05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions

Type text to search here...

Home > Composite Quiz 102 Questions

Composite Quiz 102 Questions

June 7th, 2020

Result of Composite Quiz 102 Questions:

Total Questions Full Score Passing Rate Your Score Correct Answer Percentage Elapsed
102 1255 80% 575 45.82% 00:40:06

Sorry!

You failed :( but surely you will do it better next time!

If you want to retake this quiz, please press Ctrl + F5 on Windows or press CMD + R on Mac.

Your answers are shown below:

Question 1

Refer to the exhibit.

A network engineer must configure router R1 with a host route to the server. Which command must the engineer configure?

A. R1(config)#ip route 192.168.0.2 255.255.255.255 10.10.10.10

B. R1(config)#ip route 10.10.10.10 255.255.255.255 192.168.0.2
C. R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2
D. R1(config)#ip route 10.10.10.0 255.255.255.0 192.168.0.2

Explanation

A host route is an IPv4 address with a 32-bit mask (255.255.255.255).

Question 2

Refer to the exhibit.

Router1#show ip route

Gateway of last resort is 10.10.11.2 to network 0.0.0 0

209.165.200.0/27 is subnetted, 1 subnets

B 209.165.200.224 [20/0] via 10 10.12.2,03:22:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2, 02:26:33
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:26:03
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.11.0/30 is directly connected, FastEthernet2/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.144/28 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.160/29 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.208/29 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
S* 0.0.0 0/0 [1/0] via 10.10.11.2

What is the subnet mask of the route to the 10.10.13.160 prefix?

A. 255.255.255.128
B. 255.255.255.240
C. 255.255.255.248
D. 255.255.248.0

Explanation

https://www.9tut.com/composite-quiz 1/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
The 10.10.13.160 prefix has subnet mask of /29 which is 255.255.255.248.

Question 3

Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 1324 (which means 13
for first group, 24 for second group).

Please type your answer here: 2413 (correct answer: 1423)

Explanation

Answer:

Global Unicast Address

+ is publicly routable in the same way as IPv4 addresses
+ provides for one-to-one communication

Link-Local Address
+ serves as the next-hop addresses
+ required on all IPv6 devices

Explanation

To be an IPv6-enabled device, a device must have an IPv6 link-local address. The device doesn’t have to have an IPv6 global unicast address, but it must have a
link-local address.

Reference: https://www.ciscopress.com/articles/article.asp?p=2803866&seqNum=4

Question 4

What is the difference regarding reliability and communication type between TCP and UDP?

A. TCP is reliable and is a connectionless protocol; UDP is not reliable and is a connection-oriented protocol
B. TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a connectionless protocol
C. TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol
D. TCP is not reliable and is a connectionless protocol; UDP is reliable and is a connection-oriented protocol

Question 5

Refer to the exhibit.

Traffic sourced from the loopback0 interface is trying to connect via ssh to the host at 10.0.1.15. What is the next hop to the destination address?

A. 192.168.0.7
B. 192.168.0.40
C. 192.168.3.5
D. 192.168.0.4

https://www.9tut.com/composite-quiz 2/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Explanation

10.0.1.0/28 is always preferred over 10.0.1.0/24 because of longest prefix match. 10.0.0.15 belongs to 10.0.1.0/28 subnet so the next hop is 192.168.0.7 (learned via
EIGRP).

Note: Although our destination IP is 10.0.0.1.15 which is the broadcast address of subnet 10.0.1.0/28 in the routing table and we may think that the local router
would not use this route but in fact the router still uses this route.

You can find a good discussion at: https://community.cisco.com/t5/switching/weird-routing-subnet-question/td-p/2362830

"The broadcast is really a concept that is relevant only to a router directly connected to the network whose broadcast address you are referring to. Other routers do
not care at all. As long as the destination IP address of a packet AND the netmask produces the network address in the respective row of the routing table, the packet
is destined for that network so let's forward it there."

Question 6

Which type of network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are
exhausted?

A. reflection
B. amplification
C. teardrop
D. SYN flood

Explanation

A SYN flood (half-open attack) is a type of denial-of-service (DDoS) attack which aims to make a server unavailable to legitimate traffic by consuming all available
server resources. By repeatedly sending initial connection request (SYN) packets, the attacker is able to overwhelm all available ports on a targeted server machine,
causing the targeted device to respond to legitimate traffic sluggishly or not at all.

Question 7

What is a syslog facility?

A. group of log messages associated with the configured severity level

B. host that is configured for the system to send log messages
C. set of values that represent the processes that can generate a log message
D. password that authenticates a Network Management System to receive log messages

Explanation

System logs are the product of a communications protocol (RFC 5424) for transmitting event messages and alerts across an IP network. Facility is defined by the
syslog protocol, and provides a rough clue of where in a system the message originated.

Reference: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/security-analytics/8-2-1/_reference_home/syslog.html

Question 8

Which API is used in controller-based architectures to interact with edge devices?

A. underlay
B. overlay
C. southbound
D. northbound

Explanation

The Southbound API is used to communicate with network devices.

Question 9

Refer to the exhibit. Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?
SW1#show run int gig 0/1
interface GigabitEthernet0/1
switchport access vlan 11
switchport trunk allowed vlan 1-10
switchport trunk encapsulation dot1q

https://www.9tut.com/composite-quiz 3/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
switchport trunk native vlan 5
switchport mode trunk
speed 1000
duplex full

A. The frame is dropped

B. The frame is processed in VLAN 1
C. The frame is processed in VLAN 5
D. The frame is processed in VLAN 11

Question 10

A corporate office uses four floors in a building

* Floor 1 has 24 users
* Floor 2 has 29 users
* Floor 3 has 28 users
* Floor 4 has 22 users

Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?

A. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

B. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor
C. 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor
D. 192.168.0.0/24 as summary and 192.168.0.0/28 for each floor

Explanation

We see the maximum number of user per floor is 29 users (Floor 2) < 32 so the best subnet mask should be 1110 0000 which allows 25 – 2 = 30 hosts per subnet.

Question 11

What provides centralized control of authentication and roaming in an enterprise network?

A. a wireless LAN controller

B. a lightweight access point
C. a firewall
D. a LAN switch

Question 12

In software defined architectures, which plane is distributed and responsible for traffic forwarding?

A. data plane
B. management plane
C. policy plane
D. control plane

Explanation

The Open Networking Foundation identifies three main parts of the Software-defined networking (SDN): Application layer; Control layer and Infrastructure layer.
SDN separates a router’s control plane from the data (forwarding) plane. The control plane makes routing decisions. The data plane forwards data (packets) through
the router. With SDN routing, decisions are made remotely instead of on each individual router.

Question 13

Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)

A. It drops lower-priority packets before it drops higher-priority packets

B. It guarantees the delivery of high-priority packets

https://www.9tut.com/composite-quiz 4/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
C. It can identify different flows with a high level of granularity
D. It can mitigate congestion by preventing the queue from filling up
E. It supports protocol discovery

Explanation

Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers
assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur:

1. The average queue size is calculated.

2. If the average is less than the minimum queue threshold, the arriving packet is queued.
3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or
queued, depending on the packet drop probability for that type of traffic.
4. If the average queue size is greater than the maximum threshold, the packet is dropped.

WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show
signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is
full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be
used fully at all times.

WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower
precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered (-> answer 'It drops lower-priority packets before it
drops higher-priority packets' is correct).

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conavd/configuration/15-mt/qos-conavd-15-mt-book/qos-conavd-cfg-wred.html

Question 14

Drag and drop the wireless standards from the left onto the number of nonoverlapping channels they support on the right.

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 13425 (which means 134
for first group, 25 for second group).
Please type your answer here: 12 (correct answer: 23415)

Question 15

Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?

A. active
B. auto
C. passive
D. mode on

Explanation

From the neighbor status, we notice the “Flags” are SP. “P” here means the neighbor is in Passive mode. In order to create an Etherchannel interface, the (local) SW1
ports should be in Active mode. Moreover, the “Port State” in the exhibit is “0x3c” (which equals to “00111100″ in binary format). Bit 3 is “1” which means the
ports are synchronizing -> the ports are working so the local ports should be in Active mode.

Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/consolidated_guide/command_reference/b_consolidated_3650_3se_cr/b_consol

Comments (17)
https://www.9tut.com/composite-quiz 5/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions

Question 16

A network engineer must migrate a router loopback interface to the IPv6 address space. If the current IPv4 address of the interface is 10.54.73.1/32, and
the engineer configures IPv6 address 0:0:0:0:0:ffff:a36:4901, which prefix length must be used?

A. /64
B. /128
C. /96
D. /124

Explanation

IPv4 Mapped Address – 0:0:0:0:0:FFFF::/96

The format for IPv4 Mapped address has the first 80 bits set to zeros, followed by the next 16 bits set to all ones and finally, the last 32 bits written in dotted decimal
appended to then end forming 128 bit IPv6 address.

