Test Flashcards
What is the benefit of using Cisco Wireless Lan Controller?
A. Central AP management requires more complex configurations
B. Unique SSIDs cannot use th esame authentication method
C. It supports autonomous and lightweight APs
D. It eliminates the need to configure each access point individually
It eliminates the need to configure each access point individually
Which network allows the devices to communicate without the need to access the Internet?
A. 172.9.0.0/16
B. 172.28.0.0/16
C. 192.0.0.0/8
D. 209.165.201.0/24
172.28.0.0/16
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two
formats are available to select? (Choose two)
A. ASCII B. base64 C. binary D. decimal E. hexadecimal
ASCII
hexadecimal
An organization has decided to start using cloud-provided services. Which cloud service allows the
organization to install its own operating system on a virtual machine?
A. platform-as-a-service
B. software-as-a-service
C. network-as-a-service
D. infrastructure-as-a-service
Infrastructure-as-a-service
Router(config)#interface GigabitEthernet 1/0/1
Router(config-if)#ip address 192.168.16.143 255.255.255.240
Bad mask /28 for address 192.168.16.143
Which Statement explains the configuration error message that is received?
A. It is a broadcast IP address
B. The router does not support /28 mask.
C. It belongs to a private IP address range
D. It is network IP address
It is a broadcast IP address
Which command prevents passwords from being stored in the configuration as plain text on a router
or switch?
A. enable secret
B. service password-encryption
C. username Cisco password encrypt
D. enable password
service password-encryption
A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two)
A. runts B. giants C. frame D. CRC E. input errors
CRC
input errors
Whenever the physical transmission has problems, the receiving device might receive a frame whose
bits have changed values. These frames do not pass the error detection logic as implemented in the
FCS field in the Ethernet trailer. The receiving device discards the frame and counts it as some kind of
input error.
Cisco switches list this error as a CRC error. Cyclic redundancy check (CRC) is a term related to how
the FCS math detects an error.
The “input errors” includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts.
The output below show the interface counters with the “show interface s0/0/0” command:
Which command enables a router to become a DHCP client?
A. ip address dhcp
B. ip helper-address
C. ip dhcp pool
D. ip dhcp client
ip address dhcp
Which two encoding methods are supported by REST APIs? (Choose two)
A. YAML B. JSON C. EBCDIC D. SGML E. XML
YAML
XML
Two switches are connected and using Cisco Dynamic Trunking Protocol. SW1 is set to Dynamic Desirable.
What is the result of this configuration?
A. The link is in a down state.
B. The link is in an error disables state
C. The link becomes an access port
D. The link becomes a trunk port
The link becomes a trunk port
When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)
A. 2000::/3 B. 2002::5 C. FC00::/7 D. FF02::1 E. FF02::2
FF02::1
FF02::2
When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and
solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all-node group is used to communicate with
all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer
address resolution. Routers also join a third multicast group, the all-routers group (FF02::2).
Which MAC address is recognized as a VRRP virtual address?
A. 0000.5E00.010a
B. 0005.3711.0975
C. 0000.0C07.AC99
D. 0007.C070/AB01
A. 0000.5E00.010a
With VRRP, the virtual router’s MAC address is 0000.5E00.01xx , in which xx is the VRRP group
In which way does a spine and-leaf architecture allow for scalability in a network when additional
access ports are required?
A. A spine switch and a leaf switch can be added with redundant connections between them
B. A spine switch can be added with at least 40 GB uplinks
C. A leaf switch can be added with a single connection to a core spine switch.
D. A leaf switch can be added with connections to every spine switch
D. A leaf switch can be added with connections to every spine switch
Spine-leaf architecture is typically deployed as two layers: spines (such as an aggregation layer), and
leaves (such as an access layer). Spine-leaf topologies provide high-bandwidth, low-latency,
nonblocking server-to-server connectivity.
Leaf (aggregation) switches are what provide devices access to the fabric (the network of spine and
leaf switches) and are typically deployed at the top of the rack. Generally, devices connect to the leaf
switches.
Devices can include servers, Layer 4-7 services (firewalls and load balancers), and WAN or Internet
routers. Leaf switches do not connect to other leaf switches. In spine-and-leaf architecture, every
leaf should connect to every spine in a full mesh.
Spine (aggregation) switches are used to connect to all leaf switches and are typically deployed at the end or middle of the row. Spine switches do not connect to other spine switches.
Which type of wireless encryption is used for WPA2 in preshared key mode?
A. TKIP with RC4
B. RC4
C. AES-128
D. AES-256
AES-256
Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose
two)
A. It drops lower-priority packets before it drops higher-priority packets
B. It can identify different flows with a high level of granularity
C. It guarantees the delivery of high-priority packets
D. It can mitigate congestion by preventing the queue from filling up
E. it supports protocol discovery
It drops lower-priority packets before it drops higher-priority packets
It can mitigate congestion by preventing the queue from filling up
When a floating static route is configured, which action ensures that the backup route is used when
the primary route fails?
A. The floating static route must have a higher administrative distance than the primary route so it is
used as a backup
B. The administrative distance must be higher on the primary route so that the backup route
becomes secondary.
C. The floating static route must have a lower administrative distance than the primary route so it is
used as a backup
D. The default-information originate command must be configured for the route to be installed into
the routing table
A. The floating static route must have a higher administrative distance than the primary route so it is
used as a backup
Refer to the exhibit
Atlanta#conf t
Enter configuration commands, one per line. End with CNTL/z.
Atlanta (config)#aaa new-model
Atlanta (config)#aaa authentication login default local
Atlanta (config)#line vty 0 4
Atlanta (config-line)#login authentication default
Atlanta (config-line)#exit
Atlanta (config)#username ciscoadmin password adminadmin123
Atlanta (config)#username ciscoadmin privilege 15
Atlanta (config)#enable password cisco123
Atlanta (config)#enable secret testing1234
Atlanta (config)#end
Which password must an engineer use to enter the enable mode?
A. adminadmin123
B. default
C. testing 1234
D. cisco123
testing 1234
How do TCP and UDP differ in the way that they establish a connection between two endpoints?
A. TCP uses synchronization packets, and UDP uses acknowledgment packets.
B. UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK and ACK
bits
C. UDP provides reliable message transfer and TCP is a connectionless protocol
D. TCP uses the three-way handshake and UDP does not guarantee message delivery
TCP uses the three-way handshake and UDP does not guarantee message delivery
Which mode allows access points to be managed by Cisco Wireless LAN Controllers?
A. autonomous
B. lightweight
C. bridge
D. mobility express
lightweight
A Lightweight Access Point (LAP) is an AP that is designed to be connected to a wireless LAN (WLAN)
controller (WLC). APs are “lightweight,” which means that they cannot act independently of a
wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are
“zero touch” deployed, and individual configuration of APs is not necessary
Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?
A. Bronze
B. Platinum
C. Silver
D. Gold
Platinum
Cisco Unified Wireless Network solution WLANs support four levels of QoS: Platinum/Voice,
Gold/Video, Silver/Best Effort (default), and Bronze/Background.
If a notice-level messaging is sent to a syslog server, which event has occurred?
A. A network device has restarted
B. An ARP inspection has failed
C. A routing instance has flapped
D. A debug operation is running
A routing instance has flapped
What are two southbound APIs? (Choose two )
A. OpenFlow B. NETCONF C. Thrift D. CORBA E. DSC
OpenFlow
NETCONF
OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should
interact with the forwarding plane to make adjustments to the network, so it can better adapt to
changing business requirements.
The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install,
manipulate and delete configuration to network devices
An email user has been lured into clicking a link in an email sent by their company’s security
organization. The webpage that opens reports that it was safe but the link could have contained
malicious code. Which type of security program is in place?
