Test Flashcards
1
Q
What is the benefit of using Cisco Wireless Lan Controller?
A. Central AP management requires more complex configurations
B. Unique SSIDs cannot use th esame authentication method
C. It supports autonomous and lightweight APs
D. It eliminates the need to configure each access point individually
A
It eliminates the need to configure each access point individually
2
Q
Which network allows the devices to communicate without the need to access the Internet?
A. 172.9.0.0/16
B. 172.28.0.0/16
C. 192.0.0.0/8
D. 209.165.201.0/24
A
172.28.0.0/16
3
Q
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two
formats are available to select? (Choose two)
A. ASCII B. base64 C. binary D. decimal E. hexadecimal
A
ASCII
hexadecimal
4
Q
An organization has decided to start using cloud-provided services. Which cloud service allows the
organization to install its own operating system on a virtual machine?
A. platform-as-a-service
B. software-as-a-service
C. network-as-a-service
D. infrastructure-as-a-service
A
Infrastructure-as-a-service
5
Q
Router(config)#interface GigabitEthernet 1/0/1
Router(config-if)#ip address 192.168.16.143 255.255.255.240
Bad mask /28 for address 192.168.16.143
Which Statement explains the configuration error message that is received?
A. It is a broadcast IP address
B. The router does not support /28 mask.
C. It belongs to a private IP address range
D. It is network IP address
A
It is a broadcast IP address
6
Q
Which command prevents passwords from being stored in the configuration as plain text on a router
or switch?
A. enable secret
B. service password-encryption
C. username Cisco password encrypt
D. enable password
A
service password-encryption
7
Q
A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two)
A. runts B. giants C. frame D. CRC E. input errors
A
CRC
input errors
Whenever the physical transmission has problems, the receiving device might receive a frame whose
bits have changed values. These frames do not pass the error detection logic as implemented in the
FCS field in the Ethernet trailer. The receiving device discards the frame and counts it as some kind of
input error.
Cisco switches list this error as a CRC error. Cyclic redundancy check (CRC) is a term related to how
the FCS math detects an error.
The “input errors” includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts.
The output below show the interface counters with the “show interface s0/0/0” command:
8
Q
Which command enables a router to become a DHCP client?
A. ip address dhcp
B. ip helper-address
C. ip dhcp pool
D. ip dhcp client
A
ip address dhcp
9
Q
Which two encoding methods are supported by REST APIs? (Choose two)
A. YAML B. JSON C. EBCDIC D. SGML E. XML
A
YAML
XML
10
Q
Two switches are connected and using Cisco Dynamic Trunking Protocol. SW1 is set to Dynamic Desirable.
What is the result of this configuration?
A. The link is in a down state.
B. The link is in an error disables state
C. The link becomes an access port
D. The link becomes a trunk port
A
The link becomes a trunk port
11
Q
When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)
A. 2000::/3 B. 2002::5 C. FC00::/7 D. FF02::1 E. FF02::2
A
FF02::1
FF02::2
When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and
solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all-node group is used to communicate with
all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer
address resolution. Routers also join a third multicast group, the all-routers group (FF02::2).
12
Q
Which MAC address is recognized as a VRRP virtual address?
A. 0000.5E00.010a
B. 0005.3711.0975
C. 0000.0C07.AC99
D. 0007.C070/AB01
A
A. 0000.5E00.010a
With VRRP, the virtual router’s MAC address is 0000.5E00.01xx , in which xx is the VRRP group
13
Q
In which way does a spine and-leaf architecture allow for scalability in a network when additional
access ports are required?
A. A spine switch and a leaf switch can be added with redundant connections between them
B. A spine switch can be added with at least 40 GB uplinks
C. A leaf switch can be added with a single connection to a core spine switch.
D. A leaf switch can be added with connections to every spine switch
A
D. A leaf switch can be added with connections to every spine switch
Spine-leaf architecture is typically deployed as two layers: spines (such as an aggregation layer), and
leaves (such as an access layer). Spine-leaf topologies provide high-bandwidth, low-latency,
nonblocking server-to-server connectivity.
Leaf (aggregation) switches are what provide devices access to the fabric (the network of spine and
leaf switches) and are typically deployed at the top of the rack. Generally, devices connect to the leaf
switches.
Devices can include servers, Layer 4-7 services (firewalls and load balancers), and WAN or Internet
routers. Leaf switches do not connect to other leaf switches. In spine-and-leaf architecture, every
leaf should connect to every spine in a full mesh.
Spine (aggregation) switches are used to connect to all leaf switches and are typically deployed at the end or middle of the row. Spine switches do not connect to other spine switches.
14
Q
Which type of wireless encryption is used for WPA2 in preshared key mode?
A. TKIP with RC4
B. RC4
C. AES-128
D. AES-256
A
AES-256
15
Q
Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose
two)
A. It drops lower-priority packets before it drops higher-priority packets
B. It can identify different flows with a high level of granularity
C. It guarantees the delivery of high-priority packets
D. It can mitigate congestion by preventing the queue from filling up
E. it supports protocol discovery
A
It drops lower-priority packets before it drops higher-priority packets
It can mitigate congestion by preventing the queue from filling up
16
Q
When a floating static route is configured, which action ensures that the backup route is used when
the primary route fails?
A. The floating static route must have a higher administrative distance than the primary route so it is
used as a backup
B. The administrative distance must be higher on the primary route so that the backup route
becomes secondary.
C. The floating static route must have a lower administrative distance than the primary route so it is
used as a backup
D. The default-information originate command must be configured for the route to be installed into
the routing table
A
A. The floating static route must have a higher administrative distance than the primary route so it is
used as a backup
17
Q
Refer to the exhibit
Atlanta#conf t
Enter configuration commands, one per line. End with CNTL/z.
Atlanta (config)#aaa new-model
Atlanta (config)#aaa authentication login default local
Atlanta (config)#line vty 0 4
Atlanta (config-line)#login authentication default
Atlanta (config-line)#exit
Atlanta (config)#username ciscoadmin password adminadmin123
Atlanta (config)#username ciscoadmin privilege 15
Atlanta (config)#enable password cisco123
Atlanta (config)#enable secret testing1234
Atlanta (config)#end
Which password must an engineer use to enter the enable mode?
A. adminadmin123
B. default
C. testing 1234
D. cisco123
A
testing 1234
18
Q
How do TCP and UDP differ in the way that they establish a connection between two endpoints?
A. TCP uses synchronization packets, and UDP uses acknowledgment packets.
B. UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK and ACK
bits
C. UDP provides reliable message transfer and TCP is a connectionless protocol
D. TCP uses the three-way handshake and UDP does not guarantee message delivery
A
TCP uses the three-way handshake and UDP does not guarantee message delivery
19
Q
Which mode allows access points to be managed by Cisco Wireless LAN Controllers?
A. autonomous
B. lightweight
C. bridge
D. mobility express
A
lightweight
A Lightweight Access Point (LAP) is an AP that is designed to be connected to a wireless LAN (WLAN)
controller (WLC). APs are “lightweight,” which means that they cannot act independently of a
wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are
“zero touch” deployed, and individual configuration of APs is not necessary
20
Q
Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?
A. Bronze
B. Platinum
C. Silver
D. Gold
A
Platinum
Cisco Unified Wireless Network solution WLANs support four levels of QoS: Platinum/Voice,
Gold/Video, Silver/Best Effort (default), and Bronze/Background.
21
Q
If a notice-level messaging is sent to a syslog server, which event has occurred?
A. A network device has restarted
B. An ARP inspection has failed
C. A routing instance has flapped
D. A debug operation is running
A
A routing instance has flapped
22
Q
What are two southbound APIs? (Choose two )
A. OpenFlow B. NETCONF C. Thrift D. CORBA E. DSC
A
OpenFlow
NETCONF
OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should
interact with the forwarding plane to make adjustments to the network, so it can better adapt to
changing business requirements.
The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install,
manipulate and delete configuration to network devices
23
Q
An email user has been lured into clicking a link in an email sent by their company’s security
organization. The webpage that opens reports that it was safe but the link could have contained
malicious code. Which type of security program is in place?
A. Physical access control
B. Social engineering attack
C. brute force attack
D. user awareness
A
user awareness
24
Q
An engineer must configure a /30 subnet between two routers. Which usable IP address and subnet
mask combination meets this criteria?
Interface e0/0
description to HQ-A371:19452
ip address 209.165.201.2 255.255.255.252
Interface e0/0
description to HQ-A371:19452
ip address 10.2.1.3 255.255.255.252
Interface e0/0
description to HQ-A371:19452
ip address 172.16.1.4 255.255.255.248
Interface e0/0
description to HQ-A371:19452
ip address 192.168.1.1 255.255.255.248
A
Interface e0/0
description to HQ-A371:19452
ip address 209.165.201.2 255.255.255.252
25
What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC
address is received?
A. The Layer 2 switch drops the received frame
B. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN.
C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning.
D. The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address
table
The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN.
26
Refer to the exhibit
R2#show ip nat translations
Pro Inside global Inside local
tcp 172.23.104.3: 43268 10.4.4.4:43268
tcp 172.23.10.4: 45507 10.4.4.5:45507
Question 30
| 172.23.104.4
27
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from
specific networks?
A. CPU ACL
B. TACACS
C. Flex ACL
D. RADIUS
CPU ACL
28
Which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC
address of an interface?
A. ipv6 address dhcp
B. ipv6 address 2001:DB8:5:112::/64 eui-64
C. ipv6 address autoconfig
D. ipv6 address 2001:DB8:5:112::2/64 link-local
C. ipv6 address autoconfig
The “ipv6 address autoconfig” command causes the device to perform IPv6 stateless address
autoconfiguration to discover prefixes on the link and then to add the EUI-64 based addresses to the
interface.
Addresses are configured depending on the prefixes received in Router Advertisement (RA)
messages.
The device will listen for RA messages which are transmitted periodically from the router (DHCP
Server).
This RA message allows a host to create a global IPv6 address from:
+ Its interface identifier (EUI-64 address)
+ Link Prefix (obtained via RA)
Note: Global address is the combination of Link Prefix and EUI-64 address
29
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch.
Which two steps will fulfill the request? (Choose two)
A. Configure the ports in an EtherChannel.
B. Administratively shut down the ports
C. Configure the port type as access and place in VLAN 99
D. Configure the ports as trunk ports
E. Enable the Cisco Discovery Protocol
Administratively shutdown the ports
Configure the port type as access and place in VLAN 99
30
Which output displays a JSON data representation?
```
{
"response": {
"taskld":{},
"url":"string"
},
"version":"string"
```
Question 34
C. Option C
JSON data is written as name/value pairs.
A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a
value:
“name”:”Mark”
JSON can use arrays. Array values must be of type string, number, object, array, boolean or null.
For example:
{
“name”:”John”,
“age”:30,
“cars”:[ “Ford”, “BMW”, “Fiat” ]
}
JSON can have empty object like “taskId”:{}
31
Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?
A. lldp timer
B. lldp holdtimt
C. lldp reinit
D. lldp tlv-select
lldp reinit
+ lldp holdtime seconds: Specify the amount of time a receiving device should hold the information
from your device before discarding it
+ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface
+ lldp timer rate: Set the sending frequency of LLDP updates in seconds
32
A network engineer must back up 20 network router configurations globally within a customer
environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?
A. CDP
B. SNMP
C. SMTP
D. ARP
SNMP
33
DRAG DROP
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right
Configure BPDU guard.
Configure dynamic ARP inspection.
Configure root guard.
Configure VACL.
802.1q double tagging
ARP spoofing
Unwanted superior BPDUs
unwanted BPDUs on PortFast-enabled interfaces
Configure BPDU guard- unwanted BPDUs on portfast
-Configure VACL.
Configure dynamic ARP inspection
- ARP spoofing
Configure root guard- Unwanted superior BPDUs
-Unwanted superior BPDUs
Configure VACL- 801.q double tagging
- unwanted BPDUs on PortFast-enabled interfaces
34
DRAG AND DROP
Drag and drop the network protocols from the left onto the correct transport services on the right
SMTP Connection Oriented
SNMP
TFTP
VoIP Connectionless
SSH
FTP
Connection Oriented
FTP
SNMP
SSH
Connectionless
TFTP
VoIP
SMTP
35
DRAG DROP
A network engineer is configuring an OSPFv2 neighbor adjacency. Drag and drop the parameters from
the left onto their required categories on the right. Not all parameters are used
netmask Must be unique
OSPF process ID
router ID
IP address Must match
area ID
timers
Must be unique
router ID
IP address
Must Match
netmask
area ID
timers
36
Refer to the Exhibit (question 40)
An extended ACL has been configured and applied to router R2. The configuration failed to work as
intended Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10 0/26 subnet while still allowing all other traffic? (Choose two )
A. Add a "permit ip any any" statement to the begining of ACL 101 for allowed traffic.
B. Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic
C. The source and destination IPs must be swapped in ACL 101
D. The ACL must be configured the Gi0/2 interface inbound on R1
E. The ACL must be moved to the Gi0/1 interface outbound on R2
Add a "permit ip any any" statement at the end of the ACL 101 for allowed traffic
The source and destination IPs must be swapped in ACL 101
37
Refer to the exhibit. (Question 41)
Which type of route does R1 use to reach host 10.10.13.10/32?
A. floating static route
B. host route
C. default route
D. network route
Network route
38
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?
A. on
B. auto
C. active
D. desirable
On
The Static Persistence (or “on” mode) bundles the links unconditionally and no negotiation protocol
is used. In this mode, neither PAgP nor LACP packets are sent or received
39
Which IPv6 address block sends packets to a group address rather than a single address?
A. 2000::/3
B. FC00::/7
C. FE80::/10
D. FF00::/8
FF00::/8
FF00::/8 is used for IPv6 multicast and this is the IPv6 type of address the question wants to ask.
FE80::/10 range is used for link-local addresses. Link-local addresses only used for communications
within the local subnetwork (automatic address configuration, neighbor discovery, router discovery,
and by many routing protocols). It is only valid on the current subnet.
It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier
(based on 48-bit MAC address).
40
Drag and Drop (Question 44)
Drag and drop the functions from the left onto the correct network components on the right
Holds the TCP/IP setting to be distributed to the clients
Resolves web URLs to IP addresses
Stores a list of IP addresses mapped to names
Assigns a default gateway to a client
Assigns IP addresses to enabled clients
Network Components
- DHCP SERVER
- DNS SERVER
DHCP SERVER
Holds the TCP/IP setting to be distributed to the clients
Assigns a default gateway to a client
Assigns IP addresses to enabled clients
DNS SERVER
Resolves web URLs to IP addresses
Stores a list of IP addresses mapped to names
41
DRAG DROP (Question 4)
Drag drop the descriptions from the left onto the correct configuration-management technologies on
the right.
DESCRIPTIONS
Fundamental configuration elements are stored in a manifest
Uses TCP port 10002 for configuration push jobs
Uses Ruby for fundamental configuration elements
Uses SSH for remote device communication
Uses TCP 8140 for communication
Uses YAML for fundamental configuration elements
CONFIGURATION- MANAGEMENT TECHNOLOGIES
Ansible
Chef
Puppet
Ansible
Uses YAML for fundamental configuration elements
Uses SSH for remote device communication
Chef
Uses TCP port 10002 for configuration push jobs
Uses Ruby for fundamental configuration elements
Puppet
Uses TCP 8140 for communication
fundamental configuration elements are stored in a manifest
42
```
DRAG DROP (Question 6)
Drag and drop the descriptions of file-transfer protocols from the left onto the correct protocols on the right
```
DESCRIPTIONS OF FILE-TRANSFER PROTOCOLS
Provides reliability when loading an IOS image upon boot up
Does not require user authentication
Uses port 69
Uses ports 20 and 21
Uses TCP
Uses UDP
PROTOCOLS
FTP
TFTP
FTP
Provides reliability when loading an IOS image upon boot up
Uses ports 20 and 21
Uses TCP
TFTP
Does not require user authentication
Uses port 69
Uses UDP
43
```
DRAG DROP (Question 11)
Drag and drop the WLAN components from the left onto the correct descriptions on the right.
```
```
WLAN COMPONENTS
Access point
virtual interface
dynamic interface
service port
wireless LAN controller
```
DESCRIPTIONS
Device that manages access points
Device that provides Wi-Fi devices with a connection to a wired network
Used for out of band management of a WLC
Used to support mobility management of the WLC
Applied to the WLAN for wireless client communication
- Device that manages access points
- wireless LAN controller
- Device that provides Wi-Fi devices with a connection to a wired network
- Access point
- Used for out of band management of a WLC
- service port
- Used to support mobility management of the WLC
- virtual interface
- Applied to the WLAN for wireless client communication
- dynamic interface
44
Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols. (Question 8)
A. dual algorithm
B. metric
C. administrative distance
D. hop count
administrative distance
45
Which two capacities of Cisco DNA Center make it more extensible as compared to traditional
campus device management? (Choose two)
A. adapters that support all families of Cisco IOS software
B. SDKs that support interaction with third-party network equipment
C. customized versions for small, medium, and large enterprises
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center
E. modular design that is upgradable as needed
SDKs that support interaction with third-party network equipment
REST APIs that allow for external applications to interact natively with Cisco DNA Center
46
DRAG DROP
Drag and drop the AAA functions from the left onto the correct AAA services on the right
AAA FUNCTIONS
Records user activities
Restricts the services that are available to a user
Identifies the user
Controls the actions that a user can perform
Provides analytical information for the network administrator
Verifies the password associated with a user.
AAA SERVICES
Authentication
Authorization
Accounting
Authentication
- Identifies the user
- Verifies the password associated with a user.
Authorization
- Restricts the services that are available to a user
- Controls the actions that a user can perform
Accounting
- Records user activities
- Provides analytical information for the network administrator
47
What is the primary effect of the spanning-tree portfast command?
A. it enables BPDU messages
B. It minimizes spanning-tree convergence time
C. It immediately puts the port into the forwarding state when the switch is reloaded
D. It immediately enables the port in the listening state
B. It minimizes spanning-tree convergence time
48
Refer to the exhibit.
```
Which command provides this output?
A. show ip route
B. show ip interface
C. show interface
D. show cdp neighbor
```
show cdp neighbor
49
Refer to the exhibit.
