Test Questions Flashcards
Which Staetment correctly compares traditional networks and controller-based networks?
A. Only traditional networks offer a centralized control plane
B. Only traditional networks natively support centralized management
C. Traditional and controller-based networks abstract policies from device configurations
D. Only controller-based networks decouple the control plane and the data plane.
D. Only controller-based networks decouple the control plane and the data plane.
Most raditional devices use a distributed architecture, in which each control plane is resided in a networking device. Therefore they need to communicate with each other via messages to work correctly.
In contrast to distributed architecture, centralized (or controller-based) architectures centralizes the control of networking devices into one device, called SDN controller.
How does HSRP provide first hop redundancy?
A. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table.
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.
C. It forwards multiple packets to the same destination over different routed links in the data path.
D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN.
D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN.
Which two actions influence the EIGRP route selection process? (Choose two)
A. The router calculates the reported distance by multiplying the delay on the exiting interface by 256.
B. The router calculates the best backup path to the destination route and assigns it as the feasible successor.
C. The router calculates the feasible distance of all paths to the destination route.
D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link.
E. The router must use the advertised distance as the metric for any given route.
B and C.
B. The router calculates the best backup path to the destination route and assigns it as the feasible successor.
C. The router calculates the feasible distance of all paths to the destination route.
The reported distance (or advertised distance) is the cost from the neighbor to the destination. It is calculated from the router advertising the route to the network.
Which two capacities of Cisco DNA Center make it more extensible? (Choose two)
A. Adapters that support all families of Cisco IOS software.
B. SDKs that support interaction with third-party network equipment.
C. Customized versions for small, medium, and large enterprises.
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center.
E. Modular design that is upgradable as needed.
B and D.
B. SDKs that support interaction with third-party network equipment.
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center.
Cisco DNA Center offers extensibility through four capabilities:
1) Intent-based APIs
2) Process adapters built on integration APIs
3) Domain adapters (more integration APIs)
4) SDKs.
Refer to the exhibit. What does router R1 use as its OSPF router-ID?
show ip interface brief
Interface / IP-Address / Method / Status / Protocol
Fa0/0 / unassigned / NVRAM / admin down / down
Gi1/0 / 192.168.10.1 / NVRAM / up / up
Gi2/0 / 10.10.1.10 / manual / up / up
Gi3/0 / 10.10.10.20 / manual / up / up
Gi4/0 / unassigned / NVRAM / admin down / down
Loopback0 / 172.16.15.10 / manual
A. 10.10.1.10
B. 10.10.10.20
C. 172.16.15.10
D. 192.168.0.1
C. 172.16.15.10
OSPF uses the following criteria to select the router ID:
- Manual configuration of the router ID (via the “router-id x.x.x.x command under OSPF router configuration mode)
- Highest IP address on a loopback interface.
- Highest IP address on a non-loopback and active (no shutdown) interface.
Which 802.11 frame type is association response? A. management B. protected frame C. control D. action
A. management.
There are three main types of 802.11 frames: the Data Frame, the Managemnt Frame, and the Control Frame. Association Response belongs to the Managemnt Frame. Association response is sent in response to an association request.
Which API is used in controller-based architectures to interact with edge devices? A. overlay B. northbound C. underlay D. southbound
D. southbound
Which staetment identifies the functionality of virtual machines?
A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor.
B. The hypervisor can virtualize physical components including CPU, memory, and storage.
C. Each hypervisor can support a single virtual machine and asingle software switch.
D. The hypervisor communicates on Layer 3 without the need for additional resources.
B. The hypervisor can virtualize physical components including CPU, memory, and storage.
Which type of address is the public IP address of a NAT device? A. outside global B. outside local C. inside global D. inside local E. outside public F. inside public
C. inside global.
NAT uses four types of addresses:
Inside Local - The IP address assigned to a host on the inside network, and likely a private address.
Inside Global - A public IP address that represents one-or-more inside local IP addresses to the outside world.
Outside Local - The IP address of an outside hostas it is known to the hosts on the inside network.
Outside Global - IP address assigned to the host on the outside network. The owner of the host assigns this address.
Which option about JSON is true?
A. uses predefined tags or angle brackets to delimit markup text
B. used to describe structured data that includes arrays
C. used for storing information
D. similar to HTML, it is more verbose than XML.
B. used to describe structured data that includes arrays.
JSON data is written as name/value pairs. A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value - "name":"Mark" and set up an array of type string, number, object, array, boolean, or null.
