data center
Which type of OSPF packet is used by a router to discover neighbor routers and establish neighbor adjacency?
link-state update
hello
database description
link-state request
hello
Which two statements are characteristics of a virus? (Choose two.)
A virus has an enabling vulnerability, a propagation mechanism, and a payload.
A virus can be dormant and then activate at a specific time or date.
A virus provides the attacker with sensitive data, such as passwords.
A virus replicates itself by independently exploiting vulnerabilities in networks.
A virus typically requires end-user activation.
A virus can be dormant and then activate at a specific time or date.
A virus typically requires end-user activation.
Explanation: The type of end user interaction required to launch a virus is typically opening an application, opening a web page, or powering on the computer. Once activated, a virus may infect other files located on the computer or other computers on the same network.
Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?
ISDN
DSL
cable
dialup
DSL
A customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?
packet-switched network
Ethernet WAN
circuit-switched network
MPLS
Ethernet WAN
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use debuggers?
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
to obtain specially designed operating systems preloaded with tools optimized for hacking
to detect any evidence of a hack or malware in a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?
R1#Standard IP access list 2
10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (1 match)
Two devices connected to the router have IP addresses of 192.168.10. x .
Two devices were able to use SSH or Telnet to gain access to the router.
Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
Two devices were able to use SSH or Telnet to gain access to the router.
What command would be used as part of configuring NAT or PAT to clear dynamic entries before the timeout has expired?
clear ip dhcp
clear ip nat translation
clear access-list counters
clear ip pat statistics
clear ip nat translation
What are two characteristics of video traffic? (Choose two.)
Video traffic consumes less network resources than voice traffic consumes.
Video traffic latency should not exceed 400 ms.
Video traffic is more resilient to loss than voice traffic is.
Video traffic requires a minimum of 30 kbs of bandwidth.
Video traffic is unpredictable and inconsistent.
Video traffic latency should not exceed 400 ms.
Video traffic is unpredictable and inconsistent.
Refer to the exhibit. A technician is configuring R2 for static NAT to allow the client to access the web server. What is a possible reason that the client PC cannot access the web server?
https://itexamanswers.net/wp-content/uploads/2016/02/2017-06-26_224429.jpg
The IP NAT statement is incorrect.
Interface Fa0/1 should be identified as the outside NAT interface.
Interface S0/0/0 should be identified as the outside NAT interface.
The configuration is missing a valid access control list.
Interface S0/0/0 should be identified as the outside NAT interface.
Explanation: Interface S0/0/0 should be identified as the outside NAT interface. The command to do this would be R2(config-if)# ip nat outside.
In setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?
UPnP
MAC filtering
NAT
QoS
NAT
Explanation: Network Address Translation (NAT) is the process used to convert private addresses to internet-routable addresses that allow office devices to access the internet.
A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?
online collaboration
BYOD
virtualization
maintaining communication integrity
virtualization
Refer to the exhibit. Which address or addresses represent the inside global address?
https://itexamanswers.net/wp-content/uploads/2016/02/2017-06-26_224149.jpg
192.168.0.100
10.1.1.2
any address in the 10.1.1.0 network
209.165.20.25
209.165.20.25
Which two IPsec protocols are used to provide data integrity?
MD5 DH AES SHA RSA
MD5
SHA
If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?
The Cisco AnyConnect client is installed by default on most major operating systems.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
The host initiates a clientless connection to a TFTP server to download the client.
The host initiates a clientless connection to an FTP server to download the client.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)
leased line cable digital subscriber line Ethernet WAN municipal Wi-Fi
leased line
Ethernet WAN
Which type of QoS marking is applied to Ethernet frames?
IP precedence
DSCP
ToS
CoS
CoS
Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.)
https://itexamanswers.net/wp-content/uploads/2017/03/2017-03-11_115313.jpg
Both routers are configured to use NTPv2.
Router R1 is the master, and R2 is the client
The IP address of R2 is 192 168.1.2.