A. Physical access control
B. Social engineering attack
C. brute force attack
D. user awareness
user awareness
An engineer must configure a /30 subnet between two routers. Which usable IP address and subnet
mask combination meets this criteria?
Interface e0/0
description to HQ-A371:19452
ip address 209.165.201.2 255.255.255.252
Interface e0/0
description to HQ-A371:19452
ip address 10.2.1.3 255.255.255.252
Interface e0/0
description to HQ-A371:19452
ip address 172.16.1.4 255.255.255.248
Interface e0/0
description to HQ-A371:19452
ip address 192.168.1.1 255.255.255.248
Interface e0/0
description to HQ-A371:19452
ip address 209.165.201.2 255.255.255.252
What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC
address is received?
A. The Layer 2 switch drops the received frame
B. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN.
C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning.
D. The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address
table
The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN.
Refer to the exhibit
R2#show ip nat translations
Pro Inside global Inside local
tcp 172.23.104.3: 43268 10.4.4.4:43268
tcp 172.23.10.4: 45507 10.4.4.5:45507
Question 30
172.23.104.4
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from
specific networks?
A. CPU ACL
B. TACACS
C. Flex ACL
D. RADIUS
CPU ACL
Which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC
address of an interface?
A. ipv6 address dhcp
B. ipv6 address 2001:DB8:5:112::/64 eui-64
C. ipv6 address autoconfig
D. ipv6 address 2001:DB8:5:112::2/64 link-local
C. ipv6 address autoconfig
The “ipv6 address autoconfig” command causes the device to perform IPv6 stateless address
autoconfiguration to discover prefixes on the link and then to add the EUI-64 based addresses to the
interface.
Addresses are configured depending on the prefixes received in Router Advertisement (RA)
messages.
The device will listen for RA messages which are transmitted periodically from the router (DHCP
Server).
This RA message allows a host to create a global IPv6 address from:
+ Its interface identifier (EUI-64 address)
+ Link Prefix (obtained via RA)
Note: Global address is the combination of Link Prefix and EUI-64 address
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch.
Which two steps will fulfill the request? (Choose two)
A. Configure the ports in an EtherChannel.
B. Administratively shut down the ports
C. Configure the port type as access and place in VLAN 99
D. Configure the ports as trunk ports
E. Enable the Cisco Discovery Protocol
Administratively shutdown the ports
Configure the port type as access and place in VLAN 99
Which output displays a JSON data representation?
{
"response": {
"taskld":{},
"url":"string"
},
"version":"string"
Question 34
C. Option C
JSON data is written as name/value pairs.
A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a
value:
“name”:”Mark”
JSON can use arrays. Array values must be of type string, number, object, array, boolean or null.
For example:
{
“name”:”John”,
“age”:30,
“cars”:[ “Ford”, “BMW”, “Fiat” ]
}
JSON can have empty object like “taskId”:{}
Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?
A. lldp timer
B. lldp holdtimt
C. lldp reinit
D. lldp tlv-select
lldp reinit
+ lldp holdtime seconds: Specify the amount of time a receiving device should hold the information
from your device before discarding it
+ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface
+ lldp timer rate: Set the sending frequency of LLDP updates in seconds
A network engineer must back up 20 network router configurations globally within a customer
environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?
A. CDP
B. SNMP
C. SMTP
D. ARP
SNMP
DRAG DROP
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right
Configure BPDU guard.
Configure dynamic ARP inspection.
Configure root guard.
Configure VACL.
802.1q double tagging
ARP spoofing
Unwanted superior BPDUs
unwanted BPDUs on PortFast-enabled interfaces
Configure BPDU guard- unwanted BPDUs on portfast
-Configure VACL.
Configure dynamic ARP inspection
- ARP spoofing
Configure root guard- Unwanted superior BPDUs
-Unwanted superior BPDUs
Configure VACL- 801.q double tagging
- unwanted BPDUs on PortFast-enabled interfaces
DRAG AND DROP
Drag and drop the network protocols from the left onto the correct transport services on the right
SMTP Connection Oriented
SNMP
TFTP
VoIP Connectionless
SSH
FTP
Connection Oriented
FTP
SNMP
SSH
Connectionless
TFTP
VoIP
SMTP
DRAG DROP
A network engineer is configuring an OSPFv2 neighbor adjacency. Drag and drop the parameters from
the left onto their required categories on the right. Not all parameters are used
netmask Must be unique
OSPF process ID
router ID
IP address Must match
area ID
timers
Must be unique
router ID
IP address
Must Match
netmask
area ID
timers
Refer to the Exhibit (question 40)
An extended ACL has been configured and applied to router R2. The configuration failed to work as
intended Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10 0/26 subnet while still allowing all other traffic? (Choose two )
A. Add a “permit ip any any” statement to the begining of ACL 101 for allowed traffic.
B. Add a “permit ip any any” statement at the end of ACL 101 for allowed traffic
C. The source and destination IPs must be swapped in ACL 101
D. The ACL must be configured the Gi0/2 interface inbound on R1
E. The ACL must be moved to the Gi0/1 interface outbound on R2
Add a “permit ip any any” statement at the end of the ACL 101 for allowed traffic
The source and destination IPs must be swapped in ACL 101
Refer to the exhibit. (Question 41)
Which type of route does R1 use to reach host 10.10.13.10/32?
A. floating static route
B. host route
C. default route
D. network route
Network route
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?
A. on
B. auto
C. active
D. desirable
On
The Static Persistence (or “on” mode) bundles the links unconditionally and no negotiation protocol
is used. In this mode, neither PAgP nor LACP packets are sent or received
Which IPv6 address block sends packets to a group address rather than a single address?
A. 2000::/3
B. FC00::/7
C. FE80::/10
D. FF00::/8
FF00::/8
FF00::/8 is used for IPv6 multicast and this is the IPv6 type of address the question wants to ask.
FE80::/10 range is used for link-local addresses. Link-local addresses only used for communications
within the local subnetwork (automatic address configuration, neighbor discovery, router discovery,
and by many routing protocols). It is only valid on the current subnet.
It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier
(based on 48-bit MAC address).
Drag and Drop (Question 44)
Drag and drop the functions from the left onto the correct network components on the right
Holds the TCP/IP setting to be distributed to the clients
Resolves web URLs to IP addresses
Stores a list of IP addresses mapped to names
Assigns a default gateway to a client
Assigns IP addresses to enabled clients
Network Components
- DHCP SERVER
- DNS SERVER
DHCP SERVER
Holds the TCP/IP setting to be distributed to the clients
Assigns a default gateway to a client
Assigns IP addresses to enabled clients
DNS SERVER
Resolves web URLs to IP addresses
Stores a list of IP addresses mapped to names
DRAG DROP (Question 4)
Drag drop the descriptions from the left onto the correct configuration-management technologies on
the right.
DESCRIPTIONS
Fundamental configuration elements are stored in a manifest
Uses TCP port 10002 for configuration push jobs
Uses Ruby for fundamental configuration elements
Uses SSH for remote device communication
Uses TCP 8140 for communication
Uses YAML for fundamental configuration elements
CONFIGURATION- MANAGEMENT TECHNOLOGIES
Ansible
Chef
Puppet
Ansible
Uses YAML for fundamental configuration elements
Uses SSH for remote device communication
Chef
Uses TCP port 10002 for configuration push jobs
Uses Ruby for fundamental configuration elements
Puppet
Uses TCP 8140 for communication
fundamental configuration elements are stored in a manifest
DRAG DROP (Question 6) Drag and drop the descriptions of file-transfer protocols from the left onto the correct protocols on the right
DESCRIPTIONS OF FILE-TRANSFER PROTOCOLS
Provides reliability when loading an IOS image upon boot up
Does not require user authentication
Uses port 69
Uses ports 20 and 21
Uses TCP
Uses UDP
PROTOCOLS
FTP
TFTP
FTP
Provides reliability when loading an IOS image upon boot up
Uses ports 20 and 21
Uses TCP
TFTP
Does not require user authentication
Uses port 69
Uses UDP
DRAG DROP (Question 11) Drag and drop the WLAN components from the left onto the correct descriptions on the right.