{
"name":John",
"age":30,
"cars":["Ford", "BMW", F"Fiat"]
}
Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols? A. dual algorithm B. metric C. administrative distance D. hop count
C. administrative distance
Administrative distance is the feature used by routers to select the best path when there are two or more different routes to the same destination from different routing protocols. Administrative distance defines the reliability of a routing protocol.
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)
A. management interface settings
B. QoS settings
C. IP address of one or more access points.
D. SSID
E. Profile Name
D and E.
D. SSID
E. Profile name
What are two benefits of network automation? (Choose two)
A. reduced operational costs
B. reduced hardware footprint
C. Faster changes with more reliable results
D. Fewer network failures
E. Increased network security
A and C.
A. reduced operational costs
B. faster changes with more reliable results
Which command prevents passwords from being stored in the configuration as plaintext on a router or switch? A. enable secret B. service password-encryption C. username Cisco password encrypt D. enable password
B. Service password-encryption
Categorize the following into Ansible, Chef, or Puppet:
- uses Ruby for fundamental configuration elements
- uses TCP port 10002 for configuration push jobs
- uses SSH for remote device communication
- fundamental configuration elements are stored in a manifest
- uses TCP 8140 for communication
- uses YAML for fundamental congratulation elements
Ansible
- uses SSH for remote device communication
- uses YAML for fundamental congratulation elements
Chef
- uses Ruby for fundamental configuration elements
- uses TCP port 10002 for configuration push jobs
Puppet
- fundamental configuration elements are stored in a manifest
- uses TCP 8140 for communication
The focus of Ansible is to be streamlined and fast, and to require no node agent installation. Thus, Ansible performs all functions over ssh. Ansible is built on Python, in contrast to the Ruby foundation of Puppet and Chef.
TCP port 10002 is the command port. It may be configured in the Chef Push Jobs configuration file. This port allows Chef Push Jobs clients to communicate with the Chef Push Jobs server.
Puppet is an open-source configuration managemnet solution, which is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB) templates to create custom Puppet language files, offering a declerative-paradigm programming approach.
A Puppet piece of code is called a manifest, and is a file with a .pp extension.
Categorize the descriptions of file-transfer protocols between FTP and TFTP:
- does not require user authentication
- uses UDP
- uses TCP
- uses ports 20 and 21
- provides reliability when loading an IOS image upon boot up
- uses port 69
FTP
-uses TCP
uses ports 20 and 21
-provides reliability when loading and IOS image upon boot up
TFTP
- does not require user authentication
- uses UDP
- uses port 69
Drag and drop WLAN components:
1 - dynamic interface
2 - access port
3 - service port
4 - virtual interface
5 - wireless LAN controller
A - device that provides Wi-Fi devices with a connection to a wired network
B - device that manages access points
C - used to support mobility management of the WLC
D - applied to the WLAN for wireless client communication
E - used for out of band managemnt of a WLC
1D - dynamic interface / applied to the WLAN for wireless client communication
2A - access port / device that provides Wi-Fi devices with a connection to a wired network
3E - service port / used for out of band management of a WLC
4C - virtual interface / used to support mobility management of the WLC.
5B - wireless LAN controller / device that can manage access points
The service port can be used for managemnet purposes, primarily for out-of-band managemen. However, AP managemnt traffic is not possible across the service port. In most cases, the service port is used as a last resort means of accessing the controller GUI for management purposes.
A dynamic interface with the Dynamic AP Management option enabled is used as the tunnel source for packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller
The virtual interface is used to support mobility management, DHCP relay, and Layer 3 security such as guest web authentication. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when enabled.
Match the threat mitigation with the threat: 1 - Configure VACL 2 - Configure dynamic ARP Inspection 3 - Configure BPDU guard 4 - Configure root guard A - 802.1q double tagging B - ARP spoofing C - unwanted superior BPDUs D - unwanted BPDUs on PortFast-enabled interfaces
1A - VACL / 802.1q double tagging
2B - dynamic ARP inspection . ARP spoofing
3D - BPDU guard / unwanted BPDUs on PortFast-enabled interfaces
4C - root guard / unwanted superior BPDUs
VACL’s are VLAN ACLs.
