PART 5

Question 1 Which two QoS tools are used to guarantee minimum bandwidth to certain traffic? (Choose two)
A. FIFO
B. CBWFQ
C. LLC
D. WFQ
E. RSVP
Question 2 Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on
the right.

Answer:
+ show snmp group: displays the SNMP security model in use
+ show snmp community: displays the SNMP access string
+ show snmp chassis: displays the SNMP server serial number
+ show snmp engineID: displays the IP address of the remote SNMP device
+ show snmp host: displays information about the SNMP recipient
Question 3 Which type of security program is violated when a group of employees enters a building using the ID
badge of only one person?
A. intrusion detection
B. user awareness
C. physical access control
D. network authorization
Question 4 A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer
2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the
connection?
A. 802.1q trunks
B. Cisco vPC
C. LLDP
D. LACP
Question 5 In which situation is private IPv4 addressing appropriate for a new subnet on the network of an
organization?
A. There is limited unique address space, and traffic on the new subnet will stay local within the organization.
B. The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.
C. Traffic on the subnet must traverse a site-to-site VPN to an outside organization.
D. The ISP requires the new subnet to be advertised to the internet for web services.
Question 6 Aside from discarding, which two states does the switch port transition through while using RSTP
(802.1w)? (Choose two)
A. listening
B. blocking
C. forwarding
D. learning
E. speaking
Question 7 What is a role of wireless controllers in an enterprise network?
A. serve as the first line of defense in an enterprise network
B. support standalone or controller-based architectures
C. centralize the management of access points in an enterprise network
D. provide secure user logins to devices on the network
Question 8 How do servers connect to the network in a virtual environment?
A. wireless to an access point that is physically connected to the network
B. a cable connected to a physical switch on the network
C. a virtual switch that links to an access point that is physically connected to the network
D. a software switch on a hypervisor that is physically connected to the network
Question 9 Which CRUD operation corresponds to the HTTP GET method?
A. read
B. update
C. create
D. delete
Question 10 With REST API, which standard HTTP header tells a server which media type is expected by the client?
A. Accept-Encoding: gzip, deflate
B. Accept-Patch: text/example; charset=utf-8
C. Content-Type: application/json; charset=utf-8
D. Accept: application/json
Question 11 Which device tracks the state of active connections in order to make a decision to forward a packet
through?
A. firewall
B. wireless access point
C. router
D. wireless LAN controller
Question 12 Which device controls the forwarding of authentication requests for users when connecting to the
network using a lightweight access point?
A. TACACS server
B. wireless access point
C. RADIUS server
D. wireless LAN controller
Question 13 Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router.
Which access-list entry accomplishes this task?

A. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq ssh

B. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq scp
C. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet
D. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq https
Question 14 A network administrator must enable DHCP services between two sites. What must be configured for
the router to pass DHCPDISCOVER messages on to the server?
A. a DHCP Relay Agent
B. DHCP Binding
C. a DHCP Pool
D. DHCP Snooping
Question 15 Refer to the exhibit. PC1 is trying to ping PC3 for the first time and sends out an ARP to S1. Which
action is taken by S1?

A. It forwards it out G0/3 only

B. It is flooded out every port except G0/0
C. It drops the frame
D. It forwards it out interface G0/2 only
Question 16 Refer to the exhibit. What is the result if Gig1/11 receives an STP BPDU?

switch(config)#interface gigabitEthernet 1/11

switch(config-if)#switchport mode access
switch(config-if)#spanning-tree portfast
switch(config-if)#spanning-tree bpduguard enable

A. The port transitions to STP blocking

B. The port transitions to the root port
C. The port immediately transitions to STP forwarding
D. The port goes into error-disable state
Question 17 An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link.
Which command should be used?
A. switchport trunk allowed vlan 10
B. switchport trunk native vlan 10
C. switchport mode trunk
D. switchport trunk encapsulation dot1q
Question 18 What is the maximum bandwidth of a T1 point-to-point connection?
A. 1.544 Mbps
B. 2.048 Mbps
C. 34.368 Mbps
D. 43.7 Mbps
Question 19 How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap?
A. It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points
B. It allows the administrator to assign channels on a per-device or per-interface basis.
C. It segregates devices from different manufacturers onto different channels.
D. It analyzes client load and background noise and dynamically assigns a channel.
Question 20 What does a switch use to build its MAC address table?
A. VTP
B. DTP
C. egress traffic
D. ingress traffic
Question 21 Which network plane is centralized and manages routing decisions?
A. policy plane
B. control plane
C. management plane
D. data plane
Question 22 What does a router do when configured with the default DNS lookup settings, and a URL is entered on
the CLI?
A. initiates a ping request to the URL
B. prompts the user to specify the desired IP address
C. continuously attempts to resolve the URL until the command is cancelled
D. sends a broadcast message in an attempt to resolve the URL
Question 23 Refer to the exhibit.
 Switch 1
VLAN 110 – 32778
0018.184e.3c00
Switch 2
VLAN 110 – 24586 001a.e3ff.a680
Switch 3
VLAN 110 – 28682 0022.55cf.cc00
Switch 4
VLAN 110 – 64000 0e38.7363.657f

Which switch becomes the root of the spanning tree for VLAN 110?
A. Switch 1
B. Switch 2
C. Switch 3
D. Switch 4
Question 24 Refer to the exhibit.

An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11 PC-1 and PC-2 must be placed in the
Data VLAN and Phone-1 must be placed in the Voice VLAN. Which configuration meets these requirements?

Option A Option B
interface gigabitethernet1/1 interface gigabitethernet1/1
switchport mode access switchport mode access
switchport access vlan 8 switchport access vlan 9
! !
interface gigabitethernet1/3 interface gigabitethernet1/3
switchport mode access switchport mode trunk
switchport voice vlan 8 switchport voice vlan 8
switchport access vlan 9 switchport access vlan 9

Option C Option D
interface gigabitethernet1/1 interface gigabitethernet1/1
switchport mode access switchport mode access
switchport access vlan 8 switchport access vlan 8
! !
interface gigabitethernet1/3 interface gigabitethernet1/3
switchport mode access switchport mode trunk
switchport access vlan 8 switchport voice vlan 8
switchport voice vlan 9 switchport access vlan 9

A. Option A
B. Option B
C. Option C
D. Option D

Question 25 Refer to exhibit.

Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while
allowing devices on VLAN 100 to use their own IP addresses?

Option A Option B

Router1(config)#access-list 99 permit 209.165.201.2 0.0.0.0 Router1(config)#access-list 99 permit 209.165.201.2

Router1(config)#ip nat inside source list 99 interface gi1/0/0 255.255.255.255
overload Router1(config)#ip nat inside source list 99 interface gi1/0/0
Router1(config)#interface gi2/0/1.200 overload
Router1(config)#ip nat inside Router1(config)#interface gi2/0/1.200
Router1(config)#interface gi1/0/0 Router1(config)#ip nat inside
Router1(config)#ip nat outside Router1(config)#interface gi1/0/0
Router1(config)#ip nat outside

Option C Option D

Router1(config)#access-list 99 permit 192.168.100.0 0.0.0.255 Router1(config)#access-list 99 permit 192.168.100.32 0.0.0.31

Router1(config)#ip nat inside source list 99 interface gi1/0/0 Router1(config)#ip nat inside source list 99 interface gi1/0/0
overload overload
Router1(config)#interface gi2/0/1.200 Router1(config)#interface gi2/0/1.200
Router1(config)#ip nat inside Router1(config)#ip nat inside
Router1(config)#interface gi1/0/0 Router1(config)#interface gi1/0/0
Router1(config)#ip nat outside Router1(config)#ip nat outside

A. Option A
B. Option B
C. Option C
D. Option D
Question 26 How does a switch process a frame received on Fa0/1 with the destination MAC address of
0e38.7363.657b when the table is missing the address?
A. It floods the frame to all interfaces except Fa0/1.
B. It forwards the frame back out of interface Fa0/1.
C. It drops the frame immediately.
D. It holds the frame until the MAC address timer expires and then drops the frame.
Question 27
What is a benefit of VRRP?
A. It provides traffic load balancing to destinations that are more than two hops from the source.
B. It provides the default gateway redundancy on a LAN using two or more routers.
C. It allows neighbors to share routing table information between each other.
D. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final
forwarding decision.
Question 28 Which protocol does an IPv4 host use to obtain a dynamically assigned IP address?
A. ARP
B. DNS
C. CDP
D. DHCP
Question 29 Refer to the exhibit.

Option A Option B

ip access-list standard 99 ip access-list standard 99

permit 10.100.100.0 0.0.0.255 permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.0.255.255 deny 192.168.0.0 0.255.255.255

Option C Option D

ip access-list standard 100 ip access-list standard 199

permit 10.100.100.0 0.0.0.255 permit 10.100.100.0 0.0.0.255
deny 192.168.0.0 0.255.255.255 deny 192.168.0.0 0.0.255.255

An access list is required to permit traffic from any host on interface G0/0 and deny traffic from interface Gi0/1.
Which access list must be applied?
A. Option A
B. Option B
C. Option C
D. Option D
Question 30 Which condition must be met before an NMS handles an SNMP trap from an agent?
A. The NMS must be configured on the same router as the SNMP agent
B. The NMS must receive a trap and an inform message from the SNMP agent within a configured interval
C. The NMS software must be loaded with the MIB associated with the trap
D. The NMS must receive the same trap from two different SNMP agents to verify that it is reliable
Question 31
What is a characteristic of a SOHO network?
A. connects each switch to every other switch in the network
B. enables multiple users to share a single broadband connection
C. provides high throughput access for 1000 or more users
D. includes at least three tiers of devices to provide load balancing and redundancy
Question 32 Which resource is able to be shared among virtual machines deployed on the same physical server?
A. applications
B. operating system
C. VM configuration file
D. disk
Question 33 Which implementation provides the strongest encryption combination for the wireless environment?
A. WPA2 + AES
B. WPA + AES
C. WEP
D. WPA + TKIP
Question 34 Refer to the exhibit.

After running the code in the exhibit, which step reduces the amount of data that the NETCONF server returns to
the NETCONF client, to only the interface’s configuration?
A. Use the xml library to parse the data returned by the NETCONF server for the interface’s configuration.
B. Create an XML filter as a string and pass it to get_config() method as an argument.
C. Create a JSON filter as a string and pass it to the get_config() method as an argument.
D. Use the JSON library to parse the data returned by the NETCONF server for the interface’s configuration.
Question 35 What are two functions of an SDN controller? (Choose two)
A. coordinating VTNs
B. Layer 2 forwarding
C. tracking hosts
D. managing the topology
E. protecting against DDoS attacks
Question 36 If a switch port receives a new frame while it is actively transmitting a previous frame, how does it
process the frames?
A. The previous frame is delivered, the new frame is dropped, and a retransmission request is sent.
B. The new frame is delivered first, the previous frame is dropped, and a retransmission request is sent.
C. The two frames are processed and delivered at the same time.
D. The new frame is placed in a queue for transmission after the previous frame.
Question 37 Which WAN topology provides a combination of simplicity quality, and availability?
A. partial mesh
B. full mesh
C. point-to-point
D. hub-and-spoke
Question 38 Refer to the exhibit.