WLAN COMPONENTS Access point virtual interface dynamic interface service port wireless LAN controller
DESCRIPTIONS
Device that manages access points
Device that provides Wi-Fi devices with a connection to a wired network
Used for out of band management of a WLC
Used to support mobility management of the WLC
Applied to the WLAN for wireless client communication
- Device that manages access points
- wireless LAN controller
- Device that provides Wi-Fi devices with a connection to a wired network
- Access point
- Used for out of band management of a WLC
- service port
- Used to support mobility management of the WLC
- virtual interface
- Applied to the WLAN for wireless client communication
- dynamic interface
Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols. (Question 8)
A. dual algorithm
B. metric
C. administrative distance
D. hop count
administrative distance
Which two capacities of Cisco DNA Center make it more extensible as compared to traditional
campus device management? (Choose two)
A. adapters that support all families of Cisco IOS software
B. SDKs that support interaction with third-party network equipment
C. customized versions for small, medium, and large enterprises
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center
E. modular design that is upgradable as needed
SDKs that support interaction with third-party network equipment
REST APIs that allow for external applications to interact natively with Cisco DNA Center
DRAG DROP
Drag and drop the AAA functions from the left onto the correct AAA services on the right
AAA FUNCTIONS
Records user activities
Restricts the services that are available to a user
Identifies the user
Controls the actions that a user can perform
Provides analytical information for the network administrator
Verifies the password associated with a user.
AAA SERVICES
Authentication
Authorization
Accounting
Authentication
- Identifies the user
- Verifies the password associated with a user.
Authorization
- Restricts the services that are available to a user
- Controls the actions that a user can perform
Accounting
- Records user activities
- Provides analytical information for the network administrator
What is the primary effect of the spanning-tree portfast command?
A. it enables BPDU messages
B. It minimizes spanning-tree convergence time
C. It immediately puts the port into the forwarding state when the switch is reloaded
D. It immediately enables the port in the listening state
B. It minimizes spanning-tree convergence time
Refer to the exhibit.
Which command provides this output? A. show ip route B. show ip interface C. show interface D. show cdp neighbor
show cdp neighbor
Refer to the exhibit.
Router#
Capability Codes: R-Router, T- Trans Bridge, B- Source Route Bridge
S-Switch, H- Host, IGMP, r- Repeater, P-Phone,
D-Remote, C-CVTA, M-Two-port Mac Relay
Device ID Local Intrfrce Holdtime Capability Platform Port ID
- 1.1.2 Gig 37/3 176 RI CPT600 Gig36/41
- 1.1.2 Gig 37/1 174 RI CPT600 Gig36/43
- 1.1.2 Gig 36/41 134 RI CPT600 Gig37/3
- 1.1.2 Gig 36/43 134 RI CPT600 Gig37/1
- 1.1.2 Ten 3/2 132 RI CPT600 Ten 4/2
- 1.1.2 Ten 4/2 174 RI CPT600 Ten 3/2
Which command provides this output? A. show ip route B. show ip interface C. show interface D. show cdp neighbor
show cdp neighbor
Refer to the Exhibit.
Switch 1 Switch 2
Name: Gi0/1 Name: Gi0/1
Switchport: Enabled Switchport: Enabled
Administrative Mode: Trunk Administrative Mode: Trunk
Operational Mode: Trunk Operational Mode: Trunk
… …
Trunking Native VLAN: 1 (default) Trunking Native VLAN: 99
After the switch configuration the ping test fails between PC A and PC B Based on the output for switch 1. Which error must be corrected?
A. There is a native VLAN mismatch
B. Access mode is configured on the switch ports.
C. The PCs are m the incorrect VLAN
D. All VLANs are not enabled on the trunk
A. There is a native VLAN mismatch
Which 802.11 frame type is association response?
A. management
B. protected frame
C. control
D. action
A. management
Which API is used in controller-based architectures to interact with edge devices?
A. overlay
B. northbound
C. underlay
D. southbound
southbound
Which statement identifies the functionality of virtual machines?
A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor
B. The hypervisor can virtualize physical components including CPU, memory, and storage
C. Each hypervisor can support a single virtual machine and a single software switch
D. The hypervisor communicates on Layer 3 without the need for additional resources
The hypervisor can virtualize physical components including CPU. memory, and storage
Which type of address is the public IP address of a NAT device?
A. outside global B. outside local C. inside global D. inside local E. outside public F. inside public
inside global
Which option about JSON is true?
A. uses predefined tags or angle brackets () to delimit markup text
B. used to describe structured data that includes arrays
C. used for storing information
D. similar to HTML, it is more verbose than XML
used to describe structured data that includes arrays
How do TCP and UDP differ in the way they provide reliability for delivery of packets?
A. TCP is a connectionless protocol that does not provide reliable delivery of data, UDP is a connection-oriented protocol that uses sequencing to provide reliable delivery.
B. TCP does not guarantee delivery or error checking to ensure that there is no corruption of data UDP provides message acknowledgement and retransmits data if lost.
C. TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking for sequencing
D. TCP uses windowing to deliver packets reliably; UDP provides reliable message transfer between hosts by establishing a three-way handshake
TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking for sequencing
Which two command sequences must you configure on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? (Choose two )
A. interface GigabitEthernet0/0/1
channel-group 10 mode on
B. interface GigabitEthernet0/0/1
channel-group 10 mode active
C. interface GigabitEthernet0/0/1
channel-group 10 mode auto
D. interface port-channel 10
switchport
switchport mode trunk
E. interface port-channel 10
no switchport
ip address 172.16.0.1.255.255.255.0
interface GigabitEthernet0/0/1
channel-group 10 mode active
interface port-channel 10
no switchport
ip address 172.16.0.1.255.255.255.0
What is an advantage of Cisco DNA Center versus traditional campus device management?
A. It supports numerous extensibility options including cross-domain adapters and third-party SDKs.
B. It supports high availability for management functions when operating in cluster mode.
C. It enables easy autodiscovery of network elements in a brownfield deployment.
D. It is designed primarily to provide network assurance.
It supports numerous extensibility options including cross-domain adapters and third-party SDKs.
Refer to the exhibit.
IBGP route 10.0.0.0/30 RIP route 10.0.0.0/30 OSPF route 10.0.0.0/16 OSPF route 10.0.0.0/30 EIGRP route 10.0.0.1/32
A router reserved these five routes from different routing information sources.
Which two routes does the router install in its routing table? (Choose two)
A. RIP route 10.0.0.0/30 B. iBGP route 10.0.0.0/30 C. OSPF route 10.0.0.0/30 D. EIGRP route 10.0.0.1/32 E. OSPF route 10.0.0.0/16
OSPF route 10.0.0.0/30
EIGRP route 10.0.0.1/32
By default, how does EIGRP determine the metric of a route for the routing table?
A. it uses the bandwidth and delay values of the path to calculate the route metric
B. it uses a default metric of 10 for all routes that are learned by the router
C. it uses a reference Bandwidth and the actual bandwidth of the connected link to calculate the route metric
D. it counts the number of hops between the receiving and destination routers and uses that value as the metric
it uses the bandwidth and delay values of the path to calculate the route metric
What is a difference between local AP mode and FlexConnet AP mode?
A. Local AP mode creates two CAPWAP tunnels per AP to the WLC
B. FiexConnect AP mode fails to function if me AP loses connectivity with the WLC
C. FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured
D. Local AP mode causes the AP to behave as if it were an autonomous AP
Local AP mode creates two CAPWAP tunnels per AP to the WLC
Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task?