An example of an IPv4 Class A address of 12.155.166.101 would look like this in IPv4 Mapped address 0000:0000:0000:0000:0000:FFFF:12.155.166.101 or
::FFFF:12.155.166.101 in IPv6’s short form.

But in this question we are migrate a /32 IP address to IPv6 so the IPv6 address should be /128.

We can see a similar conversion at this link: https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html

– To specify the IPv4 address 192.0.2.44, enter 192.0.2.44/32.

– To specify the IPv6 address 0:0:0:0:0:ffff:c000:22c, enter 0:0:0:0:0:ffff:c000:22c/128.

Question 17

What is the operating mode and role of a backup port on a shared LAN segment in Rapid PVST+?

A. forwarding mode and provides the lowest-cost path to the root bridge for each VLAN
B. blocking mode and provides an alternate path toward the designated bridge
C. listening mode and provides an alternate path toward the root bridge
D. learning mode and provides the shortest path toward the root bridge handling traffic away from the LAN

Explanation

An alternate port and a backup port are in a blocking state (or discarding state) to prevent loops.

Reference: https://www.ciscopress.com/articles/article.asp?p=2832407&seqNum=4

Question 18

When deploying a new network that includes both Cisco and third-party network devices, which redundancy protocol avoids the interruption of network
traffic if the default gateway router fails?

A. HSRP
B. FHRP
C. VRRP
D. GLBP

Explanation

Only VRRP is an open standard protocol.

Question 19

Which two transport layer protocols carry syslog messages? (Choose two)

A. ARP

https://www.9tut.com/composite-quiz 6/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
B. RTP
C. TCP
D. UDP
E. IP

Explanation

In case of logging significant events, the syslog messages needs to be transported over a reliable channel for it to be stored safely in a server. Usually syslog
messages are transported using UDP protocol to the server which is not reliable. This calls for the need for a reliable transport protocol like TCP to transfer the
messages to the syslog server.

Reference: https://support.citrix.com/article/CTX205824/how-to-enable-syslog-over-tcp-in-adc

Question 20

Drag and drop the IPv6 address type characteristics from the left to the right.

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 1423 (which means 14
for first group, 23 for second group).
Please type your answer here: 2314

Explanation

A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the
global Internet.

Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private IP addresses in IPv4 but now they are deprecated.

Link-local addresses only used for communications within the local subnet. It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit
interface identifier (based on 48-bit MAC address).

Question 21

Refer to the exhibit.

The link between PC1 and the switch is up, but it is performing poorly. Which interface condition is causing the performance problem?

A. There is a duplex mismatch on the interface

B. There is an interface type mismatch
C. There is an issue with the fiber on the switch interface
D. There is a speed mismatch on the interface

Question 22

Which configuration is needed to generate an RSA key for SSH on a router?

A. Configure VTY access

B. Create a user with a password
C. Configure the version of SSH

https://www.9tut.com/composite-quiz 7/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
D. Assign a DNS domain name

Explanation

In order to generate an RSA key for SSH, we need to configure the hostname and a DNS domain name on the router (a username and password is also required).
Therefore in fact both answer 'Create a user with a password' and answer 'Assign a DNS domain name' are correct.

Question 23

Which switch technology establishes a network connection immediately when it is plugged in?

A. UplinkFast
B. BPDU guard
C. PortFast
D. BackboneFast

Explanation

Portfast is often configured on switch ports that connect to hosts. Interfaces with Portfast enabled will go to forwarding state immediately without passing the
listening and learning state. Therefore it can save about 30 to 45 seconds to transition through these states.

UplinkFast is a Cisco specific feature that improves the convergence time of the Spanning-Tree Protocol (STP) in the event of the failure of an uplink.

Question 24

What is the difference between IPv6 unicast and anycast addressing?

A. IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration
B. Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes
C. An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of interfaces on
multiple nodes.
D. IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration

Question 25

What are two descriptions of three-tier network topologies? (Choose two)

A. The access layer manages routing between devices in different domains

B. The core and distribution layers perform the same functions
C. The core layer maintains wired connections for each host
D. The network core is designed to maintain continuous connectivity when devices fail
E. The distribution layer runs Layer 2 and Layer 3 technologies

Question 26

What is the purpose of the ip address dhcp command?

A. to configure an interface as a DHCP relay

B. to configure an interface as a DHCP client
C. to configure an interface as a DHCP helper
D. to configure an interface as a DHCP server

Explanation

Use the ip address dhcp command to obtain IP address information for the configured interface.

Question 27

Refer to the exhibit. What commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?

SW1:
SW2:
interface Ethernet0/0
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport trunk encapsulation dot1q
R1 switchport mode trunk
switchport mode trunk
interface Ethernet0/0 !
!
no ip address interface Ethernet0/1
interface Ethernet0/2
switchport trunk allowed vlan 10
switchport access vlan 20
switchport trunk encapsulation dot1q
switchport mode access
switchport mode trunk
A. R1 (config)#interface ethernet0/0
R1(config)#ip address 10.20.20.1 255.255.255.0

https://www.9tut.com/composite-quiz 8/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
B. R1 (config)#interface ethernet0/0
R1 (config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
C. R1 (config)#interface ethernet0/0.20
R1 (config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
D. R1 (config)#interface ethernet0/0.20
R1(config)#ip address 10.20.20.1 255.255.255.0

Question 28

Refer to the exhibit.

An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence must be configured?

A. interface gigabitethernet0/0
ip address 10.0.1.1 255.255.255.0
ip ospf priority 255
B. interface gigabitethernet0/0
ip address 10.0.0.34 255.255.255.224
ip ospf priority 100
C. interface gigabitethernet0/0
ip address 10.0.0.34 255.255.255.248
ip ospf priority 0
D. interface gigabitethernet0/0
ip address 10.0.1.1 255.255.255.224
ip ospf priority 98

Explanation

The OSPF priority of R1 is 99 so we have to set the OSPF priority to a higher value. Also the IP address must be 10.0.0.34/27.

Question 29

Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?

A. shaping
B. policing
C. marking
D. classification

Question 30

What is a benefit of VRRP?

A. It allows neighbors to share routing table information between each other.

B. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.
C. It provides traffic load balancing to destinations that are more than two hops from the source.
D. It provides the default gateway redundancy on a LAN using two or more routers.

Question 31

A packet is destined for 10.10.1.22. Which static route does the router choose to forward the packet?

A. ip route 10.10.1.20 255.255.255.252 10.10.255.1

B. ip route 10.10.1.0 255.255.255.240 10.10.255.1
C. ip route 10.10.1.20 255.255.255.254 10.10.255.1
D. ip route 10.10.1.16 255.255.255.252 10.10.255.1

https://www.9tut.com/composite-quiz 9/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Explanation

The subnet 10.10.1.20/30 covers the destination 10.10.1.22 as this subnet ranges from 10.10.1.20 to 10.10.1.23 so it is the correct answer.

Question 32

Two switches have been implemented and all interfaces are at the default configuration level. A trunk link must be implemented between two switches with
these requirements:
+ using an industry-standard trunking protocol
+ permitting VLANs 1-10 and denying other VLANs

How must the interconnecting ports be configured?

A. switchport mode trunk

switchport trunk encapsulation dot1q
switchport trunk allowed vlans 1-10
B. switchport mode trunk
switchport trunk allowed vlans 1-10
switchport trunk native vlan 11
C. switchport mode dynamic
channel-protocol lacp
switchport trunk allowed vlans 1-10
D. switchport mode dynamic desirable
channel-group 1 mode desirable
switchport trunk encapsulation isl
switchport trunk allowed vlan except 11-4094

Explanation

"Using an industry-standard trunking protocol" so we have to use 802.1Q, not ISL.

Question 33

Refer to the exhibit. What action establishes the OSPF neighbor relationship without forming an adjacency?

A. modify process ID
B. modify priority
C. modify hello interval
D. modify network type

Explanation

In this question, R1 & R2 will not establish OSPF neighbor relationship because the hello & dead intervals are not the same.
If we modify the hello & dead intervals to the same values then R1 & R2 will become OSPF neighbors. But they will establish OSPF adjacency too.

Answer 'modify process ID' is not correct as the process ID is only locally significant.

Answer 'modify hello interval' is partially correct as we need to change both “hello and dead” interval, not “hello” interval only.

Answer 'modify priority' is a good answer because if we change both the priorities to 0 then they cannot elect DR/BDR so the adjacency cannot be complete.

Answer 'modify network type' is a good answer too because if we change one of the network type to “point to point” then OSPF neighbor relationship can still come
up but adjacency cannot (no routes are getting exchanged).

But two good answers are only correct after fixing the hello & dead intervals to the same value (so that OSPF neighbor relationship can come up) so answer 'modify
hello interval' should be the best choice here.

Note:

https://www.9tut.com/composite-quiz 10/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Neighbors
Routers that share a common segment become neighbors on that segment. Neighbors are elected via the Hello protocol. Hello packets are sent periodically out of
each interface using IP multicast (Appendix B). Routers become neighbors as soon as they see themselves listed in the neighbor’s Hello packet.

