Multiple Choice Questions
1. What are two benefits of
network automation? (Choose two)
§
A. reduced operational costs
§
B. reduced hardware footprint
§
C. faster changes with more reliable results
§
D. fewer network failures
§
E. increased network security
Correct Answer: AC
Section:
Automation and Programmability
2. Which command enables a
router to become a DHCP client?
§
A. ip address dhcp
§
B. ip helper-address
§
C. ip dhcp pool
§
D. ip dhcp client
Correct Answer: A
Section:
IP Services
Explanation/Reference: If we want to get an IP
address from the DHCP server on a Cisco device, we can use the command “ip
address dhcp”.
Note: The command “ip helper-address” enables a router to become a DHCP Relay
Agent.
Reference: Click here
3. Which design element is a
best practice when deploying an 802.11b wireless infrastructure?
§
A. disabling TPC so that access points can negotiate signal
levels with their attached wireless devices
§
B. setting the maximum data rate to 54 Mbps on the Cisco
Wireless LAN Controller
§
C. allocating nonoverlapping channels to access points that are in
close physical proximity to one another
§
D. configuring access points to provide clients with a maximum
of 5 Mbps
Correct Answer: C
Section:
Network Access
4. When configuring IPv6 on an
interface, which two IPv6 multicast groups are joined? (Choose two)
§
A. 2000::/3
§
B. 2002::5
§
C. FC00::/7
§
D. FF02::1
§
E. FF02::2
Correct Answer: DE
Section:
Network Fundamentals
Explanation/Reference: When an interface is
configured with IPv6 address, it automatically joins the all nodes (FF02::1)
and solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all-node group is
used to communicate with all interfaces on the local link, and the
solicited-nodes multicast group is required for link-layer address resolution.
Routers also join a third multicast group, the all-routers group (FF02::2).
Reference: Click here
5. Which option about JSON is
true?
§
A. uses predefined tags or angle brackets (<>) to delimit
markup text
§
B. used to describe structured data that includes arrays
§
C. used for storing information
§
D. similar to HTML, it is more verbose than XML
Correct Answer: B
Explanation/Reference: JSON data is
written as name/value pairs.
A name/value pair consists of a field name (in double quotes), followed by a
colon, followed by a value:
“name”:”Mark”
JSON can use arrays. Array values must be of type string, number, object,
array, boolean or null..
For example:
{
“name”:”John”,
“age”:30,
“cars”:[ “Ford”, “BMW”, “Fiat” ]
}
6. Which IPv6 address type
provides communication between subnets and cannot route on the Internet?
§
A. global unicast
§
B. unique local
§
C. link-local
§
D. multicast
Correct Answer: B
Section:
Network Fundamentals
Explanation/Reference: A IPv6 Unique Local
Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6
counterpart of the IPv4 private address. It is not routable on the global
Internet.
Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private
IP addresses in IPv4 but now they are deprecated.
Link-local addresses only used for communications within the local subnet. It
is usually created dynamically using a link-local prefix of FE80::/10 and a
64-bit interface identifier (based on 48-bit MAC address).
7. Which command prevents
passwords from being stored in the configuration as plaintext on a router or
switch?
§
A. enable secret
§
B. service password-encryption
§
C. username Cisco password encrypt
§
D. enable password
Correct Answer: B
Section:
Security Fundamentals
8. What are two southbound
APIs? (Choose two )
§
A. OpenFlow
§
B. NETCONF
§
C. Thrift
§
D. CORBA
§
E. DSC
Correct Answer: AB
Section:
Automation and Programmability
Explanation/Reference: OpenFlow is a
well-known southbound API. OpenFlow defines the way the SDN Controller should
interact with the forwarding plane to make adjustments to the network, so it
can better adapt to changing business requirements.
The Network Configuration Protocol (NetConf) uses Extensible Markup Language
(XML) to install, manipulate and delete configuration to network devices.
Other southbound APIs are:
+ onePK: a Cisco proprietary SBI to inspect or modify the network element
configuration without hardware upgrades.
+ OpFlex: an open-standard, distributed control system. It send “summary
policy” to network elements.
9. Which set of action satisfy
the requirement for multifactor authentication?
§
A. The user swipes a key fob, then clicks through an email link.
§
B. The user enters a user name and password, and then clicks a
notification in an authentication app on a mobile device.
§
C. The user enters a PIN into an RSA token, and then enters the
displayed RSA key on a login screen.
§
D. The user enters a user name and password and then re-enters
the credentials on a second screen.
Correct Answer: B
Section:
Security Fundamentals
Explanation/Reference: This is an example
of how two-factor authentication (2FA) works:
1. The user logs in to the website or service with their username and password.
2. The password is validated by an authentication server and, if correct, the
user becomes eligible for the second factor.
3. The authentication server sends a unique code to the user’s second-factor
method (such as a smartphone app).
4. The user confirms their identity by providing the additional authentication
for their second-factor method.
10. Which two capacities of
Cisco DNA Center make it more extensible? (Choose two)
§
A. adapters that support all families of Cisco IOS software
§
B. SDKs that support interaction with third-party network
equipment
§
C. customized versions for small, medium, and large enterprises
§
D. REST APIs that allow for external applications to interact
natively with Cisco DNA Center
§
E. modular design that is upgradable as needed
Correct Answer: BD
Section:
Automation and Programmability
Explanation/Reference: Cisco DNA Center
offers 360-degree extensibility through four distinct types of platform
capabilities:
+ Intent-based APIs leverage the controller and enable business and IT
applications to deliver intent to the network and to reap network analytics and
insights for IT and business innovation.
+ Process adapters, built on integration APIs, allow integration with other IT
and network systems to streamline IT operations and processes.
+ Domain adapters, built on integration APIs, allow integration with other
infrastructure domains such as data center, WAN, and security to deliver a
consistent intent-based infrastructure across the entire IT environment.
+ SDKs allow management to be extended to third-party vendor’s network devices
to offer support for diverse environments.
11. An email user has been
lured into clicking a link in an email sent by their company’s security
organization. The webpage that opens reports that it was safe but the link
could have contained malicious code.
Which
type of security program is in place?
§
A. Physical access control
§
B. Social engineering attack
§
C. brute force attack
§
D. user awareness
Correct Answer: D
Section:
Security Fundamentals
Explanation/Reference: This is a training
program which simulates an attack, not a real attack (as it says “The webpage
that opens reports that it was safe”) so we believed it should be called a
“user awareness” program.
Therefore the best answer here should be “user awareness”. This is the
definition of
“User awareness” from CCNA 200- 301 Offical Cert Guide Book:
“User awareness: All users should be made aware of the need for data
confidentiality to protect corporate information, as well as their own credentials
and personal information. They should also be made aware of potential threats,
schemes to mislead, and proper procedures to report security incidents. ” Note:
Physical access control means infrastructure locations, such as network closets
and data centers, should remain securely locked.
12. Which type of wireless
encryption is used for WPA2 in pre-shared key mode?
§
A. TKIP with RC4
§
B. RC4
§
C. AES-128
§
D. AES-256
Correct Answer: D
Section:
Security Fundamentals
Explanation/Reference: We can
see in this picture we have to type 64 hexadecimal characters (256 bit) for the
WPA2 passphrase so we can deduce the encryption is AES-256, not AES-128.
Reference: Click here
13. Which two must be met
before SSH can operate normally on a Cisco IOS switch? (Choose two)
§
A. The switch must be running a k9 (crypto) IOS image.
§
B. The ip domain-name command must be configured on the switch.
§
C. IP routing must be enabled on the switch.
§
D. A console password must be configured on the switch.
§
E. Telnet must be disabled on the switch.
Correct Answer: AB
Section:
Network Access
Explanation/Reference:
Reference: Click here
14. Which type of address is
the public IP address of a NAT device?
§
A. outside global
§
B. outsdwde local
§
C. inside global
§
D. insride local
§
E. outside public
§
F. inside public
Correct Answer: C
Explanation/Reference: NAT use four types of
addresses:
* Inside local address – The IP address assigned to a host on the inside
network. The address is usually not an IP address assigned by the Internet
Network Information Center (InterNIC) or service provider.
This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or
service provider that represents one or more inside local IP addresses to the
outside world.
* Outside local address – The IP address of an outside host as it is known to
the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside
network. The owner of the host assigns this address.
15. Refer to the exhibit. Which
prefix does Router 1 use for traffic to Host A?
§
A. 10.10.10.0/28
§
B. 10.10.13.0/25
§
C. 10.10.13.144/28
§
D. 10.10.13.208/29
Correct Answer: D
Section:
Network Fundamentals
Explanation/Reference: Host A address fall
within the address range. However, if more than one route to the same subnet
exist (router will use the longest stick match, which match more specific route
to the subnet). If there are route 10.10.13.192/26 and 10.10.13.208/29, the router
will forward the packet to /29 rather than /28.
16. How does HSRP provide first
hop redundancy?
§
A. It load-balances traffic by assigning the same metric value
to more than one route to the same destination m the IP routing table.
§
B. It load-balances Layer 2 traffic along the path by flooding
traffic out all interfaces configured with the same VLAN.
§
C. It forwards multiple packets to the same destination over
different routed links n the data path.
§
D. It uses a shared virtual MAC and a virtual IP address to a
group of routers that serve as the default gateway for hosts on a LAN.
Correct Answer: D
Section:
IP Connectivity
Explanation/Reference:
Reference: Click here
17. In Which way does a
spine-and-leaf architecture allow for scalability in a network when additional access
ports are required?
§
A. A spine switch and a leaf switch can be added with redundant
connections between them.
§
B. A spine switch can be added with at least 40 GB uplinks.
§
C. A leaf switch can be added with a single connection to a core
spine switch.
§
D. A leaf switch can be added with connections to every spine
switch.
Correct Answer: D
Section:
Network Fundamentals
Explanation/Reference:
Spine-leaf architecture is typically deployed as two layers:
spines (such as an aggregation layer), and leaves (such as an access layer).
Spine-leaf topologies provide high-bandwidth, low-latency, nonblocking
server-to-server connectivity.
Leaf (aggregation) switches are what provide devices access to the fabric (the
network of spine and leaf switches) and are typically deployed at the top of
the rack. Generally, devices connect to the leaf switches.
Devices can include servers, Layer 4-7 services (firewalls and load balancers),
and WAN or Internet routers. Leaf switches do not connect to other leaf
switches. In spine-and-leaf architecture, every leaf should connect to every
spine in a full mesh.
Spine (aggregation) switches are used to connect to all leaf switches and are
typically deployed at the end or middle of the row. Spine switches do not
connect to other spine switches.
18. Which two actions are
performed by the Weighted Random Early Detection mechanism? (Choose two)
§
A. It drops lower-priority packets before it drops higher-priority
packets.
§
B. It can identify different flows with a high level of
granularity.
§
C. It guarantees the delivery of high-priority packets.
§
D. It can mitigate congestion by preventing the queue from filling
up.
§
E. It supports protocol discovery.
Correct Answer: AD
Section:
IP Services
Explanation/Reference: Weighted
Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED
drops packets selectively based on IP precedence. Edge routers assign IP
precedences to packets as they enter the network. When a packet arrives, the
following events occur:
1. The average queue size
is calculated.
2. If the average is less than the minimum queue threshold, the arriving packet
is queued.
3. If the average is between the minimum queue threshold for that type of
traffic and the maximum threshold for the interface, the packet is either
dropped or queued, depending on the packet drop probability for that type of
traffic.
4. If the average queue size is greater than the maximum threshold, the packet
is dropped. WRED reduces the chances of tail drop (when the queue is full, the
packet is dropped) by selectively dropping packets when the output interface
begins to show signs of congestion (thus it can mitigate congestion by
preventing the queue from filling up). By dropping some packets early rather
than waiting until the queue is full, WRED avoids dropping large numbers of
packets at once and minimizes the chances of global synchronization. Thus, WRED
allows the transmission line to be used
fully at all times.
WRED generally drops packets selectively based on IP precedence.
Packets with a higher IP precedence are less likely to be dropped than packets
with a lower precedence. Thus, the higher the priority of a packet, the higher
the probability that the packet will be delivered (-> answer A is correct).
19. A network engineer must
back up 20 network router configurations globally within a customer
environment. Which protocol allows the engineer to perform this function using
the Cisco IOS MIB?
§
A. CDP
§
B. SNMP
§
C. SMTP
§
D. ARP
Correct Answer: B
Section:
IP Services
Explanation/Reference: SNMP is an
application-layer protocol that provides a message format for communication
between SNMP managers and agents. SNMP provides a standardized framework and a
common language used for the monitoring and management of devices in a network.
The SNMP framework has three parts:
+ An SNMP manager
+ An SNMP agent
+ A Management Information Base (MIB)
The Management Information Base (MIB) is a virtual information storage area for
network management information, which consists of collections of managed
objects.
With SNMP, the network administrator can send commands to multiple routers to
do the backup.
20. Refer to the exhibit. What
is the effect of this configuration?
§
A. The switch port interface trust state becomes untrusted.
§
B. The switch port remains administratively down until the
interface is connected to another switch.
§
C. Dynamic ARP inspection is disabled because the ARP ACL is
missing.
§
D. The switch port remains down until it is configured to trust
or untrust incoming packets.
Correct Answer: A
Section:
Security Fundamentals
Explanation/Reference: Dynamic ARP
inspection (DAI) is a security feature that validates ARP packets in a network.
It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address
bindings. This capability protects the network from certain man-in-the-middle
attacks. After enabling DAI, all ports become untrusted ports.
21. A frame that enters a
switch fails the Frame Check Sequence. Which two interface counters are
incremented? (Choose two)
§
A. runts
§
B. giants
§
C. frame
§
D. CRC
§
E. input errors
Correct Answer: DE
Section:
Network Fundamentals
Explanation/Reference: Whenever
the physical transmission has problems, the receiving device might receive a
frame whose bits have changed values. These frames do not pass the error
detection logic as implemented in the FCS field in the Ethernet trailer. The
receiving device discards the frame and counts it as some kind of input error.
Cisco switches list this error as a CRC error. Cyclic redundancy check (CRC) is
a term related to how the FCS math detects an error.
The “input errors” includes runts, giants, no buffer, CRC, frame, overrun, and
ignored counts.
The output below show the interface counters with the “show interface s0/0/0”
command:
22. How do TCP and UDP differ
in the way that they establish a connection between two endpoints?
§
A. TCP uses synchronization packets, and UDP uses acknowledgment
packets.
§
B. UDP uses SYN, SYN ACK and FIN bits in the frame header while
TCP uses SYN, SYN ACK and ACK bits.
§
C. UDP provides reliable message transfer and TCP is a
connectionless protocol.
§
D. TCP uses the three-way handshake and UDP does not guarantee
message delivery.
Correct Answer: D
Section:
Network Fundamentals
23. When OSPF learns multiple
paths to a network, how does it select a route?
§
A. It multiple the active K value by 256 to calculate the route
with the lowest metric.
§
B. For each existing interface, it adds the metric from the
source router to the destination to calculate the route with the lowest
bandwidth.
§
C. It divides a reference bandwidth of 100 Mbps by the actual
bandwidth of the existing interface to calculate the router with the lowest
cost.
§
D. It count the number of hops between the source router and the
destination to determine the router with the lowest metric.
Correct Answer: C
Section:
IP Connectivity
24. Refer to the exhibit. Which
password must an engineer use to enter the enable mode?
§
A. adminadmin123
§
B. default
§
C. testing1234
§
D. cisco123
Correct Answer: C
Section:
Network Access
Explanation/Reference: If neither the
enable password command nor the enable secret command is configured, and if
there is a line password configured for the console, the console line password
serves as the enable password for all VTY sessions -> The “enable secret”
will be used first if available, then “enable password” and line password.
25. Which configuration is
needed to generate an RSA key for SSH on a router?
§
A. Configure the version of SSH.
§
B. Configure VTY access.
§
C. Create a user with a password.
§
D. Assign a DNS domain name.
Correct Answer: D
Section:
Security Fundamentals
Explanation/Reference: In order to generate an
RSA key for SSH, we need to configure the hostname and a DNS domain name on the
router (a username and password is also required). Therefore in fact both answer
C and answer D are correct.
26. Which output displays a
JSON data representation?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: C
Section:
Automation and Programmability
Explanation/Reference: JSON data is written
as name/value pairs.
A name/value pair consists of a field name (in double quotes), followed by a
colon, followed by a value:
“name”:”Mark”
JSON can use arrays. Array values must be of type string, number, object,
array, boolean or null.
For example:
{
“name”:”John”,
“age”:30,
“cars”:[ “Ford”, “BMW”, “Fiat” ]
}
JSON can have empty object like “taskId”:{}
27. What is the primary
different between AAA authentication and authorization?
§
A. Authentication verifies a username and password, and
authorization handles the communication between the authentication agent and
the user database.
§
B. Authentication identifies a user who is attempting to access
a system, and authorization validates the users password.
§
C. Authentication identifies and verifies a user who is attempting
to access a system, and authorization controls the tasks the user can perform.
§
D. Authentication controls the system processes a user can
access and authorization logs the activities the user initiates.
Correct Answer: C
Section:
Security Fundamentals
Explanation/Reference: AAA stands for
Authentication, Authorization and Accounting.
+ Authentication: Specify who you are (usually via login username &
password)
+ Authorization: Specify what actions you can do, what resource you can access
+ Accounting: Monitor what you do, how long you do it (can be used for billing
and auditing)
An example of AAA is shown below:
+ Authentication: “I am a normal user. My username/password is
user_tom/learnforever”
+ Authorization: “user_tom can access LearnCCNA server via HTTP and FTP”
+ Accounting: “user_tom accessed LearnCCNA server for 2 hours”. This user only
uses “show” commands.
28. A Cisco IP phone receive
untagged data traffic from an attached PC. Which action is taken by the
phone?
§
A. It allows the traffic to pass through unchanged.
§
B. It drops the traffic.
§
C. It tags the traffic with the default VLAN.
§
D. It tags the traffic with the native VLAN.
Correct Answer: A
Section:
Network Access
Explanation/Reference: Untagged traffic from the
device attached to the Cisco IP Phone passes through the phone unchanged,
regardless of the trust state of the access port on the phone.
Reference: Click here
29. An engineer must configure
a/30 subnet between two routers. Which usable IP address and subnet mask
combination meets this criteria?
§
A. interface e0/0
description to HQ-A370:98968
ip address 10.2.1.3 255.255.255.252
§
B. interface e0/0
description to HQ-A370:98968
ip address 192.168.1.1 255.255.255.248
§
C. interface e0/0
description to HQ-A370:98968
ip address 172.16.1.4 255.255.255.248
§
D. interface e0/0
description to HQ-A370:98968
ip address 209.165.201.2 255.255.255.252
Correct Answer: D
Section:
Network Fundamentals
Explanation/Reference: A /30 subnet means
subnet mask of 255.255.255.252. But 10.2.1.3 255.255.255.252 is a broadcast IP
address; only 209.165.201.2/30 is the usable IP address.
30. What is a benefit of using
a Cisco Wireless LAN Controller?
§
A. Central AP management requires more complex configurations.
§
B. Unique SSIDs cannot use the same authentication method.
§
C. It supports autonomous and lightweight APs.
§
D. It eliminates the need to configure each access point
individually.
Correct Answer: D
Section:
Network Fundamentals
31. What are two
characteristics of a controller-based network? (Choose two)
§
A. The administrator can make configuration updates from the
CLI.
§
B. It uses northbound and southbound APIs to communicate between
architectural layers.
§
C. It moves the control plane to a central point.
§
D. It decentralizes the control plane, which allows each device
to make its own forwarding decisions.
§
E. It uses Telnet to report system issues.
Correct Answer: BC
Section:
Automation and Programmability
32. Which attribute does a
router use to select the best path when two or more different routes to the same
destination exist from two different routing protocols?
§
A. dual algorithm
§
B. metric
§
C. administrative distance
§
D. hop count
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: Administrative
distance is the feature used by routers to select the best path when there are
two or more different routes to the same destination from different routing
protocols. Administrative distance defines the reliability of a routing
protocol.
33. Refer to Exhibit. How does
SW2 interact with other switches in this VTP domain?
§
A. It processes VTP updates from any VTP clients on the network
on its access ports.
§
B. It receives updates from all VTP servers and forwards all
locally configured VLANs out all trunk ports.
§
C. It forwards only the VTP advertisements that it receives on its
trunk ports.
§
D. It transmits and processes VTP updates from any VTP Clients
on the network on its trunk ports.
Correct Answer: C
Section:
Network Access
Explanation/Reference: The VTP
mode of SW2 is transparent so it only forwards the VTP updates it receives to
its trunk links without processing them.
Reference: Click here
34. Which unified access point
mode continues to serve wireless clients after losing connectivity to the Cisco
Wireless LAN Controller?
§
A. sniffer
§
B. mesh
§
C. flexconnect
§
D. local
Correct Answer: C
Section:
Network Access
Explanation/Reference:
Reference: Click here
35. Which two encoding methods
are supported by REST APIs? (Choose two)
§
A. YAML
§
B. JSON
§
C. EBCDIC
§
D. SGML
§
E. XML
Correct Answer: BE
Section:
Automation and Programmability
Explanation/Reference: The Application Policy
Infrastructure Controller (APIC) REST API is a programmatic interface that uses
REST architecture. The API accepts and returns HTTP (not enabled by default) or
HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible
Markup Language (XML) documents.
Reference: Click here
36. What are two reasons that
cause late collisions to increment on an Ethernet interface? (Choose two)
§
A. when the sending device waits 15 seconds before sending the
frame again
§
B. when the cable length limits are exceeded
§
C. when one side of the connection is configured for half-duplex
§
D. when Carriner Sense Multiple Access/Collision Detection is
used
§
E. when a collision occurs after the 32nd byte of a frame has
been transmitted
Correct Answer: BC
Section:
Network Fundamentals
Explanation/Reference: A late collision is
defined as any collision that occurs after the first 512 bits (or 64th byte) of
the frame have been transmitted. The usual possible causes are
full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or
defective hardware such as incorrect cabling, noncompliant number of hubs in
the network, or a bad NIC.
Late collisions should never occur in a properly designed Ethernet network.
They usually occur when Ethernet cables are too long or when there are too many
repeaters in the network.
Reference: Click here
37. Router A learns the same
route from two different neighbors, one of the neighbor routers is an OSPF
neighbor and the other is an EIGRP neighbor. What is the administrative
distance of the route that will be installed in the routing table?
§
A. 20
§
B. 90
§
C. 110
§
D. 115
Correct Answer: B
Section:
IP Connectivity
Explanation/Reference: The Administrative
distance (AD) of EIGRP is 90 while the AD of OSPF is 110 so EIGRP route will be
chosen to install into the routing table.
38. What is the primary effect
of the spanning-tree portfast command?
§
A. It enables BPDU messages
§
B. It minimizes spanning-tree convergence time
§
C. It immediately puts the port into the forwarding state when
the switch is reloaded
§
D. It immediately enables the port in the listening state
Correct Answer: B
Section:
Network Access
Explanation/Reference: This comment
39. What is the default
behavior of a Layer 2 switch when a frame with an unknown destination MAC
address is received?
§
A. The Layer 2 switch drops the received frame.
§
B. The Layer 2 switch floods packets to all ports except the
receiving port in the given VLAN.
§
C. The Layer 2 switch sends a copy of a packet to CPU for
destination MAC address learning.
§
D. The Layer 2 switch forwards the packet and adds the
destination MAC address to its MAC address table.
Correct Answer: B
Section:
Network Fundamentals
Explanation/Reference: If the destination MAC
address is not in the CAM table (unknown destination MAC address), the switch sends
the frame out all other ports that are in the same VLAN as the received frame.
This is called flooding. It does not flood the frame out the same port on which
the frame was received.
40. Refer to the exhibit. What
is the effect of this configuration?
§
A. All ARP packets are dropped by the switch.
§
B. Egress traffic is passed only if the destination is a DHCP
server.
§
C. All ingress and egress traffic is dropped because the
interface is untrusted.
§
D. The switch discard all ingress ARP traffic with invalid
MAC-to-IP address bindings.
Correct Answer: D
Section:
Security Fundamentals
Explanation/Reference: Dynamic ARP
inspection is an ingress security feature; it does not perform any egress
checking.
41. Refer to the exhibit. An
engineer configured NAT translations and has verified that the configuration is
correct. Which IP address is the source IP?
§
A. 10.4.4.4
§
B. 10.4.4.5
§
C. 172.23.103.10
§
D. 172.23.104.4
Correct Answer: D
Section:
IP Services
42. Refer to the exhibit. Which
route does R1 select for traffic that is destined to 192 168.16.2?
§
A. 192.168.16.0/21
§
B. 192.168.16.0/24
§
C. 192.168 26.0/26
§
D. 192.168.16.0/27
Correct Answer: D
Section:
IP Connectivity
Explanation/Reference: The destination IP
addresses match all four entries in the routing table but the 192.168.16.0/27
has the longest prefix so it will be chosen. This is called the “longest prefix
match” rule.
43. Which IPv6 address block
sends packets to a group address rather than a single address?
§
A. 2000::/3
§
B. FC00::/7
§
C. FE80::/10
§
D. FF00::/8
Correct Answer: D
Section:
Network Fundamentals
Explanation/Reference: FF00::/8 is used
for IPv6 multicast and this is the IPv6 type of address the question wants to
ask.
FE80::/10 range is used for link-local addresses. Link-local addresses only
used for communications within the local subnetwork (automatic address
configuration, neighbor discovery, router discovery, and by many routing
protocols). It is only valid on the current subnet.
It is usually created dynamically using a link-local prefix of FE80::/10 and a
64-bit interface identifier (based on 48-bit MAC address).
44. Which two values or
settings must be entered when configuring a new WLAN in the Cisco Wireless LAN
Controller GUI? (Choose two)
§
A. management interface settings
§
B. QoS settings
§
C. Ip address of one or more access points
§
D. SSID
§
E. Profile name
Correct Answer: DE
Section:
Network Access
45. Which two actions influence
the EIGRP route selection process? (Choose two)
§
A. The router calculates the reported distance by multiplying
the delay on the exiting Interface by 256.
§
B. The router calculates the best backup path to the destination
route and assigns it as the feasible successor.
§
C. The router calculates the feasible distance of all paths to the
destination route.
§
D. The advertised distance is calculated by a downstream neighbor
to inform the local router of the bandwidth on the link.
§
E. The router must use the advertised distance as the metric for
any given route.
Correct Answer: BC
Section:
IP Connectivity
Explanation/Reference: The
reported distance (or advertised distance) is the cost from the neighbor to the
destination. It is calculated from the router advertising the route to the
network. For example in the topology below, suppose router A & B are
exchanging their routing tables for the first time. Router B says “Hey, the
best metric (cost) from me to IOWA is 50 and the metric from you to IOWA is 90”
and advertises it to router A.