Match the function with either DHCP Server or DNS Server:
1 - holds the TCP/IP settings to be distributed to the clients
2 - resolves web URLs to IP addresses
3 - stores a list of IP addresses mapped to names
4 - Assigns IP addresses to enabled clients
DHCP
- holds the TCP/IP settings to be distributed to the clients
- assigns a default gateway to a client
- assigns IP addresses to enabled clients
DNS
- resolves web URLs to IP addresses
- stores a list of IP addresses mapped to names
Match the AAA functions with the AAA services Authentication, Authorization, and Accounting:
- records user activities
- restricts the services that are available to a user
- identifies the user
- controls the actions that a user can perform
- provides analytical information for the network administratot
- verifies the password associated with a user
Authentication
- identifies the user
- verifies the password associated with auser
Authorization
- restrics the services that are available to a user
- controls the actions that a user can perform
Accounting
- records user activities
- provides analytical information for the network administrator
Match the network subnets to the correct usable host ranges: 1 - 172.28.228.144/18 2 - 172.28.228.144/21 3 - 172.28.228.144/23 4 - 172.28.228.144/25 5 - 172.28.228.144/29 A - .228.1 - .229.254 B - .224.1 - .231.254 C - .228.129 - .228.254 D - .192.1 - .255.254
.228.1 - .229.254 /23 .224.1 - .231.254 /21 .228.129 - .228.254 /25 .228.145 - .228.150 /29 .192.1 - .255.254 /18
Categorize the Cisco Wireless LAN Controller security settings as Layer 2 or Layer 3:
- web policy
- passthrough
- WPA+WPA2
- 802.1X
Layer 2
- WPA+WPA2
- 802.1X
Layer 3
- web policy
- passthrough
Layer 2 includes WPA+WPA2, 802.1X, Staic WEP, CKIP.
Layer 3 includes IPSec, VPN Passthrough, and web passthrough.
What is the benefit of using a Cisco Wireless LAN Controller?
A - Central AP management requires more complex configurations
B - Unique SSIDs cannot use the same authentication method
C - It supports autonomous and lightweight APs
D - It eliminates the need to configure each access point individually
D - It eliminates the need to configure each access point individually.
Which network allows devices to communicate without the need to access the Internet? A - 1729.0.0/16 B - 172.28.0.0/16 C - 192.0.0.0/8 D - 209.165.201.0/24
B - 172.28.0.0/16
Class B private IP ranges from 172.16 - 172.31
Which result occurs when PortFast is enabled on an interface that is connected to another switch?
A - Spanning tree may fail to detect a switching loop in the network that causes broadcast storms.
B - VTP is allowing to propagate VLAN configuration information from switch to switch automatically.
C - Root port choice and spanning tree recalculation are accelerated when a switch link goes down.
D - After spanning tree converges PortFast shuts down any port that receives BPDUs.
A - Spanning tree may fail to detect a switching loop in the network that causes broadcast storms.
Enabling PortFast causes a switch or trunk port to enter the STP forwarding-state immediately, thus bypassing the listening and learning states. The command on a port is spanning-tree portfast trunk.
When configuringg a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (choose two) A - ASCII B - Base64 C - Binary D - Decimal E - Hexadecimal
A and E
A - ASCII
E - Hexadecimal
The Preshared Key encryption key can be either ASCII or HEX.
Two switches are connected and using Cisco Dynamic Trunking Protocol SW1 is set to Dynamic Desirable. What is the result of this configuration?
A - The link is in a downstaet
B - The link is in an error disabled state
C - The link becomes an access port
D - The link becomes a trunk port
D - The link becomes a trunk port.
When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (choose two) A - 2000: /3 B - 2002: 5 C - FC00::/7 D - FF02::1 E - FF02::2
D and E
D - FF02::1
E - FF02::2
When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and solicited-node (FF02::1:FFxx:xxxx) multicast groups.
Which MAC address is recognized as a VRRP virtual address? A - 0000.5E00.010A B - 0005.3711.0975 C - 0000.0C07.AC99 D - 0007.C070/AB01
A - 0000.5E00.010A
VRRP MAC’s start with 0000.5E00.01xx
In which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?
A - A spine switch and a leaf switch can be added with redundant connections between them
B - A spine switch can be added with at least 40 GB uplinks
C - A leaf switch can be added with a single connection to a core spine switch
D - A leaf switch can be added with connections to every spine switch.
D - A leaf switch can be added with connections to every spine switch.
