CCNAv7 System Test Course (Version 1.

1) – System
Test Exam Answers
Mar 9, 2021 Last Updated: Mar 9, 2021 CCNA v7.0 2 Comments
Share TweetSharePin it

System Test Course ( Version 1.1) – System Test Exam

Answers

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

1. What two characteristics describe an FTP connection? (Choose two.)

 The server establishes the first connection with the client to control traffic that
consists of server commands and client replies.
 A large file requires more than two connections between the client and the
server to successfully download it.
 The first connection established is for traffic control and the second connection
is created to transfer a file.
 Files can be downloaded from or uploaded to the server.
 The client needs to run a daemon program to establish an FTP connection
with a server.
Explanation: An FTP client is an application that runs on a computer used to
push and pull files from a server running an FTP daemon. To transfer files, FTP
requires two connections between the client and the server: one for commands
and replies and another for the actual file transfer. The client establishes the first
connection to the server for control traffic and the second connection for the
actual file transfer. This connection is created every time there is a file to be
transferred. The client can download a file from or upload a file to the server.
2. Refer to the exhibit. Consider the IP address configuration shown from PC1.
What is a description of the default gateway address?
 CCNA 1 System Test Course (Version 1.1) – System Test Exam PC1
 It is the IP address of the Router1 interface that connects the PC1 LAN to
Router1.
 It is the IP address of the Router1 interface that connects the company to the
Internet.
 It is the IP address of the ISP network device located in the cloud.
 It is the IP address of Switch1 that connects PC1 to other devices on the
same LAN.
Explanation: The default gateway is used to route packets destined for remote
networks. The default gateway IP address is the address of the first Layer 3
device (the router interface) that connects to the same network.
3. Open the PT activity. Perform the tasks in the activity instructions and then
answer the question.
What is the application layer service being requested from Server0 by PC0?
 CCNA 1 System Test Course (Version 1.1) – System Test Exam PT

In the Simulation mode, capture the packets. What is the application layer service
being requested from Server0 by PC0?
Return to the assessment to answer the question.
 FTP
 DNS
 HTTPS
 HTTP
 SMTP
Explanation: From the PDU, the destination port is 443, which means the service
requested is HTTPS.
 CCNA 1 System Test Course (Version 1.1) – System Test Exam PT Answer
4. Which statement describes the physical topology for a LAN?
 It defines how hosts and network devices connect to the LAN.
 It shows the order in which hosts access the network.
 It depicts the addressing scheme that is employed in the LAN.
 It describes whether the LAN is a broadcast or token-passing network.
Explanation: A physical topology defines the way in which computers and other
network devices are connected to a network.
5. Match the term to the value represented.

CCNA 1 System Test Course (Version 1.1) – System Test Exam

CCNA 3 v7 Modules 1 – 2: OSPF Concepts and

Configuration Exam Answers
Dec 22, 2019 Last Updated: Jul 13, 2022 CCNA v7 Course #3 67 Comments
Share TweetSharePin it
How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

Enterprise Networking, Security, and Automation ( Version

7.00) – Modules 1 – 2: OSPF Concepts and Configuration
Exam
1. What is a function of OSPF hello packets?
 to send specifically requested link-state records
 to discover neighbors and build adjacencies between them
 to ensure database synchronization between routers
 to request specific link-state records from neighbor routers
2. Which OPSF packet contains the different types of link-state advertisements?
 hello
 DBD
 LSR
 LSU
 LSAck
3. Which three statements describe features of the OSPF topology table? (Choose
three.)
 It is a link-state database that represents the network topology.
 Its contents are the result of running the SPF algorithm.
 When converged, all routers in an area have identical topology tables.
 The topology table contains feasible successor routes.
 The table can be viewed via the show ip ospf database command.
 After convergence, the table only contains the lowest cost route entries for all
known networks.
Explanation: The topology table on an OSPF router is a link-state database
(LSDB) that lists information about all other routers in the network, and
represents the network topology. All routers within an area have identical link-
state databases, and the table can be viewed using the show ip ospf database
command. The EIGRP topology table contains feasible successor routes. This
concept is not used by OSPF. The SPF algorithm uses the LSDB to produce the
unique routing table for each router which contains the lowest cost route entries
for known networks.
 4. What does an OSPF area contain?
 routers that share the same router ID
 routers whose SPF trees are identical
 routers that have the same link-state information in their LSDBs
 routers that share the same process ID
Explanation: An OSPF area contains one set of link-state information, although
each router within the area will process that information individually to form its
own SPF tree. OSPF process IDs are locally significant and are created by the
administrator. Router IDs uniquely identify each router.

5. What is used to facilitate hierarchical routing in OSPF?

 the use of multiple areas
 frequent SPF calculations
 autosummarization
 the election of designated routers
Explanation: OSPF supports the concept of areas to prevent larger routing
tables, excessive SPF calculations, and large LSDBs. Only routers within an area
share link-state information. This allows OSPF to scale in a hierarchical fashion
with all areas that connect to a backbone area.
6. Which OSPF data structure is identical on all OSPF routers that share the same
area?
 forwarding database
 link-state database
 adjacency database
 routing table
Explanation: Regardless of which OSPF area a router resides in, the adjacency
database, routing table, and forwarding database are unique for each router. The
link-state database lists information about all other routers within an area and is
identical across all OSPF routers participating in that area.
7. Which step does an OSPF-enabled router take immediately after establishing an
adjacency with another router?
 builds the topology table
 exchanges link-state advertisements
 chooses the best path
 executes the SPF algorithm
Explanation: The OSPF operation steps are as follows:
1. Establish neighbor adjacencies
2. Exchange link-state advertisements
3. Build the topology table
4. Execute the SPF algorithm
5. Choose the best route
8. A network engineer has manually configured the hello interval to 15 seconds on
an interface of a router that is running OSPFv2. By default, how will the dead
interval on the interface be affected?
 The dead interval will not change from the default value.
 The dead interval will now be 30 seconds.
 The dead interval will now be 60 seconds.
 The dead interval will now be 15 seconds.
Explanation: Cisco IOS automatically modifies the dead interval to four times the
hello interval.
9. Refer to the exhibit. A network administrator has configured the OSPF timers to
the values that are shown in the graphic. What is the result of having those
manually configured timers?

 R1 automatically adjusts its own timers to match the R2 timers.

 The R1 dead timer expires between hello packets from R2.
 The hello timer on R2 expires every ten seconds.
 The neighbor adjacency has formed.
Explanation: The dead timer (20 seconds) on R1 expires before the next hello
packet from R2 (25 seconds).
10. To establish a neighbor adjacency two OSPF routers will exchange hello packets.
Which two values in the hello packets must match on both routers? (Choose two.)
 dead interval
 router priority
 list of neighbors
 router ID
 hello interval
Explanation: The hello and dead interval timers contained in a hello packet must
be the same on neighboring routers in order to form an adjacency.
11. What is the default router priority value for all Cisco OSPF routers?
 0
 1
 10
 255
Explanation: The router priority value is used in a DR/BDR election. The default
priority for all OSPF routers is 1 but it can be manually altered to any value 0 to
255.
12. Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a
sending router and is used by receiving routers to check against the local LSDB?
 database description
 link-state update
 link-state request
 link-state acknowledgment
Explanation: The database description (DBD) packet contains an abbreviated list
of the LSDB sent by a neighboring router and is used by receiving routers to
check against the local LSDB.
13. In an OSPF network when are DR and BDR elections required?
 when the two adjacent neighbors are interconnected over a point-to-point link
 when all the routers in an OSPF area cannot form adjacencies
 when the routers are interconnected over a common Ethernet network
 when the two adjacent neighbors are in two different networks
Explanation: When the routers are interconnected over a common Ethernet
network, then a designated router (DR) and a backup DR (BDR) must be elected.
14. When an OSPF network is converged and no network topology change has been
detected by a router, how often will LSU packets be sent to neighboring routers?
 every 5 minutes
 every 10 minutes
 every 30 minutes
 every 60 minutes
Explanation: After all LSRs have been satisfied for a given router, the adjacent
routers are considered synchronized and in a full state. Updates (LSUs) are sent
to neighbors only under the following conditions:
 when a network topology change is detected (incremental updates)
 every 30 minutes

15. What will an OSPF router prefer to use first as a router ID?
 a loopback interface that is configured with the highest IP address on the
router
 any IP address that is configured using the router-id command
 the highest active interface IP that is configured on the router
 the highest active interface that participates in the routing process because
of a specifically configured network statement
Explanation: The first preference for an OSPF router ID is an explicitly configured
32-bit address. This address is not included in the routing table and is not defined
by the network command. If a router ID that is configured through the router-
id command is not available, OSPF routers next use the highest IP address
available on a loopback interface, as loopbacks used as router IDs are also not
routable addresses. Lacking either of these alternatives, an OSPF router will use
the highest IP address from its active physical interfaces.
16. What are the two purposes of an OSPF router ID? (Choose two.)
 to uniquely identify the router within the OSPF domain
 to facilitate router participation in the election of the designated router
 to enable the SPF algorithm to determine the lowest cost path to remote
networks
 to facilitate the establishment of network convergence
 to facilitate the transition of the OSPF neighbor state to Full
Explanation: OSPF router ID does not contribute to SPF algorithm calculations,
nor does it facilitate the transition of the OSPF neighbor state to Full. Although
the router ID is contained within OSPF messages when router adjacencies are
being established, it has no bearing on the actual convergence process.
17. Refer to the exhibit. If no router ID was manually configured, what would
router Branch1 use as its OSPF router ID?

 10.0.0.1
 10.1.0.1
 192.168.1.100
 209.165.201.1
Explanation: In OSPFv2, a Cisco router uses a three-tier method to derive its
router ID. The first choice is the manually configured router ID with the router-
id command. If the router ID is not manually configured, the router will choose
the highest IPv4 address of the configured loopback interfaces. Finally if no
loopback interfaces are configured, the router chooses the highest active IPv4
address of its physical interfaces.
18. A network technician issues the following commands when configuring a router:

R1(config)# router ospf 11

R1(config-router)# network 10.10.10.0 0.0.0.255 area 0

What does the number 11 represent?

 the OSPF process ID on R1
 the cost of the link to R1
 the autonomous system number to which R1 belongs
 the administrative distance that is manually assigned to R1
 the area number where R1 is located
Explanation: There is no autonomous system number to configure on OSPF. The
area number is located at the end of the network statement. The cost of a link
can be modified in the interface configuration mode. The process ID is local to
the router.
19. An OSPF router has three directly connected networks; 172.16.0.0/16,
172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would advertise
only the 172.16.1.0 network to neighbors?
 router(config-router)# network 172.16.1.0 0.0.255.255 area 0
 router(config-router)# network 172.16.0.0 0.0.15.255 area 0
 router(config-router)# network 172.16.1.0 255.255.255.0 area 0
 router(config-router)# network 172.16.1.0 0.0.0.0 area 0
Explanation: To advertise only the 172.16.1.0/16 network the wildcard mask
used in the network command must match the first 16-bits exactly. To match bits
exactly, a wildcard mask uses a binary zero. This means that the first 16-bits of
the wildcard mask must be zero. The low order 16-bits can all be set to 1.
20. Refer to the exhibit. Which three statements describe the results of the OSPF
election process of the topology that is shown in the exhibit? (Choose three.)
  R3 will be elected BDR.
 The R4 FastEthernet 0/0 priority is 128.
 The R4 router ID is 172.16.1.1.
 R1 will be elected BDR.
 The router ID on R2 is the loopback interface.
 R2 will be elected DR.
Explanation: R2 will be elected DR because it has the highest priority of 255, all
of the others have a priority of 1. R3 will be elected BDR because it has the
numerically highest router-ID of 192.168.1.4. The R4 router-ID is 172.16.1.1
because it is the IPv4 address attached to the loopback 0 interface.
21. Refer to the exhibit. If the switch reboots and all routers have to re-establish
OSPF adjacencies, which routers will become the new DR and BDR?
  Router R4 will become the DR and router R1 will become the BDR.
 Router R2 will become the DR and router R3 will become the BDR.
 Router R1 will become the DR and router R2 will become the BDR.
 Router R4 will become the DR and router R3 will become the BDR.
Explanation: OSPF elections of a DR are based on the following in order of
precedence:
 highest pritority from 1 -255 (0 = never a DR)
 highest router ID
 highest IP address of a loopback or active interface in the absence of a
manually configured router ID. Loopback IP addresses take higher
precedence than other interfaces.
In this case routers R4 and R1 have the highest router priority. Between the two,
R3 has the higher router ID. Therefore, R4 will become the DR and R1 will
become the BDR.
22. By default, what is the OSPF cost for any link with a bandwidth of 100 Mb/s or
greater?
 100000000
 10000
 1
 100
Explanation: OSPF uses the formula: Cost = 100,000,000 / bandwidth. Because
OSPF will only use integers as cost, any bandwidth of 100 Mb/s or greater will all
equal a cost of 1.
23. Refer to the exhibit. What is the OSPF cost to reach the router A LAN
172.16.1.0/24 from B?

 782
 74
 128
 65
Explanation: The formula used to calculate the OSPF cost is as follows:
Cost = reference bandwidth / interface bandwidth
The default reference bandwidth is 10^8 (100,000,000); therefore, the formula is
Cost = 100,000,000 bps / interface bandwidth in bps
Thus the cost to reach the A LAN 172.16.1.0/24 from B is as follows:
Serial link (1544 Kbps) from B to A cost => 100,000,000 / 1,544,000 = 64
Gigabit Ethernet link on A cost => 100,000,000 / 1,000,000,000 = 1
Total cost to reach 172.16.1.0/24 = 64 + 1 = 65
24. Refer to the exhibit. On which router or routers would a default route be
statically configured in a corporate environment that uses single area OSPF as the
routing protocol?
  R0-A
 ISP, R0-A, R0-B, and R0-C
 ISP
 R0-B and R0-C
 ISP and R0-A
 R0-A, R0-B, and R0-C
Explanation: The default route is applied to the router that connects to the
Internet, or R0-A. R0-A then distributes that default route using the OSPF routing
protocol.
25. What command would be used to determine if a routing protocol-initiated
relationship had been made with an adjacent router?
 ping
 show ip ospf neighbor
 show ip interface brief
 show ip protocols
Explanation: While the show ip interface brief and ping commands can be used to
determine if Layer 1, 2, and 3 connectivity exists, neither command can be used
to determine if a particular OSPF or EIGRP-initiated relationship has been made.
The show ip protocols command is useful in determining the routing parameters
such as timers, router ID, and metric information associated with a specific
routing protocol. The show ip ospf neighbor command shows if two adjacent
routers have exchanged OSPF messages in order to form a neighbor
relationship.
26. Refer to the exhibit. Which command did an administrator issue to produce this
output?
  R1# show ip ospf interface serial0/0/1
 R1# show ip route ospf
 R1# show ip ospf
 R1# show ip ospf neighbor
27. Which command is used to verify that OSPF is enabled and also provides a list
of the networks that are being advertised by the network?
 show ip interface brief
 show ip ospf interface
 show ip protocols
 show ip route ospf
Explanation: The command show ip ospf interface verifies the active OSPF
interfaces. The command show ip interface brief is used to check that the
interfaces are operational. The command show ip route ospf displays the entries
that are learned via OSPF in the routing table. The command show ip
protocols checks that OSPF is enabled and lists the networks that are advertised.
28. Refer to the exhibit. A network administrator has configured OSPFv2 on the
two Cisco routers but PC1 is unable to connect to PC2. What is the most likely
problem?
  Interface Fa0/0 has not been activated for OSPFv2 on router R2.
 Interface Fa0/0 is configured as a passive-interface on router R2.
 Interface S0/0 is configured as a passive-interface on router R2.
 Interface s0/0 has not been activated for OSPFv2 on router R2.
Explanation: If a LAN network is not advertised using OSPFv2, a remote network
will not be reachable. The output displays a successful neighbor adjacency
between router R1 and R2 on the interface S0/0 of both routers.
29. What is the recommended Cisco best practice for configuring an OSPF-enabled
router so that each router can be easily identified when troubleshooting routing
issues?
 Configure a value using the router-id command.
 Use the highest active interface IP address that is configured on the router.
 Use a loopback interface configured with the highest IP address on the
router.
 Use the highest IP address assigned to an active interface participating in
the routing process.
Explanation: A Cisco router is assigned a router ID to uniquely identify it. It can
be automatically assigned and take the value of the highest configured IP
address on any interface, the value of a specifically-configured loopback
address, or the value assigned (which is in the exact form of an IP address)
using the router-id command. Cisco recommends using the router-id command.
30. Which step in the link-state routing process is described by a router running an
algorithm to determine the best path to each destination?
 load balancing equal-cost paths
 declaring a neighbor to be inaccessible
 choosing the best route
 executing the SPF algorithm
31. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 192.168.223.0 255.255.254.0. What wildcard
mask would the administrator use in the OSPF network statement?
 0.0.1.255
 0.0.7.255
 0.0.15.255
 0.0.31.255
32. What is the format of the router ID on an OSPF-enabled router?
 a unique router host name that is configured on the router
 a unique phrase with no more than 16 characters
 a 32-bit number formatted like an IPv4 address
 an 8-bit number with a decimal value between 0 and 255
 a character string with no space
Explanation: A router ID is a 32-bit number formatted like an IPv4 address and
assigned in order to uniquely identify a router among OSPF peers.
33. Question as presented:
DUAL is the algorithm used by EIGRP. In multiarea OSPF, OSPF is implemented
using multiple areas, and all of them must be connected to the backbone area.
34. After modifying the router ID on an OSPF router, what is the preferred method
to make the new router ID effective?
 HQ# copy running-config startup-config
 HQ# resume
 HQ# clear ip route *
 HQ# clear ip ospf process
Explanation: To modify a router-id on an OSPF-enabled router, it is necessary to
reset the OSPF routing process by entering either the clear ip ospf
process command or the reload command.
35. In an OSPFv2 configuration, what is the effect of entering the command
network 192.168.1.1 0.0.0.0 area 0 ?
 It allows all 192.168.1.0 networks to be advertised.
 It tells the router which interface to turn on for the OSPF routing process.
 It changes the router ID of the router to 192.168.1.1.
 It enables OSPF on all interfaces on the router.
Explanation: Entering the command network 192.168.1.1 0.0.0.0 area 0 will turn on
only the interface with that IP address for OSPF routing. It does not change the
router ID. Instead, OSPF will use the network that is configured on that interface.
36. What is the reason for a network engineer to alter the default reference
bandwidth parameter when configuring OSPF?
 to force that specific link to be used in the destination route
 to more accurately reflect the cost of links greater than 100 Mb/s
 to enable the link for OSPF routing
 to increase the speed of the link
Explanation: By default, Fast Ethernet, Gigabit, and 10 Gigabit Ethernet
interfaces all have a cost of 1. Altering the default reference bandwidth alters the
cost calculation, allowing each speed to be more accurately reflected in the cost.
37. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.

Which task has to be performed on Router 1 for it to establish an OSPF adjacency

with Router 2?
 Issue the clear ip ospf process command.
 Change the subnet mask of interface FastEthernet 0/0 to 255.255.255.0.
 Remove the passive interface command from interface FastEthernet 0/0.
 Add the network 10.0.1.0 0.0.0.255 area 0 command to the OSPF process.

Modules 1 – 2: OSPF Concepts and Configuration Packet Tracer 40.09 KB 5091 downloads
...
Download
Explanation: Each interface on the link connecting the OSPF routers must be in
the same subnet for an adjacency to be established. The IP address subnet
mask on FastEthernet interface 0/0 must be changed to 255.255.255.0. The
FastEthernet interface 0/0 is not passive. The 10.0.1.0/24 network is only
connected to Router2 so should not be advertised by Router1. The clear ip ospf
process command will start the OPSF process on Router1 but will not cause an
adjacency to be established if the subnet mask mismatch on the connecting
interfaces still exists.
38. Match the description to the term. (Not all options are used.)
Explanation: DUAL is the algorithm used by EIGRP. In multiarea OSPF, OSPF is
implemented using multiple areas, and all of them must be connected to the
backbone area.
39. What is a benefit of multiarea OSPF routing?
 Topology changes in one area do not cause SPF recalculations in other areas.
 Routers in all areas share the same link-state database and have a complete
picture of the entire network.
 A backbone area is not required.
 Automatic route summarization occurs by default between areas.
Explanation: With multiarea OSPF, only routers within an area share the same
link-state database. Changes to the network topology in one area do not impact
other areas, which reduces the number of SPF algorithm calculations and the of
link-state databases.
40. Match the OSPF state with the order in which it occurs. (Not all options are
used.)
 Modules 1 – 2: OSPF Concepts and Configuration Exam

Explanation: The active and passive states are used by EIGRP.

41. What indicates to a link-state router that a neighbor is unreachable?
 if the router no longer receives hello packets
 if the router receives an update with a hop count of 16
 if the router receives an LSP with previously learned information
 if the router no longer receives routing updates
Explanation: OSPF routers send hello packets to monitor the state of a neighbor.
When a router stops receiving hello packets from a neighbor, that neighbor is
considered unreachable and the adjacency is broken.
42. Which three OSPF states are involved when two routers are forming an
adjacency? (Choose three.)
 Exchange
 Init
 ExStart
 Two-way
 Loading
 Down
Explanation: OSPF operation progresses through 7 states for establishing
neighboring router adjacency, exchanging routing information, calculating the
best routes, and reaching convergence. The Down, Init, and Two-way states are
involved in the phase of neighboring router adjacency establishment.
43. Refer to the exhibit. Suppose that routers B, C, and D have a default priority,
and router A has a priority 0. Which conclusion can be drawn from the DR/BDR
election process?
 CCNA 3 v7 Modules 1 – 2: OSPF Concepts and Configuration Exam
 If the priority of router C is changed to 255, then it will become the DR.
 Router A will become the DR and router D will become the BDR.
 If the DR fails, the new DR will be router B.
 If a new router with a higher priority is added to this network, it will become
the DR.
Explanation: If the priority is set to 0, the router is not capable of becoming the
DR, so router A cannot be the DR. OSPF DR and BDR elections are not
preemptive. If a new router with a higher priority or higher router ID is added to
the network after the DR and BDR election, the newly added router does not take
over the DR or the BDR role.
44. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 64.102.0.0 255.255.255.128. What wildcard
mask would the administrator use in the OSPF network statement?
 0.0.31.255
 0.0.0.63
 0.0.63.255
 0.0.0.127
45. Which command will a network engineer issue to verify the configured hello and
dead timer intervals on a point-to-point WAN link between two routers that are
running OSPFv2?
 show ipv6 ospf interface serial 0/0/0
  show ip ospf neighbor
 show ip ospf interface fastethernet 0/1
 show ip ospf interface serial 0/0/0
The show ip ospf interface serial 0/0/0 command will display the configured hello
and dead timer intervals on a point-to-point serial WAN link between two
OSPFv2 routers. The show ipv6 ospf interface serial 0/0/0 command will display
the configured hello and dead timer intervals on a point-to-point serial link
between two OSPFv3 routers. The show ip ospf interface fastethernet 0/1
command will display the configured hello and dead timer intervals on a
multiaccess link between two (or more) OSPFv2 routers. The show ip ospf
neighbor command will display the dead interval elapsed time since the last hello
message was received, but does not show the configured value of the timer.

46. An administrator is configuring single-area OSPF on a router. One of the

networks that must be advertised is 128.107.0.0 255.255.255.192. What wildcard
mask would the administrator use in the OSPF network statement?
 0.0.63.255
 0.0.0.63
 0.0.0.3
 0.0.0.7
47. Match each OSPF packet type to how it is used by a router. (Not all options are
used.)
47. Which step in the link-state routing process is described by a router building a
link-state database based on received LSAs?
 selecting the router ID
 declaring a neighbor to be inaccessible
 executing the SPF algorithm
 building the topology table
48. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 192.168.181.0 255.255.254.0. What wildcard
mask would the administrator use in the OSPF network statement?
 .0.63.255
 0.0.15.255
 0.0.1.255
 0.0.31.255
49. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 198.19.0.0 255.255.252.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.63.255
 0.0.3.255
 0.0.31.255
 0.0.0.255
50. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 128.107.0.0 255.255.252.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.3.255
 0.0.0.7
 0.0.0.3
 0.0.63.255
51. Which step in the link-state routing process is described by a router flooding
link-state and cost information about each directly connected link?
 building the topology table
 selecting the router ID
 exchanging link-state advertisements
 injecting the default route
52. Which step in the link-state routing process is described by a router sending
Hello packets out all of the OSPF-enabled interfaces?
 electing the designated router
 establishing neighbor adjacencies
 injecting the default route
 exchanging link-state advertisements
53. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 64.100.0.0 255.255.255.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.0.31
  0.0.0.255
 0.0.0.63
 0.0.0.127
54. Which step in the link-state routing process is described by a router inserting
best paths into the routing table?
 declaring a neighbor to be inaccessible
 executing the SPF algorithm
 load balancing equal-cost paths
 choosing the best route
55. What type of address is 64.101.198.197?
 public
 private

CCNA 3 v7 Modules 3 – 5: Network Security Exam

Answers
Dec 22, 2019 Last Updated: Dec 20, 2022 CCNA v7 Course #3 65 Comments
Share TweetSharePin it

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

Enterprise Networking, Security, and Automation ( Version

7.00) – Modules 3 – 5: Network Security Exam
1. The IT department is reporting that a company web server is receiving an
abnormally high number of web page requests from different locations
simultaneously. Which type of security attack is occurring?
 adware
 DDoS
 phishing
 social engineering
 spyware
2. What causes a buffer overflow?
 launching a security countermeasure to mitigate a Trojan horse
 downloading and installing too many software updates at one time
 attempting to write more data to a memory location than that location can hold
  sending too much information to two or more interfaces of the same device,
thereby causing dropped packets
 sending repeated connections such as Telnet to a particular device, thus
denying other data sources
3. Which objective of secure communications is achieved by encrypting data?
 authentication
 availability
 confidentiality
 integrity
Explanation: When data is encrypted, it is scrambled to keep the data private and
confidential so that only authorized recipients can read the message. A hash
function is another way of providing confidentiality.
4. What type of malware has the primary objective of spreading across the
network?
 worm
 virus
 Trojan horse
 botnet
5. What commonly motivates cybercriminals to attack networks as compared to
hactivists or state-sponsored hackers?
 financial gain
 fame seeking
 status among peers
 political reasons
Explanation: Cybercriminals are commonly motivated by money. Hackers are
known to hack for status. Cyberterrorists are motivated to commit cybercrimes for
religious or political reasons.
6. Which type of hacker is motivated to protest against political and social issues?
 hacktivist
 cybercriminal
 script kiddie
 vulnerability broker
Explanation: Hackers are categorized by motivating factors. Hacktivists are
motivated by protesting political and social issues.
7. What is a ping sweep?
 a query and response protocol that identifies information about a domain,
including the addresses that are assigned to that domain.
 a scanning technique that examines a range of TCP or UDP port numbers on
a host to detect listening services.
 a software application that enables the capture of all network packets that
are sent across a LAN.
  a network scanning technique that indicates the live hosts in a range of IP
addresses.
Explanation: A ping sweep is a tool that is used during a reconnaissance attack.
Other tools that might be used during this type of attack include a ping sweep,
port scan, or Internet information query. A reconnaissance attack is used to
gather information about a particular network, usually in preparation for another
type of network attack.
8. In what type of attack is a cybercriminal attempting to prevent legitimate users
from accessing network services?
 address spoofing
 MITM
 session hijacking
 DoS
Explanation: In a DoS or denial-of-service attack, the goal of the attacker is to
prevent legitimate users from accessing network services.
9. Which requirement of secure communications is ensured by the implementation
of MD5 or SHA hash generating algorithms?
 nonrepudiation
 authentication
 integrity
 confidentiality
Explanation: Integrity is ensured by implementing either MD5 or SHA hash
generating algorithms. Many modern networks ensure authentication with
protocols, such as HMAC. Data confidentiality is ensured through symmetric
encryption algorithms, including DES, 3DES, and AES. Data confidentiality can
also be ensured using asymmetric algorithms, including RSA and PKI.
10. If an asymmetric algorithm uses a public key to encrypt data, what is used to
decrypt it?
 a digital certificate
 a different public key
 a private key
 DH
Explanation: When an asymmetric algorithm is used, public and private keys are
used for the encryption. Either key can be used for encryption, but the
complementary matched key must be used for the decryption. For example if the
public key is used for encryption, then the private key must be used for the
decryption.
11. Refer to the exhibit. Which two ACLs would permit only the two LAN networks
attached to R1 to access the network that connects to R2 G0/1 interface? (Choose
two.)
  access-list 1 permit 192.168.10.0 0.0.0.127
 access-list 2 permit host 192.168.10.9
access-list 2 permit host 192.168.10.69
 access-list 5 permit 192.168.10.0 0.0.0.63
access-list 5 permit 192.168.10.64 0.0.0.63
 access-list 3 permit 192.168.10.128 0.0.0.63
 access-list 4 permit 192.168.10.0 0.0.0.255
Explanation: The permit 192.168.10.0 0.0.0.127 command ignores bit positions 1
through 7, which means that addresses 192.168.10.0 through 192.168.10.127
are allowed through. The two ACEs of permit 192.168.10.0 0.0.0.63 and permit
192.168.10.64 0.0.0.63 allow the same address range through the router.
12. Which two packet filters could a network administrator use on an IPv4 extended
ACL? (Choose two.)
 destination UDP port number
 computer type
 destination MAC address
 ICMP message type
 source TCP hello address
Explanation: Extended access lists commonly filter on source and destination
IPv4 addresses and TCP or UDP port numbers. Additional filtering can be
provided for protocol types.
13. What type of ACL offers greater flexibility and control over network access?
 numbered standard
 named standard
 extended
 flexible
Explanation: The two types of ACLs are standard and extended. Both types can
be named or numbered, but extended ACLs offer greater flexibility.
14. What is the quickest way to remove a single ACE from a named ACL?
 Use the no keyword and the sequence number of the ACE to be removed.
 Copy the ACL into a text editor, remove the ACE, then copy the ACL back
into the router.
 Create a new ACL with a different number and apply the new ACL to the
router interface.
 Use the no access-list command to remove the entire ACL, then recreate it
without the ACE.
Explanation: Named ACL ACEs can be removed using the no command followed
by the sequence number.
15. Refer to the exhibit. A network administrator is configuring a standard IPv4
ACL. What is the effect after the command no access-list 10 is entered?