Router A considers the
first metric (50) as the Advertised distance. The second metric (90), which is
from NEVADA to IOWA (through IDAHO), is called the Feasible distance.
The reported distance is
calculated in the same way of calculating the metric. By default (K1 = 1, K2 =
0, K3 = 1, K4 = 0, K5 = 0), the metric is calculated as follows:
-> Answer A is not correct.
Feasible successor is the backup route. To be a feasible successor, the route
must have an Advertised distance (AD) less than the Feasible distance (FD) of
the current successor route -> Answer B is correct.
Feasible distance (FD): The sum of the AD plus the cost between the local
router and the next- hop router.
The router must calculate the FD of all paths to choose the best path to put
into the routing table.
Note: Although the new CCNA exam does not have EIGRP topic but you should learn
the basic knowledge of this routing protocol.
46. Refer to Exhibit. Which
action do the switches take on the trunk link?
§
A. The trunk does not form and the ports go into an err-disabled
status.
§
B. The trunk forms but the mismatched native VLANs are merged into
a single broadcast domain.
§
C. The trunk does not form, but VLAN 99 and VLAN 999 are allowed
to traverse the link.
§
D. The trunk forms but VLAN 99 and VLAN 999 are in a shutdown
state.
Correct Answer: B
Section:
Network Access
Explanation/Reference: The trunk still forms
with mismatched native VLANs and the traffic can actually flow between
mismatched switches. But it is absolutely necessary that the native VLANs on
both ends of a trunk link match; otherwise a native VLAN mismatch occurs,
causing the two VLANs to effectively merge.
For example with the above configuration, SW1 would send untagged frames for
VLAN 999. SW2 receives them but would think they are for VLAN 99 so we can say
these two VLANs are merged.
47. Which command is used to
specify the delay time in seconds for LLDP to initialize on any interface?
§
A. lldp timer
§
B. lldp holdtimt
§
C. lldp reinit
§
D. lldp tlv-select
Correct Answer: C
Section:
Network Access
Explanation/Reference:
+ lldp holdtime seconds: Specify the amount of time a receiving device should
hold the information from your device before discarding it
+ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize
on an interface
+ lldp timer rate: Set the sending frequency of LLDP updates in seconds
Reference: Click here
48. An engineer configured an
OSPF neighbor as a designated router. Which state verifies the designated
router is in the proper mode?
§
A. Exchange
§
B. 2-way
§
C. Full
§
D. Init
Correct Answer: C
Section:
IP Connectivity
49. Refer to the exhibit. The
show ip ospf interface command has been executed on R1. How is OSPF configured?
§
A. The interface is not participating in OSPF.
§
B. A point-to-point network type is configured.
§
C. The default Hello and Dead timers are in use.
§
D. There are six OSPF neighbors on this interface.
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference:
From the output we can see there are Designated Router & Backup Designated
Router for this OSPF domain so this is a broadcast network (point-to-point and
point-to multipoint networks do not elect DR & BDR) -> Answer B is not
correct.
By default, the timers on
a broadcast network (Ethernet, point-to-point and point-to-multipoint) are 10
seconds hello and 40 seconds dead (therefore answer C is correct). The timers
on a non- broadcast network are 30 seconds hello 120 seconds dead.
From the line “Neighbor
Count is 3”, we learn there are four OSPF routers in this OSPF domain ->
Answer D is not correct.
Reference: Click here
50. An engineer is asked to
protect unused ports that are configured in the default VLAN on a
switch. Which two steps will fulfill the request? (Choose two)
§
A. Configure the ports in an EtherChannel.
§
B. Administratively shut down the ports.
§
C. Configure the port type as access and place in VLAN 99.
§
D. Configure the ports as trunk ports.
§
E. Enable the Cisco Discovery Protocol.
Correct Answer: BC
Section:
Security Fundamentals
51. Which QoS Profile is
selected in the GUI when configuring a voice over WLAN deployment?
§
A. Bronze
§
B. Platinum
§
C. Silver
§
D. Gold
Correct Answer: B
Section:
Network Access
Explanation/Reference: Cisco
Unified Wireless Network solution WLANs support four levels of QoS:
Platinum/Voice, Gold/Video, Silver/Best Effort (default), and
Bronze/Background.
Reference: Click here
52. Refer to the exhibit. An
engineer is bringing up a new circuit to the MPLS provider on the Gi0/1
interface of Router1.
The new circuit uses eBGP and teams the route to VLAN25 from the BGP path. What
is the expected behavior for the traffic flow for route 10.10.13.0/25?
§
A. Traffic to 10.10.13.0.25 is load balanced out of multiple
interfaces
§
B. Route 10.10.13.0/25 is updated in the routing table as being
learned from interface Gi0/1.
§
C. Traffic to 10.10.13.0/25 is a symmetrical
§
D. Route 10.10.13.0/25 learned via the Gi0/0 interface remains in
the routing table
Correct Answer: D
Section:
IP Connectivity
53. Which statement identifies
the functionality of virtual machines?
§
A. Virtualized servers run most efficiently when they are physically
connected to a switch that is separate from the hypervisor.
§
B. The hypervisor can virtualize physical components including
CPU, memory, and storage.
§
C. Each hypervisor can support a single virtual machine and a
single software switch.
§
D. The hypervisor communicates on Layer 3 without the need for
additional resources.
Correct Answer: B
Section:
Network Fundamentals
54. Refer to the exhibit. Which
type of route does R1 use to reach host 10.10.13.10/32?
§
A. floating static route
§
B. host route
§
C. default route
§
D. network route
Correct Answer: D
Section:
Network Fundamentals
Explanation/Reference: From the output, we see
R1 will use the entry “O 10.10.13.0/25 [110/4576] via 10.10.10.1, …” to reach
host 10.10.13.10. This is a network route.
Note: “B* 0.0.0.0/0 …” is a default route.
55. Refer to the exhibit. A
network engineer must block access for all computers on VLAN 20 to the web
server via HTTP. All other computers must be able to access the web server.
Which configuration when applied to switch A accomplishes this task?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: B
Section:
Security Fundamentals
56. Two switches are connected
and using Cisco Dynamic Trunking Protocol SW1 is set to Dynamic
Desirable. What is the result of this configuration?
§
A. The link is in a down state.
§
B. The link is in an error disables state
§
C. The link is becomes an access port.
§
D. The link becomes a trunk port.
Correct Answer: D
Section:
Network Access
57. Which feature on the Cisco
Wireless LAN Controller when enabled restricts management access from specific
networks?
§
A. CPU ACL
§
B. TACACS
§
C. Flex ACL
§
D. RADIUS
Correct Answer: A
Section:
Security Fundamentals
Explanation/Reference: Whenever you want to
control which devices can talk to the main CPU, a CPU ACL is used.
Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting
or generated by the CPU.
Reference: Click here
58. A user configured OSPF in a
single area between two routers A serial interface connecting R1 and R2 is
running encapsulation PPP, by default, which OSPF network type is seen on this
interface when the user types show ip ospf interface on R1 or R2?
§
A. port-to-multipoint
§
B. broadcast
§
C. point-to-point
§
D. nonbroadcast
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: The default OSPF network
type for HDLC and PPP on Serial link is point-to-point (while the default OSPF
network type for Ethernet link is Broadcast).
59. Refer to the exhibit. Based
on the LACP neighbor status, in which mode is the SW1 port channel configured?
§
A. passive
§
B. mode on
§
C. auto
§
D. active
Correct Answer: D
Section:
Network Access
Explanation/Reference: From the neighbor
status, we notice the “Flags” are SP. “P” here means the neighbor is in Passive
mode.
In order to create an Etherchannel interface, the (local) SW1 ports should be
in Active mode.
Moreover, the “Port State” in the exhibit is “0x3c” (which equals to “00111100
in binary format).
Bit 3 is “1” which means the ports are synchronizing -> the ports are
working so the local ports should be in Active mode.
60. A user configured OSPF and
advertised the Gigabit Ethernet interface in OSPF by default, which type of
OSPF network does this interface belong to?
§
A. point-to-multipoint
§
B. point-to-point
§
C. broadcast
§
D. nonbroadcast
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: The Broadcast
network type is the default for an OSPF enabled ethernet interface (while
Point-toPoint is the default OSPF network type for Serial interface with HDLC
and PPP encapsulation).
Reference: Click here
61. An organization has decided
to start using cloud-provided services. Which cloud service allows the
organization to install its own operating system on a virtual machine?
§
A. platform-as-a-service
§
B. software-as-a-service
§
C. network-as-a-service
§
D. infrastructure-as-a-service
Correct Answer: D
Section:
Automation and Programmability
Explanation/Reference: Below are the 3 cloud
supporting services cloud providers provide to customer:
+ SaaS (Software as a Service): SaaS uses the web to deliver applications that
are managed by a thirdparty vendor and whose interface is accessed on the
clients’ side. Most SaaS applications can be run directly from a web browser
without any downloads or installations required, although some require plugins.
+ PaaS (Platform as a Service): are used for applications, and other
development, while providing cloud components to software. What developers gain
with PaaS is a framework they can build upon to develop or customize
applications. PaaS makes the development, testing, and deployment of
applications quick, simple, and cost-effective. With this technology,
enterprise operations, or a thirdparty provider, can manage OSes,
virtualization, servers, storage, networking, and the PaaS software itself.
Developers, however, manage the applications.
+ IaaS (Infrastructure as a Service): self-service models for accessing,
monitoring, and managing remote datacenter infrastructures, such as compute
(virtualized or bare metal), storage, networking, and networking services (e.g.
firewalls). Instead of having to purchase hardware outright, users can purchase
IaaS based on consumption, similar to electricity or other utility billing.
In general, IaaS provides hardware so that an organization can install their
own operating system.
62. Which mode allows access
points to be managed by Cisco Wireless LAN Controllers?
§
A. autonomous
§
B. lightweight
§
C. bridge
§
D. mobility express
Correct Answer: B
Section:
Network Access
Explanation/Reference: A Lightweight Access
Point (LAP) is an AP that is designed to be connected to a wireless LAN (WLAN)
controller (WLC). APs are “lightweight,” which means that they cannot act
independently of a wireless LAN controller (WLC). The WLC manages the AP
configurations and firmware. The APs are “zero touch” deployed, and individual
configuration of APs is not necessary.
Reference: Click here
63. Which command automatically
generates an IPv6 address from a specified IPv6 prefix and MAC address of an
interface?
§
A. ipv6 address dhcp
§
B. ipv6 address 2001:DB8:5:112::/64 eui-64
§
C. ipv6 address autoconfig
§
D. ipv6 address 2001:DB8:5:112::2/64 link-local
Correct Answer: C
Section:
Network Fundamentals
Explanation/Reference: The “ipv6 address
autoconfig” command causes the device to perform IPv6 stateless address
autoconfiguration to discover prefixes on the link and then to add the EUI-64
based addresses to the
interface.
Addresses are configured depending on the prefixes received in Router
Advertisement (RA)
messages.
The device will listen for RA messages which are transmitted periodically from
the router (DHCP
Server).
This RA message allows a host to create a global IPv6 address from:
+ Its interface identifier (EUI-64 address)
+ Link Prefix (obtained via RA)
Note: Global address is the combination of Link Prefix and EUI-64 address
64. Refer to Exhibit. An
engineer is configuring the NEW York router to reach the Lo1 interface of the
Atlanta router using interface Se0/0/0 as the primary path. Which two
commands must be configured on the New York router so that it can reach the Lo1
interface of the Atlanta router via Washington when the link between New York
and Atlanta goes down? (Choose two)
§
A. ipv6 router 2000::1/128 2012::1
§
B. ipv6 router 2000::1/128 2012:1 5
§
C. ipv6 router 2000::1/128 2012::2
§
D. ipv6 router 2000::1/128 2023:2 5
§
E. ipv6 router 2000::1/128 2023::3 5
Correct Answer: AE
Section:
IP Connectivity
Explanation/Reference: Floating static routes
are static routes that have an administrative distance greater than the
administrative distance (AD) of another static route or dynamic routes. By
default a static route has an AD of 1 then floating static route must have the
AD greater than 1. Floating static route has a manually configured
administrative distance greater than that of the primary route and therefore
would not be in the routing table until the primary route fails.
65. Refer to the exhibit. Which
command provides this output?
§
A. show ip route
§
B. show ip interface
§
C. show interface
§
D. show cdp neighbor
Correct Answer: D
Section:
Network Access
66. Which two outcomes are
predictable behaviors for HSRP? (Choose two)
§
A. The two routers share a virtual IP address that is used as the
default gateway for devices on the LAN.
§
B. The two routers negotiate one router as the active router and
the other as the standby router.
§
C. Each router has a different IP address both routers act as
the default gateway on the LAN, and traffic is load balanced between them.
§
D. The two routers synchronize configurations to provide
consistent packet forwarding.
§
E. The two routed share the same IP address, and default gateway
traffic is load-balanced between them.
Correct Answer: AB
Section:
IP Connectivity
67. Which action is taken by a
switch port enabled for PoE power classification override?
§
A. When a powered device begins drawing power from a PoE switch
port a syslog message is generated.
§
B. As power usage on a PoE switch port is checked data flow to
the connected device is temporarily paused.
§
C. If a switch determines that a device is using less than the
minimum configured power it assumes the device has failed and disconnects.
§
D. If a monitored port exceeds the maximum administrative value
for power, the port is shutdown and err disabled.
Correct Answer: D
Section:
Network Fundamentals
Explanation/Reference: PoE monitoring and
policing compares the power consumption on ports with the administrative
maximum value (either a configured maximum value or the port’s default value).
If the power consumption on a monitored port exceeds the administrative maximum
value, the following actions occur:
– A syslog message is issued.
– The monitored port is shut down and error-disabled.
– The allocated power is freed.
Reference: Click here
68. Which 802.11 frame type is
association response?
§
A. management
§
B. protected frame
§
C. control
§
D. action
Correct Answer: A
Section:
Network Fundamentals
Explanation/Reference: There are three main
types of 802.11 frames: the Data Frame, the Management Frame and the Control
Frame. Association Response belongs to Management Frame. Association response
is sent in response to an association request.
Reference: Click here
69. Which two tasks must be
performed to configure NTP to a trusted server in client mode on a single
network device? (Choose two)
§
A. Enable NTP authentication.
§
B. Verify the time zone.
§
C. Disable NTP broadcasts.
§
D. Specify the IP address of the NTP server.
§
E. Set the NTP server private key.
Correct Answer: AD
Section:
IP Services
Explanation/Reference: To configure
authentication, perform this task in privileged mode:
Step 1: Configure an authentication key pair for NTP and specify whether the
key will be trusted or untrusted.
Step 2: Set the IP address of the NTP server and the public key.
Step 3: Enable NTP client mode.
Step 4: Enable NTP authentication.
Step 5: Verify the NTP configuration.
Reference: Click here
70. Refer to the
exhibit. The New York router is configured with static routes pointing to
the Atlanta and Washington sites. Which two tasks must be performed so
that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach
one another? (Choose two.)
§
A. Configure the ipv6 route 2012::/126 2023::1 command on the
Washington router.
§
B. Configure the ipv6 route 2023::/126 2012::1 command on the
Atlanta router.
§
C. Configure the Ipv6 route 2012::/126 s0/0/0 command on the
Atlanta router.
§
D. Configure the ipv6 route 2023::/126 2012::2 command on the
Atlanta router.
§
E. Configure the ipv6 route 2012::/126 2023::2 command on the
Washington router.
Correct Answer: DE
Section:
IP Connectivity
Explanation/Reference: The short syntax of
static IPv6 route is:
ipv6 route <destination-IPv6-address> {next-hop-IPv6-address |
exit-interface}
71. Which result occurs when
PortFast is enabled on an interface that is connected to another switch?
§
A. Spanning tree may fail to detect a switching loop in the
network that causes broadcast storms.
§
B. VTP is allowed to propagate VLAN configuration information
from switch to switch automatically.
§
C. Root port choice and spanning tree recalculation are
accelerated when a switch link goes down.
§
D. After spanning tree converges PortFast shuts down any port
that receives BPDUS.
Correct Answer: A
Section:
Network Access
Explanation/Reference: Enabling the
PortFast feature causes a switch or a trunk port to enter the STP
forwarding-state immediately or upon a linkup event, thus bypassing the
listening and learning states.
Note: To enable portfast on a trunk port you need the trunk keyword
“spanning-tree portfast trunk”
72. Refer to exhibit. Which
statement explains the configuration error message that is received?
§
A. It is a broadcast IP address.
§
B. The router does not support/28 mask.
§
C. It belongs to a private IP address range.
§
D. It is a network IP address.
Correct Answer: A
Section:
Network Fundamentals
73. When a floating static
route is configured, which action ensures that the backup route is used when
the primary route fails?
§
A. The floating static route must have a higher administrative
distance than the primary route so it is used as a backup.
§
B. The administrative distance must be higher on the primary
route so that the backup route becomes secondary
§
C. The floating static route must have a lower administrative
distance than the primary route so it is used as a backup.
§
D. The default-information originate command must be configured
for the route to be installed into the routing table.
Correct Answer: A
Section:
IP Connectivity
74. What makes Cisco DNA Center
different from traditional network management applications and their management
of networks?
§
A. It only supports auto-discovery of network elements in a
greenfield deployment.
§
B. It modular design allows someone to implement different
versions to meet the specific needs of an organization.
§
C. It abstracts policy from the actual device configuration.
§
D. It does not support high availability of management functions
when operating in cluster mode.
Correct Answer: C
Section:
Automation and Programmability
75. Which network allows
devices to communicate without the need to access the Internet?
§
A. 172.9.0.0/16
§
B. 172.28.0.0/16
§
C. 192.0.0.0/8
§
D. 209.165.201.0/24
Correct Answer: B
Section:
Network Fundamentals
Explanation/Reference: This question asks
about the private ranges of IPv4 addresses. The private ranges of each class of
IPv4 are listed below:
Class A private IP address ranges from 10.0.0.0 to 10.255.255.255 Class B
private IP address ranges from 172.16.0.0 to 172.31.255.255 Class C private IP
address ranges from 192.168.0.0 to 192.168.255.255 Only the network
172.28.0.0/16 belongs to the private IP address (of class B).
76. Refer to the exhibit. What
does router R1 use as its OSPF router-ID?
§
A. 10.10.1.10
§
B. 10.10.10.20
§
C. 172.16.15.10
§
D. 192.168.0.1
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: OSPF uses the
following criteria to select the router ID:
1. Manual configuration of the router ID (via the “router-id x.x.x.x” command
under OSPF router configuration mode).
2. Highest IP address on a loopback interface.
3. Highest IP address on a non-loopback and active (no shutdown) interface.
77. Refer to the exhibit. If
OSPF is running on this network, how does Router 2 handle traffic from Site B
to 10.10.13.128/25 at Site A?
§
A. It sends packets out of interface Fa0/2 only.
§
B. It sends packets out of interface Fa0/1 only.
§
C. It cannot send packets to 10.10.13.128/25.
§
D. It load-balances traffic out of Fa0/1 and Fa0/2.
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: Router2 does not
have an entry for the subnet 10.10.13.128/25. It only has an entry for
10.10.13.0/25, which ranges from 10.10.13.0 to 10.10.13.127
78. When a site-to-site VPN is
used, which protocol is responsible for the transport of user data?
§
A. IKEv2
§
B. IKEv1
§
C. IPsec
§
D. MD5
Correct Answer: C
Section:
Security Fundamentals
Explanation/Reference: A site-to-site VPN
allows offices in multiple fixed locations to establish secure connections with
each other over a public network such as the Internet. A site-to-site VPN means
that two sites create a VPN tunnel by encrypting and sending data between two
devices. One set of rules for creating a siteto-site VPN is defined by IPsec.
79. Refer to the exhibit. An
extended ACL has been configured and applied to router R2 The configuration
started to work as intended.Which two changes stop outbound traffic on TCP
ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still
allowing all other traffic? (Choose two)
§
A. Add a “permit ip any any” statement to the begining of ACL
101 for allowed traffic.
§
B. Add a “permit ip any any” statement at the end of ACL 101 for
allowed traffic.
§
C. The source and destination IPs must be swapped in ACL 101.
§
D. The ACL must be configured the Gi0/2 interface inbound on R1.
§
E. The ACL must be moved to the Gi0/1 interface outbound on R2.
Correct Answer: BC
Section:
Security Fundamentals
80. Which mode must be used to
configure EtherChannel between two switches without using a negotiation
protocol?
§
A. on
§
B. auto
§
C. active
§
D. desirable
Correct Answer: A
Section:
Network Access
Explanation/Reference: The Static
Persistence (or “on” mode) bundles the links unconditionally and no negotiation
protocol is used. In this mode, neither PAgP nor LACP packets are sent or
received.
81. A router running EIGRP has
learned the same route from two different paths. Which parameter does the
router use to select the best path?
§
A. cost
§
B. adminstrative distance
§
C. metric
§
D. as-path
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: If a router learns
two different paths for the same network from the same routing protocol, it has
to decide which route is better and will be placed in the routing table. Metric
is the measure used to decide which route is better (lower number is better).
Each routing protocol uses its own metric.
For example, RIP uses hop counts as a metric, while OSPF uses cost.
Reference: Click here
82. R1 has learned route
192.168.12.0/24 via IS-IS. OSPF, RIP. and Internal EIGRP Under normal operating
conditions, which routing protocol is installed in the routing table?
§
A. IS-IS
§
B. RIP
§
C. Internal EIGRP
§
D. OSPF
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: With
the same route (prefix), the router will choose the routing protocol with
lowest Administrative Distance (AD) to install into the routing table. The AD
of Internal EIGRP (90) is lowest so it would be chosen. The table below lists
the ADs of popular routing protocols.
Note: The AD of IS-IS is 115. The “EIGRP” in the table above is
“Internal EIGRP”. The AD of “External EIGRP” is 170. An EIGRP external route is
a route that was redistributed into EIGRP.
83. Which MAC address is
recognized as a VRRP virtual address?
§
A. 0000.5E00.010a
§
B. 0005.3711.0975
§
C. 0000.0C07.AC99
§
D. 0007.C070/AB01
Correct Answer: A
Section:
IP Connectivity
Explanation/Reference: With VRRP, the
virtual router’s MAC address is 0000.5E00.01xx , in which xx is the VRRP group.
84. Which statement correctly
compares traditional networks and controller-based networks?
§
A. Only traditional networks offer a centralized control plane.
§
B. Only traditional networks natively support centralized
management.
§
C. Traditional and controller-based networks abstract policies
from device configurations.
§
D. Only controller-based networks decouple the control plane and
the data plane.
Correct Answer: D
Section:
Automation and Programmability
Explanation/Reference: Most traditional
devices use a distributed architecture, in which each control plane is resided
in a networking device. Therefore they need to communicate with each other via
messages to work correctly.
In contrast to distributed architecture, centralized (or controller-based)
architectures centralizes the control of networking devices into one device,
called SDN controller -> Answer D is correct.
85. If a notice-level messaging
is sent to a syslog server, which event has occurred?
§
A. A network device has restarted.
§
B. An ARP inspection has failed.
§
C. A routing instance has flapped.
§
D. A debug operation is running.
Correct Answer: C
Section:
IP Services
Explanation/Reference: Usually no action
is required when a route flaps so it generates the notification syslog level
message (level 5).
86. Refer to the exhibit. With
which metric was the route to host 172.16.0.202 learned?
§
A. 0
§
B. 110
§
C. 38443
§
D. 3184439
Correct Answer: C
Section:
IP Connectivity
Explanation/Reference: Both the line “O
172.16.0.128/25” and “S 172.16.0.0/24” cover the host 172.16.0.202 but with the
“longest (prefix) match” rule the router will choose the first route.
87. Refer to the exhibit. If
configuring a static default route on the router with the ip route 0.0.0.0
0.0.0.0 10.13.0.1 120 command, how does the router respond?
§
A. It ignores the new static route until the existing OSPF default
route is removed.
§
B. It immediately replaces the existing OSPF route in the
routing table with the newly configured static route.
§
C. It starts load-balancing traffic between the two default
routes.
§
D. It starts sending traffic without a specific matching entry
in the routing table to GigabitEthernet0/1.
Correct Answer: A
Section:
IP Connectivity
Explanation/Reference: Our new static default
route has the Administrative Distance (AD) of 120, which is bigger than the AD
of OSPF External route (O*E2) so it will not be pushed into the routing table
until the current OSPF External route is removed.
For your information, if you don’t type the AD of 120 (using the command “ip
route 0.0.0.0 0.0.0.0 10.13.0.1”) then the new static default route would
replace the OSPF default route as the default AD of static route is 1. You will
see such line in the routing table:
S* 0.0.0.0/0 [1/0] via 10.13.0.1
88. Refer to the
Exhibit. After the switch configuration the ping test fails between PC A
and PC B Based on the output for switch 1. Which error must be corrected?
§
A. There is a native VLAN mismatch.
§
B. Access mode is configured on the switch ports.
§
C. The PCs are in the incorrect VLAN.
§
D. All VLANs are not enabled on the trunk.
Correct Answer: A
Section:
Network Access
Explanation/Reference: From the output we see
the native VLAN of Switch1 on Gi0/1 interface is VLAN 1 while that of Switch2
is VLAN 99 so there would be a native VLAN mismatch.
89. An engineer must configure
a WLAN using the strongest encryption type for WPA2-PSK. Which cipher
fulfills the configuration requirement?
§
A. WEP
§
B. RC4
§
C. AES
§
D. TKIP
Correct Answer: C
Section:
Security Fundamentals
Explanation/Reference: Many routers provide
WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options.
TKIP is actually an older encryption protocol introduced with WPA to replace
the very-insecure WEP encryption at the time. TKIP is actually quite similar to
WEP encryption. TKIP is no longer considered secure, and is now deprecated. In
other words, you shouldn’t be using it.
AES is a more secure encryption protocol introduced with WPA2 and it is
currently the strongest encryption type for WPA2-PSK/
90. Which statement about Link
Aggregation when implemented on a Cisco Wireless LAN Controller is true?
§
A. To pass client traffic two or more ports must be configured.
§
B. The EtherChannel must be configured in “mode active”.
§
C. When enabled, the WLC bandwidth drops to 500 Mbps.
§
D. One functional physical port is needed to pass client traffic.
Correct Answer: D
Section:
Network Access
Explanation/Reference: Link aggregation
(LAG) is a partial implementation of the 802.3ad port aggregation standard. It
bundles all of the controller’s distribution system ports into a single 802.3ad
port channel.
Restriction for Link aggregation:
– LAG requires the EtherChannel to be configured for `mode on’ on both the
controller and the Catalyst switch -> Answer B is not correct.