Router R2 is the master, and R1 is the client
The IP address of R1 is 192.168.1.2
Router R1 is the master, and R2 is the client
The IP address of R1 is 192.168.1.2
Explanation: With the show NTP associations command, the IP address of the NTP master is given.
Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
https://itexamanswers.net/wp-content/uploads/2015/06/i209858v1n1_209858.png
R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out
R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
Explanation: The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server.
Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?
https://itexamanswers.net/wp-content/uploads/2016/02/i282157v1n1_282156.png
inbound on the R2 G0/0 interface
outbound on the R1 G0/1 interface
inbound on the R1 G0/1 interface
outbound on the R2 S0/0/1 interface
outbound on the R1 G0/1 interface
Explanation: Because standard access lists only filter on the source IP address, they are commonly placed closest to the destination network. In this example, the source packets will be coming from the R2 G0/0 network. The destination is the R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1 interface.
Which is a characteristic of a Type 2 hypervisor?
does not require management console software
has direct access to server hardware resources
best suited for enterprise environments
installs directly on hardware
does not require management console software
What are the two types of VPN connections? (Choose two.)
PPPoE Frame Relay site-to-site remote access leased line
site-to-site
remote access
Refer to the exhibit. What three conclusions can be drawn from the displayed output? (Choose three.)
https://itexamanswers.net/wp-content/uploads/2017/07/i212860v1n1_212860-1.png
The DR can be reached through the GigabitEthernet 0/0 interface.
There have been 9 seconds since the last hello packet sent.
This interface is using the default priority.
The router ID values were not the criteria used to select the DR and the BDR.
The router ID on the DR router is 3.3.3.3
The BDR has three neighbors.
The DR can be reached through the GigabitEthernet 0/0 interface.
There have been 9 seconds since the last hello packet sent.
The router ID values were not the criteria used to select the DR and the BDR.
Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?
https://itexamanswers.net/wp-content/uploads/2015/06/i209884v1n1_209884.png
The enable secret password is not configured on R1.
The IT group network is included in the deny statement.
The permit ACE specifies a wrong port number.
The permit ACE should specify protocol ip instead of tcp.
The login command has not been entered for vty lines.
The IT group network is included in the deny statement.
Explanation: The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched.
What functionality does mGRE provide to the DMVPN technology?
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
It provides secure transport of private information over public networks, such as the Internet.
It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
Explanation: DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub.
What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?
the FIB
the routing table
the ARP table
the DSP
the ARP table
What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?
show running-config
show ip nat statistics
show ip cache
show version
show ip nat statistics
What is a purpose of establishing a network baseline?
It provides a statistical average for network performance.
It creates a point of reference for future network evaluations.
It manages the performance of network devices.
It checks the security configuration of network devices.
It creates a point of reference for future network evaluations.
Explanation: A baseline is used to establish normal network or system performance. It can be used to compare with future network or system performances in order to detect abnormal situations.
Match the type of WAN device or service to the description. (Not all options are used.)
https://itexamanswers.net/wp-content/uploads/2020/01/2020-07-11_172005.jpg
CPE —> devices and inside wiring that are located on the enterprise edge and connect to a carrier link
DCE —> devices that provide an interface for customers to connect to within the WAN cloud
DTE —> customer devices that pass the data from a customer network for transmission over the WAN
local loop —> a physical connection from the customer to the service provider POP
Which statement describes a characteristic of standard IPv4 ACLs?
They filter traffic based on source IP addresses only.
They can be created with a number but not with a name.
They are configured in the interface configuration mode.
They can be configured to filter traffic based on both source IP addresses and source ports.
They filter traffic based on source IP addresses only.
Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?
https://itexamanswers.net/wp-content/uploads/2016/02/i212258v1n1_212258-2.jpg
NAT-POOL2 is not bound to ACL 1.
Interface Fa0/0 should be identified as an outside NAT interface.
The NAT pool is incorrect.
Access-list 1 is misconfigured.
NAT-POOL2 is not bound to ACL 1.
Explanation: R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would enable the router to check for all interesting traffic and if it matches ACL 1 it would be translated by use of the addresses in NAT-POOL2.