A. R1#Conf t
R1(config)#ip routing
R1(config)#ip default-route 192.168.1.1
R1#Conf t
R1(config)#ip routing
R1(config)#ip route 192.168.1.1 0.0.0.0 0.0.0.0
R1#Conf t
R1(config)#ip routing
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
R1#Conf t
R1(config)#ip routing
R1(config)#ip default-gateway 192.168.1.1
R1#Conf t
R1(config)#ip routing
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
Which function does the range of private IPv4 addresses perform?
A. allows multiple companies to each use the same addresses without conflicts
B. provides a direct connection for hosts from outside of the enterprise network
C. ensures that NAT is not required to reach the internet with private range addressing
D. enables secure communications to the internet for all external host
allows multiple companies to each use the same addresses without conflicts
What event has occurred if a router sends a notice level message to a syslog server?
A. A TCP connection has been torn down
B. An ICMP connection has been built
C. An interface line has changed status
D. A certificate has expired
An interface line has changed status
Refer to the image
SW# show spanning-tree vlan 30
VLAN 0030
Spanning tree enabled protocol rstp
Root ID Priority 32798
Address 0025.63e9.c800
Cost 19
Port 1 (FastEthernet 2/1)
Hello Time 2 sec
Max Age 30 sec
Forward Delay 20 Sec
[Output suppressed]
What two conclusions should be made about this configuration? (Choose two )
A. The designated port is FastEthernet 2/1
B. This is a root bridge
C. The spanning-tree mode is Rapid PVST+
D. The spanning-tree mode is PVST+
E. The root port is FastEthernet 2/1
The spanning tree mode is PVST +
The root port is FastEthernet 2/1
What are two fundamentals of virtualization? (choose two)
A. The environment must be configured with one hypervisor that serves solely as a network manager to monitor SNMP traffic
B. It allows logical network devices to move traffic between virtual machines and the rest of the physical network
C. It allows multiple operating systems and applications to run independently on one physical server.
D. It allows a physical router to directly connect NICs from each virtual machine into the network
E. It requires that some servers, virtual machines and network gear reside on the Internet
It allows logical network devices to move traffic between virtual machines and the rest of the physical network
It allows multiple operating systems and applications to run independently on one physical server.
What is the difference regarding reliability and communication type between TCP and UDP?
A. TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol
B. TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a connectionless protocol
C. TCP is not reliable and is a connectionless protocol; UDP is reliable and is a connection-oriented protocol
D. TCP is reliable and is a connectionless protocol; UDP is not reliable and is a connection-oriented protocol
TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol
Refer to the exhibit
EIGRP: 192.168.12.0/24
RIP: 192.168.12.0/27
OSPF: 192.168.12.0/28
How does the router manage traffic to 192.168.12.16?
A. It selects the RIP route because it has the longest prefix inclusive of the destination address.
B. It chooses the OSPF route because it has the longest prefix inclusive of the destination address.
C. it load-balances traffic between all three routes
D. It chooses the EIGRP route because it has the lowest administrative distance
It selects the RIP route because it has the longest prefix inclusive of the destination address.
How does Cisco DNA Center gather data from the network?
A. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
B. Devices establish an iPsec tunnel to exchange data with the controller
C. Devices use the call-home protocol to periodically send data to the controller.
D. The Cisco CU Analyzer tool gathers data from each licensed network device and streams it to the controller
Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
DRAG DROP
Drag and drop the attack-mitigation techniques from the left onto the Types of attack that they mitigate on the right.
ATTACK MITIGATION TECHNIQUES configure 802.1x authentication configure DHCP snooping Configure the native VLAN with a nondefault VLAN ID disable DTP
TYPES OF ATTACK 802.1q double-tagging VLAN-hopping attack MAC flooding attack Man-in-the-middle spoofing attack switch-spoofing VLAN-hopping attack
802.1q double-tagging VLAN-hopping attack
Configure the native VLAN with a nondefault VLAN ID
MAC flooding attack
configure 802.1x authentication
Man-in-the-middle spoofing attack
configure DHCP snooping
switch-spoofing VLAN-hopping attack
disable DTP
Refer to the Exhibit
G0/1 G0/1 SW1 ------------------------------------------------------------------SW2 | | | | | | | | PC_A PC_B
The network administrator wants VLAN 67 traffic to be untagged between Switch 1 and Switch 2 while all other VLANs are to remain tagged.
Which command accomplishes this task?
A. switchport access vlan 67
B. switchport trunk allowed vlan 67
C. switchport private-vlan association host 67
D. switchport trunk native vlan 67
switchport trunk native vlan 67
What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two)
A. The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses
B. The DHCP client can request up to four DNS server addresses
C. The DHCP server assigns IP addresses without requiring the client to renew them
D. The DHCP server leases client IP addresses dynamically.
E. The DHCP client maintains a pool of IP addresses it can assign
The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses
The DHCP server leases client IP addresses dynamically.
Which two minimum parameters must be configured on an active interface to enable OSPFv2 to operate? (Choose two)
A. OSPF area B. OSPF MD5 authentication key C. IPv6 address D. OSPf process ID E. OSPf stub flag
OSPF area
OSPF process ID
Which two outcomes are predictable behaviors for HSRP? (Choose two )
A. The two routers synchronize configurations to provide consistent packet forwarding
B. The two routers negotiate one router as the active router and the other as the standby router
C. Each router has a different IP address, both routers act as the default gateway on the LAN, and traffic is load-balanced between them
D. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
E. The two routers share the same interface IP address and default gateway traffic is load-balanced between them
The two routers negotiate one router as the active router and the other as the standby router
The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
Several new coverage cells are required to improve the Wi-Fi network of an organization. Which two standard designs are recommended? (choose two.)
A. 5GHz provides increased network capacity with up to 23 nonoverlapping channels.
B. For maximum throughput, the WLC is configured to dynamically set adjacent access points to the same channel.
C. 5GHz channel selection requires an autonomous access point.
D. Adjacent cells with overlapping channels use a repeater access point.
E. Cells that overlap one another are configured to use nonoverlapping channels
For maximum throughput, the WLC is configured to dynamically set adjacent access points to the same channel.
Cells that overlap one another are configured to use nonoverlapping channels
Refer to the Exhibit
Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
….
S* 0.0.0.0/0 [1/0] via 10.10.11.2
Which is the path used for Internet traffic
A. 209.165.200.0/27
B. 10.10.10.0/28
C. 0.0.0.0/0
D. 10.10.13.0/24
0.0.0.0/0
Refer to the Exhibit
E0/0 E0/0 E0/1 E0/1 R1------------------------------SW1----------------------------------------------------SW2
Int Ethernet0/0 Int Ethernet 0/0 Int Ethernet0/1
no ip address Switchport trunk encap dot1q Switchport trunk encap dot1q
! Switchport mode trunk Switchport mode trunk
! !
Interface Ethernet0/1 Interface Ethernet0/2
Switchport trunk allowed vlan 10 switchport access vlan 20
Switchport trunk encap dot1q switchport mode access
What commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?
A. R1(config)#interface ethernet0/0
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
B. R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
C. R1(config)#interface ethernet0/0.20
R1(config)#ip address 10.20.20.1 255.255.255.0
D. R1(config)#interface ethernet0/0
R1(config)#ip address 10.20.20.1 255.255.255.0
R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
Which purpose does a northbound API serve in a controller-based networking architecture?
A. communicates between the controller and the physical network hardware
B. reports device errors to a controller
C. generates statistics for network hardware and traffic
D. facilitates communication between the controller and the applications
facilitates communication between the controller and the applications
Refer to the exhibit
ip arp inspection vlan 2-10
interface fastethernet 0/1
ip arp inspection trust
If the network environment is operating normally, which type of device must be connected to interface FastEthernet 0/1?