 ACL 10 is removed from both the running configuration and the interface
Fa0/1.
 ACL 10 is removed from the running configuration.
 ACL 10 is disabled on Fa0/1.
 ACL 10 will be disabled and removed after R1 restarts.
Explanation: The R1(config)# no access-list <access-list number> command
removes the ACL from the running-config immediately. However, to disable an
ACL on an interface, the command R1(config-if)# no ip access-group should be
entered.
16. Refer to the exhibit. A network administrator has configured ACL 9 as shown.
Users on the 172.31.1.0 /24 network cannot forward traffic through router
CiscoVille. What is the most likely cause of the traffic failure?
  The established keyword is not specified.
 The sequence of the ACEs is incorrect.
 The port number for the traffic has not been identified with the eq keyword.
 The permit statement specifies an incorrect wildcard mask.
Explanation: When verifying an ACL, the statements are always listed in a
sequential order. Even though there is an explicit permit for the traffic that is
sourced from network 172.31.1.0 /24, it is being denied due to the previously
implemented ACE of CiscoVille(config)# access-list 9 deny 172.31.0.0 0.0.255.255.
The sequence of the ACEs must be modified to permit the specific traffic that is
sourced from network 172.31.1.0 /24 and then to deny 172.31.0.0 /16.
17. A network administrator needs to configure a standard ACL so that only the
workstation of the administrator with the IP address 192.168.15.23 can access the
virtual terminal of the main router. Which two configuration commands can
achieve the task? (Choose two.)
 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
 Router1(config)# access-list 10 permit host 192.168.15.23
 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
Explanation: To permit or deny one specific IP address, either the wildcard
mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used
before the IP address) can be used.
18. Refer to the exhibit. Which command would be used in a standard ACL to allow
only devices on the network attached to R2 G0/0 interface to access the networks
attached to R1?
  access-list 1 permit 192.168.10.128 0.0.0.63
 access-list 1 permit 192.168.10.0 0.0.0.255
 access-list 1 permit 192.168.10.96 0.0.0.31
 access-list 1 permit 192.168.10.0 0.0.0.63
Explanation: Standard access lists only filter on the source IP address. In the
design, the packets would be coming from the 192.168.10.96/27 network (the R2
G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31.
19. A network administrator is writing a standard ACL that will deny any traffic
from the 172.16.0.0/16 network, but permit all other traffic. Which two commands
should be used? (Choose two.)
 Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
 Router(config)# access-list 95 permit any
 Router(config)# access-list 95 host 172.16.0.0
 Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
 Router(config)# access-list 95 172.16.0.0 255.255.255.255
 Router(config)# access-list 95 deny any
Explanation: To deny traffic from the 172.16.0.0/16 network, the access-list 95
deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic,
the access-list 95 permit any statement is added.
20. Refer to the exhibit. An ACL was configured on R1 with the intention of denying
traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into
subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied
outbound on interface Fa0/0. Which conclusion can be drawn from this
configuration?
  The ACL should be applied outbound on all interfaces of R1.
 The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound
to accomplish the requirements.
 All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.
 Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is
allowed.
 An extended ACL must be used in this situation.
Explanation: Because of the implicit deny at the end of all ACLs, the access-list 1
permit any command must be included to ensure that only traffic from the
172.16.4.0/24 subnet is blocked and that all other traffic is allowed.
21. Refer to the exhibit. A network administrator needs to add an ACE to the
TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20.
Which ACE will meet this requirement?

 30 deny 172.23.16.0 0.0.15.255

 15 deny 172.23.16.0 0.0.15.255
 5 deny 172.23.16.0 0.0.15.255
 5 deny 172.23.16.0 0.0.255.255
Explanation: The only filtering criteria specified for a standard access list is the
source IPv4 address. The wild card mask is written to identify what parts of the
address to match, with a 0 bit, and what parts of the address should be ignored,
which a 1 bit. The router will parse the ACE entries from lowest sequence
number to highest. If an ACE must be added to an existing access list, the
sequence number should be specified so that the ACE is in the correct place
during the ACL evaluation process.
22. Refer to the exhibit. A network administrator configures an ACL on the router.
Which statement describes the result of the configuration?

 An SSH connection is allowed from a workstation with IP 172.16.45.16 to a

device with IP 192.168.25.18.
 An SSH connection is allowed from a workstation with IP 192.168.25.18 to a
device with IP 172.16.45.16.
 A Telnet connection is allowed from a workstation with IP 192.168.25.18 to a
device with IP 172.16.45.16.
 A Telnet connection is allowed from a workstation with IP 172.16.45.16 to a
device with IP 192.168.25.18.
Explanation: In an extended ACL, the first address is the source IP address and
the second one is the destination IP address. TCP port number 22 is a well-
known port number reserved for SSH connections. Telnet connections use TCP
port number 23.
23. Refer to the exhibit. What can be determined from this output?

 The ACL is missing the deny ip any any ACE.

 The ACL is only monitoring traffic destined for 10.23.77.101 from three
specific hosts.
 Because there are no matches for line 10, the ACL is not working.
 The router has not had any Telnet packets from 10.35.80.22 that are destined
for 10.23.77.101.
Explanation: ACL entry 10 in MyACL matches any Telnet packets between host
10.35.80.22 and 10.23.77.101. No matches have occurred on this ACE as
evidenced by the lack of a “(xxx matches)” ACE. The deny ip any any ACE is not
required because there is an implicit deny ACE added to every access control
list. When no matches exist for an ACL, it only means that no traffic has matched
the conditions that exist for that particular line. The ACL is monitoring traffic that
matches three specific hosts going to very specific destination devices. All other
traffic is not permitted by the implicit deny ip any any ACE.
24. Refer to the exhibit. A network administrator wants to permit only host
192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three
commands will achieve this using best ACL placement practices? (Choose three.)

 R2(config)# interface fastethernet 0/1

 R2(config-if)# ip access-group 101 out
 R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0
255.255.255.0
 R2(config-if)# ip access-group 101 in
 R2(config)# access-list 101 permit ip any any
 R2(config)# interface fastethernet 0/0
 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1
Explanation: An extended ACL is placed as close to the source of the traffic as
possible. In this case.it is placed in an inbound direction on interface fa0/0 on R2
for traffic entering the router from host with the IP address192.168.1.1 bound for
the server with the IP address192.168.2.1.
25. Consider the following access list.
access-list 100 permit ip host 192.168.10.1 any
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo
access-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router Gigabit
Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)
 Only Layer 3 connections are allowed to be made from the router to any
other network device.
  Devices on the 192.168.10.0/24 network are not allowed to reply to any ping
requests.
 Devices on the 192.168.10.0/24 network can sucessfully ping devices on the
192.168.11.0 network.
 A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the
router with this access list assigned.
 Devices on the 192.168.10.0/24 network are allowed to reply to any ping
requests.
 Only the network device assigned the IP address 192.168.10.1 is allowed to
access the router.
Explanation: The first ACE allows the 192.168.10.1 device to do any TCP/IP-
based transactions with any other destination. The second ACE stops devices on
the 192.168.10.0/24 network from issuing any pings to any other location.
Everything else is permitted by the third ACE. Therefore, a Telnet/SSH session
or ping reply is allowed from a device on the 192.168.10.0/24 network.
26. Refer to the exhibit. The named ACL “Managers” already exists on the router.
What will happen when the network administrator issues the commands that are
shown in the exhibit?

 The commands are added at the end of the existing Managers ACL.
 The commands overwrite the existing Managers ACL.
 The commands are added at the beginning of the existing Managers ACL.
 The network administrator receives an error that states that the ACL already
exists.
27. In which TCP attack is the cybercriminal attempting to overwhelm a target host
with half-open TCP connections?
 port scan attack
 SYN flood attack
 session hijacking attack
 reset attack
Explanation: In a TCP SYN flood attack, the attacker sends to the target host a
continuous flood of TCP SYN session requests with a spoofed source IP
address. The target host responds with a TCP-SYN-ACK to each of the SYN
session requests and waits for a TCP ACK that will never arrive. Eventually the
target is overwhelmed with half-open TCP connections.
28. Which protocol is attacked when a cybercriminal provides an invalid gateway in
order to create a man-in-the-middle attack?
 DHCP
  DNS
 ICMP
 HTTP or HTTPS
Explanation: A cybercriminal could set up a rogue DHCP server that provides
one or more of the following:
 Wrong default gateway that is used to create a man-in-the-middle attack and
allow the attacker to intercept data
 Wrong DNS server that results in the user being sent to a malicious website
 Invalid default gateway IP address that results in a denial of service attack on
the DHCP client
29. Refer to the exhibit. An administrator has configured a standard ACL on R1
and applied it to interface serial 0/0/0 in the outbound direction. What happens to
traffic leaving interface serial 0/0/0 that does not match the configured ACL
statements?

 The traffic is dropped.

 The source IP address is checked and, if a match is not found, traffic is
routed out interface serial 0/0/1.
 The resulting action is determined by the destination IP address.
 The resulting action is determined by the destination IP address and port
number.
Explanation: Any traffic that does not match one of the statements in an ACL has
the implicit deny applied to it, which means the traffic is dropped.
30. Refer to the exhibit. The Gigabit interfaces on both routers have been
configured with subinterface numbers that match the VLAN numbers connected to
them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs
on VLAN 20 should print to the printers on VLAN 22. What interface and in what
direction should you place a standard ACL that allows printing to P1 from data
VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.)
  inbound
 R2 S0/0/1
 R1 Gi0/1.12
 outbound
 R1 S0/0/0
 R2 Gi0/1.20
Explanation: A standard access list is commonly placed as close to the
destination network as possible because access control expressions in a
standard ACL do not include information about the destination network.
The destination in this example is printer VLAN 12 which has router R1 Gigabit
subinterface 0/1/.12 as its gateway. A sample standard ACL that only allows
printing from data VLAN 10 (192.168.10.0/24), for example, and no other VLAN
would be as follows:

R1(config)# access-list 1 permit 192.168.10.0 0.0.0.255

R1(config)# access-list 1 deny any

R1(config)# interface gigabitethernet 0/1.12

R1(config-if)# ip access-group 1 out

31. Which statement describes a characteristic of standard IPv4 ACLs?

 They are configured in the interface configuration mode.
 They can be configured to filter traffic based on both source IP addresses
and source ports.
 They can be created with a number but not with a name.
  They filter traffic based on source IP addresses only.
Explanation: A standard IPv4 ACL can filter traffic based on source IP addresses
only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports.
However, both standard and extended ACLs can be identified with either a
number or a name, and both are configured in global configuration mode.
32. What is considered a best practice when configuring ACLs on vty lines?
 Place identical restrictions on all vty lines.
 Remove the vty password since the ACL restricts access to trusted users.
 Apply the ip access-group command inbound.
 Use only extended access lists.

33.
Refer to the exhibit. An administrator first configured an extended ACL as shown
by the output of the show access-lists command. The administrator then edited this
access-list by issuing the commands below.

Router(config)# ip access-list extended 101

Router(config-ext-nacl)# no 20

Router(config-ext-nacl)# 5 permit tcp any any eq 22

Router(config-ext-nacl)# 20 deny udp any any

Which two conclusions can be drawn from this new configuration? (Choose two.)
 TFTP packets will be permitted.
 Ping packets will be permitted.
 Telnet packets will be permitted.
 SSH packets will be permitted.
 All TCP and UDP packets will be denied.
Explanation: After the editing, the final configuration is as follows:
Router# show access-lists
Extended IP access list 101
5 permit tcp any any eq ssh
10 deny tcp any any
20 deny udp any any
30 permit icmp any any
So, only SSH packets and ICMP packets will be permitted.
34. Which set of access control entries would allow all users on the 192.168.10.0/24
network to access a web server that is located at 172.17.80.1, but would not allow
them to use Telnet?
 access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80
 access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
 access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
Explanation: For an extended ACL to meet these requirements the following
need to be included in the access control entries:
 identification number in the range 100-199 or 2000-2699
 permit or deny parameter
 protocol
 source address and wildcard
 destination address and wildcard
 port number or name

35. What is the term used to describe a mechanism that takes advantage of a
vulnerability?
 mitigation
 exploit
 vulnerability
 threat
36. Refer to the exhibit. The network administrator has an IP address of
192.168.11.10 and needs access to manage R1. What is the best ACL type and
placement to use in this situation?
  extended ACL outbound on R2 WAN interface towards the internet
 standard ACL inbound on R1 vty lines
 extended ACLs inbound on R1 G0/0 and G0/1
 extended ACL outbound on R2 S0/0/1
Explanation: Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
37. A technician is tasked with using ACLs to secure a router. When would the
technician use the any configuration option or command?
 to add a text entry for documentation purposes
 to generate and send an informational message whenever the ACE is
matched
 to identify any IP address
  to identify one specific IP address
38. Which statement accurately characterizes the evolution of threats to network
security?
 Internet architects planned for network security from the beginning.
 Early Internet users often engaged in activities that would harm other users.
 Internal threats can cause even greater damage than external threats.
 Threats have become less sophisticated while the technical knowledge
needed by an attacker has grown.
Explanation: Internal threats can be intentional or accidental and cause greater
damage than external threats because the internal user has direct access to the
internal corporate network and corporate data.
39. A user receives a phone call from a person who claims to represent IT services
and then asks that user for confirmation of username and password for auditing
purposes. Which security threat does this phone call represent?
 spam
 social engineering
 DDoS
 anonymous keylogging
Explanation: Social engineering attempts to gain the confidence of an employee
and convince that person to divulge confidential and sensitive information, such
as usernames and passwords. DDoS attacks, spam, and keylogging are all
examples of software based security threats, not social engineering.
40. In what way are zombies used in security attacks?
 They target specific individuals to gain corporate or personal information.
 They probe a group of machines for open ports to learn which services are
running.
 They are maliciously formed code segments used to replace legitimate
applications.
 They are infected machines that carry out a DDoS attack.
Explanation: Zombies are infected computers that make up a botnet. The
zombies are used to deploy a distributed denial of service (DDoS) attack.
41. Which attack involves threat actors positioning themselves between a source and
destination with the intent of transparently monitoring, capturing, and controlling
the communication?
 man-in-the-middle attack
 SYN flood attack
 DoS attack
 ICMP attack
Explanation: The man-in-the-middle attack is a common IP-related attack where
threat actors position themselves between a source and destination to
transparently monitor, capture, and control the communication.
42. Which two keywords can be used in an access control list to replace a wildcard
mask or address and wildcard mask pair? (Choose two.)
 host
 most
 gt
 some
 any
 all
Explanation: The host keyword is used when using a specific device IP address
in an ACL. For example, the deny host 192.168.5.5 command is the same is
the deny 192.168.5.5 0.0.0.0 command. The any keyword is used to allow any
mask through that meets the criteria. For example, the permit any command is
the same as permit 0.0.0.0 255.255.255.255 command.
43. Which statement describes a difference between the operation of inbound and
outbound ACLs?
 Inbound ACLs are processed before the packets are routed while outbound
ACLs are processed after the routing is completed.
 In contrast to outbound ALCs, inbound ACLs can be used to filter packets
with multiple criteria.
 On a network interface, more than one inbound ACL can be configured but
only one outbound ACL can be configured.
 Inbound ACLs can be used in both routers and switches but outbound ACLs
can be used only on routers.
Explanation: With an inbound ACL, incoming packets are processed before they
are routed. With an outbound ACL, packets are first routed to the outbound
interface, then they are processed. Thus processing inbound is more efficient
from the router perspective. The structure, filtering methods, and limitations (on
an interface, only one inbound and one outbound ACL can be configured) are the
same for both types of ACLs.
44. What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255
any eq www command have when implemented inbound on the f0/0 interface?
 All TCP traffic is permitted, and all other traffic is denied.
 Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80
destinations.
 All traffic from 172.16.4.0/24 is permitted anywhere on any port.
 The command is rejected by the router because it is incomplete.
45. Which ACE will permit a packet that originates from any network and is
destined for a web server at 192.168.1.1?
 access-list 101 permit tcp any host 192.168.1.1 eq 80
 access-list 101 permit tcp host 192.168.1.1 eq 80 any
 access-list 101 permit tcp host 192.168.1.1 any eq 80
  access-list 101 permit tcp any eq 80 host 192.168.1.1
46. Refer to the exhibit. A new network policy requires an ACL denying FTP and
Telnet access to a Corp file server from all interns. The address of the file server is
172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network.
After implementing the ACL, no one in the Corp network can access any of the
servers. What is the problem?

CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers 46

 Inbound ACLs must be routed before they are processed.
 The ACL is implicitly denying access to all the servers.
 Named ACLs require the use of port numbers.
 The ACL is applied to the interface using the wrong direction.
Explanation: Both named and numbered ACLs have an implicit deny ACE at the
end of the list. This implicit deny blocks all traffic.
47. A technician is tasked with using ACLs to secure a router. When would the
technician use the access-class 20 in configuration option or command?
 to secure administrative access to the router
 to remove an ACL from an interface
 to remove a configured ACL
 to apply a standard ACL to an interface
48. What is the term used to describe the same pre-shared key or secret key, known
by both the sender and receiver to encrypt and decrypt data?
 symmetric encryption algorithm
 data integrity
 exploit
 risk
49. Refer to the exhibit. Internet privileges for an employee have been revoked
because of abuse but the employee still needs access to company resources. What is
the best ACL type and placement to use in this situation?
 CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers 49
 standard ACL inbound on R2 WAN interface connecting to the internet
 standard ACL outbound on R2 WAN interface towards the internet
 standard ACL inbound on R1 G0/0
 standard ACL outbound on R1 G0/0
Explanation: – Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
– Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
50. Refer to the exhibit. The student on the H1 computer continues to launch an
extended ping with expanded packets at the student on the H2 computer. The school
network administrator wants to stop this behavior, but still allow both students
access to web-based computer assignments. What would be the best plan for the
network administrator?
 CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers 42
 Apply an inbound standard ACL on R1 Gi0/0.
 Apply an inbound extended ACL on R2 Gi0/1.
 Apply an outbound extended ACL on R1 S0/0/1.
 Apply an inbound extended ACL on R1 Gi0/0.
 Apply an outbound standard ACL on R2 S0/0/1.
Explanation: This access list must be an extended ACL in order to filter on
specific source and destination host addresses. Commonly, the best place for an
extended ACL is closest to the source, which is H1. Traffic from H1 travels into
the switch, then out of the switch into the R1 Gi0/0 interface. This Gi0/0 interface
would be the best location for this type of extended ACL. The ACL would be
applied on the inbound interface since the packets from H1 would be coming into
the R1 router.
51. A technician is tasked with using ACLs to secure a router. When would the
technician use the ‘ip access-group 101 in’ configuration option or command?
 to apply an extended ACL to an interface
 to secure management traffic into the router
 to secure administrative access to the router
 to display all restricted traffic
52. In which type of attack is falsified information used to redirect users to
malicious Internet sites?
 DNS amplification and reflection
 ARP cache poisoning
 DNS cache poisoning
  domain generation
Explanation: In a DNS cache poisoning attack, falsified information is used to
redirect users from legitimate to malicious internet sites.
53. What is a feature of an IPS?
 It can stop malicious packets.
 It is deployed in offline mode.
 It has no impact on latency.
 It is primarily focused on identifying possible incidents.
Explanation: An advantage of an intrusion prevention systems (IPS) is that it can
identify and stop malicious packets. However, because an IPS is deployed inline,
it can add latency to the network.
54. What is the term used to describe a potential danger to a company’s assets, data,
or network functionality?
 vulnerability
 threat
 asset
 exploit
Explanation: A threat is a potential danger to a company’s assets, data, or
network functionality. An exploit is a mechanism that takes advantage of a
vulnerability. A vulnerability is a weakness in a system, or its design, that could
be exploited by a threat.
55. Refer to the exhibit. Network 192.168.30.0/24 contains all of the company
servers. Policy dictates that traffic from the servers to both networks 192.168.10.0
and 192.168.11.0 be limited to replies for original requests. What is the best ACL
type and placement to use in this situation?

 extended ACL inbound on R3 G0/0

 extended ACL inbound on R1 G0/0
 standard ACL inbound on R1 G0/1
 standard ACL inbound on R1 vty lines
Explanation: Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
56. What does the CLI prompt change to after entering the command ip access-list
standard aaa from global configuration mode?
 Router(config-line)#
 Router(config-std-nacl)#
 Router(config)#
 Router(config-router)#
  Router(config-if)#
57. Refer to the exhibit. Many employees are wasting company time accessing social
media on their work computers. The company wants to stop this access. What is the
best ACL type and placement to use in this situation?

 extended ACL outbound on R2 WAN interface towards the internet

 standard ACL outbound on R2 WAN interface towards the internet
 standard ACL outbound on R2 S0/0/0
 extended ACLs inbound on R1 G0/0 and G0/1
58. A technician is tasked with using ACLs to secure a router. When would the
technician use the 40 deny host 192.168.23.8 configuration option or command?
 to remove all ACLs from the router
 to create an entry in a numbered ACL
 to apply an ACL to all router interfaces
 to secure administrative access to the router
59. What is the best description of Trojan horse malware?
 It is malware that can only be distributed over the Internet.
 It appears as useful software but hides malicious code.
 It is software that causes annoying but not fatal computer problems.
 It is the most easily detected form of malware.
60. What wild card mask will match networks 172.16.0.0 through 172.19.0.0?
 0.0.3.255
  0.252.255.255
 0.3.255.255
 0.0.255.255
Explanation: The subnets 172.16.0.0 through 172.19.0.0 all share the same 14
high level bits. A wildcard mask in binary that matches 14 high order bits is
00000000.00000011.11111111.11111111. In dotted decimal this wild card mask
is 0.3.255.255.
60. What is the term used to describe gray hat hackers who publicly protest
organizations or governments by posting articles, videos, leaking sensitive
information, and performing network attacks?
 white hat hackers
 grey hat hackers
 hacktivists
 state-sponsored hacker
61. Refer to the exhibit. The company has provided IP phones to employees on the
192.168.10.0/24 network and the voice traffic will need priority over data traffic.
What is the best ACL type and placement to use in this situation?

 extended ACL inbound on R1 G0/0

 extended ACL outbound on R2 WAN interface towards the internet
 extended ACL outbound on R2 S0/0/1
  extended ACLs inbound on R1 G0/0 and G0/1
Explanation: Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
62. A technician is tasked with using ACLs to secure a router. When would the
technician use the no ip access-list 101 configuration option or command?
 to apply an ACL to all router interfaces
 to secure administrative access to the router
 to remove all ACLs from the router
 to remove a configured ACL
63. What is the term used to describe unethical criminals who compromise
computer and network security for personal gain, or for malicious reasons?
 hacktivists
 vulnerability broker
 black hat hackers
 script kiddies
Explanation: Black hat hackers are unethical threat actors who use their skills to
compromise computer and network security vulnerabilities. The goal is usually
financial gain or personal gain, or the hacker may have malicious intent. A
vulnerability broker is a gray hat hacker who attempts to discover exploits and
report them to vendors, sometimes for prizes or rewards. Hacktivists are gray hat
hackers who publicly protest organizations or governments by posting articles or
videos, leaking sensitive information, and performing network attacks. Script
kiddies are inexperienced hackers (sometimes teenagers) running existing
scripts, tools, and exploits to cause harm—but typically not for profit.
64. What is the term used to describe a guarantee that the message is not a forgery
and does actually come from whom it states?
 origin authentication
 mitigation
 exploit
 data non-repudiation
65. A technician is tasked with using ACLs to secure a router. When would the
technician use the ip access-group 101 in configuration option or command?
 to secure administrative access to the router
 to apply an extended ACL to an interface
  to display all restricted traffic
 to secure management traffic into the router
66. A technician is tasked with using ACLs to secure a router. When would the
technician use the remark configuration option or command?
 to generate and send an informational message whenever the ACE is
matched
 to add a text entry for documentation purposes
 to identify one specific IP address
 to restrict specific traffic access through an interface
67. Refer to the exhibit. The company CEO demands that one ACL be created to
permit email traffic to the internet and deny FTP access. What is the best ACL type
and placement to use in this situation?

 extended ACL outbound on R2 WAN interface towards the internet

 standard ACL outbound on R2 S0/0/0
 extended ACL inbound on R2 S0/0/0
 standard ACL inbound on R2 WAN interface connecting to the internet
68. A technician is tasked with using ACLs to secure a router. When would the
technician use the established configuration option or command?
 to add a text entry for documentation purposes
 to display all restricted traffic
 to allow specified traffic through an interface
 to allow returning reply traffic to enter the internal network
69. A technician is tasked with using ACLs to secure a router. When would the
technician use the deny configuration option or command?
 to identify one specific IP address
 to display all restricted traffic
 to restrict specific traffic access through an interface
 to generate and send an informational message whenever the ACE is
matched
70. Refer to the exhibit. Only authorized remote users are allowed remote access to
the company server 192.168.30.10. What is the best ACL type and placement to use
in this situation?

 extended ACLs inbound on R1 G0/0 and G0/1

 extended ACL outbound on R2 WAN interface towards the internet
 extended ACL inbound on R2 S0/0/0
 extended ACL inbound on R2 WAN interface connected to the internet
71. Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive
information and are not allowed access off their network. What is the best ACL type
and placement to use in this situation?

 standard ACL inbound on R1 vty lines

 extended ACL inbound on R1 G0/0
 standard ACL inbound on R1 G0/1
 extended ACL inbound on R3 S0/0/1
72. A technician is tasked with using ACLs to secure a router. When would the
technician use the host configuration option or command?
 to add a text entry for documentation purposes
 to generate and send an informational message whenever the ACE is
matched
 to identify any IP address
 to identify one specific IP address
73. What commonly motivates cybercriminals to attack networks as compared to
hacktivists or state-sponsored hackers?
 financial gain
 political reasons
 fame seeking
 status among peers
Explanation: Cybercriminals are commonly motivated by money. Hackers are
known to hack for status. Cyberterrorists are motivated to commit cybercrimes for
religious or political reasons.

CCNA 3 v7 Modules 6 – 8: WAN Concepts Exam

Answers
Dec 22, 2019 Last Updated: Dec 20, 2022 CCNA v7 Course #3 53 Comments
Share TweetSharePin it

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

Enterprise Networking, Security, and Automation ( Version

7.00) – Modules 6 – 8: WAN Concepts Exam
1. Which two statements accurately describe an advantage or a disadvantage when
deploying NAT for IPv4 in a network? (Choose two.)
 NAT improves packet handling.
 NAT adds authentication capability to IPv4.
 NAT will impact negatively on switch performance.
 NAT causes routing tables to include more information.
 NAT provides a solution to slow down the IPv4 address depletion.
 NAT introduces problems for some applications that require end-to-end
connectivity.
Explanation: Network Address Translation (NAT) is a technology that is
implemented within IPv4 networks. One application of NAT is to use private IP
addresses inside a network and use NAT to share a few public IP addresses for
many internal hosts. In this way it provides a solution to slow down the IPv4
address depletion. However, since NAT hides the actual IP addresses that are
used by end devices, it may cause problems for some applications that require
end-to-end connectivity.
2. A network administrator wants to examine the active NAT translations on a
border router. Which command would perform the task?
 Router# show ip nat translations
 Router# show ip nat statistics
  Router# clear ip nat translations
 Router# debug ip nat translations
3. What are two tasks to perform when configuring static NAT? (Choose two.)
 Configure a NAT pool.
 Create a mapping between the inside local and outside local addresses.
 Identify the participating interfaces as inside or outside interfaces.
 Define the inside global address on the server
 Define the outside global address.
Explanation: There is no server involved when using NAT. The outside global
address will change for each destination the inside host will try to reach. A NAT
pool is only configured for dynamic NAT implementations.
4. What is a disadvantage of NAT?
 There is no end-to-end addressing.
 The router does not need to alter the checksum of the IPv4 packets.
 The internal hosts have to use a single public IPv4 address for external
communication.
 The costs of readdressing hosts can be significant for a publicly addressed
network.
5. Refer to the exhibit. From the perspective of R1, the NAT router, which address
is the inside global address?

 192.168.0.10
 192.168.0.1
 209.165.200.225
 209.165.200.254
Explanation: There are four types of addresses in NAT terminology.
Inside local address
Inside global address
Outside local address
Outside global address
The inside global address of PC1 is the address that the ISP sees as the source
address of packets, which in this example is the IP address on the serial
interface of R1, 209.165.200.224.
6. Refer to the exhibit. Given the commands as shown, how many hosts on the
internal LAN off R1 can have simultaneous NAT translations on R1?

 244
 10
 1
 255
Explanation: The NAT configuration on R1 is static NAT which translates a single
inside IP address, 192.168.0.10 into a single public IP address, 209.165.200.255.
If more hosts need translation, then a NAT pool of inside global address or
overloading should be configured.
7. Refer to the exhibit. A network administrator has just configured address
translation and is verifying the configuration. What three things can the
administrator verify? (Choose three.)
  A standard access list numbered 1 was used as part of the configuration
process.
 Three addresses from the NAT pool are being used by hosts.
 Address translation is working.
 One port on the router is not participating in the address translation.
 The name of the NAT pool is refCount.
 Two types of NAT are enabled.
Explanation: The show ip nat statistics, show ip nat translations, and debug ip
nat commands are useful in determining if NAT is working and and also useful in
troubleshooting problems that are associated with NAT. NAT is working, as
shown by the hits and misses count. Because there are four misses, a problem
might be evident. The standard access list numbered 1 is being used and the
translation pool is named NAT as evidenced by the last line of the output. Both
static NAT and NAT overload are used as seen in the Total translations line.
8. Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a
request to the web server. What IPv4 address is the source IP address in the packet
between RT2 and the web server?
  192.168.1.5
 203.0.113.10
 172.16.1.254
 172.16.1.10
 209.165.200.245
 192.0.2.2
Explanation: Because the packet is between RT2 and the web server, the source
IP address is the inside global address of PC, 209.165.200.245.
9. Refer to the exhibit. Based on the output that is shown, what type of NAT has
been implemented?

 dynamic NAT with a pool of two public IP addresses

 PAT using an external interface
 static NAT with a NAT pool
 static NAT with one entry
Explanation: The output shows that there are two inside global addresses that
are the same but that have different port numbers. The only time port numbers
are displayed is when PAT is being used. The same output would be indicative of
PAT that uses an address pool. PAT with an address pool is appropriate when
more than 4,000 simultaneous translations are needed by the company.
10. Refer to the exhibit. From the perspective of users behind the NAT router, what
type of NAT address is 209.165.201.1?
  inside global
 outside global
 outside local
 inside local
Explanation: From the perspective of users behind NAT, inside global addresses
are used by external users to reach internal hosts. Inside local addresses are the
addresses assigned to internal hosts. Outside global addresses are the
addresses of destinations on the external network. Outside local addresses are
the actual private addresses of destination hosts behind other NAT devices.
11. Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the
web server on the internal network. What two addresses are needed in place of A
and B to complete the static NAT configuration? (Choose two.)
  A = 209.165.201.2
 A = 10.1.0.13
 B = 209.165.201.7
 B = 10.0.254.5
 B = 209.165.201.1
Explanation: Static NAT is a one-to-one mapping between an inside local
address and an inside global address. By using static NAT, external devices can
initiate connections to internal devices by using the inside global addresses. The
NAT devices will translate the inside global address to the inside local address of
the target host.
12. What is the purpose of the overload keyword in the ip nat inside source list 1
pool NAT_POOL overload command?
 It allows many inside hosts to share one or a few inside global addresses.
 It allows a list of internal hosts to communicate with a specific group of
external hosts.
 It allows external hosts to initiate sessions with internal hosts.
 It allows a pool of inside global addresses to be used by internal hosts.
Explanation: Dynamic NAT uses a pool of inside global addresses that are
assigned to outgoing sessions. If there are more internal hosts than public
addresses in the pool, then an administrator can enable port address translation
with the addition of the overload keyword. With port address translation, many
internal hosts can share a single inside global address because the NAT device
will track the individual sessions by Layer 4 port number.
13. Refer to the exhibit. Which source address is being used by router R1 for
packets being forwarded to the Internet?