Refer to the exhibit. What method can be used to enable an OSPF router to advertise a default route to neighboring OSPF routers?
https://itexamanswers.net/wp-content/uploads/2017/07/p53-1-1.png
Use a static route pointing to the ISP and redistribute it.
Use the redistribute static command on R0-A.
Use the default-information originate command on ISP.
Use the default-information originate command on R0-A.
Use the default-information originate command on R0-A.
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?
to capture and analyze packets within traditional Ethernet LANs or WLANs
to probe and test the robustness of a firewall by using specially created forged packets
to make repeated guesses in order to crack a password
to make repeated guesses in order to crack a password
What are two syntax rules for writing a JSON array? (Choose two.)
Each value in the array is separated by a comma.
The array can include only one value type.
A space must separate each value in the array.
A semicolon separates the key and list of values.
Values are enclosed in square brackets.
Each value in the array is separated by a comma.
Values are enclosed in square brackets.
What is a characteristic of a Trojan horse as it relates to network security?
An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
Malware is contained in a seemingly legitimate executable program.
Extreme quantities of data are sent to a particular network device interface.
Too much information is destined for a particular memory block, causing additional memory areas to be affecte
Malware is contained in a seemingly legitimate executable program.
Explanation: A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable.
An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?
TCP SYN flood
DNS tunneling
DHCP spoofing
ARP cache poisoning
DHCP Spoofing
Explanation: In DHCP spoofing attacks, an attacker configures a fake DHCP server on the network to issue DHCP addresses to clients with the aim of forcing the clients to use a false default gateway, and other false services. DHCP snooping is a Cisco switch feature that can mitigate DHCP attacks. MAC address starvation and MAC address snooping are not recognized security attacks. MAC address spoofing is a network security threat.
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
data integrity
non-repudiation
origin authentication
data confidentiality
origin authentication
Explanation: Secure communications consists of four elements:
Data confidentiality – guarantees that only authorized users can read the message
Data integrity – guarantees that the message was not altered
Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states
Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to detect any evidence of a hack or malware in a computer or network
to probe and test the robustness of a firewall by using specially created forged packets
to capture and analyze packets within traditional Ethernet LANs or WLANs
to capture and analyze packets within traditional Ethernet LANs or WLANs
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?
- 0.15.255
- 0.3.255
- 0.7.255
- 0.1.255
0.0.3.255
Match the HTTP method with the RESTful operation.
POST –» Create
GET –» Read
PUT/PATCH –» Update/Replace?Modify
Delete –» Delete
POST –» Create
GET –» Read
PUT/PATCH –» Update/Replace?Modify
Delete –» Delete
Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East?
https://itexamanswers.net/wp-content/uploads/2020/01/49.png
782
74
128
65
65
What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?
to activate the OSPF neighboring process
to influence the DR/BDR election process
to provide a backdoor for connectivity during the convergence process
to streamline and speed up the convergence process
to influence the DR/BDR election process
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .
If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied?
permitted
What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?
The spine and leaf switches are always linked through core switches.
The spine switches attach to the leaf switches and attach to each other for redundancy.
The leaf switches always attach to the spines and they are interlinked through a trunk line.
The leaf switches always attach to the spines, but they never attach to each other.
The leaf switches always attach to the spines, but they never attach to each other.
Which two scenarios would result in a duplex mismatch? (Choose two.)
connecting a device with autonegotiation to another that is manually set to full-duplex
starting and stopping a router interface during a normal operation
connecting a device with an interface running at 100 Mbps to another with an interface running at 1000 Mbps
configuring dynamic routing incorrectly
manually setting the two connected devices to different duplex modes
connecting a device with autonegotiation to another that is manually set to full-duplex
manually setting the two connected devices to different duplex modes
A network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting?
authenticates a packet by a string match of the username or community string
authenticates a packet by using either the HMAC with MD5 method or the SHA method
authenticates a packet by using either the HMAC MD5 or 3.HMAC SHA algorithms and encrypts the packet with either the DES, 3DES or AES algorithms
authenticates a packet by using the SHA algorithm only
authenticates a packet by using either the HMAC with MD5 method or the SHA method
Explanation: For enabling SNMPv3 one of three security levels can be configured:
1) noAuth
2) auth
3) priv
The security level configured determines which security algorithms are performed on SNMP packets. The auth security level uses either HMAC with MD5 or SHA.