A. DHCP client
B. access point
C. router
D. PC
router
What is the primary purpose of a First Hop Redundancy Protocol?
A. It allows directly connected neighbors to share configuration information.
B. It allows a router to use bridge priorities to create multiple loop-free paths to a single destination.
C. It reduces routing failures by allowing Layer 3 load balancing between OSPF neighbors that have the same link metric.
D. It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network
It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network
What occurs to frames during the process of frame flooding?
A. Frames are sent to every port on the switch in the same VLAN except from the originating port
B. Frames are sent to every port on the switch that has a matching entry in the
MAC address table.
C. Frames are sent to all ports, including those that are assigned to other VLANs
D. Frames are sent to every port on the switch in the same VLAN.
Frames are sent to every port on the switch in the same VLAN except from the originating port
RTR1
| G0/0 172.16.1.62 RTR-1
| interface Loopback1
| ip address 192.168.1.1 255.255.255.0
| !
| interface Loopback2
SW1 ip address 192.168.2.1 255.255.255.0
| !
| interface Loopback3
| ip address 192.168.3.1 255.255.255.0
| !
| interface GigabitEthernet0/0
PC1 172.16.1.33/27 ip address 172.16.1.62 255.255.255.224
Which configuration on RTR-1 denies SSH access from PC-1 to any RTR-1 interface and allows all other traffic?
A. access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any
interface GigabitEthernet0/0 ip access-group 100 in
B. access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any
line vty 0 15 ip access-group 100 in
C. access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any any
interface GigabitEthernet0/0 ip access-group 100 in
D. access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any any
line vty 0 15 ip access-group 100 in
access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any
line vty 0 15 ip access-group 100 in
In which two ways does a password manager reduce the chance of a hacker stealing a users password? (Choose two.)
A. It automatically provides a second authentication factor that is unknown to the original user.
B. It uses an internal firewall to protect the password repository from unauthorized access.
C. It protects against keystroke logging on a compromised device or web site.
D. It stores the password repository on the local workstation with built-in antivirus and anti-malware functionality
E. It encourages users to create stronger passwords
It protects against keystroke logging on a compromised device or web site.
It encourages users to create stronger passwords
Which technology is used to improve web traffic performance by proxy caching? A. WSA B. Firepower C. ASA D. FireSIGHT
WSA
Which type of attack can be mitigated by dynamic ARP inspection?
A. worm
B. malware
C. DDoS
D. man-in-the-middle
man-in-the-middle
What are two roles of Domain Name Services (DNS)? (Choose Two)
A. builds a flat structure of DNS names for more efficient IP operations
B. encrypts network Traffic as it travels across a WAN by default
C. improves security by protecting IP addresses under Fully Qualified Domain Names (FQDNs)
D. enables applications to identify resources by name instead of IP address
E. allows a single host name to be shared across more than one IP address
enables applications to identify resources by name instead of IP address
allows a single host name to be shared across more than one IP address
How do TCP and UDP differ in the way they guarantee packet delivery?
A. TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.
B. TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks and UDP uses retransmissions only.
C. TCP uses checksum, parity checks, and retransmissions, and UDP uses acknowledgements only.
D. TCP uses retransmissions, acknowledgement and parity checks and UDP uses cyclic redundancy checks only
TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.
Refer to the Exhibit
Gateway of last resort is not set
C 1.0.0.0/8 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.0.1.3/32 [110/100] via 10.0.1.3, 00:39:08, Serial0
C 10.0.1.0/24 is variably subnetted, 4 subnets, 2 masks
O 10.0.1.5/32 [110/5 via 10.0.1.50, 00:39:08, serial0
O 10.0.1.4/32 [110/10 via 10.0.1.4, 00:39:08, serial0
What is the next hop address for traffic that is destined to host 10.0.1.5?
A. 10.0.1.3
B. 10.0.1.50
C. 10.0.1.4
D. Loopback D
10.0.1.50
What are two benefits of controller-based networking compared to traditional networking?
A. controller-based increases network bandwidth usage, while traditional lightens the load on the network.
B. controller-based inflates software costs, while traditional decreases individual licensing costs
C. Controller-based reduces network configuration complexity, while traditional increases the potential for errors
D. Controller-based provides centralization of key IT functions. While traditional requires distributes management function
E. controller-based allows for fewer network failure, while traditional increases failure rates
Controller-based reduces network configuration complexity, while traditional increases the potential for errors
Controller-based provides centralization of key IT functions. While traditional requires distributes management function
What mechanism carries multicast traffic between remote sites and supports encryption?
A. ISATAP
B. GRE over iPsec
C. iPsec over ISATAP
D. GRE
GRE over iPsec
Switch1
| |
VLAN200 | | VLAN200
| |
PC_A___________| |_______________PC_B
Which outcome is expected when PC_A sends data to PC_B?
A. The switch rewrites the source and destination MAC addresses with its own.
B. The source MAC address is changed.
C. The source and destination MAC addresses remain the same.
D. The destination MAC address is replaced with ffff.ffff.fff
The source and destination MAC addresses remain the same.
How will Link Aggregation be Implemented on a Cisco Wireless LAN Controller?
A. One functional physical port is needed to pass client traffic.
B. The EthernetChannel must be configured in “mode active”.
C. When enabled, the WLC bandwidth drops to 500 Mbps.
D. To pass client traffic, two or more ports must be configured.
One functional physical port is needed to pass client traffic.
Refer to the exhibit
SW4-----------------------------------------------------SW1 | | | | | | | | SW2--------------------------------------------------SW3
Which switch in this configuration will be elected as the root bridge?
SW1: 0C:E0:38:00:94:04
SW2: 0C:0E:15:22:05:97
SW3: 0C:0E:15:1A:3C:9D
SW4: 0C:0E:18:A1:B3:19
SW3
Which device performs stateful inspection of traffic?
A. firewall
B. switch
C. access point
D. wireless controller
Firewall
Which configuration ensures that the switch is always the root for VLAN 750?
A. Switch(config)#spanning-tree vlan 750 priority 38003685
B. Switch(config)#spanning-tree vlan 750 root primary
C. Switch(config)#spanning-tree vlan 750 priority 614440
D. Switch(config)#spanning-tree vlan 750 priority 0
Switch(config)#spanning-tree vlan 750 priority 0
Refer to the exhibit
SW1—————————————————–SW4
| |
| |
| |
| |
SW2————————————————–SW3
Which switch becomes the root bridge?
SW1: Bridge Priority: 32768
MAC: AA:AA:AA:AA:AA:AA
SW2: Bridge Priority: 30000
MAC: BB:BB:BB:BB:BB:BB
SW3: Bridge Priority: 30000
MAC: CC:CC:CC:CC:CC:CC
SW4: Bridge Priority: 32768
MAC: DD:DD:DD:DD:DD:DD
SW2
What protocol allows an engineer to back up 20 network router configurations globally while using the copy function?
A. SMTP
B. SNMP
C. TCP
D. FTP
SNMP
What software defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer 3 routing information?
A. data plane
B. control plane
C. policy plane
D. management plane
Control Plane
Which WAN access technology is preferred for a small office / home office architecture?
A. broadband cable access
B. frame-relay packet switching
C. dedicated point-to-point leased line
D. Integrated Services Digital Network switching
broadband cable access
Which two WAN architecture options help a business scalability and reliability for the network?
(Choose two)
A. asychronous routing B. single-homed branches C. dual-homed branches D. static routing E. dynamic routing
asychronous routing
dual-homed branches
What criteria is used first during the root port selection process?