– If the recommended load-balancing method cannot be configured on the Catalyst
switch, then configure the LAG connection as a single member link or disable
LAG on the controller -> Answer A is not correct while answer D is correct.
Reference: Click here
91. When configuring a WLAN
with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are
available to select? (Choose two)
§
A. ASCII
§
B. base64
§
C. binary
§
D. decimal
§
E. hexadecimal
Correct Answer: AE
Section:
Security Fundamentals
Explanation/Reference: When configuring a WLAN
with WPA2 Preshared Key (PSK), we can choose the encryption key format as
either ASCII or HEX.
Reference: Click here
92. Which API is used in
controller-based architectures to interact with edge devices?
§
A. overlay
§
B. northbound
§
C. underlay
§
D. southbound
Correct Answer: D
Section:
Automation and Programmability
93. Refer to the
exhibit. A network administrator is configuring an EtherChannel between
SW1 and SW2. The SW1 configuration is shown. What is the correct
configuration for SW2?
§
A. interface FastEthernet 0/1
channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
§
B. interface FastEthernet 0/1
channel-group 2 mode auto
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 2 mode auto
switchport trunk encapsulation dot1q
switchport mode trunk
§
C. interface FastEthernet 0/1
channel-group 1 mode desirable
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode desirable
switchport trunk encapsulation dot1q
switchport mode trunk
§
D. interface FastEthernet 0/1
channel-group 1 mode passive
switchport trunk encapsulation
dot1q switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode passive
switchport trunk encapsulation dot1q
switchport mode trunk
Explanation: If
the etherchannel was configured with mode “auto”, it was using PagP, so, we
need to configure the other switch with “desirable” mode.
PagP modes: auto | Desirable
LACP modes: active | pasive
94. Refer to the
exhibit. A frame on VLAN 1 on switch S1 is sent to switch S2 where the
frame is received on VLAN 2. What causes this behavior?
§
A. trunk mode mismatches
§
B. allowing only VLAN 2 on the destination
§
C. native VLAN mismatches
§
D. VLANs that do not correspond to a unique IP subnet
Correct Answer: C
Explanation: Untagged frames are encapsulated with
the native VLAN. In this case, the native VLANs are different so although S1
will tag it as VLAN 1 it will be received by S2.
95. What are two enhancements
that OSPFv3 supports over OSPFV2? (Choose two.)
§
A. It requires the use of ARP.
§
B. It can support multiple IPv6 subnets on a single link.
§
C. It supports up to 2 instances of OSPFv3 over a common link.
§
D. It routes over links rather than over networks.
Correct Answer: BD
96. Which option is a valid
IPv6 address?
§
A. 2001:0000:130F::099a::12a
§
B. 2002:7654:A1AD:61:81AF:CCC1
§
C. FEC0:ABCD:WXYZ:0067::2A4
§
D. 2004:1:25A4:886F::1
Correct Answer: D
Explanation: An IPv6 address is represented as eight
groups of four hexadecimal digits, each group representing 16 bits (two
octets). The groups are separated by colons (:). An example of an IPv6 address
is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
The leading 0’s in a group can be collapsed using ::, but this can only be done
once in an IP address.
97. Which three are
characteristics of an IPv6 anycast address? (Choose three.)
§
A. one-to-many communication model
§
B. one-to-nearest communication model
§
C. any-to-many communication model
§
D. a unique IPv6 address for each device in the group
§
E. the same address for multiple devices in the group
§
F. delivery of packets to the group interface that is closest to
the sending device
Correct Answer: BEF
Explanation: A new address type made specifically for
IPv6 is called the Anycast Address. These IPv6 addresses are global addresses,
these addresses can be assigned to more than one interface unlike an IPv6
unicast address. Anycast is designed to send a packet to the nearest interface
that is a part of that anycast group. The sender creates a packet and forwards
the packet to the anycast address as the destination address which goes to the
nearest router. The nearest router or interface is found by using the metric of
a routing protocol currently running on the network. However in a LAN setting
the nearest interface is found depending on the order the neighbors were
learned. The anycast packet in a LAN setting forwards the packet to the
neighbor it learned about first.
98. Which two statements
describe characteristics of IPv6 unicast addressing? (Choose two.)
§
A. Global addresses start with 2000::/3.
§
B. Link-local addresses start with FE00:/12.
§
C. Link-local addresses start with FF00::/10.
§
D. There is only one loopback address and it is ::1.
§
E. If a global address is assigned to an interface, then that is
the only allowable address for the interface.
Correct Answer: AD
Explanation: Below is the list of common kinds of
IPv6 addresses:
|
Loopback address
|
::1
|
|
Link-local address
|
FE80::/10
|
|
Site-local address
|
FEC0::/10
|
|
Global address
|
2000::/3
|
|
Multicast address
|
FF00::/8
|
99. What is the alternative
notation for the IPv6 address B514:82C3:0000:0000:0029:EC7A:0000:EC72?
§
A. B514 : 82C3 : 0029 : EC7A : EC72
§
B. B514 : 82C3 :: 0029 : EC7A : EC72
§
C. B514 : 82C3 : 0029 :: EC7A : 0000 : EC72
§
D. B514 : 82C3 :: 0029 : EC7A : 0 : EC72
Correct Answer: D
Explanation: There are two ways that an IPv6 address
can be additionally compressed: compressing leading zeros and substituting a
group of consecutive zeros with a single double colon(::). Both of these can be
used in any number of combinations to notate the same address. It is important
to note that the double colon (::) can only be used once within a single IPv6
address notation. So, the extra 0’s can only be compressed once.
100. Which IPv6 address is
valid?
§
A. 2001:0db8:0000:130F:0000:0000:08GC:140B
§
B. 2001:0db8:0:130H::87C:140B
§
C. 2031::130F::9C0:876A:130B
§
D. 2031:0:130F::9C0:876A:130B
Correct Answer: D
Explanation: An IPv6 address is represented as eight
groups of four hexadecimal digits, each group representing 16 bits (two
octets). The groups are separated by colons (:). An example of an IPv6 address
is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
The leading O’s in a group can be collapsed using ::, but this can only be done
once in an IP address.
101. Which two are features of
IPv6? (Choose two.)
§
A. anycast
§
B. broadcast
§
C. multicast
§
D. podcast
§
E. allcast
Correct Answer: AC
Explanation: IPv6 addresses are classified by the
primary addressing and routing methodologies common in networking: unicast
addressing, anycast addressing, and multicast addressing. A unicast address
identifies a single network interface. The Internet Protocol delivers packets
sent to a unicast address to that specific interface. An anycast address is
assigned to a group of interfaces, usually belonging to different nodes. A
packet sent to an anycast address is delivered to just one of the member
interfaces, typically the nearest host, according to the routing protocol’s
definition of distance. Anycast addresses cannot be identified easily, they
have the same format as unicast addresses, and differ only by their presence in
the network at multiple points. Almost any unicast address can be employed as
an anycast address.
A multicast address is also used by multiple hosts, which acquire the multicast
address destination by participating in the multicast distribution protocol
among the network routers. A packet that is sent to a multicast address is
delivered to all interfaces that have joined the corresponding multicast group.
102. Which command enables IPv6
forwarding on a Cisco router?
§
A. ipv6 local
§
B. ipv6 host
§
C. ipv6 unicast-routing
§
D. ipv6 neighbor
Correct Answer: C
Explanation: To enable IPv6 routing on the Cisco
router use the following command: ipv6 unicast-routing
If this command is not recognized, your version of IOS does not support IPv6.
103. Which IPv6 address is the
equivalent of the IPv4 interface loopback address 127.0.0.1?
§
A. : :1
§
B. ::
§
C. 2000::/3
§
D. 0::/10
Correct Answer: A
Explanation: In IPv6 the loopback address is written
as, ::1
This is a 128bit number, with the first 127 bits being ‘0’ and the 128th bit
being ‘1’. It’s just a single address, so could also be written as ::1/128.
104. In which two formats can
the IPv6 address fd15:0db8:0000:0000:0700:0003:400F:572B be written? (Choose
two.)
§
A. fd15:0db8:0000:0000:700:3:400F:527B
§
B. fd15::db8::700:3:400F:527B
§
C. fd15:db8:0::700:3:4F:527B
§
D. fd15:0db8::7:3:4F:527B
§
E. fd15:db8::700:3:400F:572B
Correct Answer: AE
105. Refer to the
exhibit. The MAC address table is shown in its entirety. The Ethernet
frame that is shown arrives at the switch. What two operations will the
switch perform when it receives this frame? (Choose two.)
§
A. The switch will not forward a frame with this destination MAC
address.
§
B. The frame will be forwarded out of all the ports on the
switch.
§
C. The MAC address of ffff.ffff.ffff will be added to the MAC
address table.
§
D. The frame will be forwarded out of all the active switch ports
except for port fa0/0.
§
E. The MAC address of 0000.00aa.aaaa will be added to the MAC
Address Table.
§
F. The frame will be forwarded out of fa0/0 and fa0/1 only.
Correct Answer: DE
106. Refer to the exhibit.
Which switch in this configuration becomes the root bridge?
§
A. SW1
§
B. SW2
§
C. SW3
§
D. SW4
Correct Answer: C
107. Refer to the exhibit.
Which two statements are true about the loopback address that is configured on
RouterB? (Choose two.)
§
A. It ensures that data will be forwarded by RouterB.
§
B. It provides stability for the OSPF process on RouterB.
§
C. It specifies that the router ID for RouterB should be 10.0.0.1.
§
D. It decreases the metric for routes that are advertised from
RouterB.
§
E. It indicates that RouterB should be elected the DR for the
LAN.
Correct Answer: BC
Explanation: A loopback interface never comes down
even if the link is broken so it provides stability for the OSPF process (for
example we use that loopback interface as the router-id) – The router-ID is
chosen in the order below:
+ The highest IP address assigned to a loopback (logical) interface. + If a
loopback interface is not defined, the highest IP address of all active
router’s physical interfaces will be chosen.
-> The loopback interface will be chosen as the router ID of RouterB ?
108. Refer to the exhibit.
Which two statements about the interface that generated the output are true?
(Choose two.)
§
A. Two secure MAC address are manually configured on the
interface.
§
B. A syslog message is generated when the maximum number of
secure MAC addresses is on the interface.
§
C. The interface is error-disabled.
§
D. The interface dynamically learned two secure MAC addresses.
§
E. An SNMP trap is generated when the maximum number of secure
MAC addresses is reached on the interface.
Correct Answer: C D
109. Refer to the exhibit.
Which two statements about the interface that generated the output are true?
(Choose two.)
§
A. learned MAC addresses are deleted after five minutes of
inactivity
§
B. the interface is error-diabled if packets arrive from a new
unknown source address
§
C. it has dynamically learned two secure MAC addresses
§
D. it has dynamically learned three secure MAC addresses
§
E. the security violation counter increments if packets arrive
from a new unknown source address
Correct Answer: AC
110. Refer to the exhibit.
Which two events occur on the interface, if packets from an unknown Source
address arrive after the interface learns the maximum number of secure MAC
address? (Choose two.)
§
A. The security violation counter dose not increment
§
B. The port LED turns off
§
C. The interface is error-disabled
§
D. A syslog message is generated
§
E. The interface drops traffic from unknown MAC address
Correct Answer: AE
111. Refer to the exhibit.
Which two statements about the network environment of router R1 must be true?
(Choose two.)
§
A. there are 20 different network masks within the 10.0.0.0/8
network
§
B. A static default route to 10.85.33.14 was defined
§
C. Ten routes are equally load-balanced between Te0/1/0.100 and
Te0/2/0.100
§
D. The 10.0.0.0/8 network was learned via external EIGRP
§
E. The EIGRP administrative distance was manually changed from
90 to 170
Correct Answer: AC
112. Refer to the exhibit.
Which statement about the interface that generated the output is true?
§
A. Five secure MAC addresses are dynamically learned on the
interface.
§
B. A syslog message is generated when a violation occurs.
§
C. One secure MAC address is manually configured on the interface.
§
D. One secure MAC address is dynamically configured on the
interface.
Correct Answer: C
113. Refer to the exhibit. When
PC 1 sends a packet to PC2,the packet has. Which source and destination IP
address when it arrives at interface Gi0/0 on router R2?
§
A. source 192.168.10.10 and destination 10.10.2.2
§
B. source 192.168.20.10 and destination 192.168.20.1
§
C. source 192.168.10.10 and destination 192.168.20.10
§
D. source 10.10.1.1 and destination 10.10.2.2
Correct Answer: C
Explanation/Reference: The source and
destination IP addresses of the packets are unchanged on all the way. Only
source and destination MAC addresses are changed.
114. Refer to the exhibit Users
in your office are complaining that they cannot connect to the severs at a
remote site. When troubleshooting, you find that you can successfully reach the
severs from router R2. What is the most likely reason that the other users are
experiencing connection failure?
§
A. interface ports are shut down on the remote servers
§
B. The DHCP address pool has been exhausted
§
C. The ip helper-address command is missing on the R2 interface
that connects to the switch
§
D. VLSM is misconfigured between the router interface and the DHCP
pool.
Correct Answer: D
115. After you deploy a
new WLAN controller on your network, which two additional tasks should you
consider? (Choose two)
§
A. deploy load balancers
§
B. configure additional vlans
§
C. configure multiple VRRP groups
§
D. deploy POE switches
§
E. configure additional security policies
Correct Answer: AE
116. Refer to the exhibit.
The default-information originate command is configured under
the R1 OSPF configuration. After testing, workstations on VLAN 20 at Site B
cannot reach a DNS server on the Internet.
Which action corrects the configuration issue?
§
A. Add the default-information originate command on R2.
§
B. Add the always keyword to the default-information originate
command on R1.
§
C. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on
R1.
§
D. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on
R2.
Correct Answer: C
Section:
IP Connectivity
117. Which of the following is
the JSON encoding of a dictionary or hash?
§
A. {“key”:”value”}
§
B. [“key”,”value”]
§
C. {“key”,”value”}
§
D. (“key”:”value”)
Correct Answer: A
118. Which option best
describes an API?
§
A. A contract that describes how various components communicate
and exchange data with each other.
§
B. an architectural style (versus a protocol) for designing
applications
§
C. a stateless client-server model
§
D. request a certain type of data by specifying the URL path
that models the data
Correct Answer: A
119. Which command verifies
whether any IPv6 ACLs are configured on a router?
§
A. show ipv6 interface
§
B. show access-list
§
C. show ipv6 access-list
§
D. show ipv6 route
Correct Answer: C
120. Which command can you
enter to allow Telnet to be supported in addition to SSH?
§
A. transport input telnet ssh
§
B. transport input telnet
§
C. no transport input telnet
§
D. privilege level 15
Correct Answer: A
121. AAA stands for
authentication, authorization, and accounting
§
A. False
§
B. True
Correct Answer: B
122. What will happen if you
configure the logging trap debug command on a router?
§
A. It causes the router to send messages with lower severity
levels to the syslog server.
§
B. It causes the router to send all messages with the severity
levels Warning, Error, Critical, and Emergency to the syslog server.
§
C. It causes the router to send all messages to the syslog server
§
D. It causes the router to stop sending all messages to the
syslog server.
Correct Answer: C
123. Which Cisco IOS command
will indicate that interface Gigabit Ethernet 0/0 is configured via DHCP?
§
A. show ip interface GigabitEthernet 0/0 dhcp
§
B. show interface GigabitEthernet 0/0
§
C. show ip interface dhcp
§
D. show ip interface GigabitEthernet 0/0
§
E. show ip interface GigabitEthernet 0/0 brief
Correct Answer: D
124. Which statement about the
nature of NAT overload is true?
§
A. applies a one-to-many relationship to internal IP addresses
§
B. applies a one-to-one relationship to internal IP addresses
§
C. applies a many-to-many relationship to internal IP addresses
§
D. can be configured only on Gigabit interface
Correct Answer: A
125. Which command is used to
configure an IPv6 static default route?
§
A. ipv6 route ::/0 interface next-hop5
§
B. ipv6 route default interface next-hop
§
C. ipv6 route 0.0.0.0/0 interface next-hop
§
D. ip route 0.0.0.0/0 interface next-hop
Correct Answer: A
126. Which statement about
static and dynamic routes is true?
§
A. Dynamic routes are manually configured by a network
administrator, while static routes are automatically learned and adjusted by a
routing protocol.
§
B. Static routes are manually configured by a network
administrator, while dynamic routes are automatically learned and adjusted by a
routing protocol.
§
C. Static routes tell the router how to forward packets to
networks that are not directly connected, while dynamic routes tell the router
how to forward packets to networks that are directly connected.
§
D. Dynamic routes tell the router how to forward packets to
networks that are not directly connected, while static routes tell the router
how to forward packets to networks that are directly connected.
Correct Answer: B
127. What is the purpose of the
show ip ospf interface command?
§
A. displaying OSPF-related interface information
§
B. displaying general information about OSPF routing processes
§
C. displaying OSPF neighbor information on a per-interface basis
§
D. displaying OSPF neighbor information on a per-interface-type
basis
Correct Answer: A
128. How can the Cisco
Discovery Protocol be used?
§
A. to allow a switch to discover the devices that are connected
to its ports
§
B. to determine the hardware platform of the device
§
C. to determine the IP addresses of connected Cisco devices
§
D. all of the above
Correct Answer: D
129. How does STP prevent
forwarding loops at OSI Layer 2?
§
A. TTL
§
B. MAC address forwarding
§
C. Collision avoidance
§
D. Port blocking
Correct Answer: D
130. Which two statements about
EtherChannel technology are true? (Choose two.)
§
A. EtherChannel provides increased bandwidth by bundling existing
FastEthernet or Gigabit Ethernet interfaces into a single EtherChannel.
§
B. STP does not block EtherChannel links.
§
C. You can configure multiple EtherChannel links between two
switches, using up to a limit of sixteen physical ports.
§
D. EtherChannel does not allow load sharing of traffic among the
physical links within the EtherChannel.
§
E. EtherChannel allows redundancy in case one or more links in the
EtherChannel fail.
Correct Answer: AE
131. Which three statements
about MAC addresses are correct? (Choose three.)
§
A. To communicate with other devices on a network, a network
device must have a unique MAC address.
§
B. The MAC address is also referred to as the IP address.
§
C. The MAC address of a device must be configured in the Cisco
IOS CLI by a user with administrative privileges.
§
D. A MAC address contains two main components, the first of which
identifies the manufacturer of the hardware and the second of which uniquely
identifies the hardware.
§
E. An example of a MAC address is 0A:26:B8:D6:65:90.
§
F. A MAC address contains two main components, the first of
which identifies the network on which the host resides and the second of which
uniquely identifies the host on the network.
Correct Answer: ADE
132. Which three statements
about network characteristics are true? (Choose three.)
§
A. Speed is a measure of the data rate in bits per second of a
given link in the network.
§
B. Scalability indicates how many nodes are currently on the
network.
§
C. The logical topology is the arrangement of cables, network
devices, and end systems.
§
D. Availability is a measure of the probability that the network
will be available for use when it is required.
§
E. Reliability indicates the dependability of the components that
make up the network.
Correct Answer: ADE
133. Which two statements about
the purpose of the OSI model are accurate? (Choose two.)
§
A. Defines the network functions that occur at each layer
§
B. Facilitates an understanding of how information travels
throughout a network
§
C. Changes in one layer do not impact other layer
§
D. Ensures reliable data delivery through its layered approach
Correct Answer: AB
134. You have two paths for the
10.10.10.0 network – one that has a feasible distance of 3072 and the other of
6144. What do you need to do to load balance your EIGRP routes?
§
A. Change the maximum paths to 2
§
B. Change the configuration so they both have the same feasible
distance
§
C. Change the variance for the path that has a feasible distance
of 3072 to 2
§
D. Change the IP addresses so both paths have the same source IP
address
Correct Answer: BC
135. Which of the following
dynamic routing protocols are Distance Vector routing protocols?
§
A. IS-IS
§
B. EIGRP
§
C. OSPF
§
D. BGP
§
E. RIP
Correct Answer: BE
136. Refer to the exhibit. If
R1 receives a packet destined to 172.16.1.1, to which IP address does it send
the packet?
§
A. 192.168.14.4
§
B. 192.168.12.2
§
C. 192.168.13.3
§
D. 192.168.15.5
Correct Answer: A
137. Which two VLAN IDs
indicate a default VLAN? (Choose two.)
§
A. 0
§
B. 1
§
C. 1005
§
D. 1006
§
E. 4096
Correct Answer: BC
Explanation/Reference: VLAN 1 is a system
default VLAN, you can use this VLAN but you cannot delete it. By default VLAN 1
is use for every port on the switch.
Standard VLAN range from 1002-1005 it’s Cisco default for FDDI and Token Ring.
You cannot delete VLANs 1002-1005. mostly we don’t use VLAN in this range.
138. Refer to the exhibit. If
RTR01 is configured as shown, which three addresses will be received by
other routers that are running EIGRP on the network? (Choose three)
§
A. 192.168.2.0
§
B. 10.4.3.0
§
C. 10.0.0.0
§
D. 172.16.0.0
§
E. 172.16.4.0
§
F. 192.168.0.0
Correct Answer: ACD
139. Which two options are the
best reasons to use an IPV4 private IP space?(choose two)
§
A. to enable intra-enterprise communication
§
B. to implement NAT
§
C. to connect applications
§
D. to conserve global address space
§
E. to manage routing overhead
Correct Answer: AD
140. Which technique can you
use to route IPv6 traffic over an IPv4 infrastructure?
§
A. NAT
§
B. 6to4 tunneling
§
C. L2TPv3
§
D. dual-stack
Correct Answer: B
141. Which three describe the
reasons large OSPF networks use a hierarchical design? (Choose Three)
§
A. to speed up convergence
§
B. to reduce routing overhead
§
C. to lower costs by replacing routers with distribution layer
switches.
§
D. to decrease latency by increasing bandwidth.
§
E. to confine network instability to single areas of the network.
§
F. to reduce the complexity of router configuration.
Correct Answer: ABE
142. Which statements describe
the routing protocol OSPF? (Choose three.)
§
A. It supports VLSM.
§
B. It is used to route between autonomous systems.
§
C. It confines network instability to one area of the network.
§
D. It increases routing overhead on the network.
§
E. It allows extensive control of routing updates.
§
F. It is simpler to configure than RIP v2.
Correct Answer: ACE
Explanation/Reference: The OSPF protocol
is based on link-state technology, which is a departure from the Bellman-Ford
vector based algorithms used in traditional Internet routing protocols such as
RIP. OSPF has introduced new concepts such as authentication of routing
updates, Variable Length Subnet Masks (VLSM), route summarization, and so
forth.
OSPF uses flooding to exchange link-state updates between routers. Any change
in routing information is flooded to all routers in the network. Areas are
introduced to put a boundary on the explosion of link-state updates. Flooding
and calculation of the Dijkstra algorithm on a router is limited to changes
within an area.
143. Which command should you
enter to view the error log in an EIGRP for IPv6 environment?
§
A. show ipv6 eigrp neighbors
§
B. show ipv6 eigrp topology
§
C. show ipv6 eigrp traffic
§
D. show ipv6 eigrp events
Correct Answer: D
144. Which component of an
Ethernet frame is used to notify a host that traffic is coming?
§
A. start of frame delimiter
§
B. Type field
§
C. preamble
§
D. Data field
Correct Answer: C
145. Which command must you
enter to guarantee that an HSRP router with higher priority becomes the HSRP
primary router after it is reloaded?
§
A. standby 10 preempt
§
B. standby 10 version 1
§
C. standby 10 priority 150
§
D. standby 10 version 2
Correct Answer: A
Explanation/Reference: The “preempt”
command enables the HSRP router with the highest priority to immediately become
the active router.
146. Which configuration
command can u apply to a HSRP router so that its local interface becomes active
if all other routers in the group fail?
§
A. no additional config is required
§
B. standby 1 track ethernet
§
C. standby 1 preempt
§
D. standby 1 priority 250
Correct Answer: A
Explanation/Reference: Simply because that
will be the default behavior routers would follow in the event all other
routers in the HSRP group fail, then it would not keep attributes such as
priority or preemption.
What preemption does in summary is to make sure that the configured Priority on
all routers within the same HSRP group is always respected. That is, if R1 is
configured on the HSRP group with a priority of 150 but he stands as active
since all other routers currently subscribed to that group have a priority 150,
then will router will preempt the current active router and will take over
hence becoming the new active router.
With preemption disabled, the new router does not preempt the current active
router, unless routers in the group have to renegotiate their roles based on
each router’s priority at the time of negotiation.
147. You are configuring your
edge routers interface with a public IP address for Internet connectivity.
The
router needs to obtain the IP address from the service provider dynamically.
Which command is needed on interface FastEthernet 0/0 to accomplish this?
§
A. ip default-gateway
§
B. ip route
§
C. ip default-network
§
D. ip address dhcp
§
E. ip address dynamic
Correct Answer: D
148. Which type does a port
become when it receives the best BPDU on a bridge?
§
A. The designated port
§
B. The backup port
§
C. The alternate port
§
D. The root port
Correct Answer: D
149. Which two command
sequences must you configure on a switch to establish a Layer 3 EtherChannel
with an open-standard protocol? (Choose two.)
A. interface GigabitEthernet0/0/1
channel-group 10 mode on
B. interface
GigabitEthernet0/0/1
channel-group 10 mode active
C. interface GigabitEthernet0/0/1
channel-group 10 mode auto
D. interface port-channel 10
switchport
switchport mode trunk
E. interface port-channel 10
no switchport
ip address 172.16.0.1.255.255.255.0
Correct Answer: BE
150. Which statement about VLAN
configuration is true?
§
A. The switch must be in VTP server or transparent mode before you
can configure a VLAN
§
B. The switch must be in config-vlan mode before you configure
an extended VLAN
§
C. Dynamic inter-VLAN routing is supported on VLAN2 through VLAN
4064
§
D. A switch in VTP transparent mode save the VLAN databases to
the running configuration only
Correct Answer: A
151. Refer to the exhibit.
After you apply the given configuration to arouter, the DHCP clients behind the
device connot communicate with hosts outside of their subnet. Which action is
most likely to correct the problem?
§
A. Configure the dns server on the same subnet as the clients
§
B. Activate the dhcp pool
§
C. Correct the subnet mask
§
D. configure the default gateway
Correct Answer: D
152. Refer to the exhibit. How
will the router handle a packet destined for 192.0.2.156?
§
A. The router will forward the packet via either Serial0 or
Serial1.
§
B. The router will return the packet to its source.
§
C. The router will forward the packet via Serial2.
§
D. The router will drop the packet.
Correct Answer: C
153. Which unified access point
mode continues to serve wireless clients after losing connectivity to the Cisco
Wireless LAN Controller?
§
A. sniffer
§
B. mesh
§
C. flexconnect
§
D. local
Correct Answer: C
Explanation/Reference: In previous
releases, whenever a FlexConnect access point disassociates from a controller,
it moves to the standalone mode. The clients that are centrally switched are
disassociated.