The ntp server 192.168.0.3 command has been configured on Router1 to make it an NTP client of router 2. Which
command must be configured on Router2 so that it operates in server-only mode and relies only on its internal
clock?
A. Router2(config)#ntp passive
B. Router2(config)#ntp master 4
C. Router2(config)#ntp server 172.17.0.1
D. Router2(config)#ntp server 192.168.0.2
Question 39 Refer to the exhibit.

A network engineer must configured communication between PC A and the File Server. To prevent interruption for
any other communications, which command must be configured?
A. Switch trunk allowed vlan 12
B. Switchport trunk allowed vlan none
C. Switchport trunk allowed vlan add 13
D. Switchport trunk allowed vlan remove 10-11
Question 40 Why does a switch flood a frame to all ports?
A. The destination MAC address of the frame is unknown
B. The source MAC address of the frame is unknown
C. The source and destination MAC addresses of the frame are the same
D. The frame has zero destination MAC addresses
Question 41 When DHCP is configured on a router, which command must be entered so the default gateway is
automatically distributed?
A. default-router
B. default-gateway
C. ip helper-address
D. dns-server
Question 42 What is a network appliance that checks the state of a packet to determine whether the packet is
legitimate?
A. Layer 2 switch
B. LAN controller
C. load balancer
D. firewall
Question 43 How is the native VLAN secured in a network?
A. separate from other VLANs within the administrative domain
B. give it a value in the private VLAN range
C. assign it as VLAN 1
D. configure it as a different VLAN ID on each end of the link
Question 44 Which command on a port enters the forwarding state immediately when a PC is connected to it?
A. switch(config)#spanning-tree portfast default
B. switch(config)#spanning-tree portfast bpduguard default
C. switch(config-if)#spanning-tree portfast trunk
D. switch(config-if)#no spanning-tree portfast
Question 45 What is the purpose of a southbound API in a control based networking architecture?
A. facilities communication between the controller and the applications
B. integrates a controller with other automation and orchestration tools
C. allows application developers to interact with the network
D. facilities communication between the controller and the networking hardware
Question 46 Which switch technology establishes a network connection immediately when it is plugged in?
A. UplinkFast
B. PortFast
C. BPDU guard
D. BackboneFast
Question 47 What causes a port to be placed in the err-disabled state?
A. latency
B. nothing plugged into the port
C. shutdown command issued on the port
D. port security violation

Question 48 Which technology is appropriate for communication between an SDN controller and applications
running over the network?
A. OpenFlow
B. Southbound API
C. NETCONF
D. REST API
Question 49 Which security program element involves installing badge readers on data-center doors to allow
workers to enter and exit based on their job roles?
A. physical access control
B. biometrics
C. role-based access control
D. multifactor authentication
Question 50 What is a characteristic of private IPv4 addressing?
A. used without tracking or registration
B. issued by IANA in conjunction with an autonomous system number
C. traverse the Internet when an outbound ACL is applied
D. composed of up to 65,536 available addresses
Question 51 Which network action occurs within the data plane?
A. compare the destination IP address to the IP routing table
B. make a configuration change from an incoming NETCONF RPC
C. run routing protocols (OSPF, EIGRP, RIP, BGP)
D. reply to an incoming ICMP echo request
PART 6
Question 1 What are two improvements provided by automation for network management in an SDN
environment? (Choose two)
A. Artificial intelligence identifies and prevents potential design failures
B. Data collection and analysis tools establish a baseline for the network
C. New devices are onboarded with minimal effort
D. Machine learning minimizes the overall error rate when automating troubleshooting processes
E. Proprietary Cisco APIs leverage multiple network management tools
Question 2 A network administrator must to configure SSH for remote access to router R1. The requirement is to
use a public and private key pair to encrypt management traffic to and from the connecting client. Which
configuration, when applied, meets the requirements?
A.
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 1024
B.
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate rsa modulus 1024
C.
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 2048
D.
R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key encrypt rsa name myKey
A. Option A
B. Option B
C. Option C
D. Option D
Question 3 An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz channels. What
must be configured to allow clients to preferentially use 5GHz access points?
A. Client Band Select
B. OEAP Split Tunnel
C. 11ac MU-MIMO
D. Re-Anchor Roamed Clients
Question 4 When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI which format is
supported?
A. Unicode
B. base64
C. ASCII
D. decimal
Question 5 Which networking function occurs on the data plane?
A. facilitates spanning-tree elections
B. processing inbound SSH management traffic
C. forwarding remote client/server traffic
D. sending and receiving OSPF Hello packets
Question 6 What does an SDN controller use as a communication protocol to relay forwarding changes to a
southbound API?
A. XML
B. Java
C. REST
D. OpenFlow
Question 7 A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router
R2 GigabitEthernet1/1 interface. For the configuration to be applied the engineer must compress the address
2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be issued on the interface?
A. ipv6 address 2001:db8::500:a:400F:583B
B. ipv6 address 2001 db8:0::500:a:4F:583B
C. ipv6 address 2001:0db8::5:a:4F:583B
D. ipv6 address 2001::db8:0000::500:a:400F:583B

Question 8 An administrator must secure the WLC from receiving spoofed association requests. Which steps must
be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to retry an association
request?
A. Enable Security Association Teardown Protection and set the SA Query timeout to 10
B. Enable the Protected Management Frame service and set the Comeback timer to 10
C. Enable 802.1x Layer 2 security and set the Comeback timer to 10
D. Enable MAC filtering and set the SA Query timeout to 10
Question 9 What is the benefit of using FHRP?
A. balancing traffic across multiple gateways in proportion to their loads
B. reduced management overhead on network routers
C. reduced ARP traffic on the network
D. higher degree of availability
Question 10 Which 802.11 management frame type is sent when a client roams between access points on the
same SSID?
A. Authentication Request
B. Probe Request
C. Reassociation Request
D. Association Request
Question 11 What is a similarity between OM3 and OM4 fiber optic cable?
A. Both have a 50 micron core diameter
B. Both have a 9 micron core diameter
C. Both have a 62.5 micron core diameter
D. Both have a 100 micron core diameter
Question 12 Which protocol does an access point use to draw power from a connected switch?
A. Internet Group Management Protocol
B. Cisco Discovery Protocol
C. Adaptive Wireless Path Protocol
D. Neighbor Discovery Protocol
Question 13 When deploying syslog, which severity level logs informational message?
A. 0
B. 2
C. 4
D. 6
Question 14 Refer to the exhibit.

Which command must be executed for Gi1/1 on SW1 to become a trunk port if Gi1/1 on SW2 is configured in
desirable or trunk mode?
A. switchport mode trunk
B. switchport mode dot1-tunnel
C. switchport mode dynamic auto
D. switchport mode dynamic desirable
Question 15 Refer to the exhibit.

An engineer must configure GigabitEthernet1/1 to accommodate voice and data traffic. Which configuration
accomplishes this task?

Option A
interface gigabitethernet1/1
switchport mode access
switchport access vlan 300
switchport voice vlan 400
Option B
interface gigabitethernet1/1
switchport mode access
switchport access vlan 400
switchport voice vlan 300

Option C
interface gigabitethernet1/1
switchport mode trunk
switchport access vlan 300
switchport voice vlan 400
Option D
interface gigabitethernet1/1
switchport mode trunk
switchport trunk vlan 300
switchport trunk vlan 400

A. Option A
B. Option B
C. Option C
D. Option D
Question 16 What describes the operation of virtual machines?
A. Virtual machines are responsible for managing and allocating host hardware resources
B. Virtual machines are operating system instances that are decoupled from server hardware
C. Virtual machines are the physical hardware that support a virtual environment
D. In a virtual machine environment, physical servers must run one operating system at a time
Question 17 What is a role of access points in an enterprise network?
A. connect wireless devices to a wired network
B. support secure user logins to devices or the network
C. integrate with SNMP in preventing DDoS attacks
D. serve as a first line of defense in an enterprise network
Question 18 Refer to the exhibit.

SiteA#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is aabb.cc00.0100 (bia aabb.cc00.0100)
Description: Connection to SiteB
Internet address is 10.10.10.1/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 166/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 265746000 bits/sec, 24343 packets/sec
5 minute output rate 123245000 bits/sec, 12453 packets/sec

SiteB#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is 0000.0c00.750c (bia 0000.0c00.750c)
Description: Connection to SiteA
Internet address is 10.10.10.2/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 123245000 bits/sec, 15343 packets/sec
5 minute output rate 265746000 bits/sec, 12453 packets/sec

Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent
connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?
A. Interface errors are incrementing
B. An incorrect SFP media type was used at SiteA
C. High usage is causing high latency
D. The sites were connected with the wrong cable type
Question 19 Refer to the exhibit.

Only four switches are participating in the VLAN spanning-tree process.

Branch-1: priority 614440
Branch-2: priority 39082416
Branch-3: priority 0
Branch-4: root primary

Which switch becomes the permanent root bridge for VLAN 5?

A. Branch-1
B. Branch-2
C. Branch-3
D. Branch-4

Question 20 Refer to the exhibit.

The entire contents of the MAC address table are shown. Sales-4 sends a data frame to Sales-1. What does the
switch do as it receives the frame from Sales-4?
A. Map the Layer 2 MAC address to the Layer 3 IP address and forward the frame
B. Insert the source MAC address and port into the forwarding table and forward the frame to Sales-1
C. Perform a lookup in the MAC address table and discard the frame due to a missing entry
D. Flood the frame out of all ports except on the port where Sales-1 is connected
Question 21 Which technology allows for multiple operating systems to be run on a single host computer?
A. virtual device contexts
B. network port ID visualization
C. virtual routing and forwarding
D. server virtualization

Question 22 Refer to the exhibit.

An administrator must turn off the Cisco Discovery Protocol on the port configured with last usable address in the
10.0.0.0/30 subnet. Which command set meets the requirement?
A. interface gi0/1
no cdp enable

B. interface gi0/1
clear cdp table

C. interface gi0/0
no cdp run
D. interface gi0/0
no cdp advertise-v2

Question 23 Which two QoS tools provides congestion management? (Choose two)
A. FRTS
B. CAR
C. PQ
D. PBR
E. CBWFQ
Question 24 What occurs when overlapping Wi-Fi channels are implemented?
A. The wireless network becomes vulnerable to unauthorized access
B. Wireless devices are unable to distinguish between different SSIDs
C. Network communications are open to eavesdropping
D. Users experience poor wireless network performance
Question 25 Which JSON data type is an unordered set of attribute-value pairs?
A. array
B. string
C. object
D. Boolean
Question 26 An engineer needs to add an old switch back into a network. To prevent the switch from corrupting
the VLAN database which action must be taken?
A. Add the switch in the VTP domain with a lower revision number
B. Add the switch in the VTP domain with a higher revision number
C. Add the switch with DTP set to dynamic desirable
D. Add the switch with DTP set to desirable
Question 27 Which WLC port connects to a switch to pass normal access-point traffic?
A. distribution system
B. service
C. redundancy
D. console
Question 28 An engineering team asks an implementer to configure syslog for warning conditions and error
conditions. Which command does the implementer configure to achieve the desired result?
A. logging trap 2
B. logging trap 3
C. logging trap 4
D. logging trap 5
Question 29 Drag and drop the 802.11 wireless standards from the left onto the matching statements on the right.