A. local port ID
B. lowest path cost to the root bridge
C. lowest neighbor’s bridge ID
D. lowest neighbor’s port ID
lowest path cost to the root bridge
Which state does the switch port move to when PortFast is enabled?
A. learning
B. forwarding
C. blocking
D. listening
forwarding
What criteria is used first during the root port selection process?
A. local port ID
B. lowest path cost to the root bridge
C. lowest neighbor’s bridge ID
D. lowest neighbor’s port ID
lowest path cost to the root bridge
What is a function of Wireless LAN Controller?
A. register with a single access point that controls traffic between wired and wireless endpoints.
B. use SSIDs to distinguish between wireless clients.
C. send LWAPP packets to access points.
D. monitor activity on wireless and wired LANs
send LWAPP packets to access points.
Lightweight Access Point Protocol (LWAPP) is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring or troubleshooting a large network. The system will also allow network administrators to closely analyze the network.
Which type of information resides on a DHCP server?
A. a list of the available IP addresses in a pool
B. a list of public IP addresses and their corresponding names
C. usernames and passwords for the end users in a domain
D. a list of statically assigned MAC addresses
a list of the available IP addresses in a pool
A manager asks a network engineer to advise which cloud service models are used so employees do not have to waste their time installing, managing, and updating software which is only used occasionally. Which cloud service model does the engineer recommend?
A. infrastructure-as-a-service
B. platform-as-a-service
C. business process as service to support different types of service
D. software-as-a-service
software-as-a-service
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. switchport port-security violation access
B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation shutdown
switchport port-security violation restrict
Refer to the exhibit
Cisco_ospf_vrf {“R1 default”:
ensure => ‘present’,
auto_cost => ‘100’,
}
Which type of configuration is represented in the output?
A. Ansible
B. JSON
C. Chef
D. Puppet
Puppet
What are two functions of a Layer 2 switch? (Choose two)
A. acts as a central point for association and authentication servers
B. selects the best route between networks on a WAN
C. moves packets within a VLAN
D. moves packets between different VLANs
E. makes forwarding decisions based on the MAC address of a packet
Moves packets within a VLAN
makes forwarding decisions based on the MAC address of a packet
Which spanning-tree enhancement avoids the learning and listening states and immediately places ports in the forwarding state?
A. BPDUfilter
B. PortFast
C. Backbonefast
D. BPDUguard
PortFast
DRAG DROP
Drag the IPv6 DNS record types from the left onto the description on the right.
-IPv6 DNS RECORD TYPES AAAA CNAME NS PTR SOA
-DESCRIPTIONS
alias one name to another
associates the domain serial number with its owner
correlates a domain with its authoritative name servers
correlates a host name with an IP address
supports reverse name lookups
alias one name to another
CNAME
associates the domain serial number with its owner
SOA
correlates a domain with its authoritative name servers
NS
correlates a host name with an IP address
AAAA
supports reverse name lookups
PTR
https://ns1.com/resources/dns-types-records-servers-and-queries#:~:text=Address%20Mapping%20record%20(A%20Record,a%20hostname%20to%20another
What is a recommended approach to avoid co-channel congestion while installing access points that use the 2.4 GHz frequency?
A. different nonoverlapping channels
B. different overlapping channels
C. one overlapping channel
D. one nonoverlapping channel
different nonoverlapping channels
Which function is performed by the collapsed core layer in a two-tier architecture?
A. enforcing routing policies
B. marking interesting traffic for data polices
C. attaching users to the edge of the network
D. applying security policies
enforcing routing policies
What are two functions of a server on a network? (Choose two)
A. achieves redundancy by exclusively using virtual server clustering
B. runs applications that send and retrieve data for workstations that make requests
C. handles requests from multiple workstations at the same time
D. runs the same operating system in order to communicate with other servers
E. housed solely in a data center that is dedicated to a single client
Runs applications that send and retrieve data for workstations that make requests
handles requests from multiple workstations at the same time
Which state does the switch port move to when PortFast is enabled?
A. forwarding
B. listening
C. blocking
D. learning
forwarding
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. switchport port-security violation access
B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation shutdown
switchport port-security violation restrict
In software defined architectures, which plane is distributed and responsible for traffic forwarding?
A. management plane
B. control plane
C. policy plane
D. data plane
data plane
When using Rapid PVST+, which command guarantees the switch is always the root bridge for VLAN 200?
A. spanning -tree vlan 200 priority 614440
B. spanning -tree vlan 200 priority 38572422
C. spanning -tree vlan 200 priority 0
D. spanning -tree vlan 200 root primary
Spanning -tree vlan 200 priority 0
DRAG DROP
Drag and drop the SNMP components from the left onto the descriptions on the right.
SNMP COMPONENTS MIB SNMP agent SNMP manager SNMP trap
DESCRIPTIONS
collection of variables that can be monitored
unsolicited message
responds to status requests and requests for information about a device
resides on an NMS
collection of variables that can be monitored
MIB
unsolicited message
SNMP manager
responds to status requests and requests for information about a device
SNMP trap
resides on an NMS
SNMP agent
Refer to the exhibit
After the election process what is the root bridge in the HQ LAN?
Switch 1: 0C:E0:38:58:15:77
Switch 2: 0C:E0:15:22:1A:61
Switch 3: 0C:E0:15:1D:3C:9A
Switch 4: 0C:E0:19:A1:4D:16
Switch 3
Which CRUD operation modifies an existing table or view?
A. read
B. create
C. replace
D. update
update
An engineer must configure Interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken?
A. configure IEEE 802.1p
B. configure IEEE 802.1q
C. configure ISL
D. configure DSCP
B. configure IEEE 802.1q
What is a function of a remote access VPN?
A. used cryptographic tunneling to protect the privacy of data for multiple users simultaneously
B. used exclusively when a user is connected to a company’s internal network
C. establishes a secure tunnel between two branch sites
D. allows the users to access company internal network resources through a secure tunnel
allows the users to access company internal network resources through a secure tunnel
What is a DHCP client?
A. a workstation that requests a domain name associated with its IP address
B. a host that is configured to request an IP address automatically
C. a server that dynamically assigns IP addresses to hosts.
D. a router that statically assigns IP addresses to hosts
a host that is configured to request an IP address automatically
Which two functions are performed by the core layer in a three-tier architecture? (Choose two)
A. Provide uninterrupted forwarding service.
B. Police traffic that is sent to the edge of the network.
C. Provide direct connectivity for end user devices.
D. Ensure timely data transfer between layers.
E. Inspect packets for malicious activity.
Provide uninterrupted forwarding service.
Ensure timely data transfer between layers
Refer to the Exhibit
interface GigabitEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip address-group 2699 in
!
access-list 2699 deny icmp any 10.10.1.0 0.0.0.255 echo
access-list 2699 deny ip any 10.20.1.0 0.0.0.255
access-list 2699 permit ip any 10.10.1.0 0.0.0.255
access-list 2699 permit tcp any 10.20.1.0 0.0.0.127 eq 22
A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
A. access-list 2699 permit udp 10.20.1.0 0.0.0.255
B. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
C. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
What is a practice that protects a network from VLAN hopping attacks?
A. Enable dynamic ARP inspection
B. Configure an ACL to prevent traffic from changing VLANs
C. Change native VLAN to an unused VLAN ID
D. Implement port security on internet-facing VLANs
Change native VLAN to an unused VLAN ID
Refer to the exhibit
________ _________
| Site A | Router1=======================Router2| Site B |
|________| |_________|
Router2#show ip route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.10.10.8/30 is directly connected, FastEthernet0/2 C 10.10.10.12/30 is directly connected, FastEthernet0/1 O 10.10.13.0/25 [110/11] via 10.10.10.9, 00:00:03. FastEthernet0/2
[110/11] via 10.10.10.13, 00:00:03. FastEthernet0/1 C 10.10.10.4/30 is directly connected, FastEthernet0/2
If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?