Two routers will become neighbors if they agree on the following: Same Area ID, same authentication (if used), same hello & dead intervals, same subnet mask
and same stub area flag.

Adjacencies
Adjacency is the next step after the neighboring process. Adjacent routers are routers that go beyond the simple Hello exchange and proceed into the database
exchange process.

The adjacency building process takes effect after multiple stages have been fulfilled. Routers that become adjacent will have the exact link-state database. The states
an interface passes through before becoming adjacent to another router are: Down -> Attempt (optional) -> Init -> 2-Way -> Exstart -> Exchange -> Loading ->
Full.

At Full state the adjacency is complete.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html#t22

-> Two OSPF neighbors do not exchange any routing information – the only packets they exchange is Hello packets.

Adjacencies on Point-to-Point Interfaces

OSPF will always form an adjacency with the neighbor on the other side of a point-to-point interface such as point-to-point serial lines. There is no concept of DR or
BDR. The state of the serial interfaces is point to point.

Question 34

Refer to exhibit. The loopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host routes
must be configured on the NEW York router? (Choose two)

Configured interfaces:

New York:
Atlanta: Washington:
S0/0/0: 2012::2/126
S0/0/0: 2012::1/126 S0/0/0: 2023::3/126
S0/0/1: 2023::2/126
Loopback1: 2000::1/128 Loopback3: 2000::3/128
Loopback2:2000::2/128
A. ipv6 route 2000::1/128 s0/0/1
B. ipv6 route 2000::3/128 2023::3
C. ipv6 route 2000::3/128 s0/0/0
D. ipv6 route 2000::1/128 2012::2
E. ipv6 route 2000::1/128 2012::1

Explanation

The short syntax of static IPv6 route is:

ipv6 route <destination-IPv6-address> {next-hop-IPv6-address | exit-interface}

Therefore if we use the destination-IPv6-address, we have to specify the IPv6 address of the remote (next-hop) router, not the local IPv6 address. If we use the exit-
interface, we have to use the local exit-interface, not remote interface.

In this question, we have to suppose that all IPv6 addresses of Atlanta ends with .1 and Washington ends with .3

Please notice that this question asks about the command used on NEW York router so answer "ipv6 route 2000::1/128 2012::1" is used to reach Atlanta router while
answer "ipv6 route 2000::3/128 2023::3" is used to reach Washington router.

Question 35

What occurs when overlapping Wi-Fi channels are implemented?

A. Users experience poor wireless network performance

B. The wireless network becomes vulnerable to unauthorized access
C. Wireless devices are unable to distinguish between different SSIDs
D. Network communications are open to eavesdropping

Question 36

Which command must you enter to guarantee that an HSRP router with higher priority becomes the HSRP primary router after it is reloaded?

A. standby 10 priority 150

B. standby 10 version 1
C. standby 10 version 2

https://www.9tut.com/composite-quiz 11/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
D. standby 10 preempt

Explanation

The “preempt” command enables the HSRP router with the highest priority to immediately become the active router.

Question 37

Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right.

Note: You just need to click on one of the boxes on the right to match it with the corresponding box on the left.

show snmp group displays information about the SNMP recipient

show snmp community displays the SNMP server serial number
show snmp chassis displays the SNMP security model in use
show snmp engineID displays the SNMP access string
show snmp host displays the IP address of the remote SNMP device

Explanation

+ show snmp group: displays the SNMP security model in use

+ show snmp community: displays the SNMP access string
+ show snmp chassis: displays the SNMP server serial number
+ show snmp engineID: displays the IP address of the remote SNMP device
+ show snmp host: displays information about the SNMP recipient

The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each
group. Below is an example of this command.

The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following
example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, 171.69.37.61 as the IP address
of the remote engine (copy of SNMP) and 162 as the port from which the remote device is connected to the local device:

Router# show snmp engineID

Local SNMP engineID: 00000009020000000C025808
Remote Engine ID IP-addr Port
123456789ABCDEF000000000 171.69.37.61 162

The “show snmp community” command display the SNMP community strings configured on the switch.

switch# show snmp community

Community Group / Access context acl_filter
--------- -------------- ------- ----------
public network-admin
switch#

The “show snmp host” command displays details such as IP address of the Network Management System (NMS), notification type, SNMP version, and the port
number of the NMS. The following is sample output from the show snmp host command.

Router# show snmp host

Notification host: 10.2.28.6 udp-port: 162 type: inform
user: public security model: v2c
traps: 00001000.00000000.00000000

The “show snmp chassis” command displays the SNMP server serial number. The output is self-explanatory.
Router# show snmp chassis
01506199

Question 38

Which Cisco IOS command will indicate that interface GigabitEthernet 0/0 is configured via DHCP?

A. show ip interface GigabitEthernet 0/0

B. show interface GigabitEthernet 0/0
C. show ip interface dhcp
D. show ip interface GigabitEthernet 0/0 dhcp
E. show ip interface GigabitEthernet 0/0 brief

Question 39

Match the functions to the corresponding layers. (Not all options are used)

https://www.9tut.com/composite-quiz 12/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions

Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 135724 (which means 13
for first group, 57 for second group and 24 for the last group)

Please type your answer here: 25252 (correct answer: 354617)

Explanation

A typical enterprise hierarchical LAN campus network design includes the following three layers:
+ Access layer: Provides workgroup/user access to the network
+ Distribution layer: Provides policy-based connectivity and controls the boundary between the access and core layers
+ Core layer: Provides fast transport between distribution switches within the enterprise campus

Reference: https://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=4

Question 40

Which of the following dynamic routing protocols are Distance Vector routing protocols? (Choose two)

A. OSPF
B. EIGRP
C. BGP
D. RIP
E. IS-IS

Question 41

Refer to the exhibit.

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Null0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.0.12.0/24 is directly connected, GigabitEthernet0/1
L 10.0.12.1/32 is directly connected, GigabitEthernet0/1
C 10.0.13.0/24 is directly connected, GigabitEthernet0/2
L 10.0.13.1/32 is directly connected, GigabitEthernet0/2
C 10.0.14.0/24 is directly connected, GigabitEthernet0/3
L 10.0.14.1/32 is directly connected, GigabitEthernet0/3
D 192.168.0.0/16 [90/130816] via 10.0.13.3, 00:10:09, GigabitEthernet0/2
O 192.168.0.0/23 [110/2] via 10.0.14.4, 00:00:46, GigabitEthernet0/3
S 192.168.0.0/24 [100/0] via 10.0.12.2

Which interface is chosen to forward traffic to the host at 192.168.0.55?

A. GigabitEthernet0/1
B. GigabitEthernet0/2
C. Null0
D. GigabitEthernet0/3

Explanation

The best match for the destination host 192.168.0.55 is the last statement in the output. But the exit interface of this entry has been hidden so we have to figure it out.
We only know the next hop IP address is 10.0.12.2.

We see only Gi0/1 belongs to this subnet from the entry “C 10.0.12.0/24 is directly connected, GigabitEthernet0/1″ so the best answer is Gi0/1.

Question 42

https://www.9tut.com/composite-quiz 13/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Which signal frequency appears 60 times per minute?
A. 60 Hz signal
B. 1 GHz signal
C. 1 Hz signal
D. 60 GHz signal

Explanation

“60 times per minutes” means “60 times per 60 seconds”.

Frequency of 1 Hz implies to 1 complete vibration per second. This means, 60 complete vibrations in 60 second, or, in 1 minute.

Question 43

An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router and wants to
compress it for easier configuration. Which command must be issued on the router interface?

A. ipv6 address 2001:Odb8::7:3:4F:572B

B. ipv6 address 2001:db8:0::700:3:4F:572B
C. ipv6 address 2001::db8:0000::700:3:400F:572B
D. ipv6 address 2001:db8::700:3:400F:572B

Question 44

What are two differences between WPA2 and WPA3 wireless security? (Choose two)

A. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption
B. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption
C. WPA3 uses AES for stronger protection than WPA2, which uses TKIP
D. WPA3 uses AES for stronger protection than WPA2, which uses SAE
E. WPA3 uses SAE for stronger protection than WPA2, which uses AES

Explanation

WPA3 provides improvements to the general Wi-Fi encryption, thanks to Simultaneous Authentication of Equals (SAE) replacing the Pre-Shared Key (PSK)
authentication method used in prior WPA versions -> Answer 'WPA3 uses AES for stronger protection than WPA2, which uses SAE' and answer 'WPA3 uses AES
for stronger protection than WPA2, which uses TKIP' are not correct.

Reference: https://www.networkworld.com/article/3316567/what-is-wpa3-wi-fi-security-protocol-strengthens-connections.html

Most WPA2 implementations use 128-bit AES encryption keys. In WPA3, longer key sizes – the equivalent of 192-bit security – are mandated only for WPA3-
Enterprise -> Answer 'WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption' is not correct.