What are two types of attacks used on DNS open resolvers? (Choose two.)
amplification and reflection resource utilization fast flux ARP poisoning cushioning
amplification and reflection
resource utilization
Explanation: Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sites
DNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack
DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .
If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?
permitted
Which type of resources are required for a Type 1 hypervisor?
a dedicated VLAN
a management console
a host operating system
a management console
In JSON, what is held within square brackets [ ]?
nested values
key/value pairs
an object
an array
an array
What are three components used in the query portion of a typical RESTful API request? (Choose three.)
resources protocol API server format key parameters
format
key
parameters
A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?
top-down
bottom-up
divide-and-conquer
substitution
divide-and-conquer
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
MD5
AES
IPsec
ESP
IPsec
Which statement describes a characteristic of Cisco Catalyst 2960 switches?
They are best used as distribution layer switches.
New Cisco Catalyst 2960-C switches support PoE pass-through.
They are modular switches.
They do not support an active switched virtual interface (SVI) with IOS versions prior to 15.x.
New Cisco Catalyst 2960-C switches support PoE pass-through.
Which component of the ACI architecture translates application policies into network programming?
the hypervisor
the Application Policy Infrastructure Controller
the Nexus 9000 switch
the Application Network Profile endpoints
the Application Policy Infrastructure Controller
Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)
device type cable specification interface identifier OS/IOS version connection type cable type and identifier
interface identifier
connection type
Refer to the exhibit. A PC at address 10.1.1.45 is unable to access the Internet. What is the most likely cause of the problem?
https://itexamanswers.net/wp-content/uploads/2017/06/41.jpg
The NAT pool has been exhausted.
The wrong netmask was used on the NAT pool.
Access-list 1 has not been configured properly.
The inside and outside interfaces have been configured backwards.
The NAT pool has been exhausted.
Explanation: The output of show ip nat statistics shows that there are 2 total addresses and that 2 addresses have been allocated (100%). This indicates that the NAT pool is out of global addresses to give new clients. Based on the show ip nat translations, PCs at 10.1.1.33 and 10.1.1.123 have used the two available addresses to send ICMP messages to a host on the outside network.
What are two benefits of using SNMP traps? (Choose two.)
They eliminate the need for some periodic polling requests.
They reduce the load on network and agent resources.
They limit access for management systems only.
They can provide statistics on TCP/IP packets that flow through Cisco devices.
They can passively listen for exported NetFlow datagrams.
They eliminate the need for some periodic polling requests.
They reduce the load on network and agent resources.
Which statement accurately describes a characteristic of IPsec?
IPsec works at the application layer and protects all application data.
IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
IPsec works at the transport layer and protects data at the network layer.
IPsec is a framework of open standards that relies on existing algorithms.
IPsec is a framework of open standards that relies on existing algorithms.
In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)
connect users to the network provide a high-speed network backbone connect remote networks provide Power over Ethernet to devices provide data traffic security
connect remote networks
provide data traffic security
Which two statements describe the use of asymmetric algorithms? (Choose two.)
Public and private keys may be used interchangeably.
If a public key is used to encrypt the data, a public key must be used to decrypt the data.
If a private key is used to encrypt the data, a public key must be used to decrypt the data.
If a public key is used to encrypt the data, a private key must be used to decrypt the data.
If a private key is used to encrypt the data, a private key must be used to decrypt the data.
If a private key is used to encrypt the data, a public key must be used to decrypt the data.
If a public key is used to encrypt the data, a private key must be used to decrypt the data.
Explanation: Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but the complementary matched key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key encrypts the data, the corresponding public key decrypts the data.