Router#
Capability Codes: R-Router, T- Trans Bridge, B- Source Route Bridge
S-Switch, H- Host, IGMP, r- Repeater, P-Phone,
D-Remote, C-CVTA, M-Two-port Mac Relay
Device ID Local Intrfrce Holdtime Capability Platform Port ID
10. 1.1.2 Gig 37/3 176 RI CPT600 Gig36/41
10. 1.1.2 Gig 37/1 174 RI CPT600 Gig36/43
10. 1.1.2 Gig 36/41 134 RI CPT600 Gig37/3
10. 1.1.2 Gig 36/43 134 RI CPT600 Gig37/1
10. 1.1.2 Ten 3/2 132 RI CPT600 Ten 4/2
10. 1.1.2 Ten 4/2 174 RI CPT600 Ten 3/2
```
Which command provides this output?
A. show ip route
B. show ip interface
C. show interface
D. show cdp neighbor
```
show cdp neighbor
50
Refer to the Exhibit.
Switch 1 Switch 2
Name: Gi0/1 Name: Gi0/1
Switchport: Enabled Switchport: Enabled
Administrative Mode: Trunk Administrative Mode: Trunk
Operational Mode: Trunk Operational Mode: Trunk
... ...
Trunking Native VLAN: 1 (default) Trunking Native VLAN: 99
After the switch configuration the ping test fails between PC A and PC B Based on the output for switch 1. Which error must be corrected?
A. There is a native VLAN mismatch
B. Access mode is configured on the switch ports.
C. The PCs are m the incorrect VLAN
D. All VLANs are not enabled on the trunk
A. There is a native VLAN mismatch
51
Which 802.11 frame type is association response?
A. management
B. protected frame
C. control
D. action
A. management
52
Which API is used in controller-based architectures to interact with edge devices?
A. overlay
B. northbound
C. underlay
D. southbound
southbound
53
Which statement identifies the functionality of virtual machines?
A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor
B. The hypervisor can virtualize physical components including CPU, memory, and storage
C. Each hypervisor can support a single virtual machine and a single software switch
D. The hypervisor communicates on Layer 3 without the need for additional resources
The hypervisor can virtualize physical components including CPU. memory, and storage
54
Which type of address is the public IP address of a NAT device?
```
A. outside global
B. outside local
C. inside global
D. inside local
E. outside public
F. inside public
```
inside global
55
Which option about JSON is true?
A. uses predefined tags or angle brackets () to delimit markup text
B. used to describe structured data that includes arrays
C. used for storing information
D. similar to HTML, it is more verbose than XML
used to describe structured data that includes arrays
56
How do TCP and UDP differ in the way they provide reliability for delivery of packets?
A. TCP is a connectionless protocol that does not provide reliable delivery of data, UDP is a connection-oriented protocol that uses sequencing to provide reliable delivery.
B. TCP does not guarantee delivery or error checking to ensure that there is no corruption of data UDP provides message acknowledgement and retransmits data if lost.
C. TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking for sequencing
D. TCP uses windowing to deliver packets reliably; UDP provides reliable message transfer between hosts by establishing a three-way handshake
TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking for sequencing
57
Which two command sequences must you configure on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? (Choose two )
A. interface GigabitEthernet0/0/1
channel-group 10 mode on
B. interface GigabitEthernet0/0/1
channel-group 10 mode active
C. interface GigabitEthernet0/0/1
channel-group 10 mode auto
D. interface port-channel 10
switchport
switchport mode trunk
E. interface port-channel 10
no switchport
ip address 172.16.0.1.255.255.255.0
interface GigabitEthernet0/0/1
channel-group 10 mode active
interface port-channel 10
no switchport
ip address 172.16.0.1.255.255.255.0
58
What is an advantage of Cisco DNA Center versus traditional campus device management?
A. It supports numerous extensibility options including cross-domain adapters and third-party SDKs.
B. It supports high availability for management functions when operating in cluster mode.
C. It enables easy autodiscovery of network elements in a brownfield deployment.
D. It is designed primarily to provide network assurance.
It supports numerous extensibility options including cross-domain adapters and third-party SDKs.
59
Refer to the exhibit.
```
IBGP route 10.0.0.0/30
RIP route 10.0.0.0/30
OSPF route 10.0.0.0/16
OSPF route 10.0.0.0/30
EIGRP route 10.0.0.1/32
```
A router reserved these five routes from different routing information sources.
Which two routes does the router install in its routing table? (Choose two)
```
A. RIP route 10.0.0.0/30
B. iBGP route 10.0.0.0/30
C. OSPF route 10.0.0.0/30
D. EIGRP route 10.0.0.1/32
E. OSPF route 10.0.0.0/16
```
OSPF route 10.0.0.0/30
| EIGRP route 10.0.0.1/32
60
By default, how does EIGRP determine the metric of a route for the routing table?
A. it uses the bandwidth and delay values of the path to calculate the route metric
B. it uses a default metric of 10 for all routes that are learned by the router
C. it uses a reference Bandwidth and the actual bandwidth of the connected link to calculate the route metric
D. it counts the number of hops between the receiving and destination routers and uses that value as the metric
it uses the bandwidth and delay values of the path to calculate the route metric
61
What is a difference between local AP mode and FlexConnet AP mode?
A. Local AP mode creates two CAPWAP tunnels per AP to the WLC
B. FiexConnect AP mode fails to function if me AP loses connectivity with the WLC
C. FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured
D. Local AP mode causes the AP to behave as if it were an autonomous AP
Local AP mode creates two CAPWAP tunnels per AP to the WLC
62
Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task?
A. R1#Conf t
R1(config)#ip routing
R1(config)#ip default-route 192.168.1.1
R1#Conf t
R1(config)#ip routing
R1(config)#ip route 192.168.1.1 0.0.0.0 0.0.0.0
R1#Conf t
R1(config)#ip routing
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
R1#Conf t
R1(config)#ip routing
R1(config)#ip default-gateway 192.168.1.1
R1#Conf t
R1(config)#ip routing
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
63
Which function does the range of private IPv4 addresses perform?
A. allows multiple companies to each use the same addresses without conflicts
B. provides a direct connection for hosts from outside of the enterprise network
C. ensures that NAT is not required to reach the internet with private range addressing
D. enables secure communications to the internet for all external host
allows multiple companies to each use the same addresses without conflicts
64
What event has occurred if a router sends a notice level message to a syslog server?
A. A TCP connection has been torn down
B. An ICMP connection has been built
C. An interface line has changed status
D. A certificate has expired
An interface line has changed status
65
Refer to the image
SW# show spanning-tree vlan 30
VLAN 0030
Spanning tree enabled protocol rstp
Root ID Priority 32798
Address 0025.63e9.c800
Cost 19
Port 1 (FastEthernet 2/1)
Hello Time 2 sec
Max Age 30 sec
Forward Delay 20 Sec
[Output suppressed]
What two conclusions should be made about this configuration? (Choose two )
A. The designated port is FastEthernet 2/1
B. This is a root bridge
C. The spanning-tree mode is Rapid PVST+
D. The spanning-tree mode is PVST+
E. The root port is FastEthernet 2/1
The spanning tree mode is PVST +
| The root port is FastEthernet 2/1
66
What are two fundamentals of virtualization? (choose two)
A. The environment must be configured with one hypervisor that serves solely as a network manager to monitor SNMP traffic
B. It allows logical network devices to move traffic between virtual machines and the rest of the physical network
C. It allows multiple operating systems and applications to run independently on one physical server.
D. It allows a physical router to directly connect NICs from each virtual machine into the network
E. It requires that some servers, virtual machines and network gear reside on the Internet
It allows logical network devices to move traffic between virtual machines and the rest of the physical network
It allows multiple operating systems and applications to run independently on one physical server.
67
What is the difference regarding reliability and communication type between TCP and UDP?
A. TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol
B. TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a connectionless protocol
C. TCP is not reliable and is a connectionless protocol; UDP is reliable and is a connection-oriented protocol
D. TCP is reliable and is a connectionless protocol; UDP is not reliable and is a connection-oriented protocol
TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol
68
Refer to the exhibit
EIGRP: 192.168.12.0/24
RIP: 192.168.12.0/27
OSPF: 192.168.12.0/28
How does the router manage traffic to 192.168.12.16?
A. It selects the RIP route because it has the longest prefix inclusive of the destination address.
B. It chooses the OSPF route because it has the longest prefix inclusive of the destination address.
C. it load-balances traffic between all three routes
D. It chooses the EIGRP route because it has the lowest administrative distance
It selects the RIP route because it has the longest prefix inclusive of the destination address.
69
How does Cisco DNA Center gather data from the network?
A. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
B. Devices establish an iPsec tunnel to exchange data with the controller
C. Devices use the call-home protocol to periodically send data to the controller.
D. The Cisco CU Analyzer tool gathers data from each licensed network device and streams it to the controller
Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
70
DRAG DROP
Drag and drop the attack-mitigation techniques from the left onto the Types of attack that they mitigate on the right.
```
ATTACK MITIGATION TECHNIQUES
configure 802.1x authentication
configure DHCP snooping
Configure the native VLAN with a nondefault VLAN ID
disable DTP
```
```
TYPES OF ATTACK
802.1q double-tagging VLAN-hopping attack
MAC flooding attack
Man-in-the-middle spoofing attack
switch-spoofing VLAN-hopping attack
```
802.1q double-tagging VLAN-hopping attack
Configure the native VLAN with a nondefault VLAN ID
MAC flooding attack
configure 802.1x authentication
Man-in-the-middle spoofing attack
configure DHCP snooping
switch-spoofing VLAN-hopping attack
disable DTP
71
Refer to the Exhibit
G0/1 G0/1
SW1 ------------------------------------------------------------------SW2
| |
| |
| |
| |
PC_A PC_B
The network administrator wants VLAN 67 traffic to be untagged between Switch 1 and Switch 2 while all other VLANs are to remain tagged.
Which command accomplishes this task?
A. switchport access vlan 67
B. switchport trunk allowed vlan 67
C. switchport private-vlan association host 67
D. switchport trunk native vlan 67
switchport trunk native vlan 67
72
What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two)
A. The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses
B. The DHCP client can request up to four DNS server addresses
C. The DHCP server assigns IP addresses without requiring the client to renew them
D. The DHCP server leases client IP addresses dynamically.
E. The DHCP client maintains a pool of IP addresses it can assign
The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses
The DHCP server leases client IP addresses dynamically.
73
Which two minimum parameters must be configured on an active interface to enable OSPFv2 to operate? (Choose two)
```
A. OSPF area
B. OSPF MD5 authentication key
C. IPv6 address
D. OSPf process ID
E. OSPf stub flag
```
OSPF area
OSPF process ID
74
Which two outcomes are predictable behaviors for HSRP? (Choose two )
A. The two routers synchronize configurations to provide consistent packet forwarding
B. The two routers negotiate one router as the active router and the other as the standby router
C. Each router has a different IP address, both routers act as the default gateway on the LAN, and traffic is load-balanced between them
D. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
E. The two routers share the same interface IP address and default gateway traffic is load-balanced between them
The two routers negotiate one router as the active router and the other as the standby router
The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
75
Several new coverage cells are required to improve the Wi-Fi network of an organization. Which two standard designs are recommended? (choose two.)
A. 5GHz provides increased network capacity with up to 23 nonoverlapping channels.
B. For maximum throughput, the WLC is configured to dynamically set adjacent access points to the same channel.
C. 5GHz channel selection requires an autonomous access point.
D. Adjacent cells with overlapping channels use a repeater access point.
E. Cells that overlap one another are configured to use nonoverlapping channels
For maximum throughput, the WLC is configured to dynamically set adjacent access points to the same channel.
Cells that overlap one another are configured to use nonoverlapping channels
76
Refer to the Exhibit
Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
....
S* 0.0.0.0/0 [1/0] via 10.10.11.2
Which is the path used for Internet traffic
A. 209.165.200.0/27
B. 10.10.10.0/28
C. 0.0.0.0/0
D. 10.10.13.0/24
0.0.0.0/0
77
Refer to the Exhibit
E0/0 E0/0 E0/1 E0/1
R1------------------------------SW1----------------------------------------------------SW2
Int Ethernet0/0 Int Ethernet 0/0 Int Ethernet0/1
no ip address Switchport trunk encap dot1q Switchport trunk encap dot1q
! Switchport mode trunk Switchport mode trunk
! !
Interface Ethernet0/1 Interface Ethernet0/2
Switchport trunk allowed vlan 10 switchport access vlan 20
Switchport trunk encap dot1q switchport mode access
What commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?
A. R1(config)#interface ethernet0/0
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
B. R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
C. R1(config)#interface ethernet0/0.20
R1(config)#ip address 10.20.20.1 255.255.255.0
D. R1(config)#interface ethernet0/0
R1(config)#ip address 10.20.20.1 255.255.255.0
R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
78
Which purpose does a northbound API serve in a controller-based networking architecture?
A. communicates between the controller and the physical network hardware
B. reports device errors to a controller
C. generates statistics for network hardware and traffic
D. facilitates communication between the controller and the applications
facilitates communication between the controller and the applications
79
Refer to the exhibit
ip arp inspection vlan 2-10
interface fastethernet 0/1
ip arp inspection trust
If the network environment is operating normally, which type of device must be connected to interface FastEthernet 0/1?
A. DHCP client
B. access point
C. router
D. PC
router
80
What is the primary purpose of a First Hop Redundancy Protocol?
A. It allows directly connected neighbors to share configuration information.
B. It allows a router to use bridge priorities to create multiple loop-free paths to a single destination.
C. It reduces routing failures by allowing Layer 3 load balancing between OSPF neighbors that have the same link metric.
D. It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network
It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network
81
What occurs to frames during the process of frame flooding?
A. Frames are sent to every port on the switch in the same VLAN except from the originating port
B. Frames are sent to every port on the switch that has a matching entry in the
MAC address table.
C. Frames are sent to all ports, including those that are assigned to other VLANs
D. Frames are sent to every port on the switch in the same VLAN.
Frames are sent to every port on the switch in the same VLAN except from the originating port
82
RTR1
| G0/0 172.16.1.62 RTR-1
| interface Loopback1
| ip address 192.168.1.1 255.255.255.0
| !
| interface Loopback2
SW1 ip address 192.168.2.1 255.255.255.0
| !
| interface Loopback3
| ip address 192.168.3.1 255.255.255.0
| !
| interface GigabitEthernet0/0
PC1 172.16.1.33/27 ip address 172.16.1.62 255.255.255.224
Which configuration on RTR-1 denies SSH access from PC-1 to any RTR-1 interface and allows all other traffic?
A. access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any
interface GigabitEthernet0/0 ip access-group 100 in
B. access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any
line vty 0 15 ip access-group 100 in
C. access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any any
interface GigabitEthernet0/0 ip access-group 100 in
D. access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any any
line vty 0 15 ip access-group 100 in
access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any
line vty 0 15 ip access-group 100 in
83
In which two ways does a password manager reduce the chance of a hacker stealing a users password? (Choose two.)
A. It automatically provides a second authentication factor that is unknown to the original user.
B. It uses an internal firewall to protect the password repository from unauthorized access.
C. It protects against keystroke logging on a compromised device or web site.
D. It stores the password repository on the local workstation with built-in antivirus and anti-malware functionality
E. It encourages users to create stronger passwords
It protects against keystroke logging on a compromised device or web site.
It encourages users to create stronger passwords
84
```
Which technology is used to improve web traffic performance by proxy caching?
A. WSA
B. Firepower
C. ASA
D. FireSIGHT
```
WSA
85
Which type of attack can be mitigated by dynamic ARP inspection?
A. worm
B. malware
C. DDoS
D. man-in-the-middle
man-in-the-middle
86
What are two roles of Domain Name Services (DNS)? (Choose Two)
A. builds a flat structure of DNS names for more efficient IP operations
B. encrypts network Traffic as it travels across a WAN by default
C. improves security by protecting IP addresses under Fully Qualified Domain Names (FQDNs)
D. enables applications to identify resources by name instead of IP address
E. allows a single host name to be shared across more than one IP address
enables applications to identify resources by name instead of IP address
allows a single host name to be shared across more than one IP address
87
How do TCP and UDP differ in the way they guarantee packet delivery?
A. TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.
B. TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks and UDP uses retransmissions only.
C. TCP uses checksum, parity checks, and retransmissions, and UDP uses acknowledgements only.
D. TCP uses retransmissions, acknowledgement and parity checks and UDP uses cyclic redundancy checks only
TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.
88
Refer to the Exhibit
Gateway of last resort is not set
C 1.0.0.0/8 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.0.1.3/32 [110/100] via 10.0.1.3, 00:39:08, Serial0
C 10.0.1.0/24 is variably subnetted, 4 subnets, 2 masks
O 10.0.1.5/32 [110/5 via 10.0.1.50, 00:39:08, serial0
O 10.0.1.4/32 [110/10 via 10.0.1.4, 00:39:08, serial0
What is the next hop address for traffic that is destined to host 10.0.1.5?
A. 10.0.1.3
B. 10.0.1.50
C. 10.0.1.4
D. Loopback D
10.0.1.50
89
What are two benefits of controller-based networking compared to traditional networking?
A. controller-based increases network bandwidth usage, while traditional lightens the load on the network.
B. controller-based inflates software costs, while traditional decreases individual licensing costs
C. Controller-based reduces network configuration complexity, while traditional increases the potential for errors
D. Controller-based provides centralization of key IT functions. While traditional requires distributes management function
E. controller-based allows for fewer network failure, while traditional increases failure rates
Controller-based reduces network configuration complexity, while traditional increases the potential for errors
Controller-based provides centralization of key IT functions. While traditional requires distributes management function
90
What mechanism carries multicast traffic between remote sites and supports encryption?
A. ISATAP
B. GRE over iPsec
C. iPsec over ISATAP
D. GRE
GRE over iPsec
91
Switch1
| |
VLAN200 | | VLAN200
| |
PC_A___________| |_______________PC_B
Which outcome is expected when PC_A sends data to PC_B?
A. The switch rewrites the source and destination MAC addresses with its own.
B. The source MAC address is changed.
C. The source and destination MAC addresses remain the same.
D. The destination MAC address is replaced with ffff.ffff.fff
The source and destination MAC addresses remain the same.
92
How will Link Aggregation be Implemented on a Cisco Wireless LAN Controller?
A. One functional physical port is needed to pass client traffic.
B. The EthernetChannel must be configured in "mode active".
C. When enabled, the WLC bandwidth drops to 500 Mbps.
D. To pass client traffic, two or more ports must be configured.
One functional physical port is needed to pass client traffic.
93
Refer to the exhibit
SW4-----------------------------------------------------SW1
| |
| |
| |
| |
SW2--------------------------------------------------SW3
Which switch in this configuration will be elected as the root bridge?