However, the FlexConnect access point continues to serve locally switched
clients. When the FlexConnect access point rejoins the controller (or a standby
controller), all clients are disconnected and are authenticated again. This
functionality has been enhanced and the connection between the clients and the
FlexConnect access points are maintained intact and the clients experience
seamless connectivity. When both the access point and the controller have the
same configuration, the connection between the clients and APs is maintained.
Reference: Click here
154. Refer to exhibit. What
Administrative distance has route to 192.168.10.1 ?
§
A. 1
§
B. 90
§
C. 110
§
D. 120
Correct Answer: B
155. Refer to the exhibit.
Which command would you use to configure a static route on Router1 to network
192.168.202.0/24 with a nondefault administrative distance?
§
A. router1(config)#ip route 192.168.202.0 255.255.255.0
192.168.201.2 1
§
B. router1(config)#ip route 192.168.202.0 255.255.255.0
192.168.201.2 5
§
C. router1(config)#ip route 1 192.168.201.1 255.255.255.0
192.168.201.2
§
D. router1(config)#ip route 5 192.168.202.0 255.255.255.0
192.168.201.2
Correct Answer: B
Explanation/Reference: The default AD of
static route is 1 so we need to configure another number for the static route.
156. Which feature or protocol
is required for an IP SLA to measure UDP jitter?
§
A. LLDP
§
B. EEM
§
C. CDP
§
D. NTP
Correct Answer: D
157. Which effete does the aaa
new-model configuration command have?
§
A. It enables AAA services on the device
§
B. It configures the device to connect to a RADIUS server for
AAA
§
C. It associates a RADIUS server to an group.
§
D. It configures a local user on the device.
Correct Answer: A
158. Refer to the exhibit. How
will switch SW2 handle traffic from VLAN 10 on SW1?
§
A. It sends the traffic to VLAN 10.
§
B. It sends the traffic to VLAN 100.
§
C. It drops the traffic.
§
D. It sends the traffic to VLAN 1.
Correct Answer: B
Explanation/Reference: Since SW-1 is
configured native VLAN is VLAN10, so traffic coming out of VLAN-10 is untagged,
& goes directly to SW-2 Native VLAN: VLAN100, due to VLAN mismatch.
159. Which two commands can you
use to configure an actively negotiate EtherChannel? (Choose two)
§
A. channel-group 10 mode on
§
B. channel-group 10 mode auto
§
C. channel-group 10 mode passive
§
D. channel-group 10 mode desirable
§
E. channel-group 10 mode active
Correct Answer: D E
160. What is the binary pattern
of unique ipv6 unique local address?
§
A. 00000000
§
B. 11111100
§
C. 11111111
§
D. 11111101
Correct Answer: B
Explanation/Reference: A IPv6 Unique Local
Address is an IPv6 address in the block FC00::/7, which means that IPv6 Unique
Local addresses begin with 7 bits with exact binary pattern as 1111 110 ->
Answer B is correct.
Note: IPv6 Unique Local Address is the approximate IPv6 counterpart of the IPv4
private address. It is not routable on the global Internet.
161. Which two statements about
exterior routing protocols are true? (Choose two.)
§
A. They determine the optimal within an autonomous system.
§
B. They determine the optimal path between autonomous systems.
§
C. BGP is the current standard exterior routing protocol.
§
D. Most modern networking supports both EGP and BGP for external
routing.
§
E. Most modern network routers support both EGP and EIGRP for
external routing.
Correct Answer: BC
162. What is the destination
MAC address of a broadcast frame?
§
A. 00:00:0c:07:ac:01
§
B. ff:ff:ff:ff:ff:ff
§
C. 43:2e:08:00:00:0c
§
D. 00:00:0c:43:2e:08
§
E. 00:00:0c:ff:ff:ff
Correct Answer: B
163. You have configured a
router with an OSPF router ID, but its IP address still reflects the physical
interface. Which action can you take to correct the problem in the least
disruptive way?
§
A. Reload the OSPF process.
§
B. Specify a loopback address
§
C. Reboot the router.
§
D. Save the router configuration
Correct Answer: A
Explanation/Reference: Once an OSPF Router
ID selection is done, it remains there even if you remove it or configure
another OSPF Router ID. So the least disruptive way is to correct it using the
command “clear ip ospf process”.
164. Which two statements about
VTP are true? (Choose two.)
§
A. All switches must be configured with the same VTP domain name
§
B. All switches must be configured to perform trunk negotiation.
§
C. All switches must be configured with a unique VTP domain name
§
D. The VTP server must have the highest revision number in the
domain
§
E. All switches must use the same VTP version.
Correct Answer: AE
Explanation/Reference:
Reference: Click here
165. Which two pieces of
information about a Cisco device can Cisco Discovery Protocol communicate?
(Choose two.)
§
A. the native VLAN
§
B. the trunking protocol
§
C. the VTP domain
§
D. the spanning-tree priority
§
E. the spanning tree protocol
Correct Answer: AC
166. Refer to the exhibit. On
R1 which routing protocol is in use on the route to 192.168.10.1?
§
A. RIP
§
B. OSPF
§
C. IGRP
§
D. EIGRP
Correct Answer: D
167. Refer to the exhibit.
Which VLAN ID is associated with the default VLAN in the given environment?
§
A. VLAN 1
§
B. VLAN 5
§
C. VLAN 10
§
D. VLAN 20
Correct Answer: A
168. Which two circumstances
can prevent two routers from establishing an OSPF neighbor adjacency? (Choose
two.)
§
A. mismatched autonomous system numbers
§
B. an ACL blocking traffic from multicast address 224.0.0.10
§
C. mismatched process IDs
§
D. mismatched hello timers and dead timers
§
E. use of the same router ID on both devices
Correct Answer: DE
169. Which two statements
about eBGP neighbor relationships are true? (Choose two)
§
A. The two devices must reside in different autonomous systems
§
B. Neighbors must be specifically declared in the configuration of
each device
§
C. They can be created dynamically after the network statement
is configured.
§
D. The two devices must reside in the same autonomous system
§
E. The two devices must have matching timer settings
Correct Answer: AB
170. Which two pieces of
information can you determine from the output of the show ntp status command?
(Choose two)
§
A. whether the NTP peer is statically configured
§
B. the IP address of the peer to which the clock is synchronized
§
C. the configured NTP servers
§
D. whether the clock is synchronized
§
E. the NTP version number of the peer
Correct Answer: BD
Explanation/Reference: Below
is the output of the “show ntp status” command. From this output we learn that
R1 has a stratum of 10 and it is getting clock from 10.1.2.1.
171. Which keyword in a NAT
configuration enables the use of one outside IP address for multiple inside
hosts?
§
A. source
§
B. static
§
C. pool
§
D. overload
Correct Answer: D
Explanation/Reference: By adding the
keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address
Translation). This is also a kind of dynamic NAT that maps multiple private IP
addresses to a single public IP address (many-to-one) by using different ports.
Static NAT and Dynamic NAT both require a one-to-one mapping from the inside
local to the inside global address. By using PAT, you can have thousands of
users connect to the Internet using only one real global IP address. PAT is the
technology that helps us not run out of public IP address on the Internet.
This is the most popular type of NAT.
An example of using “overload” keyword is shown below:
R1(config)# ip nat inside source list 1 interface ethernet1 overload
172. Which two pieces of
information can you learn by viewing the routing table? (Choose two)
§
A. whether an ACL was applied inbound or outbound to an
interface
§
B. the EIGRP or BGP autonomous system
§
C. whether the administrative distance was manually or dynamically
configured
§
D. Which neighbor adjacencies are established
§
E. the length of time that a route has been known
Correct Answer: CE
173. Which NAT term is defined
as a group of addresses available for NAT use?
§
A. NAT pool
§
B. dynamic NAT
§
C. static NAT
§
D. one-way NAT
Correct Answer: A
174. Which command is used to
enable LLDP globally on a Cisco IOS ISR?
§
A. lldp run
§
B. lldp enable
§
C. lldp transmit
§
D. cdp run
§
E. cdp enable
Correct Answer: A
Explanation/Reference: Link Layer
Discovery Protocol (LLDP) is a industry standard protocol that allows devices
to advertise, and discover connected devices, and there capabilities (same as
CDP of Cisco). To enable it on Cisco devices, we have to use this command under
global configuration mode:
Sw(config)# lldp run
175. Refer to the exhibit.
After you apply the give configurations to R1 and R2 you notice that OSPFv3
fails to start. Which reason for the problem is most likely true ?
§
A. The area numbers on R1 and R2 are mismatched
§
B. The IPv6 network addresses on R1 and R2 are mismatched
§
C. The autonomous system numbers on R1 and R2 are mismatched
§
D. The router ids on R1 and R2 are mismatched
Correct Answer: A
176. Which command must be
entered when a device is configured as an NTP server?
§
A. ntp sever
§
B. ntp peer
§
C. ntp authenticate
§
D. ntp master
Correct Answer: D
Explanation/Reference: To configure a
Cisco device as an Authoritative NTP Server, use the ntp master [stratum]
command.
To configure a Cisco device as a NTP client, use the command ntp server <IP
address>. For example:
Router(config)#ntp server 192.168.1.1. This command will instruct the router to
query 192.168.1.1 for the time.
177. Which feature or protocol
determines whether the QOS on the network is sufficient to support IP services?
§
A. LLDP
§
B. CDP
§
C. IP SLA
§
D. EEM
Correct Answer: C
Explanation/Reference: IP SLA allows an IT
professional to collect information about network performance in real time.
Therefore it helps determine whether the QoS on the network is sufficient for
IP services or not.
Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible subsystem
that provides realtime network event detection and onboard automation. It gives
you the ability to adapt the behavior of your network devices to align with
your business needs.
178. Refer to the exhibit.
Which feature is enabled by this configuration?
§
A. static NAT translation
§
B. a DHCP pool
§
C. a dynamic NAT address pool
§
D. PAT
Correct Answer: C
179. In a CDP environment, what
happens when the CDP interface on an adjacent device is configured without an
IP address?
§
A. CDP becomes inoperable on that neighbor
§
B. CDP uses the IP address of another interface for that
neighbor
§
C. CDP operates normally,but it cannot provide IP address
information for that neighbor
§
D. CDP operates normally,but it cannot provide any information
for that neighbor
Correct Answer: C
Explanation/Reference: Although CDP is a
Layer 2 protocol but we can check the neighbor IP address with the “show cdp
neighbor detail” command. If the neighbor does not has an IP address then CDP
still operates without any problem.
But the IP address of that neighbor is not provided.
180. Which two statements about
NTP operations are true? (Choose two.)
§
A. NTP uses UDP over IP.
§
B. Cisco routers can act as both NTP authoritative servers and NTP
clients.
§
C. Cisco routers can act only as NTP servers.
§
D. Cisco routers can act only as NTP clients.
§
E. NTP uses TCP over IP.
Correct Answer: AB
181. Which command should you
enter to configure an LLDP delay time of 5 seconds?
§
A. lldp timer 5000
§
B. lldp holdtime 5
§
C. lldp reinit 5000
§
D. lldp reinit 5
Correct Answer: D
Explanation/Reference:
+ lldp holdtime seconds: Specify the amount of time a receiving device should
hold the information from your device before discarding it
+ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize
on an interface
+ lldp timer rate: Set the sending frequency of LLDP updates in seconds
Reference: Click here
182. Which value is used to
determine the active router in an HSRP default configuration?
§
A. Router loopback address
§
B. Router IP address
§
C. Router priority
§
D. Router tracking number
Correct Answer: B
Explanation/Reference: In the case of an equal
priority, the router with the highest IP address for the respective group is
elected as active. Furthermore, if there are more than two routers in the
group, the second highest IP address determines the standby router and the
other router/routers are in the listen state.
183. Which statement about
Cisco Discovery Protocol is true?
§
A. It is a Cisco-proprietary protocol.
§
B. It runs on the network layer.
§
C. It can discover information from routers, firewalls, and
switches.
§
D. It runs on the physical layer and the data link layer.
Correct Answer: A
184. Which value can you modify
to configure a specific interface as the preferred forwarding interface?
§
A. The interface number
§
B. The port priority
§
C. The VLAN priority
§
D. The hello time
Correct Answer: B
185. When configuring an
EtherChannel bundle, which mode enables LACP only if a LACP device is detected?
§
A. Passive
§
B. Desirable
§
C. On
§
D. Auto
§
E. Active
Correct Answer: A
Explanation/Reference: The LACP is Link
Aggregation Control Protocol. LACP is an open protocol, published under the
802.3ad.
The modes of LACP are active, passive or on. The side configured as “pasive”
will waiting the other side that should an Active for the Etherchannel to be established.
PAgP is Port-Aggregation Protocol. It is Cisco proprietary protocol. The mode
are On, Desirable or Auto. Desirable – Auto will establish a EtherChannel.
An example of how to configure an Etherchannel:
SwitchFormula1>enable
SwitchFormula1#configure terminal
SwitchFormula1(config)# interface range f0/5 -14
SwitchFormula1(config-if-range)# channel-group 13 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
186. Which command should you
enter to verify the priority of a router in an HSRP group?
§
A. show hsrp
§
B. show sessions
§
C. show interfaces
§
D. show standby
Correct Answer: D
Explanation/Reference: The
following is sample output from the show standby command:
187. Refer to the exhibit.
Which Command do you enter so that R1 advertises the loopback0 interface to the
BGP Peers?
§
A. Network 172.16.1.32 mask 255.255.255.224
§
B. Network 172.16.1.0 0.0.0.255
§
C. Network 172.16.1.32 255.255.255.224
§
D. Network 172.16.1.33 mask 255.255.255.224
§
E. Network 172.16.1.32 mask 0.0.0.31
§
F. Network 172.16.1.32 0.0.0.31
Correct Answer: A
188. For what two purposes does
the Ethernet protocol use physical addresses?
§
A. to uniquely identify devices at Layer 2
§
B. to allow communication with devices on a different network
§
C. to differentiate a Layer 2 frame from a Layer 3 packet
§
D. to establish a priority system to determine which device gets
to transmit first
§
E. to allow communication between different devices on the same
network
§
F. to allow detection of a remote device when its physical
address is unknown
Correct Answer: AE
189. Which command is used to
display the collection of OSPF link states?
§
A. show ip ospf link-state
§
B. show ip ospf lsa database
§
C. show ip ospf neighbors
§
D. show ip ospf database
Correct Answer: D
Explanation/Reference: The “show ip ospf
database” command displays the link states. Here is an example:
Here is the lsa database on R2.
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count2.2.2.2 2.2.2.2 793 0x80000003
0x004F85 210.4.4.4 10.4.4.4 776 0x80000004 0x005643 1111.111.111.111
111.111.111.111 755 0x80000005 0x0059CA 2133.133.133.133 133.133.133.133 775
0x80000005 0x00B5B1 2 Net Link States (Area 0) Link ID ADV Router Age Seq#
Checksum10.1.1.1 111.111.111.111 794 0x80000001 0x001E8B10.2.2.3
133.133.133.133 812 0x80000001 0x004BA910.4.4.1 111.111.111.111 755 0x80000001
0x007F1610.4.4.3 133.133.133.133 775 0x80000001 0x00C31F
190. Refer to the exhibit.
C-router is to be used as a “router-on-a-stick” to route between the VLANs. All
the interfaces have been properly configured and IP routing is operational. The
hosts in the VLANs have been configured with the appropriate default gateway.
What is true about this configuration?
§
A. These commands need to be added to the configuration:
C-router(config)# router eigrp 123
C-router(config-router)# network 172.19.0.0
§
B. These commands need to be added to the configuration:
C-router(config)# router ospf 1
C-router(config-router)# network 172.19.0.0 0.0.3.255
§
C. These commands need to be added to the configuration:
C-router(config)# router rip
C-router(config-router)# network 172.19.0.0
§
D. No further routing configuration is required.
Correct Answer: D
Explanation/Reference: Since all the same router
(C-router) is the default gateway for all three VLANs, all traffic destined to
a different VLAN will be sent to the C-router. The C-router will have knowledge
of all three networks since they will appear as directly connected in the
routing table. Since the C-router already knows how to get to all three
networks, no routing protocols need to be configured.
191. A user configured OSPF in
a single area between two routers A serial interface connecting R1 and R2 is
running encapsulation PPP. By default which OSPF network type is seen on this
interface when the user types show ip ospf interface on R1 or R2?
§
A. port-to-multipoint
§
B. broadcast
§
C. point-to-point
§
D. non-broadcast
Correct Answer: C
Explanation/Reference: The default OSPF network
type for HDLC and PPP on Serial link is point-to-point (while the default OSPF
network type for Ethernet link is Broadcast).
192. Refer to the exhibit.
Which address and mask combination represents a summary of the routes learned
by EIGRP?
§
A. 192.168.25.0 255.255.255.240
§
B. 192.168.25.0 255.255.255.252
§
C. 192.168.25.16 255.255.255.240
§
D. 192.168.25.16 255.255.255.252
§
E. 192.168.25.28 255.255.255.240
§
F. 192.168.25.28 255.255.255.252
Correct Answer: C
Explanation/Reference:
The binary version of 20 is 10100.
The binary version of 16 is 10000.
The binary version of 24 is 11000.
The binary version of 28 is 11100.
The subnet mask is /28. The mask is 255.255.255.240.
Note:
From the output above, EIGRP learned 4 routes and we need to find out the
summary of them:
+ 192.168.25.16
+ 192.168.25.20
+ 192.168.25.24
+ 192.168.25.28
-> The increment should bE. 28 ?16 = 12 but 12 is not an exponentiation of 2
so we must choose 16 (24). Therefore the subnet mask is /28 (=1111 1111.1111
1111.1111 1111.11110000) = 255.255.255.240
So the best answer should be 192.168.25.16 255.255.255.240
193. Refer to the exhibit. A
network associate has configured OSPF with the command:
City(config-router)#
network 192.168.12.64 0.0.0.63 area 0.
After completing the
configuration, the associate discovers that not all the interfaces are
participating in OSPF. Which three of the interfaces shown in the exhibit will
participate in OSPF according to this configuration statement? (Choose three.)
§
A. FastEthernet0 /0
§
B. FastEthernet0 /1
§
C. Serial0/0
§
D. Serial0/1.102
§
E. Serial0/1.103
§
F. Serial0/1.104
Correct Answer: BCD
Explanation/Reference: The “network
192.168.12.64 0.0.0.63 equals to network 192.168.12.64/26. This network has:
+ Increment: 64 (/26= 1111 1111.1111 1111.1111 1111.1100 0000) + Network
address:
192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore all interface in the range of this network will join OSPF.
194. A network administrator is
troubleshooting the OSPF configuration of routers R1 and R2. The routers cannot
establish an adjacency relationship on their common Ethernet link. The graphic
shows the output of the show ip ospf interface e0 command for routers R1 and
R2. Based on the information in the graphic, what is the cause of this problem?
§
A. The OSPF area is not configured properly.
§
B. The OSPF area is not configured properly.
§
C. The cost on R1 should be set higher.
§
D. The hello and dead timers are not configured properly.
§
E. A backup designated router needs to be added to the network.
§
F. The OSPF process ID numbers must match.
Correct Answer: D
195. Refer to the graphic. R1
is unable to establish an OSPF neighbor relationship with R3. What are possible
reasons for this problem? (Choose two.)
§
A. All of the routers need to be configured for backbone Area 1.
§
B. R1 and R2 are the DR and BDR, so OSPF will not establish
neighbor adjacency with R3.
§
C. A static route has been configured from R1 to R3 and prevents
the neighbor adjacency from being established.
§
D. The hello and dead interval timers are not set to the same
values on R1 and R3.
§
E. EIGRP is also configured on these routers with a lower administrative
distance.
§
F. R1 and R3 are configured in different areas.
Correct Answer: DF
Explanation/Reference: This question is to
examine the conditions for OSPF to create neighborhood. So as to make the two
routers become neighbors, each router must be matched with the following items:
1. The area ID and its types;
2. Hello and failure time interval timer;
3. OSPF Password (Optional);
196. Refer to the exhibit.
Given the output for this command, if the router ID has not been manually set,
what router ID will OSPF use for this router?
§
A. 10.1.1.2
§
B. 10.154.154.1
§
C. 172.16.5.1
§
D. 192.168.5.3
Correct Answer: C
Explanation/Reference: The highest IP address of
all loopback interfaces will be chosen -> Loopback 0 will be chosen as the
router ID.
197. Refer to the exhibit. When
running EIGRP, what is required for RouterA to exchange routing updates with
RouterC?
§
A. AS numbers must be changed to match on all the routers
§
B. Loopback interfaces must be configured so a DR is elected
§
C. The no auto-summary command is needed on Router A and Router
C
§
D. Router B needs to have two network statements, one for each
connected network
Correct Answer: A
Explanation/Reference: This question is to
examine the understanding of the interaction between EIGRP routers. The
following information must be matched so as to create neighborhood. EIGRP
routers to establish, must match the following information:
1. AS Number;
2. K value.
198. Refer to the exhibit.
Which rule does the DHCP server use when there is an IP address conflict?
§
A. The address is removed from the pool until the conflict is
resolved.
§
B. The address remains in the pool until the conflict is
resolved.
§
C. Only the IP detected by Gratuitous ARP is removed from the
pool.
§
D. Only the IP detected by Ping is removed from the pool.
§
E. The IP will be shown, even after the conflict is resolved.
Correct Answer: A
Explanation/Reference: An address conflict
occurs when two hosts use the same IP address. During address assignment, DHCP
checks for conflicts using ping and gratuitous ARP. If a conflict is detected,
the address is removed from the pool. The address will not be assigned until
the administrator resolves the conflict.
199. Refer to the exhibit. A
network technician is asked to design a small network with redundancy. The
exhibit represents this design, with all hosts configured in the same VLAN.
What conclusions can be made about this design?
§
A. This design will function as intended.
§
B. Spanning-tree will need to be used.
§
C. The router will not accept the addressing scheme.
§
D. The connection between switches should be a trunk.
§
E. The router interfaces must be encapsulated with the 802.1Q
protocol.
Correct Answer: C
Explanation/Reference: Each interface on a
router must be in a different network. If two interfaces are in the same
network, the router will not accept it and show error when the administrator
assigns it.
200. What benefit does
controller-based networking provide versus traditional networking?
§
A. moves from a two-tier to a three-tier network architecture to
provide maximum redundancy
§
B. provides an added layer of security to protect from DDoS
attacks
§
C. allows configuration and monitoring of the network from one
centralized point
§
D. combines control and data plane functionality on a single
device to minimize latency
Correct Answer: C
201. A network engineer must
create a diagram of a multivendor network. Which command must be configured on
the Cisco devices so that the topology of the network can be mapped?
§
A. Device(Config)#lldp run
§
B. Device(Config)#cdp run
§
C. Device(Config-if)#cdp enable
§
D. Device(Config)#flow-sampler-map topology
Correct Answer: A
202. What are two descriptions
of three-tier network topologies? (Choose two)
§
A. The core and distribution layers perform the same functions
§
B. The access layer manages routing between devices in different
domains
§
C. The network core is designed to maintain continuous
connectivity when devices fail.
§
D. The core layer maintains wired connections for each host
§
E. The distribution layer runs Layer 2 and Layer 3 technologies
Correct Answer: CE
203. What is the expected outcome
when an EUI-64 address is generated?
§
A. The seventh bit of the original MAC address of the interface is
inverted
§
B. The interface ID is configured as a random 64-bit value
§
C. The characters FE80 are inserted at the beginning of the MAC
address of the interface
§
D. The MAC address of the interface is used as the interface ID
without modification
Correct Answer: A
204. Which function does an
SNMP agent perform?
§
A. it sends information about MIB variables in response to
requests from the NMS
§
B. it coordinates user authentication between a network device
and a TACACS+ or RADIUS server
§
C. it requests information from remote network nodes about
catastrophic system events.
§
D. it manages routing between Layer 3 devices in a network
Correct Answer: A
205. R1 has learned route
10.10.10.0/24 via numerous routing protocols. Which route is installed?
§
A. route with the lowest cost
§
B. route with the next hop that has the highest IP
§
C. route with the shortest prefix length
§
D. route with the lowest administrative distance
Correct Answer: D
206. What is a characteristic
of spine-and-leaf architecture?
§
A. Each device is separated by the same number of hops
§
B. It provides variable latency
§
C. It provides greater predictability on STP blocked ports.
§
D. Each link between leaf switches allows for higher bandwidth.
Correct Answer: A
207. Which action must be taken
to assign a global unicast IPv6 address on an interface that is derived from
the MAC address of that interface?
§
A. configure a stateful DHCPv6 server on the network
§
B. enable SLAAC on an interface
§
C. disable the EUI-64 bit process
§
D. explicitly assign a link-local address
Correct Answer: B
208. Refer to the exhibit.
Router R1 is running three different routing protocols. Which route
characteristic is used by the router to forward the packet that it receives for
destination IP 172.16.32.1?
§
A. longest prefix
§
B. metric
§
C. cost
§
D. administrative distance
Correct Answer: A
209. Router R1 must send all
traffic without a matching routing-table entry to 192.168.1.1. Which
configuration accomplishes this task?
A. R1# config t
R1(config)# ip routing
R1(config)# ip route default-route 192.168.1.1
B. R1# config t
R1(config)# ip routing
R1(config)# ip route 192.168.1.1 0.0.0.0 0.0.0.0
C. R1# config t
R1(config)# ip routing
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
D. R1# config t
R1(config)# ip routing
R1(config)# ip default-gateway 192.168.1.1
Correct Answer: C
210. Which WPA3 enhancement
protects against hackers viewing traffic on the Wi-Fi network?
§
A. TKiP encryption
§
B. AES encryption
§
C. scrambled encryption key
§
D. SAE encryption
Correct Answer: D
211. Refer to the exhibit. An
engineer is bringing up a new circuit to the MPLS provider on the Gi0/1
interface of Router1.The new circuit uses eBGP and teams the route to VLAN25
from the BGP path. What is the expected behavior for the traffic flow for route
10.10.13.0/25?
§
A. Traffic to 10.10.13.0.25 is load balanced out of multiple
interfaces
§
B. Route 10.10.13.0/25 is updated in the routing table as being
learned from interface Gi0/1.
§
C. Traffic to 10.10.13.0/25 is asymmeteical
§
D. Route 10.10.13.0/25 learned via the GiO/0 interface remains
in the routing table
Correct Answer: B
212. Refer to the exhibit. How
does router R1 handle traffic to 192.168.10.16?
§
A. It selects the IS-IS route because it has the shortest prefix
inclusive of the destination address.
§
B. It selects the EIGRP route because it has the lowest
administrative distance.