WPA3-Enterprise supports 128-bit Advanced Encryption Standard Counter Mode with Cipher Block Chaining Message Authentication (AES-CCMP 128) as the
minimum requirement. It also offers an optional mode using 192-bit encryption.

Question 45

Which two conditions must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)

A. IP routing must be enabled on the switch

B. Telnet must be disabled on the switch
C. The ip domain-name command must be configured on the switch
D. The switch must be running a k9 (crypto) IOS image
E. A console password must be configured on the switch

Question 46

When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)

A. 2000::/3
B. FF02::2
C. FF02::1
D. FC00::/7
E. 2002::5

Explanation

When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all-
node group is used to communicate with all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer address resolution. Routers
also join a third multicast group, the all-routers group (FF02::2).

Question 47

Which two characteristics are representative of virtual machines (VMs)? (Choose two)

A. Each VMs operating system depends on its hypervisor.

https://www.9tut.com/composite-quiz 14/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
B. multiple VMs operate on the same underlying hardware.
C. A VM on a hypervisor is automatically interconnected to other VMs.
D. Each VM runs independently of any other VM in the same hypervisor.
E. A VM on an individual hypervisor shares resources equally.

Question 48

How do TCP and UDP differ in the way that they establish a connection between two endpoints?

A. TCP uses the three-way handshake and UDP does not guarantee message delivery
B. UDP provides reliable message transfer and TCP is a connectionless protocol
C. UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK and ACK bits
D. TCP uses synchronization packets, and UDP uses acknowledgment packets

Question 49

What are two benefits of using the PortFast feature? (Choose two)

A. Enabled interfaces come up and move to the forwarding state immediately

B. Enabled interfaces that move to the learning state generate switch topology change notifications
C. Enabled interfaces are automatically placed in listening state
D. Enabled interfaces wait 50 seconds before they move to the forwarding state
E. Enabled interfaces never generate topology change notifications.

Explanation

Portfast does two things for us:

+ Interfaces with portfast enabled that come up will go to forwarding mode immediately, the interface will skip the listening and learning state.
+ A switch will never generate a topology change notification for an interface that has portfast enabled.

Question 50

Why does a switch flood a frame to all ports?

A. The source and destination MAC addresses of the frame are the same
B. The frame has zero destination MAC addresses
C. The destination MAC address of the frame is unknown
D. The source MAC address of the frame is unknown

Explanation

If the destination MAC address is not in the CAM table (that is, unknown unicast), the switch sends the frame out all other ports that are in the same VLAN as the
received frame. This is called flooding. It does not flood the frame out the same port on which the frame was received.

Question 51

Refer to the exhibit.

Local access for R4 must be established and these requirements must be met:
– Only Telnet access is allowed.
– The enable password must be stored securely.
– The enable password must be applied in plain text
– Full access to R4 must be permitted upon successful login

Which configuration script meets the requirements?

Option A Option B

! conf t
conf t !
! username test1 password testpass1
username test1 password testpass1 enable secret level 15 0 Test123
enable password level 1 7 Test123 !
! line vty 0 15
line vty 0 15 login local
transport input telnet
https://www.9tut.com/composite-quiz 15/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
accounting exec default
transport input all

Option C
Option D
!
!
config t
config t
!
!
username test1 password testpass1
username test1 password testpass1
enable secret level 1 0 Test123
enable password level 15 0 Test123
!
!
line vty 0 15
line vty 0 15
login authentication
password Test123
password Test123
transport input all
transport input telnet

A. Option A
B. Option B
C. Option C
D. Option D

Explanation

“Only Telnet access is allowed” -> Only Option B and Option C are correct.

In fact the “login authentication” command in Option C can only be used when AAA is enabled (with the command “aaa new-model”). And we cannot use the “login
authentication” without specifying an authentication list:

Therefore only option B is left. But in fact option B is not totally correct as “Full access to R4 must be permitted upon successful login” but in option B we have to
type the secret password to have full access to R4 after logging in (with username “test1” and password “testpass1”).

Question 52

Which technology must be implemented to configure network device monitoring with the highest security?

A. IP SLA
B. syslog
C. NetFlow
D. SNMPv3

Explanation

SNMPv3—The most up-to-date protocol focuses on security. SNMPv3 defines a security model, user-based security model (USM), and a view-based access control
model (VACM). SNMPv3 USM provides data integrity, data origin authentication, message replay protection, and protection against disclosure of the message
payload.

Reference: https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/network-monitoring-by-using-snmp.html

Question 53

Refer to the exhibit. How does router R1 handle traffic to 192.168.12.16?

EIGRP: 192.168.12.0/24
RIP: 192.168.12.0/27
OSPF: 192.168.12.0/26
A. It selects the OSPF route because it has the lowest cost
B. It selects the EIGRP route because it has the lowest administrative distance
C. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address
D. It selects the RIP route because it has the longest prefix inclusive of the destination address

Question 54

Which action does the router take as it forwards a packet through the network?

A. The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC
address as the destination
B. The router encapsulates the source and destination IP addresses with the sending router IP address as the source and the neighbor IP address
as the destination
C. The router replaces the source and destination labels with the sending router interface label as a source and the next hop router label as a destination
D. The router encapsulates the original packet and then includes a tag that identifies the source router MAC address and transmit transparently to the
destination

https://www.9tut.com/composite-quiz 16/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Explanation

While transferring data through many different networks, the source and destination IP addresses are not changed. Only the source and destination MAC addresses
are changed.

Question 55

What role does a hypervisor provide for each virtual machine in server virtualization?

A. software-as-a-service
B. services as a hardware controller
C. control and distribution of physical resources
D. infrastructure-as-a-service

Explanation

Each virtual machine has its own set of virtual hardware (RAM, CPU, NIC) upon which an operating system and fully configured applications are loaded. The
operating system sees a consistent, normalized set of hardware regardless of the actual physical hardware components.

Question 56

A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router R2 GigabitEthernet1/1 interface. For the
configuration to be applied the engineer must compress the address 2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be issued on the
interface?

A. ipv6 address 2001:db8::500:a:400F:583B

B. ipv6 address 2001:0db8::5:a:4F:583B
C. ipv6 address 2001 db8:0::500:a:4F:583B
D. ipv6 address 2001::db8:0000::500:a:400F:583B

Question 57

Refer to the exhibit.

Between which zones do wireless users expect to experience intermittent connectivity?

A. between zones 3 and 6

B. between zones 1 and 2
C. between zones 3 and 4
D. between zones 2 and 5

Explanation

The 2.4 GHz band is subdivided into multiple channels each allotted 22 MHz bandwidth and separated from the next channel by 5 MHz.
-> A best practice for 802.11b/g/n WLANs requiring multiple APs is to use non-overlapping channels such as 1, 6, and 11.

https://www.9tut.com/composite-quiz 17/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
If you use channels that overlap, RF interference can occur.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-connectivity.html

If other Wi-Fi sources such as neighboring wireless access points are using the same wireless channel, this may cause intermittent connectivity issues.

Reference: https://arris.secure.force.com/consumers/articles/General_FAQs/SBG8300-Troubleshooting-Intermittent-Wi-Fi-Connections/?
l=en_US&fs=RelatedArticle

In this question, both Zone 3 & Zone 4 use Channel 11 so interference can occur.

Question 58

A network engineer is upgrading a small data center to host several new applications, including server backups that are expected to account for up to 90%
of the bandwidth during peak times. The data center connects to the MPLS network provider via a primary circuit and a secondary circuit. How does the
engineer inexpensively update the data center to avoid saturation of the primary circuit by traffic associated with the backups?

A. Advertise a more specific route for the backup traffic via the secondary circuit.
B. Assign traffic from the backup servers to a dedicated switch.
C. Configure a dedicated circuit for the backup traffic.
D. Place the backup servers in a dedicated VLAN.

Explanation

Answer 'Place the backup servers in a dedicated VLAN' is not correct as a dedicated VLAN does not affect how the traffic goes. It only helps separate Layer 2 traffic
at the data center side.

Answer 'Configure a dedicated circuit for the backup traffic' and answer 'Assign traffic from the backup servers to a dedicated switch' are not correct as using a
dedicated circuit and dedicated switch are expensive.

Only answer 'Advertise a more specific route for the backup traffic via the secondary circuit' is left and this solution is “inexpensive”. By routing a group of
customer to use the secondary circuit we can avoid saturation of the primary circuit during the peak times.

Question 59

Which IPv6 address range is suitable for anycast addresses for distributed services such DHCP or DNS?

A. FE80::1/10
B. FF00:1/12
C. 2001:db8:0234:ca3e::1/128
D. 2002:db84:3f37:ca98:be05:8/64

Explanation

FF00::/8 range is used for IPv6 multicast -> The first octet is FF (1111 1111) -> Answer 'FF00:1/12' is not correct.

FE80::/10 is link-local address -> Answer 'FE80::1/10' is not correct.

The 2002::/16 prefix is used for 6to4, which requires the next 32 bits (after the 16 bit prefix) to be a global unicast IPv4 address -> Answer
'2002:db84:3f37:ca98:be05:8/64' is not correct.