Answer:
+ 802.11b: Supports a maximum data rate of 11 Mbps
+ 802.11a: Operates in the 5 GHz band only and supports a maximum data rate of 54 Mbps
+ 802.11ac: Operates in the 5 GHz band only and supports a maximum data rate that can exceed 100 Mbps
+ 802.11n: Operates in the 2.4 GHz and 5 GHz bands
+ 802.11g: Operates in the 2.4 GHz band only and supports a maximum data rate of 54 Mbps
Question 30 Which two protocols are supported on service-port interfaces? (Choose two)
A. RADIUS
B. TACACS+
C. Telnet
D. SCP
E. SSH
Question 31 Refer to the exhibit.

How must router A be configured so that it only sends Cisco Discovery Protocol Information to router C?

Option A Option B

conf t conf t
RouterA(config)#no cdp run RouterA(config)#cdp run
RouterA(config)#interface gi0/0/1 RouterA(config)#interface gi0/0/1
RouterA(config)#cdp enable RouterA(config)#cdp enable
 Option C Option D

conf t conf t
RouterA(config)#cdp run RouterA(config)#cdp run
RouterA(config)#interface gi0/0/0 RouterA(config)#interface gi0/0/0
RouterA(config)#cdp enable RouterA(config)#no cdp enable

A. Option A
B. Option B
C. Option C
D. Option D
Question 32 What is the function of a hub-and-spoke WAN topology?
A. supports application optimization
B. provides direct connections between subscribers
C. supports Layer 2 VPNs
D. allows access restrictions to be implemented between subscriber sites
Question 33 Which global command encrypt all passwords in the running configuration?
A. enable secret
B. enable password-encryption
C. service password-encryption
D. password-encrypt
PART 7
Question 1 Which level of severity must be set to get informational syslogs?
A. alert
B. critical
C. notice
D. debug
Question 2 What is a characteristic of cloud-based network topology?
A. physical workstations are configured to share resources
B. services are provided by a public, private, or hybrid deployment
C. onsite network services are provided with physical Layer 2 and Layer 3 components
D. wireless connections provide the sole access method to services
Question 3 A network analyst is tasked with configured the date and time on a router using EXEC mode. The date
must be set to 12:00am. Which command should be used?
A. Clock timezone
B. Clock summer-time-recurring
C. Clock summer-time date
D. Clock set
Question 4
Which HTTP status code is returned after a successful REST API request?
A. 200
B. 301
C. 404
D. 500
Question 5 Refer to the exhibit.

When PC-A sends traffic to PC-B, which network component is in charge of receiving the packet from PC-A verifying
the IP addresses, and forwarding the packet to PC-B?
A. Layer 2 switch
B. firewall
C. Load balancer
D. Router
Question 6 Refer to the exhibit.

Router1#show ip route
Gateway of last resort is not set
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2, 00:08:34
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.11.0/30 is directly connected, FastEthernet2/0
O 10.10.13.0/24 [110/2] via 10.10.10.1, 00:09:25, GigabitEthernet0/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1

Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?
A. It discards the packets
B. It uses a route that is similar to the destination address
C. It floods packets to all learned next hops
D. It queues the packets waiting for the route to be learned
Question 7 Drag and drop the functions of DHCP from the left onto any of the positions on the right. Not all
functions are used.
Answer:
1 – maintains an address pool
2 – offers domain name server configuration
3 – reduces the administrative burden for onboarding end users
4 – assigns IP addresses to local hosts for a configurable lease time
Question 8 What is the function of a controller in controller-based networking?
A. It is a pair of core routers that maintain all routing decisions for a campus
B. It centralizes the data plane for the network
C. It is the card on a core router that maintains all routing decisions for a campus
D. It serves as the centralized management point of an SDN architecture
Question 9 When a switch receives a frame for a known destination MAC address, how is the frame handed?
A. flooded to all ports except the one from which it originated
B. broadcast to all ports
C. forwarded to the first available port
D. sent to the port identified for the known MAC address
Question 10 Drag and drop the IPv6 address type characteristics from the left to the right.

Answer:
Link-Local Address:
+ attached to a single subnet
+ configured only once per interface
Unique Local Address:
+ addresses with prefix FC00::/7
+ addressing for exclusive use internally without Internet routing
Question 11 Why was the RFC 1918 address space defined?
A. preserve public IPv6 address space
B. support the NAT protocol
C. reduce instances of overlapping IP addresses
D. conserve public IPv4 addressing

Question 12 What is the purpose of using First Hop Redundancy Protocol in a specific subnet?
A. forwards multicast hello messages between routers
B. sends the default route to the hosts on a network
C. filter traffic based on destination IP addressing
D. ensures a loop-free physical topology
Question 13 After installing a new Cisco ISE server, which task must the engineer perform on the Cisco WLC to
connect wireless clients on a specific VLAN based on their credentials?
A. Enable the Authorized MIC APs against auth-list or AAA.
B. Enable the allow AAA Override
C. Disable the LAG Mode or Next Reboot.
D. Enable the Event Driven RRM.
Question 14 An engineer is configuring an encrypted password for the enable command on a router where the
local user database has already been configured. Drag and drop the configuration commands from the left into the
correct sequence on the right. Not all commands are used.

Answer:
+ first: enable
+ second: configure terminal
+ third: enable secret $fkg!@34i4
+ fourth: exit
Question 15 Refer to the exhibit.
Router R4 is dynamically learning the path to the server. If R4 is connected to R1 via OSPF Area 20, to R2 via R2
BGP, and to R3 via EIGRP 777, which path is installed in the routing table of R4?
A. the path through R2, because the EBGP administrative distance is 20
B. the path through R2, because the IBGP administrative distance is 200
C. the path through R1, because the OSPF administrative distance is 110
D. the path through R3, because the EIGRP administrative distance is lower than OSPF and BGP
Question 16 What is a function of the Cisco DNA Center Overall Health Dashboard?
A. It summarizes daily and weekly CPU usage for servers and workstations in the network.
B. It provides detailed activity logging for the 10 devices and users on the network.
C. It summarizes the operational status of each wireless device on the network.
D. It provides a summary of the top 10 global issues.
Question 17 Which protocol requires authentication to transfer a backup configuration file from a router to a
remote server?
A. TFTP
B. FTP
C. DTP
D. SMTP
Question 18 Where is the interface between the control plane and data plane within the software-defined
architecture?
A. application layer and the management layer
B. application layer and the infrastructure layer
C. control layer and the application layer
D. control layer and the infrastructure layer
Question 19Which action does the router take as it forwards a packet through the network?
A. The router replaces the source and destination labels with the sending router interface label as a source and the
next hop router label as a destination
B. The router encapsulates the source and destination IP addresses with the sending router IP address as the
source and the neighbor IP address as the destination
C. The router encapsulates the original packet and then includes a tag that identifies the source router MAC
address and transmit transparently to the destination
D. The router replaces the original source and destination MAC addresses with the sending router MAC address
as the source and neighbor MAC address as the destination
Question 20 When a site-to-site VPN is configured, which IPsec mode provides encapsulation and encryption of
the entire original IP packet?
A. IPsec tunnel mode with AH
B. IPsec transport mode with AH
C. IPsec tunnel mode with ESP
D. IPsec transport mode with ESP

Question 21 Refer to the exhibit.

Which two commands, when configured on router R1, fulfill these requirements? (Choose two)
– Packets toward the entire network 2001:db8:23::/64 must be forwarded through router R2.
– Packets toward host 2001:db8:23::14 preferably must be forwarded through R3.
A. ipv6 route 2001:db8:23::/128 fd00:12::2
B. ipv6 route 2001:db8:23::14/128 fd00:13::3
C. ipv6 route 2001:db8:23::14/64 fd00:12::2
D. ipv6 route 2001:db8:23::14/64 fd00:12::2 200
E. ipv6 route 2001:db8:23::/64 fd00:12::2
Question 22 What is the role of a firewall in an enterprise network?
A. determines which packets are allowed to cross from unsecured to secured networks
B. processes unauthorized packets and allows passage to less secure segments of the network
C. forwards packets based on stateless packet inspection
D. explicitly denies all packets from entering an administrative domain
Question 23 What is the benefit of configuring PortFast on an interface?
A. After the cable is connected, the interface uses the fastest speed setting available for that cable type
B. The frames entering the interface are marked with higher priority and then processed faster by a switch
C. After the cable is connected, the interface is available faster to send and receive user data
D. Real-time voice and video frames entering the interface are processed faster
Question 24 How are VLAN hopping attacks mitigated?
A. manually implement trunk ports and disable DTP
B. configure extended VLANs
C. activate all ports and place in the default VLAN
D. enable dynamic ARP inspection

Question 25 Drag and drop the statement about networking from the left into the corresponding networking
types on the right. Not all statements are used.

Answer:
Controller-Based Networking:
+ This type deploys a consistent configuration across multiple devices
+ Southbound APIs are used to apply configurations
Traditional Networking:
+ This type requires a distributed management plane
+ A distributed control plane is needed
Question 26 Refer to the exhibit.

R1#show ip route
--output omitted--

Gateway of last resort is 192.168.14.4 to network 0.0.0.0

C 172.16.1.128/25 is directly connected, GigabitEthernet1/1/0

C 192.168.12.0/24 is directly connected, FastEthernet0/0
C 192.168.13.0/24 is directly connected, FastEthernet0/1
C 192.168.14.0/24 is directly connected, FastEthernet1/0
C 172.16.16.1 is directly connected, Loopback1
 192.168.10.0/24 is variably subnetted, 3 subnets, 3 masks
O 192.168.10.0/24 [110/2] via 192.168.14.4, 00:03:01, FastEthernet1/0
O 192.168.10.32/27 [110/11] via 192.168.13.3, 00:00:11, FastEthernet0/1
O 192.168.0.0/16 [110/2] via 192.168.15.5, 00:05:11, FastEthernet1/1
D 192.168.10.1/32 [90/52778] via 192.168.12.2, 00:05:11, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.14.4, 00:05:11, FastEthernet1/0

If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
A. 192.168.12.2
B. 192.168.13.3
C. 192.168.14.4
D. 192.168.15.5

Question 27 Which two components are needed to create an Ansible script that configures a VLAN on a switch?
(Choose two)
A. task
B. cookbook
C. recipe
D. model
E. playbook
Question 28 How are the switches in a spine-and-leaf topology interconnected?
A. Each leaf switch is connected to two spine switches, making a loop.
B. Each leaf switch is connected to a central leaf switch, then uplinked to a core spine switch.
C. Each leaf switch is connected to each spine switch.
D. Each leaf switch is connected to one of the spine switches.
Question 29 In software-defined architecture, which place handles switching for traffic through a Cisco router?
A. Data
B. Control
C. Management
D. Application
Question 30 Which two protocols must be disabled to increase security for management connections to a Wireless
LAN Controller? (Choose two)
A. Telnet
B. SSH
C. HTTP
D. HTTPS
E. TFTP
Question 31 When a client and server are not on the same physical network, which device is used to forward
requests and replies between client and server for DHCP?
A. DHCP relay agent
B. DHCP server
C. DHCPDISCOVER
D. DHCPOFFER
Question 32An implementer is preparing hardware for virtualization to create virtual machines on a host. What is
needed to provide communication between hardware and virtual machines?
A. straight cable
B. router
C. hypervisor
D. switch
Question 33 What are two characteristics of the distribution layer in a three-tier network architecture? (Choose
two)
A. provides a boundary between Layer 2 and Layer 3 communications
B. designed to meet continuous, redundant uptime requirements
C. serves as the network aggregation point
D. physical connection point for a LAN printer
E. is the backbone for the network topology

Question 34 Which QoS tool can you use to optimize voice traffic on a network that is primarily intended for data
traffic?
A. WRED
B. FIFO
C. PQ
D.WFQ
Question 35 On workstations running Microsoft Windows, which protocol provides the default gateway for the
device?
A. STP
B. DNS
C. SNMP
D. DHCP
Question 36 Refer to the exhibit.