A. It load-balances traffic out of Fa0/1 and Fa0/2.
B. It is unreachable and discards the traffic.
C. It sends packets out of interface FaO/2.
D. It sends packets out of interface Fa0/1
It is unreachable and discards the traffic.
What is the purpose of traffic shaping?
A. to mitigate delays over slow links
B. to provide fair queuing for buffered flows
C. to limit the bandwidth that a flow can use to
D. be a marking mechanism that identifies different flows
to provide fair queuing for buffered flows
Traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time.
Where does the configuration reside when a helper address is configured to support DHCP?
A. on the router closest to the server
B. on the router closest to the client
C. on every router along the path
D. on the switch trunk interface
on the router closest to the client
What facilitates a Telnet connection between devices by entering the device name?
A. SNMP
B. DNS lookup
C. syslog
D. NTP
DNS lookup
When implementing a router as a DHCP server, which two features must be configured’? (Choose two)
A. relay agent information B. database agent C. address pool D. smart-relay E. manual bindings
address pool
manual bindings
DRAG DROP
Drag and drop the QoS congestion management terms from the left onto the description on the right
QOS CONGESTION MANAGEMENT TERMS CBWFQ CQ FIFO PQ WFQ
DESCRIPTIONS
place packets into one of four priority-based queues
provides guaranteed bandwidth to a specified class of traffic
provides minimum guaranteed bandwidth to one or more flows
services a specified number of bytes in one queue before continuing to the next queue
uses store-and-forward queueing
place packets into one of four priority-based queues
PQ
provides guaranteed bandwidth to a specified class of traffic CBWFQ
provides minimum guaranteed bandwidth to one or more flows
WFQ
services a specified number of bytes in one queue before continuing to the next queue
PQ
uses store-and-forward queueing
FIFO
DRAG DROP
Refer to the exhibit
e0 s0 Web server--------------------------R1-----------------------Internet 172.16.1.2
Interface Ethernet0
POSITION A
POSITION B
Interface Serial 0
POSITION C
POSITION D
POSITION E
POSITION F
access-list 1 permit 172.16.1.0 0.0.0.255
An engineer is configuring the router to provide static NAT for the webserver.
Drag and drop the configuration commands from the left onto the letters that correspond to its position in the configuration on the right.
CONFIGURATION COMMANDS
ip address 172.16.1.1 255.255.255.0
ip address 45.83.2.214 255.255.255.240
ip nat inside
ip nat inside source list 1 interface s0 overload
ip nat inside source static tcp 172.16.1.2 80 45.83.2.214 80 extendable
ip nat outside
POSITION IN CONFIGURATION POSITION A POSITION B POSITION C POSITION D POSITION E POSITION F
POSITION A
ip address 172.16.1.1 255.255.255.0
POSITION B
ip nat inside
POSITION C
ip address 45.83.2.214 255.255.255.240
POSITION D
ip nat outside
POSITION E
ip nat inside source static tcp 172.16.1.2 80 45.83.2.214 80 extendable
POSITION F
ip nat inside source list 1 interface s0 overload
DRAG DROP
Drag and drop the DHCP snooping terms from the left onto the descriptions on the right
DHCP SNOOPING TERMS dhcp server snooping binding database spurious DHCP server trusted untrusted
DESCRIPTIONS
list of hosts on the network that are unknown to the administrative domain
network component that propagates IP addresses to hosts on the network
internal device under the control of the network administrator
unknown DHCP server within an administrative domain
default state of all interfaces
list of hosts on the network that are unknown to the administrative domain
-snooping binding database
network component that propagates IP addresses to hosts on the network
- DHCP server
internal device under the control of the network administrator
-trusted
unknown DHCP server within an administrative domain
- spurious dhcp server
default state of all interfaces
-untrusted
What is a role of wireless controllers in an enterprise network?
A. centralize the management of access points in an enterprise network
B. support standalone or controller-based architectures
C. serve as the first line of defense in an enterprise network
D. provide secure user logins to devices on the network.
centralize the management of access points in an enterprise network
How do servers connect to the network in a virtual environment?
A. wireless to an access point that is physically connected to the network
B. a cable connected to a physical switch on the network
C. a virtual switch that links to an access point that is physically connected to the network
D. a software switch on a hypervisor that is physically connected to the network
a software switch on a hypervisor that is physically connected to the network
Refer to the exhibit
Which switch becomes the root of the spanning tree for VLAN 110?
Switch 1
Vlan 110 - 32278 0018.184e.3c00
Switch 2
Vlan 110 - 24586 001a.e3ff.a680
Switch 3
Vlan 110 - 28682 0022.55cf.cc00
Switch 4
Vlan 110 - 64000 0e38.7363.657f
Switch 2
Which device tracks the state of active connections in order to make a decision to forward a packet through?
A. wireless access point
B. firewall
C. wireless LAN controller
D. router
wireless LAN controller
DRAG DROP
Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right.
NETWORK ARCHITECTURES
single device handles the core and the distributions layer
enhances network availability
more cost-effective than other options
most appropriate for small network designs
separate devices handle the core and the distribution layer
TYPE OF ARCHITECTURES
Collapsed Core (Pick3)
Three-Tier (pick 2)
Collapsed Core (pick 3)
-single device handles the core and the
distributions layer
-more cost-effective than other options
-most appropriate for small network designs
Three-Tier (pick 2)
- enhances network availability
- separate devices handle the core and the distribution layer
How does a switch process a frame received on Fa0/1 with the destination MAC address of 0e38.7363.657b when the table is missing the address?
A. lt drops the frame immediately.
B. It forwards the frame back out of interface Fa0/1.
C. It floods the frame to all interfaces except Fa0/1.
D. It holds the frame until the MAC address timer expires and then drops the frame.
It floods the frame to all interfaces except Fa0/1.
DRAG DROP
Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right
SNMP MANAGER show snmp chassis show snmp community show snmp engineID show snmp group show snmp host
ANGENT IDENTIFIER
displays information about the SNMP recipient
displays the IP address of the remote SNMP device
displays the SNMP security model in use
displays the SNMP access string
displays the SNMP server serial number
displays information about the SNMP recipient
-show snmp host
displays the IP address of the remote SNMP device
-show snmp engineID
displays the SNMP security model in use
-show snmp group
displays the SNMP access string
-show snmp community
displays the SNMP server serial number
-show snmp chassis
A network administrator must enable DHCP services between two sites. What must be configured for the router to pass DHCPDISCOVER messages on to the server?
A. a DHCP Relay Agent
B. DHCP Binding
C. a DHCP Pool
D. DHCP Snooping
a DHCP Relay Agent
What is recommended for the wireless infrastructure design of an organization?
A. group access points together to increase throughput on a given channel
B. configure the first three access points are configured to use Channels 1, 6, and 11
C. include a least two access points on nonoverlapping channels to support load balancing
D. assign physically adjacent access points to the same Wi-Fi channel
configure the first three access points are configured to use Channels 1, 6, and 11
Refer to the exhibit
switch(config)#interface gigabitEthernet 1/11
switch(config-if)#switchport mode access
switch(config-if)#spanning-tree portfast
switch(config-if)#spanning-tree bpduguard enable
What is the result if Gig1/11 receives an STP BPDU?
A. The port transitions to STP blocking
B. The port transitions to the root port
C. The port immediately transitions to STP forwarding.
D. The port goes into error-disable state
The port goes into error-disable state
What does a switch use to build its MAC address table?
A. VTP
B. DTP
C. egress traffic
D. ingress traffic
ingress traffic
Refer to the exhibit
|
|
G0/3 | G0/2
SW1—————————————————————SW2
G0/0 / \ G0/1 / \
/ \ / \
PC1 PC2 PC3 PC4
PC1 is trying to ping PC3 for the first time and sends out an ARP to S1. Which action is taken by S1?