Note: Anycast addresses are syntactically indistinguishable from unicast addresses, because anycast addresses are allocated from the unicast address space.
Assigning a unicast address to more than one interface makes a unicast address an anycast address. Nodes to which the anycast address is assigned must be explicitly
configured to recognize that the address is an anycast address.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3se/5700/ip6-anycast-add-xe.html

Question 60

Which channel-group mode must be configured when multiple distribution switch interfaces connected to a WLC are bundled?

A. channel-group mode passive

B. channel-group mode active
C. channel-group mode desirable
D. channel-group mode on

Explanation

Cisco Wireless LAN Controller Configuration Guide, Release 7.4

Link aggregation (LAG) is a partial implementation of the 802.3ad port aggregation standard. It bundles all of the controller’s distribution system ports into a single
802.3ad port channel. This reduces the number of IP addresses required to configure the ports on your controller. When LAG is enabled, the system dynamically
manages port redundancy and load balances access points transparently to the user.

LAG requires the EtherChannel to be configured for ‘mode on’ on both the controller and the Catalyst switch.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010100001.html

Question 61

How can the Cisco Discovery Protocol be used?

https://www.9tut.com/composite-quiz 18/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
A. to determine the IP addresses of connected Cisco devices
B. to determine the hardware platform of the device
C. to allow a switch to discover the devices that are connected to its ports
D. all of the above

Question 62

Which WAN topology has the highest degree of reliability?

A. full mesh
B. hub-and-spoke
C. router-on-a-stick
D. Point-to-point

Explanation

Full-mesh is a network topology in which there is a direct link between all pairs of nodes. Below is an example of full-mesh topology.

Question 63

Refer to the exhibit.

Gateway of last resort is 172.16.2.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

10.10.100.0/26 is directly connected, GigabitEthernet0/0/6
C 10.10.10.0/24 is directly connected, GigabitEthernet0/0/0
L 10.10.10.3/32 is directly connected, GigabitEthernet0/0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.16.1.33/32 is directly connected, GigabitEthernet0/0/1
C 172.16.2.0/23 is directly connected, GigabitEthernet0/0/1
L 172.16.2.1/32 is directly connected, GigabitEthernet0/0/1
S* 0.0.0.0/0 [1/0] via 172.16.2.2

A packet sourced from 10.10.10.32 is destined for the Internet. What is the administrative distance for the destination route?

A. 2
B. 1
C. 0
D. 32

Explanation

There is a trick in this question. It says the "source", not the destination of the packet is 10.10.10.32 but this information is not useful for finding the destination
route. This packet is destined for the Internet (with unknown destination) so it will match the default static route, which is the last entry "S* 0.0.0.0/0 [1/0] via
172.16.2.2". This entry has the Administrative Distance of 1.

Question 64

What is a practice that protects a network from VLAN hopping attacks?

A. Implement port security on internet-facing VLANs

B. Change native VLAN to an unused VLAN ID
C. Enable dynamic ARP inspection
D. Configure an ACL to prevent traffic from changing VLANs

Explanation

VLAN Hopping: By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing
Layer 3 security measures. VLAN hopping can be accomplished by switch spoofing or double tagging. One of a popular type of VLAN Hopping is

Double-Tagging attack:

https://www.9tut.com/composite-quiz 19/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and
the second matches the VLAN of a host it wants to attack (VLAN 20).

When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed.
Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards
out to the Victim computer.

Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker. In other words, this attack is only successful if the
attacker belongs to the native VLAN of the trunk link. Another important point is, this attack is strictly one way as it is impossible to encapsulate the return packet.

To mitigate this type of attack, we can use VLAN access control lists (VACLs, which applies to all traffic within a VLAN. We can use VACL to drop attacker traffic
to specific victims/servers); or implement Private VLANs; or keep the native VLAN of all trunk ports different from user VLANs.

Question 65

Which goal is achieved by the implementation of private IPv4 addressing on a network?

A. allows communication across the Internet to other private networks

B. allows servers and workstations to communicate across public network boundaries
C. provides a reduction in size of the forwarding table on network routers
D. provides an added level of protection against Internet exposure

Question 66

R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

A. route with the next hop that has the highest IP

B. route with the lowest cost
C. route with the shortest prefix length
D. route with the lowest administrative distance

Question 67

An engineer is configuring SSH version 2 exclusively on the R1 router. What is the minimum configuration required to permit remote management using
the cryptographic protocol?

Option A Option B
hostname R1 hostname R1
ip domain name cisco crypto key generate rsa general-keys modulus 1024
crypto key generate rsa general-keys modulus 1024 username cisco privilege 15 password 0 cisco123
username cisco privilege 15 password 0 cisco123 ip ssh version 2
ip ssh version 2 line vty 0 15
line vty 0 15 transport input all
transport input all login local
login local

Option C Option D

hostname R1 hostname R1
service password-encryption ip domain name cisco
crypto key generate rsa general-keys modulus 1024 crypto key generate rsa general-keys modulus 1024
username cisco privilege 15 password 0 cisco123 username cisco privilege 15 password 0 cisco123
ip ssh version 2 ip ssh version 2
line vty 0 15 line vty 0 15
transport input ssh transport input ssh
login local login local

A. Option A
B. Option B
C. Option C
D. Option D

Explanation

This question said “configuring SSH version 2 exclusively” so only SSHv2 should be configured to remote access to this router -> We must use the command
“transport input ssh”, not “transport input all” (which includes Telnet) -> Only Option C and Option D are correct.

We must create a domain-name too for SSH to work with the command “ip domain-name …” -> Only Option D is correct.

Note: There is a typo in this question in the command “ip domain name …”. It should be “ip domain-name …” instead.

Question 68

Refer to the exhibit. An engineer must add a subnet for a new office that will add 20 users to the network. Which IPv4 network and subnet mask
combination does the engineer assign to minimize wasting addresses?

https://www.9tut.com/composite-quiz 20/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions

A. 10.10.225.32 255.255.255.224
B. 10.10.225.48 255.255.255.240
C. 10.10.225.32 255.255.255.240
D. 10.10.225.48 255.255.255.224

Explanation

We need a subnet with 20 users so we need 5 bits 0 in the subnet mask as 25 – 2 = 30 > 20. Therefore the subnet mask should be /27 (with last octet is 1110 0000 in
binary). The increment is 32 so the valid network address is 10.10.225.32.

Question 69

Refer to the exhibit.

Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
S 10.0.0.0/8 is directly connected, GigabitEthernet0/0
C 10.1.1.0/24 is directly connected, GigabitEthernet0/0
L 10.1.1.1/32 is directly connected, GigabitEthernet0/0
S 10.10.0.0/22 is directly connected, GigabitEthernet0/0
S 10.10.10.0/28 is directly connected, GigabitEthernet0/0
S 10.10.10.1/32 is directly connected, GigabitEthernet0/0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0

Which IP route command created the best path for a packet destined for 10.10.10.3?

A. ip route 10.10.10.0 255.255.255.240 g0/0

B. ip route 10.10.10.1 255.255.255.255 g0/0
C. ip route 10.10.0.0 255.255.252.0 g0/0
D. ip route 10.0.0.0 255.0.0.0 g0/0

Explanation

The static routes here were configured as "directly connected static routes" (only exit interfaces were configured, not the next-hop IP address) so we see the line "is
directly connected".

All four answers of this question were configured and generated the output as shown in the exhibit. This question asks which command created the best path for
packet destined to 10.10.10.3 so the correct one is answer "ip route 10.10.10.0 255.255.255.240 g0/0".

Question 70

Which WPA mode uses PSK authentication?

A. Enterprise
B. Local
C. Client
D. Personal

Explanation

Both versions of Wi-Fi Protected Access (WPA/WPA2) can be implemented in either of two modes:
+ Personal or Pre-Shared Key (PSK) Mode: This mode is appropriate for most home networks—but not business networks. You define an encryption passphrase
on the wireless router and any other access points (APs). Then the passphrase must be entered by users when connecting to the Wi-Fi network.

Though this mode seems very easy to implement, it actually makes properly securing a business network nearly impossible. Unlike with the Enterprise mode,
wireless access can’t be individually or centrally managed. One passphrase applies to all users. If the global passphrase should need to be changed, it must be
manually changed on all the APs and computers. This would be a big headache when you need to change it; for instance, when an employee leaves the company or
when any computers are stolen or compromised. Unlike with the Enterprise mode, the encryption passphrase is stored on the computers. Therefore, anyone on the
computer—whether it be employees or thieves—can connect to the network and also recover the encryption passphrase.

Reference: https://www.ciscopress.com/articles/article.asp?p=1576225

Question 71

Which SDN plane forwards user-generated traffic?