R2#show ip route

C 192.168.1.0/26 is directly connected, FastEthernet0/1

Which two prefixes are included in this routing table entry? (Choose two)
A. 192.168.1.17
B. 192.168.1.61
C. 192.168.1.64
D. 192.168.1.127
E. 192.168.1.254
Question 37 Which two primary drivers support the need for network automation? (Choose two)
A. Increasing reliance on self-diagnostic and self-healing
B. Eliminating training needs
C. Policy-derived provisioning of resources
D. Reducing hardware footprint
E. Providing a single entry point for resource provisioning
Question 38 What is the difference in data transmission delivery and reliability between TCP and UDP?
A. UDP sets up a connection between both devices before transmitting data. TCP uses the three-way handshake to
transmit data with a reliable connection.
B. TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to ensure applications
receive the data on the remote end.
C. UDP is used for multicast and broadcast communication. TCP is used for unicast communication and transmits
data at a higher rate with error checking.
D. TCP requires the connection to be established before transmitting data. UDP transmits data at a higher rate
without ensuring packet delivery.
Question 39 What are network endpoints?
A. a threat to the network if they are compromised
B. support inter-VLAN connectivity
C. act as routers to connect a user to the service prowler network
D. enforce policies for campus-wide traffic going to the internet

Question 40 What does physical access control regulate?

A. access to specific networks based on business function
B. access to servers to prevent malicious activity
C. access to computer networks and file systems
D. access to networking equipment and facilities
Question 41 Drag and drop the DNS lookup components from the left onto the functions on the right.

Answer:
+ service that maps hostname to IP addresses: DNS
+ local database of address mappings that improves name resolution performance: cache
+ in response to client requests, queries a name server for IP address information: name resolver
+ component of a URL that indicates the location or organization type: domain
+ disables DNS services on a Cisco device: no ip domain-lookup
Question 42 What must be considered when using 802.11a?
A. It is compatible with 802.11g and 802.11-compliant wireless devices
B. It is chosen over 802.11b/g when a lower-cost solution is necessary
C. It is susceptible to interference from 2.4 GHz devices such as microwave ovens.
D. It is used in place of 802.11b/g when many nonoverlapping channels are required
Question 44 An engineer configures interface Gi1/0 on the company PE router to connect to an ISP.
Neighbor discovery is disabled.

interface Gi1/0
description HQ_DC3392-9383
duplex full
speed 100
negotiation auto
lldp transmit
lldp receive

Which action is necessary to complete the configuration if the ISP uses third-party network devices?
A. Enable LLDP globally
B. Disable autonegotiation
C. Disable Cisco Discovery Protocol on the interface
D. Enable LLDP-MED on the ISP device
Question 45 How does QoS optimize voice traffic?
A. reducing bandwidth usage
B. by reducing packet loss
C. by differentiating voice and video traffic
D. by increasing jitter
Question 46 Which two events occur automatically when a device is added to Cisco DNA Center? (Choose two)
A. The device is assigned to the Global site.
B. The device is placed into the Unmanaged state.
C. The device is placed into the Provisioned state.
D. The device is placed into the Managed state.
E. The device is assigned to the Local site.
Question 47 What are two benefits of using the PortFast feature? (Choose two)
A. Enabled interfaces are automatically placed in listening state
B. Enabled interfaces wait 50 seconds before they move to the forwarding state
C. Enabled interfaces never generate topology change notifications.
D. Enabled interfaces that move to the learning state generate switch topology change notifications
E. Enabled interfaces come up and move to the forwarding state immediately
Question 48 A network administrator is asked to configure VLANs 2, 3 and 4 for a new implementation. Some
ports must be assigned to the new VLANs with unused remaining. Which action should be taken for the unused
ports?
A. configure port in the native VLAN
B. configure ports in a black hole VLAN
C. configure in a nondefault native VLAN
D. configure ports as access ports
Question 49 Which function is performed by DHCP snooping?
A. rate-limits certain traffic
B. listens to multicast traffic for packet forwarding
C. provides DDoS mitigation
D. propagates VLAN information between switches
Question 50 Which plane is centralized by an SDN controller?
A. data plane
B. management plane
C. control plane
D. services plane
Question 51 What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two)
A. Both support runs of up to 100 meters.
B. Both support runs of up to 55 meters.
C. Both operate at a frequency of 500 MHz.
D. Both support speeds of at least 1 Gigabit.
E. Both support speeds up to 10 Gigabit.

Question 52 Refer to the exhibit.

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 2WAY/DROTHER 00:00:35 172.16.10.1 GigabitEthernet0/0
2.2.2.2 1 2WAY/DROTHER 00:00:35 172.16.10.2 GigabitEthernet0/0
4.4.4.4 1 FULL/BDR 00:00:35 172.16.10.4 GigabitEthernet0/0
5.5.5.5 1 FULL/DR 00:00:35 172.16.10.5 GigabitEthernet0/0

R5 is the current DR on the network, and R4 is the BDR. Their interfaces are flapping, so a network engineer wants
the OSPF network to elect a different DR and BDR. Which set of configurations must the engineer implement?

Option A Option B

R4(config)#interface gi0/0 R2(config)#interface gi0/0

R4(config-if)#ip ospf priority 20 R2(config-if)#ip ospf priority 259

R5(config)#interface gi0/0 R3(config)#interface gi0/0

R5(config-if)#ip ospf priority 10 R3(config-if)#ip ospf priority 256

Option C Option D

R3(config)#interface gi0/0 R5(config)#interface gi0/0

R3(config-if)#ip ospf priority 255 R5(config-if)#ip ospf priority 120
 R2(config)#interface gi0/0 R4(config)#interface gi0/0
R2(config-if)#ip ospf priority 240 R4(config-if)#ip ospf priority 110

A. Option A
B. Option B
C. Option C
D. Option D
Question 53 Refer to the exhibit.

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.30.10 to network 0.0.0.0

192.168.30.0/29 is subnetted, 2 subnets

C 192.168.30.0 is directly connected, FastEthernet0/0
C 192.168.30.8 is directly connected, Serial0/0.1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
O IA 192.168.10.32/28 [110/193] via 192.168.30.10, 00:11:34, Serial0/0.1
O IA 192.168.10.0/27 [110/192] via 192.168.30.10, 00:11:34, Serial0/0.1
192.168.20.0/30 is subnetted, 1 subnets
O IA 192.168.20.0 [110/128] via 192.168.30.10, 00:11:34, Serial0/0.1
192.168.50.0/32 is subnetted, 1 subnets
C 192.168.50.1 is directly connected, Loopback0
O*IA 0.0.0.0/0 [110/84] via 192.168.30.10, 00:11:21, Serial0/0.1

What is the metric of the route to the 192.168.10.33/28 subnet?

A. 84
B. 110
C. 128
D. 192
E. 193
Question 54 Drag and drop the AAA terms from the left onto the description on the right.
Answer:
+ tracks activity: accounting
+ verifies access rights: authorization
+ updates session attributes: CoA
+ verifies identity: authentication
Question 55 Which access layer threat-mitigation technique provides security based on identity?
A. using a non-default native VLAN
B. Dynamic ARP Inspection
C. DHCP snooping
D. 802.1x

PART 8
Question 1 Which communication interaction takes place when a southbound API is used?
A. between the SDN controller and PCs on the network
B. between the SDN controller and switches and routers on the network
C. between the SDN controller and services and applications on the network
D. between network applications and switches and routers on the network
Question 2 What is a similarly between 1000BASE-LX and 1000BASE-T standards?
A. Both use the same data-link header and trailer formats
B. Both cable types support LP connectors
C. Both cable types support RJ-45 connectors
D. Both support up to 550 meters between nodes
Question 3 How does WPA3 improve security?
A. It uses SAE for authentication.
B. It uses a 4-way handshake for authentication.
C. It uses RC4 for encryption.
D. It uses TKIP for encryption.
Question 4 Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and
Provisioning of Wireless Access Points (CAPWAP) protocol?
A. bridge
B. route
C. autonomous
D. lightweight
Question 5 Refer to the exhibit.

Which change to the configuration on Switch2 allows the two switches to establish an EtherChannel?
A. Change the protocol to EtherChannel mode on
B. Change the LACP mode to active
C. Change the LACP mode to desirable
D. Change the protocol to PAgP and use auto mode
Question 6 Where does wireless authentication happen?
A. SSID
B. radio
C. band
D. Layer 2
Question 7 What is the path for traffic sent from one user workstation to another workstation on a separate
switch in a three-layer architecture model?
A. access – core – distribution – access
B. access – distribution – distribution – access
C. access – core – access
D. access -distribution – core – distribution – access
Question 8 What are two benefits of FHRPs? (Choose two)
A. They prevent loops in the Layer 2 network.
B. They allow encrypted traffic.
C. They are able to bundle multiple ports to increase bandwidth
D. They enable automatic failover of the default gateway.
E. They allow multiple devices to serve as a single virtual gateway for clients in the network
Question 9 What is the purpose of an SSID?
A. It provides network security
B. It differentiates traffic entering access points
C. It identities an individual access point on a WLAN
D. It identifies a WLAN
Question 10 What are two characteristics of an SSID? (Choose two)
A. It can be hidden or broadcast in a WLAN
B. It uniquely identifies an access point in a WLAN
C. It uniquely identifies a client in a WLAN
D. It is at most 32 characters long
E. It provides secured access to a WLAN
Question 11 In QoS, which prioritization method is appropriate for interactive voice and video?
A. expedited forwarding
B. traffic policing
C. round-robin scheduling
D. low-latency queuing
Question 12 An engineer is configuring data and voice services to pass through the same port. The designated
switch interface fastethernet0/1 must transmit packets using the same priority for data when they are received
from the access port of the IP phone. Which configuration must be used?
A. interface fastethernet0/1
switchport priority extend cos 7
B. interface fastethernet0/1
switchport voice vlan untagged
C. interface fastethernet0/1
switchport voice vlan dot1p
D. interface fastethernet0/1
switchport priority extend trust.
Question 13 Which port type supports the spanning-tree portfast command without additional configuration?
A. access ports
B. Layer 3 main interfaces
C. Layer 3 subinterfaces
D. trunk ports
Question 14 What is a syslog facility?
A. host that is configured for the system to send log messages
B. password that authenticates a Network Management System to receive log messages
C. group of log messages associated with the configured severity level
D. set of values that represent the processes that can generate a log message
Question 15 What are two characteristics of a public cloud implementation? (Choose two)
A. It is owned and maintained by one party, but it is shared among multiple organizations
B. It enables an organization to fully customize how it deploys network resources
C. It provides services that are accessed over the Internet
D. It is a data center on the public Internet that maintains cloud services for only one company
E. It supports network resources from a centralized third-party provider and privately-owned virtual resources
Question 16 Which type of traffic is sent with pure IPsec?
A. broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites
B. multicast traffic from a server at one site to hosts at another location
C. spanning-tree updates between switches that are at two different sites
D. unicast messages from a host at a remote site to a server at headquarters
Question 17 What prevents a workstation from receiving a DHCP address?
A. DTP
B. STP
C. VTP
D. 802.10
Question 18 What is a capability of FTP in network management operations?
A. uses separate control and data connections to move files between server and client
B. devices are directly connected and use UDP to pass file information
C. encrypts data before sending between data resources
D. offers proprietary support at the session layer when transferring data

Question 19 Refer to the exhibit.