SW1: 0C:E0:38:00:94:04
SW2: 0C:0E:15:22:05:97
SW3: 0C:0E:15:1A:3C:9D
SW4: 0C:0E:18:A1:B3:19
SW3
94
Which device performs stateful inspection of traffic?
A. firewall
B. switch
C. access point
D. wireless controller
Firewall
95
Which configuration ensures that the switch is always the root for VLAN 750?
A. Switch(config)#spanning-tree vlan 750 priority 38003685
B. Switch(config)#spanning-tree vlan 750 root primary
C. Switch(config)#spanning-tree vlan 750 priority 614440
D. Switch(config)#spanning-tree vlan 750 priority 0
Switch(config)#spanning-tree vlan 750 priority 0
96
Refer to the exhibit
SW1-----------------------------------------------------SW4
| |
| |
| |
| |
SW2--------------------------------------------------SW3
Which switch becomes the root bridge?
SW1: Bridge Priority: 32768
MAC: AA:AA:AA:AA:AA:AA
SW2: Bridge Priority: 30000
MAC: BB:BB:BB:BB:BB:BB
SW3: Bridge Priority: 30000
MAC: CC:CC:CC:CC:CC:CC
SW4: Bridge Priority: 32768
MAC: DD:DD:DD:DD:DD:DD
SW2
97
What protocol allows an engineer to back up 20 network router configurations globally while using the copy function?
A. SMTP
B. SNMP
C. TCP
D. FTP
SNMP
98
What software defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer 3 routing information?
A. data plane
B. control plane
C. policy plane
D. management plane
Control Plane
99
Which WAN access technology is preferred for a small office / home office architecture?
A. broadband cable access
B. frame-relay packet switching
C. dedicated point-to-point leased line
D. Integrated Services Digital Network switching
broadband cable access
100
Which two WAN architecture options help a business scalability and reliability for the network?
(Choose two)
```
A. asychronous routing
B. single-homed branches
C. dual-homed branches
D. static routing
E. dynamic routing
```
asychronous routing
dual-homed branches
101
What criteria is used first during the root port selection process?
A. local port ID
B. lowest path cost to the root bridge
C. lowest neighbor's bridge ID
D. lowest neighbor's port ID
lowest path cost to the root bridge
102
Which state does the switch port move to when PortFast is enabled?
A. learning
B. forwarding
C. blocking
D. listening
forwarding
103
What criteria is used first during the root port selection process?
A. local port ID
B. lowest path cost to the root bridge
C. lowest neighbor's bridge ID
D. lowest neighbor's port ID
lowest path cost to the root bridge
104
What is a function of Wireless LAN Controller?
A. register with a single access point that controls traffic between wired and wireless endpoints.
B. use SSIDs to distinguish between wireless clients.
C. send LWAPP packets to access points.
D. monitor activity on wireless and wired LANs
send LWAPP packets to access points.
Lightweight Access Point Protocol (LWAPP) is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring or troubleshooting a large network. The system will also allow network administrators to closely analyze the network.
105
Which type of information resides on a DHCP server?
A. a list of the available IP addresses in a pool
B. a list of public IP addresses and their corresponding names
C. usernames and passwords for the end users in a domain
D. a list of statically assigned MAC addresses
a list of the available IP addresses in a pool
106
A manager asks a network engineer to advise which cloud service models are used so employees do not have to waste their time installing, managing, and updating software which is only used occasionally. Which cloud service model does the engineer recommend?
A. infrastructure-as-a-service
B. platform-as-a-service
C. business process as service to support different types of service
D. software-as-a-service
software-as-a-service
107
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. switchport port-security violation access
B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation shutdown
switchport port-security violation restrict
108
Refer to the exhibit
Cisco_ospf_vrf {"R1 default":
ensure => 'present',
auto_cost => '100',
}
Which type of configuration is represented in the output?
A. Ansible
B. JSON
C. Chef
D. Puppet
Puppet
109
What are two functions of a Layer 2 switch? (Choose two)
A. acts as a central point for association and authentication servers
B. selects the best route between networks on a WAN
C. moves packets within a VLAN
D. moves packets between different VLANs
E. makes forwarding decisions based on the MAC address of a packet
Moves packets within a VLAN
makes forwarding decisions based on the MAC address of a packet
110
Which spanning-tree enhancement avoids the learning and listening states and immediately places ports in the forwarding state?
A. BPDUfilter
B. PortFast
C. Backbonefast
D. BPDUguard
PortFast
111
DRAG DROP
Drag the IPv6 DNS record types from the left onto the description on the right.
```
-IPv6 DNS RECORD TYPES
AAAA
CNAME
NS
PTR
SOA
```
-DESCRIPTIONS
alias one name to another
associates the domain serial number with its owner
correlates a domain with its authoritative name servers
correlates a host name with an IP address
supports reverse name lookups
alias one name to another
CNAME
associates the domain serial number with its owner
SOA
correlates a domain with its authoritative name servers
NS
correlates a host name with an IP address
AAAA
supports reverse name lookups
PTR
https://ns1.com/resources/dns-types-records-servers-and-queries#:~:text=Address%20Mapping%20record%20(A%20Record,a%20hostname%20to%20another
112
What is a recommended approach to avoid co-channel congestion while installing access points that use the 2.4 GHz frequency?
A. different nonoverlapping channels
B. different overlapping channels
C. one overlapping channel
D. one nonoverlapping channel
different nonoverlapping channels
113
Which function is performed by the collapsed core layer in a two-tier architecture?
A. enforcing routing policies
B. marking interesting traffic for data polices
C. attaching users to the edge of the network
D. applying security policies
enforcing routing policies
114
What are two functions of a server on a network? (Choose two)
A. achieves redundancy by exclusively using virtual server clustering
B. runs applications that send and retrieve data for workstations that make requests
C. handles requests from multiple workstations at the same time
D. runs the same operating system in order to communicate with other servers
E. housed solely in a data center that is dedicated to a single client
Runs applications that send and retrieve data for workstations that make requests
handles requests from multiple workstations at the same time
115
Which state does the switch port move to when PortFast is enabled?
A. forwarding
B. listening
C. blocking
D. learning
forwarding
116
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. switchport port-security violation access
B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation shutdown
switchport port-security violation restrict
117
In software defined architectures, which plane is distributed and responsible for traffic forwarding?
A. management plane
B. control plane
C. policy plane
D. data plane
data plane
118
When using Rapid PVST+, which command guarantees the switch is always the root bridge for VLAN 200?
A. spanning -tree vlan 200 priority 614440
B. spanning -tree vlan 200 priority 38572422
C. spanning -tree vlan 200 priority 0
D. spanning -tree vlan 200 root primary
Spanning -tree vlan 200 priority 0
119
DRAG DROP
Drag and drop the SNMP components from the left onto the descriptions on the right.
```
SNMP COMPONENTS
MIB
SNMP agent
SNMP manager
SNMP trap
```
DESCRIPTIONS
collection of variables that can be monitored
unsolicited message
responds to status requests and requests for information about a device
resides on an NMS
collection of variables that can be monitored
MIB
unsolicited message
SNMP manager
responds to status requests and requests for information about a device
SNMP trap
resides on an NMS
SNMP agent
120
Refer to the exhibit
After the election process what is the root bridge in the HQ LAN?
Switch 1: 0C:E0:38:58:15:77
Switch 2: 0C:E0:15:22:1A:61
Switch 3: 0C:E0:15:1D:3C:9A
Switch 4: 0C:E0:19:A1:4D:16
Switch 3
121
Which CRUD operation modifies an existing table or view?
A. read
B. create
C. replace
D. update
update
122
An engineer must configure Interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken?
A. configure IEEE 802.1p
B. configure IEEE 802.1q
C. configure ISL
D. configure DSCP
B. configure IEEE 802.1q
123
What is a function of a remote access VPN?
A. used cryptographic tunneling to protect the privacy of data for multiple users simultaneously
B. used exclusively when a user is connected to a company's internal network
C. establishes a secure tunnel between two branch sites
D. allows the users to access company internal network resources through a secure tunnel
allows the users to access company internal network resources through a secure tunnel
124
What is a DHCP client?
A. a workstation that requests a domain name associated with its IP address
B. a host that is configured to request an IP address automatically
C. a server that dynamically assigns IP addresses to hosts.
D. a router that statically assigns IP addresses to hosts
a host that is configured to request an IP address automatically
125
Which two functions are performed by the core layer in a three-tier architecture? (Choose two)
A. Provide uninterrupted forwarding service.
B. Police traffic that is sent to the edge of the network.
C. Provide direct connectivity for end user devices.
D. Ensure timely data transfer between layers.
E. Inspect packets for malicious activity.
Provide uninterrupted forwarding service.
Ensure timely data transfer between layers
126
Refer to the Exhibit
interface GigabitEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip address-group 2699 in
!
access-list 2699 deny icmp any 10.10.1.0 0.0.0.255 echo
access-list 2699 deny ip any 10.20.1.0 0.0.0.255
access-list 2699 permit ip any 10.10.1.0 0.0.0.255
access-list 2699 permit tcp any 10.20.1.0 0.0.0.127 eq 22
A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
A. access-list 2699 permit udp 10.20.1.0 0.0.0.255
B. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
C. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
127
What is a practice that protects a network from VLAN hopping attacks?
A. Enable dynamic ARP inspection
B. Configure an ACL to prevent traffic from changing VLANs
C. Change native VLAN to an unused VLAN ID
D. Implement port security on internet-facing VLANs
Change native VLAN to an unused VLAN ID
128
Refer to the exhibit
________ _________
| Site A | Router1=======================Router2| Site B |
|________| |_________|
Router2#show ip route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.10.8/30 is directly connected, FastEthernet0/2
C 10.10.10.12/30 is directly connected, FastEthernet0/1
O 10.10.13.0/25 [110/11] via 10.10.10.9, 00:00:03. FastEthernet0/2
[110/11] via 10.10.10.13, 00:00:03. FastEthernet0/1
C 10.10.10.4/30 is directly connected, FastEthernet0/2
If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?
A. It load-balances traffic out of Fa0/1 and Fa0/2.
B. It is unreachable and discards the traffic.
C. It sends packets out of interface FaO/2.
D. It sends packets out of interface Fa0/1
It is unreachable and discards the traffic.
129
What is the purpose of traffic shaping?
A. to mitigate delays over slow links
B. to provide fair queuing for buffered flows
C. to limit the bandwidth that a flow can use to
D. be a marking mechanism that identifies different flows
to provide fair queuing for buffered flows
Traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time.
130
Where does the configuration reside when a helper address is configured to support DHCP?
A. on the router closest to the server
B. on the router closest to the client
C. on every router along the path
D. on the switch trunk interface
on the router closest to the client
131
What facilitates a Telnet connection between devices by entering the device name?
A. SNMP
B. DNS lookup
C. syslog
D. NTP
DNS lookup
132
When implementing a router as a DHCP server, which two features must be configured'? (Choose two)
```
A. relay agent information
B. database agent
C. address pool
D. smart-relay
E. manual bindings
```
address pool
manual bindings
133
DRAG DROP
Drag and drop the QoS congestion management terms from the left onto the description on the right
```
QOS CONGESTION MANAGEMENT TERMS
CBWFQ
CQ
FIFO
PQ
WFQ
```
DESCRIPTIONS
place packets into one of four priority-based queues
provides guaranteed bandwidth to a specified class of traffic
provides minimum guaranteed bandwidth to one or more flows
services a specified number of bytes in one queue before continuing to the next queue
uses store-and-forward queueing
place packets into one of four priority-based queues
PQ
```
provides guaranteed bandwidth to a specified class of traffic
CBWFQ
```
provides minimum guaranteed bandwidth to one or more flows
WFQ
services a specified number of bytes in one queue before continuing to the next queue
PQ
uses store-and-forward queueing
FIFO
134
DRAG DROP
Refer to the exhibit
e0 s0
Web server--------------------------R1-----------------------Internet
172.16.1.2
```
Interface Ethernet0
POSITION A
POSITION B
Interface Serial 0
POSITION C
POSITION D
POSITION E
POSITION F
access-list 1 permit 172.16.1.0 0.0.0.255
```
An engineer is configuring the router to provide static NAT for the webserver.
Drag and drop the configuration commands from the left onto the letters that correspond to its position in the configuration on the right.
CONFIGURATION COMMANDS
ip address 172.16.1.1 255.255.255.0
ip address 45.83.2.214 255.255.255.240
ip nat inside
ip nat inside source list 1 interface s0 overload
ip nat inside source static tcp 172.16.1.2 80 45.83.2.214 80 extendable
ip nat outside
```
POSITION IN CONFIGURATION
POSITION A
POSITION B
POSITION C
POSITION D
POSITION E
POSITION F
```
POSITION A
ip address 172.16.1.1 255.255.255.0
POSITION B
ip nat inside
POSITION C
ip address 45.83.2.214 255.255.255.240
POSITION D
ip nat outside
POSITION E
ip nat inside source static tcp 172.16.1.2 80 45.83.2.214 80 extendable
POSITION F
ip nat inside source list 1 interface s0 overload
135
DRAG DROP
Drag and drop the DHCP snooping terms from the left onto the descriptions on the right
```
DHCP SNOOPING TERMS
dhcp server
snooping binding database
spurious DHCP server
trusted
untrusted
```
DESCRIPTIONS
list of hosts on the network that are unknown to the administrative domain
network component that propagates IP addresses to hosts on the network
internal device under the control of the network administrator
unknown DHCP server within an administrative domain
default state of all interfaces
list of hosts on the network that are unknown to the administrative domain
-snooping binding database
network component that propagates IP addresses to hosts on the network
- DHCP server
internal device under the control of the network administrator
-trusted
unknown DHCP server within an administrative domain
- spurious dhcp server
default state of all interfaces
-untrusted
136
What is a role of wireless controllers in an enterprise network?
A. centralize the management of access points in an enterprise network
B. support standalone or controller-based architectures
C. serve as the first line of defense in an enterprise network
D. provide secure user logins to devices on the network.
centralize the management of access points in an enterprise network
137
How do servers connect to the network in a virtual environment?
A. wireless to an access point that is physically connected to the network
B. a cable connected to a physical switch on the network
C. a virtual switch that links to an access point that is physically connected to the network
D. a software switch on a hypervisor that is physically connected to the network
a software switch on a hypervisor that is physically connected to the network
138
Refer to the exhibit
Which switch becomes the root of the spanning tree for VLAN 110?
Switch 1
Vlan 110 - 32278 0018.184e.3c00
Switch 2
Vlan 110 - 24586 001a.e3ff.a680
Switch 3
Vlan 110 - 28682 0022.55cf.cc00
Switch 4
Vlan 110 - 64000 0e38.7363.657f
Switch 2
139
Which device tracks the state of active connections in order to make a decision to forward a packet through?
A. wireless access point
B. firewall
C. wireless LAN controller
D. router
wireless LAN controller
140
DRAG DROP
Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right.
NETWORK ARCHITECTURES
single device handles the core and the distributions layer
enhances network availability
more cost-effective than other options
most appropriate for small network designs
separate devices handle the core and the distribution layer
TYPE OF ARCHITECTURES
Collapsed Core (Pick3)
Three-Tier (pick 2)
Collapsed Core (pick 3)
-single device handles the core and the
distributions layer
-more cost-effective than other options
-most appropriate for small network designs
Three-Tier (pick 2)
- enhances network availability
- separate devices handle the core and the distribution layer
141
How does a switch process a frame received on Fa0/1 with the destination MAC address of 0e38.7363.657b when the table is missing the address?
A. lt drops the frame immediately.
B. It forwards the frame back out of interface Fa0/1.
C. It floods the frame to all interfaces except Fa0/1.
D. It holds the frame until the MAC address timer expires and then drops the frame.
It floods the frame to all interfaces except Fa0/1.
142
DRAG DROP
Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right
```
SNMP MANAGER
show snmp chassis
show snmp community
show snmp engineID
show snmp group
show snmp host
```
ANGENT IDENTIFIER
displays information about the SNMP recipient
displays the IP address of the remote SNMP device
displays the SNMP security model in use
displays the SNMP access string
displays the SNMP server serial number
displays information about the SNMP recipient
-show snmp host
displays the IP address of the remote SNMP device
-show snmp engineID
displays the SNMP security model in use
-show snmp group
displays the SNMP access string
-show snmp community
displays the SNMP server serial number
-show snmp chassis
143
A network administrator must enable DHCP services between two sites. What must be configured for the router to pass DHCPDISCOVER messages on to the server?
A. a DHCP Relay Agent
B. DHCP Binding
C. a DHCP Pool
D. DHCP Snooping
a DHCP Relay Agent
144
What is recommended for the wireless infrastructure design of an organization?
A. group access points together to increase throughput on a given channel
B. configure the first three access points are configured to use Channels 1, 6, and 11
C. include a least two access points on nonoverlapping channels to support load balancing
D. assign physically adjacent access points to the same Wi-Fi channel
configure the first three access points are configured to use Channels 1, 6, and 11
145
Refer to the exhibit
switch(config)#interface gigabitEthernet 1/11
switch(config-if)#switchport mode access
switch(config-if)#spanning-tree portfast
switch(config-if)#spanning-tree bpduguard enable
What is the result if Gig1/11 receives an STP BPDU?
A. The port transitions to STP blocking
B. The port transitions to the root port
C. The port immediately transitions to STP forwarding.
D. The port goes into error-disable state
The port goes into error-disable state
146
What does a switch use to build its MAC address table?
A. VTP
B. DTP
C. egress traffic
D. ingress traffic
ingress traffic
147
Refer to the exhibit
|
|
G0/3 | G0/2
SW1---------------------------------------------------------------SW2
G0/0 / \ G0/1 / \
/ \ / \
PC1 PC2 PC3 PC4
PC1 is trying to ping PC3 for the first time and sends out an ARP to S1. Which action is taken by S1?
A. It forwards it out G0/3 only
B. It is flooded out every port except G0/0.
C. It drops the frame.
D. It forwards it out interface G0/2 only
It is flooded out every port except G0/0.
148
What does a router do when configured with the default DNS lookup settings, and a URL is entered on the CLI?
A. initiates a ping request to the URL
B. prompts the user to specify the desired IP address
C. continuously attempts to resolve the URL until the command is cancelled
D. sends a broadcast message in an attempt to resolve the URL
sends a broadcast message in an attempt to resolve the URL
149
Which two WAN architecture options help a business improve scalability and reliability for the network? (Choose two.)
```
A. asynchronous routing
B. single-homed branches
C. dual-homed branches
D. static routing
E. dynamic routing
```
asynchronous routing
dual-homed branches
150
Which type of security program is violated when a group of employees enters a building using the ID badge of only one person?