Which type of wireless encryption is used for WPA2 in pre-shared key mode? A - TKIP with RC4 B - RC4 C - AES-128 D - AES-256
D - AES-256
64-characters (or 256 bits are required)
What makes Cisco DNA Center different from traditional network management applications and their management of networks?
A - It only supports auto-discovery of network elements in a green field deployment.
B - Its modular design allows someone to implement different versions to meet the specific needs of an organization.
C - It abstracts policy from the actual device configuration
D - It does not support high availability of management functions when operating in cluster mode.
C - It abstracts policy from the actual device configuration.
Which two actions are performed by the Weighted Random Early Detection mechanism (choose two)?
A - It drops lower-priority packets before it drops higher-priority packets.
B - It can identify different flows with a high level of granularity
C - It guarantees the delivery of high-priority packets
D - It can mitigate congestion by preventing the queue from filling up
E - It supports protocol discovery
A and D
A - It drops lower-priority packets before it drops higher-priority packets.
D - It can mitigate congestion by preventing the queue from filling up.
WRED is a congestion avoidance mechanism, dropping packets based on precedence. The lower the precedence, the increased likelihood of being dropped.
A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB? A - CDP B - SNMP C - SMTP D - ARP
B - SNMP
SNMP leverages MIBs
An engineer is bringing up a new circuit to the MPLS provider on Gi0/1 on Router 1. The new circuit uses eBGP and teams the route to VLAN25 from the BGP path. What is the expected behavior for the traffic flow for route 10.10.13.0/25?
A - Traffic is load balnced out of multiple interfaces
B - Route is updates in the routing table as being learned from Gi0/1
C - Traffic is symettrical
D - Route is learned via Gi0/0 and remains in the routing table.
B - Route to 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.
The Administrative Distance of eBGP (20) is smaller than that of OSPF (110) so the route will be updated as being learned from the new BGP path.
Which action is taken by a switch port enabled for PoE power classification override?
A - When a powered device begins drawing power from a PoE switch port a syslog message is generated.
B - As power usage on a PoE switch port is checked data flow to the connected device is temporarily paused.
C - If a switch determines that a device is using less than the minimum configured power it assums the device has failed and disconnects.
D - If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled.
D - If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled.
Which type of route does R1 use to reach host 10.10.13.10/32?
show ip route
10.10.13.0/25 via 10.10.10.1 Fa0/1
A - floatic static route
B - host route
C - default route
D - network route
D - network route
The entry uses a /25 which is a network route.
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol? A - on B - auto C - active D - desirable
A - on
Static Persistance (or “on” mode) requires no negotiation.
An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode? A - Exchange B - 2-way C - Full D - Init
C - Full
Which configuration is needed to generate an RSA key for SSH on a router? A - Configure the version of SSH B - Configure VTY access C - Create a user with a password D - Assign a DNS domain name
D - Assign a DNS domain name.
An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own OS on a virtual machine? A - platform-as-a-service B - software-as-a-service C - network-as-a-service D - infrastructure-as-a-service
D - Infrastructure as a service
Which action do the switches take on the trunk link. SW1: int fa0/1 switchport trunk encapsulation dot1q dwitchport runk native vlan 999 switchport mode trunk
SW2: int fa0/1 switchport runk encapsulation dot1q switchport trunk native vlan 99 switchport mode trunk
A - The trunk does not form and the ports go into an err-disabled status
B - The trunk forms but the mismatched native VLANs are merged into a single broadcast domain
C - The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link
D - The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state
B - The trunk forms but he mismatched native VLANs are merged into a single broadcast domain.
The trunk still forms with mismatched native VLANs and the traffic can actually flow between mismatched switches. The two VLANs are effectively merged.
Which design element is a best practice when depoying an 802.11b wireless infrastructure?
A - disabling TPC so that access points can negotiate signal levels with their attached wireless devices.
B - setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller
C - allocating non-overlapping channels to access-points that are in close physical proximity to one another
D - configuring access points to provide clients with a maximum of 5 Mbps
C - Allocating non-overlapping channels to access points that are in close physical proximity to one another.
Refer to the exhibit. If OSPF is running on this network, how does Router 2 handle traffic from Site B to 10.10.13/25 at Site A.