A network engineer is in the process of establishing IP connectivity between two sites. Routers R1 and R2 are
partially configured with IP addressing. Both routers have the ability to access devices on their respective LANs.
Which command set configures the IP connectivity between devices located on both LANs in each site?
A.
R1
ip route 0.0.0.0 0.0.0.0 209.165.200.225
R2
ip route 0.0.0.0 0.0.0.0 209.165.200.226

B.
R1
ip route 0.0.0.0 0.0.0.0 209.165.200.226
R2
ip route 0.0.0.0 0.0.0.0 209.165.200.225
C.
R1
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0
R2
ip route 10.1.1.1 255.255.255.0 GigabitEthernet0/0

D.
R1
ip route 192.168.1.1 255.255.255.0 GigabitEthernet0/1
R2
ip route 10.1.1.1 255.255.255.0 GigabitEthernet0/1

Question 20 Which type of organization should use a collapsed-core architecture?

A. large and requires a flexible, scalable network design
B. small and needs to reduce networking costs currently
C. large and must minimize downtime when hardware fails
D. small but is expected to grow dramatically in the near future

Question 21 Refer to the exhibit.

Which IPv6 configuration is required for R17 to successfully ping the WAN interface on R18?

Option A Option B

R17# R17#
! !
no ip domain lookup no ip domain lookup
ip cef ip cef
ipv6 unicast-routing ipv6 unicast-routing
! !
interface FastEthernet0/0 interface FastEthernet0/0
no ip address no ip address
 duplex auto duplex auto
speed auto speed auto
ipv6 address 2001:DB8:2::201/64 ipv6 address 2001:DB8:2::201/64
! !
interface FastEthernet1/0 interface FastEthernet1/0
no ip address no ip address
duplex auto duplex auto
speed auto speed auto
ipv6 address 2001:DB8:3::201/64 ipv6 address 2001:DB8:3::201/64
! !
no cdp log mismatch duplex no cdp log mismatch duplex
ipv6 route 2001:DB8:4::/64 2001:DB8:3::301 ipv6 route 2001:DB8:4::/64 2001:DB8:2::201

Option C Option D

R17# R17#
! !
no ip domain lookup no ip domain lookup
ip cef ip cef
! ipv6 cef
interface FastEthernet0/0 !
no ip address interface FastEthernet0/0
duplex auto no ip address
speed auto duplex auto
ipv6 address 2001:DB8:3::201/64 speed auto
! ipv6 address 2001:DB8:2::201/64
interface FastEthernet1/0 !
no ip address interface FastEthernet1/0
duplex auto no ip address
speed auto duplex auto
ipv6 address 2001:DB8:2::201/64 speed auto
! ipv6 address 2001:DB8:3::201/64
no cdp log mismatch duplex !
ipv6 route 2001:DB8:4::/64 2001:DB8:5::101 no cdp log mismatch duplex
ipv6 route 2001:DB8:4::/64 2001:DB8:4::302

A. Option A
B. Option B
C. Option C
D. Option D
Question 22 Drag and drop the lightweight access point operation modes from the left onto the descriptions on
the right.
Answer:
+ allows for packet captures of wireless traffic: sniffer mode
+ allows the access point to communicate with the WLC over a WAN link: Flexconnect mode
+ receive only mode which acts as a dedicated sensor for RFID and IDS: monitor mode
+ preferred for connecting access points in a mesh environment: bridge mode
+ transmits normally on one channel and monitors other channels for noise and interference: local mode
+ monitor for rogue APs, does not handle data at all: rogue detector mode
Question 23 Refer to the exhibit.

Between which zones do wireless users expect to experience intermittent connectivity?

A. between zones 1 and 2
B. between zones 2 and 5
C. between zones 3 and 4
D. between zones 3 and 6
Question 24 Which device permits or denies network traffic based on a set of rules?
A. access point
B. switch
C. wireless controller
D. firewall
 Question 25 Drag the descriptions of device management from the left onto the types of device management on
the right.

Answer:
Cisco DNA Center Device Management:
+ uses machine learning to identify and resolve issues
+ uses an inventory function to store device details in the database
+ collects statistics and telemetry data from multiple network devices and provides a single view of network health
and issues
Traditional Device Management:
+ requires manual troubleshooting
+ requires configuration on a device-by-device basis
+ networking functions are implemented primarily on dedicated devices
Question 26 What is a function of a Layer 3 switch?
A. move frames between endpoints limited to IP addresses
B. transmit broadcast traffic when operating in Layer 3 mode exclusively
C. forward Ethernet frames between VLANs using only MAC addresses
D. flood broadcast traffic within a VLAN

Question 27 An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the

serial0/0 interface of the HQ router and wants to compress it for easier configuration. Which command must be
issued on the router interface?
A. ipv6 address 2001:db8::700:3:400F:572B
B. ipv6 address 2001:db8:0::700:3:4F:572B
C. ipv6 address 2001:Odb8::7:3:4F:572B
D. ipv6 address 2001::db8:0000::700:3:400F:572B
Question 28 What is an appropriate use for private IPv4 addressing?
A. on the public-facing interface of a firewall
B. to allow hosts inside to communicate in both directions with hosts outside the organization
C. on internal hosts that stream data solely to external resources
D. on hosts that communicates only with other internal hosts
Question 29 Which 802.11 frame type is indicated by a probe response after a client sends a probe request?
A. action
B. management
C. control
D. data
Question 30 What is recommended for the wireless infrastructure design of an organization?
A. group access points together to increase throughput on a given channel
B. configure the first three access points are configured to use channels 1, 6, and 11
C. include a least two access points on nonoverlapping channels to support load balancing
D. assign physically adjacent access points to the same Wi-Fi channel
Question 31 Refer to the exhibit.

For security reasons, automatic neighbor discovery must be disabled on the R5 Gi0/1 interface.
These tasks must be completed:
* Disable all neighbor discovery methods on R5 interface Gi0/1.
* Permit neighbor discovery on R5 interface Gi0/2.
* Verify there are no dynamically learned neighbors on R5 interface Gi0/1.
* Display the IP address of R6’s interface Gi0/2.
Which configuration must be used?

Option A
R5(config)#int Gi0/1
R5(config-if)#no cdp enable
R5(config-if)#exit
R5(config)#lldp run
R5(config)#no cdp run
R5#sh cdp neighbor detail
R5#sh lldp neighbor
Option B
R5(config)#int Gi0/1
R5(config-if)#no cdp run
R5(config-if)#exit
R5(config)#lldp run
R5(config)#cdp enable
R5#sh cdp neighbor
R5#sh lldp neighbor

Option C
R5(config)#int Gi0/1
R5(config-if)#no cdp enable
R5(config-if)#exit
R5(config)#no lldp run
R5(config)#cdp run
R5#sh cdp neighbor detail
R5#sh lldp neighbor
Option D
R5(config)#int Gi0/1
R5(config-if)#no cdp enable
R5(config-if)#exit
R5(config)#no lldp run
R5(config)#cdp run
R5#sh cdp neighbor
R5#sh lldp neighbor

A. Option A
B. Option B
C. Option C
D. Option D
Question 32 Which type of API allows SDN controllers to dynamically make changes to the network?
A. northbound API
B. southbound API
C. SOAP API
D. REST API
Question 33 What is a DNS lookup operation?
A. serves requests over destination port 53
B. DNS server pings the destination to verify that it is available
C. DNS server forwards the client to an alternate IP address when the primary IP is down
D. responds to a request for IP address to domain name resolution to the DNS server
Question 34 Refer to the exhibit.

An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts. A
Telnet attempt from PC-2 gives this message:”% Connection refused by remote host”.
Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?
A. Add the access-list 10 permit any command to the configuration
B. Remove the access-class 10 in command from line vty 0 4.
C. Add the ip access-group 10 out command to interface g0/0.
D. Remove the password command from line vty 0 4.
Question 35 Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the
right.
Answer:
TCP:
+ SMTP
+ HTTP
+ Telnet
UDP:
+ DNS
+ SNMP
+ RTP
Question 36 Refer to the exhibit.

The DHCP server and clients are connected to the same switch. What is the next step to complete the DHCP
configuration to allow clients on VLAN 1 to receive addresses from the DHCP server?
A. Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server
B. Configure the ip dhcp relay information option command on the interface that is connected to the DHCP server
C. Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client
D. Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP client

Question 37 Which two components comprise part of a PKI? (Choose two)

A. RSA token
B. clear-text password that authenticates connections
C. one of more CRLs
D. preshared key that authenticates connections
E. CA that grants certificates
Question 38 A network administrator is setting up a new IPv6 network using the 64-bit address
2001:0EB8:00C1:2200:0001:0000:0000:0331/64. To simplify the configuration, the administrator has decided to
compress the address. Which IP address must the administrator configure?
A. ipv6 address 2001:EB8:C1:2200:1:0000:331/64
B. ipv6 address 21:EB8:C1:2200:1::331/64
C. ipv6 address 2001:EB8:C1:22:1::331/64
D. ipv6 address 2001:EB8:C1:2200:1::331/64
Question 39 Refer to the exhibit.

Which command must be issued to enable a floating static default route on router A?
A. ip route 0.0.0.0 0.0.0.0 192.168.2.1 10
B. ip route 0.0.0.0 0.0.0.0 192.168.1.2
C. ip route 0.0.0.0 0.0.0.0 192.168.1.2 10
D. ip default-gateway 192.168.2.1
Question 40 Refer to the exhibit.

Router R1 currently is configured to use R3 as the primary route to the Internet, and the route uses the default
administrative distance settings. A network engineer must configure R1 so that it uses R2 as a backup, but only if
R3 goes down. Which command must the engineer configure on R1 so that it correctly uses R2 as a backup route,
without changing the administrative distance configuration on the link to R3?
A. ip route 0.0.0.0 0.0.0.0 g0/1 6
B. ip route 0.0.0.0 0.0.0.0 g0/1 1
C. ip route 0.0.0.0 0.0.0.0 209.165.201.5 10
D. ip route 0.0.0.0 0.0.0.0 209.165.200.226 1
Question 41 Refer to the exhibit.

An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the
management network must be blocked from pinging the default gateway of the new server. Which command must
be configured on R1 to complete the task?
A. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.15
B. R1(config)#ip route 172.16.2.2 255.255.255.255 gi0/0
C. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.5
D. R1(config)#ip route 172.16.2.2 255.255.255.248 gi0/1
Question 42 Refer to the exhibit.