A. intrusion detection
B. user awareness
C. physical access control
D. network authorization
physical access control
151
Which device controls the forwarding of authentication requests for users when connecting to the network using a lightweight access point?
A. TACACS server
B. wireless access point
C. RADIUS server
D. wireless LAN controller
wireless access point
152
What is a benefit of VRRP?
A. It provides traffic load balancing to destinations that are more than two hops from the source.
B. It provides the default gateway redundancy on a LAN using two or more routers.
C. It allows neighbors to share routing table information between each other.
D. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision
It provides the default gateway redundancy on a LAN using two or more routers.
153
Aside from discarding, which two states does the switch port transition through while using RSTP (802.1w)? (Choose two)
```
A. listening
B. blocking
C. forwarding
D. learning
E. speaking
```
forwarding
learning
154
Which protocol does an IPv4 host use to obtain a dynamically assigned IP address?
A. ARP
B. DHCP
C. CDP
D. DNS
DHCP
155
Which CRUD operation corresponds to the HTTP GET method?
A. read
B. update
C. create
D. delete
read
156
In which situation is private IPv4 addressing appropriate for a new subnet on the network of an organization?
A. There is limited unique address space, and traffic on the new subnet will stay local within the organization.
B. The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.
C. Traffic on the subnet must traverse a site-to-site VPN to an outside organization.
D. The ISP requires the new subnet to be advertised to the internet for web services
There is limited unique address space, and traffic on the new subnet will stay local within the organization.
157
Refer to the exhibit
Gi0/0 Gi0/1
---------------------HQ_Router--------------------
| |
10.100.100.0/24 | | 192.168.0.0/16
| |
| |
Firewall Firewall
An access list is required to permit traffic from any host on interface G0/0 and deny traffic from interface G/0/1. Which access list must be applied?
A. ip access-list standard 99
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255
B. ip access-list standard 99
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.255.255.255
C. ip access-list standard 199
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.255.255.255
D. ip access-list standard 199
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255
ip access-list standard 99
permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255
158
What is the maximum bandwidth of a T1 point-to-point connection?
A. 1.544 Mbps
B. 2.048 Mbps
C. 34.368 Mbps
D. 43.7 Mbps
1.544 Mbps
159
What is a DNS lookup operation?
A. DNS server pings the destination to verify that it is available
B. serves requests over destination port 53
C. DNS server forwards the client to an alternate IP address when the primary IP is down
D. responds to a request for IP address to domain name resolution to the DNS server
responds to a request for IP address to domain name resolution to the DNS server
160
Refer to the exhibit
192.168.0.10/23 192.168.1.20/23
PC_A File Server
| |
| |
| |
Gi0/4 | Gi0/1 Gi0/1 | Gi0/3
SW_A---------------------------------------------------------------------------SW_B
Switch A | Switch B
Vlan 10, 11, 12, 13 | Vlan 10, 11, 12, 13
|
Interface GigabitEthernet0/1 | interface GigabitEthernet0/1
switchport mode trunk | switchport mode trunk
switchport trunk allowed vlan 10-12 | !
! |
Interface GigabitEthernet 0/4 | Interface GigabitEthernet 0/3
switchport access vlan 13 | switchport access vlan 13
switchport mode access | switchport mode access
A network engineer must configured communication between PC A and the File Server. To prevent interruption for any other communications, which command must be configured?
A. Switch trunk allowed vlan 12
B. Switchport trunk allowed vlan none
C. Switchport trunk allowed vlan add 13
D. Switchport trunk allowed vlan remove 10-11
Switchport trunk allowed vlan add 13
161
Which implementation provides the strongest encryption combination for the wireless environment?
A. WPA2 + AES
B. WPA + AES
C. WEP
D. WPA + TKIP
WPA2 + AES
162
What is a characteristic of a SOHO network?
A. connects each switch to every other switch in the network
B. enables multiple users to share a single broadband connection
C. provides high throughput access for 1000 or more users
D. includes at least three tiers of devices to provide load balancing and redundancy
enables multiple users to share a single broadband connection
163
Refer to the exhibit
Import ncclient
with ncclient.manager.connect(host='192.168.1.1' , port=830, username='root' ,
password='teset123!' , allow_agent=False) as m:
print (m.get_config('running').data_xml)
After running the code in the exhibit, which step reduces the amount of data that the NETCONF server returns to the NETCONF client, to only the interface's configuration?
A. Use the Ixml library to parse the data returned by the NETCONF server for the interface's configuration.
B. Create an XML filter as a string and pass it to get_config() method as an argument.
C. Create a JSON filter as a string and pass it to the get_config() method as an argument.
D. Use the JSON library to parse the data returned by the NETCONF server for the interface's configuration.
Use the JSON library to parse the data returned by the NETCONF server for the interface's configuration.
164
Which resource is able to be shared among virtual machines deployed on the same physical server?
A. disk
B. applications
C. VM configuration file
D. operating system
VM configuration file
165
Which WAN topology provides a combination of simplicity quality, and availability?
A. partial mesh
B. full mesh
C. point-to-point
D. hub-and-spoke
full mesh
166
Which command on a port enters the forwarding state immediately when a PC is connected to it?
A. switch(config)#spanning-tree portfast default
B. switch(config)#spanning-tree portfast bpduguard default
C. switch(config-if)#spanning-tree portfast trunk
D. switch(config-if)#no spanning-tree portfast
spanning-tree portfast trunk
167
What are two functions of an SDN controller? (Choose two)
```
A. Layer 2 forwarding
B. coordinating VTNs
C. tracking host
D. managing the topology
E. protecting against DDoS attacks
```
coordinating VTNs
managing the topology
168
What is a network appliance that checks the state of a packet to determine whether the packet is legitimate?
A. Layer 2 switch
B. load balancer
C. firewall
D. LAN controller
firewall
169
When DHCP is configured on a router, which command must be entered so the default gateway is automatically distributed?
A. default-router
B. default-gateway
C. ip helper-address
D. dns-server
default-router
170
What is an appropriate use for private IPv4 addressing?
A. on the public-facing interface of a firewall
B. to allow hosts inside to communicate in both directions with hosts outside the organization
C. on internal hosts that stream data solely to external resources
D. on hosts that communicates only with other internal hosts
on hosts that communicates only with other internal hosts
171
How is the native VLAN secured in a network?
A. separate from other VLANs within the administrative domain
B. give it a value in the private VLAN range
C. assign it as VLAN 1
D. configure it as a different VLAN ID on each end of the link
configure it as a different VLAN ID on each end of the link
172
What is the purpose of a southbound API in a control based networking architecture?
A. Facilities communication between the controller and the applications
B. Facilities communication between the controller and the networking hardware
C. allows application developers to interact with the network
D. integrates a controller with other automation and orchestration tools
Facilities communication between the controller and the networking hardware
173
What causes a port to be placed in the err-disabled state?
A. latency
B. port security violation
C. shutdown command issued on the port
D. nothing plugged into the port
port security violation
174
Which switch technology establishes a network connection immediately when it is plugged in?
A. PortFast
B. BPDU guard
C. UplinkFast
D. BackboneFast
UplinkFast
175
Which technology is appropriate for communication between an SDN controller and applications running over the network?
A. OpenFlow
B. REST API
C. NETCONF
D. Southbound API
REST API
176
Which security program element involves installing badge readers on data-center doors to allow workers to enter and exit based on their job roles?
A. role-based access control
B. biometrics
C. multifactor authentication
D. physical access control
physical access control
177
Which network action occurs within the data plane?
A. compare the destination IP address to the IP routing table.
B. run routing protocols (OSPF, EIGRP, RIP, BGP)
C. make a configuration change from an incoming NETCONF RPC
D. reply to an incoming ICMP echo request
compare the destination IP address to the IP routing table.
178
What is a DHCP client?
A. a host that is configured to request an IP address automatically
B. a server that dynamically assigns IP addresses to hosts
C. a workstation that requests a domain name associated with its IP address
D. a router that statically assigns IP addresses to hosts
a host that is configured to request an IP address automatically
179
An engineer needs to add an old switch back into a network. To prevent the switch from corrupting the VLAN database which action must be taken?
A. Add the switch in the VTP domain with a lower revision number
B. Add the switch with DTP set to dynamic desirable
C. Add the switch in the VTP domain with a higher revision number
D. Add the switch with DTP set to desirable
Add the switch in the VTP domain with a lower revision number
180
What is a similarity between OM3 and OM4 fiber optic cable?
A. Both have a 50 micron core diameter
B. Both have a 9 micron core diameter
C. Both have a 62.5 micron core diameter
D. Both have a 100 micron core diameter
Both have a 50 micron core diameter
181
What is the benefit of using FHRP?
A. reduced management overhead on network routers
B. balancing traffic across multiple gateways in proportion to their loads
C. higher degree of availability
D. reduced ARP traffic on the network
higher degree of availability
182
Which technology allows for multiple operating systems to be run on a single host computer?
A. virtual routing and forwarding
B. network port ID visualization
C. virtual device contexts
D. server virtualization
server virtualization
183
What occurs when overlapping Wi-Fi channels are implemented?
A. The wireless network becomes vulnerable to unauthorized access.
B. Wireless devices are unable to distinguish between different SSIDs
C. Users experience poor wireless network performance.
D. Network communications are open to eavesdropping
Users experience poor wireless network performance.
184
Refer to the exhibit
|
|
|
WAN
|
|
|
Gi0/0 | 10.0.0.253/30
R1
An administrator must turn off the Cisco Discovery Protocol on the port configured with the last usable address in the 10.0.0.0/30 subnet. Which command set meets the requirement?
A. interface gi0/1
no cdp enable
B. interface gi0/1
clear cdp table
C. interface gi0/0
no cdp advertise-v2
D. interface gi0/0
no cdp run
interface gi0/0
| no cdp run
185
Which 802.11 management frame type is sent when a client roams between access points on the same SSID?
A. Reassociation Request
B. Probe Request
C. Authentication Request
D. Association Request
Reassociation Request
186
What are two improvements provided by automation for network management in an SDN environment? (Choose two)
A. Data collection and analysis tools establish a baseline for the network
B. Artificial intelligence identifies and prevents potential design failures.
C. Machine learning minimizes the overall error rate when automating troubleshooting processes
D. New devices are onboarded with minimal effort
E. Proprietary Cisco APIs leverage multiple network management tools.
Artificial intelligence identifies and prevents potential design failures.
Proprietary Cisco APIs leverage multiple network management tools.
187
An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router and wants to compress it for easier configuration. Which command must be issued on the router interface?
A. ipv6 address 2001:db8::700:3:400F:572B
B. ipv6 address 2001:db8:0::700:3:4F:572B
C. ipv6 address 2001:0db8::7:3:4F:572B
D. ipv6 address 2001::db8:0000::700:3:400F:572B
ipv6 address 2001:db8::700:3:400F:572B
188
What describes the operation of virtual machines?
A. Virtual machines are responsible for managing and allocating host hardware resources
B. In a virtual machine environment, physical servers must run one operating system at a time.
C. Virtual machines are the physical hardware that support a virtual environment.
D. Virtual machines are operating system instances that are decoupled from server hardware
Virtual machines are operating system instances that are decoupled from server hardware
189
Which WLC port connects to a switch to pass normal access-point traffic?
A. redundancy
B. console
C. distribution system
D. service
distribution system
190
An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer configure to achieve the desired result?
A. logging trap 5
B. logging trap 2
C. logging trap 4
D. logging trap 3
logging trap 4
191
Drag and drop the 802.11 wireless standards from the left onto the matching statements on the right
WIRELESS STANDARDS
802. 11a
802. 11ac
802. 11b
802. 11g
802. 11n
STATEMENTS
Operates in the 2.4 GHz and 5 GHz bands
Operates in the 2.4 GHz band only and supports a maximum data rate of 54 Mbps
Operates in the 5 GHz band and only supports a maximum data rate that can exceed 100 Mbps
Supports a maximum data rate of 11 Mbps
Operates in the 5 GHz band only and supports a maximum data rate of 54 Mbps
Operates in the 2.4 GHz and 5 GHz bands
-802.11n
Operates in the 2.4 GHz band only and supports a maximum data rate of 54 Mbps
-802.11g
Operates in the 5 GHz band and only supports a maximum data rate that can exceed 100 Mbps
-802.11ac
Supports a maximum data rate of 11 Mbps
802.11b
Operates in the 5 GHz band only and supports a maximum data rate of 54 Mbps
-802.11a
192
Which two protocols are supported on service-port interfaces? (Choose two.)
```
A. RADIUS
B. TACACS+
C. SCP
D. Telnet
E. SSH
```
Telnet
| SSH
193
Refer to the exhibit
G0/0/0 G0/0/0
RouterA-----------------------------------------------------------------RouterB
G0/0/1 |
|
|
G0/0/0 |
RouterC
How must router A be configured so that it only sends Cisco Discovery Protocol Information to routerC?
```
A.#conf t
Router A (config)#cdp run
Router A (config)#interface gi0/0/0
Router A (config)# no cdp enable
```
```
B. #conf t
Router A (config)#cdp run
Router A (config)#interface gi0/0/0
Router A (config)#cdp enable
```
```
C. #conf t
Router A (config)#cdp run
Router A (config)#interface gi0/0/1
Router A (config-if)# cdp enable
```
```
D. #conf t
Router A (config)#no cdp run
Router A (config)#interface gi0/0/1
Router A (config)# cdp enable
```
```
#conf t
Router A (config)#no cdp run
Router A (config)#interface gi0/0/1
Router A (config)# cdp enable
```
194
Which global command encrypts all passwords in the running configuration?
A. password-encrypt
B. enable password-encryption
C. enable secret
D. service password-encryption
service password-encryption
195
What is the function of a hub-and-spoke WAN topology?
A. allows access restrictions to be implemented between subscriber sites.
B. provides direct connections between subscribers
C. supports Layer 2 VPNs
D. supports application optimization
provides direct connections between subscribers
196
What uses HTTP messages to transfer data to applications residing on different hosts?
A. OpenFlow
B. OpenStack
C. OpFlex
D. REST
REST
197
Refer to the exhibit
Atlanta Washington
Lo1 Lo3
Default Route:/0 via S0/0/0 Default Route:/0 via S0/0/0
\ /
\ /
\ /
\ 2012::/126 / 2023::/126
\ /
\ /
\ /
\ /
\ /
Se0/0/0 Se0/0/1
New York
Lo2
Configured routers IPv6 addresses:
- Atlanta
Serial 0/0/0 : 2012::1/26
Loopback: 2000::1/128
-New York
Serial 0/0/0: 2012::2/126
Serial 0/0/1 : 2023::2/126
Loopback2: 2000::2/128
-Washington:
Serial 0/0/0: 2023::3/126
Loopback3: 2000::3/128
The loopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host routes must be configured on the NEW York router? (Choose two)
```
A. ipv6 route 2000::1/128 2012::1
B. ipv6 route 2000::3/128 2023::3
C. ipv6 route 2000::3/128 s0/0/0
D. ipv6 route 2000::1/128 2012::2
E. ipv6 route 2000::1/128 s0/0/1
```
ipv6 route 2000::1/128 2012::1
| ipv6 route 2000::3/128 2023::3
198
Refer to the exhibit
[SITE A] Router1============================Router2 [SITE B]
Router2#show ip route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.10.8/30 is directly connected, FastEthernet0/2
C 10.10.10.12/30 is directly connected, FastEthernet0/1
O 10.10.13.0/25 [110/11] via 10.10.10.9, 00:00:03, FastEthernet0/2
[110/11] via 10.10.10.13, 00:00:03, FastEthernet0/1
C 10.10.10.4/30 is directly connected, FastEthernet0/2
If OSPF is running on this network, how does Router 2 handle traffic from Site B to 10.10.13.128/25 at Site A?
A. It sends packets out of interface Fa0/2 only.
B. It sends packets out of interface Fa0/1 only.
C. It cannot send packets to 10.10.13.128/25
D. It load-balances traffic out of Fa0/1 and Fa0/2
It cannot send packets to 10.10.13.128/25
199
How does HSRP provide first hop redundancy?
A. It load-balances traffic by assigning the same metric value to more than one route to the same destination on the IP routing table.
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.
C. It forwards multiple packets to the same destination over different routed links in the data path
D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
200
What are two characteristics of the distribution layer in a three-tier network architecture? (Choose two.)
A. serves as the network aggregation point
B. provides a boundary between Layer 2 and Layer 3 communications
C. designed to meet continuous, redundant uptime requirements
D. is the backbone for the network topology
E. physical connection point for a LAN printer
provides a boundary between Layer 2 and Layer 3 communications
designed to meet continuous, redundant uptime requirements
201
What is the purpose of using First Hop Redundancy Protocol in a specific subnet?
A. Filter traffic based on destination IP addressing
B. Sends the default route to the hosts on a network
C. ensures a loop-free physical topology
D. forwards multicast hello messages between routers
forwards multicast hello messages between routers
202
Which access layer threat-mitigation technique provides security based on identity?
A. Dynamic ARP Inspection
B. using a non-default native VLAN
C. 802.1x
D. DHCP snooping
802.1x
203
What must be considered when using 802:11a?
A. It is compatible with 802 lib- and 802 11-compliant wireless devices
B. It is used in place of 802 11b/g when many nonoverlapping channels are required
C. It is susceptible to interference from 2 4 GHz devices such as microwave ovens.
D. It is chosen over 802 11b/g when a lower-cost solution is necessary
It is used in place of 802 11b/g when many nonoverlapping channels are required
204
When a site-to-site VPN is configured, which IPsec mode provides encapsulation and encryption of the entire original IP packet?
A. IPsec tunnel mode with AH
B. IPsec transport mode with AH
C. IPsec tunnel mode with ESP
D. IPsec transport mode with ESP
IPsec tunnel mode with ESP
205
What does physical access control regulate?
A. access to spec fie networks based on business function
B. access to servers to prevent malicious activity
C. access to computer networks and file systems
D. access to networking equipment and facilities
access to networking equipment and facilities
206
On workstations running Microsoft Windows, which protocol provides the default gateway for the device?
A. DHCP
B. STP
C. SNMP
D. DNS
DHCP
207
How are VLAN hopping attacks mitigated?
A. enable dynamic ARP inspection
B. manually implement trunk ports and disable DTP
C. activate all ports and place in the default VLAN
D. configure extended VLANs
manually implement trunk ports and disable DTP
208
What is the role of a firewall in an enterprise network?