 10.6.15.2
 209.165.202.141
 198.51.100.3
 209.165.200.225
Explanation: The source address for packets forwarded by the router to the
Internet will be the inside global address of 209.165.200.225. This is the address
that the internal addresses from the 10.6.15.0 network will be translated to by
NAT.
14. Refer to the exhibit. The NAT configuration applied to the router is as follows:

ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255

ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask

255.255.255.224

ERtr(config)# ip nat inside source list 1 pool corp overload

ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4

ERtr(config)# interface gigabitethernet 0/0

ERtr(config-if)# ip nat inside

ERtr(config-if)# interface serial 0/0/0

ERtr(config-if)# ip nat outside

Based on the configuration and the output shown, what can be determined about
the NAT status within the organization?
  Static NAT is working, but dynamic NAT is not.
 Dynamic NAT is working, but static NAT is not.
 Not enough information is given to determine if both static and dynamic NAT
are working.
 NAT is working.
Explanation: There is not enough information given because the router might not
be attached to the network yet, the interfaces might not have IP addresses
assigned yet, or the command could have been issued in the middle of the night.
The output does match the given configuration, so no typographical errors were
made when the NAT commands were entered.
15. Which situation describes data transmissions over a WAN connection?
 A network administrator in the office remotely accesses a web server that is
located in the data center at the edge of the campus.
 A manager sends an email to all employees in the department with offices
that are located in several buildings.
 An employee prints a file through a networked printer that is located in
another building.
 An employee shares a database file with a co-worker who is located in a branch
office on the other side of the city.
Explanation: When two offices across a city are communicating , it is most likely
that the data transmissions are over some type of WAN connection. Data
communications within a campus are typically over LAN connections.
16. Which two technologies are categorized as private WAN infrastructures?
(Choose two.)
 Frame Relay
 VPN
 MetroE
 DSL
  cable
Explanation: Private WAN technologies include leased lines, dialup, ISDN,
Frame Relay, ATM, Ethernet WAN (an example is MetroE), MPLS, and VSAT.
17. Which network scenario will require the use of a WAN?
 Employees need to connect to the corporate email server through a VPN while
traveling.
 Employees need to access web pages that are hosted on the corporate web
servers in the DMZ within their building.
 Employee workstations need to obtain dynamically assigned IP addresses.
 Employees in the branch office need to share files with the headquarters
office that is located in a separate building on the same campus network.
Explanation: When traveling employees need to connect to a corporate email
server through a WAN connection, the VPN will create a secure tunnel between
an employee laptop and the corporate network over the WAN connection.
Obtaining dynamic IP addresses through DHCP is a function of LAN
communication. Sharing files among separate buildings on a corporate campus
is accomplished through the LAN infrastructure. A DMZ is a protected network
inside the corporate LAN infrastructure.
18. What are two hashing algorithms used with IPsec AH to guarantee authenticity?
(Choose two.)
 SHA
 RSA
 DH
 MD5
 AES
Explanation: The IPsec framework uses various protocols and algorithms to
provide data confidentiality, data integrity, authentication, and secure key
exchange. Two popular algorithms used to ensure that data is not intercepted
and modified (data integrity and authenticity) are MD5 and SHA.
19. What two algorithms can be part of an IPsec policy to provide encryption and
hashing to protect interesting traffic? (Choose two.)
 SHA
 RSA
 AES
 DH
 PSK
Explanation: The IPsec framework uses various protocols and algorithms to
provide data confidentiality, data integrity, authentication, and secure key
exchange. Two algorithms that can be used within an IPsec policy to protect
interesting traffic are AES, which is an encryption protocol, and SHA, which is a
hashing algorithm.
20. Which VPN solution allows the use of a web browser to establish a secure,
remote-access VPN tunnel to the ASA?
 client-based SSL
 site-to-site using an ACL
 clientless SSL
 site-to-site using a preshared key
Explanation: When a web browser is used to securely access the corporate
network, the browser must use a secure version of HTTP to provide SSL
encryption. A VPN client is not required to be installed on the remote host, so a
clientless SSL connection is used.
21. Which IPsec security function provides assurance that the data received via a
VPN has not been modified in transit?
 integrity
 authentication
 confidentiality
 secure key exchange
Explanation: Integrity is a function of IPsec and ensures data arrives unchanged
at the destination through the use of a hash algorithm. Confidentiality is a
function of IPsec and utilizes encryption to protect data transfers with a key.
Authentication is a function of IPsec and provides specific access to users and
devices with valid authentication factors. Secure key exchange is a function of
IPsec and allows two peers to maintain their private key confidentiality while
sharing their public key.
22. Which two types of VPNs are examples of enterprise-managed remote access
VPNs? (Choose two.)
 clientless SSL VPN
 client-based IPsec VPN
 IPsec VPN
 IPsec Virtual Tunnel Interface VPN
 GRE over IPsec VPN
Explanation: Enterprise managed VPNs can be deployed in two configurations:
 Remote Access VPN – This VPN is created dynamically when required to
establish a secure connection between a client and a VPN server. Remote
access VPNs include client-based IPsec VPNs and clientless SSL VPNs.
 Site-to-site VPN – This VPN is created when interconnecting devices are
preconfigured with information to establish a secure tunnel. VPN traffic is
encrypted only between the interconnecting devices, and internal hosts have
no knowledge that a VPN is used. Site-to-site VPNs include IPsec, GRE over
IPsec, Cisco Dynamic Multipoint (DMVPN), and IPsec Virtual Tunnel
Interface (VTI) VPNs.
23. Which is a requirement of a site-to-site VPN?
  It requires hosts to use VPN client software to encapsulate traffic.
 It requires the placement of a VPN server at the edge of the company
network.
 It requires a VPN gateway at each end of the tunnel to encrypt and decrypt
traffic.
 It requires a client/server architecture.
Explanation: Site-to-site VPNs are static and are used to connect entire
networks. Hosts have no knowledge of the VPN and send TCP/IP traffic to VPN
gateways. The VPN gateway is responsible for encapsulating the traffic and
forwarding it through the VPN tunnel to a peer gateway at the other end which
decapsulates the traffic.
24. What is the function of the Diffie-Hellman algorithm within the IPsec
framework?
 guarantees message integrity
 allows peers to exchange shared keys
 provides authentication
 provides strong data encryption
Explanation: The IPsec framework uses various protocols and algorithms to
provide data confidentiality, data integrity, authentication, and secure key
exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a
public key exchange method that allows two IPsec peers to establish a shared
secret key over an insecure channel.
25. What does NAT overloading use to track multiple internal hosts that use one
inside global address?
 port numbers
 IP addresses
 autonomous system numbers
 MAC addresses
Explanation: NAT overloading, also known as Port Address Translation (PAT),
uses port numbers to differentiate between multiple internal hosts.
26. Question as presented:
Explanation: The inside local address is the private IP address of the source or
the PC in this instance. The inside global address is the translated address of the
source or the address as seen by the outside device. Since the PC is using the
outside address of the R1 router, the inside global address is 192.0.2.1. The
outside addressing is simply the address of the server or 203.0.113.5.
27. Refer to the exhibit. R1 is configured for static NAT. What IP address will
Internet hosts use to reach PC1?

 192.168.0.1
 192.168.0.10
 209.165.201.1
 209.165.200.225
Explanation: In static NAT a single inside local address, in this case
192.168.0.10, will be mapped to a single inside global address, in this case
209.165.200.225. Internet hosts will send packets to PC1 and use as a
destination address the inside global address 209.165.200.225.
28. Which type of VPN uses the public key infrastructure and digital certificates?
 SSL VPN
 GRE over IPsec
 IPsec virtual tunnel interface
 dynamic multipoint VPN
29. Which two WAN infrastructure services are examples of private connections?
(Choose two.)
 cable
 DSL
 Frame Relay
 T1/E1
 wireless
Explanation: Private WANs can use T1/E1, T3/E3, PSTN, ISDN, Metro Ethernet,
MPLS, Frame Relay, ATM, or VSAT technology.
30. Which two statements about the relationship between LANs and WANs are
true? (Choose two.)
 Both LANs and WANs connect end devices.
 WANs are typically operated through multiple ISPs, but LANs are typically
operated by single organizations or individuals.
 WANs must be publicly-owned, but LANs can be owned by either public or
private entities.
 WANs connect LANs at slower speed bandwidth than LANs connect their
internal end devices.
 LANs connect multiple WANs together.
Explanation: Although LANs and WANs can employ the same network media
and intermediary devices, they serve very different areas and purposes. The
administrative and geographical scope of a WAN is larger than that of a LAN.
Bandwidth speeds are slower on WANs because of their increased complexity.
The Internet is a network of networks, which can function under either public or
private management.
31. Which statement describes an important characteristic of a site-to-site VPN?
 It must be statically set up.
 It is ideally suited for use by mobile workers.
 It requires using a VPN client on the host PC.
 After the initial connection is established, it can dynamically change
connection information.
 It is commonly implemented over dialup and cable modem networks.
Explanation: A site-to-site VPN is created between the network devices of two
separate networks. The VPN is static and stays established. The internal hosts of
the two networks have no knowledge of the VPN.
32. How is “tunneling” accomplished in a VPN?
 New headers from one or more VPN protocols encapsulate the original packets.
 All packets between two hosts are assigned to a single physical medium to
ensure that the packets are kept private.
 Packets are disguised to look like other types of traffic so that they will be
ignored by potential attackers.
 A dedicated circuit is established between the source and destination
devices for the duration of the connection.
Explanation: Packets in a VPN are encapsulated with the headers from one or
more VPN protocols before being sent across the third party network. This is
referred to as “tunneling”. These outer headers can be used to route the packets,
authenticate the source, and prevent unauthorized users from reading the
contents of the packets.
33. Which statement describes a VPN?
 VPNs use open source virtualization software to create the tunnel through
the Internet.
 VPNs use logical connections to create public networks through the Internet.
 VPNs use dedicated physical connections to transfer data between remote
users.
 VPNs use virtual connections to create a private network through a public
network.
Explanation: A VPN is a private network that is created over a public network.
Instead of using dedicated physical connections, a VPN uses virtual connections
routed through a public network between two network devices.
34. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.
What problem is causing PC-A to be unable to communicate with the Internet?

 The ip nat inside source command refers to the wrong interface.

 The NAT interfaces are not correctly assigned.
 The static route should not reference the interface, but the outside address
instead.
 The access list used in the NAT process is referencing the wrong subnet.
 This router should be configured to use static NAT instead of PAT.
Explanation: The output of show ip nat statistics shows that the inside interface is
FastEthernet0/0 but that no interface has been designated as the outside
interface. This can be fixed by adding the command ip nat outside to interface
Serial0/0/0.
35. What type of address is 64.100.190.189?
 public
 private
36. Which type of VPN routes packets through virtual tunnel interfaces for
encryption and forwarding?
 MPLS VPN
 IPsec virtual tunnel interface
 dynamic multipoint VPN
 GRE over IPsec
37. Match the scenario to the WAN solution. (Not all options are used.)
38. Question as presented:

Refer to the exhibit. The PC is sending a packet to the Server on the remote
network. Router R1 is performing NAT overload. From the perspective of the PC,
match the NAT address type with the correct IP address. (Not all options are used.)

Explanation: The inside local address is the private IP address of the source or
the PC in this instance. The inside global address is the translated address of the
source or the address as seen by the outside device. Since the PC is using the
outside address of the R1 router, the inside global address is 192.0.2.1. The
outside addressing is simply the address of the server or 203.0.113.5.
39. Refer to the exhibit. What has to be done in order to complete the static NAT
configuration on R1?
  Interface Fa0/0 should be configured with the command no ip nat inside.
 Interface S0/0/0 should be configured with the command ip nat outside.
 R1 should be configured with the command ip nat inside source static
209.165.200.200 192.168.11.11.
 R1 should be configured with the command ip nat inside source static
209.165.200.1 192.168.11.11.
Explanation: In order for NAT translations to work properly, both an inside and
outside interface must be configured for NAT translation on the router.
40. In NAT terms, what address type refers to the globally routable IPv4 address of
a destination host on the Internet?
 outside global
 inside global
 outside local
 inside local
Explanation: From the perspective of a NAT device, inside global addresses are
used by external users to reach internal hosts. Inside local addresses are the
addresses assigned to internal hosts. Outside global addresses are the
addresses of destinations on the external network. Outside local addresses are
the actual private addresses of destination hosts behind other NAT devices.
41. Refer to the exhibit. Which two statements are correct based on the output as
shown in the exhibit? (Choose two.)
  The output is the result of the show ip nat translations command.
 The host with the address 209.165.200.235 will respond to requests by using a
source address of 192.168.10.10.
 The output is the result of the show ip nat statistics command.
 Traffic with the destination address of a public web server will be sourced
from the IP of 192.168.1.10.
 The host with the address 209.165.200.235 will respond to requests by using
a source address of 209.165.200.235.
Explanation: The output displayed in the exhibit is the result of the show ip nat
translations command. Static NAT entries are always present in the NAT table,
while dynamic entries will eventually time out.
42. Which circumstance would result in an enterprise deciding to implement a
corporate WAN?
 when the enterprise decides to secure its corporate LAN
 when its employees become distributed across many branch locations
 when the number of employees exceeds the capacity of the LAN
 when the network will span multiple buildings
Explanation: WANs cover a greater geographic area than LANs do, so having
employees distributed across many locations would require the implementation
of WAN technologies to connect those locations. Customers will access
corporate web services via a public WAN that is implemented by a service
provider, not by the enterprise itself. When employee numbers grow, the LAN
has to expand as well. A WAN is not required unless the employees are in
remote locations. LAN security is not related to the decision to implement a
WAN.
43. What is the function of the Hashed Message Authentication Code (HMAC)
algorithm in setting up an IPsec VPN?
 protects IPsec keys during session negotiation
 authenticates the IPsec peers
 creates a secure channel for key negotiation
 guarantees message integrity
Explanation: The IPsec framework uses various protocols and algorithms to
provide data confidentiality, data integrity, authentication, and secure key
exchange. The Hashed Message Authentication Code (HMAC) is a data integrity
algorithm that uses a hash value to guarantee the integrity of a message.
44. What algorithm is used with IPsec to provide data confidentiality?
 Diffie-Hellman
 SHA
 MD5
 RSA
 AES
Explanation: The IPsec framework uses various protocols and algorithms to
provide data confidentiality, data integrity, authentication, and secure key
exchange. Two popular algorithms that are used to ensure that data is not
intercepted and modified (data integrity) are MD5 and SHA. AES is an encryption
protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm
that is used for key exchange. RSA is an algorithm that is used for
authentication.
45. Which two technologies provide enterprise-managed VPN solutions? (Choose
two.)
 remote access VPN
 Frame Relay
 Layer 2 MPLS VPN
 site-to-site VPN
 Layer 3 MPLS VPN
Explanation: VPNs can be managed and deployed as either of two types:
 Enterprise VPNs – Enterprise-managed VPNs are a common solution for
securing enterprise traffic across the internet. Site-to-site and remote access
VPNs are examples of enterprise managed VPNs.
 Service Provider VPNs – Service provider managed VPNs are created and
managed over the provider network. Layer 2 and Layer 3 MPLS are
examples of service provider managed VPNs. Other legacy WAN solutions
include Frame Relay and ATM VPNs.
46. Question as presented:

Explanation: The inside local address is the private IP address of the source or
the PC in this instance. The inside global address is the translated address of the
source or the address as seen by the outside device. Since the PC is using the
outside address of the R1 router, the inside global address is 192.0.2.1. The
outside addressing is simply the address of the server or 203.0.113.5.
47. Refer to the exhibit. A network administrator is viewing the output from the
command show ip nat translations. Which statement correctly describes the NAT
translation that is occurring on router RT2?

 The traffic from a source IPv4 address of 192.168.254.253 is being translated to

192.0.2.88 by means of static NAT.
 The traffic from a source IPv4 address of 192.0.2.88 is being translated by
router RT2 to reach a destination IPv4 address of 192.168.254.253.
 The traffic from a source IPv4 public address that originates traffic on the
internet would be able to reach private internal IPv4 addresses.
 The traffic from a source IPv4 address of 192.168.2.20 is being translated by
router RT2 to reach a destination IPv4 address of 192.0.2.254.
Explanation: Because no outside local or outside global address is referenced,
the traffic from a source IPv4 address of 192.168.254.253 is being translated to
192.0.2.88 by using static NAT. In the output from the command show ip nat
translations, the inside local IP address of 192.168.2.20 is being translated into
an outside IP address of 192.0.2.254 so that the traffic can cross the public
network. A public IPv4 device can connect to the private IPv4 device
192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.
48. What type of address is 10.100.126.126?
 private
 public
49. Which type of VPN connects using the Transport Layer Security (TLS) feature?
 SSL VPN
 MPLS VPN
  IPsec virtual tunnel interface
 dynamic multipoint VPN
Explanation: When a client negotiates an SSL VPN connection with the VPN
gateway, it connects using Transport Layer Security (TLS). TLS is the newer
version of SSL and is sometimes expressed as SSL/TLS. The two terms are
often used interchangeably.
50. Which two end points can be on the other side of an ASA site-to-site VPN
configured using ASDM? (Choose two.)
 DSL switch
 ISR router
 another ASA
 multilayer switch
 Frame Relay switch
Explanation: ASDM supports creating an ASA site-to-site VPN between two
ASAs or between an ASA and an ISR router.
51. Which protocol creates a virtual point-to-point connection to tunnel
unencrypted traffic between Cisco routers from a variety of protocols?
 IKE
 IPsec
 OSPF
 GRE
Explanation: Generic Routing Encapsulation (GRE) is a tunneling protocol
developed by Cisco that encapsulates multiprotocol traffic between remote Cisco
routers. GRE does not encrypt data. OSPF is a open source routing protocol.
IPsec is a suite of protocols that allow for the exchange of information that can be
encrypted and verified. Internet Key Exchange (IKE) is a key management
standard used with IPsec.
52. What is a disadvantage when both sides of a communication use PAT?
 End-to-end IPv4 traceability is lost.
 The flexibility of connections to the Internet is reduced.
 The security of the communication is negatively impacted.
 Host IPv4 addressing is complicated.
Explanation: With the use of NAT, especially PAT, end-to-end traceability is lost.
This is because the host IP address in the packets during a communication is
translated when it leaves and enters the network. With the use of NAT/PAT, both
the flexibility of connections to the Internet and security are actually enhanced.
Host IPv4 addressing is provided by DHCP and not related to NAT/PAT.
53. What two addresses are specified in a static NAT configuration?
 the outside global and the outside local
 the inside local and the outside global
  the inside global and the outside local
 the inside local and the inside global
54. A company is considering updating the campus WAN connection. Which two
WAN options are examples of the private WAN architecture? (Choose two.)
 municipal Wi-Fi
 digital subscriber line
 leased line
 Ethernet WAN
 cable
Explanation: An organization can connect to a WAN through basic two options:
 Private WAN infrastructure – such as dedicated point-to-point leased lines,
PSTN, ISDN, Ethernet WAN, ATM, or Frame Relay
 Public WAN infrastructure – such as digital subscriber line (DSL), cable,
satellite access, municipal Wi-Fi, WiMAX, or wireless cellular including
3G/4G
55. What type of address is 128.107.240.239?
 Public
 Private
56. Which type of VPN has both Layer 2 and Layer 3 implementations?
 IPsec virtual tunnel interface
 dynamic multipoint VPN
 GRE over IPsec
 MPLS VPN
57. Refer to the exhibit. A network administrator has configured R2 for PAT. Why
is the configuration incorrect?

 NAT-POOL2 is bound to the wrong ACL

 The ACL does not define the list of addresses to be translated.
 The overload keyword should not have been applied.
 The static NAT entry is missing
Explain:
In the exhibit, NAT-POOL 2 is bound to ACL 100, but it should be bound to the
configured ACL 1. This will cause PAT to fail. 100, but it should be bound to the
configured ACL 1. This will cause PAT to fail.
58. Match each component of a WAN connection to its description. (Not all options
are used.)

59. Which type of VPN allows multicast and broadcast traffic over a secure site-to-
site VPN?
 dynamic multipoint VPN
 SSL VPN
 IPsec virtual tunnel interface
 GRE over IPsec
60. Match the steps with the actions that are involved when an internal host with IP
address 192.168.10.10 attempts to send a packet to and external server at the IP
address 209.165.200.254 across a router R1 that running dynamic NAT. (Not all
options are used.)
Place the options in the following order:
 step 5 => R1 replaces the address 192.168.10.10 with a translated inside
global address.
 step 2 => R1 checks the NAT configuration to determine if this packet should
be translated.
 step 4 => R1 selects an available global address from the dynamic address
pool.
 step 1 => The host sends packets that request a connection to the server at
the address 209.165.200.254
 step 3 => If there is no translation entry for this IP address, R1 determines
that the source address 192.168.10.10 must be translated
Explanation: The translation of the IP addresses from 209.65.200.254 to
192.168.10.10 will take place when the reply comes back from the server.
61. Which type of VPN involves passenger, carrier, and transport protocols?
 GRE over IPsec
 dynamic multipoint VPN
 MPLS VPN
 IPsec virtual tunnel interface
Explanation: In a GRE over IPsec tunnel, the term passenger protocol refers to
the original packet that is to be encapsulated by GRE. The carrier protocol is the
protocol that encapsulates the original passenger packet. The transport protocol
is the protocol that will be used to forward the packet.
62. Match the steps with the actions that are involved when an internal host with IP
address 192.168.10.10 attempts to send a packet to an external server at the IP
address 209.165.200.254 across a router R1 that is running dynamic NAT. (Not all
options are used.)

Explanation: The translation of the IP addresses from 209.65.200.254 to

192.168.10.10 will take place when the reply comes back from the server.
63. Refer to the exhibit. A network administrator is viewing the output from the
command show ip nat translations . Which statement correctly describes the NAT
translation that is occurring on router RT2?

 The traffic from a source IPv4 public address that originates traffic on the
internet would be able to reach private internal IPv4 addresses.
 The traffic from a source IPv4 address of 192.168.2.20 is being translated by
router RT2 to reach a destination IPv4 address of 192.0.2.254.
 The traffic from a source IPv4 address of 192.168.254.253 is being translated to
192.0.2.88 by means of static NAT.
 The traffic from a source IPv4 address of 192.0.2.88 is being translated by
router RT2 to reach a destination IPv4 address of 192.168.254.253.
Explain: Because no outside local or outside global address is referenced, the
traffic from a source IPv4 address of 192.168.254.253 is being translated to
192.0.2.88 by using static NAT. In the output from the command show ip nat
translations , the inside local IP address of 192.168.2.20 is being translated into
an outside IP address of 192.0.2.254 so that the traffic can cross the public
network. A public IPv4 device can connect to the private IPv4 device
192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.
64. What type of address is 10.131.48.7?
 Private
 Public
65. Which type of VPN supports multiple sites by applying configurations to virtual
interfaces instead of physical interfaces?
 dynamic multipoint VPN
 IPsec virtual tunnel interface
  MPLS VPN
 GRE over IPsec
Explanation: An IPsec VTI is a newer IPsec VPN technology that simplifies the
configuration required to support multiple sites and remote access. IPsec VTI
configurations use virtual interfaces to send and receive IP unicast and multicast
encrypted traffic. Therefore, routing protocols are automatically supported without
requiring configuration of GRE tunnels.
66. Which type of VPN involves a nonsecure tunneling protocol being encapsulated
by IPsec?
 dynamic multipoint VPN
 SSL VPN
 IPsec virtual tunnel interface
 GRE over IPsec
67. What type of address is 10.19.6.7?
 private
 public
68. What type of address is 64.101.198.197?
 public
 private
69. What type of address is 64.101.198.107
 public
 private
70. What type of address is 10.100.34.34?
 private
 public
71. What type of address is 192.168.7.126?
 Private.
 Public
72. What type of address is 198.133.219.148?
 Private.
 Public
73. Which two end points can be on the other side of an ASA site-to-site VPN?
(Choose two.)
 DSL switch
 router
 another ASA
 multilayer switch
 Frame Relay switch
Explanation: In a site-to-site VPN, end hosts send and receive normal
unencrypted TCP/IP traffic through a VPN terminating device, typically called a
VPN gateway. A VPN gateway device could be a router or a firewall. A Cisco
Adaptive Security Appliance (ASA) is a standalone firewall device that combines
 firewall, VPN concentrator, and intrusion prevention functionality into one
software image.

 me
 CCNA
 Security
 CyberOps
CCNA 3 v7 Modules 9 – 12: Optimize, Monitor, and
Troubleshoot Networks Exam Answers
Dec 22, 2019 Last Updated: Oct 20, 2021 CCNA v7 Course #3 44 Comments
Share TweetSharePin it
Playvolume00:00/01:03Tech around the worldTruvidfullScreen

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

Enterprise Networking, Security, and Automation ( Version

7.00) – Modules 9 – 12: Optimize, Monitor, and
Troubleshoot Networks Exam
1. What is the term used to indicate a variation of delay?
 latency
 serialization delay
 speed mismatch
 jitter
Explanation: Jitter is a phenomenon caused by a variation in delay. Delay (or
latency) is the time it takes for the packet to arrive at its destination. Jitter
describes how the voice packets arrive at the destination at varying intervals (not
in a steady, consistent stream).
2. A network engineer performs a ping test and receives a value that shows the time
it takes for a packet to travel from a source to a destination device and return.
Which term describes the value?
 jitter
 latency
  priority
 bandwidth
3. What role do network devices play in the IntServ QoS model?
 Network devices ensure that resources are available before traffic is allowed to
be sent by a host through the network.
 Network devices provide a best-effort approach to forwarding traffic.
 Network devices are configured to service multiple classes of traffic and
handle traffic as it may arrive.
 Network devices use QoS on a hop-by-hop basis to provide excellent
scalability.
4. Which device would be classified as a trusted endpoint?
 switch
 router
 firewall
 IP phone
Explanation: Trusted endpoints are devices that have the capability to mark
application traffic at Layer 2 or Layer 3. Trusted endpoints include the following:
– IP phones
– Wireless access points
– Videoconferencing gateways and systems
– IP conferencing stations and more
5. What is the benefit of deploying Layer 3 QoS marking across an enterprise
network?
 Layer 3 marking can carry the QoS information end-to-end.
 Layer 3 marking can carry QoS information on switches that are not IP
aware.
 Layer 3 marking can be carried in the 802.1Q fields.
 Layer 3 marking can be used to carry non-IP traffic.
Explanation: Marking traffic at Layer 2 or Layer 3 is very important and will affect
how traffic is treated in a network using QoS.
 Layer 2 marking of frames can be performed for non-IP traffic.
 Layer 2 marking of frames is the only QoS option available for switches that
are not “IP aware.”
 Layer 3 marking will carry the QoS information end-to-end.

6. What is the function of a QoS trust boundary?

 A trust boundary identifies the location where traffic cannot be remarked.
 A trust boundary only allows traffic to enter if it has previously been marked.
 A trust boundary identifies which devices trust the marking on packets that
enter a network.
 A trust boundary only allows traffic from trusted endpoints to enter the
network.
Explanation: Network traffic is classified and marked as close to the source
device as possible. The trust boundary is the location where the QoS markings
on a packet are trusted as they enter an enterprise network.
7. What are two approaches to prevent packet loss due to congestion on an
interface? (Choose two.)
 Decrease buffer space.
 Disable queuing mechanisms.
 Drop lower-priority packets.
 Prevent bursts of traffic.
 Increase link capacity.
Explanation: There are three approaches to prevent sensitive traffic from being
dropped:
 Increase link capacity to ease or prevent congestion.
 Guarantee enough bandwidth and increase buffer space to accommodate
bursts of traffic from fragile flows.
 Prevent congestion by dropping lower-priority packets before congestion
occurs.
8. What configuration scenario would offer the most protection to SNMP get and set
messages?
 SNMPv2 for in-band management with read-write community strings
 SNMPv1 with out-of-band management in a private subnet
 SNMPv3 configured with the auth security level
 SNMP community strings
Explanation: SNMPv3 supports authentication and encryption with the auth and
priv security levels. SNMPv1 and SNMPv2 do not support authentication or
encryption. Using a default community string is not secure because the default
string of “public” is well known and would allow anyone with SNMP systems to
read device MIBs.
9. Refer to the exhibit. The network administrator enters these commands into the
R1 router:
R1# copy running-config tftp
Address or name of remote host [ ]?
When the router prompts for an address or remote host name, what IP address
should the administrator enter at the prompt?
  192.168.9.254
 192.168.10.2
 192.168.11.252
 192.168.11.254
 192.168.10.1
Explanation: The requested address is the address of the TFTP server. A TFTP
server is an application that can run on a multitude of network devices including a
router, server, or even a networked PC.
10. The command ntp server 10.1.1.1 is issued on a router. What impact does this
command have?
 determines which server to send system log files to
 synchronizes the system clock with the time source with IP address 10.1.1.1
 identifies the server on which to store backup configurations
 ensures that all logging will have a time stamp associated with it
Explanation: The ntp server ip-address global configuration command configures
the NTP server for IOS devices.
11. As the network administrator you have been asked to implement EtherChannel
on the corporate network. What does this configuration consist of?
 providing redundant links that dynamically block or forward traffic
 grouping two devices to share a virtual IP address
 grouping multiple physical ports to increase bandwidth between two switches
 providing redundant devices to allow traffic to flow in the event of device
failure
Explanation: EtherChannel is utilized on a network to increase speed capabilities
by grouping multiple physical ports into one or more logical EtherChannel links
between two switches. STP is used to provide redundant links that dynamically
block or forward traffic between switches. FHRPs are used to group physical
devices to provide traffic flow in the event of failure.
12. What is a definition of a two-tier LAN network design?
 access and core layers collapsed into one tier, and the distribution layer on a
separate tier
 distribution and core layers collapsed into one tier, and the access layer on a
separate tier
 access, distribution, and core layers collapsed into one tier, with a separate
backbone layer
 access and distribution layers collapsed into one tier, and the core layer on a
separate tier
Explanation: Maintaining three separate network tiers is not always required or
cost-efficient. All network designs require an access layer, but a two-tier design
can collapse the distribution and core layers into one layer to serve the needs of
a small location with few users.
13. What are two reasons to create a network baseline? (Choose two.)
 to select a routing protocol
 to determine what kind of equipment to implement
 to design a network according to a proper model
 to identify future abnormal network behavior
 to evaluate security vulnerabilities in the network
 to determine if the network can deliver the required policies
Explanation: A network baseline is created to provide a comparison point, at the
time that the network is performing optimally, to whatever changes are
implemented in the infrastructure. A baseline helps to keep track of the
performance, to track the traffic patterns, and to monitor network behavior.
14. A computer can access devices on the same network but cannot access devices on
other networks. What is the probable cause of this problem?
 The computer has an incorrect subnet mask.
 The computer has an invalid default gateway address.
 The cable is not connected properly to the NIC.
 The computer has an invalid IP address.
Explanation: The default gateway is the address of the device a host uses to
access the Internet or another network. If the default gateway is missing or
incorrect, that host will not be able to communicate outside the local network.
Because the host can access other hosts on the local network, the network cable
and the other parts of the IP configuration are working.
15. In which step of gathering symptoms does the network engineer determine if the
problem is at the core, distribution, or access layer of the network?
 Gather information.
  Narrow the scope.
 Document the symptoms.
 Determine ownership.
 Determine the symptoms.
Explanation: In the “narrow the scope” step of gathering symptoms, a network
engineer will determine if the network problem is at the core, distribution, or
access layer of the network. Once this step is complete and the layer is
identified, the network engineer can determine which pieces of equipment are the
most likely cause.
16. A network administrator is deploying QoS with the ability to provide a special
queue for voice traffic so that voice traffic is forwarded before network traffic in
other queues. Which queuing method would be the best choice?
 LLQ
 CBWFQ
 WFQ
 FIFO
Explanation: Low latency queuing (LLQ) allows delay-sensitive data, such as
voice traffic, to be defined in a strict priority queue (PQ) and to always be sent
first before any packets in any other queue are forwarded.
17. What are two characteristics of voice traffic? (Choose two.)
 Voice traffic latency should not exceed 150 ms.
 Voice traffic is unpredictable and inconsistent.
 Voice traffic requires at least 384 kbs of bandwidth.
 Voice traffic consumes lots of network resources.
 Dropped voice packets are not retransmitted.
Explanation: Voice traffic does not consume a lot of network resources, such as
bandwidth. However, it is very sensitive to delay and dropped packets cannot be
retransmitted. For good voice quality, the amount of latency should always be
less than 150 milliseconds.
18. Which type of network traffic cannot be managed using congestion avoidance
tools?
 TCP
 ICMP
 IP
 UDP
Explanation: Queuing and compression techniques can help to reduce and
prevent UDP packet loss, but there is no congestion avoidance for User
Datagram Protocol (UDP) based traffic.
19. When QoS is implemented in a converged network, which two factors can be
controlled to improve network performance for real-time traffic? (Choose two.)
  delay
 packet addressing
 jitter
 packet routing
 link speed
Explanation: Delay is the latency between a sending and receiving device. Jitter
is the variation in the delay of the received packets. Both delay and jitter need to
be controlled in order to support real-time voice and video traffic.
20. An administrator wants to replace the configuration file on a Cisco router by
loading a new configuration file from a TFTP server. What two things does the
administrator need to know before performing this task? (Choose two.)
 name of the configuration file that is currently stored on the router
 configuration register value
 name of the configuration file that is stored on the TFTP server
 router IP address
 TFTP server IP address
Explanation: In order to identify the exact location of the desired configuration
file, the IP address of the TFTP server and the name of the configuration file are
essential information. Because the file is a new configuration, the name of the
current configuration file is not necessary.
21. Refer to the exhibit. Which of the three Cisco IOS images shown will load into
RAM?