§
C. It selects the OSPF route because it has the lowest cost.
§
D. It selects the RIP route because it has the longest prefix
inclusive of the destination address.
Correct Answer: D
213. Refer to the exhibit.
Which two commands were used to
create port channel 10? (Choose two )
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
§
E. Option E
Correct Answer: AC
214. What is a difference
between RADIUS and TACACS+?
§
A. RADIUS is most appropriate for dial authentication, but
TACACS+ can be used for multiple types of authentication
§
B. TACACS+ encrypts only password information and RADIUS
encrypts the entire payload
§
C. TACACS+ separates authentication and authorization, and RADIUS
merges them
§
D. RADIUS logs all commands that are entered by the
administrator, but TACACS+ logs only start, stop, and interim commands
Correct Answer: C
215. Refer to the exhibit. How
does the router manage traffic to 192.168.12.16?
§
A. It selects the RIP route because it has the longest prefix
inclusive of the destination address.
§
B. It chooses the OSPF route because it has the longest prefix
inclusive of the destination address.
§
C. It load-balances traffic between all three routes
§
D. It chooses the EIGRP route because it has the lowest
administrative distance
Correct Answer: A
216. What is an advantage of
Cisco DNA Center versus traditional campus device management?
§
A. It supports numerous extensibility options including
cross-domain adapters and third-party SDKs.
§
B. It supports high availability for management functions when
operating in cluster mode.
§
C. It enables easy autodiscovery of network elements m a
brownfield deployment.
§
D. It is designed primarily to provide network assurance.
Correct Answer: A
217. While examining excessive
traffic on the network, it is noted that all incoming packets on an interface
appear to be allowed even though an IPv4 ACL is applied to the interface. Which
two misconfigurations cause this behavior? (Choose two)
§
A. The packets fail to match any permit statement
§
B. A matching permit statement is too high in the access test
§
C. A matching permit statement is too broadly defined
§
D. The ACL is empty
§
E. A matching deny statement is too high in the access list
Correct Answer: BC
218. How do traditional campus
device management and Cisco DNA Center device management differ in regards to
deployment?
§
A. Cisco DNA Center device management can deploy a network more
quickly than traditional campus device management
§
B. Traditional campus device management allows a network to
scale more quickly than with Cisco DNA Center device management
§
C. Cisco DNA Center device management can be implemented at a
lower cost than most traditional campus device management options
§
D. Traditional campus device management schemes can typically
deploy patches and updates more quickly than Cisco DNA Center device management
Correct Answer: A
219. How do AAA operations
compare regarding user identification, user services and access control?
§
A. Authorization provides access control and authentication
tracks user services
§
B. Authentication identifies users and accounting tracks user
services
§
C. Accounting tracks user services, and authentication provides
access control
§
D. Authorization identifies users and authentication provides
access control
Correct Answer: B
220. What is a difference
between local AP mode and FlexConnect AP mode?
§
A. Local AP mode creates two CAPWAP tunnels per AP to the WLC
§
B. FiexConnect AP mode fails to function if me AP loses
connectivity with the WLC
§
C. FlexConnect AP mode bridges the traffic from the AP to the
WLC when local switching is configured
§
D. Local AP mode causes the AP to behave as if it were an
autonomous AP
Correct Answer: A
221. Which function does the
range of private IPv4 addresses perform?
§
A. allows multiple companies to each use the same addresses
without conflicts
§
B. provides a direct connection for hosts from outside of the
enterprise network
§
C. ensures that NAT is not required to reach the internet with
private range addressing
§
D. enables secure communications to the internet for all
external hosts
Correct Answer: A
222. What event has occurred if
a router sends a notice level message to a syslog server?
§
A. A TCP connection has been torn down
§
B. An ICMP connection has been built
§
C. An interface line has changed status
§
D. A certificate has expired.
Correct Answer: C
223. Refer to the exhibit. An
administrator configures four switches for local authentication using passwords
that are stored in a cryptographic hash. The four switches must also support
SSH access for administrators to manage the network infrastructure. Which
switch is configured correctly to meet these requirements?
§
A. SW1
§
B. SW2
§
C. SW3
§
D. SW4
Correct Answer: C
224. What are two fundamentals
of virtualization? (choose two)
§
A. The environment must be configured with one hypervisor that
serves solely as a network manager to monitor SNMP traffic
§
B. It allows logical network devices to move traffic between
virtual machines and the rest of the physical network
§
C. It allows multiple operating systems and applications to run
independently on one physical server.
§
D. It allows a physical router to directly connect NICs from
each virtual machine into the network
§
E. It requires that some servers, virtual machines and network
gear reside on the Internet
Correct Answer: BC
225. Refer to the exhibit. What
two conclusions should be made about this configuration? (Choose two )
§
A. The designated port is FastEthernet 2/1
§
B. This is a root bridge
§
C. The spanning-tree mode is Rapid PVST+
§
D. The spanning-tree mode is PVST+
§
E. The root port is FastEthernet 2/1
Correct Answer: CE
226. Refer to the exhibit. A
router reserved these five routes from different routing information sources.
Which two routes does the router install in its routing table? (Choose two)
§
A. RIP route 10.0.0.0/30
§
B. iBGP route 10.0.0.0/30
§
C. OSPF route 10.0.0.0/30
§
D. EIGRP route 10.0.0.1/32
§
E. OSPF route 10.0.0.0/16
Correct Answer: CD
227. Refer to the exhibit. The
network administrator wants VLAN 67 traffic to be untagged between Switch 1 and
Switch 2 while all other VLANs are to remain tagged. Which command accomplishes
this task?
§
A. switchport access vlan 67
§
B. switchport trunk allowed vlan 67
§
C. switchport private-vlan association host 67
§
D. switchport trunk native vlan 67
Correct Answer: D
228. What are two differences
between optical-fiber cabling and copper cabling? (Choose two)
§
A. Light is transmitted through the core of the fiber
§
B. A BNC connector is used for fiber connections
§
C. The glass core component is encased in a cladding
§
D. Fiber connects to physical interfaces using Rj-45 connections
§
E. The data can pass through the cladding
Correct Answer: AC
229. Which two minimum
parameters must be configured on an active interface to enable OSPFv2 to
operate? (Choose two)
§
A. OSPF area
§
B. OSPF MD5 authentication key
§
C. iPv6 address
§
D. OSPf process ID
§
E. OSPf stub flag
Correct Answer: AD
230. Refer to the exhibit.
Refer to the exhibit. After the configuration is applied, the two routers fail
to establish an OSPF neighbor relationship. what is the reason for the problem?
§
A. The OSPF router IDs are mismatched.
§
B. Router2 is using the default hello timer.
§
C. The network statement on Router1 is misconfigured.
§
D. The OSPF process IDs are mismatched.
Correct Answer: B
231. How do TCP and UDP differ
in the way they provide reliability for delivery of packets?
§
A. TCP is a connectionless protocol that does not provide
reliable delivery of data, UDP is a connection-oriented protocol that uses
sequencing to provide reliable delivery.
§
B. TCP does not guarantee delivery or error checking to ensure
that there is no corruption of data UDP provides message acknowledgement and
retransmits data if lost.
§
C. TCP provides flow control to avoid overwhelming a receiver by
sending too many packets at once, UDP sends packets to the receiver in a
continuous stream without checking for sequencing
§
D. TCP uses windowing to deliver packets reliably; UDP provides
reliable message transfer between hosts by establishing a three-way handshake
Correct Answer: C
232. A packet is destined for
10.10.1.22. Which static route does the router choose to forward the packet?
§
A. ip route 10.10.1.0 255.255.255.240 10.10.255.1
§
B. ip route 10.10.1.16 255.255.255.252 10.10.255.1
§
C. ip route 10.10.1.20 255.255.255.252 10.10.255.1
§
D. ip route 10.10.1.20 255.255.255.254 10.10.255.1
Correct Answer: C
233. Refer to the exhibit.
Router R1 Fa0/0 cannot ping router R3 Fa0/1. Which action must be taken in
router R1 to help resolve the configuration issue?
§
A. set the default network as 20.20.20.0/24
§
B. set the default gateway as 20.20.20.2
§
C. configure a static route with Fa0/1 as the egress interface
to reach the 20.20.20.0/24 network
§
D. configure a static route with 10.10.10.2 as the next hop to
reach the 20.20.20.0/24 network
Correct Answer: D
234. Refer to the exhibit.
Refer to the exhibit. An engineer must add a subnet for a new office that will
add 20 users to the network. Which IPv4 network and subnet mask combination
does the engineer assign to minimize wasting addresses?
§
A. 10.10.225.48 255.255.255.240
§
B. 10.10.225.32 255.255.255.240
§
C. 10.10.225.48 255.255.255.224
§
D. 10.10.225.32 255.255.255.224
Correct Answer: D
235. A corporate office uses
four floors in a building
* Floor 1 has 24 users
*
Floor 2 has 29 users
*
Floor 3 has 28 users
*
Floor 4 has 22 users
Which subnet summarizes and
gives the most efficient distribution of IP addresses for the router
configuration?
§
A. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor
§
B. 192.168.0.0/24 as summary and 192.168.0.0/28 for each floor
§
C. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor
§
D. 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor
Correct Answer: D
236. By default, how Does
EIGRP determine the metric of a route for the routing table?
§
A. it uses the bandwidth and delay values of the path to calculate
the route metric
§
B. it uses a default metric of 10 for all routes that are
learned by the router
§
C. it uses a reference Bandwidth and the actual bandwidth of the
connected link to calculate the route metric
§
D. it counts the number of hops between the receiving and
destination routers and uses that value as the metric
Correct Answer: A
237. Refer to the exhibit.
Which configuration issue is preventing the OSPF neighbor relationship from
being established between the two routers?
§
A. R2 is using the passive-interface default command
§
B. R1 has an incorrect network command for interface Gi1/0
§
C. R2 should have its network command in area 1
§
D. R1 interface Gi1/0 has a larger MTU size
Correct Answer: D
238. What are two roles of the
Dynamic Host Configuration Protocol (DHCP)? (Choose two)
§
A. The DHCP server offers the ability to exclude specific IP
addresses from a pool of IP addresses
§
B. The DHCP client can request up to four DNS server addresses
§
C. The DHCP server assigns IP addresses without requiring the
client to renew them
§
D. The DHCP server leases client IP addresses dynamically.
§
E. The DHCP client maintains a pool of IP addresses it can
assign.
Correct Answer: AD
239. How does CAPWAP
communicate between an access point in local mode and a WLC?
§
A. The access point must directly connect to the WLC using a
copper cable
§
B. The access point must not be connected to the wired network,
as it would create a loop
§
C. The access point must be connected to the same switch as the
WLC
§
D. The access point has the ability to link to any switch in the
network, assuming connectivity to the WLC
Correct Answer: D
240. Refer to the exhibit.
Which action is expected from SW1 when the untagged frame is received on the
GigabitEthernet0/1 interface?
§
A. The frame is processed in VLAN 5.
§
B. The frame is processed in VLAN 11
§
C. The frame is processed in VLAN 1
§
D. The frame is dropped
Correct Answer: A
241. What are two reasons for
an engineer to configure a floating state route? (Choose two)
§
A. to automatically route traffic on a secondary path when the
primary path goes down
§
B. to route traffic differently based on the source IP of the
packet
§
C. to enable fallback static routing when the dynamic routing
protocol fails
§
D. to support load balancing via static routing
§
E. to control the return path of traffic that is sent from the
router
Correct Answer: AC
242. Refer to the exhibit.
Which route type is configured to reach the internet?
§
A. floating static route
§
B. host route
§
C. default route
§
D. network route
Correct Answer: C
243. How does Cisco DNA Center
gather data from the network?
§
A. Network devices use different services like SNMP, syslog, and
streaming telemetry to send data to the controller
§
B. Devices establish an iPsec tunnel to exchange data with the
controller
§
C. Devices use the call-home protocol to periodically send data
to the controller.
§
D. The Cisco CU Analyzer tool gathers data from each licensed
network device and streams it to the controller.
Correct Answer: A
244. What is the difference
regarding reliability and communication type between TCP and UDP?
§
A. TCP is reliable and is a connection-oriented protocol; UDP is
not reliable and is a connectionless protocol
§
B. TCP is not reliable and is a connection-oriented protocol;
UDP is reliable and is a connectionless protocol
§
C. TCP is not reliable and is a connectionless protocol; UDP is
reliable and is a connection-oriented protocol
§
D. TCP is reliable and is a connectionless protocol; UDP is not
reliable and is a connection-oriented protocol
Correct Answer: A
245. Several new coverage cells
are required to improve the Wi-Fi network of an organization. Which two
standard designs are recommended? (Choose two.)
§
A. 5GHz provides increased network capacity with up to 23
nonoverlapping channels.
§
B. 5GHz channel selection requires an autonomous access point.
§
C. Cells that overlap one another are configured to use
nonoverlapping channels.
§
D. Adjacent cells with overlapping channels use a repeater
access point.
§
E. For maximum throughput, the WLC is configured to dynamically
set adjacent access points to the channel.
Correct Answer: CE
246. The service
password-encryption command is entered on a router. What is the effect of this
configuration?
§
A. restricts unauthorized users from viewing clear-text passwords
in the running configuration
§
B. prevents network administrators from configuring clear-text
passwords
§
C. protects the VLAN database from unauthorized PC connections
on the switch
§
D. encrypts the password exchange when a VPN tunnel is
established
Correct Answer: A
247. Which type of ipv6 address
is publicly routable in the same way as ipv4 public addresses?
§
A. multicast
§
B. unique local
§
C. link-local
§
D. global unicast
Correct Answer: D
248. Which two statements are
true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose
two.)
§
A. It establishes a static route to the 172.16.3.0 network.
§
B. It establishes a static route to the 192.168.2.0 network.
§
C. It configures the router to send any traffic for an unknown
destination to the 172.16.3.0 network.
§
D. It configures the router to send any traffic for an unknown
destination out the interface with the address 192.168.2.4.
§
E. It uses the default administrative distance.
§
F. It is a route that would be used last if other routes to the
same destination exist.
Correct Answer: AE
249. Which three statements are
typical characteristics of VLAN arrangements? (Choose three.)
§
A. A new switch has no VLANs configured.
§
B. Connectivity between VLANs requires a Layer 3 device.
§
C. VLANs typically decrease the number of collision domains.
§
D. Each VLAN uses a separate address space.
§
E. A switch maintains a separate bridging table for each VLAN.
§
F. VLANs cannot span multiple switches.
Correct Answer: BDE
250. Refer to the exhibit. To
which device does Router1 send packets that are destined to host 10.10.13.165?
§
A. Router2
§
B. Router3
§
C. Router4
§
D. Router5
Correct Answer: B
251. Refer to the exhibit.
Which two commands were used to create port channel 10? (Choose two.)
A. int range g0/0-1
channel-group 10 mode active
B. int range g0/0-1
channel-group 10 mode desirable
C. int range g0/0-1
channel-group 10 mode passive
D. int range g0/0-1
channel-group 10 mode auto
E. int range g0/0-1
channel-group 10 mode on
Correct Answer: AC
252. What are two requirements
for an HSRP group? (Choose two.)
§
A. exactly one active router
§
B. one or more standby routers
§
C. one or more backup virtual routers
§
D. exactly one standby active router
§
E. exactly one backup virtual router
Correct Answer: AB
Explanation:
A: exactly one active router: Only one Active Router per HSRP group will be
elected based on highest
priority. In case of equal priority, Highest IP address will be elected as
Active Router.
B: one or more standby routers : There can be one or more Standby Routers.
C, D And E are incorrect: Wrong terminology.
253. What occurs to frames
during the process of frame flooding?
§
A. Frames are sent to all ports, including those that are
assigned to other VLANs.
§
B. Frames are sent to every port on the switch that has a
matching entry in MAC address table.
§
C. Frames are sent to every port on the switch in the same VLAN
except from the originating port.
§
D. Frames are sent to every port on the switch in the same VLAN.
Correct Answer: C
254. If all OSPF routers in a
single area are configured with the same priority value, what value does a
router use for the OSPF router ID in the absence of a loopback interface?
§
A. the IP address of the first Fast Ethernet interface
§
B. the IP address of the console management interface
§
C. the highest IP address among its active interfaces
§
D. the lowest IP address among its active interfaces
§
E. the priority value until a loopback interface is configured
Correct Answer: C
255. Which IPv6 address block
forwards packets to a multicast address rather than a unicast address?
§
A. 2000::/3
§
B. FC00::/7
§
C. FE80::/10
§
D. FF00::/12
Correct Answer: D
256. The OSPF Hello protocol
performs which of the following tasks? (Choose two.)
§
A. It negotiates correctness parameters between neighboring
interfaces.
§
B. It broadcasts hello packets throughout the internetwork to
discover all routers that are running OSP
§
C. It provides dynamic neighbor discovery.
§
D. It detects unreachable neighbors in 90 second intervals.
§
E. It uses timers to elect the router with the fastest links as
the designated router.
§
F. It maintains neighbor relationships
Correct Answer: CF
257. What are two benefits of
using VTP in a switching environment? (Choose two.)
§
A. It allows switches to read frame tags.
§
B. It allows ports to be assigned to VLANs automatically.
§
C. It maintains VLAN consistency across a switched network.
§
D. It allows frames from multiple VLANs to use a single
interface.
§
E. It allows VLAN information to be automatically propagated
throughout the switching environment.
Correct Answer: CE
258. Which purpose does a
northbound API serve in a controller-based networking architecture?
§
A. communicates between the controller and the physical network
hardware
§
B. reports device errors to a controller
§
C. generates statistics for network hardware and traffic
§
D. facilitates communication between the controller and the
applications
Correct Answer: D
259. The OSPF Hello protocol
performs which of the following tasks? (Choose two.)
§
A. It provides dynamic neighbor discovery.
§
B. It detects unreachable neighbors in 90 second intervals.
§
C. It maintains neighbor relationships.
§
D. It negotiates correctness parameters between neighboring
interfaces.
§
E. It uses timers to elect the router with the fastest links as
the designated router.
§
F. It broadcasts hello packets throughout the internetwork to
discover all routers that are running OSPF.
Correct Answer: AC
260. What are two reasons a
network administrator would use CDP? (Choose two.)
§
A. to verify the type of cable interconnecting two devices
§
B. to determine the status of network services on a remote
device
§
C. to obtain VLAN information from directly connected switches
§
D. to verify Layer 2 connectivity between two devices when Layer 3
fails
§
E. to obtain the IP address of a connected device in order to
telnet to the device
§
F. to determine the status of the routing protocols between
directly connected routers
Correct Answer: DE
261. Refer to the exhibit. An
administrator is tasked with configuring a voice VLAN. What is the expected
outcome when a Cisco phone is connected to the GigabitEthernet 3/1/4 port on a
switch?
§
A. The phone and a workstation that is connected to the phone do
not have VLAN connectivity.
§
B. The phone sends and receives data in VLAN 50, but a workstation
connected to the phone sends and receives data in VLAN 1.
§
C. The phone sends and receives data in VLAN 50, but a
workstation connected to the phone has no VLAN connected.
§
D. The phone and a workstation that is connected to the phone
send and receive data in VLAN 50.
Correct Answer: B
262. Refer to the exhibit. An
engineer deploys a topology in which R1 obtains its IP configuration from DHCP.
If the switch and DHCP server configurations are complete and correct. Which
two sets of commands must be configured on R1 and R2 to complete the task?
(Choose two)
A.
R1(config)# interface fa0/0
R1(config-if)# ip helper-address 198.51.100.100
B.
R2(config)# interface gi0/0
R2(config-if)# ip helper-address 198.51.100.100
C.
R1(config)# interface fa0/0
R1(config-if)# ip address dhcp
R1(config-if)# no shutdown
D.
R2(config)# interface gi0/0
R2(config-if)# ip address dhcp
E.
R1(config)# interface fa0/0
R1(config-if)# ip helper-address 192.0.2.2
Correct Answer: BC
263. Refer to the exhibit. What
commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for
VLAN 20, with IP address 10.20.20.1/24?
A.
R1(config)#interface ethernet0/0
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
B.
R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
C.
R1(config)#interface ethernet0/0.20
R1(config)#ip address 10.20.20.1 255.255.255.0
D.
R1(config)#interface ethernet0/0
R1(config)#ip address 10.20.20.1 255.255.255.0
Correct Answer: B
264. On a corporate network,
hosts on the same VLAN can communicate with each other, but they are unable to
communicate with hosts on different VLANs. What is needed to allow
communication between the VLANs?
§
A. a router with subinterfaces configured on the physical
interface that is connected to the switch
§
B. a router with an IP address on the physical interface
connected to the switch
§
C. a switch with an access link that is configured between the
switches
§
D. a switch with a trunk link that is configured between the
switches
Correct Answer: A
Explanation:
Different VLANs can’t communicate with each other , they can communicate with
the help of Layer3 router. Hence , it is needed to connect a router to a switch
, then make the sub-interface on the router to connect to the switch,
establishing Trunking links to achieve communications of devices which belong
to different VLANs.
265. Which command can you
enter to determine the addresses that have been assigned on a DHCP Server?
§
A. Show ip DHCP database.
§
B. Show ip DHCP pool.
§
C. Show ip DHCP binding.
§
D. Show ip DHCP server statistic.
Correct Answer: C
266. Refer to the exhibit. If
the network environment is operating normally, which type of device must be
connected to interface FastEthernet 0/1?
§
A. DHCP client
§
B. access point
§
C. router
§
D. PC
Correct Answer: C
267. Refer to the exhibit.
Which configuration on RTR-1 denies SSH access from PC-1 to any RTR-1 interface
and allows all other traffic?
A.
access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
interface GigabitEthernet0/0
ip access-group 100 in
B.
access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
line vty 0 15
access-class 100 in
C.
access-list 100 deny tcp host 172.16.1.33 any eq 23
access-list 100 permit ip any any
interface Gigabit Ethernet0/0
ip access-group 100 in
D.
access-list 100 deny tcp host 172.16.1.33 any eq 23
access-list 100 permit ip any any
line vty 0 15
access-class 100 in
Correct Answer: B
268. Which function dose the
range of private IPv4 addresses perform?
§
A. allow multiple companies to each use the same address without
conflicts
§
B. provides a direct connection for hosts from outside of the
enterprise network
§
C. ensues that NAT is not required to reach the internet with
private range addressing
§
D. enable secure communications to the internet for all external
hosts
Correct Answer: A
269. Which type of API would be
used to allow authorized salespeople of an organization access to internal
sales data from their mobile devices?
§
A. partner
§
B. open
§
C. public
§
D. private
Correct Answer: D
270. What is a characteristic
of the REST API?
§
A. evolved into what became SOAP
§
B. used for exchanging XML structured information over HTTP or
SMTP
§
C. considered slow, complex, and rigid
§
D. most widely used API for web services
Correct Answer: D
271. What is the name of the
layer in the Cisco borderless switched network design that is considered to be
the backbone used for high-speed connectivity and fault isolation?
§
A. data link
§
B. access
§
C. core
§
D. network
§
E. network access
Correct Answer: C
272. Refer to the exhibit. An
administrator configures the following ACL in order to prevent devices on the
192.168.1.0 subnet from accessing the server at 10.1.1.5:
access-list
100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5
access-list
100 permit ip any any
Where
should the administrator place this ACL for the most efficient use of network
resources?
§
A. inbound on router A Fa0/0
§
B. outbound on router B Fa0/0
§
C. outbound on router A Fa0/1
§
D. inbound on router B Fa0/1
Correct Answer: A
273. Which step in the
link-state routing process is described by a router sending Hello packets out
all of the OSPF-enabled interfaces?
§
A. electing the designated router
§
B. establishing neighbor adjacencies
§
C. injecting the default route
§
D. exchanging link-state advertisements
Correct Answer: B
274. Refer to the exhibit.
Router R1 is configured with static NAT. Addressing on the router and the web
server are correctly configured, but there is no connectivity between the web
server and users on the Internet. What is a possible reason for this lack of
connectivity?
§
A. The router NAT configuration has an incorrect inside local
address.
§
B. The inside global address is incorrect.
§
C. The NAT configuration on interface S0/0/1 is incorrect.
§
D. Interface Fa0/0 should be configured with the command ip nat
outside
Correct Answer: A
275. Anycompany has decided to
reduce its environmental footprint by reducing energy costs, moving to a
smaller facility, and promoting telecommuting. What service or technology would
support this requirement?
§
A. Cisco ACI
§
B. cloud services
§
C. APIC-EM
§
D. data center
Correct Answer: B
276. A company needs to
interconnect several branch offices across a metropolitan area. The network
engineer is seeking a solution that provides high-speed converged traffic,
including voice, video, and data on the same network infrastructure. The company
also wants easy integration to their existing LAN infrastructure in their
office locations. Which technology should be recommended?
§
A. VSAT
§
B. ISDN
§
C. Frame Relay
§
D. Ethernet WAN
Correct Answer: D
Explanation: Ethernet WAN uses many Ethernet
standards and it connects easily to existing Ethernet LANs. It provides a
switched, high-bandwidth Layer 2 network capable of managing data, voice, and
video all on the same infrastructure. ISDN, while capable of supporting both
voice and data, does not provide high bandwidth. VSAT uses satellite
connectivity to establish a private WAN connection but with relatively low
bandwidth. Use of VSAT, ISDN, and Frame Relay require specific network devices
for the WAN connection and data conversion between LAN and WAN.
277. Refer to the exhibit.
Which two configurations would be used to create and apply a standard access
list on R1, so that only the 10.0.70.0/25 network devices are allowed to access
the internal database server? (Choose two.)
§
A.
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip access-group 5 out
§
B.
R1(config)# access-list 5 permit 10.0.54.0 0.0.1.255
§
C.
R1(config)# interface Serial0/0/0
R1(config-if)# ip access-group 5 in
§
D.
R1(config)# access-list 5 permit 10.0.70.0 0.0.0.127
§
E.
R1(config)# access-list 5 permit any
Correct Answer: AD
278. Which type of VPN uses a
hub-and-spoke configuration to establish a full mesh topology?
§
A. GRE over IPsec
§
B. dynamic multipoint VPN
§
C. MPLS VPN
§
D. IPsec virtual tunnel interface
Correct Answer: B
279. What are two purposes of
launching a reconnaissance attack on a network? (Choose two.)
§
A. to prevent other users from accessing the system
§
B. to escalate access privileges
§
C. to gather information about the network and devices
§
D. to scan for accessibility
§
E. to retrieve and modify data
Correct Answer: CD
Explanation: Gathering information about a network
and scanning for access is a reconnaissance attack. Preventing other users from
accessing a system is a denial of service attack. Attempting to retrieve and
modify data, and attempting to escalate access privileges are types of access
attacks.
280. Refer to the exhibit. If
the switch reboots and all routers have to re-establish OSPF adjacencies, which
routers will become the new DR and BDR?