Refer to the exhibit. A network administrator has deployed QoS and has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. Where should initial marking occur to establish the trust boundary?
https://itexamanswers.net/wp-content/uploads/2015/06/i290000v1n1_Trust-Boundary2.jpg
Trust Boundary 4
Trust Boundary 3
Trust Boundary 1
Trust Boundary 2
Trust Boundary 1
Explanation: Traffic should be classified and marked as close to its source as possible. The trust boundary identifies at which device marked traffic should be trusted. Traffic marked on VoIP phones would be considered trusted as it moves into the enterprise network.
What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)
reduced costs decreased number of critical points of failure increased flexibility increased bandwidth availability increased network management options
reduced costs
increased flexibility
What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
to scan for accessibility
to retrieve and modify data
to gather information about the network and devices
to prevent other users from accessing the system
to escalate access privileges
to scan for accessibility
to gather information about the network and devices
A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?
botnet
spyware
virus
rootkit
botnet
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .
If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?
denied
Refer to the exhibit. From which location did this router load the IOS?
https://itexamanswers.net/wp-content/uploads/2015/05/i208382v1n1_208382.png
flash memory NVRAM? RAM ROM a TFTP server?
flash memory
Refer to the exhibit. Which data format is used to represent the data for network automation applications?
https://itexamanswers.net/wp-content/uploads/2019/12/i349058v2n1_347058.png
XML
YAML
HTML
JSON
JSON
Explanation: The common data formats that are used in many applications including network automation and programmability are as follows:
JavaScript Object Notation (JSON) – In JSON, the data known as an object is one or more key/value pairs enclosed in braces { }. Keys must be strings within double quotation marks ” “. Keys and values are separated by a colon.
eXtensible Markup Language (XML) – In XML, the data is enclosed within a related set of tags data.
YAML Ain’t Markup Language (YAML) – In YAML, the data known as an object is one or more key value pairs. Key value pairs are separated by a colon without the use of quotation marks. YAML uses indentation to define its structure, without the use of brackets or commas.
What QoS step must occur before packets can be marked?
classifying
shaping
queuing
policing
classifying
What is the main function of a hypervisor?
It is used to create and manage multiple VM instances on a host machine.
It is a device that filters and checks security credentials.
It is a device that synchronizes a group of sensors.
It is software used to coordinate and prepare data for analysis.
It is used by ISPs to monitor cloud computing resources.
It is used to create and manage multiple VM instances on a host machine.
A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?
Frame Relay
Ethernet WAN
VSAT
ISDN
Ethernet WAN
Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?
https://itexamanswers.net/wp-content/uploads/2015/06/i288031v1n1_Traffic_Policing.png
traffic shaping
weighted random early detection
classification and marking
traffic policing
traffic policing
Explanation: Traffic shaping buffers excess packets in a queue and then forwards the traffic over increments of time, which creates a smoothed packet output rate. Traffic policing drops traffic when the amount of traffic reaches a configured maximum rate, which creates an output rate that appears as a saw-tooth with crests and troughs.
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .
If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied?
denied
Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?
https://itexamanswers.net/wp-content/uploads/2016/02/2017-06-26_224832-1.png
defines which addresses are allowed into the router
defines which addresses can be translated
defines which addresses are assigned to a NAT pool
defines which addresses are allowed out of the router
defines which addresses can be translated
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
12 4 8 16 6
8
Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below.
https://itexamanswers.net/wp-content/uploads/2019/12/i241882v4n1_241882.png
Router(config)# ip access-list extended 101
Router(config-ext-nacl)# no 20
Router(config-ext-nacl)# 5 permit tcp any any eq 22
Router(config-ext-nacl)# 20 deny udp any any
Which two conclusions can be drawn from this new configuration? (Choose two.)
TFTP packets will be permitted. Ping packets will be permitted. Telnet packets will be permitted. SSH packets will be permitted. All TCP and UDP packets will be denied.
Ping packets will be permitted.
SSH packets will be permitted.
Explanation: After the editing, the final configuration is as follows: Router# show access-lists Extended IP access list 101 5 permit tcp any any eq ssh 10 deny tcp any any 20 deny udp any any 30 permit icmp any any So, only SSH packets and ICMP packets will be permitted.