A. It forwards it out G0/3 only
B. It is flooded out every port except G0/0.
C. It drops the frame.
D. It forwards it out interface G0/2 only
It is flooded out every port except G0/0.
What does a router do when configured with the default DNS lookup settings, and a URL is entered on the CLI?
A. initiates a ping request to the URL
B. prompts the user to specify the desired IP address
C. continuously attempts to resolve the URL until the command is cancelled
D. sends a broadcast message in an attempt to resolve the URL
sends a broadcast message in an attempt to resolve the URL
Which two WAN architecture options help a business improve scalability and reliability for the network? (Choose two.)
A. asynchronous routing B. single-homed branches C. dual-homed branches D. static routing E. dynamic routing
asynchronous routing
dual-homed branches
Which type of security program is violated when a group of employees enters a building using the ID badge of only one person?
A. intrusion detection
B. user awareness
C. physical access control
D. network authorization
physical access control
Which device controls the forwarding of authentication requests for users when connecting to the network using a lightweight access point?
A. TACACS server
B. wireless access point
C. RADIUS server
D. wireless LAN controller
wireless access point
What is a benefit of VRRP?
A. It provides traffic load balancing to destinations that are more than two hops from the source.
B. It provides the default gateway redundancy on a LAN using two or more routers.
C. It allows neighbors to share routing table information between each other.
D. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision
It provides the default gateway redundancy on a LAN using two or more routers.
Aside from discarding, which two states does the switch port transition through while using RSTP (802.1w)? (Choose two)
A. listening B. blocking C. forwarding D. learning E. speaking
forwarding
learning
Which protocol does an IPv4 host use to obtain a dynamically assigned IP address?
A. ARP
B. DHCP
C. CDP
D. DNS
DHCP
Which CRUD operation corresponds to the HTTP GET method?
A. read
B. update
C. create
D. delete
read
In which situation is private IPv4 addressing appropriate for a new subnet on the network of an organization?
A. There is limited unique address space, and traffic on the new subnet will stay local within the organization.
B. The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.
C. Traffic on the subnet must traverse a site-to-site VPN to an outside organization.
D. The ISP requires the new subnet to be advertised to the internet for web services
There is limited unique address space, and traffic on the new subnet will stay local within the organization.
Refer to the exhibit
Gi0/0 Gi0/1
———————HQ_Router——————–
| |
10.100.100.0/24 | | 192.168.0.0/16
| |
| |
Firewall Firewall
An access list is required to permit traffic from any host on interface G0/0 and deny traffic from interface G/0/1. Which access list must be applied?
A. ip access-list standard 99
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255
B. ip access-list standard 99
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.255.255.255
C. ip access-list standard 199
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.255.255.255
D. ip access-list standard 199
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255
ip access-list standard 99
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255
What is the maximum bandwidth of a T1 point-to-point connection?
A. 1.544 Mbps
B. 2.048 Mbps
C. 34.368 Mbps
D. 43.7 Mbps
1.544 Mbps
What is a DNS lookup operation?
A. DNS server pings the destination to verify that it is available
B. serves requests over destination port 53
C. DNS server forwards the client to an alternate IP address when the primary IP is down
D. responds to a request for IP address to domain name resolution to the DNS server
responds to a request for IP address to domain name resolution to the DNS server
Refer to the exhibit
192.168.0.10/23 192.168.1.20/23
PC_A File Server
| |
| |
| |
Gi0/4 | Gi0/1 Gi0/1 | Gi0/3
SW_A—————————————————————————SW_B
Switch A | Switch B
Vlan 10, 11, 12, 13 | Vlan 10, 11, 12, 13
|
Interface GigabitEthernet0/1 | interface GigabitEthernet0/1
switchport mode trunk | switchport mode trunk
switchport trunk allowed vlan 10-12 | !
! |
Interface GigabitEthernet 0/4 | Interface GigabitEthernet 0/3
switchport access vlan 13 | switchport access vlan 13
switchport mode access | switchport mode access
A network engineer must configured communication between PC A and the File Server. To prevent interruption for any other communications, which command must be configured?
A. Switch trunk allowed vlan 12
B. Switchport trunk allowed vlan none
C. Switchport trunk allowed vlan add 13
D. Switchport trunk allowed vlan remove 10-11
Switchport trunk allowed vlan add 13
Which implementation provides the strongest encryption combination for the wireless environment?
A. WPA2 + AES
B. WPA + AES
C. WEP
D. WPA + TKIP
WPA2 + AES
What is a characteristic of a SOHO network?
A. connects each switch to every other switch in the network
B. enables multiple users to share a single broadband connection
C. provides high throughput access for 1000 or more users
D. includes at least three tiers of devices to provide load balancing and redundancy
enables multiple users to share a single broadband connection
Refer to the exhibit
Import ncclient
with ncclient.manager.connect(host=’192.168.1.1’ , port=830, username=’root’ ,
password=’teset123!’ , allow_agent=False) as m:
print (m.get_config(‘running’).data_xml)
After running the code in the exhibit, which step reduces the amount of data that the NETCONF server returns to the NETCONF client, to only the interface’s configuration?
A. Use the Ixml library to parse the data returned by the NETCONF server for the interface’s configuration.
B. Create an XML filter as a string and pass it to get_config() method as an argument.
C. Create a JSON filter as a string and pass it to the get_config() method as an argument.
D. Use the JSON library to parse the data returned by the NETCONF server for the interface’s configuration.
Use the JSON library to parse the data returned by the NETCONF server for the interface’s configuration.
Which resource is able to be shared among virtual machines deployed on the same physical server?
A. disk
B. applications
C. VM configuration file
D. operating system
VM configuration file
Which WAN topology provides a combination of simplicity quality, and availability?
A. partial mesh
B. full mesh
C. point-to-point
D. hub-and-spoke
full mesh
Which command on a port enters the forwarding state immediately when a PC is connected to it?
A. switch(config)#spanning-tree portfast default
B. switch(config)#spanning-tree portfast bpduguard default
C. switch(config-if)#spanning-tree portfast trunk
D. switch(config-if)#no spanning-tree portfast
spanning-tree portfast trunk
What are two functions of an SDN controller? (Choose two)
A. Layer 2 forwarding B. coordinating VTNs C. tracking host D. managing the topology E. protecting against DDoS attacks
coordinating VTNs
managing the topology
What is a network appliance that checks the state of a packet to determine whether the packet is legitimate?
A. Layer 2 switch
B. load balancer
C. firewall
D. LAN controller
firewall
When DHCP is configured on a router, which command must be entered so the default gateway is automatically distributed?
A. default-router
B. default-gateway
C. ip helper-address
D. dns-server
default-router
What is an appropriate use for private IPv4 addressing?
A. on the public-facing interface of a firewall
B. to allow hosts inside to communicate in both directions with hosts outside the organization
C. on internal hosts that stream data solely to external resources
D. on hosts that communicates only with other internal hosts
on hosts that communicates only with other internal hosts
How is the native VLAN secured in a network?
A. separate from other VLANs within the administrative domain
B. give it a value in the private VLAN range
C. assign it as VLAN 1
D. configure it as a different VLAN ID on each end of the link
configure it as a different VLAN ID on each end of the link
What is the purpose of a southbound API in a control based networking architecture?
A. Facilities communication between the controller and the applications
B. Facilities communication between the controller and the networking hardware
C. allows application developers to interact with the network
D. integrates a controller with other automation and orchestration tools
Facilities communication between the controller and the networking hardware
What causes a port to be placed in the err-disabled state?
A. latency
B. port security violation
C. shutdown command issued on the port
D. nothing plugged into the port
port security violation