§
A. Router R3 will become the DR and router R1 will become the BDR.
§
B. Router R4 will become the DR and router R3 will become the
BDR.
§
C. Router R1 will become the DR and router R2 will become the
BDR.
§
D. Router R3 will become the DR and router R2 will become the
BDR.
Correct Answer: A
Explanation: OSPF
elections of a DR are based on the following in order of precedence:
§
highest pritority from 1 -255 (0 = never a DR)
§
highest router ID
§
highest IP address of a loopback or active interface in the
absence of a manually configured router ID. Loopback IP addresses take higher
precedence than other interfaces.
In this case routers R1 and R3 have the highest router priority.
Between the two, R3 has the higher router ID. Therefore, R3 will become the DR
and R1 will become the BDR.
281. The SW1 interface g0/1 is
in the down/down state. Which two configurations are valid reasons for the
interface conditions?(choose two)
§
A. There is a duplex mismatch
§
B. There is a speed mismatch
§
C. There is a protocol mismatch
§
D. The interface is shut down
§
E. The interface is error-disabled
Correct Answer: B
E
282. In which two ways does a
password manager reduce the chance of a hacker stealing a users password?
(Choose two.)
§
A. It automatically provides a second authentication factor that
is unknown to the original user.
§
B. It uses an internal firewall to protect the password
repository from unauthorized access.
§
C. It protects against keystroke logging on a compromised device
or web site.
§
D. It stores the password repository on the local workstation
with built-in antivirus and anti-malware functionality
§
E. It encourages users to create stronger passwords.
Correct Answer: C
E
283. What is the primary
purpose of a First Hop Redundancy Protocol?
§
A. It allows directly connected neighbors to share configuration
information.
§
B. It allows a router to use bridge priorities to create
multiple loop-free paths to a single destination.
§
C. It reduces routing failures by allowing Layer 3 load
balancing between OSPF neighbors that have the same link metric.
§
D. It reduces routing failures by allowing more than one router to
represent itself, as the default gateway of a network.
Correct Answer: D
284. Refer to the exhibit.
Which path is used by the router for internet traffic?
§
A. 209.165.200.0/27
§
B. 10.10.10.0/28
§
C. 0.0.0.0/0
§
D. 10.10.13.0/24
Correct Answer: C
285. Refer to Exhibit. The
loopback1 interface of the Atlanta router must reach the loopback3 interface of
the Washington router. Which two static host routes must be configured on the
NEW York router? (Choose two)
§
A. ipv6 route 2000::1/128 2012::1
§
B. ipv6 route 2000::3/128 2023::3
§
C. ipv6 route 2000::3/128 s0/0/0
§
D. ipv6 route 2000::1/128 2012::2
§
E. ipv6 route 2000::1/128 s0/0/1
Correct Answer: A
B
286. Refer to the exhibit. A
packet is being sent across router R1 to host 172.16.3.14. To which destination
does the router send the packet?
§
A. 207.165.200.246 via Serial0/1/0
§
B. 207.165.200.254 via Serial0/0/0
§
C. 207.165.200.254 via Serial0/0/1
§
D. 207.165.200.250 via Serial0/0/0
Correct Answer: C
287. Which goal is achieved by
the implementation of private IPv4 addressing on a network?
§
A. allows servers and workstations to communicate across public
network boundaries
§
B. provides a reduction in size of the forwarding table on
network routers
§
C. allows communication across the Internet to other private
networks
§
D. provides an added level of protection against Internet exposure
Correct Answer: D
288. Refer to the exhibit. A
network administrator assumes a task to complete the connectivity between PC A
and the File Server Switch A and Switch B have been partially configured with
VLANs 10, 11, 12, and 13 What is the next step in the configuration?
§
A. Add PDA to VLAN 10 and the File Server to VLAN 11 for VLAN
segmentation
§
B. Add VLAN 13 to the trunk links on Switch A and Switch B for
VLAN propagation
§
C. Add a router on a stick between Switch A and Switch B
allowing for Inter VLAN routing
§
D. Add PC A to the same subnet as the File Server allowing for
intra-VLAN communication
Correct Answer: B
289. When a WPA2-PSK WLAN is
configured in the Wireless LAN Controller, what is the minimum number of
characters that is required in ASCII formar?
§
A. 6
§
B. 8
§
C. 12
§
D. 18
Correct Answer: B
290. Refer to the exhibit Which
outcome is expected when PC_A sends data to PC_B?
§
A. The switch rewrites the source and destination MAC addresses
with its own
§
B. The source and destination MAC addresses remain the same
§
C. The source MAC address is changed
§
D. The destination MAC address is replaced with ffff.ffff.ffff
Correct Answer: B
291. An engineer needs to
configure LLDP to send the port description time length value (TLV). What
command sequence must be implemented?
§
A. switch#lldp port-description
§
B. switch(config)#lldp port-description
§
C. switch(config-line)#lldp port-description
§
D. switch(config-if)#lldp port-description
Correct Answer: B
292. Refer to the exhibit.
Which switch becomes the root bridge?
§
A. S1
§
B. S2
§
C. S3
§
D. S4
Correct Answer: B
293. Refer to the exhibit. What
is the next hop address for traffic that is destined to host 10.0.1.5?
§
A. Loopback 0
§
B. 10.0.1.4
§
C. 10.0.1.50
§
D. 10.0.1.3
Correct Answer: C
294. When the active router in
an HSRP group fails, what router assumes the role and forwards packets?
§
A. forwarding
§
B. backup
§
C. standby
§
D. listening
Correct Answer: C
295. An organization secures
its network with multi-factor authentication using an authenticator app on
employee smartphones. How is the applic secured in the case of a user’s
smartphone being lost or stolen?
§
A. The application requires the user to enter a PIN before it
provides the second factor
§
B. the application challenges a user by requiring an
administrator password to reactivate when the smartphone is rebooted
§
C. The application requires an aadministrator password to
reactivate after a configured interval
§
D. The application verifies that the user is in a specific
location before it provides the second factor
Correct Answer: A
296. Refer to the exhibit. What
action establishes the OSPF neighbor relationship without forming an adjacency?
§
A. modify priority
§
B. modify process ID
§
C. modify hello interval
§
D. modity network type
Correct Answer: C
297. Refer to the exhibit. An
engineer booted a new switch and applied this configuration via the console
port. Which additional configuration must be applied to allow administrators to
authenticate directly to enable privilege mode via Telnet using a local
username and password?
A.
R1(config)#username admin
R1(config-if)#line vty 0 4
R1(config-line)#password p@ss1234
B.
R1(config)#username admin
R1(config-if)#line vty 0 4
R1(config-line)#password p@ss1234
R1(config-line)#transport input telnet
C.
R1(config)#username admin secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local
R1(config)#enable secret p@ss1234
D.
R1(config)#username admin privilege 15 secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local
Correct
Answer: D
298. Refer to the exhibit.
Which switch in this configuration will be elected as the root bridge?
SW1:
0C:E0:38:00:36:75
SW2: 0C:0E:15:22:05:97
SW3: 0C:0E:15:1A:3C:9D
SW4: 0C:E0:18:A1:B3:19
§
A. SW1
§
B. SW2
§
C. SW3
§
D. SW4
Correct Answer: C
299. An engineer is configuring
NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses
192.168.3.1, 192.168.3.2, 192.168.3.3 . Which configuration should be used?
A.
enable
configure terminal
ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30
route-map permit 10.10.0.0 255.255.255.0
ip nat outside destination list 1 pool mypool
interface g1/1
ip nat inside
interface g1/2
ip nat outside
B.
enable
configure terminal
ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30
access-list 1 permit 10.10.0.0 0.0.0.254
ip nat inside source list 1 pool mypool
interface g1/1
ip nat inside
interface g1/2
ip nat outside
C.
enable
configure terminal
ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30
access-list 1 permit 10.10.0.0 0.0.0.255
ip nat inside source list 1 pool mypool
interface g1/1
ip nat inside
interface g1/2
ip nat outside
D.
enable
configure terminal
ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30
access-list 1 permit 10.10.0.0 0.0.0.255
ip nat outside destination list 1 pool mypool
interface g1/1
ip nat inside
interface g1/2
ip nat outside
Correct Answer: C
300. An office has 8 floors
with approximately 30-40 users per floor .What command must be configured on
the router Switched Virtual Interface to use address space efficiently?
§
A. ip address 192.168.0.0 255.255.0.0
§
B. ip address 192.168.0.0 255.255.254.0
§
C. ip address 192.168.0.0 255.255.255.128
§
D. ip address 192.168.0.0 255.255.255.224
Correct Answer: B
301. Which device performs
stateful inspection of traffic?
§
A. firewall
§
B. switch
§
C. access point
§
D. wireless controller
Correct Answer: A
302. What criteria is used
first during the root port selection process?
§
A. local port ID
§
B. lowest path cost to the root bridge
§
C. lowest neighbor’s bridge ID
§
D. lowest neighbor’s port ID
Correct Answer: B
303. Router R2 is configured
with multiple routes to reach network 10 1.1.0/24 from router R1. What protocol
is chosen by router R2 to reach the destination network 10.1.1.0/24?
§
A. eBGP
§
B. static
§
C. OSPF
§
D. EIGRP
Correct Answer: B
304. A network administrator
enabled port security on a switch interface connected to a printer. What is the
next configuration action in order to allow the port to learn the MAC address
of the printer and insert it into the table automatically?
§
A. enable dynamic MAC address learning
§
B. implement static MAC addressing.
§
C. enable sticky MAC addressing
§
D. implement auto MAC address learning
Correct Answer: C
305. Which configuration
ensures that the switch is always the root for VLAN 750?
§
A. Switch(config)#spanning-tree vlan 750 priority 38003685
§
B. Switch(config)#spanning-tree vlan 750 root primary
§
C. Switch(config)#spanning-tree vlan 750 priority 614440
§
D. Switch(config)#spanning-tree vlan 750 priority 0
Correct Answer: D
Explanation/Reference: Although the spanning-tree vlan 10 root primary command
will ensure a switch will have a bridge priority value lower than other bridges
introduced to the network, the spanning-tree vlan 10 priority 0 command
ensures the bridge priority takes precedence over all other priorities.
306. An engineer must configure
an OSPF neighbor relationship between router R1 and R3 The authentication
configuration has been configured and the connecting interfaces are in the same
192.168 1.0/30 sublet. What are the next two steps to complete the
configuration? (Choose two.)
§
A. configure the hello and dead timers to match on both sides
§
B. configure the same process ID for the router OSPF process
§
C. configure the same router ID on both routing processes
§
D. Configure the interfaces as OSPF active on both sides.
§
E. configure both interfaces with the same area ID
Correct Answer: A E
307. What protocol allows an
engineer to back up 20 network router configurations globally while using the
copy function?
§
A. SMTP
§
B. SNMP
§
C. TCP
§
D. FTP
Correct Answer: B
308. Which state does the
switch port move to when PortFast is enabled?
§
A. learning
§
B. forwarding
§
C. blocking
§
D. listening
Correct Answer: B
309. What are two roles of
Domain Name Services (DNS)? (Choose Two)
§
A. builds a flat structure of DNS names for more efficient IP
operations
§
B. encrypts network Traffic as it travels across a WAN by
default
§
C. improves security by protecting IP addresses under Fully
Qualified Domain Names (FQDNs)
§
D. enables applications to identify resources by name instead of
IP address
§
E. allows a single host name to be shared across more than one IP
address
Correct Answer: D E
310. How do TCP and UDP differ
in the way they guarantee packet delivery?
§
A. TCP uses checksum, acknowledgement, and retransmissions, and
UDP uses checksums only.
§
B. TCP uses retransmissions, acknowledgement and parity checks
and UDP uses cyclic redundancy checks only.
§
C. TCP uses checksum, parity checks, and retransmissions, and
UDP uses acknowledgements only.
§
D. TCP uses two-dimensional parity checks, checksums, and cyclic
redundancy checks and UDP uses retransmissions only.
Correct Answer: A
311. A device detects two
stations transmitting frames at the same time. This condition occurs after the
first 64 bytes of the frame is received interface counter increments?
§
A. collision
§
B. CRC
§
C. runt
§
D. late collision
Correct Answer: D
312. Which technology is used
to improve web traffic performance by proxy caching?
§
A. WSA
§
B. Firepower
§
C. ASA
§
D. FireSIGHT
Correct Answer: A
313. Using direct sequence
spread spectrum, which three 2.4-GHz channels are used to limit collisions?
§
A. 1,6,11
§
B. 1,5,10
§
C. 1,2,3
§
D. 5,6,7
Correct Answer: A
314. Which type of attack can
be mitigated by dynamic ARP inspection?
§
A. worm
§
B. malware
§
C. DDoS
§
D. man-in-the-middle
Correct Answer: D
315. What are two benefits of
controller-based networking compared to traditional networking?
§
A. controller-based increases network bandwidth usage, while
traditional lightens the load on the network.
§
B. controller-based inflates software costs, while traditional
decreases individual licensing costs
§
C. Controller-based reduces network configuration complexity,
while traditional increases the potential for errors
§
D. Controller-based provides centralization of key IT functions.
While traditional requires distributes management function
§
E. controller-based allows for fewer network failure, while
traditional increases failure rates.
Correct Answer: C D
Explanation: Cisco DNA Center Device Management
3. Monitor the cloud for software update
5. Uses CLI templates to apply a consistent configuration to multiple devices
at an individual location
6. Uses NetFlow to analyse potential security threats throughout the network
and take appropriate action on that traffic Traditional device management
2. Manages device configuration on a per-device basis
4. Security is managed near the perimeter of the network with firewalls, VPNs,
and IPS Implements changes via an SSH terminal
316. What software defined
architecture plane assists network devices with making packet-forwarding
decisions by providing Layer 2 reachability and Layer 3 routing information?
§
A. data plane
§
B. control plane
§
C. policy plane
§
D. management plane
Correct Answer: B
317. Which WAN access
technology is preferred for a small office / home office architecture?
§
A. broadband cable access
§
B. frame-relay packet switching
§
C. dedicated point-to-point leased line
§
D. Integrated Services Digital Network switching.
Correct Answer: A
318. Refer to the exhibit.
Which route type does the routing protocol Code D represent in the output?
§
A. internal BGP route
§
B. /24 route of a locally configured IP
§
C. statically assigned route
§
D. route learned through EIGRP
Correct Answer: D
319. Which two WAN architecture
options help a business scalability and reliability for the network? (Choose
two)
§
A. asychronous routing
§
B. single-homed branches
§
C. dual-homed branches
§
D. static routing
§
E. dynamic routing
Correct Answer: A C
320. A wireless administrator
has configured a WLAN; however, the clients need access to a less congested
5-GHz network for their voice quality. What action must be taken to meet the
requirement?
§
A. enable AAA override
§
B. enable RX-SOP
§
C. enable DTIM
§
D. enable Band Select
Correct Answer: D
321. What mechanism carries
multicast traffic between remote sites and supports encryption?
§
A. ISATAP
§
B. GRE over iPsec
§
C. iPsec over ISATAP
§
D. GRE
Correct Answer: B
322. An engineer must establish
a trunk link between two switches. The neighboring switch is set to trunk or
desirable mode. What action should be taken?
§
A. configure switchport nonegotiate
§
B. configure switchport mode dynamic desirable
§
C. configure switchport mode dynamic auto
§
D. configure switchport trunk dynamic desirable
Correct Answer: C
323. Which type of information
resides on a DHCP server?
§
A. a list of the available IP addresses in a pool
§
B. a list of public IP addresses and their corresponding names
§
C. usernames and passwords for the end users in a domain
§
D. a list of statically assigned MAC addresses
Correct Answer: A
324. What is a function of
Wireless LAN Controller?
§
A. register with a single access point that controls traffic
between wired and wireless endpoints.
§
B. use SSIDs to distinguish between wireless clients.
§
C. send LWAPP packets to access points.
§
D. monitor activity on wireless and wired LANs
Correct Answer: C
Explanation/Reference: Lightweight APs
(LAPs) is devices require no initial configuration. LAPs use the Lightweight
Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC), as
shown in the below figure. Controller-based APs are useful in situations where
many APs are required in the network. As more APs are added, each AP is
automatically configured and managed by the WLC.
325. What role does a
hypervisor provide for each virtual machine in server virtualization?
§
A. infrastructure-as-a-service.
§
B. Software-as-a-service
§
C. control and distribution of physical resources
§
D. services as a hardware controller.
Correct Answer: C
Explanation/Reference: The hypervisor
creates and manages virtual machines on a host computer and allocates physical
system resources to them.
326. Which technology must be
implemented to configure network device monitoring with the highest security?
§
A. syslog
§
B. NetFlow
§
C. IP SLA
§
D. SNMPv3
Correct Answer: D
327. What is the function of a
server?
§
A. It transmits packets between hosts in the same broadcast
domain.
§
B. It provides shared applications to end users.
§
C. It routes traffic between Layer 3 devices.
§
D. It Creates security zones between trusted and untrusted
networks
Correct Answer: B
328. Refer to the exhibit.
Which type of configuration is represented in the output?
§
A. Ansible
§
B. JSON
§
C. Chef
§
D. Puppet
Correct Answer: D
329. A port security violation
has occurred on a switch port due to the maximum MAC address count being
exceeded Which command must be configured to increment the security-violation
count and forward an SNMP trap?
§
A. switchport port-security violation access
§
B. switchport port-security violation protect
§
C. switchport port-security violation restrict
§
D. switchport port-security violation shutdown
Correct Answer: C
Explanation/Reference: Click here
330. Which spanning-tree
enhancement avoids the learning and listening states and immediately places ports
in the forwarding state?
§
A. BPDUfilter
§
B. PortFast
§
C. Backbonefast
§
D. BPDUguard
Correct Answer: B
Explanation/Reference: PortFast
Spanning Tree Portfast causes layer 2 switch interfaces to enter forwarding
state immediately,
bypassing the listening and learning states. It should be used on ports
connected directly to end hosts
like servers or workstations. Note: If portfast isn’t enabled, DHCP timeouts
can occur while STP
converges, causing more problems.
Reference: Click here
331. What are two functions of
a Layer 2 switch? (Choose two)
§
A. acts as a central point for association and authentication
servers
§
B. selects the best route between networks on a WAN
§
C. moves packets within a VLAN
§
D. moves packets between different VLANs
§
E. makes forwarding decisions based on the MAC address of a packet
Correct Answer: C, E
332. A manager asks a network
engineer to advise which cloud service models are used so employees do not have
to waste their time installing, managing, and updating software which is only
used occasionally Which cloud service model does the engineer recommend?
§
A. infrastructure-as-a-service
§
B. platform-as-a-service
§
C. business process as service to support different types of
service
§
D. software-as-a-service
Correct Answer: D
333. Which two functions are
performed by the core layer in a three-tier architecture? (Choose two)
§
A. Provide uninterrupted forwarding service.
§
B. Police traffic that is sent to the edge of the network.
§
C. Provide direct connectivity for end user devices.
§
D. Ensure timely data transfer between layers.
§
E. Inspect packets for malicious activity.
Correct Answer: A,D
Explanation: Cisco is very clear about the purpose of
this layer. Its only role is to forward traffic, the fastest it can. Here you
don’t apply any policy, as you must try to reduce the load of the core so it
can focus on routing.
Reference: Click here
334. When using Rapid PVST+,
which command guarantees the switch is always the root bridge for VLAN 200?
§
A. spanning -tree vlan 200 priority 614440
§
B. spanning -tree vlan 200 priority 0
§
C. spanning -tree vlan 200 priority 38572422
§
D. spanning -tree vlan 200 root primary
Correct Answer: B
335. What are two functions of
a server on a network? (Choose two)
§
A. achieves redundancy by exclusively using virtual server
clustering
§
B. runs applications that send and retrieve data for workstations
that make requests
§
C. handles requests from multiple workstations at the same time
§
D. runs the same operating system in order to communicate with
other servers
§
E. housed solely in a data center that is dedicated to a single
client
Correct Answer: B,C
336. What is the primary
function of a Layer 3 device?
§
A. to analyze traffic and drop unauthorized traffic from the
Internet
§
B. to transmit wireless traffic between hosts
§
C. to pass traffic between different networks
§
D. forward traffic within the same broadcast domain
Correct Answer: C
337. Refer to the exhibit.
After the election process what is the root bridge in the HQ LAN?
§
A. Switch 1
§
B. Switch 2
§
C. Switch 3
§
D. Switch 4
Correct Answer: C
Explanation: The root bridge is determined by the
lowest bridge ID, which consists of the priority value and the MAC address.
Because the priority values of all of the switches are not avalable, the MAC
address is used to determine the root bridge. Because S3 has the lowest MAC
address, S3 becomes the root bridge.
338. An engineer requires a
scratch interface to actively attempt to establish a trunk link with a neighbor
switch. What command must be configured?
§
A. switchport mode trunk
§
B. switchport mode dynamic desirable
§
C. switchport mode dynamic auto
§
D. switchport nonegotiate
Correct Answer: B
339. What is a function of TFTP
in network operations?
§
A. transfers a backup configuration file from a server to a
switch using a username and password
§
B. transfers files between file systems on a router
§
C. transfers a configuration files from a server to a router on
a congested link
§
D. transfers IOS images from a server to a router for firmware
upgrades
Correct Answer: D
340. What are two
recommendations for protecting network ports from being exploited when located
in an office space outside of an IT closet? (Choose two)
§
A. configure static ARP entries
§
B. enable the PortFast feature on ports
§
C. implement port-based authentication
§
D. configure ports to a fixed speed
§
E. shut down unused ports
Correct Answer: C,E
341. What is a recommended
approach to avoid co-channel congestion while installing access points that use
the 2.4 GHz frequency?
§
A. different nonoverlapping channels
§
B. different overlapping channels
§
C. one overlapping channel
§
D. one nonoverlapping channel
Correct Answer: A
342. Refer to the exhibit. An
engineer configured the New York router with state routes that point to the
Atlanta and Washington sites. When command must be configured on the Atlanta
and Washington routers so that both sites are able to reach the loopback2
interface on the New York router?
§
A. ipv6 route ::/0 Serial 0/0/1
§
B. ipv6 route 0/0 Serial 0/0/0
§
C. ipv6 route ::/0 Serial 0/0/0
§
D. ip route 0.0.0.0.0.0.0.0 Serial 0/0/0
§
E. ipv6 route ::/0 2000::2
Correct Answer: C
343. What is a function of a
remote access VPN?
§
A. used cryptographic tunneling to protect the privacy of data
for multiple users simultaneously
§
B. used exclusively when a user is connected to a company’s
internal network
§
C. establishes a secure tunnel between two branch sites
§
D. allows the users to access company internal network resources
through a secure tunnel
Correct Answer: D
344. Which CRUD operation
modifies an existing table or view?
§
A. read
§
B. create
§
C. replace
§
D. update
Correct Answer: D
345. What is a DHCP client?
§
A. a workstation that requests a domain name associated with its
IP address
§
B. a host that is configured to request an IP address
automatically
§
C. a server that dynamically assigns IP addresses to hosts.
§
D. a router that statically assigns IP addresses to hosts.
Correct Answer: B
346. What is the same for both
copper and fiber interfaces when using SFP modules?
§
A. They support an inline optical attenuator to enhance signal
strength
§
B. They provide minimal interruption to services by being
hot-swappable
§
C. They offer reliable bandwidth up to 100 Mbps in half duplex
mode
§
D. They accommodate single-mode and multi-mode in a single
module
Correct Answer: B
347. When using Rapid PVST+,
which command guarantees the switch is always the root bridge for VLAN 200?
§
A. spanning -tree vlan 200 priority 614440
§
B. spanning -tree vlan 200 priority 38572422
§
C. spanning -tree vlan 200 priority 0
§
D. spanning -tree vlan 200 root primary
Correct Answer: C
348. An engineer must configure
Interswitch VLAN communication between a Cisco switch and a third-party switch.
Which action should be taken?
§
A. configure IEEE 802.1p
§
B. configure IEEE 802.1q
§
C. configure ISL
§
D. configure DSCP
Correct Answer: B
349. Which protocol prompts the
Wireless LAN Controller to generate its own local web administration SSL
certificate for GUI access?
§
A. HTTPS
§
B. RADIUS
§
C. TACACS+
§
D. HTTP
Correct Answer: A
350. In software defined
architectures, which plane is distributed and responsible for traffic
forwarding?
§
A. management plane
§
B. control plane
§
C. policy plane
§
D. data plane
Correct Answer: D
351. Which function is
performed by the collapsed core layer in a two-tier architecture?
§
A. enforcing routing policies
§
B. marking interesting traffic for data polices
§
C. attaching users to the edge of the network
§
D. applying security policies
Correct Answer: A
352. Where does the
configuration reside when a helper address Is configured to support DHCP?
§
A. on the router closest to the server
§
B. on the router closest to the client
§
C. on every router along the path
§
D. on the switch trunk interface
Correct Answer: B
353. Refer to the exhibit. A
network administrator must permit SSH access to remotely manage routers in a
network. The operations team resides on the 10.20.1.0/25 network. Which command
will accomplish this task?
§
A. access-list 2699 permit udp 10.20.1.0 0.0.0.255
§
B. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
§
C. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
§
D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
Correct Answer: D
Explanation: Already a statement is there in last to
allow SSH Traffic for network 10.20.1.0 0.0.0.127, but
Second statement says deny ip any 10.20.1.0 0.0.0.255, so how it will work once
it is denied. So the
right answer is remove the — no access-list 2699 deny ip any 10.20.1.0
0.0.0.255.
354. What is the purpose of
traffic shaping?
§
A. to mitigate delays over slow links
§
B. to provide fair queuing for buffered flows
§
C. to limit the bandwidth that a flow can use to
§
D. be a marking mechanism that identifies different flows
Correct Answer: B
Explanation: Traffic shaping retains excess packets
in a queue and then schedules the excess for later transmission over increments
of time.
355. Which configuration
management mechanism uses TCP port 22 by default when communicating with
managed nodes?
§
A. Ansible
§
B. Python
§
C. Puppet
§
D. Chef
Correct Answer: A
356. Refer to the exhibit. If
OSPF Is running on this network, how does Router2 handle traffic from Site B to
10.10.13.128/25 at Site A?
§
A. It load-balances traffic out of Fa0/1 and Fa0/2.
§
B. It is unreachable and discards the traffic.
§
C. It sends packets out of interface Fa0/2.
§
D. It sends packets out of interface Fa0/1.
Correct Answer: B
357. Refer to the exhibit.
Which command configures a floating static route to provide a backup to the
primary link?
§
A. ip route 0.0.0.0 0.0.0.0 209.165.202.131
§
B. ip route 209.165.201.0 255.255.255.224 209.165.202.130
§
C. ip route 0.0.0.0 0.0.0.0 209.165.200.224
§
D. ip route 209.165.200.224 255.255.255.224 209.165.202.129 254
Correct Answer: D
358. What is a practice that
protects a network from VLAN hopping attacks?