A. Forwards packets based on stateless packet inspection
B. Processes unauthorized packets and allows passage to less secure segments of the network
C. determines which packets are allowed to cross from unsecured to secured networks
D. explicitly denies all packets from entering an administrative domain
determines which packets are allowed to cross from unsecured to secured networks
209
What is a function of the Cisco DNA Center Overall Health Dashboard?
A. It provides a summary of the top 10 global issues.
B. It provides detailed activity logging for the 10 devices and users on the network.
C. It summarizes the operational status of each wireless devise on the network.
D. It summarizes daily and weekly CPU usage for servers and workstations in the network
It provides a summary of the top 10 global issues.
210
Drag and drop the DNS lookup components from the left onto the functions on the right.
```
DNS LOOKUP COMPONENTS
cache
DNS
domain
name resolver
no ip domain-lookup
```
FUNCTIONS
local database pf address mappings that improves name-resolution performance
service that maps hostnames to IP addresses
disable DNS services on a Cisco device
in response to client requests, queries a name server for IP address information
component of a URL that indicates the location or organization type, such as .com or .edu
local database of address mappings that improves name-resolution performance
- cache
service that maps hostnames to IP addresses
-DNS
disable DNS services on a Cisco device
-no ip domain-lookup
in response to client requests, queries a name server for IP address information
-name resolver
component of a URL that indicates the location or organization type, such as .com or .edu
-domain
211
After installing a new Cisco ISE server, which task must the engineer perform on the Cisco WLC to connect wireless clients on a specific VLAN based on their credentials?
A. Enable the allow AAA Override
B. Enable the Even: Driven RRM.
C. Disable the LAG Mode or Next Reboot.
D. Enable the Authorized MIC APs against auth-list or AAA.
Enable the allow AAA Override
212
A network analyst is tasked with configured the date and time on a router using EXEC mode. The date must be set to 12:00am. Which command should be used?
A. Clock timezone
B. Clock summer-time-recurring
C. Clock summer-time date
D. Clock set
Clock set
213
A network administrator is asked to configure VLANS 2, 3 and 4 for a new implementation. Some ports must be assigned to the new VLANS with unused remaining. Which action should be taken for the unused ports?
A. configure port in the native VLAN
B. configure ports in a black hole VLAN
C. configure in a nondefault native VLAN
D. configure ports as access ports
configure ports in a black hole VLAN
214
Refer to the exhibit
R1
/ \
PC / \
| / \
| / \
| / \
SW------------------R4---------R2-------- SW=========Server
BGP \ BGP / 10.10.10.10
| A565512 \ A565512 /
| \ /
| \ /
PC \ /
R3
Router R4 is dynamically learning the path to the server. If R4 is connected to R1 via OSPF Area 20, to R2 via BGP, and to R3 via EIGRP 777, which path is installed in the routing table of R4?
A. the path through R1, because the OSPF administrative distance is 110
B. the path through R2. because the IBGP administrative distance is 200
C. the path through R2 because the EBGP administrative distance is 20
D. the path through R3. because the EIGRP administrative distance is lower than OSPF and BGP
C. the path through R2 because the EBGP administrative distance is 20
215
Why was the RFC 1918 address space defined?
A. conserve public IPv4 addressing
B. preserve public IPv6 address space
C. reduce instances of overlapping IP addresses
D. support the NAT protocol
conserve public IPv4 addressing
216
```
Which HTTP status code is returned after a successful REST API request?
A. 200
B. 301
C. 404
D. 500
```
200
217
Which HTTP status code is returned after a successful REST API request?
A. 200
B. 301
C. 404
D. 500
200
218
Refer to the exhibit
R3# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1. 1.1.1 1 2WAY DROTHER 172.16.10.1 Gig0/0
2. 2.2.2 1 2WAY DROTHER 172.16.10.2 Gig0/0
4. 4.4.4 1 FULL/BDR 172.16.10.4 Gig0/0
5. 5.5.5 1 FULL/BDR 172.16.10.5 Gig0/0
R5 is the current DR on the network, and R4 is the BDR. Their interfaces are flapping, so a network engineer wants the OSPF network to elect a different DR and BDR. Which set of configurations must the engineer implement?
A. R4(config)#interface gi0/0
R4(config-if) ip ospf priority 20
R5(config)#interface gi0/0
R5(config-if) ip ospf priority 10
B. R2(config)#interface gi0/0
R2(config-if) ip ospf priority 259
R3(config)#interface gi0/0
R3(config-if) ip ospf priority 256
C. R5(config)#interface gi0/0
R5(config-if) ip ospf priority 120
R4(config)#interface gi0/0
R4(config-if) ip ospf priority 110
D. R3(config)#interface gi0/0
R3(config-if) ip ospf priority 255
R2(config)#interface gi0/0
R2(config-if) ip ospf priority 240
R3(config)#interface gi0/0
R3(config-if) ip ospf priority 255
R2(config)#interface gi0/0
R2(config-if) ip ospf priority 240
219
What are network endpoints?
A. act as routers to connect a user to the service prowler network
B. a threat to the network if they are compromised
C. support inter-VLAN connectivity
D. enforce policies for campus-wide traffic going to the internet
a threat to the network if they are compromised
220
Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two.)
```
A. cookbook
B. task
C. playbook
D. model
E. recipe
```
playbook
model
221
Drag and drop the statement about networking from the left into the Corresponding networking types on the right. Not all statements are used.
NETWORKING STATEMENTS
This type deploys a consistent configuration across multiple devices
A distributed control plane is needed
This type requires a distributed management plane
Southbound APIs are used to apply configurations
Northbound APIs interact with end devices
NETWORKING TYPES
Controller-Based Networking
Traditional Networking
Controller-Based Networking (Choose 2)
-This type deploys a consistent configuration across multiple devices
-Southbound APIs are used to apply
configurations
Traditional Networking (Choose 2)
- A distributed control plane is needed
- This type requires a distributed management plane
222
Which two events occur automatically when a device Is added to Cisco DNA Center? (Choose two. )
A. The device Is assigned to the Global site.
B. The device Is placed into the Unmanaged state.
C. The device Is placed into the Provisioned state.
D. The device Is placed into the Managed state.
E. The device is assigned to the Local site
The device Is assigned to the Global site.
The device Is placed into the Unmanaged state.
223
```
Which virtual MAC address is used by VRRP group 1?
A. 0050.0c05.ad81
B. 0007.c061.bc01
C. 0000.5E00.0101
D. 0500.3976.6401
```
0000.5E00.0101
224
Refer to the Exhibit
R1
fd00:12::1/64 / \ fd00:13::1/64
/ \
/ \
fd00:12::2/64 / \ fd00:13::3/64
R2 R3
| |
| |
------------------------------LAN------------------------------------
2001:db8:23::/64 |
|
PC
2001:db8:23::14/64
Refer to the exhibit. Which two commands, when configured on router R1, fulfill these requirements? (Choose two.)
Packets towards the entire network 2001:db8:2::/64 must be forwarded through router R2.
Packets toward host 2001:db8:23::14 preferably must be forwarded through R3.
A. Ipv6 route 2001:db8:23::/128 fd00:12::2
B. Ipv6 route 2001:db8:23::14/128 fd00:13::3
C. Ipv6 route 2001:db8:23::14/64 fd00:12::2
D. Ipv6 route 2001:db8:23::/64 fd00:12::2
E. Ipv6 route 2001:db8:23::14/64 fd00:12::2 200
Ipv6 route 2001:db8:23::/64 fd00:12::2
Ipv6 route 2001:db8:23::14/128 fd00:13::3
225
Refer to the exhibit
e0/1 e0/0
---------------------------Router---------------------
| |
| |
| e0/0 | e0/0
Switch Switch
| e0/1 | e0/1
| |
| |
PC-A PC-B
10.10.10.0 10.10.100.0 255.255.255.0 255.255.255.0
When PC-A sends traffic to PC-B, which network component is in charge of receiving the packet from PC-A verifying the IP addresses, and forwarding the packet to PC-B?
A. Layer 2 switch
B. Router
C. Load balancer
D. firewall
Router
226
In software-defined architecture, which place handles switching for traffic through a Cisco router?
A. Control
B. Management
C. Data
D. application
Data
227
Which level of severity must be set to get informational syslogs?
A. alert
B. critical
C. notice
D. debug
notice
228
When a switch receives a frame for a known destination MAC address, how is the frame handed?
A. sent to the port identified for the known MAC address
B. broadcast to all ports
C. forwarded to the first available port
D. flooded to all ports except the one from which it originated
sent to the port identified for the known MAC address
229
How does QoS optimize voice traffic?
A. reducing bandwidth usage
B. by reducing packet loss
C. by differentiating voice and video traffic
D. by increasing jitter
by differentiating voice and video traffic
230
What is the function of a controller in controller-based networking?
A. It serves as the centralized management point of an SDN architecture.
B. It centralizes the data plane for the network.
C. It is the card on a core router that maintains all routing decisions for a campus.
D. It is a pair of core routers that maintain all routing decisions for a campus
It serves as the centralized management point of an SDN architecture
231
What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two.)
A. Both operate at a frequency of 500 MHz.
B. Both support runs of up to 55 meters.
C. Both support runs of up to 100 meters.
D. Both support speeds of at least 1 Gigabit.
E. Both support speeds up to 10 Gigabit
Both support runs of up to 100 meters
Both support speeds of at least 1 Gigabit
232
What is a characteristic of cloud-based network topology?
A. wireless connections provide the sole access method to services
B. onsite network services are provided with physical Layer 2 and Layer 3 components
C. services are provided by a public, private, or hybrid deployment
D. physical workstations are configured to share resources
services are provided by a public, private, or hybrid deployment
233
What is the difference in data transmission delivery and reliability between TCP and UDP?
A. TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to ensure applications receive the data on the remote end.
B. UDP sets up a connection between both devices before transmitting data. TCP uses the three-way handshake to transmit data with a reliable connection.
C. UDP is used for multicast and broadcast communication. TCP is used for unicast communication and transmits data at a higher rate with error checking.
D. TCP requires the connection to be established before transmitting data. UDP transmits data at a higher rate without ensuring packet delivery
TCP requires the connection to be established before transmitting data. UDP transmits data at a
higher rate without ensuring packet delivery
234
How are the switches in a spine-and-leaf topology interconnected?
A. Each leaf switch is connected to one of the spine switches.
B. Each leaf switch is connected to two spine switches, making a loop.
C. Each leaf switch is connected to each spine switch.
D. Each leaf switch is connected to a central leaf switch, then uplinked to a core spine switch.
Each leaf switch is connected to each spine switch.
235
DRAG DROP
Drag and drop the IPv6 address type characteristics from the left to the right.
IPv6 CHARACTERISTICS
attached to a single subnet
addresses with prefix FC00::/7
configured only once per interface
addressing for exclusive use internally without Internet routing
IPv6 Type
Link-Local Address
Unique Local Address
Link-Local Address
- attached to a single subnet
- configured only once per interface
Unique Local Address
-addressing for exclusive use internally without Internet routing
-addresses with prefix FC00::/7
236
Refer to the exhibit
192. 168.10.0/24 is variably subnetted, 2 subnets, 2 masks
192. 168.10.32/28 [110/193] via 192.168.30.10
```
What is the metric of the route to the 192.168.10.33/28 subnet?
A. 84
B. 110
C. 128
D. 192
E. 193
```
193
237
DRAG DROP
An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured. Drag and drop the configuration commands from the left into the correct sequence on the right. Not all commands are used
```
CONFIGURATION COMMAND
configuration terminal
enable
enable secret $hf!@4fs
exit
line vty 0 4
service password encryption
```
```
SEQUENCE
first
second
third
fourth
```
first
enable
second
configuration terminal
third
enable secret $hf!@4fs
fourth
exit
238
Where is the interface between the control plane and data plane within the software-defined architecture?
A. control layer and the infrastructure layer
B. application layer and the infrastructure layer
C. control layer and the application layer
D. application layer and the management layer
control layer and the infrastructure layer
239
Which action does the router take as it forwards a packet through the network?
A. The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination
B. The router encapsulates the original packet and then includes a tag that identifies the source router MAC address and transmits it transparently to the destination
C. The router encapsulates the source and destination IP addresses with the sending router IP address as the source and the neighbor IP address as the destination
D. The router replaces the source and destination labels with the sending router interface label as a source and the next hop router label as a destination
The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination
240
In QoS, which prioritization method is appropriate for interactive voice and video?
A. expedited forwarding
B. traffic policing
C. round-robin scheduling
D. low-latency queuing
low-latency queuing
241
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)
```
A. management interface settings
B. QoS settings
C. Ip address of one or more access points
D. SSID
E. Profile name
```
SSID
| Profile name
242
Refer to the exhibit.
VLAN 8 - Data
VLAN 9 - Voice
```
Gi1/1
SW11-------------------------------------------------------------PC2
Gi1/3 |
|
|
|
|
Phone-1--------------------------------------------------------PC1
```
An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11. PC-1 and PC-2 must be placed in the Data VLAN and Phone-1 must be placed in the Voice VLAN. Which configuration meets these requirements?
```
A. interface gigabitethernet1/1
switchport mode access
switchport access vlan 8
!
interface gigabitethernet1/3
switchport mode access
switchport voice vlan 8
switchport access vlan 9
```
```
B. interface gigabitethernet1/1
switchport mode access
switchport access vlan 9
!
interface gigabitethernet1/3
switchport mode trunk
switchport trunk vlan 8
switchport trunk vlan 9
```
```
C. interface gigabitethernet1/1
switchport mode access
switchport access vlan 8
!
interface gigabitethernet1/3
switchport mode access
switchport access vlan 8
switchport voice vlan 9
```
```
D. interface gigabitethernet1/1
switchport mode access
switchport access vlan 8
!
interface gigabitethernet1/3
switchport mode trunk
switchport voice vlan 8
switchport access vlan 9
```
```
interface gigabitethernet1/1
switchport mode access
switchport access vlan 8
!
interface gigabitethernet1/3
switchport mode access
switchport voice vlan 8
switchport access vlan 9
```
243
An engineer must establish a trunk link between two switches. The neighboring switch is set to trunk or desirable mode. What action should be taken?
A. configure switchport nonegotiate
B. configure switchport mode dynamic desirable
C. configure switchport mode dynamic auto
D. configure switchport trunk dynamic desirable
configure switchport mode dynamic auto
244
If a switch port receives a new frame while it is actively transmitting a previous frame, how does it process the frames?
A. The new frame is delivered first, the previous frame is dropped, and a retransmission request is sent.
B. The previous frame is delivered, the new frame is dropped, and a retransmission request is sent.
C. The new frame is placed in a queue for transmission after the previous frame.
D. The two frames are processed and delivered at the same time.
The new frame is placed in a queue for transmission after the previous frame.
245
A wireless administrator has configured a WLAN; however, the clients need access to a less congested 5-GHz network for their voice quality. What action must be taken to meet the requirement?
A. enable AAA override
B. enable RX-SOP
C. enable DTIM
D. enable Band Select
enable Band Select
246
Refer to the exhibit.
Atlanta Washington
\ Se0/0/0 Se0/0/0 /
\ /
\ 2012:/126 / 2023::/126
\ /
\ /
\ /
\ /
Se0/0/0 New York Se0/0/1
Configured routers IPv6 addresses:
-Atlanta
Serial 0/0/0: 2012::1/126
Loopback1: 2000::1/128
-New York
Serial 0/0/0: 2012::2/126
Serial 0/0/1: 2023::2/126
Loopback2: 2000::2/128
-Washington
Serial 0/0/0: 2023::3/126
Loopback3: 2000::3/128
An engineer configured the New York router with state routes that point to the Atlanta and Washington sites. What command must be configured on the Atlanta and Washington routers so that both sites are able to reach the loopback2 interface on the New York router?
```
A. ipv6 route ::/0 Serial 0/0/1
B. ipv6 route 0/0 Serial 0/0/0
C. ipv6 route ::/0 Serial 0/0/0
D. ip route 0.0.0.0.0.0.0.0 Serial 0/0/0
E. ipv6 route ::/0 2000::2
```
ipv6 route ::/0 Serial 0/0/0
247
DRAG DROP
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.
```
WIRELESS LAN CONTROLLER SECURITY SETTINGS
Web policy
Passthrough
WPA+WPA2
802.1X
```
SECURITY MECHANISMS
Layer 2 Security Mechanisms
Layer 3 Security Mechanisms (for WLAN)
Layer 2 Security Mechanisms
802.1X
WPA+WPA2
Layer 3 Security Mechanisms (for WLAN)
Web policy
Passthrough
248
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?
A. sniffer
B. mesh
C. flexconnect
D. local
flexconnect
249
What is a difference between RADIUS and TACACS+?
A. RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication
B. TACACS+ encrypts only password information and RADIUS encrypts the entire payload
C. TACACS+ separates authentication and authorization, and RADIUS merges them
D. RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands
TACACS+ separates authentication and authorization, and RADIUS merges them
250
What Is a syslog facility?
A. Host that is configured for the system to send log messages
B. password that authenticates a Network Management System to receive log messages
C. group of log messages associated with the configured severity level
D. set of values that represent the processes that can generate a log message
group of log messages associated with the configured severity level
251
What are two characteristics of a public cloud Implementation? (Choose two.)
A. It is owned and maintained by one party, but it is shared among multiple organizations.
B. It enables an organization to fully customize how It deploys network resources.
C. It provides services that are accessed over the Internet.
D. It Is a data center on the public Internet that maintains cloud services for only one company.
E. It supports network resources from a centralized third-party provider and privately-owned virtual resources
It provides services that are accessed over the Internet.
It supports network resources from a centralized third-party provider and privately-owned virtual resources
252
What role does a hypervisor provide for each virtual machine in server virtualization?
A. infrastructure-as-a-service.
B. Software-as-a-service
C. control and distribution of physical resources
D. services as a hardware controller
control and distribution of physical resources
253
What is the function of a server?
A. It transmits packets between hosts in the same broadcast domain.
B. It provides shared applications to end users.
C. It routes traffic between Layer 3 devices.
D. It Creates security zones between trusted and untrusted networks
It provides shared applications to end users.
254
What is the effect of this configuration?
ip arp inspection vlan 5-10
interface fastethernet 0/1
switchport mode access
switchport access vlan 5
A. All ARP packets are dropped by the switch
B. Egress traffic is passed only if the destination is a DHCP server.
C. All ingress and egress traffic is dropped because the interface is untrusted
D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings
The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings
255
What is a characteristic of private IPv4 addressing?