O 10.10.13.0/25 [110/11] via 10.10.109 and 10.10.10.13, 00:00:03, Fa0/2 and 0/1
A - It sends packets out of interface Fa0/2 only
B - It sends packets out of interface Fa0/1 only
C - It cannot send packets to 10.10.13.128/25
D - It load-balances traffic out of Fa0/1 and Fa0/2
C - Router2 does not have an entry for 10.10.13.128/25.
A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two) A - runts B - giants C - frame D - CRC E - input errors
D and E
D - CRC
E - Input Errors
Which two must be met before SSH can operate normally on a Cisco IOS switch? (choose two)
A - The switch must be running a k9 (crypto) IOS image
B - The IP domain-name command must be configured on the switch
C - IP routin must be enabled on the switch
D - A console password must be configured on the switch
E - Telnet must be disabled on the switch
A and B
A - The switch must be running a k9 (crypto) IOS image
B - The IP domain-name command must be configured on the switch.
If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond?
A - It ignores the new staic route until the existing OSPF default route is removed.
B - It immediately replaces the existing OSPF route in the routing table with the newly configured static route.
C - It starts load-balancing traffic between the two default routes.
D - It starts sending traffic without a specific matching entry in the routing table to Gigabit Ethernet 0/1
A - It ignores the new static route until the existing OSPF default route is removed.
A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration applied to switch A accomplishes this task? A - ip access-list extended wwwblock permit ip any any deny tcp any host 10.30.0.100 eq 80 int vlan 20 ip access-group wwwblock in B - ip access-list extended wwwblock permit ip any any deny tcp any host 10.30.0.100 eq 80 int vlan 30 ip access-group wwwblock in C - ip access-list extended wwwblock deny tcp any host 10.30.0.100 eq 80 int vlan 10 ip access-group wwwblock in D - ip access-list extended wwwblock deny tcp any host 10.30.0.100 eq 80 permit ip any any int vlan 20 ip access-group wwwblock in
D - ip access-list extended wwwblock deny tcp any host 10.30.0.100 eq 80 permit ip any any int vlan 20 ip access-group wwwblock in
Look for DENY first and VLAN 20 next.
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path? A - cost B - administrative distance C - metric D - as-path
C - metric
If a router learns two different paths for the same network from the same routing protocol, it has to decide which route is better and will be placed in the routing table. Metric is the measure used to decide with route is better (lower the better).
An extended ACL has been configured and applied to router R2. The configuration failed to work as intended. Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two).
A - Add a “permit ip any any” statement to the beginning of ACL 101 for allowed traffic.
B - Add a “permit any any” statement to the end of ACL 101 for allowed traffic.
C - The source and destination IPs must be swapped in ACL 101.
D - The ACL must be configured the Gi0/2 interface inbound on R1.
E - The ACL must be moved to the Gi0/1 interface on R2.
B and C.
B - Add a “permit ip any any” statement to the end of ACL 101 for allowed traffic
C - The source and destination IPs must be swapped in ACL 101
What is the primary diffrence between AAA authentication and authorization?
A - Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.
B - Authentication identifies auser who is attempting to access a system, and authorization validates the users password.
C - Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perfrom.
D - Authentication controls the system processes a user can access and authorization logs the activities the user initiates.
C - Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
When a floating static route is configured, which action ensures that the backup route is used when the primary route fails?
A - The floating staic route must have a higher administrative distance than the primary route so it is used as a backup
B - The administrative distance must be higher on the primary route so that he backup route becomes secondary
C - The floating static route must have a lower administrative distance than the primary route so it is used as a backup.
D - The default-information asdfasdfda
A - The floating static route must have a higher administrative distance than the primary route so it is used as a backup.
FLOATING STATIC = HIGHER
Which two outcomes are predictable behaviors for HSRP? (Choose two)
A - The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
B - The two routers negotiate one router as the active router and the other as the standby router
C - Each router has a different IP address both routers act as the default gateway on the LAN and traffic is load balanced btween them
E - The two routed share the same IP address and default gateway traffic is load-balanced between them.
A and B.
A - The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.
B - The routers negotiate one router as the active router and the other as the standby router.
Which password must an engineer use to enter the enable mode? username ciscoadmin password adminadmin123 username ciscoadmin privilege 15 enable password cisco123 enable secret testing1234 A - adminadmin123 B - default C - testing1234 D - cisco123
C - testing1234
enable secret will be used before enable password
How do TCP and UDP differ in the way that they establish a connection between two endpoints?
A - TCP uses synchronization packets and UDP uses acknowledgement packets.
B - UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK, and ACK bits
C - UDP provides reliable message transfer and TCP is a connectionless protocol
D - TCP uses the three-way handshake and UDP does not guarantee message delivery
D - TCP uses the three-way handshake and UDP does not guarantee message delivery
When a site-to-site VPN is used, which protocol is responsible for the transport of user data? A - IKEv2 B - IKEv1 C - IPsec D - MD5
C. IPsec
IPsec DOES site-to-site VPN
What is the primary effect of the spanning-tree port fast command?
A - It enable BPDU messages
B - It minimizes spanning-tree convergence time
C - It immediately puts the port into the forwarding state when the switch is reloaded
D - It immediately enables the port in the listening state
C - It immediately puts the port into the forwarding state when the switch is reloaded
Should only be used on edge. Decreases convergence time.
Which staetment about Link Aggregation when implemented on aCisco Wireless LAN Controller is true?
A - To pass client traffic two or more ports must be configured.
B - The EtherChannel must be configured in “mode active”
C - When enabled the WLC bandwidth drops to 500 Mbps
D - One functional physical port is needed to pass client traffic
D - One functional physical port is needed to pass client traffic
Which route does R1 select for traffic that is destined to 192.168.16.2?
i Li 192.168.16.0/27 via [115/30] 192.168.1.4
A - 192.168.16.0/21
B - 192.168.16.0/24
C - 192.168.26.0/26
D - 192.168.16.0/27
D - 192.168.16.0/27
The longest prefix match rule.
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two)
A - Enable NTP authentication
B - Verify the time zone
C - Disable NTP broadcasts
D - Specify the IP address of the NTP server
E - Set the NTP server private key
A and D.
A - Enable NTP authentication
D - Specify the IP address of the NTP server
Refer to the exhibit. Which command provides this output? Router# Capability Codes: R-Router... Device ID / Local Interface / Holdtime / Capability / Platform A - show ip route B - show ip interface C - show interface D - show cdp neighbor
D - show cdp neighbor
Which set of action satisfies the requirement for multi-factor authentication?
A - The user swipes a key fob, then clicks through an email link
B - The user enters a user name and password, adn then clicks a notification in an authentication app on a mobile device
C - The user enters a PIN into an RSA token and then enters the displayed RSA key on a login screen
D - The user enters a user name and password and then re-enters the credentials on a second screen
B - The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device.
Which mode allows access points to be managed by Cisco Wireless LAN Controllers? A - autonomous B - lightweight C - bridge D - mobility express
B - lightweight
A Lightweight Access Point (LAP) is an AP that is designed to be connected to a wireless (WLAN) controller (WLC).
Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor.
What is the administrative distance of the route that will be installed in the routing table?
A - 20
B - 90
C - 110
D - 115
B - 90
The Administrative Distance of EIGRP is 90 (OSPF is 110)
What is the effect of this configuration?
ip arp inspection vlan 2
interface fa0/1
switchport mode access
switchport access vlan 2
A - The switchport interface trust state becomes untrusted
B - The switchport remains admin down until the interface is connected to another switch
C - Dynamic ARP inspection is disabled because the ARP ACL is missing
D - The switchport remains down until it is configured to trust or untrust incoming packets
A - The switchport interface trust state becomes untrusted
Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings, preventing man-in-the-middle attacks. All ports become untrusted ports.
Which prefix does Router 1 use for traffic to Host A (10.10.13.214)? A - 10.10.10.0/28 B - 10.10.13.0/25 C - 10.10.13.144/28 D - 10.10.13.208/29
D - 10.10.13.208/29
Longest prefix.
What are two characteristics of a controller-based network? (Choose two)
A - The admin can make config updates from the CLI
B - It uses northbound and southbound APIs to communicate between architectural layers
C - It moves the control plane to a central pint
D - It decentralizes the control plane, which allows each device to make its own forwarding decisions
E - It uses Telnet to report system issues
B and C
B - It uses northbound and southbound APIs to communicate between architectural layers
C - It moves the control plane to a central point
Which statement explains the configuration error message that is received?
interface gi1/0/1
ip address 192.168.16.143 255.255.255.240
Bad mask /28
A - It is a broadcast IP address
B - The router does not support /28 mask
C - It belongs to a private IP address range
D - It is a network IP address
A - It is a broadcast IP address
Categorize the transport protocols as TCP or UDP:
- DHCP
- FTP
- SMTP
- SSH
- SNMP
- TFTP
TCP
- FTP
- SMTP
- SSH
UDP
- DHCP
- SNMP
- TFTP
Which command must you enter to guarantee that an HSRP router with higher priority becomes the HSRP primary router after it is reloaded? A - standby 10 preempt B - standby 10 version 1 C - standby 10 priority 150 D - standby 10 version 2
A - standby 10 preempt
PREEMPT command enables the HSRP router with the highest priority to immediately become the active router.