 The router selects an image depending on the boot system command in the
configuration.
 The router selects an image depending on the value of the configuration
register.
 The router selects the third Cisco IOS image because it is the most recent
IOS image.
 The router selects the third Cisco IOS image because it contains the
advipservicesk9 image.
 The router selects the second Cisco IOS image because it is the smallest
IOS image.
 Explanation: When performing an upgrade or testing different IOS versions,
the boot system command is used to select which image is used to boot the Cisco
device.
22. Refer to the exhibit. What two types of devices are connected to R1? (Choose
two.)

 switch
 hub
 router
 repeater
 Source Route Bridge
Explanation: The capabilities of the devices displayed by the output show them
to be a Cisco 2811 series router, Cisco 1941 series router, and a Cisco 2960
switch.
23. What are three functions provided by the syslog service? (Choose three.)
 to select the type of logging information that is captured
 to periodically poll agents for data
 to provide statistics on packets that are flowing through a Cisco device
 to provide traffic analysis
 to gather logging information for monitoring and troubleshooting
 to specify the destinations of captured messages
Explanation: There are three primary functions provided by the syslog service:
1. gathering logging information
2. selection of the type of information to be logged
3. selection of the destination of the logged information
24. What is the function of the MIB element as part of a network management
system?
 to collect data from SNMP agents
 to send and retrieve network management information
 to change configurations on SNMP agents
 to store data about a device
Explanation: The Management Information Base (MIB) resides on a networking
device and stores operational data about the device. The SNMP manager can
collect information from SNMP agents. The SNMP agent provides access to the
information.
25. What network design would contain the scope of disruptions on a network
should a failure occur?
 the reduction in the number of redundant devices and connections in the
network core
 the installation of only enterprise class equipment throughout the network
 the deployment of distribution layer switches in pairs and the division of access
layer switch connections between them
 the configuration of all access layer devices to share a single gateway
Explanation: One way to contain the impact of a failure on the network is to
implement redundancy. One way this is accomplished is by deploying redundant
distribution layer switches and dividing the access layer switch connections
between the redundant distribution layer switches. This creates what is called a
switch block. Failures in a switch block are contained to that block and do not
bring down the whole network.
26. Which action should be taken when planning for redundancy on a hierarchical
network design?
 add alternate physical paths for data to traverse the network
 continually purchase backup equipment for the network
 implement STP portfast between the switches on the network
 immediately replace a non-functioning module, service or device on a
network
Explanation: One method of implementing redundancy is path redundancy,
installing alternate physical paths for data to traverse the network. Redundant
links in a switched network supports high availability and can be used for load
balancing, reducing congestion on the network.
27. What are two benefits of extending access layer connectivity to users through a
wireless medium? (Choose two.)
 increased flexibility
 increased network management options
 decreased number of critical points of failure
 reduced costs
 increased bandwidth availability
Explanation: Wireless connectivity at the access layer provides increased
flexibility, reduced costs, and the ability to grow and adapt to changing business
requirements. Utilizing wireless routers and access points can provide an
increase in the number of central points of failure. Wireless routers and access
points will not provide an increase in bandwidth availability.
28. What is a basic function of the Cisco Borderless Architecture access layer?
  aggregates Layer 2 broadcast domains
 provides access to the user
 aggregates Layer 3 routing boundaries
 provides fault isolation
Explanation: A function of the Cisco Borderless Architecture access layer is
providing network access to the users. Layer 2 broadcast domain aggregation,
Layer 3 routing boundaries aggregation, and high availability are distribution
layer functions. The core layer provides fault isolation and high-speed backbone
connectivity.
29. Which characteristic would most influence a network design engineer to select a
multilayer switch over a Layer 2 switch?
 ability to have multiple forwarding paths through the switched network based
on VLAN number(s)
 ability to build a routing table
 ability to provide power to directly-attached devices and the switch itself
 ability to aggregate multiple ports for maximum data throughput
Explanation: Multilayer switches, also known as Layer 3 switches, can route and
build a routing table. This capability is required in a multi-VLAN network and
would influence the network designer to select a multilayer switch. The other
options are features also available on Layer 2 switches, so they would not
influence the decision to select a multilayer switch.
30. Refer to the exhibit. Why are routers R1 and R2 not able to establish an OSPF
adjacency?

 The serial interfaces are not in the same area.

  The process numbers are not the same in both routers.
 A backbone router cannot establish an adjacency with an ABR router.
 The router ID values are not the same in both routers.
Explanation: On router R1, the network 192.168.10.0/30 is defined in the wrong
area (area 1). It has to be defined in area 0 in order to establish adjacency with
router R2, which has the network 192.168.10.0/30 defined in area 0.
31. When is the most appropriate time to measure network operations to establish a
network performance baseline?
 whenever high network use is detected, so that how the network performs
under stress can be monitored
 during quiet vacation periods, so that the level of non-data traffic can be
determined
 at the same time each day across a set period of average working days, so that
typical traffic patterns can be established
 at random times during a 10 week period, so that abnormal traffic levels can
be detected
Explanation: The purpose of establishing a network performance baseline is to
provide a reference of normal or average network use to enable data traffic
anomalies to be detected and then investigated. Network operations that are not
average, or are not normal, cannot be used to establish a network performance
baseline.
32. Refer to the exhibit. A user has configured a NIC on the PC as shown but finds
that the PC is unable to access the Internet. What is the problem?
  The preferred DNS address is incorrect.
 The default gateway address is incorrect.
 The settings were not validated upon exit.
 There should not be an alternate DNS server.
Explanation: In order for a computer to communicate outside its network, it must
have a valid default gateway configured.This address cannot be the same as the
IP address of the computer.
33. Refer to the exhibit. A network engineer configured an ACL preventing Telnet
and HTTP access to the HQ web server from guest users in the Branch LAN. The
address of the web server is 192.168.1.10 and all guest users are assigned addresses
in the 192.168.10.0/24 network. After implementing the ACL, no one can access any
of the HQ servers. What is the problem?
  Inbound ACLs must be routed before they are processed.
 The ACL is implicitly denying access to all the servers.
 Named ACLs require the use of port numbers.
 The ACL is applied to the interface using the wrong direction.
Explanation: Both named and numbered ACLs have an implicit deny ACE at the
end of the list. This implicit deny blocks all traffic.
34. Refer to the exhibit. A network administrator has configured OSPFv2 on the
two Cisco routers as shown. PC1 is unable to connect to PC2. What should the
administrator do first when troubleshooting the OSPFv2 implementation?

 Disconnect the serial link between router R1 and R2.

 Turn off OSPFv2.
 Implement the network 192.168.255.0 0.0.0.3 area 0 command on router R1.
  Test Layer 3 connectivity between the directly connected routers.
Explanation: A prerequisite for OSPFv2 neighbor relationships to form between
two routers is Layer 3 connectivity. A successful ping confirms that a router
interface is active and may be able to form an OSPF neighbor adjacency.
35. What type of traffic is described as requiring latency to be no more than 150
milliseconds (ms)?
 voice
 video
 data
36. A network manager wants to add a time to log messages so that there is record
of when the message was generated. What command should the administrator use
on a Cisco router?
 show cdp interface
 ntp server 10.10.14.9
 service timestamps log datetime
 clock timezone PST -7
37. Match the functions to the corresponding layers. (Not all options are used.)
38. Match the borderless switched network guideline description to the principle.
(Not all options are used.)

39. What are two characteristics of the best-effort QoS model? (Choose two.)
 It allows end hosts to signal their QoS needs to the network.
 It uses a connection-oriented approach with QoS.
 It provides preferential treatment for voice packets.
 It does not provide a delivery guarantee for packets.
 It treats all network packets in the same way.
Explanation: The best-effort QoS model provides no guarantees and it is
commonly used on the Internet. The best-effort QoS model treats all network
packets in the same way.
40. Why is QoS an important issue in a converged network that combines voice,
video, and data communications?
  Data communications are sensitive to jitter.
 Legacy equipment is unable to transmit voice and video without QoS.
Correct Response
 Voice and video communications are more sensitive to latency.
 Data communications must be given the first priority.
Explanation: Without any QoS mechanisms in place, time-sensitive packets,
such as voice and video, will be dropped with the same frequency as email and
web browsing traffic.
41. A network administrator configures a router with the command sequence:

R1(config)# boot system tftp://c1900-universalk9-mz.SPA.152-4.M3.bin

R1(config)# boot system rom

What is the effect of the command sequence?

 On next reboot, the router will load the IOS image from ROM.
 The router will search and load a valid IOS image in the sequence of flash,
TFTP, and ROM.
 The router will copy the IOS image from the TFTP server and then reboot the
system.
 The router will load IOS from the TFTP server. If the image fails to load, it will
load the IOS image from ROM.
Explanation: The boot system command is a global configuration command that
allows the user to specify the source for the Cisco IOS Software image to load. In
this case, the router is configured to boot from the IOS image that is stored on
the TFTP server and will use the ROMmon imagethat is located in the ROM if it
fails to locate the TFTP server or fails to load a valid image from the TFTP
server.
42. Which statement describes SNMP operation?
 An SNMP agent that resides on a managed device collects information about
the device and stores that information remotely in the MIB that is located on
the NMS.
 A set request is used by the NMS to change configuration variables in the agent
device.
 An NMS periodically polls the SNMP agents that are residing on managed
devices by using traps to query the devices for data.
 A get request is used by the SNMP agent to query the device for data.
Explanation: An SNMP agent that resides on a managed device collects and
stores information about the device and its operation. This information is stored
by the agent locally in the MIB. An NMS periodically polls the SNMP agents that
are residing on managed devices by using the get request to query the devices
for data.
43. Refer to the exhibit. A network administrator issues the show lldp neighbors
command on a switch. What are two conclusions that can be drawn? (Choose two.)

 Dev1 is connected to interface Fa0/5 of S1.

 Dev1 is a switch with mixed types of interfaces.
 Dev2 is a switch.
 Dev1 is connected to interface Fa0/4 of Dev2.
 S1 has only two interfaces.
Explanation: In the output from the show lldp command, under Capability, R
indicates a router and B indicates a bridge (switch). Nothing indicates that Dev1
and Dev2 are connected to one another.
44. What are the three layers of the switch hierarchical design model? (Choose
three.)
 distribution
 network access
 data link
 enterprise
 access
 core
Explanation: The access layer is the lowest layer and it provides network access
to users. The distribution layer has many functions, but it aggregates data from
the access layer, provides filtering, policy control, and sets Layer 3 routing
boundaries. The core layer provides high speed connectivity.
45. Refer to the exhibit. Which devices exist in the failure domain when switch S3
loses power?
  S4 and PC_2
 PC_3 and PC_2
 PC_3 and AP_2
 S1 and S4
 AP_2 and AP_1
Explanation: A failure domain is the area of a network that is impacted when a
critical device such as switch S3 has a failure or experiences problems.
46. A network designer is considering whether to implement a switch block on the
company network. What is the primary advantage of deploying a switch block?
 This is network application software that prevents the failure of a single
network device.
 The failure of a switch block will not impact all end users.
 This is a security feature that is available on all new Catalyst switches.
 A single core router provides all the routing between VLANs.
Explanation: The configuration of a switch block provides redundancy so that the
failure of a single network device generally has little or no effect on end users.
47. Which troubleshooting tool would a network administrator use to check the
Layer 2 header of frames that are leaving a particular host?
 knowledge base
 protocol analyzer
 CiscoView
  baselining tool
Explanation: A protocol analyzer such as Wireshark is capable of displaying the
headers of data at any OSI Layer.
48. Refer to the exhibit. R1 and R3 are connected to each other via the local serial
0/0/0 interface. Why are they not forming an adjacency?

 They have different routing processes.

 They have different router IDs.
 They are in different subnets.
 The connecting interfaces are configured as passive.
Explanation: The routers need to be in the same subnet in order to form an
adjacency. The routing processes can be different on each router. The router IDs
must be different for routers that participate in the same routing domain. The
interfaces are not passive.
49. What type of traffic is described as not resilient to loss?
 video
 data
 voice
Explanation: Video traffic tends to be unpredictable, inconsistent, and bursty
compared to voice traffic. Compared to voice, video is less resilient to loss and
has a higher volume of data per packet.
50. A network manager wants lists the contents of flash. What command should the
administrator use on a Cisco router?
 show file systems
 dir
 lldp enable
 service timestamps log datetime
51. Voice packets are being received in a continuous stream by an IP phone, but
because of network congestion the delay between each packet varies and is causing
broken conversations. What term describes the cause of this condition?
 buffering
 latency
 queuing
 jitter
Explanation: Jitter is the variation in the latency or delay of received packets.
When data is sent, packets are sent in a continuous stream and are spaced
evenly apart. Because of network congestion, the delay between each packet
can vary instead of remaining constant.
52. A user is unable to reach the website when typing http://www.cisco.com in a web
browser, but can reach the same site by typing http://72.163.4.161 . What is the
issue?
 DHCP
 DNS
 Default Gateway
 TCP/IP Protocol stack
Explanation: Domain Name Service (DNS) is used to translate a web address to
an IP address. The address of the DNS server is provided via DHCP to host
computers.
53. What type of traffic is described as tending to be unpredictable, inconsistent,
and bursty?
 Audio
 Video
 Data
 Voice
54. A network manager wants to determine the size of the Cisco IOS image file on
the networking device. What command should the administrator use on a Cisco
router?
 show flash:0
 copy flash: tftp:
 config-register 0x2102
 confreg 0x2142
55. What is the principle that is applied when a network technician is
troubleshooting a network fault by using the divide-and-conquer method?
 Testing is performed at Layer 7 and at Layer 1, then at Layers 6 and 2, and
so on, working towards the middle of the stack until all layers are verified as
operational.
  Once it is verified that components in a particular layer are functioning
properly, it can then be assumed that components in the layers below it are also
functional.
 Testing is performed at all layers of the OSI model until a non-functioning
component is found.
 Once it is verified that a component in a particular layer is functioning
properly, testing can then be performed on any other layer.
Explanation: The nature of the OSI and TCP/IP layered models is that upper
layers are dependent on lower layers. So when troubleshooting, if a particular
layer is found to be working correctly then it can be assumed that all layers below
it are also functioning correctly.
56. Which queuing algorithm has only a single queue and treats all packets equally?
 CBWFQ
 FIFO
 LLQ
 WFQ
57. What type of traffic is described as traffic that requires at least 30 Kbps of
bandwidth?
 voice
 data
 video
58. What type of traffic is described as being able to tolerate a certain amount of
latency, jitter, and loss without any noticeable effects?
 voice
 video
 data
59. A network manager wants to view the amount of available and free memory, the
type of file system, and its permissions. What command should the administrator
use on a Cisco router?
 ntp server 10.10.14.9
 lldp enable
 clock timezone PST -7
 show file systems
60. What type of traffic is described as requiring latency to be no more than 400
milliseconds (ms)?
 voice
 data
 video
61. What type of traffic is described as consisting of traffic that requires a higher
priority if interactive?
 data
 voice
  video
62. A network manager wants to configure the router to load a new image from
flash during bootup. What command should the administrator use on a Cisco
router?
 copy flash: tftp:
 boot system
 clock set 14:25:00 nov 13 2018
 copy tftp startup-config
63. What type of traffic is described as predictable and smooth?
 data
 video
 voice
64. A network manager wants to ensure that the device will ignore the startup
config file during startup and bypass the required passwords. What command
should the administrator use on a Cisco router?
 copy usbflash0:/R1-Config
 copy running-config tftp
 confreg 0x2142
 config-register 0x2102
65. What type of traffic is described as having a high volume of data per packet?
 video
 voice
 data
66. A network manager wants to backup the running configuration to a file server.
What command should the administrator use on a Cisco router?
 cd usbflash0:
 show file systems
 copy running-config tftp
 dir
67. What type of traffic is described as consisting of traffic that gets a lower priority
if it is not mission-critical?
 voice
 data
 video

CCNA 3 v7 Modules 13 – 14: Emerging Network

Technologies Exam Answers
Dec 22, 2019 Last Updated: May 3, 2022 CCNA v7 Course #3 21 Comments
Share TweetSharePin it
How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

Enterprise Networking, Security, and Automation ( Version

7.00) – Modules 13 – 14: Emerging Network Technologies
Exam
1. A company uses a cloud-based payroll system. Which cloud computing
technology is this company using?
 browser as a service (BaaS)
 infrastructure as a service (IaaS)
 software as a service (SaaS)
 wireless as a service (WaaS)
Explanation: Curriculum Reference: Module 7.2
This item is based on information contained in the presentation.
There is no such thing as BaaS. Infrastructure as a service (IaaS) is when key
network devices such as routers and firewalls are leased from a provider.
Wireless as a service (WaaS) is when a provider provides wireless connectivity
at a fixed monthly cost.
2. For a data center, what is the difference in the server virtualization data traffic
compared with the traditional client-server model?
 Data traffic from clients will be routed to multiple virtual servers.
 There are significant data exchanges between virtual servers.
 There is more data traffic flowing from virtual servers to clients.
 More network control traffic is generated between virtual servers and clients.
3. Which component in a traditional infrastructure device provides Layer 2 and
Layer 3 functions to create data paths within a network?
 data plane
 control plane
 adjacency table
 forwarding information base
4. Which network traffic management technology is a basic element in SDN
implementations?
 OpenFlow
 OpenStack
 IEEE 802.1aq
 Interface to the Routing System
Explanation: OpenFlow was developed at Stanford University to manage traffic
between routers, switches, and wireless access points and a controller. It is the
original and widely implemented southbound API for SDN. OpenStack is a
virtualization and orchestration platform available to build scalable cloud
environments and provide an infrastructure as a service (IaaS) solution. It is often
used with Cisco ACI. IEEE 802.1aq is a replacement to the Spanning Tree
Protocol (STP) that allows all paths to be active with multiple equal cost paths.
Interface to the Routing System uses a fast path protocol to populate the network
device routing table.
5. Which type of hypervisor would most likely be used in a data center?
 Type 2
 Type 1
 Nexus
 Hadoop
Explanation: The two type of hypervisors are Type 1 and Type 2. Type 1
hypervisors are usually used on enterprise servers. Enterprise servers rather
than virtualized PCs are more likely to be in a data center.
6. Which is a characteristic of a Type 1 hypervisor?
 installed directly on a server
 best suited for consumers and not for an enterprise environment
 does not require management console software
 installed on an existing operating system
Explanation: Type 1 hypervisors are installed directly on a server and are known
as “bare metal” solutions giving direct access to hardware resources. They also
require a management console and are best suited for enterprise environments.
7. Which two layers of the OSI model are associated with SDN network control
plane functions that make forwarding decisions? (Choose two.)
 Layer 1
 Layer 2
 Layer 3
 Layer 4
 Layer 5
Explanation: The SDN control plane uses the Layer 2 ARP table and the Layer 3
routing table to make decisions about forwarding traffic.
8. What pre-populates the FIB on Cisco devices that use CEF to process packets?
 the routing table
 the adjacency table
 the ARP table
 the DSP
Explanation: CEF uses the FIB and adjacency table to make fast forwarding
decisions without control plane processing. The adjacency table is pre-populated
by the ARP table and the FIB is pre-populated by the routing table.
9. What is a function of the data plane of a network device?
 sending information to the CPU for processing
 building the routing table
 resolving MAC addresses
 forwarding traffic flows
Explanation: Networking devices operate in two planes; the data plane and the
control plane. The control plane maintains Layer 2 and Layer 3 forwarding
mechanisms using the CPU. The data plane forwards traffic flows.
10. Which statement describes the concept of cloud computing?
 separation of application from hardware
 separation of management plane from control plane
 separation of operating system from hardware
 separation of control plane from data plane
Explanation: Cloud computing is used to separate the application or service from
hardware. Virtualization separates the operating system from the hardware.
11. Which cloud model provides services for a specific organization or entity?
 a public cloud
 a hybrid cloud
 a private cloud
 a community cloud
Explanation: Private clouds are used to provide services and applications to a
specific organization and may be set up within the private network of the
organization or managed by an outside organization.
12. What two benefits are gained when an organization adopts cloud computing and
virtualization? (Choose two.)
 provides a “pay-as-you-go” model, allowing organizations to treat computing
and storage expenses as a utility
 enables rapid responses to increasing data volume requirements
 distributed processing of large data sets in the size of terabytes
 elimination of vulnerabilities to cyber attacks
 increases the dependance on onsite IT resources
Explanation: Organizations can use virtualization to consolidate the number of
required servers by running many virtual servers on a single physical server.
Cloud computing allows organizations to scale their solutions as required and to
pay only for the resources they require.
13. Which type of Hypervisor is implemented when a user with a laptop running the
Mac OS installs a Windows virtual OS instance?
 type 2
 virtual machine
 type 1
 bare metal
Explanation: Type 2 hypervisors, also know as hosted hypervisors, are installed
on top of an existing operating system, such as Mac OS, Windows, or Linux.
14. A small company is considering moving many of its data center functions to the
cloud. What are three advantages of this plan? (Choose three.)
 The company only needs to pay for the amount of processing and storage
capacity that it uses.
 Cloud services are billed at a fixed fee no matter how much processing and
storage are used by the company.
 The company does not need to be concerned about how to handle increasing
data storage and processing demands with in-house data center equipment.
 The company can increase processing and storage capacity as needed and then
decrease capacity when it is no longer needed.
 Single-tenant data centers can easily grow to accommodate increasing data
storage requirements.
 Cloud services enable the company to own and administer its own servers
and storage devices.
Explanation: Cloud computing offers many advantages to the company. Since
the cloud data storage and processing facilities are owned by third-parties, the
company does not need to be concerned about how it will handle increasing data
storage and processing demands with its own data center equipment. The
company can easily increase or decrease processing power and storage
capacity based on need. Also, cloud services are billed by usage, so the
company does not have the costs of supporting its own expensive data center
that is not always used to maximum capacity.
15. How does virtualization help with disaster recovery within a data center?
 support of live migration
 guarantee of power
 improvement of business practices
 supply of consistent air flow
Explanation: Live migration allows moving of one virtual server to another virtual
server that could be in a different location that is some distance from the original
data center.
16. What technology allows users to access data anywhere and at any time?
 Cloud computing
 virtualization
  micromarketing
 data analytics
Explanation: Cloud computing allows organizations to eliminate the need for on-
site IT equipment, maintenance, and management. Cloud computing allows
organizations to expand their services or capabilities while avoiding the
increased costs of energy and space.
17. Which action takes place in the assurance element of the IBN model?
 verification and corrective action
 configuring systems
 translation of policies
 integrity checks
Explanation: The assurance element of the IBN model is concerned with end-to-
end verification of network-wide behavior.
18. Refer to the exhibit. Which data format is used to represent the data for network
automation applications?

 XML
 YAML
 HTML
 JSON
Explanation: The common data formats that are used in many applications
including network automation and programmability are as follows:
 JavaScript Object Notation (JSON) – In JSON, the data known as an object is
one or more key/value pairs enclosed in braces { }. Keys must be strings
within double quotation marks ” “. Keys and values are separated by a colon.
 eXtensible Markup Language (XML) – In XML, the data is enclosed within a
related set of tags <tag>data</tag>.
 YAML Ain’t Markup Language (YAML) – In YAML, the data known as an
object is one or more key value pairs. Key value pairs are separated by a
colon without the use of quotation marks. YAML uses indentation to define its
structure, without the use of brackets or commas.
19. What is the function of the key contained in most RESTful APIs?
  It is the top-level object of the API query.
 It is used to authenticate the requesting source.
 It represents the main query components in the API request.
 It is used in the encryption of the message by an API request.
Explanation: Many RESTful APIs, including public APIs, require a key. The key is
used to identify the source of the request through authentication.
20. Which two configuration management tools are developed using Ruby? (Choose
two.)
 Puppet
 Ansible
 SaltStack
 Chef
 RESTCONF
Explanation: Chef and Puppet are configuration management tools developed
using Ruby. Ansible and SaltStack are configuration management tools
developed using Python. Ruby is typically considered a more difficult language to
learn than Python. RESTCONF is a network management protocol.
21. Which term is used to describe a set of instructions for execution by the
configuration management tool Puppet?
 Playbook
 Cookbook
 Manifest
 Pillar
Explanation: The configuration management tool Puppet uses the name Manifest
to describe the set of instructions to be executed.
22. Which term is used to describe a set of instructions for execution by the
configuration management tool SaltStack?
 Cookbook
 Manifest
 Pillar
 Playbook
Explanation: The configuration management tool SaltStack uses the name Pillar
to describe the set of instructions to be executed.
23. Which scenario describes the use of a public API?
 It requires a license.
 It can be used with no restrictions.
 It is used between a company and its business partners.
 It is used only within an organization.
Explanation: Public, or open, APIs have no restrictions and are available to the
public. Some API providers do require a user to obtain a free key or token prior to
using the API in order to control the volume of API requests received and
processed.
24. What is YAML?
 It is a scripting language.
 It is a data format and superset of JSON.
 It is a compiled programming language.
 It is a web application.
Explanation: Like JSON, YAML Ain’t Markup Language (YAML) is a data format
used by applications to store and transport data. YAML is considered a superset
of JSON.
25. Which RESTFul operation corresponds to the HTTP GET method?
 post
 patch
 update
 read
Explanation: RESTful operations correspond to the following HTTP methods
(shown to the left with the RESTful operation on the right):
 POST > Create
 GET > Read
 PUT/PATCH > Update
 DELETE > Delete

26. Which technology virtualizes the network control plane and moves it to a
centralized controller?
 SDN
 fog computing
 cloud computing
 IaaS
Explanation: Networking devices operate in two planes: the data plane and the
control plane. The control plane maintains Layer 2 and Layer 3 forwarding
mechanisms using the CPU. The data plane forwards traffic flows. SDN
virtualizes the control plane and moves it to a centralized network controller.
27. What are two functions of hypervisors? (Choose two.)
 to partition the hard drive to run virtual machines
 to manage virtual machines
 to protect the host from malware infection from the virtual machines
 to share the antivirus software across the virtual machines
 to allocate physical system resources to virtual machines
Explanation: The hypervisor does not protect the hosting OS from malware.
Neither does it allow sharing software across virtual machines. The hard drive of
the supporting computer does not need to be partitioned to run virtual machines.
The hypervisor creates and manages virtual machines on a host computer and
allocates physical system resources to them.
28. What is a difference between the functions of Cloud computing and
virtualization?
 Cloud computing requires hypervisor technology whereas virtualization is a
fault tolerance technology.
 Cloud computing separates the application from the hardware whereas
virtualization separates the OS from the underlying hardware.
 Cloud computing provides services on web-based access whereas
virtualization provides services on data access through virtualized Internet
connections.
 Cloud computing utilizes data center technology whereas virtualization is not
used in data centers.
Explanation: Cloud computing separates the application from the hardware.
Virtualization separates the OS from the underlying hardware. Virtualization is a
typical component within cloud computing. Virtualization is also widely used in
data centers. Although the implementation of virtualization facilitates an easy
server fault tolerance setup, it is not a fault tolerance technology by design. The
Internet connection from a data center or service provider needs redundant
physical WAN connections to ISPs.
29. How is the YAML data format structure different from JSON?
 It uses indentations.
 It uses end tags.
 It uses hierarchical levels of nesting.
 It uses brackets and commas.
Explanation: The structure in YAML is defined by indentations rather than
brackets and commas.
30. What is the most widely used API for web services?
 XML-RPC
 SOAP
 JSON-RPC
 REST
Explanation: REST accounts for more than 80% of all API types used for web
services, making it the most widely used web service API.
31. What is REST?
 It is a way to store and interchange data in a structured format.
 It is an architecture style for designing web service applications.
 It is a human readable data structure that is used by applications for storing,
transforming, and reading data.
 It is a protocol that allows administrators to manage nodes on an IP network.
Explanation: REST is not a protocol or service, but rather a style of software
architecture for designing web service applications.
32. What is a difference between the XML and HTML data formats?
 XML does not use predefined tags whereas HTML does use predefined tags.
 XML encloses data within a pair of tags whereas HTML uses a pair of
quotation makes to enclose data.
 XML formats data in binary whereas HTML formats data in plain text.
 XML does not require indentation for each key/value pair but HTML does
require indentation.
Explanation: XML is a human readable data structure used to store, transfer, and
read data by applications. Like HTML, XML uses a related set of tags to enclose
data. However, unlike HTML, XML uses no predefined tags or document
structure.
33. To avoid purchasing new hardware, a company wants to take advantage of idle
system resources and consolidate the number of servers while allowing for multiple
operating systems on a single hardware platform. What service or technology would
support this requirement?
 dedicated servers
 Cisco ACI
 virtualization
 software defined networking
34. Match the term to the RESTful API request
http://www.mapquestapi.com/directions/v2/route?
outFormat=json&key=KEY&from=San+Jose,Ca&to=Monterey,Ca component.
(Not all options are used.)

35. Which cloud computing opportunity would provide the use of network
hardware such as routers and switches for a particular company?
 software as a service (SaaS)
 wireless as a service (WaaS)
 infrastructure as a service (IaaS)
 browser as a service (BaaS)
Explanation: This item is based on information contained in the presentation.
Routers, switches, and firewalls are infrastructure devices that can be provided in
the cloud.
36. What component is considered the brains of the ACI architecture and translates
application policies?
 the Application Network Profile endpoints
  the Nexus 9000 switch
 the hypervisor
 the Application Policy Infrastructure Controller
Explanation: The ACI architecture consists of three core components: the
Application Network Profile, the Application Policy Infrastructure Controller, which
serves as the brains of the ACI architecture, and the Cisco Nexus 9000 switch.
37. Which statement describes the concept of cloud computing?
 separation of management plane from control plane
 separation of control plane from data plane
 separation of application from hardware
 separation of operating system from hardware
Explanation: Cloud computing is used to separate the application or service from
hardware. Virtualization separates the operating system from the hardware.
38. In which situation would a partner API be appropriate?
 an internet search engine allowing developers to integrate the search engine
into their own software applications
 company sales staff accessing internal sales data from their mobile devices
 someone creating an account on an external app or website by using his or
her social media credentials
 a vacation service site interacting with hotel databases to display information
from all the hotels on its web site
Explanation: Partner API programs incorporate collaboration with other business.
They facilitate communication and integration of software between a company
and its business partners.
39. Because of enormous growth in web traffic, a company has planned to purchase
additional servers to help handle the web traffic. What service or technology would
support this requirement?
 virtualization
 data center
 cloud services
 dedicated servers
40. ABCTech is investigating the use of automation for some of its products. In
order to control and test these products, the programmers require Windows, Linux,
and MAC OS on their computers. What service or technology would support this
requirement?
 dedicated servers
 software defined networking
 virtualization
 Cisco ACI
41. What are three components used in the query portion of a typical RESTful API
request? (Choose three.)
  API server
 format
 parameters
 key
 protocol
 resources
42. A company has recently become multinational. Employees are working
remotely, in different time zones, and they need access to company services from
any place at any time. What service or technology would support this requirement?
 dedicated servers
 cloud services
 Cisco ACI
 virtualization
43. Following a multicontinent advertising campaign for a new product, a company
finds its client database and volume of orders are overloading its on-site computer
systems but the company does not have any room to expand. What service or
technology would support this requirement?
 cloud services
 dedicated servers
 data center
 virtualization
44. A network administrator has been tasked with creating a disaster recovery plan.
As part of this plan, the administrator is looking for a backup site for all of the data
on the company servers. What service or technology would support this
requirement?
 virtualization
 software defined networking
 data center
 dedicated servers
45. Which is a requirement of a site-to-site VPN?
 It requires hosts to use VPN client software to encapsulate traffic.
 It requires a VPN gateway at each end of the tunnel to encrypt and decrypt
traffic.
 It requires the placement of a VPN server at the edge of the company
network.
 It requires a client/server architecture.
Explanation: Site-to-site VPNs are static and are used to connect entire
networks. Hosts have no knowledge of the VPN and send TCP/IP traffic to VPN
gateways. The VPN gateway is responsible for encapsulating the traffic and
forwarding it through the VPN tunnel to a peer gateway at the other end which
decapsulates the traffic.
46. Which statement describes an important characteristic of a site-to-site VPN?
  It must be statically set up.
 After the initial connection is established, it can dynamically change
connection information.
 It requires using a VPN client on the host PC.
 It is commonly implemented over dialup and cable modem networks.
 It is ideally suited for use by mobile workers.
Explanation: A site-to-site VPN is created between the network devices of two
separate networks. The VPN is static and stays established. The internal hosts of
the two networks have no knowledge of the VPN.
47. Which protocol is attacked when a cybercriminal provides an invalid gateway in
order to create a man-in-the-middle attack?
 DHCP
 ICMP
 DNS
 HTTP or HTTPS
Explanation: A cybercriminal could set up a rogue DHCP server that provides
one or more of the following:
 Wrong default gateway that is used to create a man-in-the-middle attack and
allow the attacker to intercept data
 Wrong DNS server that results in the user being sent to a malicious website
 Invalid default gateway IP address that results in a denial of service attack on
the DHCP client
48. In which TCP attack is the cybercriminal attempting to overwhelm a target host
with half-open TCP connections?
 reset attack
 session hijacking attack
 SYN flood attack
 port scan attack
Explanation: In a TCP SYN flood attack, the attacker sends to the target host a
continuous flood of TCP SYN session requests with a spoofed source IP
address. The target host responds with a TCP-SYN-ACK to each of the SYN
session requests and waits for a TCP ACK that will never arrive. Eventually the
target is overwhelmed with half-open TCP connections.
49. Which statement describes a VPN?
 VPNs use logical connections to create public networks through the Internet.
 VPNs use open source virtualization software to create the tunnel through
the Internet.
 VPNs use dedicated physical connections to transfer data between remote
users.
 VPNs use virtual connections to create a private network through a public
network.
Explanation: A VPN is a private network that is created over a public network.
Instead of using dedicated physical connections, a VPN uses virtual connections
routed through a public network between two network devices.