A. traverse the Internet when an outbound ACL is applied
B. issued by IANA in conjunction with an autonomous system number
C. composed of up to 65,536 available addresses
D. used without tracking or registration
used without tracking or registration
256
Refer to the exhibit
Gi1/0
R1------------------------------------------------------------------------------------------R2
Gi2/0
Interface GigabitEthernet1/0
mtu 1600
Which configuration issue is preventing the OSPF neighbor relationship from being established
between the two routers?
A. R2 is using the passive-interface default command
B. R1 has an incorrect network command for interface Gi1/0
C. R2 should have its network command in area 1
D. R1 interface Gil/0 has a larger MTU size
D. R1 interface Gil/0 has a larger MTU size
257
Refer to the exhibit
1726.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.3./24 [1/0] via 207.165.200.250, Serial 0/0/0
O 172.16.3.0/28 [110/84437] via 207.165.200.254, 00:00:28,
Serial0/0/1
A packet is being sent across router R1 to host 172.163.3.14. To which destination does the router send the packet?
A. 207.165.200.246 via Serial0/1/0
B. 207.165.200.254 via Serial0/0/1
C. 207.165.200.254 via Serial0/0/0
D. 207.165.200.250 via Serial/0/0/0
207.165.200.254 via Serial0/0/1
258
DRAG DROP
Drag and drop to the characteristics of networking from the left onto the correct networking types on the right.
```
CHARACTERISTICS OF NETWORKING
focused on network
focused on devices
user input is configuration
user input is a policy
user white list security model
user black list security model
```
NETWORK TYPES
Controller-Based Networking
Traditional Networking
Controller-Based Networking
focused on network
user input is a policy
user white list security model
Traditional Networking
focused on devices
user input is configuration
user black list security model
259
A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the connection?
A. 802.1q trunks
B. Cisco vPC
C. LLDP
D. LACP
LACP
260
When a WPA2-PSK WLAN is configured in the wireless LAN Controller, what is the minimum number of characters that is in ASCll format?
A. 6
B. 8
C. 12
D. 18
8
261
What are two differences between optical-fiber cabling and copper cabling? (Choose two)
A. Light is transmitted through the core of the fiber
B. A BNC connector is used for fiber connections
C. The glass core component is encased in a cladding
D. Fiber connects to physical interfaces using Rj-45 connections
E. The data can pass through the cladding
Light is transmitted through the core of the fiber
The glass core component is encased in a cladding
262
Refer to the exhibit
What action establishes the OSPF neighbor relationship without forming an adjacency?
A. modify hello interval
B. modify process ID
C. modify priority
D. modify network type
modify hello interval
263
How does WPA3 improve security?
A. It uses SAE for authentication.
B. It uses a 4-way handshake for authentication.
C. It uses RC4 for encryption.
D. It uses TKIP for encryption.
It uses SAE for authentication.
264
A device detects two stations transmitting frames at the same time. This condition occurs after the first 64 bytes of the frame is received. Which interface counter increments?
A. collision
B. CRC
C. runt
D. late collision
late collision
265
An engineer deploys a topology in which R1 obtains its IP configuration from DHCP. If the switch and DHCP server configurations are complete and correct. Which two sets of commands must be configured on R1 and R2 to complete the task? (Choose two)
A. R1(config)# interface fa0/0
R1(config-if)#ip address dhcp
R1(config-if)# no shutsown
B. R1(config)# interface fa0/0
R1(config-if)#ip helper-address 192.0.2.2
C. R2(config)# interface gi0/0
R2(config-if)#ip address dhcp
D. R1(config)# interface fa0/0
R1(config-if)#ip helper-address 198.51.100.100
E. R2(config)# interface gi0/0
R2(config-if)#ip helper-address 198.51.100.100
R1(config)# interface fa0/0
R1(config-if)#ip address dhcp
R1(config-if)# no shutdown
R2(config)# interface gi0/0
R2(config-if)#ip helper-address 198.51.100.100
266
When OSPF learns multiple paths to a network, how does it select a route?
A. It multiple the active K value by 256 to calculate the route with the lowest metric.
B. For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth.
C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.
D. It count the number of hops between the source router and the destination to determine the router with the lowest metric
It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.
267
A user configured OSPF in a single area between two routers. A serial interface connecting R1 and R2 is running encapsulation PPP. By default which OSPF network type is seen on this interface when the user types show ip ospf interface on R1 or R2?
A. port-to-multipoint
B. broadcast
C. point-to-point
D. nonbroadcast
point-to-point
268
How do AAA operations compare regarding user identification, user services and access control?
A. Authorization provides access control and authentication tracks user services
B. Authentication identifies users and accounting tracks user services
C. Accounting tracks user services, and authentication provides access control
D. Authorization identifies users and authentication provides access control
Authentication identifies users and accounting tracks user services
269
An engineer requires a scratch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured?
A. switchport mode trunk
B. switchport mode dynamic desirable
C. switchport mode dynamic auto
D. switchport nonegotiate
switchport mode dynamic auto
270
Refer to the exhibit
1726.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.3./24 [1/0] via 207.165.200.250, Serial 0/0/0
O 172.16.3.0/28 [110/84437] via 207.165.200.254, 00:00:28,
Serial0/0/1
A packet is being sent across router R1 to host 172.16.3.14. What is the destination route for the packet?
A. 209.165.200.254 via Serial0/0/1
B. 209.165.200.254 via Serial0/0/0
C. 209.165.200.246 via Serial0/1/0
D. 209.165.200.250 via Serial0/0/0
209.165.200.254 via Serial0/0/1
271
With REST API, which standard HTTP header tells a server which media type is expected by the client?
A. Accept-Encoding: gzip. deflate
B. Accept-Patch: text/example; charset=utf-8
C. Content-Type: application/json; charset=utf-8
D. Accept: application/json
Accept: application/json
272
Which JSON data type is an unordered set of attribute- value pairs?
A. array
B. string
C. object
D. Boolean
object
273
What is the expected outcome when an EUI-64 address is generated?
A. The seventh bit of the original MAC address of the interface is inverted
B. The interface ID is configured as a random 64-bit value
C. The characters FE80 are inserted at the beginning of the MAC address of the interface
D. The MAC address of the interface is used as the interface ID without modification
The seventh bit of the original MAC address of the interface is inverted
274
Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access?
A. HTTPS
B. RADIUS
C. TACACS+
D. HTTP
RADIUS
275
The SW1 interface g0/1 is in the down/down state. Which two configurations are valid reasons for the interface conditions?(choose two)
```
A. There is a duplex mismatch
B. There is a speed mismatch
C. There is a protocol mismatch
D. The interface is shut down
E. The interface is error-disabled
```
There is a speed mismatch
The interface is error-disabled
276
Which network plane is centralized and manages routing decisions?
A. policy plane
B. management plane
C. control plane
D. data plane
control plane
277
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface?
A. configure a stateful DHCPv6 server on the network
B. enable SLAAC on an interface
C. disable the EUI-64 bit process
D. explicitly assign a link-local address
enable SLAAC on an interface
278
Refer to the exhibit
Which command configures a floating static route to provide a backup to the primary link?
A. ip route 0.0.0.0 0.0.0.0 209.165.202.131
B. ip route 209.165.201.0 255.255.255.224 209.165.202.130
C. ip route 0.0.0.0 0.0.0.0 209.165.200.224
D. ip route 209.165.200.224 255.255.255.224 209.165.202.129 254
ip route 209.165.200.224 255.255.255.224 209.165.202.129 254
279
Which two QoS tools provides congestion management? ( Choose two )
```
A. CAR
B. CBWFQ
C. PQ
D. PBR
E. FRTS
```
CBWFQ
PQ
```
Explanation
Type of queuing methods are available:
• First-In-First-Out (FIFO)
• Priority Queuing (PQ)
• Custom Queuing (CQ)
• Weighted Fair Queuing (WFQ)
• Class-Based Weighted Fair Queuing (CBWFQ)
• Low-Latency Queuing (LLQ)
```
280
An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts. A Telnet attempt from PC-2 gives this message:"% Connection refused by remote host". Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?
```
A. Add the access-list 10 permit any command to the configuration
B. Remove the access-class 10 in command from line vty 0.4
C. Add the ip access-group 10 out command to interface g0/0.
D. Remove the password command from line vty 0 4.
```
Add the access-list 10 permit any command to the configuration
281
An engineer must configure an OSPF neighbor relationship between router R1 and R3. The authentication configuration has been configured and the connecting interfaces are in the same
192.168 1.0/30 subnet. What are the next two steps to complete the configuration? (Choose two.)
A. configure the hello and dead timers to match on both sides
B. configure the same process ID for the router OSPF process
C. configure the same router ID on both routing processes
D. Configure the interfaces as OSPF active on both sides.
E. configure both interfaces with the same area ID
configure the hello and dead timers to match on both sides
configure both interfaces with the same area ID
282
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?
A. route with the lowest cost
B. route with the next hop that has the highest IP
C. route with the shortest prefix length
D. route with the lowest administrative distance
route with the lowest administrative distance
283
Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?
A. Ansible
B. Python
C. Puppet
D. Chef
Ansible
284
Which 802.11 frame type is indicated by a probe response after a client sends a probe request?
A. action
B. management
C. control
D. data
management
285
Which two must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)
A. The switch must be running a k9 (crypto) IOS image
B. The Ip domain-name command must be configured on the switch
C. IP routing must be enabled on the switch
D. A console password must be configured on the switch
E. Telnet must be disabled on the switch
The switch must be running a k9 (crypto) IOS image
The Ip domain-name command must be configured on the switch
286
Refer to the exhibit
Fa0/1 Fa0/1
SW1--------------------------------------------------------------------------SW2
802.1Q
```
SW1
Interface fastethernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
```
```
SW2
Interface fastethernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport mode trunk
```
Which action do the switches take on the trunk link?
A. The trunk does not form and the ports go into an err-disabled status.
B. The trunk forms but the mismatched native VLANs are merged into a single broadcast domain.
C. The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link.
D. The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state
The trunk forms but the mismatched native VLANs are merged into a single broadcast domain.
287
Refer to the exhibit
```
Which prefix does Router 1 use for traffic to Host A?
A. 10.10.10.0/28
B. 10.10.13.0/25
C. 10.10.13.144/28
D. 10.10.13.208/29
```
10.10.13.208/29
288
Refer to the exhibit
```
Router R2 is configured with multiple routes to reach network 10 1.1 0/24 from router R1. What protocol is chosen by router R2 to reach the destination network 10.1 1 0/24?
A. eBGP
B. static
C. OSPF
D. EIGRP
```
static
289
Refer to the exhibit
R2#show ip route
C 192.168.1.0/26 is directly connected, FastEthernet0/1
```
Which two prefixes are included in this routing table entry? (Choose two)
A. 192.168.1.17
B. 192.168.1.61
C. 192.168.1.64
D. 192.168.1.127
E. 192.168.1.254
```
192. 168.1.61
| 192. 168.1.64
290
Which IPv6 address block forwards packets to a multicast address rather than a unicast address?
A. 2000::/3
B. FC00::/7
C. FE80::/10
D. FF00::/12
FF00::/12
291
What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closet? (Choose two.)
```
A. enable the PortFast feature on ports
B. implement port-based authentication
C. configure static ARP entries
D. configure ports to a fixed speed
E. shut down unused ports
```
implement port-based authentication
shut down unused ports
292
Refer to the exhibit
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/1
C 172.160.0.0/16 is directly connected, FastEthernet0/0
D 192.168.0.0/24 [90/30720] via 172.16.0.2, 00:00:03, Fa0/0
Which route type does the routing protocol Code D represent in the output?
A. internal BGP route
B. /24 route of a locally configured IP
C. statically assigned route
D. route learned through EIGRP
route learned through EIGRP
293
Which type of IPv6 address is publicly routable in the same way as IPv4 public address?
A. global unicast
B. link-local
C. unique local
D. multicast
global unicast
294
Refer to the exhibit
Which change to the configuration on Switch? Allows the two switches to establish an EtherChannel?
A. Change the protocol to EtherChannel mode on.
B. Change the LACP mode to active
C. Change the LACP mode to desirable
D. Change the protocol to PAqP and use auto mode
Change the LACP mode to active
295
What is the path for traffic sent from one user workstation to another workstation on a separate switch In a three-Tier architecture model?
A. access - core - distribution - access
B. access - distribution - distribution - access
C. access - core - access
D. access -distribution - core - distribution - access
access -distribution - core - distribution - access
296
Refer to the exhibit
If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
A. 192.168.12.2
B. 192.168.13.3
C. 192.168.14.4
D. 192.168.15.5
192.168.14.4
297
A packet is destined for 10.10.1.22. Which static route does the router choose to forward the packet?
A. ip route 10.10.1.0 255.255.255.240 10.10.255.1
B. ip route 10.10.1.16 255.255.255.252 10.10.255.1
C. ip route 10.10.1.20 255.255.255.252 10.10.255.1
D. ip route 10.10.1.20 255.255.255.254 10.10.255.1
ip route 10.10.1.20 255.255.255.252 10.10.255.1
298
An office has 8 floors with approximately 30-40 users per floor. What command must be configured on the router Switched Virtual Interface to use address space efficiently?
A. ip address 192.168.0.0 255.255.0.0
B. ip address 192.168.0.0 255.255.254.0
C. ip address 192.168.0.0 255.255.255.128
D. ip address 192.168.0.0 255.255.255.224
ip address 192.168.0.0 255.255.254.0
299
DRAG DROP
Drag the descriptions of IP protocol transmissions from the left onto the IP traffic types on the right.
IP PROTOCOL TRANSMISSIONS
sends transmissions in sequence
transmissions include an 8-byte header
transmits packets as a stream
transmits packets individually
uses a higher transmission rate to support latency-sensitive applications
uses a lower transmission rate to ensure reliability
IP TRAFFIC TYPES
TCP
UDP
TCP
sends transmissions in sequence
transmits packets as a stream
uses a lower transmission rate to ensure reliability
UDP
transmissions include an 8-byte header
transmits packets individually
uses a higher transmission rate to support latency-sensitive applications
300
Which command must be entered when a device is configured as an NTP server?
A. ntp authenticate
B. ntp server
C. ntp peer
D. ntp master
ntp master
301
```
Which command must be entered to configure a DHCP relay?
A. ip helper-address
B. ip address dhcp
C. ip dhcp pool
D. ip dhcp relay
```
ip helper-address
302
Which technology must be implemented to configure network device monitoring with the highest security?
A. IP SLA
B. syslog
C. NetFlow
D. SNMPv3
NetFlow
303
Refer to the exhibit
```
Switch(config)#hostname R1
R1(config)#interface FastEthernet0/1
R1(config-if)#no switchport
R1(config-if)#ip address 10.100.20.42 255.255.255.0
R1(config-if)#line vty 0 4
R1(config-line)#login
```
An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to enable
privilege mode via Telnet using a local username and password?
R1(config)#username admin privilege 15 secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local
304
Refer to the exhibit
An engineer is required to verify that the network parameters are valid for the users wireless LAN connectivity on a /24 subnet. Drag and drop the values from the left onto the network parameters on the right. Not all values are used
Go to question 307
305
Which two actions influence the EIGRP route selection process? (Choose two)
A. The router calculates the reported distance by multiplying the delay on the exiting Interface by
256.
B. The router calculates the best backup path to the destination route and assigns it as the feasible successor.
C. The router calculates the feasible distance of all paths to the destination route
D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link
E. The router must use the advertised distance as the metric for any given route
The router calculates the best backup path to the destination route and assigns it as the feasible successor
The router calculates the feasible distance of all paths to the destination route
306
Which configuration is needed to generate an RSA key for SSH on a router?
A. Configure the version of SSH
B. Configure VTY access.
C. Create a user with a password.
D. Assign a DNS domain name
Assign a DNS domain name
307
What makes Cisco DNA Center different from traditional network management applications and their management of networks?
A. It only supports auto-discovery of network elements in a greenfield deployment.
B. It modular design allows someone to implement different versions to meet the specific needs of
an organization
C. It abstracts policy from the actual device configuration
D. It does not support high availability of management functions when operating in cluster mode
It abstracts policy from the actual device configuration
308
Which two primary drivers support the need for network automation? (Choose two.)
A. Eliminating training needs
B. Increasing reliance on self-diagnostic and self-healing
C. Policy-derived provisioning of resources
D. Providing a ship entry point for resource provisioning
E. Reducing hardware footprint
Policy-derived provisioning of resources
Providing a ship entry point for resource provisioning
309
```
Using direct sequence spread spectrum, which three 2.4-GHz channels are used to limit collisions?
A. 1,6,11
B. 1,5,10
C. 1,2,3
D. 5,6,7
```
1,6,11
310
Refer to the exhibit
interface GigbitEthernet3/1/4
switchport voice vlan 50
!
An administrator is tasked with configuring a voice VLAN. What is the expected outcome when a Cisco phone is connected to the GigabitEfriemet3/1/4 port on a switch?
A. The phone and a workstation that is connected to the phone do not have VLAN connectivity
B. The phone and a workstation that is connected to the phone
send and receive data in VLAN 50.
C. The phone sends and receives data in VLAN 50, but a workstation connected to the phone has no
VLAN connectivity
D. The phone sends and receives data in VLAN 50, but a workstation connected to the phone sends and receives data in VLAN 1
The phone sends and receives data in VLAN 50, but a workstation connected to the phone sends and receives data in VLAN 1
311
Refer to the exhibit (Question 314)
```
Which route type is configured to reach the internet?
A. host route
B. default route
C. floating static route
D. network route
```
Question 314
312
An engineer needs to configure LLDP to send the port description time length value (TLV). What command sequence must be implemented?
A. switch(config-line)#IIdp port-description
B. switch(config)#IIdp port-description
C. switch(config-if)#IIdp port-description
D. switch#IIdp port-description
switch(config)#IIdp port-description
313
A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, which type of OSPF network does this interface belong to?
A. point-to-multipoint
B. point-to-point
C. broadcast
D. nonbroadcast
broadcast
314
What benefit does controller-based networking provide versus traditional networking?
A. moves from a two-tier to a three-tier network architecture to provide maximum redundancy
B. provides an added layer of security to protect from DDoS attacks
C. allows configuration and monitoring of the network from one centralized port
D. combines control and data plane functionality on a single device to minimize latency
allows configuration and monitoring of the network from one centralized port
315
Refer to the exhibit
The entire contents of the MAC address table are shown. Sales-4 sends a data frame to Sales-1
What does the switch do as it receives the frame from Sales-4?