Which plan must be implemented to ensure optimal QoS marking practices on this network?
A. As traffic enters from the access layer on SW1 and SW2, trust all traffic markings
B. Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2
C. As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer
D. Remark traffic as it traverses R1 and trust all markings at the access layer

Question 43 Drag and drop the Rapid PVST+ forwarding state actions from the left to the right. Not all actions are
used.
Answer:
BPDUs received are forwarded to the system module
The port in the forwarding state responds to network management messages
Switched frames received from other ports are advanced
Frames received from the attached segment are processed
Question 44 Refer to the exhibit.

interface FastEthernet0/10
description WAN_INTERFACE
ip address 10.0.1.2 255.255.255.252
ip access-group 100 in
!
interface FastEthernet0/1
description LAN INTERFACE
ip address 10.148.2.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
access-list 100 permit tcp 10.149.3.0 0.0.0.255 host 10.0.1.2 eq 22
access-list 100 permit tcp any any eq 80
access-list 100 permit tcp any any eq 443
access-list 100 deny ip any any log

Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R4?
A. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1
B. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps
C. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1
D. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1
Question 45 Refer to the exhibit.

Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for
exchanging OSPF information between routers?

Option A Option B

R14# R14#
interface FastEthernet0/0 interface FastEthernet0/0
ip address 10.73.65.65 255.255.255.252 ip address 10.73.65.65 255.255.255.252
ip ospf network broadcast ip ospf network broadcast
ip ospf priority 0 ip ospf priority 255
ip mtu 1400 ip mtu 1500

router ospf 10 router ospf 10

router-id 10.10.1.14 router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0 network 10.10.1.14 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0 network 10.73.65.64 0.0.0.3 area 0

R86#
interface Loopback0
ip address 10.10.1.86 255.255.255.255
interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252
ip ospf network broadcast
ip mtu 1500
router ospf 10
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0
R86#
interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252
ip ospf network broadcast
ip mtu 1500
router ospf 10
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0

Option C Option D

R14# R14#
interface Loopback0 interface FastEthernet0/0
ip ospf 10 area 0 ip address 10.73.65.65 255.255.255.252
ip ospf network broadcast
interface FastEthernet0/0 ip ospf priority 255
ip address 10.73.65.65 255.255.255.252 ip mtu 1500
ip ospf network broadcast
ip ospf 10 area 0 router ospf 10
ip mtu 1500 router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0
router ospf 10 network 10.73.65.64 0.0.0.3 area 0
ip ospf priority 255
 router-id 10.10.1.14 R86#
interface FastEthernet0/0
R86# ip address 10.73.65.66 255.255.255.252
interface Loopback0 ip ospf network broadcast
ip ospf 10 area 0 ip mtu 1400

interface FastEthernet0/0 router ospf 10

ip address 10.73.65.66 255.255.255.252 router-id 10.10.1.86
ip ospf network broadcast network 10.10.1.86 0.0.0.0 area 0
ip ospf 10 area 0 network 10.73.65.64 0.0.0.3 area 0
ip mtu 1500

router ospf 10
router-id 10.10.1.86

A. Option A
B. Option B
C. Option C
D. Option D
Question 46 Which wireless security protocol relies on Perfect Forward Secrecy?
A. WPA
B. WPA3
C. WPA2
D. WEP
Question 47 Refer to the exhibit.

A network engineer must provide configured IP addressing details to investigate a firewall rule issue. Which subnet
and mask identify what is configured on the en0 interface?
A. 10.8.0.0/16
B. 10.8.64.0/18
C. 10.8.128.0/19
D. 10.8.138.0/24

Question 48 A network engineer must configure two new subnets using the address block 10.70.128.0/19 to meet
these requirements:
* The first subnet must support 24 hosts.
* The second subnet must support 472 hosts
* Both subnets must use the longest subnet mask possible from the address block
Which two configurations must be used to configure the new subnets and meet a requirement to use the first
available address in each subnet for the router interfaces? (Choose two)
A. interface vlan 4722
ip address 10.70.133.17 255.255.255.192
B. interface vlan 3002
ip address 10.70.147.17 255.255.255.224
C. interface vlan 1148
ip address 10.70.148.1 255.255.254.0
D. interface vlan 1234
ip address 10.70.159.1 255.255.254.0
E. interface vlan 155
ip address 10.70.155.65 255.255.255.224
Question 49 Refer to the exhibit.

An administrator must connect SW_1 and the printer to the network. SW_2 requires DTP to be used for the
connection to SW_1. The printer is configured as an access port with VLAN 5. Which set of commands completes
the connectivity?
A. switchport mode trunk
switchport trunk pruning vlan add 5
B. switchport mode dynamic desirable
switchport trunk allowed vlan add 5
C. switchport mode dynamic auto
switchport private-vlan association host 5
D. switchport mode dynamic auto
switchport trunk encapsulation negotiate

Question 50 Refer to the exhibit.

Traffic sourced from the loopback0 interface is trying to connect via ssh to the host at 10.0.1.15. What is the next
hop to the destination address?
A. 192.168.0.7
B. 192.168.0.4
C. 192.168.0.40
D. 192.168.3.5
Question 51 Refer to the exhibit.

SiteA#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is aabb.cc00.0100 (bia aabb.cc00.0100)
Description: Connection to SiteB
Internet address is 10.10.10.1/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-SR
5 minute input rate 264797000 bits/sec, 26672 packets/sec
5 minute output rate 122464000 bits/sec, 15724 packets/sec

SiteB#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is 0000.0c00.750c (bia 0000.0c00.750c)
Description: Connection to SiteA
Internet address is 10.10.10.2/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
 reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 123245000 bits/sec, 15343 packets/sec
5 minute output rate 265746000 bits/sec, 12453 packets/sec

Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent
connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?
A. An incorrect type of transceiver has been inserted into a device on the link.
B. The wrong cable type was used to make the connection.
C. Heavy usage is causing high latency.
D. Physical network errors are being transmitted between the two sites.
Question 52 Refer to the exhibit.

Which action must be taken to ensure that router A is elected as the DR for OSPF area 0?
A. Configure the OSPF priority on router A with the lowest value between the three routers
B. Configure the router A interfaces with the highest OSPF priority value within the area.
C. Configure router A with a fixed OSPF router ID.
D. Configure router B and router C as OSPF neighbors of router A.
Question 53 Refer to the exhibit.

Host A sent a data frame destined for host D.

What does the switch do when it receives the frame from host A?
A. It shuts down the port Fa0/1 and places it in err-disable mode.
B. It experiences a broadcast storm,
C. It floods the frame out of all ports except port Fa0/1.
D. It drops the frame from the switch CAM table.
Question 54 Refer to the exhibit.

An engineer has started to configure replacement switch SW1. To verify part of the configuration, the engineer
issued the commands as shown and noticed that the entry for PC2 is missing. Which change must be applied to
SW1 so that PC1 and PC2 communicate normally?
A. SW1(config)#interface fa0/2
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#no switchport trunk allowed vlan 3
SW1 (config-if)#switchport trunk allowed vlan 2
B. SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport trunk native vlan 2
SW1(config-if)#switchport trunk allowed vlan 3
C. SW1(config-if)#interface fa0/2
SW1(config-if)#no switchport mode trunk
SW1(config-if)#no switchport trunk allowed vlan 3
SW1(config-if)#switchport mode access
D. SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport access vlan 3
SW1(config-if)#switchport trunk allowed vlan 2
Question 55 Refer to the exhibit.
Which two commands must be configured on router R1 to enable the router to accept secure remote-access
connections? (Choose two)
A. transport input telnet
B. username cisco password 0 cisco
C. login console
D. ip ssh pubkey-chain
E. crypto key generate rsa
Question 56 Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two)
A. forwarding
B. blocking
C. disabled
D. learning
E. listening
Question 57 What is a requirement when configuring or removing LAG on a WLC?
A. The incoming and outgoing ports for traffic flow must be specified if LAG is enabled.
B. The controller must be rebooted after enabling or reconfiguring LAG.
C. The management interface must be reassigned if LAG is disabled.
D. Multiple untagged interfaces on the same port must be supported.
Question 58 What is a requirement for nonoverlapping WI-FI channels?
A. different security settings
B. different transmission speeds
C. discontinuous frequency ranges
D. unique SSIDs
Question 59 An engineer must configure R1 for a new user account. The account must meet these requirements:
* It must be configured in the local database.
* The username is engineer2
* It must use the strongest password configurable.
Which command must the engineer configure on the router?
A. R1(config)# username engineer2 algorithm-type scrypt secret test2021
B. R1(config)# username engineer2 secret 5 password $1$bUu$kZbBS1Pyh4QzwXyZ
C. R1(config)# username engineer2 privilege 1 password 7 test2021
D. R1(config)# username engineer2 secret 4 $1Sb1Ju$kZbBSlFyh4QxwXyZ
Question 60 Refer to the exhibit.
Which configuration enables an EtherChannel to form dynamically between SW1 and SW2 by using an industry-
standard protocol, and to support full IP connectivity between all PCs?

Option A Option B

SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport switchport
switchport mode trunk switchport mode trunk
channel-group 1 mode on channel-group 1 mode auto
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode auto channel-group 1 mode active

SW2# SW2#
interface Gi0/1 interface gi0/1
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode auto channel-group 1 mode desirable
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode on channel-group 1 mode desirable
interface port-channel 1
switchport
switchport mode trunk

Option C Option D

SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode active channel-group 1 mode active
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode active channel-group 1 mode active

SW2# SW2#
interface Gi0/1 interface Gi0/1
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode passive channel-group 1 mode desirable
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode passive channel-group 1 mode desirable

A. Option A
B. Option B
C. Option C
D. Option D
Question 61 Drag and drop the descriptions or AAA services from the left onto the corresponding services on the
right.

Answer:
Accounting
+ records user commands
+ logs session statistics
Authentication
+ secures access to routers
+ validates user credentials
Authorization
+ limits the user’s access permissions
+ allows the user to change to enable mode
Question 62 Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.

Answer:
TCP
+ used to reliably share files between devices
+ requires the client and the server to establish a connection before sending the packet
UDP
+ transmitted based on data contained in the packet without the need for a data channel
+ appropriate for streaming operations with minimal latency
Question 63 What is the function of the controller in a software-defined network?
A. forwarding packets
B. making routing decisions
C. multicast replication at the hardware level
D. fragmenting and reassembling packets
Question 64 Refer to the exhibit.

An IP subnet must be configured on each router that provides enough addresses for the number of assigned hosts
and anticipates no more than 10% growth for new hosts. Which configuration script must be used?

Option A Option B

R7# R7#
configure terminal configure terminal
interface Fa1/0 interface Fa1/0
ip address 10.1.56.1 255.255.240.0 ip address 10.1.56.1 255.255.248.0
no shutdown no shutdown

R8# R8#
configure terminal configure terminal
interface Fa0/0 interface Fa0/0
ip address 10.9.32.1 255.255.224.0 ip address 10.9.32.1 255.255.254.0
no shutdown no shutdown
R9#
configure terminal R9#
interface Fa1/1 configure terminal
ip address 10.23.96.1 255.255.192.0 interface Fa1/1
no shutdown ip address 10.23.96.1 255.255.248.0
no shutdown

Option C Option D

R7# R7#
configure terminal configure terminal
interface Fa1/0 interface Fa1/0
ip address 10.1.56.1 255.255.252.0 ip address 10.1.56.1 255.255.192.0
no shutdown no shutdown
R8#
R8# configure terminal
configure terminal interface Fa0/0
interface Fa0/0 ip address 10.9.32.1 255.255.224.0
ip address 10.9.32.1 255.255.255.0 no shutdown
no shutdown R9#
configure terminal
 R9# interface Fa1/1
configure terminal ip address 10.23.96.1 255.255.128.0
interface Fa1/1 no shutdown
ip address 10.23.96.1 255.255.240.0
no shutdown

A. Option A
B. Option B
C. Option C
D. Option D
Question 65 Refer to the exhibit.

Which network prefix was learned via EIGRP?