Which command should you enter to verify the priority of a router in an HSRP group? A - show hsrp B - show sessions C - show interfaces D - show standby
D - show standby
NOT SHOW HSRP
Show Standby
Which command should you enter to configure a device as an NTP server? A - ntp server B - ntp peer C - ntp authenticate D - ntp master
D - ntp master
To configure a Cisco device as an Authoritative NTP server, use the ntp master command.
Which two pieces of information can you determine from the output of the show ntp status command? (Choose two)
A - whether the NTP peer is statically configured
B - the IP address of the peer to which the clock is synchronized
C - the configured NTP servers
D - whether the clock is synchronized
E - the NTP version numberof the peer
B and D.
B - the IP address of the peer to which the clock is synchronized.
D - whether the clock is synchronized.
Which effect does the aaa new-model configuration command have?
A - It enables AAA services on the device
B - It configures the device to connect to a RADIUS server for AAA
C - It associates a RADIUS server to a group
D - It configures a local user on the device
A - It enables AAA services on the device.
Which command would you use to configure a staic route on Router1 to network 192.168.202.0/24 with a nondefault administrative distance?
A - ip route 192.168.202.0 255.255.255.0 192.168.201.2 1
B - ip route 192.168.202.0 255.255.255.0 192.168.201.2 5
B - ip route 192.168.202.0 255.255.255.0 192.168.201.2 5
The default AD of static routes are 1
What is the destination MAC address of a broadcast frame? A - 00:00:adsfasdf B - ff:ff:ff:ff:ff:ff C - asdfasdfsad D - adsfasdfdsa
B - ff:ff:ff:ff:ff:ff
Which command is used to enable LLDP globally on Cisco IOS ISR? A - lldp run B - lldp enable C - lldp transmit D - cdp run E - cdp enable
A - lldp run
NOT ENABLE
lldp run
Which of the following dynamic routing protocols are Distance Vector routing protocols? A - IS-IS B - EIGRP C - OSPF D - BGP E - RIP
B and E
B - EIGRP
E - RIP
You have configured a router with an OSPF router ID, but its IP address still reflects the physical interface. Which action can you take to correct the problem in the least disruptive way? A - Reload the OSPF process B - Specify a loopback address C - Reboot the router D - Save the router configuration
A - Reload the OSPF process
Clear OSPF process
Match the following benefits of acisco wireless LAN controller to the example:
A - Dynamic RF Feature
B - Easy Deployment Process
C - Optimized user performance
D - Easy upgrade process
1 - Controller provides centralized management of users and VLANs
2 - Access points auto adjust signal strength
3 - Controller image auto deployed to access points
4 - Controller uses loadbalancing to maximize throughput
1B - Dynamic RF Feature / Access points auto-adjust signal strength
2A - Easy deployment process / Controller provides centralized management of users and VLANs
3D - Optimized user performance / Controller uses loadbalancing to maximize throughput
4C - Easy upgrade process / Controller image auto-deployed to access points
Which command should you enter to configure an LLDP delay time of 5 seconds? A - lldp timer 5000 B - lldp holdtime 5 C - lldp reinit 5000 D - lldp reinit 5
D - lldp reinit 5
NOT TIMER OR HOLDTIME
reinit
Which keywords in a NAT configuration enables the use of one outside IP address for multiple inside hosts? A - source B - static C - pool D - overload
D - overload
Addid the keyword “overload” at the end of a NAT statement, NAT becomes PAT which maps multiple private IP addresses to a single public IP address.
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller? A - sniffer B - mesh C - flex connect D - local
C - flex connect
FlexConnect access points can act as a standalone when disconnected from the access point.
Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment? A - Bronze B - Platinum C - Silver D - Gold
B - Platinum Platinum - Voice Gold - Video Silver - Best Effort Bronze - Background
With which metric was the route to host 172.16.0.202 learned? O 172.15.0.128/25 110/38443 xxxxxx A - 0 B - 110 C - 38443 D - 3184439
C - 38443
Longest-prefix match
When OSPF learns multiple paths to a network ow does it select a route?