A. Perform a lookup in the MAC address table and discard the frame due to a missing entry.
B. Insert the source MAC address and port into the forwarding table and forward the frame to Sales1.
C. Map the Layer 2 MAC address to the Layer 3 IP address and forward the frame.
D. Flood the frame out of all ports except on the port where Sales-1 is connected.
Question 318
316
How does CAPWAP communicate between an access point in local mode and a WLC?
A. The access point must directly connect to the WLC using a copper cable
B. The access point must not be connected to the wired network, as it would create a loop
C. The access point must be connected to the same switch as the WLC
D. The access point has the ability to link to any switch in the network, assuming connectivity to the
WLC
The access point has the ability to link to any switch in the network, assuming connectivity to the WLC
317
Refer to the exhibit.
An engineer must add a subnet for a new office that will add 20 users to the network. Which IPv4 network and subnet mask combination does the engineer assign to minimize wasting addresses?
A. 10.10.225.48 255.255.255.240
B. 10.10.225.32 255.255.255.240
C. 10.10.225.48 255.255.255.224
D. 10.10.225.32 255.255.255.224
Question 320
318
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?
A. TKIP encryption
B. AES encryption
C. scrambled encryption key
D. SAE encryption
SAE encryption
319
A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone?
A. It allows the traffic to pass through unchanged
B. It drops the traffic
C. It tags the traffic with the default VLAN
D. It tags the traffic with the native VLAN
It allows the traffic to pass through unchanged
320
Which statement about Link Aggregation when implemented on a Cisco Wireless LAN Controller is true?
A. To pass client traffic two or more ports must be configured.
B. The EtherChannel must be configured in "mode active"
C. When enabled the WLC bandwidth drops to 500 Mbps
D. One functional physical port is needed to pass client traffic
One functional physical port is needed to pass client traffic
321
Which set of action satisfy the requirement for multifactor authentication?
A. The user swipes a key fob, then clicks through an email link
B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device
C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
D. The user enters a user name and password and then re-enters the credentials on a second screen
The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device
322
Refer to the exhibit
Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while allowing devices on VLAN 100 to use their own IP addresses?
Question 325
323
Which two outcomes are predictable behaviors for HSRP? (Choose two)
A. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.
B. The two routers negotiate one router as the active router and the other as the standby router
C. Each router has a different IP address both routers act as the default gateway on the LAN, and
traffic is load balanced between them.
D The two routers synchronize configurations to provide consistent packet forwarding
E. The two routed share the same IP address, and default gateway traffic is load-balanced between
them
The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.
The two routers negotiate one router as the active router and the other as the standby router
324
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?
A. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management
B. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management
C. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options
D. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management
Cisco DNA Center device management can deploy a network more quickly than traditional campus device management
325
```
A corporate office uses four floors in a building
• Floor 1 has 24 users
• Floor 2 has 29 users
• Floor 3 has 28 users
•Floor 4 has 22 users
```
Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?
A. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor
B. 192.168.0.0.24 as summary and 192.168.0.0/28 for each floor
C. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor
D. l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor
l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor
326
An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?
A. Exchange
B. 2-way
C. Full
D. Init
Full
327
What are two reasons for an engineer to configure a floating static route? (Choose two)
A. to automatically route traffic on a secondary path when the primary path goes down
B. to route traffic differently based on the source IP of the packet
C. to enable fallback static routing when the dynamic routing protocol fails
D. to support load balancing via static routing
E. to control the return path of traffic that is sent from the router
to automatically route traffic on a secondary path when the primary path goes down
to enable fallback static routing when the dynamic routing protocol fails
328
The service password-encryption command is entered on a router. What is the effect of this configuration?
A. restricts unauthorized users from viewing clear-text passwords in the running configuration
B. encrypts the password exchange when a VPN tunnel is established
C. prevents network administrators from configuring clear-text passwords
D. protects the VLAN database from unauthorized PC connections on the switch
restricts unauthorized users from viewing clear-text passwords in the running configuration
329
DRAG DROP
Drag and drop the application protocols from the left onto the transport protocols that it uses on the right
```
APPLICATION PROTOCOLS
DHCP
FTP
SMTP
SSH
SNMP
TFTP
```
TRANSPORT PROTOCOLS
TCP
UPD
TCP
FTP
SMTP
SSH
UDP
DHCP
SNMP
TFTP
330
Refer to the exhibit
Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?
A. It uses a route that is similar to the destination address
B. It discards the packets.
C. It floods packets to all learned next hops.
D. It Queues the packets waiting for the route to be learned.
Question 333
331
Refer to the exhibit.
After the configuration is applied, the two routers fail to establish an OSPF neighbor relationship. what is the reason for the problem?
A. The OSPF router IDs are mismatched
B. Router2 is using the default hello timer.
C. The network statement on Router1 is misconfigured.
D. The OSPF process IDs are mismatched
question 334
332
Which design element is a best practice when deploying an 802.11b wireless infrastructure?
A. disabling TPC so that access points can negotiate signal levels with their attached wireless devices.
B. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller
C. allocating nonoverlapping channels to access points that are in close physical proximity to one another
D. configuring access points to provide clients with a maximum of 5 Mbps
allocating nonoverlapping channels to access points that are in close physical proximity to one another
333
Refer to the exhibit
If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command how does the router respond?
A. It ignores the new static route until the existing OSPF default route is removed
B. It immediately replaces the existing OSPF route in the routing table with the newly configured
static route
C. It starts load-balancing traffic between the two default routes
D. It starts sending traffic without a specific matching entry in the routing table to GigabitEthernetO/1
Question 336
334
What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?
A. OpenFlow
B. Java
C. REST
D. XML
OpenFlow
335
Refer to the exhibit
An engineer is configuring the NEW York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path. Which two commands must be configured on the New York router so that it can reach the Lo1 interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two)
```
A. ipv6 router 2000::1/128 2012::1
B. ipv6 router 2000::1/128 2012::1 5
C. ipv6 router 2000::1/128 2012::2
D. ipv6 router 2000::1/128 2023::2 5
E. ipv6 router 2000::1/128 2023::3 5
```
Question 338
336
Which statement correctly compares traditional networks and controller-based networks?
A. Only traditional networks offer a centralized control plane
B. Only traditional networks natively support centralized management
C. Traditional and controller-based networks abstract policies from device configurations
D. Only controller-based networks decouple the control plane and the data plane
Only controller-based networks decouple the control plane and the data plane
337
How does the dynamically-learned MAC address feature function?
A. The CAM table is empty until ingress traffic arrives at each port
B. Switches dynamically learn MAC addresses of each connecting CAM table.
C. The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses
D. It requires a minimum number of secure MAC addresses to be filled dynamically
The CAM table is empty until ingress traffic arrives at each port
338
Refer to the exhibit
R1# show ip route
D 192.168.16.0/26 [90/2679326] via 192.168.1.1
R 192.168.16.0/24 [120/3] via 192.168.1.2
O 192.168.16.0/21 [110/2] via 192.168.1.3
i L1 192.168.16.0/27 [115/30] via 192.168.1.4
```
Which route does R1 select for traffic that is destined to 192 168.16.2?
A. 192.168.16.0/21
B. 192.168.16.0/24
C. 192.168 26.0/26
D. 192.168.16.0/27
```
192.168.16.0/27
339
Which technology can prevent client devices from arbitrarily connecting to the network without state remediation?
A. 802.1x
B. IP Source Guard
C. MAC Authentication Bypass
D. 802.11n
802.1x
340
An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz channels. What must be configured to allow clients to preferentially use 5GH2 access points?
A. Re- Anchor Roamed Clients
B. 11ac MU-MIMO
C. OEAP Split Tunnel
D. Client Band Select
Client Band Select
341
Refer to the exhibit
Which command must be executed for Gi1/1 on SW1 to become a trunk port if Gi1/1 on SW2 is configured in desirable or trunk mode?
A. switchport mode trunk
B. switchport mode dot1-tunnel
C. switchport mode dynamic auto
D. switchport mode dynamic desirable
switchport mode dynamic auto
342
Which IPv6 address type provides communication between subnets and is unable to route on the Internet?
A. global unicast
B. unique local
C. link-local
D. multicast
unique local
343
What are two descriptions of three-tier network topologies? (Choose two)
A. The core and distribution layers perform the same functions
B. The access layer manages routing between devices in different domains
C. The network core is designed to maintain continuous connectivity when devices fail.
D. The core layer maintains wired connections for each host
E. The distribution layer runs Layer 2 and Layer 3 technologies
The network core is designed to maintain continuous connectivity when devices fail.
The distribution layer runs Layer 2 and Layer 3 technologies
344
Refer to the exhibit
An administrator configures four switches for local authentication using passwords that are stored in a cryptographic hash. The four switches must also support SSH access for administrators to manage the network infrastructure. Which switch is configured correctly to meet these requirements?
A. SW1
B. SW2
C. SW3
D. SW4
question 347
345
What is a role of access points in an enterprise network?
A. connect wireless devices to a wired network
B. support secure user logins to devices or the network
C. integrate with SNMP in preventing DDoS attacks
D. serve as a first line of defense in an enterprise network
connect wireless devices to a wired network
346
What is a function of TFTP in network operations?
A. transfers a backup configuration file from a server to a switch using a username and password
B. transfers files between file systems on a router
C. transfers a configuration files from a server to a router on a congested link
D. transfers IOS images from a server to a router for firmware upgrades
transfers IOS images from a server to a router for firmware upgrades
347
A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped?
A. Device(Config)#lldp run
B. Device(Config)#cdp run
C. Device(Config-if)#cdp enable
D. Device(Config)#flow-sampler-map topology
Device(Config)#lldp run
348
What is the same for both copper and fiber interfaces when using SFP modules?
A. They support an inline optical attenuator to enhance signal strength
B. They provide minimal interruption to services by being hot-swappable
C. They offer reliable bandwidth up to 100 Mbps in half duplex mode
D. They accommodate single-mode and multi-mode in a single module
They provide minimal interruption to services by being hot-swappable
349
When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI which format is supported?
A. Unicode
B. base64
C. decimal
D. ASCII
ASCII
350
DRAG DROP
Drag and drop the TCP/IP protocols from the left onto the transmission protocols on the right
```
TCP/IP PROTOCOLS
dns
smtp
snmp
http
rtp
telnet
```
TRANSMISSION PROTOCOLS
TCP
UDP
TCP
smtp
http
telnet
UDP
dns
snmp
rtp
351
When deploying syslog, which severity level logs informational message?
A. 0
B. 2
C. 4
D. 6
6
352
Refer to the exhibit
```
What does router R1 use as its OSPF router-ID?
A. 10.10.1.10
B. 10.10.10.20
C. 172.16.15.10
D. 192.168.0.1
```
question 355
353
Which protocol does an access point use to draw power from a connected switch?
A. Internet Group Management Protocol
B. Adaptive Wireless Path Protocol
C. Cisco Discovery Protocol
D. Neighbor Discovery Protocol
Cisco Discovery Protocol
354
Refer to the exhibit
```
To which device does Router1 send packets that are destined to host 10.10.13.165?
A. Router2
B. Router3
C. Router4
D. Router5
```
question 357
355
Which networking function occurs on the data plane?
A. forwarding remote client/server traffic
B. facilitates spanning-tree elections
C. processing inbound SSH management traffic
D. sending and receiving OSPF Hello packets
forwarding remote client/server traffic
356
Refer to the exhibit
```
Only four switches are participating in the VLAN spanning-tree process.
Branch-1 priority 614440
Branch-2: priority 39082416
Branch-3: priority 0
Branch-4: root primary
```
Which switch becomes the permanent root bridge for VLAN 5?
A. Branch-1
B. Branch-2
C. Branch-3
D. Branch-4
question 359
357
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two)
```
A. Enable NTP authentication.
B. Verify the time zone.
C. Disable NTP broadcasts
D. Specify the IP address of the NTP server
E. Set the NTP server private key
```
Enable NTP authentication
Specify the IP address of the NTP server
358
Refer to the exhibit
Shortly after SiteA was connected to SiteB over a new single-mode fiber path users at SiteA report intermittent connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?
A. Interface errors are incrementing
B. An incorrect SFP media type was used at SiteA
C. High usage is causing high latency
D. The sites were connected with the wrong cable type
question 361
359
Where does a switch maintain DHCP snooping information?
A. in the MAC address table
B. in the CAM table
C. in the binding database
D. in the frame forwarding database
in the binding database
360
Refer to the exhibit
```
SW1#show run int gig 0/1
interface GigabitEthernet0/1
switchport access vlan 1
switchport trunk allowed vlan 1-10
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport mode trunk
speed
duplex full
```
Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?
A. The frame is processed in VLAN 5.
B. The frame is processed in VLAN 11
C. The frame is processed in VLAN 1
D. The frame is dropped
The frame is processed in VLAN 5
361
Refer to the exhibit
```
Based on the LACP neighbor status, in which mode is the SW1 port channel configured?
A. passive
B. mode on
C. auto
D. active
```
question 364
362
DRAG DROP
Refer to the exhibit
question 365
363
Which result occurs when PortFast is enabled on an interface that is connected to another switch?
A. Spanning tree may fail to detect a switching loop in the network that causes broadcast storms
B. VTP is allowed to propagate VLAN configuration information from switch to switch automatically.
C. Root port choice and spanning tree recalculation are accelerated when a switch link goes down
D. After spanning tree converges PortFast shuts down any port that receives BPDUs.
Spanning tree may fail to detect a switching loop in the network that causes broadcast storms
364
What is the primary difference between AAA authentication and authorization?
A. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.
B. Authentication identifies a user who is attempting to access a system, and authorization validates the users password
C. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
D. Authentication controls the system processes a user can access and authorization logs the activities the user initiates
Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
365
A network administrator must configure SSH for remote access to router R1. The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client.
Which configuration, when applied, meets the requirements?
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 2048
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate rsa modulus 2048
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 1024
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key encrypt rsa name myKey
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 1024
366
A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router R2 GigabitEthernet1/1 interface.
For the configuration to be applied the engineer must compress the address 2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be issued on the interface?
A. ipv6 address 2001:0db8::5: a: 4F 583B
B. ipv6 address 2001:db8::500:a:400F:583B
C. ipv6 address 2001:db8:0::500:a:4F:583B
D. ipv6 address 2001::db8:0000::500:a:400F:583B
ipv6 address 2001:db8::500:a:400F:583B
367
Refer to the exhibit
A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have been partially configured with VLAN 10, 11, 12, and 13.
What is the next step in the configuration?
A. Add PC A to VLAN 10 and the File Server to VLAN 11 fa VLAN segmentation
B. Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation
C. Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing.
D. Add PC A to the same subnet as the Fie Server allowing for intra-VLAN communication.
question 370
368
Which goal is achieved by the implementation of private IPv4 addressing on a network?
A. provides an added level of protection against Internet exposure
B. provides a reduction in size of the forwarding table on network routers
C. allows communication across the Internet to other private networks
D. allows servers and workstations to communicate across public network boundaries
provides an added level of protection against Internet exposure
369
What is a characteristic of spine-and-leaf architecture?
A. Each device is separated by the same number of hops
B. It provides variable latency
C. It provides greater predictability on STP blocked ports.
D. Each link between leaf switches allows for higher bandwidth.
Each device is separated by the same number of hops
370
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?
A. cost
B. adminstrative distance
C. metric
D. as-path
metric
371
Refer to the exhibit
SW10
Gi1/1 |
| VLAN 300 - Data
| VLAN 400 - Voice
|
IP Phone--------------------------------------------------PC
An engineer must configure GigabitEthernet1/1 to accommodate voice and data traffic Which configuration accomplishes this task?
Interface gigabitethernet1/1
switchport mode access
switchport access vlan 300
switchport voice vlan 400
Interface gigabitethernet1/1
switchport mode trunk
switchport trunk vlan 300
switchport voice vlan 400
Interface gigabitethernet1/1
switchport mode access
switchport trunk vlan 300
switchport trunk vlan 400
Interface gigabitethernet1/1
switchport mode access
switchport voice vlan 300
switchport access vlan 400
Interface gigabitethernet1/1
switchport mode access
switchport access vlan 300
switchport voice vlan 400
(question 374)
372
Refer to the exhibit
The show ip ospf interface command has been executed on R1 How is OSPF configured?
A. The interface is not participating in OSPF
B. A point-to-point network type is configured
C. The default Hello and Dead timers are in use
D. There are six OSPF neighbors on this interface
The default Hello and Dead timers are in use
373
Refer to the exhibit
An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1 The
new circuit uses eBGP and teams the route to VLAN25 from the BGP path What s the expected
behavior for the traffic flow for route 10.10.13.0/25?
A. Traffic to 10.10.13.0.25 is load balanced out of multiple interfaces
B. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.
C. Traffic to 10.10.13.0/25 is asymmeteical
D. Route 10.10.13.0/25 learned via the GiO/0 interface remains in the routing table
Route 10.10.13.0/25 learned via the GiO/0 interface remains in the routing table
question 376
374
Refer to the exhibit
With which metric was the route to host 172.16.0.202 learned?
question 377
375
Refer to the exhibit
R1# show ip route
....
D 172.16.32.0/27 [90/2888597172] via 20.1.1.1
O 172.16.32.0/19 [110/292094] via 20.1.1.10
R 172.16.32.0/24 [120/2] via 20.1.1.3
Router R1 is running three different routing protocols. Which route characteristic is used by the router to forward the packet that it receives for destination IP 172.16.32.1?
A. longest prefix
B. metric
C. cost
D. administrative distance
longest prefix
376
What are two benefits of network automation? (Choose two)
```
A. reduced operational costs
B. reduced hardware footprint
C. faster changes with more reliable results
D. fewer network failures
E. increased network security
```
reduced operational costs
faster changes with more reliable results
377
An administrator must secure the WLC from receiving spoofed association requests. Which steps must be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to retry an association request?
A. Enable Security Association Teardown Protection and set the SA Query timeout to 10
B. Enable MAC filtering and set the SA Query timeout to 10
C. Enable 802.1x Layer 2 security and set me Comeback timer to 10
D. Enable the Protected Management Frame service and set the Comeback timer to 10
Enable 802.1x Layer 2 security and set me Comeback timer to 10
378
Which function does an SNMP agent perform?
A. it sends information about MIB variables in response to requests from the NMS
B. it requests information from remote network nodes about catastrophic system events.
C. it manages routing between Layer 3 devices in a network
D. it coordinates user authentication between a network device and a TACACS+ or RADIUS server
it sends information about MIB variables in response to requests from the NMS
379
What is the effect when loopback interfaces and the configured router ID are absent during the OSPF Process configuration?