A. 172.16.0.0/16
B. 207.165.200.0/24
C. 192.168.2.0/24
D. 192.168.1.0/24
Question 66 Refer to the exhibit.
An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to
verify the work. Which additional task allows the two switches to establish an LACP port channel?
A. Change the channel-group mode on SW1 to desirable.
B. Change the channel-group mode on SW1 to active or passive.
C. Change the channel-group mode on SW2 to auto.
D. Configure the interface port-channel 1 command on both switches.
Question 67 Refer to the exhibit.

A network engineer must update the configuration on Switch2 so that it sends LLDP packets every minute and the
information sent via LLDP is refreshed every 3 minutes. Which configuration must the engineer apply?
A. Switch2(config)#lldp timer 60
Switch2(config)# lldp tlv-select 180
B. Switch2(config)#lldp timer 60
Switch2(config)#lldp holdtime 180
C. Switch2(config)#lldp timer 1
Switch2(config)#lldp tlv-select 3
D. Switch2(config)#lldp timer 1
Switch2(config)#lldp holdtime 3
Question 68 Refer to the exhibit.

R1#show run
!
router ospf 1
auto-cost reference-bandwidth 100000
!
interface GigabitEthernet0/0
bandwidth 10000000
!
interface GigabitEthernet0/1
bandwidth 100000000
!
interface GigabitEthernet0/2
ip ospf cost 100
!
interface GigabitEthernet0/3
ip ospf cost 1000

Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to
direct traffic, an engineer verified that each of the four Gigabit interfaces has the same route to 10.10.0.0/16.
Which interface will R1 choose to send traffic to reach the route?
A. GigabitEthernet0/0
B. GigabitEthernet0/1
C. GigabitEthernet0/2
D. GigabitEthernet0/3
Question 69 An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain
name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination
router?
A. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 10 in
!
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
B. line vty 0 15
access-class 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22
C. line vty 0 15
access-group 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22
D. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in
!
ip access-list standard 110
permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1
Question 70 Which protocol is used for secure remote CLI access?
A. HTTP
B. Telnet
C. SSH
D. HTTPS
Question 71 What is a characteristic or private IPv4 addressing?
A. composed of up to 65,536 available addresses
B. issued by IANA in conjunction with an autonomous system number
C. used without tracking or registration
D. traverse the Internet when an outbound ACL is applied
Question 72 What provides centralized control of authentication and roaming in an enterprise network?
A. a LAN switch
B. a firewall
C. a lightweight access point
D. a wireless LAN controller
Question 73 A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a
routable locally-unique unicast address that is blocked from being advertised to the internet. Which configuration
must the engineer apply?
A. interface vlan 2000
ipv6 address ff00:0000:aaaa::1234:2343/64
B. interlace vlan 2000
ipv6 address fd00::1234:2343/64
C. interface vlan 2000
ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64
D. interface vlan 2000
ipv6 address fe80:0000:aaaa::1234:2343/64
Question 74 Refer to the exhibit.

How should the configuration be updated to allow PC1 and PC2 access to the Internet?
A. Modify the configured number of the second access list
B. Remove the overload keyword from the ip nat inside source command
C. Add either the ip nat {inside|outside} command under both interfaces
D. Change the ip nat inside source command to use interface GtgabitEthernet0/0
Question 75 OSPF must be configured between routers R1 and R2. Which OSPF configuration must be applied to
router R1 to avoid a DR/BDR election?
A. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.160.1.1 255.255.255.252
ip ospf network broadcast
B. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.255.255.252
ip ospf cost 0
C. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
hello interval 15
interface e1/1
ip address 192.168.1.1 255.255.255.252
D. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.55.255.252
ip ospf network point-to-point
Question 76 Refer to the exhibit.

All VLANs are present in the VLAN database. Which command sequence must be applied to complete the
configuration?
A. interface FastEthernet0/1
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15
B. interface FastEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,15
C. interface FastEthernet0/1
switchport trunk allowed vlan add 10
vlan 10
private-vlan isolated
D. interface FastEthernet0/1
switchport mode access
switchport voice vlan 10
Question 77 A Cisco engineer is configuring a factory-default router with these three passwords:
* The user EXEC password for console access is p4ssw0rd1.
* The user EXEC password for Telnet access is s3cr3t2.
* The password for privileged EXEC mode is priv4t3p4ss.
Which command sequence must the engineer configure?

Option A Option B

enable secret priv4t3p4ss enable secret privilege 15 priv4t3p4ss

! !
line con 0 line con 0
password p4ssw0rd1 password p4ssw0rdi
login login
! !
line vty 0 15 line vty 0 15
password s3cr3t2 password s3cr3t2
 login login

Option C Option D

enable secret priv413p4ss enable secret priv4t3p4ss

! !
line con 0 line con 0
password login p4ssw0rd1 password p4ssw0rd1
! !
line vty 0 15 line vty 0 15
password login s3cr3t2 password s3cr3t2
login

A. Option A
B. Option B
C. Option C
D. Option D
Question 78 Refer to the exhibit.

EIGRP 10.10.10.0/24[90/1441] via F0/10

EIGRP 10.10.10.0/24[90/144] via F0/11
EIGRP 10.10.10.0/24[90/1441] via F0/12
OSPF 10.10.10.0/24[110/20] via F0/13
OSPF 10.10.10.0/24[110/30] via F0/14

Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route is present within
the routing table. Which interface is used to forward traffic with a destination IP of 10.10.10.24?
A. F0/10
B. F0/11
C. F0/12
D. F0/13
Question 79 What is the purpose of the ip address dhcp command?
A. to configure an interface as a DHCP server
B. to configure an interface as a DHCP relay
C. to configure an interface as a DHCP helper
D. to configure an interface as a DHCP client
Question 80 What is a function of an endpoint on a network?
A. allows users to record data and transmit to a file server
B. connects server and client devices to a network
C. provides wireless services to users in a building
D. forwards traffic between VLANs on a network
Question 81 Drag and drop the statements about networking from the left onto the corresponding networking
types on the right.

Answer:
Traditional Networking
+ New devices are configured using the physical infrastructure
+ This type requires a distributed control plane
Controller-Based Networking
+ This type provisions resources from a centralized location
+ This type allows better control over how networks work and how networks are configured
+ This type enables networks to integrate with applications through APIs.
Question 82 A network engineer is installing an IPv6-only capable device. The client has requested that the device
IP address be reachable only from the internal network. Which type of IPv6 address must the engineer assign?
A. unique local address
B. link-local address
C. IPv4-compatibie IPv6 address
D. aggregatable global address

PART 9
Question 1 Refer to the exhibit.

Switch#show etherchannel summary

[output omitted]
Group Port-channel Protocol Ports
-------+--------------+---------+---------------------
10 Po10(SU) LACP Gi0/0(P) Gi0/1(P)
20 Po20(SU) LACP Gi0/2(P) Gi0/3(P)

Which two commands when used together create port channel 10? (Choose two)
A. int range g0/0-1
channel-group 10 mode active
B. int range g0/0-1
channel-group 10 mode desirable
C. int range g0/0-1
channel-group 10 mode passive
D. int range g0/0-1
channel-group 10 mode auto
E. int range g0/0-1
channel-group 10 mode on
Question 2 Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on the
same network at the same time?
A. global unicast address
B. anycast address
C. multicast address
D. link-local address
Question 3 Which field within the access-request packet is encrypted by RADIUS?
A. authorized services
B. authenticator
C. username
D. password
Question 4
Refer to the exhibit.

Which two configurations must the engineer apply on this network so that R1 becomes the DR? (Choose two)
A. R1(config)#interface fastethernet0/0
R1(config-if)#ip ospf priority 200
B. R1(config)#router ospf 1
R1(config-router)#router-id 192.168.100.1
C. R3(config)#interface fastethernet0/0
R3(config-if)#ip ospf priority 0
D. R1(config)#interface fastethernet0/0
R1(config-if)#ip ospf priority 0
E. R3(config)#interface fastethernet0/0
R3(config-if)#ip ospf priority 200
Question 5 Refer to the exhibit.

The router has been configured with a supernet to accommodate the requirement for 380 users on a subnet. The
requirement already considers 30% future growth. Which configuration verifies the IP subnet on router R4?
A. Subnet: 10.7.54.0
Subnet mask: 255.255.254.0
Broadcast address: 10.7.54.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
B. Subnet: 10.7.54.0
Subnet mask: 255.255.254.0
Broadcast address: 10.7.55.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
C. Subnet: 10.7.54.0
Subnet mask: 255.255.128.0
Broadcast address: 10.7.55.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
D. Subnet: 10.7.54.0
Subnet mask: 255.255.255.0
Broadcast address: 10.7.54.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
Question 6 What is a function of a Next-Generation IPS?
A. makes forwarding decisions based on learned MAC addresses
B. serves as a controller within a controller-based network
C. integrates with a RADIUS server to enforce Layer 2 device authentication rules
D. correlates user activity with network events
Question 7 What is the difference between IPv6 unicast and anycast addressing?
A. An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address
is assigned to a group of interfaces on multiple nodes.
B. IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes
require no special configuration
C. IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes
require no special configuration
D. Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes
Question 8 Refer to the exhibit.

Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted
connections? (Choose two)
A. username CNAC secret R!41!4319115@
B. crypto key generate rsa 1024
C. ip ssh version 2
D. line vty 0 4
E. transport input ssh
Question 9 Which action is taken by the data plane within a network device?
A. looks up an egress interface in the forwarding information base
B. constructs a routing table based on a routing protocol
C. provides CLI access to the network device
D. forwards traffic to the next hop
Question 10 R1 as an NTP server must have:
* NTP authentication enabled
* NTP packets sourced from Interface loopback 0
* NTP stratum 2
* NTP packets only permitted to client IP 209.165.200.225
How should R1 be configured?

Option A Option B

ntp authenticate ntp authenticate

ntp authentication-key 2 sha1 CISCO123 ntp authentication-key 2 md5 CISCO123
ntp source Loopback0 ntp source Loopback0
ntp access-group server-only 10 ntp access-group server-only 10
ntp master 2 ntp stratum 2
! !
access-list 10 permit udp host 209.165.200.225 any eq 123 access-list 10 permit udp host 209.165.200.225 any eq 123

Option C Option D

ntp authenticate ntp authenticate

ntp authentication-key 2 md5 CISCO123 ntp authentication-key 2 md5 CISCO123
ntp interface Loopback0 ntp source Loopback0
 ntp access-group server-only 10 ntp access-group server-only 10
ntp stratum 2 ntp master 2
! !
access-list 10 permit 209.165.200.225 access-list 10 permit 209.165.200.225

A. Option A
B. Option B
C. Option C
D. Option D
Question 11 Refer to the exhibit.

Which route must be configured on R1 so that OSPF routing is used when OSPF is up. But the server is still
reachable when OSPF goes down?
A. ip route 10.1.1.10 255.255.255.255 172.16.2.2 100
B. ip route 10.1.1.0 255.255.255.0 gi0/1 125
C. ip route 10.1.1.0 255.255.255.0 172.16.2.2 100
D. ip route 10.1.1.10 255.255.255.255 gi0/0 125
Question 12 How does Rapid PVST+ create a fast loop-free network topology?
A. It requires multiple links between core switches
B. It maps multiple VLANs into the same spanning-tree instance
C. It generates one spanning-tree instance for each VLAN
D. It uses multiple active paths between end stations
Question 13 Which WLC management connection type is vulnerable to man-in-the-middle attacks?
A. SSH
B. HTTPS
C. Telnet
D. console
Question 14 Refer to the exhibit.