§
A. Enable dynamic ARP inspection
§
B. Configure an ACL to prevent traffic from changing VLANs
§
C. Change native VLAN to an unused VLAN ID
§
D. Implement port security on internet-facing VLANs
Correct Answer: C
359. Which technology can
prevent client devices from arbitrarily connecting to the network without state
remediation?
§
A. 802.1x
§
B. IP Source Guard
§
C. MAC Authentication Bypass
§
D. 802.11n
Answer: A
360. What facilitates a Telnet
connection between devices by entering the device name?
§
A. SNMP
§
B. DNS lookup
§
C. syslog
§
D. NTP
Answer: B
361. How does the
dynamically-learned MAC address feature function?
§
A. The CAM table is empty until ingress traffic arrives at each
port
§
B. Switches dynamically learn MAC addresses of each connecting
CAM table.
§
C. The ports are restricted and learn up to a maximum of 10
dynamically-learned addresses
§
D. It requires a minimum number of secure MAC addresses to be
filled dynamically
Answer: A
362. When implementing a router
as a DHCP server, which two features must be configured? (Choose two)
§
A. relay agent information
§
B. database agent
§
C. address pool
§
D. smart-relay
§
E. manual bindings
Answer: B
C
363. Which command must be
entered to configure a DHCP relay?
§
A. ip helper-address
§
B. ip address dhcp
§
C. ip dhcp pool
§
D. ip dhcp relay
Answer: A
364. Where does a switch
maintain DHCP snooping information?
§
A. in the MAC address table
§
B. in the CAM table
§
C. in the binding database
§
D. in the frame forwarding database
Answer: C
365. Which type of security
program is violated when a group of employees enters a building using the ID
badge of only one person?
§
A. intrusion detection
§
B. user awareness
§
C. physical access control
§
D. network authorization
Answer: C
366. A network administrator
needs to aggregate 4 ports into a single logical link which must negotiate
layer 2 connectivity to ports on another switch What must be configured when
using active mode on both sides of the connection?
§
A. 802.1q trunks
§
B. Cisco vPC
§
C. LLDP
§
D. LACP
Answer: D
367. In which situation is
private IPv4 addressing appropriate for a new subnet on the network of an
organization?
§
A. There is limited unique address space, and traffic on the new
subnet will stay local within the organization.
§
B. The network has multiple endpoint listeners, and it is
desired to limit the number of broadcasts.
§
C. Traffic on the subnet must traverse a site-to-site VPN to an
outside organization.
§
D. The ISP requires the new subnet to be advertised to the
internet for web services.
Answer: A
368. Aside from discarding,
which two states does the switch port transition through while using RSTP
(802.1w)? (Choose two)
§
A. listening
§
B. blocking
§
C. forwarding
§
D. learning
§
E. speaking
Answer: C
D
369. Which state does the
switch port move to when PortFast is enabled?
§
A. forwarding
§
B. listening
§
C. blocking
§
D. learning
Answer: A
370. Refer to the exhibit. An
access list is created to deny Telnet access from host PC-1 to RTR-1 and allow
access from all other hosts A Telnet attempt from PC-2 gives this message:”%
Connection refused by remote host” Without allowing Telnet access from PC-1,
which action must be taken to permit the traffic?
§
A. Add the access-list 10 permit any command to the configuration
§
B. Remove the access-class 10 in command from line vty 0.4.
§
C. Add the ip access-group 10 out command to interface g0/0.
§
D. Remove the password command from line vty 0 4.
Answer: A
371. What is a role of wireless
controllers in an enterprise network?
§
A. centralize the management of access points in an enterprise
network
§
B. support standalone or controller-based architectures
§
C. serve as the first line of defense in an enterprise network
§
D. provide secure user logins to devices on the network.
Answer: A
372. What is the effect when
loopback interfaces and the configured router ID are absent during the OSPF
Process configuration?
§
A. No router ID is set, and the OSPF protocol does not run.
§
B. The highest up/up physical interface IP address is selected as
the router ID.
§
C. The lowest IP address is incremented by 1 and selected as the
router ID.
§
D. The router ID 0.0.0.0 is selected and placed in the OSPF
process.
Answer: B
373. What is recommended for
the wireless infrastructure design of an organization?
§
A. group access points together to increase throughput on a
given channel
§
B. configure the first three access points are configured to use
Channels 1, 6, and 11
§
C. include a least two access points on nonoverlapping channels
to support load balancing
§
D. assign physically adjacent access points to the same Wi-Fi
channel
Answer: B
374. Which 802.11 frame type is
indicated by a probe response after a client sends a probe request?
§
A. action
§
B. management
§
C. control
§
D. data
Answer: B
375. How do servers connect to
the network in a virtual environment?
§
A. wireless to an access point that is physically connected to
the network
§
B. a cable connected to a physical switch on the network
§
C. a virtual switch that links to an access point that is
physically connected to the network
§
D. a software switch on a hypervisor that is physically connected
to the network
Answer: D
376. Which CRUD operation
corresponds to the HTTP GET method?
§
A. read
§
B. update
§
C. create
§
D. delete
Answer: A
Explanation: GET: This method retrieves the
information identified by the request URI. In the context of the RESTful web
services, this method is used to retrieve resources. This is the method used
for read operations (the R in CRUD).
https://hub.packtpub.com/crud-operations-rest/
377. With REST API, which
standard HTTP header tells a server which media type is expected by the client?
§
A. Accept-Encoding: gzip. deflate
§
B. Accept-Patch: text/example; charset=utf-8
§
C. Content-Type: application/json; charset=utf-8
§
D. Accept: application/json
Answer: D
Explanation: Accept header is a way for a client to
specify the media type of the response content it is expecting and Content-type
is a way to specify the media type of request being sent from the client to the
server.
378. Which device tracks the
state of active connections in order to make a decision to forward a packet
through?
§
A. wireless access point
§
B. firewall
§
C. wireless LAN controller
§
D. router
Answer: B
379. Refer to the exhibit. PC1
is trying to ping PC3 for the first time and sends out an ARP to S1. Which
action is taken by S1?
§
A. It forwards it out G0/3 only
§
B. It is flooded out every port except G0/0.
§
C. It drops the frame.
§
D. It forwards it out interface G0/2 only.
Answer: B
380. Refer to the exhibit. A
network administrator has been tasked with securing VTY access to a router.
Which access-list entry accomplishes this task?
§
A. access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10
0.0.0.255 eq ssh
§
B. access-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10
0.0.0.255 eq scp
§
C. access-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10
0.0.0.255 eq telnet
§
D. access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10
0.0.0.255 eq https
Answer: A
381. A network administrator
must enable DHCP services between two sites. What must be configured for the
router to pass DHCPDISCOVER messages on to the server?
§
A. a DHCP Relay Agent
§
B. DHCP Binding
§
C. a DHCP Pool
§
D. DHCP Snooping
Answer: A
382. Which device controls the
forwarding of authentication requests for users when connecting to the network
using a lightweight access point?
§
A. TACACS server
§
B. wireless access point
§
C. RADIUS server
§
D. wireless LAN controller
Answer: D
383. Refer to the exhibit. What
is the result if Gig1/11 receives an STP BPDU?
§
A. The port transitions to STP blocking
§
B. The port transitions to the root port
§
C. The port immediately transitions to STP forwarding.
§
D. The port goes into error-disable state
Answer: D
384. Which configuration is
needed to generate an RSA key for SSH on a router?
§
A. Configure the version of SSH
§
B. Configure VTY access.
§
C. Create a user with a password.
§
D. Assign a DNS domain name
Answer: D
385. What is the maximum
bandwidth of a T1 point-to-point connection?
§
A. 1.544 Mbps
§
B. 2.048 Mbps
§
C. 34.368 Mbps
§
D. 43.7 Mbps
Answer: A
Explanation: Point to Point T1 A Point to Point T1
service is a private data connection securely connecting two or more locations
with T1 data speeds (1.54Mbps).
386. An engineer must configure
traffic for a VLAN that is untagged by the switch as it crosses a trunk link.
Which command should be used?
§
A. switchport trunk allowed vlan 10
§
B. switchport trunk native vlan 10
§
C. switchport mode trunk
§
D. switchport trunk encapsulation dot1q
Answer: B
387. How does a Cisco Unified
Wireless network respond to Wi-Fi channel overlap?
§
A. It alternates automatically between 2.4 GHz and 5 GHz on
adjacent access points
§
B. It allows the administrator to assign channels on a
per-device or per-interface basis.
§
C. It segregates devices from different manufacturers onto
different channels.
§
D. It analyzes client load and background noise and dynamically
assigns a channel.
Answer: A
388. What does a switch use to
build its MAC address table?
§
A. VTP
§
B. DTP
§
C. egress traffic
§
D. ingress traffic
Answer: D
389. Which network plane is
centralized and manages routing decisions?
§
A. policy plane
§
B. management plane
§
C. control plane
§
D. data plane
Answer: C
390. What does a router do when
configured with the default DNS lookup settings, and a URL is entered on the
CLI?
§
A. initiates a ping request to the URL
§
B. prompts the user to specify the desired IP address
§
C. continuously attempts to resolve the URL until the command is
cancelled
§
D. sends a broadcast message in an attempt to resolve the URL
Answer: D
391. What is a DNS lookup
operation?
§
A. DNS server pings the destination to verify that it is
available
§
B. serves requests over destination port 53
§
C. DNS server forwards the client to an alternate IP address
when the primary IP is down
§
D. responds to a request for IP address to domain name resolution
to the DNS server
Answer: D
392. Refer to the exhibit. A
network engineer must configured communication between PC A and the File
Server. To prevent interruption for any other communications, which command
must be configured?
§
A. Switch trunk allowed vlan 12
§
B. Switchport trunk allowed vlan none
§
C. Switchport trunk allowed vlan add 13
§
D. Switchport trunk allowed vlan remove 10-11
Answer: C
393. What is a characteristic
of a SOHO network?
§
A. connects each switch to every other switch in the network
§
B. enables multiple users to share a single broadband connection
§
C. provides high throughput access for 1000 or more users
§
D. includes at least three tiers of devices to provide load
balancing and redundancy
Correct Answer: B
394. Which resource is able to
be shared among virtual machines deployed on the same physical server?
§
A. disk
§
B. applications
§
C. VM configuration file
§
D. operating system
Correct Answer: A
395. Which implementation
provides the strongest encryption combination for the wireless environment?
§
A. WPA2 + AES
§
B. WPA + AES
§
C. WEP
§
D. WPA + TKIP
Correct Answer: A
396. Refer to the exhibit.
After running the code in the exhibit, which step reduces the amount of data
that the NETCONF server returns to the NETCONF client, to only the interface’s
configuration?
§
A. Use the Ixml library to parse the data returned by the
NETCONF server for the interface’s configuration.
§
B. Create an XML filter as a string and pass it to get_config()
method as an argument.
§
C. Create a JSON filter as a string and pass it to the
get_config() method as an argument.
§
D. Use the JSON library to parse the data returned by the NETCONF
server for the interface’s configuration.
Correct Answer: D
397. What is an appropriate use
for private IPv4 addressing?
§
A. on the public-facing interface of a firewall
§
B. to allow hosts inside to communicate in both directions with
hosts outside the organization
§
C. on internal hosts that stream data solely to external
resources
§
D. on hosts that communicates only with other internal hosts
Correct Answer: D
398. What are two functions of
an SDN controller? (Choose two)
§
A. Layer 2 forwarding
§
B. coordinating VTNs
§
C. tracking hosts
§
D. managing the topology
§
E. protecting against DDoS attacks
Correct Answer: B
D
399. If a switch port receives
a new frame while it is actively transmitting a previous frame, how does it
process the frames?
§
A. The new frame is delivered first, the previous frame is
dropped, and a retransmission request is sent.
§
B. The previous frame is delivered, the new frame is dropped,
and a retransmission request is sent.
§
C. The new frame is placed in a queue for transmission after the
previous frame.
§
D. The two frames are processed and delivered at the same time.
Correct Answer: C
400. Refer to the exhibit.
The ntp
server 192.168.0.3 command has been configured on router 1 to make it an NTP
client of router 2. Which command must be configured on router 2 so that it
operates in server-only mode and relies only on its internal clock?
§
A. Router2(config)#ntp passive
§
B. Router2(config)#ntp server 172.17.0.1
§
C. Router2(config)#ntp master 4
§
D. Router2(config)#ntp server 192.168.0.2
Correct Answer: C
401. Which WAN topology
provides a combination of simplicity quality, and availability?
§
A. partial mesh
§
B. full mesh
§
C. point-to-point
§
D. hub-and-spoke
Correct Answer: C
402. Why does a switch flood a
frame to all ports?
§
A. The frame has zero destination MAC addresses.
§
B. The source MAC address of the frame is unknown
§
C. The source and destination MAC addresses of the frame are the
same
§
D. The destination MAC address of the frame is unknown.
Correct Answer: D
403. When DHCP is configured on
a router, which command must be entered so the default gateway is automatically
distributed?
§
A. default-router
§
B. default-gateway
§
C. ip helper-address
§
D. dns-server
Correct Answer: A
404. What is a network
appliance that checks the state of a packet to determine whether the packet is
legitimate?
§
A. Layer 2 switch
§
B. load balancer
§
C. firewall
§
D. LAN controller
Correct Answer: C
405. How is the native VLAN
secured in a network?
§
A. separate from other VLANs within the administrative domain
§
B. give it a value in the private VLAN range
§
C. assign it as VLAN 1
§
D. configure it as a different VLAN ID on each end of the link
Correct Answer: A
406. Which command on a port
enters the forwarding state immediately when a PC is connected to it?
§
A. switch(config)#spanning-tree portfast default
§
B. switch(config)#spanning-tree portfast bpduguard default
§
C. switch(config-if)#spanning-tree portfast trunk
§
D. switch(config-if)#no spanning-tree portfast
Correct Answer: C
407. Refer to Exhibit. Which
configuration must be applied to the router that configures PAT to translate
all addresses in VLAN 200 while allowing devices on VLAN 100 to use their own
IP addresses?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: D
408. Refer to the exhibit. An
administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11 PC-1 and
PC-2 must be placed in the Data VLAN and Phone-1 must be placed in the Voice
VLAN Which configuration meets these requirements?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: C
409. Refer to the exhibit.
Which switch becomes the root of the spanning tree for VLAN 110?
§
A. Switch 1
§
B. Switch 2
§
C. Switch 3
§
D. Switch 4
Correct Answer: B
410. What is a benefit of VRRP?
§
A. It provides traffic load balancing to destinations that are
more than two hops from the source.
§
B. It provides the default gateway redundancy on a LAN using two
or more routers.
§
C. It allows neighbors to share routing table information
between each other.
§
D. It prevents loops in a Layer 2 LAN by forwarding all traffic
to a root bridge, which then makes the final forwarding decision.
Correct Answer: B
411. Which protocol does an
IPv4 host use to obtain a dynamically assigned IP address?
§
A. ARP
§
B. DHCP
§
C. CDP
§
D. DNS
Correct Answer: B
412. Refer to the exhibit. An
access list is required to permit traffic from any host on interface G0/0 and
deny traffic from interface G/0/1. Which access list must be applied?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: A
413. How does a switch process
a frame received on Fa0/1 with the destination MAC address of 0e38.7363.657b
when the table is missing the address?
§
A. lt drops the frame immediately.
§
B. It forwards the frame back out of interface Fa0/1.
§
C. It floods the frame to all interfaces except Fa0/1.
§
D. It holds the frame until the MAC address timer expires and
then drops the frame.
Correct Answer: C
414. Which condition must be
met before an NMS handles an SNMP trap from an agent?
§
A. The NMS software must be loaded with the MIB associated with
the trap.
§
B. The NMS must be configured on the same router as the SNMP
agent
§
C. The NMS must receive a trap and an inform message from the
SNMP agent within a configured interval
§
D. The NMS must receive the same trap from two different SNMP
agents to verify that it is reliable.
Correct Answer: A
415. What is the purpose of a
southbound API in a control based networking architecture?
§
A. Facilities communication between the controller and the applications
§
B. Facilities communication between the controller and the
networking hardware
§
C. allows application developers to interact with the network
§
D. integrates a controller with other automation and
orchestration tools.
Correct Answer: B
Explanation: The
Southbound Interface
In a controller-based
network architecture, the controller needs to communicate to the networking
devices. In most network drawings and architecture drawings, those network
devices typically sit below the controller, as shown in Figure 16-5. There is
an interface between the controller and those devices, and given its location
at the bottom part of drawings, the interface came to be known as the
southbound interface, or SBI, as labeled in Figure 16-5.
FIGURE 16-5 Centralized
Control Plane and a Distributed Data Plane
416. Which switch technology
establishes a network connection immediately when it is plugged in?
§
A. PortFast
§
B. BPDU guard
§
C. UplinkFast
§
D. BackboneFast
Correct Answer: C
417. What causes a port to be
placed in the err-disabled state?
§
A. latency
§
B. port security violation
§
C. shutdown command issued on the port
§
D. nothing plugged into the port
Correct Answer: B
Explanation: This mode is the default violation mode;
when in this mode, the switch will automatically force the switchport into an
error disabled (err-disable) state when a violation occurs. While in this
state, the switchport forwards no traffic. The switchport can be brought out of
this error disabled state by issuing the errdisable recovery cause CLI command
or by disabling and reenabling the switchport.
418. An engineer needs to add
an old switch back into a network. To prevent the switch from corrupting the
VLAN database which action must be taken?
§
A. Add the switch in the VTP domain with a lower revision number
§
B. Add the switch with DTP set to dynamic desirable
§
C. Add the switch in the VTP domain with a higher revision
number
§
D. Add the switch with DTP set to desirable
Correct Answer: A
419. Which JSON data type is an
unordered set of attribute- value pairs?
§
A. array
§
B. string
§
C. object
§
D. Boolean
Correct Answer: C
420. What occurs when
overlapping Wi-Fi channels are implemented?
§
A. The wireless network becomes vulnerable to unauthorized
access.
§
B. Wireless devices are unable to distinguish between different
SSIDs
§
C. Users experience poor wireless network performance.
§
D. Network communications are open to eavesdropping.
Correct Answer: C
421. Which technology allows
for multiple operating systems to be run on a single host computer?
§
A. virtual routing and forwarding
§
B. network port ID visualization
§
C. virtual device contexts
§
D. Server Virtualization
Correct Answer: D
422. Which two QoS tools
provides congestion management? (Choose two)
§
A. CAR
§
B. CBWFQ
§
C. PQ
§
D. PBR
§
E. FRTS
Correct Answer: B
C
Explanation: Type of queuing methods are available:*
First-In-First-Out (FIFO)* Priority Queuing (PQ)* Custom Queuing (CQ)* Weighted
Fair Queuing (WFQ)* Class-Based Weighted Fair Queuing (CBWFQ)* LowLatency
Queuing (LLQ)
423. Refer to the exhibit. An
administrator must turn off the Cisco Discovery Protocol on the port configured
with address last usable address in the 10.0.0.0/30 subnet. Which command set
meets the requirement?
A. interface gi0/1
no cdp enable
B. interface gi0/1
clear cdp table
C. interface gi0/0
no cdp advertise-v2
D. interface gi0/0
no cdp run
Correct Answer: A
424. What is a role of access
points in an enterprise network?
§
A. connect wireless devices to a wired network
§
B. support secure user logins to devices or the network
§
C. integrate with SNMP in preventing DDoS attacks
§
D. serve as a first line of defense in an enterprise network
Correct Answer: A
425. What is a similarity
between OM3 and OM4 fiber optic cable?
§
A. Both have a 50 micron core diameter
§
B. Both have a 9 micron core diameter
§
C. Both have a 62.5 micron core diameter
§
D. Both have a 100 micron core diameter
Correct Answer: A
426. Refer to the exhibit.
The
entire contents of the MAC address table are shown. Sales-4 sends a data frame
to Sales-1.
What
does the switch do as it receives the frame from Sales-4?
§
A. Perform a lookup in the MAC address table and discard the
frame due to a missing entry.
§
B. Insert the source MAC address and port into the forwarding
table and forward the frame to Sales-1.
§
C. Map the Layer 2 MAC address to the Layer 3 IP address and
forward the frame.
§
D. Flood the frame out of all ports except on the port where
Sales-1 is connected.
Correct Answer: B
427. What describes the
operation of virtual machines?
§
A. Virtual machines are responsible for managing and allocating
host hardware resources
§
B. In a virtual machine environment, physical servers must run
one operating system at a time.
§
C. Virtual machines are the physical hardware that support a
virtual environment.
§
D. Virtual machines are operating system instances that are
decoupled from server hardware
Correct Answer: D
428. Refer to the exhibit. Only
four switches are participating in the VLAN spanning-tree process.
Branch-1 priority 614440
Branch-2: priority 39082416
Branch-3: priority 0
Branch-4: root primary
Which switch becomes the
permanent root bridge for VLAN 5?
§
A. Branch-1
§
B. Branch-2
§
C. Branch-3
§
D. Branch-4
Correct Answer: C
Explanation: Dynamic ARP inspection is an
ingress security feature; it does not perform any egress checking.
429. When deploying syslog,
which severity level logs informational message?
§
A. 0
§
B. 2
§
C. 4
§
D. 6
Correct Answer: D
430. Refer to the exhibit.
Shortly after SiteA was connected to SiteB over a new single-mode fiber path
users at SiteA report intermittent connectivity issues with applications hosted
at SiteB What is the cause of the intermittent connectivity issue?
§
A. Interface errors are incrementing
§
B. An incorrect SFP media type was used at SiteA
§
C. High usage is causing high latency
§
D. The sites were connected with the wrong cable type
Correct Answer: A
Explanation: reliability 255/255: When the input and
output errors increase, they affect the reliability counter. This indicates how
likely it is that a packet can be delivered or received succesfully.
Reliability is calculated like this: reliability = number of packets / number
of total frames. The value of 255 is the highest value meaning that the
interface is very reliable at the moment. The calculation above is done every 5
minutes.
431. Refer to the exhibit. An
engineer must configure GigabitEthernet1/1 to accommodate voice and data
traffic Which configuration accomplishes this task?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: A
432. Which technology is
appropriate for communication between an SDN controller and applications
running over the network?
§
A. OpenFlow
§
B. REST API
§
C. NETCONF
§
D. Southbound API
Correct Answer: B
433. Which security program
element involves installing badge readers on data-center doors to allow workers
to enter and exit based on their job roles?
§
A. role-based access control
§
B. biometrics
§
C. multifactor authentication
§
D. physical access control
Correct Answer: D
434. Which network action
occurs within the data plane?
§
A. compare the destination IP address to the IP routing table.
§
B. run routing protocols (OSPF, EIGRP, RIP, BGP)
§
C. make a configuration change from an incoming NETCONF RPC
§
D. reply to an incoming ICMP echo request
Correct Answer: A
435. Which networking function
occurs on the data plane?
§
A. forwarding remote client/server traffic
§
B. facilitates spanning-tree elections
§
C. processing inbound SSH management traffic
§
D. sending and receiving OSPF Hello packets
Correct Answer: A
436. A network administrator
must to configure SSH for remote access to router R1 The requirement is to use
a public and private key pair to encrypt management traffic to and from the
connecting client. Which configuration, when applied, meets the requirements?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: B
437. Which protocol does an
access point use to draw power from a connected switch?
§
A. Internet Group Management Protocol
§
B. Adaptive Wireless Path Protocol
§
C. Cisco Discovery Protocol
§
D. Neighbor Discovery Protocol
Correct Answer: C
438. What is the benefit of
using FHRP?
§
A. reduced management overhead on network routers
§
B. balancing traffic across multiple gateways in proportion to
their loads
§
C. higher degree of availability
§
D. reduced ARP traffic on the network
Correct Answer: C
439. An administrator must
secure the WLC from receiving spoofed association requests. Which steps must be
taken to configure the WLC to restrict the requests and force the user to wait
10 ms to retry an association request?
§
A. Enable Security Association Teardown Protection and set the
SA Query timeout to 10
§
B. Enable MAC filtering and set the SA Query timeout to 10
§
C. Enable 802.1x Layer 2 security and set me Comeback timer to
10
§
D. Enable the Protected Management Frame service and set the
Comeback timer to 10
Correct Answer: D
440. A network engineer must
configure the router R1 GigabitEthernet1/1 interface to connect to the router
R2 GigabitEthernet1/1 interface. For the configuration to be applied the
engineer must compress the address 2001:0db8:0000:0000:0500:000a:400F:583B.
Which command must be issued on the interface?
§
A. ipv6 address 2001:0db8::5: a: 4F 583B
§
B. ipv6 address 2001:db8::500:a:400F:583B
§
C. ipv6 address 2001 db8:0::500:a:4F:583B
§
D. ipv6 address 2001::db8:0000::500:a:400F:583B
Correct Answer: B
441. What does an SDN
controller use as a communication protocol to relay forwarding changes to a
southbound API?
§
A. OpenFlow
§
B. Java
§
C. REST
§
D. XML
Correct Answer: A
442. What uses HTTP messages to
transfer data to applications residing on different hosts?
§
A. OpenFlow
§
B. OpenStack
§
C. OpFlex
§
D. REST
Correct Answer: D
443. When a WLAN with WPA2 PSK
is configured in the Wireless LAN Controller GUI which format is supported?
§
A. Unicode
§
B. base64
§
C. decimal
§
D. ASCII
Correct Answer: D
444. Which 802.11 management
frame type is sent when a client roams between access points on the same SSID?
§
A. Reassociation Request
§
B. Probe Request
§
C. Authentication Request
§
D. Association Request
Correct Answer: A
445. An engineer observes high
usage on the 2.4GHz channels and lower usage on the 5GHz channels. What must be
configured to allow clients to preferentially use 5GHz access points?
§
A. Re- Anchor Roamed Clients
§
B. 11ac MU-MIMO
§
C. OEAP Split Tunnel
§
D. Client Band Select
Correct Answer: D
446. What is a characteristic
of private IPv4 addressing?
§
A. traverse the Internet when an outbound ACL is applied
§
B. issued by IANA in conjunction with an autonomous system
number
§
C. composed of up to 65.536 available addresses
§
D. used without tracking or registration
Correct Answer: D
447. Refer to the exhibit.
Which command must be executed for Gi1.1 on SW1 to become a trunk port if Gi1/1
on SW2 is configured in desirable or trunk mode?
§
A. switchport mode trunk
§
B. switchport mode dot1-tunnel
§
C. switchport mode dynamic auto
§
D. switchport mode dynamic desirable
Correct Answer: C
448. What are two improvements
provided by automation for network management in an SDN environment? (Choose
two)
§
A. Data collection and analysis tools establish a baseline for
the network
§
B. Artificial intelligence identifies and prevents potential
design failures.