CCNA 3 v7.0 Final Exam Answers Full – Enterprise

Networking, Security, and Automation
Dec 22, 2019 Last Updated: Jun 13, 2023 CCNA v7.0, CCNA v7 Course #3 331 Comments
Share TweetSharePin it

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that questio are two types of attacks used on DNS open resolvers?
(Choose n/answer.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

CCNA 3 Final Exam Answers

1. Which design feature will limit the size of a failure domain in an enterprise
network?
 the purchase of enterprise equipment that is designed for large traffic volume
 the installation of redundant power supplies
 the use of a collapsed core design
 the use of the building switch block approach
Explanation: In order to best limit the of a failure domain, routers or multilayer
switches can be deployed in pairs. The failure of a single device should not
cause the network to go down. Installing redundant power supplies may protect a
single device from a power failure, but if that device suffers from another type of
problem, a redundant device would have been a better solution. Purchasing
enterprise equipment that handles large flows of traffic will not provide extra
reliability in times of an outage. If a collapsed core design is used, the core and
distribution are collapsed into a single device, increasing the chance of a
devastating outage.
2. Which two things should a network administrator modify on a router to perform
password recovery? (Choose two.)
 the system image file
 the NVRAM file system
 the configuration register value
 the startup configuration file
 system ROM
3. What type of network uses one common infrastructure to carry voice, data, and
video signals?
 borderless
 converged
 managed
 switched
Explanation: A converged network has only one physical network to install and
manage. This results in substantial savings over the installation and
management of separate voice, video, and data networks.
4. What are three advantages of using private IP addresses and NAT? (Choose
three.)
 hides private LAN addressing from outside devices that are connected to the
Internet
 permits LAN expansion without additional public IP addresses
 reduces CPU usage on customer routers
 creates multiple public IP addresses
 improves the performance of the router that is connected to the Internet
 conserves registered public IP addresses
Explanation: Private IP addresses are designed to be exclusively used for
internal networks and they cannot be used on the Internet. Thus they are not
visible directly from the Internet and they can be used freely by network
administrators for internal networks. In order for the internal hosts to access the
Internet, NAT is used to translate between private and public IP addresses. NAT
takes an internal private IP address and translates it to a global public IP address
before the packet is forwarded.
5. Which two scenarios are examples of remote access VPNs? (Choose two.)
 All users at a large branch office can access company resources through a
single VPN connection.
 A small branch office with three employees has a Cisco ASA that is used to
create a VPN connection to the HQ.
 A toy manufacturer has a permanent VPN connection to one of its parts
suppliers.
 A mobile sales agent is connecting to the company network via the Internet
connection at a hotel.
 An employee who is working from home uses VPN client software on a laptop
in order to connect to the company network.
Explanation: Remote access VPNs connect individual users to another network
via a VPN client that is installed on the user device. Site-to-site VPNs are “always
on” connections that use VPN gateways to connect two sites together. Users at
each site can access the network on the other site without having to use any
special clients or configurations on their individual devices.
6. What are three benefits of cloud computing? (Choose three.)
 It utilizes end-user clients to do a substantial amount of data preprocessing
and storage.
 It uses open-source software for distributed processing of large datasets.
 It streamlines the IT operations of an organization by subscribing only to
needed services.
 It enables access to organizational data anywhere and at any time.
 It turns raw data into meaningful information by discovering patterns and
relationships.
 It eliminates or reduces the need for onsite IT equipment, maintenance, and
management.
7. What is a characteristic of a single-area OSPF network?
 All routers share a common forwarding database.
 All routers have the same neighbor table.
 All routers are in the backbone area.
 All routers have the same routing table.
8. What is a WAN?
 a network infrastructure that spans a limited physical area such as a city
 a network infrastructure that provides access to other networks over a large
geographic area
 a network infrastructure that provides access in a small geographic area
 a network infrastructure designed to provide data storage, retrieval, and
replication
9. A network administrator has been tasked with creating a disaster recovery plan.
As part of this plan, the administrator is looking for a backup site for all of the data
on the company servers. What service or technology would support this
requirement?
 data center
 virtualization
 dedicated servers
 software defined networking
10. Which type of OSPF packet is used by a router to discover neighbor routers and
establish neighbor adjacency?
 link-state update
 hello
 database description
 link-state request
11. Which two statements are characteristics of a virus? (Choose two.)
 A virus has an enabling vulnerability, a propagation mechanism, and a
payload.
 A virus can be dormant and then activate at a specific time or date.
 A virus provides the attacker with sensitive data, such as passwords.
  A virus replicates itself by independently exploiting vulnerabilities in
networks.
 A virus typically requires end-user activation.
Explanation: The type of end user interaction required to launch a virus is
typically opening an application, opening a web page, or powering on the
computer. Once activated, a virus may infect other files located on the computer
or other computers on the same network.
12. Which public WAN access technology utilizes copper telephone lines to provide
access to subscribers that are multiplexed into a single T3 link connection?
 ISDN
 DSL
 cable
 dialup
13. A customer needs a metropolitan area WAN connection that provides high-
speed, dedicated bandwidth between two sites. Which type of WAN connection
would best fulfill this need?
 packet-switched network
 Ethernet WAN
 circuit-switched network
 MPLS
Explanation: MPLS can use a variety of underlying technologies such as T- and
E-Carriers, Carrier Ethernet, ATM, Frame Relay, and DSL, all of which support
lower speeds than an Ethernet WAN. Neither a circuit-switched network, such as
the public switched telephone network (PSTN) or Integrated Service Digital
Network (ISDN), nor a packet-switched network, is considered high speed.
14. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use debuggers?
 to detect installed tools within files and directories that provide threat actors
remote access and control over a computer or network
 to reverse engineer binary files when writing exploits and when analyzing
malware
 to obtain specially designed operating systems preloaded with tools
optimized for hacking
 to detect any evidence of a hack or malware in a computer or network
15. Consider the following output for an ACL that has been applied to a router via
the access-class in command. What can a network administrator determine from the
output that is shown?

R1#

Standard IP access list 2

10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)

20 deny any (1 match)

 Two devices connected to the router have IP addresses of 192.168.10. x .

 Two devices were able to use SSH or Telnet to gain access to the router.
 Traffic from one device was not allowed to come into one router port and be
routed outbound a different router port.
 Traffic from two devices was allowed to enter one router port and be routed
outbound to a different router port.
Explanation: The access-class command is used only on VTY ports. VTY ports
support Telnet and/or SSH traffic. The match permit ACE is how many attempts
were allowed using the VTY ports. The match deny ACE shows that a device
from a network other than 192.168.10.0 was not allowed to access the router
through the VTY ports.
16. What command would be used as part of configuring NAT or PAT to clear
dynamic entries before the timeout has expired?
 clear ip dhcp
 clear ip nat translation
 clear access-list counters
 clear ip pat statistics
17. What are two characteristics of video traffic? (Choose two.)
 Video traffic consumes less network resources than voice traffic consumes.
 Video traffic latency should not exceed 400 ms.
 Video traffic is more resilient to loss than voice traffic is.
 Video traffic requires a minimum of 30 kbs of bandwidth.
 Video traffic is unpredictable and inconsistent.
18. Refer to the exhibit. A technician is configuring R2 for static NAT to allow the
client to access the web server. What is a possible reason that the client PC cannot
access the web server?

 The IP NAT statement is incorrect.

 Interface Fa0/1 should be identified as the outside NAT interface.
 Interface S0/0/0 should be identified as the outside NAT interface.
 The configuration is missing a valid access control list.
Explanation: Interface S0/0/0 should be identified as the outside NAT interface.
The command to do this would be R2(config-if)# ip nat outside.
19. In setting up a small office network, the network administrator decides to assign
private IP addresses dynamically to workstations and mobile devices. Which feature
must be enabled on the company router in order for office devices to access the
internet?
 UPnP
 MAC filtering
 NAT
 QoS
Explanation: Network Address Translation (NAT) is the process used to convert
private addresses to internet-routable addresses that allow office devices to
access the internet.
20. A data center has recently updated a physical server to host multiple operating
systems on a single CPU. The data center can now provide each customer with a
separate web server without having to allocate an actual discrete server for each
customer. What is the networking trend that is being implemented by the data
center in this situation?
 online collaboration
 BYOD
 virtualization
 maintaining communication integrity
Explanation: Virtualization technology can run several different operating
systems in parallel on a single CPU.
21. Refer to the exhibit. Which address or addresses represent the inside global
address?

 192.168.0.100
 10.1.1.2
 any address in the 10.1.1.0 network
 209.165.20.25
22. Which two IPsec protocols are used to provide data integrity?
 MD5
 DH
 AES
 SHA
 RSA
Explanation: The IPsec framework uses various protocols and algorithms to
provide data confidentiality, data integrity, authentication, and secure key
exchange. Two popular algorithms used to ensure that data is not intercepted
and modified (data integrity) are MD5 and SHA. AES is an encryption protocol
and provides data confidentiality. DH (Diffie-Hellman) is an algorithm used for
key exchange. RSA is an algorithm used for authentication.
23. If an outside host does not have the Cisco AnyConnect client preinstalled, how
would the host gain access to the client image?
 The Cisco AnyConnect client is installed by default on most major operating
systems.
 The host initiates a clientless VPN connection using a compliant web browser to
download the client.
 The host initiates a clientless connection to a TFTP server to download the
client.
 The host initiates a clientless connection to an FTP server to download the
client.
Explanation: If an outside host does not have the Cisco AnyConnect client
preinstalled, the remote user must initiate a clientless SSL VPN connection via a
compliant web browser, and then download and install the AnyConnect client on
the remote host.
24. A company is considering updating the campus WAN connection. Which two
WAN options are examples of the private WAN architecture? (Choose two.)
 leased line
 cable
 digital subscriber line
 Ethernet WAN
 municipal Wi-Fi
Explanation: An organization can connect to a WAN through basic two options:
 Private WAN infrastructure – such as dedicated point-to-point leased lines,
PSTN, ISDN, Ethernet WAN, ATM, or Frame Relay
 Public WAN infrastructure – such as digital subscriber line (DSL), cable,
satellite access, municipal Wi-Fi, WiMAX, or wireless cellular including
3G/4G

25. Which type of QoS marking is applied to Ethernet frames?

 IP precedence
 DSCP
 ToS
 CoS
Explanation: The class of service (CoS) marking allows a Layer 2 Ethernet frame
to be marked with eight levels of priority (values 0–7). This marking can be used
by QoS-enabled network devices to provide preferential traffic treatment.
26. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One
router is configured as the NTP master, and the other is an NTP client. Which two
pieces of information can be obtained from the partial output of the show ntp
associations detail command on R2? (Choose two.)

 Both routers are configured to use NTPv2.

 Router R1 is the master, and R2 is the client
 The IP address of R2 is 192 168.1.2.
 Router R2 is the master, and R1 is the client
 The IP address of R1 is 192.168.1.2
Explanation: With the show NTP associations command, the IP address of the
NTP master is given.
27. Refer to the exhibit. The network administrator that has the IP address of
10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The
FTP server is also a web server that is accessible to all internal employees on
networks within the 10.x.x.x address. No other traffic should be allowed to this
server. Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)

R1(config)# interface s0/0/0

R1(config-if)# ip access-group 105 out
R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
Explanation: The first two lines of the ACL allow host 10.0.70.23 FTP access to
the server that has the IP address of 10.0.54.5. The next line of the ACL allows
HTTP access to the server from any host that has an IP address that starts with
the number 10. The fourth line of the ACL denies any other type of traffic to the
server from any source IP address. The last line of the ACL permits anything else
in case there are other servers or devices added to the 10.0.54.0/28 network.
Because traffic is being filtered from all other locations and for the 10.0.70.23
host device, the best place to put this ACL is closest to the server.
28. Refer to the exhibit. If the network administrator created a standard ACL that
allows only devices that connect to the R2 G0/0 network access to the devices on the
R1 G0/1 interface, how should the ACL be applied?

 inbound on the R2 G0/0 interface

 outbound on the R1 G0/1 interface
 inbound on the R1 G0/1 interface
 outbound on the R2 S0/0/1 interface
Explanation: Because standard access lists only filter on the source IP address,
they are commonly placed closest to the destination network. In this example, the
source packets will be coming from the R2 G0/0 network. The destination is the
R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1
interface.
29. Which is a characteristic of a Type 2 hypervisor?
 does not require management console software
 has direct access to server hardware resources
 best suited for enterprise environments
 installs directly on hardware
Explanation: Type 2 hypervisors are hosted on an underlaying operating system
and are best suited for consumer applications and those experimenting with
virtualization. Unlike Type 1 hypervisors, Type 2 hypervisors do not require a
management console and do not have direct access to hardware.
30. What are the two types of VPN connections? (Choose two.)
 PPPoE
  Frame Relay
 site-to-site
 remote access
 leased line
Explanation: PPPoE, leased lines, and Frame Relay are types of WAN
technology, not types of VPN connections.
31. Refer to the exhibit. What three conclusions can be drawn from the displayed
output? (Choose three.)

 The DR can be reached through the GigabitEthernet 0/0 interface.

 There have been 9 seconds since the last hello packet sent.
 This interface is using the default priority.
 The router ID values were not the criteria used to select the DR and the BDR.
 The router ID on the DR router is 3.3.3.3
 The BDR has three neighbors.
32. Refer to the exhibit. A network administrator is configuring an ACL to limit the
connection to R1 vty lines to only the IT group workstations in the network
192.168.22.0/28. The administrator verifies the successful Telnet connections from a
workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after
the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the
cause of the connection failure?

 The enable secret password is not configured on R1.

 The IT group network is included in the deny statement.
 The permit ACE specifies a wrong port number.
 The permit ACE should specify protocol ip instead of tcp.
 The login command has not been entered for vty lines.
Explanation: The source IP range in the deny ACE is 192.168.20.0 0.0.3.255,
which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group
network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore,
the connection is denied. To fix it, the order of the deny and permit ACE should
be switched.
33. What functionality does mGRE provide to the DMVPN technology?
 It allows the creation of dynamically allocated tunnels through a permanent
tunnel source at the hub and dynamically allocated tunnel destinations at the
spokes.
 It provides secure transport of private information over public networks, such
as the Internet.
 It is a Cisco software solution for building multiple VPNs in an easy, dynamic,
and scalable manner.
 It creates a distributed mapping database of public IP addresses for all VPN
tunnel spokes.
Explanation: DMVPN is built on three protocols, NHRP, IPsec, and mGRE.
NHRP is the distributed address mapping protocol for VPN tunnels. IPsec
encrypts communications on VPN tunnels. The mGRE protocol allows the
dynamic creation of multiple spoke tunnels from one permanent VPN hub.
34. What is used to pre-populate the adjacency table on Cisco devices that use CEF
to process packets?
 the FIB
 the routing table
 the ARP table
 the DSP
Explanation: CEF uses the FIB and adjacency table to make fast forwarding
decisions without control plane processing. The adjacency table is pre-populated
by the ARP table and the FIB is pre-populated by the routing table.
35. What command would be used as part of configuring NAT or PAT to display
information about NAT configuration parameters and the number of addresses in
the pool?
 show running-config
 show ip nat statistics
 show ip cache
 show version
36. What is a purpose of establishing a network baseline?
 It provides a statistical average for network performance.
 It creates a point of reference for future network evaluations.
 It manages the performance of network devices.
 It checks the security configuration of network devices.
Explanation: A baseline is used to establish normal network or system
performance. It can be used to compare with future network or system
performances in order to detect abnormal situations.
37. Match the type of WAN device or service to the description. (Not all options are
used.)
CPE —> devices and inside wiring that are located on the enterprise edge and
connect to a carrier link
DCE —> devices that provide an interface for customers to connect to within the
WAN cloud
DTE —> customer devices that pass the data from a customer network for
transmission over the WAN
local loop —> a physical connection from the customer to the service provider
POP
38. Which statement describes a characteristic of standard IPv4 ACLs?
 They filter traffic based on source IP addresses only.
 They can be created with a number but not with a name.
 They are configured in the interface configuration mode.
 They can be configured to filter traffic based on both source IP addresses
and source ports.
Explanation: A standard IPv4 ACL can filter traffic based on source IP addresses
only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports.
However, both standard and extended ACLs can be identified with either a
number or a name, and both are configured in global configuration mode.
39. Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with
the configuration?

 NAT-POOL2 is not bound to ACL 1.

 Interface Fa0/0 should be identified as an outside NAT interface.
  The NAT pool is incorrect.
 Access-list 1 is misconfigured.
Explanation: R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished
with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This
would enable the router to check for all interesting traffic and if it matches ACL 1
it would be translated by use of the addresses in NAT-POOL2.
40. Refer to the exhibit. What method can be used to enable an OSPF router to
advertise a default route to neighboring OSPF routers?

 Use a static route pointing to the ISP and redistribute it.

 Use the redistribute static command on R0-A.
 Use the default-information originate command on ISP.
 Use the default-information originate command on R0-A.
41. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use applications
such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?
 to capture and analyze packets within traditional Ethernet LANs or WLANs
 to probe and test the robustness of a firewall by using specially created
forged packets
 to make repeated guesses in order to crack a password
42. What are two syntax rules for writing a JSON array? (Choose two.)
 Each value in the array is separated by a comma.
 The array can include only one value type.
 A space must separate each value in the array.
 A semicolon separates the key and list of values.
 Values are enclosed in square brackets.
Explanation: A JSON array is a collection of ordered values within square
brackets [ ]. The values in the array are separated by a comma. For example
“users” : [“bob”, “alice”, “eve”].
43. What is a characteristic of a Trojan horse as it relates to network security?
 An electronic dictionary is used to obtain a password to be used to infiltrate a
key network device.
 Malware is contained in a seemingly legitimate executable program.
 Extreme quantities of data are sent to a particular network device interface.
 Too much information is destined for a particular memory block, causing
additional memory areas to be affecte
Explanation: A Trojan horse carries out malicious operations under the guise of a
legitimate program. Denial of service attacks send extreme quantities of data to a
particular host or network device interface. Password attacks use electronic
dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit
memory buffers by sending too much information to a host to render the system
inoperable.
44. An attacker is redirecting traffic to a false default gateway in an attempt to
intercept the data traffic of a switched network. What type of attack could achieve
this?
 TCP SYN flood
 DNS tunneling
 DHCP spoofing
 ARP cache poisoning
Explanation: In DHCP spoofing attacks, an attacker configures a fake DHCP
server on the network to issue DHCP addresses to clients with the aim of forcing
the clients to use a false default gateway, and other false services. DHCP
snooping is a Cisco switch feature that can mitigate DHCP attacks. MAC address
starvation and MAC address snooping are not recognized security attacks. MAC
address spoofing is a network security threat.
45. A company is developing a security policy for secure communication. In the
exchange of critical messages between a headquarters office and a branch office, a
hash value should only be recalculated with a predetermined code, thus ensuring the
validity of data source. Which aspect of secure communications is addressed?
 data integrity
 non-repudiation
 origin authentication
 data confidentiality
Explanation: Secure communications consists of four elements:
Data confidentiality – guarantees that only authorized users can read the
message
Data integrity – guarantees that the message was not altered
Origin authentication – guarantees that the message is not a forgery and does
actually come from whom it states
Data nonrepudiation – guarantees that the sender cannot repudiate, or refute,
the validity of a message sent
46. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use packet sniffers?
 to detect installed tools within files and directories that provide threat actors
remote access and control over a computer or network
 to detect any evidence of a hack or malware in a computer or network
 to probe and test the robustness of a firewall by using specially created
forged packets
 to capture and analyze packets within traditional Ethernet LANs or WLANs
47. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.15.255
 0.0.3.255
 0.0.7.255
 0.0.1.255
48. Match the HTTP method with the RESTful operation.
POST –>> Create
GET –>> Read
PUT/PATCH –>> Update/Replace?Modify
Delete –>> Delete
49. Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24
from East?

 782
 74
 128
 65
50. What is one reason to use the ip ospf priority command when the OSPF routing
protocol is in use?
 to activate the OSPF neighboring process
 to influence the DR/BDR election process
 to provide a backdoor for connectivity during the convergence process
 to streamline and speed up the convergence process
Explanation: The OSPF priority can be set to a number between 0 and 255. The
higher the number set, the more likely the router becomes the DR. A priority 0
stops a router from participating in the election process and the router does not
become a DR or a BDR.
51. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:

access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .

If a packet with a source address of 172.18.20.14, a destination address of

172.18.20.40, and a protocol of 21 is received on the interface, is the packet
permitted or denied?
 permitted
52. What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI
fabric architecture?
 The spine and leaf switches are always linked through core switches.
 The spine switches attach to the leaf switches and attach to each other for
redundancy.
 The leaf switches always attach to the spines and they are interlinked
through a trunk line.
 The leaf switches always attach to the spines, but they never attach to each
other.
53. Which two scenarios would result in a duplex mismatch? (Choose two.)
 connecting a device with autonegotiation to another that is manually set to full-
duplex
 starting and stopping a router interface during a normal operation
 connecting a device with an interface running at 100 Mbps to another with an
interface running at 1000 Mbps
 configuring dynamic routing incorrectly
 manually setting the two connected devices to different duplex modes
54. A network technician is configuring SNMPv3 and has set a security level of
auth . What is the effect of this setting?
 authenticates a packet by a string match of the username or community
string
 authenticates a packet by using either the HMAC with MD5 method or the
SHA method
 authenticates a packet by using either the HMAC MD5 or 3.HMAC SHA
algorithms and encrypts the packet with either the DES, 3DES or AES
algorithms
 authenticates a packet by using the SHA algorithm only
Explanation: For enabling SNMPv3 one of three security levels can be
configured:
1) noAuth
2) auth
3) priv
The security level configured determines which security algorithms are performed
on SNMP packets. The auth security level uses either HMAC with MD5 or SHA.
55. What are two types of attacks used on DNS open resolvers? (Choose two.)
 amplification and reflection
 resource utilization
 fast flux
 ARP poisoning
 cushioning
Explanation: Three types of attacks used on DNS open resolvers are as
follows:DNS cache poisoning – attacker sends spoofed falsified information to
redirect users from legitimate sites to malicious sites
DNS amplification and reflection attacks – attacker sends an increased volume of
attacks to mask the true source of the attack
DNS resource utilization attacks – a denial of service (DoS) attack that consumes
server resources
56. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:

access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq

telnet .

If a packet with a source address of 192.168.101.45, a destination address of

64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted
or denied?
 denied
 permitted
Case 2:

access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.0.15 eq

telnet .

If a packet with a source address of 192.168.100.219, a destination address of

64.100.40.10, and a protocol of 54 is received on the interface, is the packet
permitted or denied?
 denied
 permitted
57. Which type of resources are required for a Type 1 hypervisor?
 a dedicated VLAN
 a management console
 a host operating system
58. In JSON, what is held within square brackets [ ]?
 nested values
 key/value pairs
 an object
 an array
59. What are three components used in the query portion of a typical RESTful API
request? (Choose three.)
 resources
 protocol
 API server
 format
 key
 parameters
60. A user reports that when the corporate web page URL is entered on a web
browser, an error message indicates that the page cannot be displayed. The help-
desk technician asks the user to enter the IP address of the web server to see if the
page can be displayed. Which troubleshooting method is being used by the
technician?
 top-down
 bottom-up
 divide-and-conquer
 substitution
61. Which protocol provides authentication, integrity, and confidentiality services
and is a type of VPN?
 MD5
 AES
 IPsec
 ESP
Explanation: IPsec services allow for authentication, integrity, access control,
and confidentiality. With IPsec, the information exchanged between remote sites
can be encrypted and verified. Both remote-access and site-to-site VPNs can be
deployed using IPsec.
62. Which statement describes a characteristic of Cisco Catalyst 2960 switches?
 They are best used as distribution layer switches.
 New Cisco Catalyst 2960-C switches support PoE pass-through.
 They are modular switches.
 They do not support an active switched virtual interface (SVI) with IOS
versions prior to 15.x.
Explanation: Cisco Catalyst 2960 switches support one active switched virtual
interface (SVI) with IOS versions prior to 15.x. They are commonly used as
access layer switches and they are fixed configuration switches.
63. Which component of the ACI architecture translates application policies into
network programming?
 the hypervisor
 the Application Policy Infrastructure Controller
 the Nexus 9000 switch
 the Application Network Profile endpoints
64. Which two pieces of information should be included in a logical topology
diagram of a network? (Choose two.)
 device type
 cable specification
 interface identifier
 OS/IOS version
 connection type
  cable type and identifier
Explanation: The interface identifier and connection type should be included in a
logical topology diagram because they indicate which interface is connected to
other devices in the network with a specific type such as LAN, WAN, point-to-
point, etc. The OS/IOS version, device type, cable type and identifier, and cable
specification are typically included in a physical topology diagram.
65. Refer to the exhibit. A PC at address 10.1.1.45 is unable to access the Internet.
What is the most likely cause of the problem?

 The NAT pool has been exhausted.

 The wrong netmask was used on the NAT pool.
 Access-list 1 has not been configured properly.
 The inside and outside interfaces have been configured backwards.
Explanation: The output of show ip nat statistics shows that there are 2 total
addresses and that 2 addresses have been allocated (100%). This indicates that
the NAT pool is out of global addresses to give new clients. Based on the show
ip nat translations, PCs at 10.1.1.33 and 10.1.1.123 have used the two available
addresses to send ICMP messages to a host on the outside network.
66. What are two benefits of using SNMP traps? (Choose two.)
 They eliminate the need for some periodic polling requests.
 They reduce the load on network and agent resources.
 They limit access for management systems only.
  They can provide statistics on TCP/IP packets that flow through Cisco
devices.
 They can passively listen for exported NetFlow datagrams.
67. Which statement accurately describes a characteristic of IPsec?
 IPsec works at the application layer and protects all application data.
 IPsec is a framework of standards developed by Cisco that relies on OSI
algorithms.
 IPsec is a framework of proprietary standards that depend on Cisco specific
algorithms.
 IPsec works at the transport layer and protects data at the network layer.
 IPsec is a framework of open standards that relies on existing algorithms.
Explanation: IPsec can secure a path between two network devices. IPsec can
provide the following security functions:
Confidentiality – IPsec ensures confidentiality by using encryption.
Integrity – IPsec ensures that data arrives unchanged at the destination using a
hash algorithm, such as MD5 or SHA.
Authentication – IPsec uses Internet Key Exchange (IKE) to authenticate users
and devices that can carry out communication independently. IKE uses several
types of authentication, including username and password, one-time password,
biometrics, pre-shared keys (PSKs), and digital certificates.
Secure key exchange- IPsec uses the Diffie-Hellman (DH) algorithm to provide a
public key exchange method for two peers to establish a shared secret key.
68. In a large enterprise network, which two functions are performed by routers at
the distribution layer? (Choose two.)
 connect users to the network
 provide a high-speed network backbone
 connect remote networks
 provide Power over Ethernet to devices
 provide data traffic security
Explanation: In a large enterprise network, the provision of a high-speed network
backbone is a function of the core layer. Access layer switches connect users to
the network and provide Power over Ethernet to devices. Distribution layer
routers provide data traffic security and connections to other networks.
69. Which two statements describe the use of asymmetric algorithms? (Choose two.)
 Public and private keys may be used interchangeably.
 If a public key is used to encrypt the data, a public key must be used to
decrypt the data.
 If a private key is used to encrypt the data, a public key must be used to decrypt
the data.
 If a public key is used to encrypt the data, a private key must be used to decrypt
the data.
  If a private key is used to encrypt the data, a private key must be used to
decrypt the data.
Explanation: Asymmetric algorithms use two keys: a public key and a private
key. Both keys are capable of the encryption process, but the complementary
matched key is required for decryption. If a public key encrypts the data, the
matching private key decrypts the data. The opposite is also true. If a private key
encrypts the data, the corresponding public key decrypts the data.
70. Refer to the exhibit. A network administrator has deployed QoS and has
configured the network to mark traffic on the VoIP phones as well as the Layer 2
and Layer 3 switches. Where should initial marking occur to establish the trust
boundary?

 Trust Boundary 4
 Trust Boundary 3
 Trust Boundary 1
 Trust Boundary 2
Explanation: Traffic should be classified and marked as close to its source as
possible. The trust boundary identifies at which device marked traffic should be
trusted. Traffic marked on VoIP phones would be considered trusted as it moves
into the enterprise network.
71. What are two benefits of extending access layer connectivity to users through a
wireless medium? (Choose two.)
 reduced costs
 decreased number of critical points of failure
 increased flexibility
 increased bandwidth availability
 increased network management options
Explanation: Wireless connectivity at the access layer provides increased
flexibility, reduced costs, and the ability to grow and adapt to changing business
requirements. Utilizing wireless routers and access points can provide an
increase in the number of central points of failure. Wireless routers and access
points will not provide an increase in bandwidth availability.
72. What are two purposes of launching a reconnaissance attack on a network?
(Choose two.)
 to scan for accessibility
 to retrieve and modify data
 to gather information about the network and devices
 to prevent other users from accessing the system
 to escalate access privileges
Explanation: Gathering information about a network and scanning for access is a
reconnaissance attack. Preventing other users from accessing a system is a
denial of service attack. Attempting to retrieve and modify data, and attempting to
escalate access privileges are types of access attacks.
73. A group of users on the same network are all complaining about their computers
running slowly. After investigating, the technician determines that these computers
are part of a zombie network. Which type of malware is used to control these
computers?
 botnet
 spyware
 virus
 rootkit
Explanation: A botnet is a network of infected computers called a zombie
network. The computers are controlled by a hacker and are used to attack other
computers or to steal data.
74. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:

access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .

If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45,

and a protocol of 23 is received on the interface, is the packet permitted or denied?
 permitted
 denied
75. Refer to the exhibit. From which location did this router load the IOS?

 flash memory
 NVRAM?
 RAM
 ROM
 a TFTP server?
76. Refer to the exhibit. Which data format is used to represent the data for network
automation applications?

 XML
 YAML
 HTML
 JSON
Explanation: The common data formats that are used in many applications
including network automation and programmability are as follows:
 JavaScript Object Notation (JSON) – In JSON, the data known as an object is
one or more key/value pairs enclosed in braces { }. Keys must be strings
within double quotation marks ” “. Keys and values are separated by a colon.
 eXtensible Markup Language (XML) – In XML, the data is enclosed within a
related set of tags <tag>data</tag>.
 YAML Ain’t Markup Language (YAML) – In YAML, the data known as an
object is one or more key value pairs. Key value pairs are separated by a
colon without the use of quotation marks. YAML uses indentation to define its
structure, without the use of brackets or commas.
77. What QoS step must occur before packets can be marked?
 classifying
 shaping
 queuing
 policing
78. What is the main function of a hypervisor?
 It is used to create and manage multiple VM instances on a host machine.
 It is a device that filters and checks security credentials.
 It is a device that synchronizes a group of sensors.
 It is software used to coordinate and prepare data for analysis.
 It is used by ISPs to monitor cloud computing resources.
Explanation: A hypervisor is a key component of virtualization. A hypervisor is
often software-based and is used to create and manage multiple VM instances.
79. A company needs to interconnect several branch offices across a metropolitan
area. The network engineer is seeking a solution that provides high-speed converged
traffic, including voice, video, and data on the same network infrastructure. The
company also wants easy integration to their existing LAN infrastructure in their
office locations. Which technology should be recommended?
 Frame Relay
 Ethernet WAN
 VSAT
 ISDN
Explanation: Ethernet WAN uses many Ethernet standards and it connects easily
to existing Ethernet LANs. It provides a switched, high-bandwidth Layer 2
network capable of managing data, voice, and video all on the same
infrastructure. ISDN, while capable of supporting both voice and data, does not
provide high bandwidth. VSAT uses satellite connectivity to establish a private
WAN connection but with relatively low bandwidth. Use of VSAT, ISDN, and
Frame Relay require specific network devices for the WAN connection and data
conversion between LAN and WAN.
80. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS
treatment, which congestion avoidance technique is used?

 traffic shaping
 weighted random early detection
 classification and marking
 traffic policing
Explanation: Traffic shaping buffers excess packets in a queue and then
forwards the traffic over increments of time, which creates a smoothed packet
output rate. Traffic policing drops traffic when the amount of traffic reaches a
configured maximum rate, which creates an output rate that appears as a saw-
tooth with crests and troughs.
81. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:

access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .

If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and

a protocol of 53 is received on the interface, is the packet permitted or denied?
 denied
 permitted
82. Refer to the exhibit. What is the purpose of the command marked with an arrow
shown in the partial configuration output of a Cisco broadband router?

 defines which addresses are allowed into the router

 defines which addresses can be translated
 defines which addresses are assigned to a NAT pool
 defines which addresses are allowed out of the router
83. If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how
many ACLs could be created and applied to it?
 12
 4
 8
 16
 6
Explanation: In calculating how many ACLs can be configured, use the rule of
“three Ps”: one ACL per protocol, per direction, per interface. In this case, 2
interfaces x 2 protocols x 2 directions yields 8 possible ACLs.
84. Refer to the exhibit. An administrator first configured an extended ACL as
shown by the output of the show access-lists command. The administrator then
edited this access-list by issuing the commands below.

Router(config)# ip access-list extended 101

Router(config-ext-nacl)# no 20

Router(config-ext-nacl)# 5 permit tcp any any eq 22

Router(config-ext-nacl)# 20 deny udp any any

Which two conclusions can be drawn from this new configuration? (Choose two.)
 TFTP packets will be permitted.
 Ping packets will be permitted.
 Telnet packets will be permitted.
 SSH packets will be permitted.
 All TCP and UDP packets will be denied.
Explanation: After the editing, the final configuration is as follows:
Router# show access-lists
Extended IP access list 101
5 permit tcp any any eq ssh
10 deny tcp any any
20 deny udp any any
30 permit icmp any any
So, only SSH packets and ICMP packets will be permitted.
85. Which troubleshooting approach is more appropriate for a seasoned network
administrator rather than a less-experienced network administrator?
 a less-structured approach based on an educated guess
 an approach comparing working and nonworking components to spot
significant differences
 a structured approach starting with the physical layer and moving up through
the layers of the OSI model until the cause of the problem is identified
 an approach that starts with the end-user applications and moves down
through the layers of the OSI model until the cause of the problem has been
identified
86. Refer to the exhibit. Many employees are wasting company time accessing social
media on their work computers. The company wants to stop this access. What is the
best ACL type and placement to use in this situation?

 extended ACL outbound on R2 WAN interface towards the internet

 standard ACL outbound on R2 WAN interface towards the internet
 standard ACL outbound on R2 S0/0/0
 extended ACLs inbound on R1 G0/0 and G0/1
87. Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-
A is unable to access the Internet. The administrator tries to ping a server on the
Internet from PC-A and collects the debugs that are shown in the exhibit. Based on
this output, what is most likely the cause of the problem?

 The inside and outside NAT interlaces have been configured backwards
 The inside global address is not on the same subnet as the ISP
 The address on Fa0/0 should be 64.100.0.1.
 The NAT source access list matches the wrong address range.
Explanation: The output of debug ip nat shows each packet that is translated by
the router. The “s” is the source IP address of the packet and the “d” is the
destination. The address after the arrow (“->”) shows the translated address. In
this case, the translated address is on the 209.165.201.0 subnet but the ISP
facing interface is in the 209.165.200.224/27 subnet. The ISP may drop the
incoming packets, or might be unable to route the return packets back to the host
because the address is in an unknown subnet.
88. Why is QoS an important issue in a converged network that combines voice,
video, and data communications?
 Data communications must be given the first priority.
 Voice and video communications are more sensitive to latency.
 Legacy equipment is unable to transmit voice and video without QoS.
 Data communications are sensitive to jitter.
Explanation: Without any QoS mechanisms in place, time-sensitive packets,
such as voice and video, will be dropped with the same frequency as email and
web browsing traffic.
89. Which statement describes a VPN?
 VPNs use logical connections to create public networks through the Internet.
 VPNs use open source virtualization software to create the tunnel through
the Internet.
 VPNs use dedicated physical connections to transfer data between remote
users.
 VPNs use virtual connections to create a private network through a public
network.
Explanation: A VPN is a private network that is created over a public network.
Instead of using dedicated physical connections, a VPN uses virtual connections
routed through a public network between two network devices.
90. In which OSPF state is the DR/BDR election conducted?
 ExStart
 Init
 Two-Way
 Exchange
91. Two corporations have just completed a merger. The network engineer has been
asked to connect the two corporate networks without the expense of leased lines.
Which solution would be the most cost effective method of providing a proper and
secure connection between the two corporate networks?
 Cisco Secure Mobility Clientless SSL VPN
 Frame Relay
 remote access VPN using IPsec
 Cisco AnyConnect Secure Mobility Client with SSL
 site-to-site VPN
Explanation: The site-to-site VPN is an extension of a classic WAN network that
provides a static interconnection of entire networks. Frame Relay would be a
better choice than leased lines, but would be more expensive than implementing
site-to-site VPNs. The other options refer to remote access VPNs which are
better suited for connecting users to the corporate network versus
interconnecting two or more networks.
92. What is the final operational state that will form between an OSPF DR and a
DROTHER once the routers reach convergence?
 loading
 established
 full
 two-way
93. Refer to the exhibit. If the switch reboots and all routers have to re-establish
OSPF adjacencies, which routers will become the new DR and BDR?
  Router R3 will become the DR and router R1 will become the BDR.
 Router R4 will become the DR and router R3 will become the BDR.
 Router R1 will become the DR and router R2 will become the BDR.
 Router R3 will become the DR and router R2 will become the BDR.
Explanation: OSPF elections of a DR are based on the following in order of
precedence:
 highest pritority from 1 -255 (0 = never a DR)
 highest router ID
 highest IP address of a loopback or active interface in the absence of a
manually configured router ID. Loopback IP addresses take higher
precedence than other interfaces.
In this case routers R3 and R1 have the highest router priority. Between the two,
R3 has the higher router ID. Therefore, R3 will become the DR and R1 will
become the BDR.

Case 2:
 Enterprise Networking, Security, and Automation (Version 7.00) – ENSA Final Exam
 Router R2 will become the DR and router R4 will become the BDR.
 Router R1 will become the DR and router R3 will become the BDR.
 Router R4 will become the DR and router R3 will become the BDR.
 Router R3 will become the DR and router R2 will become the BDR.
94. Which type of server would be used to keep a historical record of messages from
monitored network devices?
 DNS
 print
 DHCP
 syslog
 authentication
Explanation: A syslog server is used as a centralized location for logged
messages from monitored network devices.
95. When QoS is implemented in a converged network, which two factors can be
controlled to improve network performance for real-time traffic? (Choose two.)
 packet addressing
  delay
 jitter
 packet routing
 link speed
Explanation: Delay is the latency between a sending and receiving device. Jitter
is the variation in the delay of the received packets. Both delay and jitter need to
be controlled in order to support real-time voice and video traffic.
96. In which step of gathering symptoms does the network engineer determine if the
problem is at the core, distribution, or access layer of the network?
 Determine ownership.
 Determine the symptoms.
 Narrow the scope.
 Document the symptoms.
 Gather information.
Explanation: In the “narrow the scope” step of gathering symptoms, a network
engineer will determine if the network problem is at the core, distribution, or
access layer of the network. Once this step is complete and the layer is
identified, the network engineer can determine which pieces of equipment are the
most likely cause.
97. What protocol sends periodic advertisements between connected Cisco devices in
order to learn device name, IOS version, and the number and type of interfaces?
 CDP
 SNMP
 NTP
 LLDP
98. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 192.168.0.0 255.255.252.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.0.127
 0.0.0.31
 0.0.3.255
 0.0.0.63
99. Refer to the exhibit. An administrator configures the following ACL in order to
prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:

access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5

access-list 100 permit ip any any

Where should the administrator place this ACL for the most efficient use of
network resources?
 inbound on router A Fa0/0
 outbound on router B Fa0/0
 outbound on router A Fa0/1
 inbound on router B Fa0/1
100. Which type of OSPFv2 packet is used to forward OSPF link change
information?
 link-state acknowledgment
 link-state update
 hello
 database description
101. What protocol synchronizes with a private master clock or with a publicly
available server on the internet?
 MPLS
 CBWFQ
 TFTP
 NTP
102. Which type of VPN allows multicast and broadcast traffic over a secure site-to-
site VPN?
 dynamic multipoint VPN
 SSL VPN
 IPsec virtual tunnel interface
 GRE over IPsec
103. An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16,
and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0
network to neighbors?
 router(config-router)# network 10.1.0.0 0.0.255.255 area 0
 router(config-router)# network 10.1.0.0 0.0.15.255 area 0
  router(config-router)# network 10.1.0.0 255.255.255.0 area 0
 router(config-router)# network 10.1.0.0 0.0.0.0 area 0
104. Refer to the exhibit. Which sequence of commands should be used to configure
router A for OSPF?

i386046n1v2.gif
router ospf 1
network 192.168.10.0 area 0
router ospf 1
network 192.168.10.0
router ospf 1
network 192.168.10.64 255.255.255.192
network 192.168.10.192 255.255.255.252
router ospf 1
network 192.168.10.64 0.0.0.63 area 0
network 192.168.10.192 0.0.0.3 area 0
105. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.7.255
 0.0.1.255
 0.0.3.255
 0.0.15.255
106. How does virtualization help with disaster recovery within a data center?
 improvement of business practices
 supply of consistent air flow
 support of live migration
 guarantee of power
Explanation: Live migration allows moving of one virtual server to another virtual
server that could be in a different location that is some distance from the original
data center.

Case 2:
 Less energy is consumed.
 Server provisioning is faster.
 Hardware at the recovery site does not have to be identical to production
equipment.
 Power is always provided.
Explanation: Improved disaster recovery – Virtualization offers advanced
business continuity solutions. It provides hardware abstraction capability so that
the recovery site no longer needs to have hardware that is identical to the
hardware in the production environment. Most enterprise server virtualization
platforms also have software that can help test and automate the failover before
a disaster does happen.
107. How does virtualization help with disaster recovery within a data center?
 Hardware does not have to be identical.
 (Other case) Hardware at the recovery site does not have to be identical to
production equipment.
 Power is always provided.
 Less energy is consumed.
 Server provisioning is faster.
Explanation: Disaster recovery is how a company goes about accessing
applications, data, and the hardware that might be affected during a disaster.
Virtualization provides hardware independence which means the disaster
recovery site does not have to have the exact equipment as the equipment in
production. Server provisioning is relevant when a server is built for the first time.
Although data centers do have backup generators, the entire data center is
designed for disaster recovery. One particular data center could never guarantee
that the data center itself would never be without power.
108. Refer to the exhibit. Which devices exist in the failure domain when switch S3
loses power?

 S4 and PC_2
 PC_3 and AP_2
 AP_2 and AP_1
 PC_3 and PC_2
 S1 and S4
A failure domain is the area of a network that is impacted when a critical device
such as switch S3 has a failure or experiences problems.
109. Which set of access control entries would allow all users on the 192.168.10.0/24
network to access a web server that is located at 172.17.80.1, but would not allow
them to use Telnet?
access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
For an extended ACL to meet these requirements the following need to be
included in the access control entries:
identification number in the range 100-199 or 2000-2699
permit or deny parameter
protocol
source address and wildcard
destination address and wildcard
port number or name
110. Refer to the exhibit. A network administrator needs to add an ACE to the
TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20.
Which ACE will meet this requirement?

 5 deny 172.23.16.0 0.0.15.255

 5 deny 172.23.16.0 0.0.255.255
 15 deny 172.23.16.0 0.0.15.255
 30 deny 172.23.16.0 0.0.15.255
Explanation: The only filtering criteria specified for a standard access list is the
source IPv4 address. The wild card mask is written to identify what parts of the
address to match, with a 0 bit, and what parts of the address should be ignored,
which a 1 bit. The router will parse the ACE entries from lowest sequence
number to highest. If an ACE must be added to an existing access list, the
sequence number should be specified so that the ACE is in the correct place
during the ACL evaluation process.
111. Which step in the link-state routing process is described by a router building a
link-state database based on received LSAs?
 executing the SPF algorithm
 building the topology table
 selecting the router ID
 declaring a neighbor to be inaccessible
112. What protocol uses agents, that reside on managed devices, to collect and store
information about the device and its operation?
 SYSLOG
 TFTP
 CBWFQ
 SNMP
113. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask
would the administrator use in the OSPF network statement?
 0.0.0.63
 0.0.0.255
 0.0.0.31
 0.0.0.15
114. When will an OSPF-enabled router transition from the Down state to the Init
state?
 when an OSPF-enabled interface becomes active
 as soon as the router starts
 when the router receives a hello packet from a neighbor router
 as soon as the DR/BDR election process is complete
Explanation: When OSPFv2 is enabled, the enabled Gigabit Ethernet 0/0
interface transitions from the Down state to the Init state. R1 starts sending Hello
packets out all OSPF-enabled interfaces to discover OSPF neighbors to develop
adjacencies with.

115. What type of traffic is described as having a high volume of data per packet?
  data
 video
 voice
116. What protocol is a vendor-neutral Layer 2 protocol that advertises the identity
and capabilities of the host device to other connected network devices?
 LLDP
 NTP
 TFTP
 SNMP
117. Which step in the link-state routing process is described by a router running an
algorithm to determine the best path to each destination?
 building the topology table
 selecting the router ID
 declaring a neighbor to be inaccessible
 executing the SPF algorithm
118. Refer to the exhibit. Which conclusion can be drawn from this OSPF
multiaccess network?

 If the DR stops producing Hello packets, a BDR will be elected, and then it
promotes itself to assume the role of DR.
 With an election of the DR, the number of adjacencies is reduced from 6 to 3.
 When a DR is elected all other non-DR routers become DROTHER.
 All DROTHER routers will send LSAs to the DR and BDR to multicast
224.0.0.5.
On OSPF multiaccess networks, a DR is elected to be the collection and
distribution point for LSAs sent and received. A BDR is also elected in case the
DR fails. All other non-DR or BDR routers become DROTHER. Instead of
flooding LSAs to all routers in the network, DROTHERs only send their LSAs to
the DR and BDR using the multicast address 224.0.0.6. If there is no DR/BDR
election, the number of required adjacencies is n(n-1)/2 = > 4(4-1)/2 = 6. With the
election, this number is reduced to 3.
119. Refer to the exhibit. The network administrator has an IP address of
192.168.11.10 and needs access to manage R1. What is the best ACL type and
placement to use in this situation?

 extended ACL outbound on R2 WAN interface towards the internet

 standard ACL inbound on R1 vty lines
 extended ACLs inbound on R1 G0/0 and G0/1
 extended ACL outbound on R2 S0/0/1
Explanation: Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
120. Which type of VPN connects using the Transport Layer Security (TLS)
feature?
 SSL VPN
  IPsec virtual tunnel interface
 GRE over IPsec
 dynamic multipoint VPN
Explanation: When a client negotiates an SSL VPN connection with the VPN
gateway, it connects using Transport Layer Security (TLS). TLS is the newer
version of SSL and is sometimes expressed as SSL/TLS. The two terms are
often used interchangeably.
121. Which group of APIs are used by an SDN controller to communicate with
various applications?
 eastbound APIs
 westbound APIs
 northbound APIs
 southbound APIs
122. A company has consolidated a number of servers and it is looking for a
program or firmware to create and control virtual machines which have access to
all the hardware of the consolidated servers. What service or technology would
support this requirement?
 Cisco ACI
 software defined networking
 Type-1 hypervisor
 APIC-EM
123. What command would be used as part of configuring NAT or PAT to identify
inside local addresses that are to be translated?
 ip nat inside source list 24 interface serial 0/1/0 overload
 ip nat inside source list 14 pool POOL-STAT overload
 access-list 10 permit 172.19.89.0 0.0.0.255
 ip nat inside source list ACCTNG pool POOL-STAT
124. Anycompany has decided to reduce its environmental footprint by reducing
energy costs, moving to a smaller facility, and promoting telecommuting, what
service or technology would support requirement?
 -Cloud services
 Data center
 APIC-EM
 Cisco ACI
125. Refer to the exhibit. An administrator is trying to back up the current running
configuration of the router to a USB drive, and enters the command copy
usbflash0:/R1-config running-config on the router command line. After removing
the USB drive and connecting it to a PC, the administrator discovers that the
running configuration was not properly backed up to the R1-config file. What is the
problem?

 The file already exists on the USB drive and cannot be overwritten.
 The drive was not properly formatted with the FAT16 file system.
 There is no space left on the USB drive.
 The USB drive is not recognized by the router.
 The command that the administrator used was incorrect.
126. Which three types of VPNs are examples of enterprise-managed site-to-site
VPNs? (Choose three.)
 Layer 3 MPLS VPN
 IPsec VPN
 Cisco Dynamic Multipoint VPN
 GRE over IPsec VPN
 clientless SSL VPN
 client-based IPsec VPN
127. Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive
information and are not allowed access off their network. What is the best ACL type
and placement to use in this situation?

 standard ACL inbound on R1 vty lines

 extended ACL inbound on R1 G0/0
 standard ACL inbound on R1 G0/1
 extended ACL inbound on R3 S0/0/1
128. In an OSPF network which two statements describe the link-state database
(LSDB)? (Choose two.)
 It can be viewed by using the show ip ospf database command.
 A neighbor table is created based on the LSDB.
 It contains a list of only the best routes to a particular network.
 It contains a list of all neighbor routers to which a router has established
bidirectional communication.
 All routers within an area have an identical link-state database.
129. In an OSPF network which OSPF structure is used to create the neighbor table
on a router?
 adjacency database
 link-state database
 routing table
 forwarding database
130. What protocol is used in a system that consists of three elements--a manager,
agents, and an information database?
  MPLS
 SYSLOG
 SNMP
 TFTP
131. What type of traffic is described as not resilient to loss?
 data
 video
 voice
Explanation: Video traffic tends to be unpredictable, inconsistent, and bursty
compared to voice traffic. Compared to voice, video is less resilient to loss and
has a higher volume of data per packet.
132. Refer to the exhibit. Router R1 is configured with static NAT. Addressing on
the router and the web server are correctly configured, but there is no connectivity
between the web server and users on the Internet. What is a possible reason for this
lack of connectivity?

 Interface Fa0/0 should be configured with the command ip nat outside .

 The inside global address is incorrect.
 The router NAT configuration has an incorrect inside local address.
 The NAT configuration on interface S0/0/1 is incorrect.
133. Which type of API would be used to allow authorized salespeople of an
organization access to internal sales data from their mobile devices?
 open
 partner
  public
 private
134. Refer to the exhibit. Which data format is used to represent the data for
network automation applications?

 XML
 HTML
 YAML
 JSON
Explanation:
Common data formats that are used in many applications including network
automation and programmability include these:
JavaScript Object Notation (JSON) – In JSON, the data known as an object is
one or more key/value pairs enclosed in braces { }. Keys must be strings within
double quotation marks ” “. Keys and values are separated by a colon.
eXtensible Markup Language (XML) – In XML, the data is enclosed within a
related set of tags data.
YAML Ain’t Markup Language (YAML) – In YAML, the data known as an object is
one or more key value pairs. Key value pairs are separated by a colon without
the use of quotation marks. YAML uses indentation to define its structure, without
the use of brackets or commas.
135. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:

access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq

telnet .

If a packet with a source address of 198.133.219.100, a destination address of

198.133.219.170, and a protocol of 23 is received on the interface, is the packet
permitted or denied?
 denied
 permitted
136. Refer to the exhibit. If no router ID was manually configured, what would
router R1 use as its OSPF router ID?

 10.0.0.1
 10.1.0.1
 192.168.1.100
 209.165.201.1
137. What protocol is a vendor-neutral Layer 2 protocol that advertises the identity
and capabilities of the host device to other connected network devices?
 NTP
 LLDP
 SNMP
 MPLS
138. Which type of VPN uses a hub-and-spoke configuration to establish a full mesh
topology?
 MPLS VPN
 GRE over IPsec
 IPsec virtual tunnel interface
 dynamic multipoint VPN
139. What is a characteristic of the REST API?
 evolved into what became SOAP
 used for exchanging XML structured information over HTTP or SMTP
 considered slow, complex, and rigid
 most widely used API for web services
141. A student, doing a summer semester of study overseas, has taken hundreds of
pictures on a smartphone and wants to back them up in case of loss. What service or
technology would support this requirement?
 Cisco ACI
  cloud services
 software defined networking
 dedicated servers
142. Consider the following access list that allows IP phone configuration file
transfers from a particular host to a TFTP server:

R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000

R1(config)# access-list 105 deny ip any any

R1(config)# interface gi0/0

R1(config-if)# ip access-group 105 out

Which method would allow the network administrator to modify the ACL and
include FTP transfers from any source IP address?
R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# no access-list 105
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
143. Which three statements are generally considered to be best practices in the
placement of ACLs? (Choose three.)
  Filter unwanted traffic before it travels onto a low-bandwidth link.
 Place standard ACLs close to the destination IP address of the traffic.
 Place standard ACLs close to the source IP address of the traffic.
 Place extended ACLs close to the destination IP address of the traffic.
 Place extended ACLs close to the source IP address of the traffic.
 For every inbound ACL placed on an interface, there should be a matching
outbound ACL.
Explanation: Extended ACLs should be placed as close as possible to the source
IP address, so that traffic that needs to be filtered does not cross the network and
use network resources. Because standard ACLs do not specify a destination
address, they should be placed as close to the destination as possible. Placing a
standard ACL close to the source may have the effect of filtering all traffic, and
limiting services to other hosts. Filtering unwanted traffic before it enters low-
bandwidth links preserves bandwidth and supports network functionality.
Decisions on placing ACLs inbound or outbound are dependent on the
requirements to be met.
144.

Match the term to the web link

http://www.buycarsfromus.com/2020models/ford/suv.html#Escape component. (Not
all options are used.)
145. What command would be used as part of configuring NAT or PAT to display
all static translations that have been configured?
 show ip nat translations
 show ip pat translations
 show ip cache
 show running-config
146. A network administrator modified an OSPF-enabled router to have a hello
timer setting of 20 seconds. What is the new dead interval time setting by default?
 40 seconds
 60 seconds
  80 seconds
 100 seconds
147. Which type of VPN is the preferred choice for support and ease of deployment
for remote access?
 SSL VPN
 GRE over IPsec
 dynamic multipoint VPN
 IPsec virtual tunnel interface
148. What type of traffic is described as predictable and smooth?
 video
 data
 voice
149. Which queuing mechanism has no provision for prioritizing or buffering but
simply forwards packets in the order they arrive?
 FIFO
 LLQ
 CBWFQ
 WFQ
150. Refer to the exhibit. A network administrator has configured OSPFv2 on the
two Cisco routers. The routers are unable to form a neighbor adjacency. What
should be done to fix the problem on router R2?

 Implement the command no passive-interface Serial0/1.

 Implement the command network 192.168.2.6 0.0.0.0 area 0 on router R2.
 Change the router-id of router R2 to 2.2.2.2.
 Implement the command network 192.168.3.1 0.0.0.0 area 0 on router R2.
151. A network administrator is troubleshooting an OSPF problem that involves
neighbor adjacency. What should the administrator do?
 Make sure that the router priority is unique on each router.
  Make sure that the DR/BDR election is complete.
 Make sure that the router ID is included in the hello packet.
 Make sure that the hello and dead interval timers are the same on all routers.
152. Refer to the exhibit. Internet privileges for an employee have been revoked
because of abuse but the employee still needs access to company resources. What is
the best ACL type and placement to use in this situation?

CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers 49

 standard ACL inbound on R2 WAN interface connecting to the internet
 standard ACL outbound on R2 WAN interface towards the internet
 standard ACL inbound on R1 G0/0
 standard ACL outbound on R1 G0/0
Explanation: – Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
– Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
153. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:

access-list 100 permit tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq

www .

If a packet with a source address of 192.168.10.244, a destination address of

172.17.200.56, and a protocol of 80 is received on the interface, is the packet
permitted or denied?
 denied
 permitted
154. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use applications
such as Nmap, SuperScan, and Angry IP Scanner?
 to detect installed tools within files and directories that provide threat actors
remote access and control over a computer or network
 to detect any evidence of a hack or malware in a computer or network
 to reverse engineer binary files when writing exploits and when analyzing
malware
 to probe network devices, servers, and hosts for open TCP or UDP ports
155. What command would be used as part of configuring NAT or PAT to display
any dynamic PAT translations that have been created by traffic?
 show ip pat translations
 show ip cache
 show running-config
 show ip nat translations
156. An administrator is configuring single-area OSPF on a router. One of the
networks that must be advertised is 172.16.91.0 255.255.255.192. What wildcard
mask would the administrator use in the OSPF network statement?
 0.0.31.255
 0.0.0.63
 0.0.15.255
 0.0.7.255
157. What type of traffic is described as requiring latency to be no more than 400
milliseconds (ms)?
 video
 data
 voice
158. Refer to the exhibit. Which two configurations would be used to create and
apply a standard access list on R1, so that only the 10.0.70.0/25 network devices are
allowed to access the internal database server? (Choose two.)

A.
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip access-group 5 out
B.
R1(config)# access-list 5 permit 10.0.54.0 0.0.1.255
C.
R1(config)# interface Serial0/0/0
R1(config-if)# ip access-group 5 in
D.
R1(config)# access-list 5 permit 10.0.70.0 0.0.0.127
E.
R1(config)# access-list 5 permit any
159. A network administrator is writing a standard ACL that will deny any traffic
from the 172.16.0.0/16 network, but permit all other traffic. Which two commands
should be used? (Choose two.)
 Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
 Router(config)# access-list 95 permit any
 Router(config)# access-list 95 host 172.16.0.0
 Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
 Router(config)# access-list 95 172.16.0.0 255.255.255.255
 Router(config)# access-list 95 deny any
Explanation: To deny traffic from the 172.16.0.0/16 network, the access-list 95
deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic,
the access-list 95 permit any statement is added.
160. Refer to the exhibit. The company has decided that no traffic initiating from
any other existing or future network can be transmitted to the Research and
Development network. Furthermore, no traffic that originates from the Research
and Development network can be transmitted to any other existing or future
networks in the company. The network administrator has decided that extended
ACLs are better suited for these requirements. Based on the information given,
what will the network administrator do?

 One ACL will be placed on the R1 Gi0/0 interface and one ACL will be
placed on the R2 Gi0/0 interface.
 Only a numbered ACL will work for this situation.
 One ACL will be placed on the R2 Gi0/0 interface and one ACL will be
placed on the R2 S0/0/0 interface.
 Two ACLs (one in each direction) will be placed on the R2 Gi0/0 interface.
161. What protocol uses smaller stratum numbers to indicate that the server is
closer to the authorized time source than larger stratum numbers?
 TFTP
 SYSLOG
 NTP
 MPLS
162. Refer to the exhibit. If no router ID was manually configured, what would
router Branch1 use as its OSPF router ID?
  10.0.0.1
 10.1.0.1
 192.168.1.100
 209.165.201.1
Explanation: In OSPFv2, a Cisco router uses a three-tier method to derive its
router ID. The first choice is the manually configured router ID with the router-id
command. If the router ID is not manually configured, the router will choose the
highest IPv4 address of the configured loopback interfaces. Finally if no loopback
interfaces are configured, the router chooses the highest active IPv4 address of
its physical interfaces.
163. Match the HTTP method with the RESTful operation.

164. Refer to the exhibit. A web designer calls to report that the web server web-
s1.cisco.com is not reachable through a web browser. The technician uses command
line utilities to verify the problem and to begin the troubleshooting process. Which
two things can be determined about the problem? (Choose two.)

 The web server at 192.168.0.10 is reachable from the source host.

 DNS cannot resolve the IP address for the server web-s1.cisco.com.
 A router is down between the source host and the server web-s1.cisco.com.
 There is a problem with the web server software on web-s1.cisco.com.
 The default gateway between the source host and the server at 192.168.0.10
is down.
Explanation: The successful result of the ping to the IP address indicates that the
network is operational and the web server is online. However, the fact that the
ping to the domain name of the server fails indicates there is a DNS issue,
namely that the host cannot resolve the domain name to its associated IP
address.
165. What type of traffic is described as tending to be unpredictable, inconsistent,
and bursty?
 video
 voice
 data
166. Match the functions to the corresponding layers. (Not all options are used.)

167. What type of traffic is described as consisting of traffic that requires a higher
priority if interactive?
 voice
 data
 video
168. Which type of VPN provides a flexible option to connect a central site with
branch sites?
  IPsec virtual tunnel interface
 MPLS VPN
 dynamic multipoint VPN
 GRE over IPsec
169. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use fuzzers?
 to discover security vulnerabilities of a computer
 to detect any evidence of a hack or malware in a computer or network
 to reverse engineer binary files when writing exploits and when analyzing
malware
 to detect installed tools within files and directories that provide threat actors
remote access and control over a computer or network
170. Refer to the exhibit. A network administrator has configured a standard ACL
to permit only the two LAN networks attached to R1 to access the network that
connects to R2 G0/1 interface, but not the G0/0 interface. When following the best
practices, in what location should the standard ACL be applied?