A. control plane
B. management plane
C. data plane
D. policy plane

Question 72

What is the purpose of the Cisco DNA Center controller?

https://www.9tut.com/composite-quiz 21/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
A. to provide Layer 3 services to autonomous access points
B. to scan a network and generate a layer 2 network diagram
C. to secure physical access to a data center
D. to securely manage and deploy network devices

Question 73

An engineer needs to add an old switch back into a network. To prevent the switch from corrupting the VLAN database which action must be taken?

A. Add the switch with DTP set to desirable

B. Add the switch in the VTP domain with a higher revision number
C. Add the switch in the VTP domain with a lower revision number
D. Add the switch with DTP set to dynamic desirable

Explanation

If you add a higher revision number switch to the network then all other switches in the current network will learn from the newly added one. And all current VLAN
databases will be overwritten.

Question 74

An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1
The route must be reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?

A. R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1

B. R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
C. R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
D. R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1

Question 75

Drag and drop the IPv6 address types from the left onto their description on the right.

Note: You just need to click on one of the boxes on the right to match it with the corresponding box on the left.

multicast address used only locally within the site FE80::abcf:ffff:12de:3992

address that is automatically created on a link when IPv6 is enabled on an interface 2001:DB8::bced:1234:456d:aacc
address that is prohibited from routing to the Internet FF05::23:becf:22:1111
address that is unique and reserved for documentation purposes FD00:0000:0000:1a2d:a153:3992:a19d:ccca

Explanation

Answer:

+ multicast address used only locally within the site: FF05::23:becf:22:1111

+ address that is automatically created on a link when IPv6 is enabled on an interface: FE80::abcf:ffff:12de:3992
+ address that is prohibited from routing to the Internet: FD00:0000:0000:1a2d:a153:3992:a19d:ccca
+ address that is unique and reserved for documentation purposes: 2001:DB8::bced:1234:456d:aacc

Explanation

FF00::/8 range is used for IPv6 multicast -> The first octet is FF which indicates a multicast address.

Address that is automatically created on a link when IPv6 is enabled on an interface -> Link-local address in the range of FE80::/10

Address that is prohibited from routing to the Internet -> Site-local address (or Unique local address). They are analogous to IPv4’s private address classes. They
start with FC00::/7 (for used in private networks) -> The first octet can be FC or FD. However when you implement this you have to set the L-bit (the right-most bit
of the first octet) to 1 which means that the first two digits will be FD.

Question 76

What does traffic shaping do to reduce congestion in a network?

A. buffers without queuing packets

B. queues without buffering packets
C. buffers and queues packets
D. drops packets

Explanation

The following diagram illustrates the key difference between traffic policing and traffic shaping. Traffic policing propagates bursts. When the traffic rate reaches the
configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests
and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of
time. The result of traffic shaping is a smoothed packet output rate.

https://www.9tut.com/composite-quiz 22/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions

Note: Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the routing device.

Question 77

A network analyst is tasked with configured the date and time on a router using EXEC mode. The date must be set to 12:00am. Which command should be
used?

A. Clock timezone
B. Clock set
C. Clock summer-time-recurring
D. Clock summer-time date

Explanation

In this example, the clock time is set to 12:00 am with the clock date of January 1, 2020.

R1#clock set 12:00:00 jan 1 2020

Question 78

Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?

A. Router R3 will become the DR and router R2 will become the BDR.
B. Router R1 will become the DR and router R2 will become the BDR.
C. Router R3 will become the DR and router R1 will become the BDR.
D. Router R4 will become the DR and router R3 will become the BDR.

Explanation

After the new election, R3 and R1 have highest priority (of 2) so they will be elected DR and BDR. R3 will be elected DR because its has higher router ID (of
3.3.3.3).

Question 79

Refer to the exhibit.

SW1#show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual down down

SW1#show interface fa0/1 status

Port Name Status Vlan Duplex Speed Type
Fa0/1 notconnect 1 a-full a-100 10/100BaseTX

What is the cause of the issue?

A. port security
B. STP
C. wrong cable type
D. shutdown command

https://www.9tut.com/composite-quiz 23/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Explanation

The “Status” of fa0/1 is “notconnect” so port security is not the issue or it would show the status of “err-disabled”.

“Shutdown” command is also not the issue as it would show “Administratively down” in the “Status” field of the “show ip interface brief” command.

With STP, even if the port is in “Block” (BLK) status but it is still in “up/up” state with the “show ip interface brief” command.

With wrong cable type, the port is in “down/down” state, same as there is no connected cable to the port.

Question 80

Which component controls and distributes physical resources for each virtual machine?

A. OS
B. hypervisor
C. CPU
D. physical enclosure

Explanation

The hypervisor abstracts and isolates the VMs and their programs from the underlying server hardware, enabling a more efficient use of physical resources, simpler
maintenance and operations, and reduced costs.

Reference: https://www.nutanix.com/info/hypervisor

Question 81

Refer to the exhibit.

SiteA#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is aabb.cc00.0100 (bia aabb.cc00.0100)
Description: Connection to SiteB
Internet address is 10.10.10.1/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 166/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 265746000 bits/sec, 24343 packets/sec
5 minute output rate 123245000 bits/sec, 12453 packets/sec

SiteB#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is 0000.0c00.750c (bia 0000.0c00.750c)
Description: Connection to SiteA
Internet address is 10.10.10.2/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 123245000 bits/sec, 15343 packets/sec
5 minute output rate 265746000 bits/sec, 12453 packets/sec

Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent connectivity issues with applications hosted
at SiteB. What is the cause of the intermittent connectivity issue?

A. Interface errors are incrementing

B. High usage is causing high latency
C. An incorrect SFP media type was used at SiteA
D. The sites were connected with the wrong cable type

Explanation

The txload and rxload on both sites are 1/255 so the interfaces are not busy in transmitting and receiving traffic. But the reliability on SiteA is only 166/255 which
indicates input and output errors increase. Reliability is calculated by this formula: reliability = number of packets / number of total frames.

Question 82

What is the function of Cisco Advanced Malware protection for next-generation IPS?

A. inspecting specific files and files types for malware

B. authenticating end users
C. authorizing potentially compromised wireless traffic
D. URL filtering

Question 83

The service password-encryption command is entered on a router. What is the effect of this configuration?

A. prevents network administrators from configuring clear-text passwords

B. encrypts the password exchange when a VPN tunnel is established
C. protects the VLAN database from unauthorized PC connections on the switch
D. restricts unauthorized users from viewing clear-text passwords in the running configuration

https://www.9tut.com/composite-quiz 24/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Explanation

The service password-encryption command will encrypt all current and future passwords so any password existed in the configuration will be encrypted.

Note: With the “service password-encryption” command, administrators can still configure clear-text passwords but they will be encrypted in the configuration file.
So we cannot say “prevents network administrators from configuring clear-text passwords”.

Question 84

Refer to the exhibit.

The router R1 is in the process of being configured. Routers R2 and R3 are configured correctly for the new environment. Which two commands must be
configured on R1 for PC1 to communicate to all PCs on the 10.10.10.0/24 network? (Choose two)

A. ip route 10.10.10.10 255.255.255.255 192.168.2.2

B. ip route 10.10.10.0 255.255.255.248 192.168.2.2
C. ip route 10.10.10.0 255.255.255.0 192.168.2.3
D. ip route 10.10.10.10 255.255.255.255 g0/1
E. ip route 10.10.10.8 255.255.255.248 g0/1

Question 85

An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer
configure to achieve the desired result?

A. logging trap 5
B. logging trap 3
C. logging trap 2
D. logging trap 4

Explanation

Syslog levels are listed below

Level Keyword Description

0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

The highest level is level 0 (emergencies). The lowest level is level 7. If we configure syslog level 4 then it will send all the syslog messages from level 0 to 4.

Question 86

Refer to the exhibit.

SW1#show etherchannel
Channel-group listing:
----------------------
Group: 2
--------
Group state = L2
Ports: 1 Maxports = 8
Port-channels: 1 Max Portchannels = 1
Protocol: PAGP

https://www.9tut.com/composite-quiz 25/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
A network engineer updates the existing configuration on interface fastethernet1/1 switch SW1. It must establish an EtherChannel by using the same group
designation with another vendor switch. Which configuration must be performed to complete the process?
A. interface port-channel 2
channel-group 2 mode desirable
B. interface fastethernet 1/1
channel-group 2 mode on
C. interface port-channel 2
channel-group 2 mode auto
D. interface fastethernet 1/1
channel-group 2 mode active

Question 87

What are two disadvantages of a full-mesh topology? (Choose two)

A. It needs a high MTU between sites.

B. It works only with BGP between sites.
C. It must have point-to-point communication.
D. It requires complex configuration.
E. It has a high implementation cost.

Explanation

We don’t need to set high MTU between sites -> Answer 'It needs a high MTU between sites' is not correct.

We can use any connection types (broadcast, point-to-point…) between two devices -> Answer 'It must have point-to-point communication' is not correct.

We can use full-mesh topology with all routing protocols, not only BGP -> Answer 'It works only with BGP between sites' is not correct.