§
C. Machine learning minimizes the overall error rate when
automating troubleshooting processes
§
D. New devices are onboarded with minimal effort
§
E. Proprietary Cisco APIs leverage multiple network management
tools.
Correct Answer: B
E
449. An engineer must configure
the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0
interface of the HQ router and wants to compress it for easier configuration.
Which command must be issued on the router interface?
§
A. ipv6 address 2001:db8::700:3:400F:572B
§
B. ipv6 address 2001:db8:0::700:3:4F:572B
§
C. ipv6 address 2001:Odb8::7:3:4F:572B
§
D. ipv6 address 2001::db8:0000::700:3:400F:572B
Correct Answer: A
450. Which WLC port connects to
a switch to pass normal access-point traffic?
§
A. redundancy
§
B. console
§
C. distribution system
§
D. service
Correct Answer: C
451. An engineering team asks
an implementer to configure syslog for warning conditions and error conditions.
Which command does the implementer configure to achieve the desired result?
§
A. logging trap 5
§
B. logging trap 2
§
C. logging trap 4
§
D. logging trap 3
Correct Answer: C
452. Which two protocols are
supported on service-port interfaces? (Choose two.)
§
A. RADIUS
§
B. TACACS+
§
C. SCP
§
D. Telnet
§
E. SSH
Correct Answer: D
E
453. Refer to the exhibit. How
must router A be configured so that it only sends Cisco Discovery Protocol
Information to router C?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Answer: A
454. Which global command
encrypt all passwords in the running configuration?
§
A. password-encrypt
§
B. enable password-encryption
§
C. enable secret
§
D. service password-encryption
Answer: D
455. What is the function of a
hub-and-spoke WAN topology?
§
A. allows access restrictions to be implemented between
subscriber sites.
§
B. provides direct connections between subscribers
§
C. supports Layer 2 VPNs
§
D. supports application optimization
Answer: B
456. An implementer is
preparing hardware for virtualization to create virtual machines on a host.
What is needed to provide communication between hardware and virtual machines?
§
A. hypervisor
§
B. router
§
C. straight cable
§
D. switch
Correct Answer: A
457. Which two components are
needed to create an Ansible script that configures a VLAN on a switch? (Choose
two.)
§
A. cookbook
§
B. task
§
C. playbook
§
D. model
§
E. recipe
Correct Answer: B C
Explanation: Ansible playbooks: “files that provide
actions and logic about what Ansible should do.”
“The playbook will list tasks and choices based on those results, like
“Configure all branch routers in these locations, and if errors occur for any
device, do these extra tasks for that device”.”
458. Refer to the exhibit.
Which two prefixes are included in this routing table entry? (Choose two.)
§
A. 192.168.1.17
§
B. 192.168.1.61
§
C. 192.168.1.64
§
D. 192.168.1.127
§
E. 192.168.1.254
Correct Answer: AB
459. Which two primary drivers
support the need for network automation? (Choose two.)
§
A. Eliminating training needs
§
B. Increasing reliance on self-diagnostic and self-healing
§
C. Policy-derived provisioning of resources
§
D. Providing a ship entry point for resource provisioning
§
E. Reducing hardware footprint
Correct Answer: C D
460. What is a characteristic
of cloud-based network topology?
§
A. wireless connections provide the sole access method to
services
§
B. onsite network services are provided with physical Layer 2
and Layer 3 components
§
C. services are provided by a public, private, or hybrid
deployment
§
D. physical workstations are configured to share resources
Correct Answer: C
461. A network analyst is
tasked with configured the date and time on a router using EXEC mode. The date
must be set to 12:00am. Which command should be used?
§
A. Clock timezone
§
B. Clock summer-time-recurring
§
C. Clock summer-time date
§
D. Clock set
Correct Answer: D
462. Which HTTP status code is
returned after a successful REST API request?
§
A. 200
§
B. 301
§
C. 404
§
D. 500
Correct Answer: A
463. Refer to the exhibit. When
PC-A sends traffic to PC-B, which network component is in charge of receiving
the packet from PC-A verifying the IP addresses, and forwarding the packet to
PC-B?
§
A. Layer 2 switch
§
B. Router
§
C. Load balancer
§
D. firewall
Correct Answer: B
464. What is the function of a
controller in controller-based networking?
§
A. It serves as the centralized management point of an SDN
architecture.
§
B. It centralizes the data plane for the network.
§
C. It is the card on a core router that maintains all routing
decisions for a campus.
§
D. It is a pair of core routers that maintain all routing
decisions for a campus
Correct Answer: A
465. Refer to me exhibit. Which
action is taken by the router when a packet is sourced from 10.10.10.2 and
destined for 10.10.10.16?
§
A. It uses a route that is similar to the destination address
§
B. It discards the packets.
§
C. It floods packets to all learned next hops.
§
D. It Queues the packets waiting for the route to be learned.
Correct Answer: B
Explanation: Referring
to routing table, 10.10.10.0/28 supports network from 10.10.10.0-10.10.10.15.
Gateway of last resort is not set
So traffic destined to 10.10.10.16 will be discarded.
466. When a switch receives a
frame for a known destination MAC address, how is the frame handed?
§
A. sent to the port identified for the known MAC address
§
B. broadcast to all ports
§
C. forwarded to the first available port
§
D. flooded to all ports except the one from which it originated
Correct Answer: A
Explanation/Reference: A switch builds its MAC
address table by recording the MAC address of each device connected to each of
its ports. The switch uses the information in the MAC address table to send
frames destined for a specific device out the port, which has been assigned to
that device.
Reference: Click here
467. Why was the RFC 1918
address space defined?
§
A. conserve public IPv4 addressing
§
B. preserve public IPv6 address space
§
C. reduce instances of overlapping IP addresses
§
D. support the NAT protocol
Correct Answer: A
468. Refer to the exhibit. R5
is the current DR on the network, and R4 is the BDR. Their interfaces are
flapping, so a network engineer wants the OSPF network to elect a different DR
and BDR. Which set of configurations must the engineer implement?
§
A. Option
§
B. Option
§
C. Option
§
D. Option
Correct Answer: D
469. After installing a new
Cisco ISE server, which task must the engineer perform on the Cisco WLC to
connect wireless clients on a specific VLAN based on their credentials?
§
A. Enable the allow AAA Override
§
B. Enable the Even: Driven RRM.
§
C. Disable the LAG Mode or Next Reboot.
§
D. Enable the Authorized MIC APs against auth-list or AAA.
Correct Answer: A
470. Which level of severity
must be set to get informational syslogs?
§
A. alert
§
B. critical
§
C. notice
§
D. debug
Correct Answer: D
Explanation/Reference: Specifying a level causes
messages at that level and numerically lower levels to be displayed at the
destination.
From Table 3 : informational level = 6, debugging level = 7,
notice/notifications level = 5
Reference: Click here
471. Refer to the exhibit.
Router R4 is dynamically learning the path to the server. If R4 is connected to
R1 via OSPF Area 20, to R2 via R2 BGP, and to R3 via EIGRP 777, which path is
installed in the routing table of R4?
§
A. the path through R1, because the OSPF administrative distance
is 110
§
B. the path through R2. because the IBGP administrative distance
is 200
§
C. the path through R2 because the EBGP administrative distance is
20
§
D. the path through R3. because the EIGRP administrative
distance is lower than OSPF and BGP
Correct Answer: C
472. What is a function of the
Cisco DNA Center Overall Health Dashboard?
§
A. It provides a summary of the top 10 global issues.
§
B. It provides detailed activity logging for the 10 devices and
users on the network.
§
C. It summarizes the operational status of each wireless devise
on the network.
§
D. It summarizes daily and weekly CPU usage for servers and
workstations in the network.
Correct Answer: A
473. Which protocol requires
authentication to transfer a backup configuration file from a router to a
remote server?
§
A. DTP
§
B. FTP
§
C. SMTP
§
D. TFTP
Correct Answer: B
474. Where is the interface
between the control plane and data plane within the softwaredefined
architecture?
§
A. control layer and the infrastructure layer
§
B. application layer and the infrastructure layer
§
C. control layer and the application layer
§
D. application layer and the management layer
Correct Answer: A
475. Which action does the
router take as rt forwards a packet through the network?
§
A. The router replaces the source and desinaoon labels wth the
sending router uterface label as a source and the next hop router label as a
desbnabon
§
B. The router encapsulates the source and destination IP
addresses with the sending router P address as the source and the neighbor IP
address as the destination
§
C. The router replaces the original source and destination MAC
addresses with the sending router MAC address as the source and neighbor MAC
address as the destination
§
D. The router encapsulates the original packet and then includes
a tag that identifies the source router MAC address and transmit transparently
to the destination
Correct Answer: C
476. When a site-to-site VPN is
configured, which IPsec mode provides encapsulation and encryption of the
entire original P packet?
§
A. IPsec tunnel mode with AH
§
B. IPsec transport mode with AH
§
C. IPsec tunnel mode with ESP
§
D. IPsec transport mode with ESP
Correct Answer: C
477. Refer to the exhibit.
Which two commands, when configured on router R1, fulfill these requirements?
(Choose two.)
Packets
towards the entire network 2001:db8:2::/64 must be forwarded through router R2.
Packets
toward host 2001:db8:23::14 preferably must be forwarded through R3.
§
A. Ipv6 route 2001:db8:23::/128 fd00:12::2
§
B. Ipv6 route 2001:db8:23::14/128 fd00:13::3
§
C. Ipv6 route 2001:db8:23::14/64 fd00:12::2
§
D. Ipv6 route 2001:db8:23::/64 fd00:12::2
§
E. Ipv6 route 2001:db8:23::14/64 fd00:12::2 200
Correct Answer: B D
Explanation/Reference: We choose option B
instead of option D because the destination is a host. Therefore, we use a host
route meaning that all bits of the ipv6 destination address must match
(prefix-length of /128). Also, the next hop address should be that of R3
(fd00:13::3) since the question asks that packets for the host must be
forwarded through it.
478. What is the role of a
firewall in an enterprise network?
§
A. Forwards packets based on stateless packet inspection
§
B. Processes unauthorized packets and allows passage to less
secure segments of the network
§
C. determines which packets are allowed to cross from unsecured to
secured networks
§
D. explicitly denies all packets from entering an administrative
domain
Correct Answer: C
479. What is the benefit of
configuring PortFast on an interface?
§
A. After the cable is connected, the interface uses the fastest
speed setting available for that cable type
§
B. After the cable is connected, the interface is available faster
to send and receive user data
§
C. The frames entering the interface are marked with higher
priority and then processed faster by a switch.
§
D. Real-time voice and video frames entering the interface are
processed faster
Correct Answer: B
480. How are VLAN hopping
attacks mitigated?
§
A. enable dynamic ARP inspection
§
B. manually implement trunk ports and disable DTP
§
C. activate all ports and place in the default VLAN
§
D. configure extended VLANs
Correct Answer: B
481. Which two protocols must
be disabled to increase security for management connections to a Wireless LAN
Controller? (Choose two)
§
A. Telnet
§
B. SSH
§
C. HTTP
§
D. HTTPS
§
E. TFTP
Correct Answer: A C
482. When a client and server
are not on the same physical network, which device is used to forward requests
and replies between client and server for DHCP?
§
A. DHCP relay agent
§
B. DHCP server
§
C. DHCPDISCOVER
§
D. DHCPOFFER
Correct Answer: A
483. Which QoS tool is used to
optimize voice traffic on a network that is primarily intended for data
traffic?
§
A. FIFO
§
B. WFQ
§
C. PQ
§
D. WRED
Correct Answer: C
484. On workstations running
Microsoft Windows, which protocol provides the default gateway for the device?
§
A. DHCP
§
B. STP
§
C. SNMP
§
D. DNS
Correct Answer: A
485. What is the purpose of
using First Hop Redundancy Protocol in a specific subnet?
§
A. Filter traffic based on destination IP addressing
§
B. Sends the default route to the hosts on a network
§
C. ensures a loop-free physical topology
§
D. forwards multicast hello messages between routers
Correct Answer: D
Source: Click here
486. What is the difference in
data transmission delivery and reliability between TCP and UDP?
§
A. TCP transmits data at a higher rate and ensures packet
delivery. UDP retransmits lost data to ensure applications receive the data on
the remote end.
§
B. UDP sets up a connection between both devices before
transmitting data. TCP uses the three-way handshake to transmit data with a
reliable connection.
§
C. UDP is used for multicast and broadcast communication. TCP is
used for unicast communication and transmits data at a higher rate with error
checking.
§
D. TCP requires the connection to be established before
transmitting data. UDP transmits data at a higher rate without ensuring packet
delivery.
Correct Answer: D
487. How does QoS optimize
voice traffic?
§
A. reducing bandwidth usage
§
B. by reducing packet loss
§
C. by differentiating voice and video traffic
§
D. by increasing jitter
Correct Answer: C
488. What are network
endpoints?
§
A. act as routers to connect a user to the service prowler
network
§
B. a threat to the network if they are compromised
§
C. support inter-VLAN connectivity
§
D. enforce policies for campus-wide traffic going to the
internet
Correct Answer: B
489. What does physical access
control regulate?
§
A. access to spec fie networks based on business function
§
B. access to servers to prevent malicious activity
§
C. access :o computer networks and file systems
§
D. access to networking equipment and facilities
Correct Answer: D
490. What must be considered
when using 802.11a?
§
A. It is compatible with 802 lib- and 802 11-compliant wireless
devices
§
B. It is used in place of 802 11b/g when many nonoverlapping
channels are required
§
C. It is susceptible to interference from 2 4 GHz devices such
as microwave ovens.
§
D. It is chosen over 802 11b/g when a lower-cost solution is
necessary
Correct Answer: B
Explanation/Reference: 802.11a and 802.11b are
not compatible since 802.11a operates at the 5GHz frequency band and 802.11b
operates at the 2.4GHz band. The 2.4 GHz frequency band with a channel width of
22 MHz only has 3 non-overlapping channels (1, 6 and 11) whereas the 5 GHz band
has 23 non-overlapping channels with a 20 MHz channel width. Therefore, 802.11a
is preferred over 802.11b and 802.11g when many non-overlapping channels are
required since they both operate at 2.4GHz unlike 802.11a.
491. An engineer configures
interface Gi1/0 on the company PE router to connect to an ISP Neighbor
discovery is disabled. Which action is necessary to complete the configuration
if the ISP uses third-party network devices?
§
A. Enable LLDP globally
§
B. Disable autonegotiation
§
C. Disable Cisco Discovery Protocol on the interface
§
D. Enable LLDP-MED on the ISP device
Correct Answer: A
Explanation: LDDP-MED
is used only between network devices (such
as switches) and endpoint devices (such
as phones). For network-to-network connections, LLDP
is used.
Check table 2, protocol uses: Click here
492. Which two events occur
automatically when a device Is added to Cisco DNA Center? (Choose two.)
§
A. The device Is assigned to the Global site.
§
B. The device Is placed into the Unmanaged state.
§
C. The device Is placed into the Provisioned state.
§
D. The device Is placed into the Managed state.
§
E. The device is assigned to the Local site.
Correct Answer: A D
Explanation: Device
in Global Site: When you successfully add, import, or discover a device, Cisco
DNA Center places the device in the Managed state
and assigns it to the Global site by default. Even if you have defined SNMP
server, Syslog server, and NetFlow collector settings for the Global site,
Cisco DNA Center does not change these settings on the device.
Check table 2, protocol uses: Click here
493. What are two benefits of
using the PortFast feature? (Choose two)
§
A. Enabled interfaces are automatically placed in listening
state
§
B. Enabled interfaces come up and move to the forwarding state
immediately
§
C. Enabled interfaces never generate topology change
notifications.
§
D. Enabled interfaces that move to the learning state generate
switch topology change notifications
§
E. Enabled interfaces wait 50 seconds before they move to the
forwarding state
Correct Answer: B C
Explanation/Reference: “A switch will never
generate a topology change notification for an interface that has portfast
enabled.”
Source: Click here
“Another major benefit of the STP portfast feature is that the access ports
bypass the earlier 802.1D STP states (learning and listening) and forward traffic
immediately.”
Source: Click here
494. A network administrator is
asked to configure VLANS 2, 3 and 4 for a new implementation. Some ports must
be assigned to the new VLANS with unused remaining. Which action should be
taken for the unused ports?
§
A. configure port in the native VLAN
§
B. configure ports in a black hole VLAN
§
C. configure in a nondefault native VLAN
§
D. configure ports as access ports
Correct Answer: B
495. Which function is
performed by DHCP snooping?
§
A. propagates VLAN information between switches
§
B. listens to multicast traffic for packet forwarding
§
C. provides DDoS mitigation
§
D. rate-limits certain traffic
Correct Answer: D
496. Which plane is centralized
by an SON controller?
§
A. management-plane
§
B. control-plane
§
C. data-plane
§
D. services-plane
Correct Answer: B
497. Which access layer
threat-mitigation technique provides security based on identity?
§
A. Dynamic ARP Inspection
§
B. using a non-default native VLAN
§
C. 802.1x
§
D. DHCP snooping
Correct Answer: C
498. What are two similarities
between UTP Cat 5e and Cat 6a cabling? (Choose two.)
§
A. Both operate at a frequency of 500 MHz.
§
B. Both support runs of up to 55 meters.
§
C. Both support runs of up to 100 meters.
§
D. Both support speeds of at least 1 Gigabit.
§
E. Both support speeds up to 10 Gigabit.
Correct Answer: C D
499. Refer to the exhibit. What
is the metric of the route to the 192.168.10.33/28 subnet?
§
A. 84
§
B. 110
§
C. 128
§
D. 192
§
E. 193
Correct Answer: E
500. What are two
characteristics of the distribution layer in a three-tier network architecture?
(Choose two.)
§
A. serves as the network aggregation point
§
B. provides a boundary between Layer 2 and Layer 3 communications
§
C. designed to meet continuous, redundant uptime requirements
§
D. is the backbone for the network topology
§
E. physical connection point for a LAN printer
Correct Answer: AB
Explanation/Reference: The distribution
layer aggregates the data received from the access layer
switches before it is transmitted to the core layer for routing to its final
destination. In Figure 1-6, the distribution layer is the boundary between the
Layer 2 domains and the Layer 3 routed network.
Reference: Click here
501. What prevents a
workstation from receiving a DHCP address?
§
A. DTP
§
B. STP
§
C. VTP
§
D. 802.10
Correct Answer: B
502. What Is a syslog facility?
§
A. Host that is configured for the system to send log messages
§
B. password that authenticates a Network Management System to
receive log messages
§
C. group of log messages associated with the configured severity
level
§
D. set of values that represent the processes that can generate a
log message
Correct Answer: D
503. Which communication
interaction takes place when a southbound API Is used?
§
A. between the SDN controller and PCs on the network
§
B. between the SON controller and switches and routers on the
network
§
C. between the SON controller and services and applications on
the network
§
D. between network applications and switches and routers on the
network
Correct Answer: B
504. Which port type supports
the spanning-tree portfast command without additional configuration?
§
A. access ports
§
B. Layer 3 main Interfaces
§
C. Layer 3 suninterfaces
§
D. trunk ports
Correct Answer: A
505. An engineer is configuring
data and voice services to pass through the same port. The designated switch
interface fastethernet0/1 must transmit packets using the same priority for
data when they are received from the access port of the IP phone. Which
configuration must be used?
A)
interface fastethernet0/1
switchport priority extend cos
7
B)
interface fastethernet0/1
switchport voice vlan untagged
C)
interface fastethernet0/1
switchport voice vlan dot1p
D)
interface fastethernet0/1
switchport priority extend trust
Correct Answer: A
506. Which mode must be set for
APs to communicate to a Wireless LAN Controller using the Control and
Provisioning of Wireless Access Points (CAPWAP) protocol?
§
A. bridge
§
B. route
§
C. autonomous
§
D. lightweight
Correct Answer: D
507. What are two benefits of
FHRPs? (Choose two.)
§
A. They prevent (oops in the Layer 2 network.
§
B. They allow encrypted traffic.
§
C. They are able to bundle muftlple ports to increase bandwidth
§
D. They enable automatic failover of the default gateway.
§
E. They allow multiple devices lo serve as a single virtual
gateway for clients in the network
Correct Answer: D,E
508. What are two
characteristics of an SSID? (Choose Two)
§
A. It can be hidden or broadcast in a WLAN
§
B. It uniquely identifies an access point in a WLAN
§
C. It uniquely identifies a client in a WLAN
§
D. It is at most 32 characters long.
§
E. IT provides secured access to a WLAN
Correct Answer: A, D
509. In QoS, which
prioritization method is appropriate for interactive voice and video?
§
A. expedited forwarding
§
B. traffic policing
§
C. round-robin scheduling
§
D. low-latency queuing
Correct Answer: D
510. Refer to the exhibit.
Which change to the configuration on Switch allows the two switches to
establish an GtherChannel?
§
A. Change the protocol to EtherChannel mode on.
§
B. Change the LACP mode to active
§
C. Change the LACP mode to desirable
§
D. Change the protocol to PAqP and use auto mode
Correct Answer: B
511. What Is the path for
traffic sent from one user workstation to another workstation on a separate
switch In a Ihree-lter architecture model?
§
A. access – core – distribution – access
§
B. access – distribution – distribution – access
§
C. access – core – access
§
D. access -distribution – core – distribution – access
Correct Answer: D
512. How does WPA3 improve
security?
§
A. It uses SAE for authentication.
§
B. It uses a 4-way handshake for authentication.
§
C. It uses RC4 for encryption.
§
D. It uses TKIP for encryption.
Correct Answer: A
513. Where does wireless
authentication happen?
§
A. SSID
§
B. radio
§
C. band
§
D. Layer 2
Correct Answer: D
514. How are the switches in a
spine-and-leaf topology interconnected?
§
A. Each leaf switch is connected to one of the spine switches.
§
B. Each leaf switch is connected to two spine switches, making a
loop.
§
C. Each leaf switch is connected to each spine switch.
§
D. Each leaf switch is connected to a central leaf switch, then
uplinked to a core spine switch.
Correct Answer: C
515. What are two
characteristics of a public cloud Implementation? (Choose two.)
§
A. It is owned and maintained by one party, but it is shared
among multiple organizations.
§
B. It enables an organization to fully customize how It deploys
network resources.
§
C. It provides services that are accessed over the Internet.
§
D. It Is a data center on the public Internet that maintains
cloud services for only one company.
§
E. It supports network resources from a centralized third-party
provider and privately-owned virtual resources
Correct Answer: C,E
516. Which virtual MAC address
is used by VRRP group 1?
§
A. 0050.0c05.ad81
§
B. 0007.c061.bc01
§
C. 0000.5E00.0101
§
D. 0500.3976.6401
Correct Answer: C
517. Which type of traffic Is
sent with pure iPsec?
§
A. broadcast packets from a switch that is attempting to locate
a MAC address at one of several remote sites
§
B. multicast traffic from a server at one site to hosts at
another location
§
C. spanning-tree updates between switches that are at two
different sites
§
D. unicast messages from a host at a remote site lo a server at
headquarters
Correct Answer: D
518. What is the purpose of an
SSID?
§
A. It provides network security
§
B. It differentiates traffic entering access posits
§
C. It identities an individual access point on a WLAN
§
D. It identifies a WLAN
Correct Answer: D
519. What is a similarly
between 1000BASE-LX and 1000BASE-T standards?
§
A. Both use the same data-link header and trailer formats
§
B. Both cable types support LP connectors
§
C. Both cable types support Rj-45 connectors
§
D. Both support up to 550 meters between nodes
Correct Answer: A
520. What is a capability of
FTP in network management operations?
§
A. encrypts data before sending between data resources
§
B. devices are directly connected and use UDP to pass file
information
§
C. uses separate control and data connections to move files
between server and client
§
D. offers proprietary support at the session layer when
transferring data
Correct Answer: C
Explanation: –
Control Connection: The control connection uses very simple rules for
communication. Through control connection, we can transfer a line of command or
line of response at a time. The control connection is made between the control processes.
The control connection remains connected during the entire interactive FTP
session.
– Data Connection: The Data Connection uses very complex rules as data types
may vary. The data connection is made between data transfer processes. The data
connection opens when a command comes for transferring the files and closes
when the file is transferred.
https://www.cisco.com/c/en/us/td/docs/ios/sw_upgrades/interlink/r2_0/user/ugftpc1.html
521. Refer to the exhibit. A
network engineer is in the process of establishing IP connectivity between two
sites. Routers R1 and R2 are partially configured with IP addressing. Both
routers have the ability to access devices on their respective LANs. Which
command set configures the IP connectivity between devices located on both LANs
in each site?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: C
522. Which type of organization
should use a collapsed-core architecture?
§
A. large and requires a flexible, scalable network design
§
B. large and must minimize downtime when hardware fails
§
C. small and needs to reduce networking costs currently
§
D. small but is expected to grow dramatically in the near future
Correct Answer: C
Explanation: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Small_Enterprise_Design_Profile/SEDP/chap2.html
523. In software-defined
architecture, which place handles switching for traffic through a Cisco router?
§
A. Control
§
B. Management
§
C. Data
§
D. application
Correct Answer: C
524. Refer to the exhibit.
Which IPv6 configuration is required for R17 to successfully ping the WAN
interface on R18?
§
A. Option A
§
B. Option B
§
C. Option C
§
D. Option D
Correct Answer: B
525. Refer to the exhibit.
Between which zones do wireless users expect to experience intermittent
connectivity?
§
A. between zones 1 and 2
§
B. between zones 2 and 5
§
C. between zones 3 and 4
§
D. between zones 3 and 6
Correct Answer: C
Explanation: Zones 3 and 4 both have Channel 11 that
is overlapped.
Zones 3 and 6 do not overlap at all.
526. Which device permits or
denies network traffic based on a set of rules?
§
A. access point
§
B. firewall
§
C. wireless controller
§
D. switch
Correct Answer: B
527. Refer to the exhibit. The
entire MAC address table for SW1 is shown here:
SW1#show
mac-address-table
Mac
Address Table
Vlan
Mac Address Type Ports
000c.8590.bb7d
DYNAMIC Fa0/1
010a.7a17.45bc
DYNAMIC FaO/3
7aa7.4037.8935
DYNAMIC FaO/4
SW1#
What does SW1 do when Br-4
sends a frame to Br-2?
§
A. It inserts the source MAC address and port into the forwarding
table and forwards the frame to Br-2.
§
B. It maps the Layer 2 MAC address for FaO/3 to the Layer 3 IP
address and forwards the frame.
§
C. It performs a lookup in the MAC address table for Br-4 and
discards the frame due to a missing entry.
§
D. It floods the frame out of all ports except on the port where
Br-2 is connected.
Correct Answer: A