A - It multiplies the active K value by 256
B - For each existing interface, it adds the metric from the source router
C - It divides the reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.
D - It counts the number of hops between the source router and the destination to determine the router with the lowest metric.
C - It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.
DIVIDES REFERENCE BANDWIDTH
After the switch configuration, the ping test fails between PC A and PC B. Which error must be corrected?
Switch 1: Native Vlan 1
Switch 2: Native VLAN 99
A - There is a native VLAN mismatch
A - There is a native VLAN mismatch
Which command enables a router to become a DHCP client? A - ip address dhcp B - ip helper address C - ip dhcp pool D - ip dhcp client
A - ip address dhcp
Which two encoding methods are supported by REST APIs? (Choose two) A - YAML B - JSON C - EBCDIC D - SGML E - XML
B and E.
B - JSON
E - XML
What is the effect of this configuration?
ip arp inspection vlan 5-10
int fa-/1
switchport mode access
switchport access vlan 5
A- All ARP prackets are dropped by the switch
B - Egress traffic is passed only if the destination is a DHCP server
C - All ingress and egress traffic is dropped because the interface is untrusted
D - The switch discards all ingress ARP traffic with invalid MAC-to-IP address bridge
D - The switch discards all ingress ARP traffic with invalid MAC-to-IP address vindings.
ARP inspection is an ingress security feature.
In a CDP environment, what happens when the CDP interface on an adjacent device is configured without an IP address?
A - CDP becomes inoperable on that neighbor
B - CDP uses the IP address of another interface for that neighbor
C - CDP operates normally, but it cannot provide IP address information for that neighbor
D - CDP operates normally, but it cannot provide any information for that neighbor
C - CDP operates normally, but it cannot provide IP address information for that neighbor
When PC1 sends a packet to PC2, which source and destinations IPs are when it it arrives at int Gi0/0 on router R2.
C - source 192.168.10.10 and destination 192.168.20.10
C - source 192.168.10.10 destination 192.168.20.10
The source and destination IP addresses of the packets are unchanged all the way.
Which feature or protocol determines whether the QOS on the network is sufficient to support IP services? A - LLDP B - CDP C - IP SLA D - EEM
C - IP SLA
An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was safe but he link could have contained malicious code. Which type of security program is in place? A - Physical access control B - Social engineering attack C - Brute force attack D - User Awareness
D - User Awareness
This is a training program which simulates an attack.
What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received?
A - The Layer 2 switch drops the received frame
B - The Layer 2 switch floods packets to all pors except the receiving port in the given VLAN
C - The Layer 2 switch sends a copy of packet to CPU for destination MAC address learning
D - The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address table
B - The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN.
An engineer configured NAT translations and has verified that he configuration is correct:
sh ip nat translations
What IP address is the source IP?
A. 10.4.4.4
A - 10.4.4.4
The source IP address is the IP address of the sending packets so it is the “inside local” address.
New York Atlanta Washington. Which two tasks must be performed so that the Serial0/0/0 interface on the Atlanta and Washington routers can reach one another? (Choose two)
D - Configure the ipv6 route 2023::126 2012::2 command on the Atlanta router
E - Configure the ipv6 route 2012 :/126 2023::2 command on the Washington router
D and E.
Both ::2 answers.
ipv6 route next-hop-IPv6-address | exit-interface
A user configured OSPF and advertised the Gigabit Ethernet Interface in OSPF by default, which type of OSPF network does this interface belong to? A - point-to-multipoint B - point-to-point C - Broadcast D - nonbroadast
C - Broadcast
Broadcast is the default
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two)
A - Configure the ports in an EtherChannel
B - Administratively shut down the ports
C - Configure the port type as access and place in VLAN 99
D - Configure the ports as trunk ports
E - Enable the Cisco Discovery Protocol
B and C
B - Admin shut down
C - Blackout VLAN 99
Which output represents a JSON data representations?
D - The one with all “:” delimeters
D - The one with all the “:” delimeters
An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement? A - WEP B - RC4 C - AES D - TKIP
C - AES
When configuring an EtherChannel bundle, which mode enables LACP only if a LACP device is detected? A - Passive B - Desirable C - On D - Auto E - Active
A - Passive