A. No router ID is set, and the OSPF protocol does not run.
B. The highest up/up physical interface IP address is selected as the router ID.
C. The lowest IP address is incremented by 1 and selected as the router ID.
D. The router ID 0.0.0.0 is selected and placed in the OSPF process.
The highest up/up physical interface IP address is selected as the router ID
380
Refer to the exhibit
The default-information originate command is configured under the R1 OSPF configuration. After testing workstations on VLAN 20 at Site B cannot reach a DNS server on the Internet. Which action
corrects the configuration issue?
A. Add the default-information originate command onR2
B. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1
C. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2
D. Add the always keyword to the default-information originate command on R1
Question 383
381
Refer to the exhibit
```
SW2
vtp domain cisco
vtp mode transparent
vtp password ciscotest
interface fastethernet0/1
description connection to sw1
switchport mode trunk
switchport trunk encapsulation dot1q
```
How does SW2 interact with other switches in this VTP domain?
A. It processes VTP updates from any VTP clients on the network on its access ports.
B. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports ports
C. It forwards only the VTP advertisements that it receives on its trunk ports.
D. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports
It forwards only the VTP advertisements that it receives on its trunk ports.
382
Which condition must be met before an NMS handles an SNMP trap from an agent?
A. The NMS software must be loaded with the MIB associated with the trap.
B. The NMS must be configured on the same router as the SNMP agent
C. The NMS must receive a trap and an inform message from the SNMP agent within a configured
interval
D. The NMS must receive the same trap from two different SNMP agents to verify that it is reliable.
The NMS software must be loaded with the MIB associated with the trap.
383
Which action must be taken in router R1 to help resolve the configuration issue?
A. set the default network as 20.20.20.0/24
B. set the default gateway as 20.20.20.2
C. configure a static route with Fa0/1 as the egress interface to reach the 20.20.20.0/24 network
D. configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 network
Question 386
384
How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap?
A. It alternates automatically between 2.4 GHz and 5 GHz on
adjacent access points
B. It allows the administrator to assign channels on a per-device or per-interface basis.
C. It segregates devices from different manufacturers onto different channels.
D. It analyzes client load and background noise and dynamically assigns a channel.
It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points
385
When a site-to-site VPN is used, which protocol is responsible for the transport of user data?
A. IKEv2
B. IKEv1
C. IPsec
D. MD5
IPsec
386
An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses 192.168.30.1, 192.168.3.2, 192.168.3.3 Which configuration should be used?
Question 389
387
What is the primary function of a Layer 3 device?
A. to analyze traffic and drop unauthorized traffic from the Internet
B. to transmit wireless traffic between hosts
C. to pass traffic between different networks
D. forward traffic within the same broadcast domain
to pass traffic between different networks
388
Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table?
A. 20
B. 90
C. 110
D. 115
90
389
When the active router in an HSRP group fails, what router assumes the role and forwards packets?
A. backup
B. standby
C. listening
D. forwarding
standby
390
DRAG DROP
Drag the descriptions of device management from the left onto the types of device management on the right
DESCRIPTIONS OF DEVICE MANAGEMENT
implements changes via SSH terminal
manages device configurations on a per-device basis
monitors the cloud for software updates
security is managed near the perimeter of the network with firewalls, VPNs, and IPS
uses CLI templates to apply a consistent configuration to multiple devices at an individual location
uses NetFlow to analyze potential security threats throughout the network and take appropriate action on that traffic
DEVICE MANAGEMENT
Cisco DNA Center Device Management
Traditional Device Management
Cisco DNA Center Device Management
- monitors the cloud for software updates
- uses CLI templates to apply a consistent configuration to multiple devices at an individual location
- uses NetFlow to analyze potential security threats throughout the network and take appropriate action on that traffic
Traditional Device Management
- implements changes via SSH terminal
- manages device configurations on a per-device basis
- security is managed near the perimeter of the network with firewalls, VPNs, and IPS
391
Which two protocols must be disabled to increase security for management connections to a Wireless LAN Controller? (Choose two )
A. Telnet
B. SSH
C. HTTP
D. HTTPS
Telnet
| HTTP
392
DRAG DROP
Refer to the exhibit
An engineer is tasked with verifying network configuration parameters on a client workstation to report back to the team lead. Drag and drop the node identifiers from the left onto the network
parameters on the right.
Question 395
393
Which action does the router take as it forwards a packet through the network?
A. The router replaces the source and destination labels with the sending router interface label as a source and the next hop router label as a destination
B. The router encapsulates the source and destination IP addresses with the sending router IP address as the source and the neighbor IP address as the destination
C. The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination
D. The router encapsulates the original packet and then includes a tag that identifies the source
The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination
394
Which function is performed by DHCP snooping?
A. propagates VLAN information between switches
B. listens to multicast traffic for packet forwarding
C. provides DDoS mitigation
D. rate-limits certain traffic
propagates VLAN information between switches
395
When a client and server are not on the same physical network, which device is used to forward requests and replies between client and server for DHCP?
A. DHCP relay agent
B. DHCP server
C. DHCPDISCOVER
D. DHCPOFFER
DHCP relay agent
396
What is a similarity between 1000BASE-LX and 1000BASE-T standards?
A. Both use the same data-link header and trailer formats
B. Both cable types support LP connectors
C. Both cable types support Rj-45 connectors
D., Both support up to 550 meters between nodes
Both cable types support Rj-45 connectors
397
An organization secures its network with multi-factor authentication using an authenticator app on employee smartphone. How is the application secured in the case of a user’s smartphone is lost
or stolen?
A. The application requires an administrator password to reactivate after a configured Interval.
B. The application requires the user to enter a PIN before it provides the second factor.
C. The application challenges a user by requiring an administrator password to reactivate when the
smartphone is rebooted.
D. The application verifies that the user is in a specific location before it provides the second factor.
The application requires the user to enter a PIN before it provides the second factor.
398
When a client and server are not on the same physical network, which device is used to forward requests and replies between client and server for DHCP?
A. DHCP relay agent
B. DHCP server
C. DHCPDISCOVER
D. DHCPOFFER
DHCP relay agent
399
What is a similarly between 1000BASE-LX and 1000BASE-T standards?
A. Both use the same data-link header and trailer formats
B. Both cable types support LP connectors
C. Both cable types support Rj-45 connectors
D., Both support up to 550 meters between nodes
Both cable types support Rj-45 connectors
400
An organization secures its network with multi-factor authentication using an authenticator app on
employee smartphone. How is the application secured in the case of a user’s smartphone being lost
or stolen?
A. The application requires an administrator password to reactivate after a configured Interval.
B. The application requires the user to enter a PIN before it provides the second factor.
C. The application challenges a user by requiring an administrator password to reactivate when the
smartphone is rebooted.
D. The application verifies that the user is in a specific location before it provides the second factor.
The application requires the user to enter a PIN before it provides the second factor.
401
Which protocol requires authentication to transfer a backup configuration file from a router to a
remote server?
A. DTP
B. FTP
C. SMTP
D. TFTP
FTP
402
Refer to the exhibit
Switch#show etherchannel summary
[output omitted]
Group Port-channel Protocol Ports
---------------------------------------------------------------------------
10 Po10 LACP Gi0/0(P) Gi0/1 (P)
20 Po20 LACP Gi0/2(P) Gi0/3(P)
Which two commands were used to create port channel 10? (Choose two )
int range g0/0-1
channel-group 10 mode active
int range g0/0-1
channel-group 10 mode desirable
int range g0/0-1
channel-group 10 mode passive
int range g0/0-1
channel-group 10 mode auto
int range g0/0-1
channel-group 10 mode on
int range g0/0-1
channel-group 10 mode active
int range g0/0-1
channel-group 10 mode passive
403
Refer to the exhibit
ip arp inspection vlan 2
interface fastethernet 0/1
switchport mode access
switchport access vlan 2
What is the effect of this configuration?
A. The switch port interface trust state becomes untrusted
B. The switch port remains administratively down until the interface is connected to another switch
C. Dynamic ARP inspection is disabled because the ARP ACL is missing
D. The switch port remains down until it is configured to trust or untrust incoming packets
The switch port interface trust state becomes untrusted
404
An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link.
Which command should be used?
A. switchport trunk allowed vlan 10
B. switchport trunk native vlan 10
C. switchport mode trunk
D. switchport trunk encapsulation dot1q
switchport trunk native vlan 10
405
While examining excessive traffic on the network, it is noted that all incoming packets on an interface
appear to be allowed even though an IPv4 ACL is applied to the interface.
Which two misconfigurations cause this behavior? (Choose two)
A. The packets fail to match any permit statement
B. A matching permit statement is too high in the access test
C. A matching permit statement is too broadly defined
D. The ACL is empty
E. A matching deny statement is too high in the access list
A matching permit statement is too high in the access test
A matching permit statement is too broadly defined
406
Why does a switch flood a frame to all ports?
A. The frame has zero destination MAC addresses.
B. The source MAC address of the frame is unknown
C. The source and destination MAC addresses of the frame are the same
D. The destination MAC address of the frame is unknown.
The destination MAC address of the frame is unknown.
407
Refer to the exhibit
Loopback0:
172.17.0.1
|
|
Router1----------------------------------------------Router2
192.168.0.2 192.16.0.3
The ntp server 192.168.0.3 command has been configured on router 1 to make it an NTP client of
router 2. Which command must be configured on router 2 so that it operates in server-only mode
and relies only on its internal clock?
A. Router2(config)#ntp passive
B. Router2(config)#ntp server 172.17.0.1
C. Router2(config)#ntp master 4
D. Router2(config)#ntp server 192.168.0.2
Router2(config)#ntp server 192.168.0.2
408
A network administrator enabled port security on a switch interface connected to a printer. What is
the next configuration action in order to allow the port to learn the MAC address of the printer and
insert it into the table automatically?
A. enable dynamic MAC address learning
B. implement static MAC addressing.
C. enable sticky MAC addressing
D. implement auto MAC address learning
enable sticky MAC addressing
409
Refer to the exhibit
The New York router is configured with static routes pointing to the Atlanta and Washington sites.
Which two tasks must be performed so that the Serial0/0/0 interfaces on the Atlanta and
Washington routers can reach one another?
(Choose two.)
A. Configure the ipv6 route 2012::/126 2023::1 command on the Washington router.
B. Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router.
C. Configure the Ipv6 route 2012::/126 s0/0/0 command on the Atlanta router.
D. Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router.
E. Configure the ipv6 route 2012::/126 2023::2 command on the Washington router
Question 409
410
Where is the interface between the control plane and data plane within the software-defined
architecture?
A. control layer and the infrastructure layer
B. application layer and the infrastructure layer
C. application layer and the management layer
D. control layer and the application layer
application layer and the management layer
411
DRAG DROP
Drag and drop the descriptions from the left onto the configuration-management technologies on
the right
DESCRIPTIONS
fundamental configuration elements are stored in a manifest
uses TCP port 10002 for configuration push jobs
uses Ruby for fundamental configuration elements
uses SSH for remote device communication
uses TCP 8140 for communication
uses YAML for fundamental configuration elements
CONFIGURATION-MANAGEMENT TECHNOLOGIES
Ansible
Chef
Puppet
Ansible
- uses SSH for remote device communication
- uses YAML for fundamental configuration elements
Chef
- uses TCP port 10002 for configuration push jobs
- uses Ruby for fundamental configuration elements
Puppet
- fundamental configuration elements are stored in a manifest
- uses TCP 8140 for communication
412
What are two benefits of using the PortFast feature? (Choose two )
A. Enabled interfaces are automatically placed in listening state
B. Enabled interfaces come up and move to the forwarding state immediately
C. Enabled interfaces never generate topology change notifications.
D. Enabled interfaces that move to the learning state generate switch topology change notifications
E. Enabled interfaces wait 50 seconds before they move to the forwarding state
Enabled interfaces are automatically placed in listening state
Enabled interfaces come up and move to the forwarding state immediately
413
What are two characteristics of an SSID? (Choose Two)
A. It can be hidden or broadcast in a WLAN
B. It uniquely identifies an access point in a WLAN
C. It uniquely identifies a client in a WLAN
D. It is at most 32 characters long.
E. It provides secured access to a WLAN
It uniquely identifies an access point in a WLAN
It provides secured access to a WLAN
414
DRAG DROP
Drag and drop the AAA terms from the left onto the description on the right
```
AAA TERMS
accounting
authentication
authorization
CoA
```
```
DESCRIPTIONS
tracks activity
updates session attributes
verifies access rights
verifies identity
```
tracks activity
-accounting
updates session attributes
-CoA
verifies access rights
-authorization
verifies identity
-authentication
415
Which plane is centralized by an SON controller?
A. management-plane
B. control-plane
C. data-plane
D. services-plane
control-plane
416
Refer to the exhibit.
A network administrator has been tasked with securing VTY access to a router. Which access-list entry accomplishes this task?
A. access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq ssh
B. access-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10 0.0.0.255 eq scp
C. access-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10 0.0.0.255 eq telnet
D. access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq https
question 416
access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq ssh
417
Which action is taken by a switch port enabled for PoE power classification override?
A. When a powered device begins drawing power from a PoE switch port a syslog message is
generated
B. As power usage on a PoE switch port is checked data flow to the connected device is temporarily
paused
C. If a switch determines that a device is using less than the minimum configured power it assumes
the device has failed and disconnects
D. Should a monitored port exceeds the maximum administrative value for power, the port is
shutdown and err-disabled
Should a monitored port exceeds the maximum administrative value for power, the port is
shutdown and err-disabled
418
R1 has learned route 192.168.12.0/24 via IS-IS. OSPF, RIP. and Internal EIGRP. Under normal operating
conditions, which routing protocol is installed in the routing table?
A. IS-IS
B. RIP
C. Internal EIGRP
D. OSPF
Internal EIGRP
419
What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two)
A. when the sending device waits 15 seconds before sending the frame again
B. when the cable length limits are exceeded
C. when one side of the connection is configured for half-duplex
D. when Carrier Sense Multiple Access/Collision Detection is used
E. when a collision occurs after the 32nd byte of a frame has been transmitted
when the cable length limits are exceeded
when one side of the connection is configured for half-duplex
420
```
Which QoS tool is used to optimize voice traffic on a network that is primarily intended for data
traffic?
A. FIFO
B. WFQ
C. PQ
D. WRED
```
PQ
421
What are two characteristics of a controller-based network? (Choose two)
A. The administrator can make configuration updates from the CLI
B. It uses northbound and southbound APIs to communicate between architectural layers
C. It moves the control plane to a central point.
D. It decentralizes the control plane, which allows each device to make its own forwarding decisions
E. It uses Telnet to report system issues
It uses northbound and southbound APIs to communicate between architectural layers
It moves the control plane to a central point.
422
What is the benefit of configuring PortFast on an interface?
A. After the cable is connected, the interface uses the fastest speed setting available for that cable
type
B. After the cable is connected, the interface is available faster to send and receive user data
C. The frames entering the interface are marked with higher priority and then processed faster by a
switch.
D. Real-time voice and video frames entering the interface are processed faster
After the cable is connected, the interface is available faster to send and receive user data
423
An engineer configures interface Gi1/0 on the company PE router to connect to an ISP Neighbor
discovery is disabled
```
interface Gi1/0
description HQ_DC3978-87297
duplex full
speed 100
negotiation auto
lldp transmit
llpd receive
```
Which action is necessary to complete the configuration if the ISP uses a third-party network device?
A. Enable LLDP globally
B. Disable autonegotiation
C. Disable Cisco Discovery Protocol on the interface
D. Enable LLDP-MED on the ISP device
Enable LLDP-MED on the ISP device
424
An implementer is preparing hardware for virtualization to create virtual machines on a host. What is needed to provide communication between hardware and virtual machines?
A. hypervisor
B. router
C. straight cable
D. switch
hypervisor
425
An engineer is configuring data and voice services to pass through the same port. The designated
switch interface fastethernet0/1 must transmit packets using the same priority for data when they are received from the access port of the IP phone. Which configuration must be used?
interface fastethernet0/1
switchport priority extend cos 7
interface fastethernet0/1
switchport voice vlan untagged
interface fastethernet0/1
switchport voice vlan dot1q
interface fastethernet0/1
switchport priority extend trust
interface fastethernet0/1
| switchport priority extend cos 7
426
Which communication interaction takes place when a southbound API Is used?
A. between the SDN controller and PCs on the network
B. between the SON controller and switches and routers on the network
C. between the SON controller and services and applications on the network
D. between network applications and switches and routers on the network
between the SON controller and switches and routers on the network
427
What prevents a workstation from receiving a DHCP address?
A. DTP
B. STP
C. VTP
D. 802.10
STP
428
Refer to the exhibit
R1# show ip route
D 192.168.10.0/24 [90/2679326] via 192.168.1.1
R 192.168.10.0/27 [120/3] via 192.168.1.2
O 192.168.10.0/23 [110/2] via 192.168.1.3
i L1 192.168.10.0/13 [115/30] via 192.168.1.4
How does router R1 handle traffic to 192.168.10.16?
A. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address.
B. It selects the EIGRP route because it has the lowest administrative distance.
C. It selects the OSPF route because it has the lowest cost.
D. It selects the RIP route because it has the longest prefix inclusive of the destination address
It selects the RIP route because it has the longest prefix inclusive of the destination address
429
Which type of traffic Is sent with pure IPsec?
A. broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites
B. multicast traffic from a server at one site to hosts at another location
C. spanning-tree updates between switches that are at two different sites
D. unicast messages from a host at a remote site to a server at headquarters
unicast messages from a host at a remote site to a server at headquarters
430
Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and
Provisioning of Wireless Access Points (CAPWAP) protocol?
A. bridge
B. route
C. autonomous
D. lightweight
lightweight
431
Which port type supports the spanning-tree portfast command without additional configuration?
A. access ports
B. Layer 3 main Interfaces
C. Layer 3 subinterfaces
D. trunk ports
access ports
432
What are two benefits of FHRPs? (Choose two.)
A. They prevent loops in the Layer 2 network.
B. They allow encrypted traffic.
C. They are able to bundle multiple ports to increase bandwidth
D. They enable automatic failover of the default gateway.
E. They allow multiple devices to serve as a single virtual gateway for clients in the network
They enable automatic failover of the default gateway.
They allow multiple devices to serve as a single virtual gateway for clients in the network
433
Where does wireless authentication happen?
A. SSID
B. radio
C. band
D. Layer 2
Layer 2
434
What is the purpose of an SSID?
A. It provides network security
B. It differentiates traffic entering access posits
C. It identifies an individual access point on a WLAN
D. It identifies a WLAN
It identifies an individual access point on a WLAN