Question 88

Refer to the exhibit.

interface GigabitEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip access-group 2699 in
!
access-list 2699 deny icmp any 10.10.1.0 0.0.0.255 echo
access-list 2699 deny ip any 10.20.1.0 0.0.0.255
access-list 2699 permit ip any 10.10.1.0 0.0.0.255
access-list 2699 permit tcp any 10.20.1.0 0.0.0.127 eq 22

A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network.
Which command will accomplish this task?

A. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22

B. access-list 2699 permit udp 10.20.1.0 0.0.0.255
C. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
D. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22

Explanation

The operations team resides on 10.20.1.0/25 network which is a part of 10.20.1.0/24 network so we need to remove the “deny” statement of the 10.20.1.0/25
network to allow SSH.

Question 89

Refer to the exhibit.

A network engineer started to configure port security on a new switch. These requirements must be met:
– MAC addresses must be learned dynamically.
– Log messages must be generated without disabling the interface when unwanted traffic is seen.

Which two commands must be configured to complete this task? (Choose two)

A. SW(config-if)#switchport port-security maximum 2

B. SW(config-if)#switchport port-security mac-address sticky
C. SW(config-if)#switchport port-security mac-address 0010.7B84.45E6
D. SW(config-if)#switchport port-security violation restrict
E. SW(config-if)#switchport port-security violation shutdown

Explanation

https://www.9tut.com/composite-quiz 26/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
The requirement said MAC addresses must be learned dynamically so we cannot assign a specific MAC address or use the "sticky" keyword -> Answer "SW(config-
if)#switchport port-security mac-address 0010.7B84.45E6 "and answer "SW(config-if)#switchport port-security mac-address sticky" are not correct. Also the
requirement said "MAC addresses" in plural so we set the maximum to 2 -> Answer "SW(config-if)#switchport port-security maximum 2" is correct.

"Log messages must be generated without disabling the interface" -> use "restrict" keyword for violation, not "shutdown" keyword -> Answer "SW(config-
if)#switchport port-security violation restrict" is correct.

The “sticky” keyword does not mean the MAC addresses will be learned dynamically. It means the learned MAC addresses would be put into the running-config
only.
The question asks “MAC addresses must be learned dynamically” means we don’t configure static MAC learning only.

Note:

You can configure the interface for one of these violation modes, based on the action to be taken if a violation occurs:
+ Restrict – A port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated.
+ Shutdown – A port security violation causes the interface to shut down immediately. When a secure port is in the error-disabled state, you can bring it out of this
state by entering the errdisable recovery cause psecure_violation global configuration command or you can manually reenable it by entering the shutdown and no
shut down interface configuration commands. This is the default mode.

Question 90

Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP)
protocol?

A. lightweight
B. bridge
C. autonomous
D. route

Explanation

Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight
+ Autonomous: self-sufficient and standalone. Used for small wireless networks.
+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other via a logical
pair of CAPWAP tunnels.

Question 91

Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

A. TACACS
B. RADIUS
C. CPU ACL
D. Flex ACL

Explanation

Whenever you want to control which devices can talk to the main CPU, a CPU ACL is used.

Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting or generated by the CPU.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109669-secure-wlc.html

Question 92

Refer to the exhibit.

interface g2/0/0
channel-group 1 mode active
interface g4/0/0
channel-group 1 mode active
interface Port-channel1
ip address 203.0.113.65 255.255.255.252

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down

An engineer is configuring a Layer 3 port-channel interface with LACP. The configuration on the first device is complete, and it is verified that both
interfaces have registered the neighbor device in the CDP table. Which task on the neighbor device enables the new port channel to come up without
negotiating the channel?

A. Bring up the neighboring interfaces using the no shutdown command.

B. Configure the IP address of the neighboring device
C. Change the EtherChannel mode on the neighboring interfaces to auto
D. Modify the static EtherChannel configuration of the device to passive mode

Explanation

Our switch can see neighbor switch in the CDP table which means the interfaces of both ends have been turned on (with no shutdown command) -> Answer "Bring
up the neighboring interfaces using the no shutdown command" is not correct.

Our switch is using LACP (active/passive mode) so we cannot use PAgP (auto/desirable mode) on the neighboring interface -> Answer "Change the EtherChannel
mode on the neighboring interfaces to auto" is not correct.

https://www.9tut.com/composite-quiz 27/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
The error is at Layer 2 ("changed state to down") so it is not about "configuring the IP address" of the neighboring device which is at Layer 3 -> Answer "Configure
the IP address of the neighboring device" is not correct.

Therefore only answer "Modify the static EtherChannel configuration of the device to passive mode" is left. We have to change the Etherchannel mode of
neighboring device from static to passive for LACP.

Question 93

Refer to the exhibit. After the switch configuration the ping test fails between PC A and PC B. Based on the output for switch 1, which error must be
corrected?

Switch 1
Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
<output omitted>
Trunking VLANs Enabled: 50-100
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
A. All VLANs are not enabled on the trunk
B. There is a native VLAN mismatch
C. Access mode is configured on the switch ports.
D. The PCs are in the incorrect VLAN
Switch 2
Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 99 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
<output omitted>
Trunking VLANs Enabled: 50-100
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Explanation

From the output we see the native VLAN of Switch1 on Gi0/1 interface is VLAN 1 while that of Switch2 is VLAN 99 so there would be a native VLAN mismatch.

Question 94

What does a switch use to build its MAC address table?

A. ingress traffic
B. egress traffic
C. DTP
D. VTP

Explanation

The MAC addresses in the CAM table are the source MAC addresses only. Therefore it only learns MAC address from ingress traffic.

Question 95

Drag and drop the characteristics of device-management technologies from the left onto the corresponding deployment types on the right.

https://www.9tut.com/composite-quiz 28/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 136245 (which means
136 for first group, 245 for second group).
Please type your answer here: 124 (correct answer: 135246)

Question 96

Refer to the exhibit.

Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2,03:32:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2,02:26:53
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:46:03
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.11.0/30 is directly connected, FastEthernet2/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.1, 00:00:12, GigabitEthernet0/0
O 10.10.13.144/28 [110/2] via 10.10.10.1, 00:01:57, GigabitEthernet0/0
O 10.10.13.160/29 [110/2] via 10.10.10.1, 00:00:12, GigabitEthernet0/0
O 10.10.13.208/29 [110/2] via 10.10.10.1, 00:01:57, GigabitEthernet0/0
O 10.10.13.252/30 [110/2] via 10.10.10.1, 00:01:57, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.11.2

Drag and drop the subnet masks from the left onto the corresponding subnets on the right. Not all subnet masks are used.

Note: You just need to click on one of the boxes on the right to match it with the corresponding box on the left. Also please match the unused subnet mask
with "unused" box.

10.10.13.0 255.255.255.128
(unused) 255.255.255.248
10.10.13.128
10.10.13.160 255.255.255.252
10.10.13.252 255.255.255.240

Question 97

A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet cable. The neighbors are taking too long to become fully
adjacent. Which command must be issued under the interface configuration on each router to reduce the time required for the adjacency to reach the
FULL state?

A. ip ospf network broadcast

B. ip ospf network point-to-point
C. ip ospf dead-interval 40
D. ip ospf priority 0

Explanation

OSPF detects neighbors by means of Hello packets. Maybe the reason for “The neighbors are taking too long to become fully adjacent” is hello packets are not sent
frequently.

With OSPF priority of 0, the OSPF router becomes ineligible for being the DR/BDR on that segment so they cannot reach the FULL state. They will be in
DROTHER state -> Answer 'ip ospf priority 0 ' is not correct.

Changing the Dead Interval does not automatically change the Hello Interval -> Answer 'ip ospf dead-interval 40 ' is not correct.

Set the network type to “point-to-point”, the OSPF routers will not elect DR/BDR -> Answer 'ip ospf network point-to-point'

Question 98

https://www.9tut.com/composite-quiz 29/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
What is a DHCP client?
A. a workstation that requests a domain name associated with its IP address
B. a server that dynamically assigns IP addresses to hosts
C. a host that is configured to request an IP address automatically
D. a router that statically assigns IP addresses to hosts

Question 99

Refer to the exhibit. The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be
performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another? (Choose two)

Configured interfaces:

New York:
Atlanta: Washington:
S0/0/0: 2012::2/126
S0/0/0: 2012::1/126 S0/0/0: 2023::3/126
S0/0/1: 2023::2/126
Loopback1: 2000::1/128 Loopback3: 2000::3/128
Loopback2:2000::2/128
A. Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router
B. Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router
C. Configure the ipv6 route 2012::/126 2023::1 command on the Washington router
D. Configure the ipv6 route 2012::/126 2023:2 command on the Washington router
E. Configure the ipv6 route 2012::/126 s0/0/0 command on the Atlanta router

Explanation

The short syntax of static IPv6 route is:

ipv6 route <destination-IPv6-address> {next-hop-IPv6-address | exit-interface}

Question 100

Which benefit does Cisco DNA Center provide over traditional campus management?