 R1 S0/0/0 outbound
 R2 G0/0 outbound
 R2 S0/0/1 outbound
 R1 S0/0/0 inbound
 R2 G0/1 inbound
171. Two OSPF-enabled routers are connected over a point-to-point link. During
the ExStart state, which router will be chosen as the first one to send DBD packets?
 the router with the highest router ID
 the router with the lowest IP address on the connecting interface
 the router with the highest IP address on the connecting interface
 the router with the lowest router ID
Explain:In the ExStart state, the two routers decide which router will send the
DBD packets first. The router with the higher router ID will be the first router to
send DBD packets during the Exchange state
172. Which step in the link-state routing process is described by a router sending
Hello packets out all of the OSPF-enabled interfaces?
 exchanging link-state advertisements
 electing the designated router
 injecting the default route
 establishing neighbor adjacencies
Explanation: OSPF-enabled routers must recognize each other on the network
before they can share information. An OSPF-enabled router sends Hello packets
out all OSPF-enabled interfaces to determine if neighbors are present on those
links. If a neighbor is present, the OSPF-enabled router attempts to establish a
neighbor adjacency with that neighbor.
173. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use forensic tools?
 to obtain specially designed operating systems preloaded with tools
optimized for hacking
 to detect any evidence of a hack or malware in a computer or network
 to detect installed tools within files and directories that provide threat actors
remote access and control over a computer or network
 to reverse engineer binary files when writing exploits and when analyzing
malware
174. Refer to the exhibit. A network administrator has configured OSPFv2 on the
two Cisco routers but PC1 is unable to connect to PC2. What is the most likely
problem?
  Interface Fa0/0 has not been activated for OSPFv2 on router R2.
 Interface Fa0/0 is configured as a passive-interface on router R2.
 Interface S0/0 is configured as a passive-interface on router R2.
 Interface s0/0 has not been activated for OSPFv2 on router R2.
Explanation: If a LAN network is not advertised using OSPFv2, a remote network
will not be reachable. The output displays a successful neighbor adjacency
between router R1 and R2 on the interface S0/0 of both routers.
175. ABCTech is investigating the use of automation for some of its products. In
order to control and test these products, the programmers require Windows, Linux,
and MAC OS on their computers. What service or technology would support this
requirement?
 dedicated servers
 software defined networking
 virtualization
 Cisco ACI
176. A network engineer has noted that some expected network route entries are not
displayed in the routing table. Which two commands will provide additional
information about the state of router adjacencies, timer intervals, and the area ID?
(Choose two.)
 show ip protocols
 show ip ospf neighbor
  show running-configuration
 show ip ospf interface
 show ip route ospf
Explanation: The show ip ospf interface command will display routing table
information that is already known. The show running-configuration and show ip
protocols commands will display aspects of the OSPF configuration on the router
but will not display adjacency state details or timer interval details.
177. Which type of VPN involves the forwarding of traffic over the backbone
through the use of labels distributed among core routers?
 MPLS VPN
 GRE over IPsec
 IPsec virtual tunnel interface
 dynamic multipoint VPN
178. Which type of VPN involves a nonsecure tunneling protocol being encapsulated
by IPsec?
 SSL VPN
 dynamic multipoint VPN
 GRE over IPsec
 IPsec virtual tunnel interface
179. A company has contracted with a network security firm to help identify the
vulnerabilities of the corporate network. The firm sends a team to perform
penetration tests to the company network. Why would the team use hacking
operation systems?
 to detect any evidence of a hack or malware in a computer or network
 to obtain specially designed operating systems preloaded with tools optimized
for hacking
 to encode data, using algorithm schemes, to prevent unauthorized access to
the encrypted data
 to reverse engineer binary files when writing exploits and when analyzing
malware
180. What command would be used as part of configuring NAT or PAT to identify
an interface as part of the external global network?
 ip pat inside
 access-list 10 permit 172.19.89.0 0.0.0.255
 ip nat inside
 ip nat outside
181. To avoid purchasing new hardware, a company wants to take advantage of idle
system resources and consolidate the number of servers while allowing for multiple
operating systems on a single hardware platform. What service or technology would
support this requirement?
 data center
 cloud services
  virtualization
 dedicated servers
Explain: Server virtualization takes advantage of idle resources and consolidates
the number of required servers. This also allows for multiple operating systems to
exist on a single hardware platform.
182. Which type of VPN routes packets through virtual tunnel interfaces for
encryption and forwarding?
 MPLS VPN
 IPsec virtual tunnel interface
 dynamic multipoint VPN
 GRE over IPsec
183. Which step in the link-state routing process is described by a router flooding
link-state and cost information about each directly connected link?
 building the topology table
 selecting the router ID
 exchanging link-state advertisements
 injecting the default route
184. What type of traffic is described as using either TCP or UDP depending on the
need for error recovery?
 video
 voice
 data
185. Refer to the exhibit. The company CEO demands that one ACL be created to
permit email traffic to the internet and deny FTP access. What is the best ACL type
and placement to use in this situation?

 extended ACL outbound on R2 WAN interface towards the internet

 standard ACL outbound on R2 S0/0/0
 extended ACL inbound on R2 S0/0/0
 standard ACL inbound on R2 WAN interface connecting to the internet
186. What command would be used as part of configuring NAT or PAT to define a
pool of addresses for translation?
 ip nat inside source static 172.19.89.13 198.133.219.65
 ip nat inside source list 24 interface serial 0/1/0 overload
 ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240
 ip nat outside
187. What is the name of the layer in the Cisco borderless switched network design
that is considered to be the backbone used for high-speed connectivity and fault
isolation?
 data link
 access
  core
 network
 network access
Explanation: The three layers of the Cisco borderless switch network design are
access, distribution, and core. The access layer switches are the ones used to
connect end devices to the network. The distribution layer switches accept
connections from access layer switches and provides switching, routing, and
access policy functions. The core layer is called the backbone and core switches
commonly have high-speed redundant connections.
188. An ACL is applied inbound on router interface. The ACL consists of a single
entry:

access-list 210 permit tcp 172.18.20.0 0.0.0.47 any eq ftp

If a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2,

and a protocol of 21 is received on the interface, is the packet permitted or denied?
 permitted
 denied
189. What type of traffic is described as consisting of traffic that gets a lower
priority if it is not mission-critical?
 video
 data
 voice
190. Which OSPF table is identical on all converged routers within the same OSPF
area?
 routing
 neighbor
 adjacency
 topology
191. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www .
If a packet with a source address of 192.168.10.45, a destination address of
10.10.3.27, and a protocol of 80 is received on the interface, is the packet
permitted or denied?
 permitted
 denied
192. What protocol allows the manager to poll agents to access information from the
agent MIB?
 CBWFQ
 SYSLOG
 TFTP
 SNMP
193. Match each component of a WAN connection to its description. (Not all options
are used.)
Case 2:
194. What type of traffic is described as being able to tolerate a certain amount of
latency, jitter, and loss without any noticeable effects?
 voice
 video
 data
195. What term describes adding a value to the packet header, as close to the source
as possible, so that the packet matches a defined policy?
 policing
 traffic marking
 weighted random early detection (WRED)
 traffic shaping
 tail drop
196. Which three traffic-related factors would influence selecting a particular WAN
link type? (Choose three.)
 cost of the link
 amount of traffic
 distance between sites
 reliability
 security needs
 type of traffic
Explanation: The traffic-related factors that influence selecting a particular WAN
link type include the type of traffic, amount of traffic, quality requirements, and
security requirements. Quality requirements include ensuring that traffic that
cannot tolerate delay gets priority treatment as well as important business
transactional traffic.

197. What command would be used as part of configuring NAT or PAT to link the
inside local addresses to the pool of addresses available for PAT translation?
 ip nat inside source list ACCTNG pool POOL-STAT
 ip nat translation timeout 36000
 ip nat inside source list 14 pool POOL-STAT overload
 ip nat inside source static 172.19.89.13 198.133.219.65
198. What protocol is a vendor-neutral Layer 2 discovery protocol that must be
configured separately to transmit and receive information packets?
 SNMP
 MPLS
 LLDP
 NTP
199. An ACL is applied inbound on a router interface. The ACL consists of a single
entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .
If a packet with a source address of 172.18.20.55, a destination address of
172.18.20.3, and a protocol of 21 is received on the interface, is the packet permitted
or denied?
 permitted
 denied
200. Refer to the exhibit. Corporate policy demands that access to the server
network be restricted to internal employees only. What is the best ACL type and
placement to use in this situation?

Corporate policy demands that access to the server network be restricted to internal
employees only. What is the best ACL type and placement to use in this situation
 extended ACL outbound on R2 S0/0/1
 standard ACL outbound on R2 S0/0/0
 standard ACL inbound on R2 WAN interface connecting to the internet
 extended ACL inbound on R2 S0/0/0
201. A technician is working on a Layer 2 switch and notices that a %CDP-4-
DUPLEX_MISMATCH message keeps appearing for port G0/5. What command
should the technician issue on the switch to start the troubleshooting process?
 show cdp neighbors
 show ip interface brief
 show interface g0/5
  show cdp
202. Which virtual resource would be installed on a network server to provide direct
access to hardware resources?
 VMware Fusion
 a management console
 a dedicated VLAN
 a Type 1 hypervisor
Explanation: Type 1 hypervisors, the hypervisor is installed directly on the server
or networking hardware. Then, instances of an OS are installed on the
hypervisor, as shown in the figure. Type 1 hypervisors have direct access to the
hardware resources. Therefore, they are more efficient than hosted architectures.
Type 1 hypervisors improve scalability, performance, and robustness.
203. Refer to the exhibit. A network administrator has configured a standard ACL
to permit only the two LAN networks attached to R1 to access the network that
connects to R2 G0/1 interface. When following the best practices, in what location
should the standard ACL be applied?

Enterprise Networking, Security, and Automation ( Version 7.00) – ENSA Final Exam
 R2 G0/1 inbound
 R2 S0/0/1 outbound
 R1 S0/0/0 outbound
 R2 G0/1 outbound
 R2 G0/0 outbound
204. Which OSPF database is identical on all converged routers within the same
OSPF area?
 neighbor
 forwarding
 link-state
 adjacency
Explanation: Regardless of which OSPF area a router resides in, the adjacency
database, routing table, and forwarding database are unique for each router. The
link-state database lists information about all other routers within an area and is
identical across all OSPF routers participating in that area.
205. What are two features to consider when creating a named ACL? (Choose two.)
 Use alphanumeric characters if needed.
 Use special characters, such as ! or * to show the importance of the ACL.
 Modify the ACL using a text editor.
 Be descriptive when creating the ACL name.
 Use a space for ease of reading to separate the name from the description
Explanation: The following summarizes the rules to follow for named ACLs:
Assign a name to identify the purpose of the ACL.
Names can contain alphanumeric characters.
Names cannot contain spaces or punctuation.
It is suggested that the name be written in CAPITAL LETTERS.
Entries can be added or deleted within the ACL.
206. Match the RESTful API method to CRUD function.

Match the RESTful API method to CRUD function.

207. What type of traffic is described as requiring at least 384 Kbps of bandwidth?
 voice
  data
 video
208. Which step in the link-state routing process is described by a router inserting
best paths into the routing table?
 declaring a neighbor to be inaccessible
 executing the SPF algorithm
 load balancing equal-cost paths
 choosing the best route
209. Anycompany has decided to reduce its environmental footprint by reducing
energy costs, moving to a smaller facility, and promoting telecommuting. What
service or technology would support this requirement?
 data center
 virtualization
 cloud services
 dedicated servers
210. Which QoS technique smooths packet output rate?
 policing
 shaping
 weighted random early detection
 Integrated Services (IntServ)
 marking
211. Refer to the exhibit. The company has provided IP phones to employees on the
192.168.10.0/24 network and the voice traffic will need priority over data traffic.
What is the best ACL type and placement to use in this situation?

 extended ACL inbound on R1 G0/0

 extended ACL outbound on R2 WAN interface towards the internet
 extended ACL outbound on R2 S0/0/1
 extended ACLs inbound on R1 G0/0 and G0/1
Explanation: Standard ACLs permit or deny packets based only on the source
IPv4 address. Because all traffic types are permitted or denied, standard ACLs
should be located as close to the destination as possible.
Extended ACLs permit or deny packets based on the source IPv4 address and
destination IPv4 address, protocol type, source and destination TCP or UDP
ports and more. Because the filtering of extended ACLs is so specific, extended
ACLs should be located as close as possible to the source of the traffic to be
filtered. Undesirable traffic is denied close to the source network without crossing
the network infrastructure.
212. A network technician is configuring SNMPv3 and has set a security level of
SNMPv3 authPriv. What is a feature of using this level?
 authenticates a packet by using the SHA algorithm only
 authenticates a packet by a string match of the username or community
string
  authenticates a packet by using either the HMAC with MD5 method or the
SHA method
 authenticates a packet by using either the HMAC MD5 or HMAC SHA
algorithms and a username
CCNA (200-301) Certification Practice Exam Answers
(ENSA v7.0)
Dec 22, 2019 Last Updated: Nov 1, 2022 CCNA v7 Course #3, CCNA v7.0 83 Comments
Share TweetSharePin it

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer. If the question is not here, find it
in Questions Bank.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.

Enterprise Networking, Security, and Automation ( Version

7.00) – CCNA (200-301) Certification Practice Exam
1. An instructor is reviewing student answers on a previous term exam to prepare
for a lecture on IPv6. What would be a good point for the instructor to make when
explaining an IPv6 GUA (global unicast address)?
 It is considered a best practice to use the IPV6 GUA address of the router as
the default gateway address for Windows hosts.
 It can be configured statically or assigned dynamically on a router.
 It can only be configured statically on a host interface by using the ipv6
address command.
 It is routable on the IPv6 internet.
2. An administrator needs to implement a 2.4GHz WLAN that requires multiple
APs. Which two are characteristics of the 2.4GHz channels? (Choose two.)
 They can provide faster data transmission for wireless clients in heavily
populated wireless networks than 5GHz channels.
 Each channel is separated from the next channel by 20 MHz.
 There are 11 channels for North America identified by the 802.11b standard.
 If three adjacent APs are required, the non-overlapping channels 1, 21, and
41 are recommended.
 Each channel is allotted 22 MHz bandwidth.
3. A technician must accommodate at least 500 subnets from address 172.16.0.0/16.
What is an appropriate subnet mask and corresponding number of available host IP
addresses per subnet to meet the requirement?
 255.255.255.128 and 126 hosts
 255.255.255.0 and 128 hosts
 255.255.255.192 and 126 hosts
 255.255.255.224 and 128 hosts
Explanation: The network address 172.16.0.0 has a default mask of 255.255.0.0
(/16). This address has 16 bits in the network portion and 16 bits in the host
portion. To have at least 500 subnets, you need to borrow 9 bits (subnets) from
the host portion (2^9 = 512 subnets), leaving 7 bits to create hosts. Thus the
resulting netmask is 255.255.255.128, and the number of hosts per subnet is 2^7
= 128 – 2 = 126 hosts.
4. Refer to the exhibit. A PC with the MAC address of 0800.069d.3841 attached to
port Fa0/8 is sending data to a device that has the MAC address of 6400.6a5a.6821.
What will the switch do first to handle the data transfer?

 The switch will add the address 0800.069d.3841 to the MAC address table.
 The switch will send the frame to ports Fa0/4 and Fa0/6.
 The switch will flood the frame out all ports except port Fa0/8.
 The switch will send the frame to port Fa0/6.
 The switch will add the address 6400.6151.6821 to the MAC address table.
Explanation: Every frame that enters a switch is checked for new information to
learn. It does this by examining the source MAC address of the frame and port
number where the frame entered the switch:
If the source MAC address does not exist in the MAC address table, the MAC
address and incoming port number are added to the table.
5. A network engineer is giving a tour of the company network operations center to
a college class. The engineer is trying to describe how a WAN and connectivity to
the internet relate to the network infrastructure. Which statement correctly
describes network infrastructure and network communication?
 Communication across the internet requires application of recognized
technologies and standards.
 LANs are used to connect WANs around the world.
 A LAN connects small networks to large global networks.
 The internet is a worldwide collection of interconnected networks owned by
an organization.
Explanation:The internet is not owned by any individual or group. Ensuring
effective communication across this diverse infrastructure requires the
application of consistent and commonly recognized technologies and standards
as well as the cooperation of many network administration agencies.
6. A network engineer is designing a borderless switched network in a hierarchical
fashion. Which guideline might cause the engineer to implement a three-tier layer
model?
 Fault isolation is one of the primary purposes of the distribution layer.
 Access layer L2 switches connect to distribution layer L3 switches, which
implement routing, quality of service, and security.
 The core layer provides differentiated services to various classes of service
applications at the edge of the network.
 The access layer provides aggregation of Layer 2 broadcast domains.
Explanation:The access layer represents the network edge, where traffic enters
or exits the campus network. Traditionally, the primary function of an access
layer switch is to provide network access to the user. Access layer switches
connect to distribution layer switches, which implement network foundation
technologies such as routing, quality of service, and security.
7. Two students are discussing routers and one statement that is said between them
is accurate. Which statement is that?
 A directly-connected network is automatically added to the routing table of an
adjacency neighbor if both routers are Cisco routers.
 A gateway of last resort is added to the routing table when the router boots
up.
 Remote networks can only be added after they are learned by routers
through dynamic routing protocols.
 A default route provides a way for packets that do not match a specific route in
the routing table to be forwarded.
8. What are two benefits of using virtualization? (Choose two.)
 The operating system of the virtual machine does not require licensing when
it is virtualized.
 The virtual machine is no longer dependent on a specific hardware platform.
  Because all virtual operating systems are contained within a single virtual
network, networking connections are simplified.
 The performance of a virtual machine is faster than the performance of the
operating system running on physical hardware.
 Multiple virtual machines can be running simultaneously on a single physical
device.
9. Students in a data networking class are reviewing materials in preparation for a
quiz. Which statement describes the operation of an access control method for
shared network media?
 The controlled-based access method, used on legacy bus-topology Ethernet
LANs, decided the order of each device to transmit.
 In the CSMA/CD method, when two devices transmit at the same time, a
collision is detected and data is resent immediately.
 The CSMA/CA method attempts to avoid collisions by having each device
informing others how long the media will be unavailable.
 In a contention-based multiaccess network, each node has its own time to
use the medium.
Explanation:CMSA/CA does not detect collisions but attempts to avoid them by
waiting before transmitting. Each device that transmits includes the time duration
that it needs for the transmission. All other wireless devices receive this
information and know how long the medium will be unavailable.
10. A network administrator is designing an IPv4 addressing scheme and requires
these subnets.
1 subnet of 100 hosts
2 subnets of 80 hosts
2 subnets of 30 hosts
4 subnets of 20 hosts
Which combination of subnets and masks will provide the best addressing plan for
these requirements?
 9 subnets of 126 hosts with a 255.255.255.128 mask
 3 subnets of 126 hosts with a 255.255.255.192 mask
6 subnets of 30 hosts with a 255.255.255.240 mask
 3 subnets of 126 hosts with a 255.255.255.128 mask
6 subnets of 30 hosts with a 255.255.255.224 mask
 1 subnet of 126 hosts with a 255.255.255.192 mask
2 subnets of 80 hosts with a 255.255.255.224 mask
6 subnets of 30 hosts with a 255.255.255.240 mask
Reference: VLSM Calculator Online

IPv4 subnets that require 100 and 80 hosts are provided by creating subnets of
126 usable addresses, each of which requires 7 host bits. The resulting mask is
255.255.255.128.
Subnets that require 30 and 20 hosts are provided by creating subnets of 30
usable addresses, each of which requires 5 host bits. The resulting mask is
255.255.255.224.
Creating nine subnets, each consisting of 126 usable addresses, would waste
large numbers of addresses in the six smaller subnets.
11. A group of network technicians is discussing IPv6 multicast processes. What is a
feature of one type of IPv6 multicast address that should be discussed?
 A solicited-node multicast address is similar to the all-routers multicast address.
 It can be a source or a destination address.
  It has the prefix fe00::/8.
 The all-nodes multicast group has the same effect as an IPv4 broadcast
address.
12. Which LAN attack allows for identification of connected Cisco devices which are
sending unencrypted broadcasts?
 STP attack
 CDP reconnaissance
 ARP attack
 address spoofing attack
13. What is a characteristic of the REST API?
 evolved into what became SOAP
 most widely used API for web services
 used for exchanging XML structured information over HTTP or SMTP
 considered slow, complex, and rigid
14. A network administrator is using the Cisco DNA Center to monitor network
health and to troubleshoot network issues. Which area should the administrator use
to perform these tasks?
 ASSURANCE
 PROVISION
 PLATFORM
 POLICY
15. Which term describes the process of managing configuration changes of network
devices in an orderly fashion?
 version control
 orchestration
 automation
 provisioning
Explanation: Configuration management tools typically include automation and
orchestration. Automation is automatically performing a task on a system.
Arranging the automated tasks into a coordinated process or workflow is called
orchestration.
16. Which function of the Cisco intent-based networking system (IBNS) enables
network operators to express the expected networking behavior that will best
support the business intent?
 ACL analysis
 assurance
 activation
 translation
Explanation: The translation feature of Cisco IBNS enables network operators to
express the expected network behavior that will best support the business intent.
17. Which type of API would be used to allow authorized salespeople of an
organization access to internal sales data from their mobile devices?
 private
 partner
 public
 open
18. Refer to the exhibit. In the displayed JSON data representation, which symbol
should be used to replace the question mark in lines 2 and 15?

 square brackets [ ]
 commas ,
 double quotation marks ” “
 braces { }
19. What action takes place when a frame entering a switch has a multicast
destination MAC address?
 The switch will forward the frame out all ports except the incoming port.
 The switch forwards the frame out of the specified port.
 The switch adds a MAC address table entry mapping for the destination
MAC address and the ingress port.
 The switch replaces the old entry and uses the more current port.
Explanation: If the destination MAC address is a broadcast or a multicast, the
frame is also flooded out all ports except the incoming port.

20. A network engineer is configuring secure remote access to a Cisco router. Which
two commands would be issued in the line configuration mode of the router to
implement SSH? (Choose two.)
 login local
 crypto key generate rsa
 transport input ssh
 username admin secret ccna
 ip ssh version 2
21. When an end device requests services from a DHCPv4 server it receives a host
IPv4 address and a subnet mask. Which two other IPv4 addresses are also typically
provided to a DCHPv4 client? (Choose two.)
 DNS server address
 local HTTP web server address
 LAN default gateway address
 LAN NTP server address
 automatic private IPv4 address
Explanation: LAN NTP server and local HTTP web server addresses are not
provided by DHCP. Automatic private IPv4 addresses (APIPA) are used by
DHCP clients when the clients fail to connect to a DHCPv4 server.
22. A network engineer wants to synchronize the time of a router with an NTP
server at the IPv4 address 209.165.200.225. The exit interface of the router is
configured with an IPv4 address of 192.168.212.11. Which global configuration
command should be used to configure the NTP server as the time source for this
router?
 ntp peer 209.165.200.225
 ntp server 192.168.212.11
 ntp server 209.165.200.225
 ntp peer 192.168.212.11
23. When testing a new web server, a network administrator cannot access the home
page when the server name is entered into a web browser on a PC. Pings to both the
IPv4 and IPv6 addresses of the server are successful. What could be the problem?
 DNS is not resolving the server name to an IPv4 or IPv6 address.
 ARP is not discovering the MAC address of the server.
 DHCP has not assigned an IPv4 or IPv6 address to the server.
 An FTP client must be installed on the PC.
24. A network engineer is using SNMP manager software to monitor and manage
network performance. In addition to polling network devices at regular time
intervals, the engineer is configuring the devices to generate messages that inform
the SNMP manager of specified events. What message type is configured on those
devices that allows them to send unsolicited messages?
 set request
 get-response
 trap
  get-bulk-request
Explanation: A network device stores information for SNMP in the MIB. This
information can be sent to the SNMP manager when specifically requested with a
get message. Unsolicited messages that are sent when pre-configured specified
events occur are trap messages.
25. A wireless network engineer is implementing updated wireless equipment within
the company. Which statement describes a wireless security protocol?
 WPA secures the data using the Rivest Cipher 4 encryption method with a
static key.
 WPA3-Personal uses 802.1X/EAP authentication that requires the use of a
192-bit cryptographic suite.
 WPA2-Personal is intended for home or small office networks and uses
802.1X/EAP authentication.
 WPA2-Enterprise is intended for enterprise networks and users must
authenticate using 802.1X standard.
26. Refer to the exhibit. Which access list configuration on router R1 will prevent
traffic from the 192.168.2.0 LAN from reaching the Restricted LAN while
permitting traffic from any other LAN?

 R1(config-std-nacl)# permit any

R1(config-std-nacl)# deny 192.168.2.0
R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK_LAN2 out
 R1(config-std-nacl)# deny 192.168.2.0
R1(config-std-nacl)# permit any
 R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK_LAN2 out
 R1(config-std-nacl)# permit any
R1(config-std-nacl)# deny 192.168.3.0
R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK-LAN2 in
 R1(config-std-nacl)# deny 192.168.3.0
R1(config-std-nacl)# permit any
R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK_LAN2 in
Explanation: The correct access list syntax requires that the deny source IP
address (192.168.2.0) statement come before the permit statement so that only
traffic sourced from the 192.168.2.0 LAN is denied. Then the access list must be
applied on interface G0/2 in the outbound direction.
27. An administrator who is troubleshooting connectivity issues on a switch notices
that a switch port configured for port security is in the err-disabled state. After
verifying the cause of the violation, how should the administrator re-enable the port
without disrupting network operation?
 Reboot the switch.
 Issue the no switchport port-security violation shutdown command on the
interface.
 Issue the no switchport port-security command, then re-enable port security.
 Issue the shutdown command followed by the no shutdown command on the
interface.
Explanation:To re-enable the port, use the shutdown interface configuration
mode command (Figure 3). Then, use the no shutdown interface configuration
command to make the port operational.
28. An IT security specialist enables port security on a switch port of a Cisco switch.
What is the default violation mode in use until the switch port is configured to use a
different violation mode?
 disabled
 shutdown
 protect
 restrict
Explanation:If no violation mode is specified when port security is enabled on a
switch port, then the security violation mode defaults to shutdown.
29. Refer to the exhibit. Which interface on switch S1 should be configured as a
DHCP snooping trusted port to help mitigate DHCP spoofing attacks?
  G0/23
 G0/1
 G0/22
 G0/24
Explanation:When DHCP snooping is configured, the interface that connects to
the DHCP server is configured as a trusted port. Trusted ports can source DHCP
requests and acknowledgments. All ports not specifically configured as trusted
are considered untrusted by the switch and can only source DHCP requests.
30. Which statement is an accurate description of a VPN type?
 Site-to-site VPNs are typically created and secured using SSL.
 In a Clientless VPN the connection is secured using a web browser IPsec
connection.
 In a Client-based VPN, users initiate a connection using VPN client software
and the VPN gateway does the data encryption.
 In a site-to-site VPN internal hosts have no knowledge that a VPN is being
used.
31. A network administrator of a college is configuring WLAN security with WPA2
Enterprise authentication. Which server is required when deploying this type of
authentication?
 AAA
 DHCP
 RADIUS
 SNMP
Explanation:WAP2 Enterprise provides stronger secure user authentication than
WPA2 PSK does. Instead of using a pre-shared key for all users to access a
WLAN, WPA2 Enterprise requires that users enter their own username and
password credentials to be authenticated before they can access the WLAN. The
RADIUS server is required for deploying WPA2 Enterprise authentication.
32. When configuring a switch for SSH access, what other command that is
associated with the login local command is required to be entered on the switch?
 enable secret password
 login block-for seconds attempts number within seconds
 username username secret secret
 password password
Explanation: The login local command designates that the local username
database is used to authenticate interfaces such as console or vty.
33. What term describes a process where a router simply discards any packet that
arrives at the end of a queue that has completely used up its packet-holding
resources?
 weighted random early detection (WRED)
 low latency queuing (LLQ)
 traffic shaping
 weighted fair queuing (WFQ)
 tail drop
34. In an OSPF network when are DR and BDR elections required?
 when the two adjacent neighbors are interconnected over a point-to-point link
 when all the routers in an OSPF area cannot form adjacencies
 when the routers are interconnected over a common Ethernet network
 when the two adjacent neighbors are in two different networks
Explanation:When the routers are interconnected over a common Ethernet
network, then a designated router (DR) and a backup DR (BDR) must be elected.
35. A network engineer has been asked to prepare a router and to ensure that it can
route IPv6 packets. Which command should the network engineer ensure has been
entered on the router?
 ipv6 enable
 ipv6 unicast-routing
 ipv6 address
 ipv6 route
36. Refer to the exhibit. Match the packets with their destination IP address to the
exiting interfaces on the router. (Not all targets are used.)
Explanation: Packets with a destination of 172.17.6.15 are forwarded through
Fa0/0. Packets with a destination of 172.17.10.5 are forwarded through Fa1/1.
Packets with a destination of 172.17.12.10 are forwarded through Fa1/0. Packets
with a destination of 172.17.14.8 are forwarded through Fa0/1. Because network
172.17.8.0 has no entry in the routing table, it will take the gateway of last resort,
which means that packets with a destination of 172.17.8.20 are forwarded
through Serial0/0/0. Because a gateway of last resort exists, no packets will be
dropped.
37. Consider the following static route configured on a Cisco router:

ipv6 route 2001:db8:acad:4::/64 2001:db8:acad:3::2

What remote network is specified in this route?

 2001:db8:acad:4::/64
 2001:db8:acad:0::/64
 2001:db8:acad:3::/64
 2001:db8:acad:2::0/64
38. A network administrator configures a router with the ipv6 route ::/0
Serial2/0 command. What is the purpose of this command?
 to add a dynamic route for the destination network ::/0 to the routing table
 to enable a router to forward packets for which there is no route in the routing
table
 to forward packets destined for the network ::/0 to the serial 2/0 interface
 to forward all packets to the serial 2/0 interface
39. What is the purpose of a First Hop Redundancy Protocol?
 to provide two or more routers working together, sharing an IP and MAC
address of a virtual default gateway
 to provide a physical link to a new default router to replace the unreachable
default gateway
 to provide a dynamic method by which devices on a LAN can determine the
address of a new default gateway
 to provide a list of IP addresses of devices that can assume the role of the
forwarding router
40. A network engineer examining the configuration of a Cisco router sees a
network entry in a routing table listed with a code O. Which kind of route is this?
 a route used for the default gateway
 a route for a network directly connected to the local router interface
 a route dynamically learned through the OSPF routing protocol
 a static route
41. What defines a host route on a Cisco router?
 An IPv4 static host route configuration uses a destination IP address of a
specific device and a /32 subnet mask.
 A static IPv6 host route must include the interface type and the interface
number of the next hop router.
 A host route is designated with a C in the routing table.
 The link-local address is added automatically to the routing table as an IPv6
host route.
42. Refer to the exhibit. Packets destined to which two networks will require the
router to perform a recursive lookup? (Choose two.)

 10.0.0.0/8
 128.107.0.0/16
 192.168.2.0/24
 192.168.1.0/24
 172.16.40.0/24
 64.100.0.0/16
43. The routing table of a Cisco router has four static routes for network 10.0.0.0.
Which route is the best match for a packet entering the router with a destination of
10.16.0.10?
 S 10.0.0.0/16 is directly connected, GigabitEthernet 0/1
 S 10.16.0.0/24 [1/0] via 202.16.0.2
 S 10.16.0.0/16 is directly connected, GigabitEthernet 0/0
 S 10.0.0.0/8 [1/0] via 202.16.0.2
44. Match the FHRP protocols to the appropriate description. (Not all options are
used.)

45. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question.
Which task has to be performed on Router 1 for it to establish an OSPF adjacency
with Router 2?
 Issue the clear ip ospf process command.
 Change the subnet mask of interface FastEthernet 0/0 to 255.255.255.0.
 Remove the passive interface command from interface FastEthernet 0/0.
 Add the network 10.0.1.0 0.0.0.255 area 0 command to the OSPF process.
Explanation: Each interface on the link connecting the OSPF routers must be in
the same subnet for an adjacency to be established. The IP address subnet
mask on FastEthernet interface 0/0 must be changed to 255.255.255.0. The
FastEthernet interface 0/0 is not passive. The 10.0.1.0/24 network is only
connected to Router2 so should not be advertised by Router1. The clear ip ospf
process command will start the OPSF process on Router1 but will not cause an
adjacency to be established if the subnet mask mismatch on the connecting
interfaces still exists.
46. What is the recommended Cisco best practice for configuring an OSPF-enabled
router so that each router can be easily identified when troubleshooting routing
issues?
 Use the highest IP address assigned to an active interface participating in
the routing process.
 Use a loopback interface configured with the highest IP address on the
router.
 Use the highest active interface IP address that is configured on the router.
 Configure a value using the router-id command.
Explanation: A Cisco router is assigned a router ID to uniquely identify it. It can
be automatically assigned and take the value of the highest configured IP
address on any interface, the value of a specifically-configured loopback
address, or the value assigned (which is in the exact form of an IP address)
using the router-id command. Cisco recommends using the router-id command.
47. In FHRP terminology, what represents a set of routers that present the illusion
of a single router to hosts?
 standby router
 forwarding router
 default gateway
 virtual router
Explanation: In FHRP multiple routers are configured to work together to present
to hosts a single gateway router. This single gateway router is a virtual router
which has a virtual IP address that is used by hosts as a default gateway.
48. A network administrator is configuring the SNMP function on a Cisco 3500
series WLC. The task is to add an SNMP trap server to which this WLC will
forward SNMP log messages. Which tab should the administrator use to add the
SNMP trap server information?
 COMMANDS
 MONITOR
 MANAGEMENT
 CONTROLLER
49. Match the STP port state with the appropriate description. (Not all options are
used.)
Explanation: The details of each port state are shown in the table.

Port State Description

The port is an alternate port and does not participate in frame forwarding. The port
receives BPDU frames to determine the location and root ID of the root bridge. BPDU
frames also determine which port roles each switch port should assume in the final
active STP topology. With a Max Age timer of 20 seconds, a switch port that has not
Blocking received an expected BPDU from a neighbor switch will go into the blocking state.

Listening After the blocking state, a port will move to the listening state. The port receives
 Port State Description

BPDUs to determine the path to the root. The switch port also transmits its own BPDU
frames and informs adjacent switches that the switch port is preparing to participate in
the active topology.

A switch port transitions to the learning state after the listening state. During the
learning state, the switch port receives and processes BPDUs and prepares to
participate in frame forwarding. It also begins to populate the MAC address table.
Learning However, in the learning state, user frames are not forwarded to the destination.

In the forwarding state, a switch port is considered part of the active topology. The
Forwarding switch port forwards user traffic and sends and receives BPDU frames.

A switch port in the disabled state does not participate in spanning tree and does not
forward frames. The disabled state is set when the switch port is administratively
Disabled disabled.
50. Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the
same default priority and operating at the same bandwidth. Which three ports will
be STP designated ports? (Choose three.)

 fa0/9
 fa0/21
 fa0/11
 fa0/10
 fa0/20
 fa0/13
51. Refer to the exhibit. A network technician issues the command show vlan to
verify the VLAN configuration. Based on the output, which port should be assigned
with native VLAN?
  Fa0/12
 Fa0/20
 Fa0/24
 Gig0/1
52. What is the purpose of setting the native VLAN separate from data VLANs?
 The native VLAN is for routers and switches to exchange their management
information, so it should be different from data VLANs.
 A separate VLAN should be used to carry uncommon untagged frames to avoid
bandwidth contention on data VLANs.
 The native VLAN is for carrying VLAN management traffic only.
 The security of management frames that are carried in the native VLAN can
be enhanced.
Explanation: When a Cisco switch trunk port receives untagged frames (unusual
in well-designed networks), it forwards these frames to the native VLAN. When
the native VLAN is moved away from data VLANs, those untagged frames will
not compete for bandwidth in the data VLANs. The native VLAN is not designed
for carrying management traffic, but rather it is for backward compatibility with
legacy LAN scenarios.
53. Which is a characteristic of EtherChannel?
 EtherChannel uses physical ports that have been upgraded to provide a faster
connection.
 EtherChannel configuration is applied to each physical port.
 STP treats all interfaces in an EtherChannel bundle as a single logical link.
 STP will not block redundant EtherChannel bundles between two switches.
54. What characteristic describes how data or voice VLANs are configured on a
network?
 Voice VLANs are configured on a trunk link between the IP phone and the
switch.
 A switch port that has been configured in access mode can only belong to one
data VLAN at a time.
  The switchport access vlan command must specify a VLAN currently
configured in the vlan.dat file
 Data and voice VLANs have a different value range for VLAN IDs.
55. What are two load-balancing methods in the EtherChannel technology? (Choose
two.)
 combination of source port and IP to destination port and IP
 source IP to destination IP
 source port to destination port
 combination of source MAC and IP to destination MAC and IP
 source MAC to destination MAC
Explanation: Depending on the hardware platform, one or more load-balancing
methods can be implemented. These methods include source MAC to
destination MAC load balancing or source IP to destination IP load balancing,
across the physical links.
56. A network administrator is configuring a WLAN with WPA2 Enterprise on a
Cisco 3500 series WLC. Client authentications will be handled by a RADIUS server.
Which tab should the administrator use to add the RADIUS server information?
 WIRELESS
 SECURITY
 WLANs
 MANAGEMENT
57. An administrator issues the show vlan brief command on a Cisco switch and the
output shows that all ports are currently assigned to the default VLAN. What
conclusion can be drawn?
 Layer 2 control traffic is not associated with any VLAN.
 The switch cannot be remotely managed using Telnet or SSH until a
management VLAN has been created.
 All user data traffic will be separated and secured from other users.
 There is a security risk because the management VLAN and the native VLAN
are the same.
58. If no bridge priority is configured in PVST, which criteria is considered when
electing the root bridge?
 highest IP address
 lowest IP address
 lowest MAC address
 highest MAC address
Explanation: Only one switch can be the root bridge for a VLAN. The root bridge
is the switch with the lowest BID. The BID is determined by priority and the MAC
address. If no priority is configured then all switches use the default priority and
the election of the root bridge will be based on the lowest MAC address.
59. Refer to the exhibit. A network administrator issues the show lldp neighbors
command to display information about neighboring devices. What can be
determined based on the information?

 Device B1 is a WLAN access point.

 Device C1 is a switch.
 Device A1 is connected to the port Fa0/5 on device B1.
 Device C1 is connected to device B1 through the port Fa0/3.
60. What characteristic completes the following statement?
When an IPv6 static route is configured, it is possible that the same IPv6 link-local
address is used for ……
 the “ipv6 unicast-routing” command.
 a destination host route with a /128 prefix.
 an administrative distance of 2.
 the next-hop address of two different adjacent routers.
61. Which two protocols provide gateway redundancy at Layer 3? (Choose two.)
 PUST
 RSTP
 VRRP
 HSRP
 STP
Explanation: HSRP (Hot Standby Routing Protocol) and VRRP (Virtual Router
Redundancy Protocol) are both Layer 3 redundancy protocols. Both protocols
allow multiple physical routers to act as a single virtual gateway router for hosts.
62. Which security solution identifies incoming threats and blocks them from
entering the corporate network?
 access control lists
 intrusion prevention systems
 virtual private networks
 firewall filtering
63. Refer to the exhibit. What does the hyphen symbol (-) indicate in the YAML
data structure?
Refer to the exhibit. What does the hyphen symbol (–) indicate in the YAML data
structure?
 a key/value pair that represents an IP address
 a string being used for both the key and value
 a single key/value pair
 an element in an array
64. In an Intent-Based Networking architecture, which two items are considered
parts of an overlay fabric? (Choose two.)
 switch
 IPsec protocol
 CAPWAP
 server
 router
65. What is an architectural constraint to which a true RESTful API web service
must adhere?
 It operates as a cloud service.
 It runs as client/server model.
 It must support the XML data format.
 It uses HTTPS to transport data.
Explanation: Conforming to the constraints of the REST architecture is generally
referred to as being “RESTful”. An API can be considered “RESTful” if it has the
following features:
 Client/server – The client handles the front end and the server handles the
back end.
 Stateless – No client data is stored on the server between requests. The
session state is stored on the client.
 Cacheable – Clients can cache responses locally to improve performance.

66. A programmer is using Ansible as the configuration management tool. Which

term is used to describe a set of instructions for execution?
 Playbook
 Pillar
 Cookbook
 Manifest
Explanation: Ansible uses the name Playbook to describe the set of instructions
to be executed.
67. What action takes place when the source MAC address of a frame entering a
switch is not in the MAC address table?
 The switch updates the refresh timer for the entry.
 The switch adds the MAC address and incoming port number to the table.
 The switch adds a MAC address table entry for the destination MAC address
and the egress port.
 The switch replaces the old entry and uses the more current port.
68. In a controller-based wireless network, a Cisco WLC device has four ports
connected to a switch to form a bundle. This bundle will provide load balancing and
redundancy. Which two configurations must be performed on the four switch ports
that connect to the WLC? (Choose two.)
 native VLAN
 default VLAN
 LACP
 trunking mode
 EtherChannel
69. When configuring a wireless LAN, to which category does a home wireless
router belong?
 controller-based AP
 LWAPP-protocol based
 autonomous AP
 CAPWAP-protocol based
70 Which feature or function does an AP provide in a wireless LAN?
 A wireless client can connect to more than one AP at a time.
 Each AP advertises one or more SSIDs and a user can choose to connect to
the closest SSID.
 An AP is easier to configure and to set up than Wi-Fi range extenders.
 A wireless device has to be associated to an AP in order to have access to
network resources.
71. A network engineer is designing a borderless switched network in a hierarchical
fashion. Why might the engineer consider using a two-tier layer model?
 The access layer in this model has different functions from the access layer
in the three-tier layer model.
 It is recommended in smaller campus locations where there are fewer users
accessing the network.
 It consists of a collapsed layer composed of the access and the distribution
layer, and a second layer composed of the core layer.
 The primary function of the collapsed layer is to provide network access to
the user.
72. A technician is troubleshooting a network device and suspects there might be a
duplex mismatch. What could cause a duplex mismatch?
 data corruption
 interconnection of unlike devices
 interface misconfiguration
 auto-MDIX detection failure
Explanation: Duplex mismatches are typically caused by a misconfigured
interface or, in rare instances, by a failed autonegotiation. Duplex mismatches
may be difficult to troubleshoot because the communication between devices still
occurs.
73. A pharmaceutical company wants to contract the services of a cloud provider to
store employee data and company-specific applications with strict access security.
Which type of cloud would be the most appropriate for this scenario?
 public cloud
 private cloud
 hybrid cloud
 community cloud
Explanation: Private clouds – Cloud-based applications and services offered in a
private cloud are intended for a specific organization or entity, such as the
government. A private cloud can be set up using the organization’s private
network, though this can be expensive to build and maintain. A private cloud can
also be managed by an outside organization with strict access security.
74. Which LAN attack involves the sending of a double-tagged 802.1Q frame to the
switch?
 VLAN double-tagging attack
 VLAN hopping attack
 DHCP spoofing attack
 DHCP starvation attack
75. SNMP has been implemented on a network to monitor and manage devices.
Which SNMP authentication process is preferred when SNMP managers
communicate with SNMP agents?
 plain-text community string
 MD5 or SHA authentication
 username authentication
 community string encryption
76. What characteristic completes the following statement?
When an IPv6 static route is configured, the use of a link-local address as a next-
hop address requires entering ……
 the interface type and interface number.
 the “show ipv6 route static” command.
 the next-hop address of two different adjacent routers.
  the “ipv6 unicast-routing” command.
77. A network engineer is examining the routing table of a Cisco router. Consider
the following routing table entry:

S 10.2.2.0/30 [1/0] via 10.1.1.2, 00:00:13, Serial0/0/0

What is the significance of the Serial0/0/0?

 It is the interface on the next-hop router that is directly connected to the
10.2.2.0/30 network
 It is the interface on the next-hop router that is directly connected to the
10.1.1.0/24 network.
 It is the R4 interface through which the OSPF update was learned.
 It is the interface R4 uses to send data that is destined for 10.2.2.0/30.
78. When creating an IPv6 static route, when must a next-hop IPv6 address and an
exit interface both be specified?
 when the static route is a default route
 when the next hop is a link-local address
 when the exit interface is a point-to-point interface
 when CEF is enabled
Explanation: Link-local addresses are only unique on a given link, and the same
address could exist out multiple interfaces. For that reason, any time a static
route specifies a link-local address as the next hop, it must also specify the exit
interface. This is called a fully specified static route.
79. What characterizes a floating static route?
 It is a less trustworthy route than the primary route.
 It provides load balancing with another static route to the same destination.
 It is configured with a lower administrative distance than the primary router
 It serves as a backup to an OSPF-learned route as long as it is configured
with an administrative distance of 105.
80. Which feature on a Cisco router permits the forwarding of traffic for which
there is no specific route?
 next-hop
 gateway of last resort
 outgoing interface
 route source
Explanation: A default static route is used as a gateway of last resort to forward
unknown destination traffic to a next hop/exit interface. The next-hop or exit
interface is the destination to send traffic to on a network after the traffic is
matched in a router. The route source is the location a route was learned from.
81. Which ACE would permit traffic from hosts only on the 192.168.8.0/22 subnet?
 permit 192.168.8.0 0.0.3.255
  permit 192.168.8.0 255.255.248.0
 permit 192.168.0.0 0.0.15.255
 permit 192.168.8.0 0.0.7.255
82. Refer to the exhibit. A network administrator needs to add an ACE to the
TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20.
Which ACE will meet this requirement?

 30 deny 172.23.16.0 0.0.15.255

 15 deny 172.23.16.0 0.0.15.255
 5 deny 172.23.16.0 0.0.255.255
 5 deny 172.23.16.0 0.0.15.255
83. What are two syntax rules for writing a JSON array? (Choose two.)
 Values are enclosed in square brackets.
 A semicolon separates the key and list of values.
 A space must separate each value in the array
 Each value in the array is separated by a comma.
 The array can include only one value type.
84. What is the most likely cause when the output of the show interface command
shows that a switch interface is up but the line protocol is down?
 An encapsulation type mismatch exists.
 An incorrect default gateway has been configured.
 A cable is not attached to the interface.
 An incorrect cable type has been attached to the interface.
85. Refer to the exhibit. A network administrator is reviewing the configuration of
switch S1. Which protocol has been implemented to group multiple physical ports
into one logical link?

 LACP
 STP
 DTP
 PAGP
86. A network administrator is considering whether PoE features are required in a
specific network installation. Which option provides valid information about PoE?
 The PoE pass-through feature is only supported by the Cisco Catalyst 3560-
C Series compact switch model or higher.
 Any switch port can be configured with IOS commands to function as a PoE
port.
 PoE allows the switch to deliver power to a device over the existing power
grid.
 It can be used by IP phones, allowing them to be installed anywhere that there
is an Ethernet cable.
87. How are network data transmissions calculated?
 goodput + traffic overhead = throughput
 goodput + latency = bandwidth
 throughput + goodput = bandwidth
 throughput + latency = goodput
88. Refer to the exhibit. A corporate network is using NTP to synchronize the time
across devices. What can be determined from the displayed output?

 The interface on Router03 that connects to the time sever has the IPv4
address 209.165.200.225.
 Router03 is a stratum 2 device that can provide NTP service to other devices in
the network.
 The time on Router03 may not be reliable because it is offset by more than 7
seconds to the time server.
 Router03 time is synchronized to a stratum 2 time server.
89. Refer to the exhibit. Which source address is being used by router R1 for
packets being forwarded to the Internet?

 10.6.15.2
 198.51.100.3
 209.165.200.225
 209.165.202.141
90. A user is reading a book from the website
https://www.books-info.com/author50/book1.html#page150 . Which term is used to
describe the component http://www.books-info.com/author50/book1.html ?
 URL
 URI
 fragment
 URN
 protocol
91. What are three components used in the query portion of a typical RESTful API
request? (Choose three.)
 resources
  key
 API server
 format
 parameters
 protocol
92. Which two configuration management tools are developed using Python?
(Choose two.)
 Puppet
 Chef
 Ansible
 SaltStack
 NETCONF
93. What characteristic completes the following statement? When an IPv6 static
route is configured, and traffic is to be directed to one specific server, the static
route requires …
 the next-hop address of two different adjacent routers.
 a destination host route with a /128 prefix.
 an administrative distance of 2.
 the show ipv6 route static command.
94. When two or more routes to the same destination are learned from different
routing protocols, what does a router use to choose between the routes?
 hop count
 administrative distance
 cost
 metric
95. Which LAN attack enables traffic from one VLAN to be seen by another VLAN
without the aid of a router?
 VLAN hopping attack
 ARP attack
 DHCP spoofing attack
 DHCP starvation attack
96. What are the three categories of tools that can be used in IP networks to
implement QoS? (Choose three.)
 classification and marking
 integrated services
 congestion management
 differentiated services
 congestion avoidance
 best effort
97. Which is a QoS model that a network engineer would implement to ensure a
source to destination quality of service standard for a specified data flow?
 differentiated services
 integrated services
  low latency queuing
 class-based weighted fair queuing
 best effort
Explanation: Best effort is the default packet forwarding design and provides no
QoS. The differentiated services model enforces and applies QoS mechanisms
on a hop-by-hop basis, not source to destination. Class-based weighted fair
queuing and low latency queuing are queuing algorithms.
98. A network engineer is configuring a Cisco switch when this message is displayed.

%LINK-3-UPDOWN: Interface Port-channel1, changed state to up

What is the Syslog severity level of this message?

 Alert
 Informational
 Notification
 Error
99. In a controller-based wireless network, the WLC device may have multiple ports
connected to a switch to form a bundle that provides load-balancing and
redundancy. Which protocol supports the port bundle between a Cisco WLC and a
Cisco switch?
 PAgP
 LACP
 CAPWAP
 LAG
100. In a controller-based wireless network, a Cisco WLC device has four ports
connected to a switch to form a bundle. This bundle will provide load-balancing and
redundancy. Which two configurations must be performed on the four switch ports
that connect to the WLC? (Choose two.)
 native VLAN
 default VLAN
 LACP
 trunking mode
 EtherChannel
101. What is a benefit of PortFast configured on a Cisco switch port?
 It allows a device connected to this port to access the network without
waiting for STP convergence on each VLAN.
 It minimizes the time that trunk ports must wait for spanning tree to converge.
 It allows the port to avoid a 30 second delay to access the network by
immediately transitioning from disabled to forwarding state.
 It avoids the creation of a spanning tree loop with other directly connected
switches.
102. A network administrator is configuring security for new WLANs on a Cisco
3500 series WLC. What is the default protocol used for authentication key
management?
 802.11
 AES
 802.1X
 WPA2
103. Which two statements describe an Internet-based connectivity option? (Choose
two.)
 When using a satellite to connect to the internet, the reception of signals can be
affected by storms.
 In cable technology, each local subscriber has a separate direct connection
to the provider headend.
 ADSL2+ provides higher upload bandwidth than downstream bandwidth.
 VPNs provide security for teleworkers who use DSL to access the corporate
network through the internet.
 LTE is a newer 5G mobile access technology.
104. What is a difference between autonomous APs and controller-based APs in
wireless LANs?
 Controller-based APs support PAgP and LACP protocols, whereas
autonomous APs do not.
 Autonomous APs are easier to configure and manage than are controller-
based APs.
 Autonomous APs require no initial configuration, whereas the lightweight
APs require an initial configuration before communicating with a WLAN
controller.
 When wireless demands increase, controller-based APs provide a better
solution than do autonomous APs.
105. Two recent networking graduates from a local college have just been hired by a
communication company to work on various network cabling projects throughout
the state. Why would the company consider using fiber-optic cabling in long-haul
networks?
 to provide high capacity solutions for teleworkers
 to provide always-on broadband services to customers in homes and small
businesses
 to provide backbone cabling to applications and interconnecting
infrastructure devices for customers
 to provide connectivity between countries or between cities
106. An employee is logging into a company account and another employee stands in
such a way to see the account ID and password. Which kind of threat is this?
 identity theft
 adware
 data interception and theft
  spyware
107. What is the purpose of the overload keyword in the ip nat inside source list 1
pool NAT_POOL overload command?
 It allows many inside hosts to share one or a few inside global addresses.
 It allows a list of internal hosts to communicate with a specific group of
external hosts.
 It allows external hosts to initiate sessions with internal hosts.
 It allows a pool of inside global addresses to be used by internal hosts.
Explanation: Dynamic NAT uses a pool of inside global addresses that are
assigned to outgoing sessions. If there are more internal hosts than public
addresses in the pool, then an administrator can enable port address translation
with the addition of the overload keyword. With port address translation, many
internal hosts can share a single inside global address because the NAT device
will track the individual sessions by Layer 4 port number.
108. What two types of always-on internet connections are commonly used by
teleworkers to communicate with a company? (Choose two.)
 Metro Ethernet
 cellular
 leased line
 cable
 DSL
109. A technician needs to add a new wireless device to a small WLAN. The WLAN
is a mixture of old and newer 802.11b and 802.11g devices. What choice for the new
device would provide the most interoperability for present and future growth?
 Add a new 802.11g device.
 Add a new 802.11n device.
 Add a new 802.11b device.
 Add a new 802.11a device.
Explanation: 802.11n devices are interoperable with all the other standards, and
provide more bandwidth than the other standards. 802.11a is not interoperable
with any of the other standards. 802.11b and 802.11g interoperate with each
other, but do not provide the bandwidth supplied by 802.11n devices.
110. What action takes place when a frame entering a switch has a unicast
destination MAC address appearing in the MAC address table?
 The switch forwards the frame out of the specified port.
 The switch will forward the frame out all ports except the incoming port.
 The switch purges the entire MAC address table.
 The switch replaces the old entry and uses the more current port.
111. A technician is reviewing a report of slowness during peak traffic periods and is
looking at performance on a particular switch. What should the technician be aware
of about memory buffering on a switch?
  The port-based memory method is more appropriate to asymmetric
switching.
 If shared memory is used, a single frame can delay the transmission of all
others in memory because of a busy destination port.
 The amount of buffer memory required by a port is dynamically allocated
when port-based memory is used.
 Shared memory allows traffic received on one port to be transmitted to another
port without moving the data to a different queue.
112. A company deploys FlexConnect APs in the remote office and uses CAPWAP
to allow a WLC in their corporate headquarters office to manage WLANs in the
remote office. One day the network administrator in the remote office notices that
the FlexConnect APs are operating in the standalone mode. Which two functions
can these APs perform in this mode? (Choose two.)
 re-association of roaming clients
 association of roaming clients
 frame translation to other protocols
 switching client data traffic locally
 client authentication locally
113. What term describes a default queuing method where packets are sent out of
an interface in the order in which they arrive?
 low latency queuing (LLQ)
 traffic shaping
 first-in, first-out (FIFO)
 weighted random early detection (WRED)
 weighted fair queuing (WFQ)
114. An employee who travels constantly for work needs to access the company
network remotely. Which security mechanism offers a secure connection?
 access control list
 intrusion prevention system
 dedicated firewall system
 virtual private network
115. Which protocol defines port-based authentication to restrict unauthorized hosts
from connecting to the LAN through publicly accessible switch ports?
 SSH
 802.1x
 RADIUS
 TACACS+
Explanation: 802.1x is an IEEE standard that defines port-based access control.
By authenticating each client that attempts to connect to the LAN, 802.1x
provides protection from unauthorized clients.
116. What is a spyware threat?
 Login credentials of a user are stolen and used to access private data.
  A malicious person attacks user devices or network resources.
 Software installed on a user device secretly collects information about the user.
 Private information is captured from the network of an organization.
117. What characteristic completes the following statement? When an IPv6 static
route is configured, a fully-specified configuration should be used with …
 a directly connected multiaccess network.
 the next-hop address of two different adjacent routers.
 an administrative distance of 2.
 the “ipv6 unicast-routing” command.
118. Which LAN attack spoofs the root bridge to change the topology of a network?
 STP attack
 ARP attack
 DHCP spoofing attack
 address spoofing attack
119. Refer to the exhibit. A network administrator is reviewing port and VLAN
assignments on switch S2 and notices that interfaces Gi0/1 and Gi0/2 are not
included in the output. Why would the interfaces be missing from the output?

 They are configured as trunk interfaces.

 They are administratively shut down.
 There is no media connected to the interfaces.
 There is a native VLAN mismatch between the switches.
Explanation: Interfaces that are configured as trunks do not belong to a VLAN
and therefore will not show in the output of the show vlan brief commands.
120. Data is being sent from a source PC to a destination server. Which three
statements correctly describe the function of TCP or UDP in this situation? (Choose
three.)
 The source port field identifies the running application or service that will
handle data returning to the PC.
 The TCP process running on the PC randomly selects the destination port
when establishing a session with the server.
 UDP segments are encapsulated within IP packets for transport across the
network.
 The UDP destination port number identifies the application or service on the
server which will handle the data.
 TCP is the preferred protocol when a function requires lower network
overhead.
 The TCP source port number identifies the sending host on the network.
Explanation: Layer 4 port numbers identify the application or service which will
handle the data. The source port number is added by the sending device and will
be the destination port number when the requested information is returned. Layer
4 segments are encapsulated within IP packets. UDP, not TCP, is used when low
overhead is needed. A source IP address, not a TCP source port number,
identifies the sending host on the network. Destination port numbers are specific
ports that a server application or service monitors for requests.
121. Which two 802.11 WLAN standards operate in both the 2.4 GHz and in the 5
GHz frequency bands? (Choose two.)
 802.11g
 802.11ax
 802.11n
 802.11b
 802.11ac
 802.11a
122. Which two protocols are used to provide server-based AAA authentication?
(Choose two.)
 802.1x
 SSH
 SNMP
 TACACS+
 RADIUS
Explanation: Server-based AAA authentication uses an external TACACS or
RADIUS authentication server to maintain a username and password database.
When a client establishes a connection with an AAA enabled device, the device
authenticates the client by querying the authentication servers.
123. A network engineer is examining Cisco router configurations across an
internetwork. Consider the following routing table entry

O 10.0.4.0/24 [110/50] via 10.0.3.2, 00:24:22, Serial0/1/1

What is the administrative distance of this route?

 160
 110
 24
 50
124. What term describes allowing delay-sensitive packets such as voice to be sent
before packets in other queues based on strict priority queuing?
 class-based weighted fair queuing CBWFQ
 weighted fair queuing WFQ
 low latency queuing LLQ
 traffic marking
 policing
125. Which two 802.11 WLAN standards operate in both the 2.4 Ghz and in the
5Ghz frequency bands?(Choose two)
 802.11b
 802.11a
 802.11ax
 802.11ac
 802.11n
 802.11g
126. A network engineer is configuring a Cisco router as a DHCP relay. When
issuing the ip helper-address command in the interface configuration mode which
IPv4 address is added to the command?
 DHCPv4 subnet address
 DHCPv4 server address
 DHCPv4 client default gateway address
 DHCPv4 client address
127. Open the PT Activity. Perform the tasks in the activity instructions and then
answer the question. Which task has to be performed on Router 1 for it to establish
an OSPF adjacency with Router 2?
 Remove the passive-interface command from interface FastEthernet 0/0.
 Change the subnet mask of interface FastEthernet 0/0 to 255.255.255.0.
 Issue the clear ip ospf process command.
 Add the network 10.0.1.0 0.0.0.255 area 0 command to the OSPF process.
128. What action takes place when the source MAC address of a frame entering a
switch appears in the MAC address table associated with a different port?
 The switch resets the refresh timer on all MAC address table entries.
 The switch will forward the frame out all ports except the incoming port.
  The switch replaces the old entry and uses the more current port.
 The switch updates the refresh timer for the entry.
129. Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the
web server on the internal network. What two addresses are needed in place of A
and B to complete the static NAT configuration? (Choose two.)

 A = 209.165.201.2
 A = 10.1.0.13
 B = 209.165.201.7
 B = 10.0.254.5
 B = 209.165.201.1
Explanation: Static NAT is a one-to-one mapping between an inside local
address and an inside global address. By using static NAT, external devices can
initiate connections to internal devices by using the inside global addresses. The
NAT devices will translate the inside global address to the inside local address of
the target host.
130. In computer network communications which data transfer process does the
application layer protocol FTP use?
 client-server
 server message block
 peer-to-peer
 Gnutella
131. What action takes place when a frame entering a switch has a broadcast
destination MAC address?
 The switch adds a MAC address table entry mapping for the destination
MAC address and the ingress port.
 The switch replaces the old entry and uses the more current port.
 The switch will forward the frame out all ports except the incoming port.
 The switch forwards the frame out of the specified port.
132. Which LAN attack involves sending unsolicited ARP replies, with the MAC
Address of the threat actor and the IP address of the default gateway, to other hosts
on a subnet?
 ARP attack
 address spoofing attack
 DHCP starvation attack
 DHCP spoofing attack
133. A network engineer is examining the configuration of a router and notices that
interface Gi0/0 has been configured with the ip address dhcp command. Which
statement describes the IP address condition of this interface?
 The router interface is configured as a DHCPv4 client.
 The router is configured as a DHCPv4 server.
 No IP address is required for this interface to operate.
 The interface will use an IPv6 address instead of an IPv4 address.
134. What term describes holding packets in memory until resources become
available to transmit them?
 playout delay
 queuing
 queuing delay
 low latency queuing (LLQ)
 weighted fair queuing (WFQ)
135. What defines a two-tier spine-leaf topology?
 Everything is two hops from everything else.
 The spine tier can be implemented with Cisco Nexus 9500 switches
connected to each other and to the leaf switches.
 The APIC controller manipulates the data path directly.
 The Cisco APICs and all other devices in the network physically attach to
leaf switches.
Explanation: In this two-tier topology, everything is one hop from everything else.
The leaf switches (Cisco Nexus 9300) always attach to the spines (Cisco Nexus
9500), but never to each other. Similarly, the spine switches only attach to the
leaf and core switches. The Cisco APICs and all other devices in the network
physically attach to leaf switches. When compared to SDN, the APIC controller
does not manipulate the data path directly.
136. What characteristic completes the following statement?
When an IPv6 static route is configured, as a default route, the destination network
is …
 the next-hop address of two different adjacent routers.
 a directly connected multiaccess network.
 ::/0.
 the “ipv6 unicast-routing” command.
137. Which LAN attack involves a rogue server connected to the network providing
false IP configuration parameters to legitimate clients?
 ARP attack
 DHCP starvation attack
 VLAN double-tagging attack
 DHCP spoofing attack
Case 2:
 DHCP starvation attack
 ARP attack
 address spoofing attack
 STP attack
138. What term describes a process where a router simply discards any packet that
arrives at the end of a queue that has completely used up its packet-holding
resources?
 latency
 bandwidth
 tail drop
 jitter
 congestion
139. What term describes adding a value to the packet header, as close to the source
as possible, so that the packet matches a defined policy?
 policing
 traffic marking
 weighted random early detection (WRED)
 traffic shaping
 tail drop
140. What action takes place when the source MAC address of a frame entering a
switch is in the MAC address table?
 The switch forwards the frame out of the specified port.
 The switch updates the refresh timer for the entry.
 The switch replaces the old entry and uses the more current port.
 The switch adds a MAC address table entry for the destination MAC address
and the egress port.
141. What action takes place when a frame entering a switch has a unicast
destination MAC address that is not in the MAC address table?
  The switch updates the refresh timer for the entry.
 The switch resets the refresh timer on all MAC address table entries.
 The switch replaces the old entry and uses the more current port.
 The switch will forward the frame out all ports except the incoming port.
142. Which LAN attack prevents hosts from obtaining dynamically assigned IP
addresses?
 DHCP spoofing attack
 DHCP starvation attack
 ARP attack
 VLAN double-tagging attack