A. Cisco DNA Center automates SSH access for encrypted entry, and SSH is absent from traditional campus management.
B. Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.
C. Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.
D. Cisco DNA Center leverages SNMPv3 for encrypted management, and traditional campus management uses SNMPv2.

Question 101

Refer to the exhibit.

An engineer has started to configure replacement switch SW1. To verify part of the configuration, the engineer issued the commands as shown and noticed
that the entry for PC2 is missing. Which change must be applied to SW1 so that PC1 and PC2 communicate normally?

A. SW1(config-if)#interface fa0/2
SW1(config-if)#no switchport mode trunk
SW1(config-if)#no switchport trunk allowed vlan 3
SW1(config-if)#switchport mode access

https://www.9tut.com/composite-quiz 30/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
B. SW1(config)#interface fa0/2
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#no switchport trunk allowed vlan 3
SW1 (config-if)#switchport trunk allowed vlan 2

C. SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport access vlan 3
SW1(config-if)#switchport trunk allowed vlan 2
D. SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport trunk native vlan 2
SW1(config-if)#switchport trunk allowed vlan 3

Question 102

Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?

A. Silver
B. Bronze
C. Gold
D. Platinum

Explanation

Cisco Unified Wireless Network solution WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01010111.html

1. ahmed
May 16th, 2020

tnk you
2. JC
May 24th, 2020

Hi, in the question about Drag and drop the networking parameters from the left on to the correct values on the right with connection oriented and connection
less, I put as a connection oriented SMTP, SSH and FTP and connectionless SNMP, VoIP and TFTP, I think its the correct answer but you put as I failed, could
you check it please?

3. op
May 27th, 2020

Hi,
Question 63
Drag and drop the networking parameters from the left on to the correct values on the right.

Connection_Oriented_Connectionless.jpg

Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 136245 (which means 136 for
first group, 245 for second group)

Please type your answer here: 156234 Wrong

What is the correct answer?

4. 9tut
May 27th, 2020

@op, @JC: Thanks for your detection, there was an error with Q.63. We have just updated it so please try again!

5. op
May 28th, 2020

Question 50
Drag and drop the application protocols from the left onto the suitable transport protocols on the right.

TCP_UDP_Protocols_2.jpg

Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 136245 (which means 136 for
first group, 245 for second group)

Please type your answer here: 156234 Wrong

Sorry, Still no change !

6. op
May 28th, 2020

Sorry, Q63 is ok now.

But Q50 (they are not same) seems to be wrong too.

SMTP, FTP, SSH uses TCP while SNMP, DHCP, TFTP uses UDP .
Am I correct?

https://www.9tut.com/composite-quiz 31/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
7. 9tut
May 28th, 2020

@op: Thanks for your information, we updated Q50 too!

8. op
May 28th, 2020

Thanks.

9. op
June 1st, 2020

Question 72
Refer to the exhibit. If the network environment is operating normally, which type of device must be connected to interface FastEthernet 0/1?

ip arp inspection vlan 2-10

interface fastethernet 0/1
ip arp inspection trust
A. access point
B. DHCP client
C. routercorrect
D. PC

Is this answer correct?

Before I did the same question, PC was correct.

10. 9tut
June 1st, 2020

@op: We have just updated this question. Answer “C. router” is correct.

11. op
June 1st, 2020

Can you pl give some explanation?

12. op
June 3rd, 2020

Question 82
Refer to the exhibit. What configuration on R1 denies SSH access from PC-1 to any R1 interface and allows all other traffic?

access_list_ssh.jpg

A. access-list 100 deny tcp host 172.16.1.33 any eq 23

access-list 100 permit ip any any
line vty 0 15
access-class 100 in
B. access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
interface GigabitEthernet0/0
ip access-group 100 in
wrong
C. access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
correct
D. line vty 0 15
access-class 100 in
access-list 100 deny tcp host 172.16.1.33 any eq 23
access-list 100 permit ip any any
interface GigabitEthernet0/0
ip access-group 100 in

Is this correct?

13. Pawel
June 3rd, 2020

@9tut

There is something wrong with 102q test – I had only 1 mistake but score was only 93% – some of the correct answers doesn’t count or something. (I think the
new ones because I didn’t had any problem before update)

14. JH
June 5th, 2020

@op: yes it is.

Extendend Access List , Port 22 is SSH : So it only blocks SSH traffic witch is tcp from PC-1 with IP 172.16.1.33

15. TheMattMeister
June 6th, 2020

Hey all,

just passed exam with a 963/1000! if you can knock out the 102 composite quiz with an A several times (i think i ended up running through it 10 times), i’m
sure you can pass this test. With the exception of a few questions that i’ve either just seen less or were just new, the test is identical.

good luck!

https://www.9tut.com/composite-quiz 32/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
16. Mah
June 6th, 2020

Hi @9tut,

Im sorry to ask, can you kindly explain Q13 I think the answer is 10.4.4.4 which is C Please?

Why ia the answer is D?

17. 9tut
June 7th, 2020

@Mah: Could you please post that question here as the questions in the Composite Quizzes are shuffled each time you take the quiz?
Comments are closed.
Composite Quiz 20 Questions CCNAv7 (2020) – New Questions Part 2 Question 38 to 43

Premium Member Zone

Welcome Ulrich AGBIMADOU!

Welcome Premium Member

CCNA – New Questions Part 5
CCNA – New Questions Part 6
CCNA – New Questions Part 7
CCNA – New Questions Part 8
CCNA – New Questions Part 9
CCNA – New Questions Part 10
CCNA – New Questions Part 11
CCNA – New Questions Part 12
CCNA – New Questions Part 13
Composite Quizzes
IP Services Sim
IP Services Sim Version 2
Static Routing Configuration Sim
Static Routing Configuration Sim 2
OSPF Configuration Sim
LACP Configuration Sim
Voice VLAN Configuration Sim
VLAN and Trunking Configuration Sim
IPv4 and IPv6 Connectivity Sim
Named Access-list & Port Security Sim
Named Access-list & DHCP Snooping Sim

Logout

CCNA 200-301
Basic Questions
Topology Architecture Questions
Cloud & Virtualization Questions
CDP & LLDP Questions
Switch Questions
VLAN & Trunking Questions
VLAN & Trunking Questions 2
STP & VTP Questions
EtherChannel Questions
TCP & UDP Questions
IP Address & Subnetting Questions
IP Routing Questions
IP Routing Questions 2
OSPF Questions
OSPF Questions 2
EIGRP Questions
NAT Questions
NTP Questions
Syslog Questions
HSRP Questions
Access-list Questions
AAA Questions
Security Questions
Security Questions 2
DAI Questions
IPv6 Questions
DNS Questions
QoS Questions
Port Security Questions
Wireless Questions
Wireless Questions 2
SDN Questions
DNA Center Questions
Drag Drop Questions
Drag Drop Questions 2
Drag Drop Questions 3
VPN Questions
DHCP Questions
Automation Questions
https://www.9tut.com/composite-quiz 33/34
05/08/2023 12:02 CCNA Training » Composite Quiz 102 Questions
Miscellaneous Questions
CCNA FAQs & Tips
Share your CCNA Experience

CCNA Self-Study
Practice CCNA GNS3 Labs
CCNA Knowledge
CCNA Lab Challenges
Puppet Tutorial
Chef Tutorial
Ansible Tutorial
JSON Tutorial
Layer 2 Threats and Security Features
AAA TACACS+ and RADIUS Tutorial
STP Root Port Election Tutorial
GRE Tunnel Tutorial
Basic MPLS Tutorial
TCP and UDP Tutorial
Border Gateway Protocol BGP Tutorial
Point to Point Protocol (PPP) Tutorial
WAN Tutorial
DHCP Tutorial
Simple Network Management Protocol SNMP Tutorial
Syslog Tutorial
Gateway Load Balancing Protocol GLBP Tutorial
EtherChannel Tutorial
Hot Standby Router Protocol HSRP Tutorial
InterVLAN Routing Tutorial
Cisco Command Line Interface CLI
Cisco Router Boot Sequence Tutorial
OSI Model Tutorial
Subnetting Tutorial – Subnetting Made Easy
Frame Relay Tutorial
Wireless Tutorial
Virtual Local Area Network VLAN Tutorial
VLAN Trunking Protocol VTP Tutorial
IPv6 Tutorial
Rapid Spanning Tree Protocol RSTP Tutorial
Spanning Tree Protocol STP Tutorial
Network Address Translation NAT Tutorial
Access List Tutorial
RIP Tutorial
EIGRP Tutorial
OSPF Tutorial

Network Resources
Free Router Simulators
CCNA Website
ENCOR Website
ENSDWI Website
ENARSI Website
DevNet Website
CCIE R&S Website
Security Website
Wireless Website
Design Website
Data Center Website
Service Provider Website
Collaboration Website

Top

Copyright © 2021 CCNA Training

Site Privacy Policy. Valid XHTML 1.1 and CSS 3.H

https://www.9tut.com/composite-quiz 34/34