Which command configures OSPF on the point-to-point link between routers R1 and R2?
A. network 10.0.0.0 0.0.0.255 area 0
B. neighbor 10.1.2.0 cost 180
C. ip ospf priority 100
D. router-id 10.0.0.15
Question 15 Which characteristic differentiates the concept of authentication from authorization and accounting?
A. user-activity logging
B. service limitations
C. consumption-based billing
D. identity verification
Question 17 Refer to the exhibit.

Traffic that is flowing over interface TenGigabitEthernet0/0 experiences slow transfer speeds. What is the reason
for the issue?
A. heavy traffic congestion
B. queuing drops
C. a speed conflict
D. a duplex incompatibility
Question 18 Which type of network attack overwhelms the target server by sending multiple packets to a port
until the half-open TCP resources of the target are exhausted?
A. SYN flood
B. reflection
C. teardrop
D. amplification
Question 19 Which interface mode must be configured to connect the lightweight APs in a centralized
architecture?
A. WLAN dynamic
B. management
C. trunk
D. access
Question 20 Which two network actions occur within the data plane? (Choose two)
A. Add or remove an 802.1Q trunking header.
B. Make a configuration change from an incoming NETCONF RPC.
C. Run routing protocols.
D. Reply to an incoming ICMP echo request.
E. Match the destination MAC address to the MAC address table.
Question 21 Refer to the exhibit.

A#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
172.1.1.1 1 EXCHANGE/- 00:00:36 172.16.32.1 Serial0.1

An engineer assumes a configuration task from a peer. Router A must establish an OSPF neighbor relationship with
neighbor 172.1.1.1. The output displays the status of the adjacency after 2 hours. What is the next step in the
configuration process for the routers to establish an adjacency?
A. Set the router B OSPF ID to the same value as its IP address
B. Set the router B OSPF ID to a nonhost address
C. Configure a point-to-point link between router A and router B
D. Configure router A to use the same MTU size as router B
Question 22 Refer to the exhibit.

CPE#show ip route
192.168.1.0/24 is variably subnetted, 3 subnets, 3 masks
B 192.168.1.0/24 [20/1] via 192.168.12.2, 00:00:06
R 192.168.1.128/25 [120/5] via 192.168.13.3, 00:02:22, Ethernet0/1
O 192.168.1.192/26 [110/11] via 192.168.14.4, 00:02:22, Ethernet0/2
D 192.168.1.224/27 [90/1024640] via 192.168.15.5, 00:01:33, Ethernet0/3

All traffic enters the CPE router from interface Serial0/3 with an IP address of 192.168.50.1. Web traffic from the
WAN is destined for a LAN network where servers are load-balanced. An IP packet with a destination address of
the HTTP virtual IP of 192.168.1.250 must be forwarded. Which routing table entry does the router use?
A. 192.168.1.0/24 via 192.168.12.2
B. 192.168.1.128/25 via 192.168.13.3
C. 192.168.1.192/26 via 192.168.14.4
D. 192.168.1.224/27 via 192.168.15.5
Question 23 Refer to the exhibit.

The link between PC1 and the switch is up, but it is performing poorly. Which interface condition is causing the
performance problem?
A. There is a duplex mismatch on the interface
B. There is an issue with the fiber on the switch interface
C. There is a speed mismatch on the interface
D. There is an interface type mismatch
Question 24 What provides centralized control of authentication and roaming in an enterprise network?
A. a lightweight access point
B. a firewall
C. a wireless LAN controller
D. a LAN switch
Question 25 Refer to the exhibit.

An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0/1
interface for the router to assign a unique 64-bit IPv6 address to itself?
A. ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64
B. ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64
C. ipv6 address 2001:DB8:0:1:FFFF:C601:420F:7/64
D. ipv6 address 2001:DB8:0:1:FE80:C601:420F:7/64
Question 26 Refer to the exhibit.

An engineer is configuring a new router on the network and applied this configuration. Which additional
configuration allows the PC to obtain its IP address from a DHCP server?
A. Configure the ip dhcp relay information command under interface Gi0/1
B. Configure the ip dhcp smart-relay command globally on the router
C. Configure the ip helper-address 172.16.2.2 command under interface Gi0/0
D. Configure the ip address dhcp command under interface Gi0/0
Question 27 Refer to the exhibit.

A static route must be configured on R14 to forward traffic for the 172.21.34.0/25 network that resides on R86.
Which command must be used to fulfill the request?
A. ip route 172.21.34.0 255.255.255.192 10.73.65.65
B. ip route 172.21.34.0 255.255.255.0 10.73.65.65
C. ip route 172.21.34.0 255.255.128.0 10.73.65.64
D. ip route 172.21.34.0 255.255.255.128 10.73.65.66
Question 28 What is a function of Opportunistic Wireless Encryption in an environment?
A. offer compression
B. increase security by using a WEP connection
C. provide authentication
D. protect traffic on open networks
Question 29 Refer to the exhibit.

A company is configuring a failover plan and must implement the default routes in such a way that a floating static
route will assume traffic forwarding when the primary link goes down. Which primary route configuration must be
used?
A. ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernet1/0
B. ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked
C. ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating
D. ip route 0.0.0.0 0.0.0.0 192.168.0.2
Question 30 Which action implements physical access control as part of the security program of an organization?
A. setting up IP cameras to monitor key infrastructure
B. backing up syslogs at a remote location
C. configuring enable passwords on network devices
D. configuring a password for the console port
Question 31 Refer to the exhibit.

An engineer is asked to insert the new VLAN into the existing trunk without modifying anything previously
configured Which command accomplishes this task?
A. switchport trunk allowed vlan 100-104
B. switchport trunk allowed vlan all
C. switchport trunk allowed vlan add 104
D. switchport trunk allowed vlan 104
Question 32
Refer to the exhibit.

What is a reason for poor performance on the network interface?

A. The interface is receiving excessive broadcast traffic.
B. The cable connection between the two devices is faulty.
C. The interface is operating at a different speed than the connected device.
D. The bandwidth setting of the interface is misconfigured
Question 33 Refer to the exhibit.

Routers R1 and R3 have the default configuration. The router R2 priority is set to 99. Which commands on R3
configure it as the DR in the 10.0.4.0/24 network?
A. R3(config)#interface Gig0/1
R3(config-if)#ip ospf priority 100
B. R3(config)#interface Gig0/0
R3(config-if)#ip ospf priority 100
C. R3(config)#interface Gig0/0
R3(config-if)#ip ospf priority 1
D. R3(config)#interface Gig0/1
R3(config-if)#ip ospf priority 0
Question 34 Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?
A. shaping
B. marking
C. policing
D. classification
Question 35 Refer to the exhibit.

Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2,03:32:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2,02:26:53
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:46:03
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
O 10.10.13.0/25 [110/2] via 10.10.10.1,00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.5,00:00:12, GigabitEthernet0/1
O 10.10.13.144/28 [110/2] via 10.10.10.9,00:01:57, GigabitEthernet0/2
O 10.10.13.160/29 [110/2] via 10.10.10.5,00:00:12, GigabitEthernet0/1
O 10.10.13.208/29 [110/2] via 10.10.10.13,00:01:57, GigabitEthernet0/3
S* 0.0.0.0/0 [1/0] via 10.10.11.2

Which next-hop IP address does Router1 use for packets destined to host 10.10.13.158?
A. 10.10.10.5
B. 10.10.11.2
C. 10.10.12.2
D. 10.10.10.9
Question 36 What is one reason to implement LAG on a Cisco WLC?
A. to increase security and encrypt management frames
B. to provide link redundancy and load balancing
C. to allow for stateful and link-state failover
D. to enable connected switch ports to failover and use different VLANs
Question 37 Refer to the exhibit.

Web traffic is coming in from the WAN interface. Which route takes precedence when the router is processing
traffic destined for the LAN network at 10.0.10.0/24?
A. via next-hop 10.0.1.5
B. via next-hop 10.0.1.4
C. via next-hop 10.0.1.50
D. via next-hop 10.0.1.100
Question 38 Which PoE mode enables powered-device detection and guarantees power when the device is
detected?
A. dynamic
B. static
C. active
D. auto
Question 39 A Cisco engineer must configure a single switch interface to meet these requirements
* accept untagged frames and place them in VLAN 20
* accept tagged frames in VLAN 30 when CDP detects a Cisco IP phone
Which command set must the engineer apply?
A. switchport mode access
switchport access vlan 20
switchport voice vlan 30
B. switchport mode trunk
switchport access vlan 20
switchport voice vlan 30
C. switchport mode dynamic auto
switchport trunk native vlan 20
switchport trunk allowed vlan 30
switchport voice vlan 30
D. switchport mode dynamic desirable
switchport access vlan 20
switchport trunk allowed vlan 30
switchport voice vlan 30
Question 40 Refer to the exhibit.

Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?
A. Router(config)#hostname R15
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config-line)#line vty 0 15
R15(config-line)# transport input ssh
R15(config)#ip ssh source-interface Fa0/0
R15(config)#ip ssh stricthostkeycheck
B. Router(config)#ip domain-name cisco.com
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2
Router(config-line)#line vty 0 15
Router(config-line)# transport input all
Router(config)#ip ssh logging events
C. Router(config)#hostname R15
R15(config)#ip domain-name cisco.com
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config)#ip ssh version 2
R15(config-line)#line vty 0 15
R15(config-line)# transport input ssh
D. Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2
Router(config-line)#line vty 0 15
Router(config-line)# transport input ssh
Router(config)#ip ssh logging events
R15(config)#ip ssh stricthostkeycheck
Question 41 Refer to the exhibit.

Users need to connect to the wireless network with IEEE 802.11r-compatible devices. The connection must be
maintained as users travel between floors or to other areas in the building. What must be the configuration of the
connection?
A. Select the WPA Policy option with the CCKM option
B. Disable AES encryption
C. Enable Fast Transition and select the FT 802.1x option
D. Enable Fast Transition and select the FT PSK option
Question 42 Refer to the exhibit.

An engineer is configuring an EtherChannel using LACP between Switches 1 and 2. Which configuration must be
applied so that only Switch 1 sends LACP initiation packets?
A. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode passive
B. Switch1(config-if)#channel-group 1 mode passive
Switch2(config-if)#channel-group 1 mode active
C. Switch1(config-if)#channel-group 1 mode active
Switch2(config-if)#channel-group 1 mode passive
D. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode active
Question 43 Refer to the exhibit.

SW1 = 24596 0018.184e.3c00

SW2 = 28692 004a.14e5.4077
SW3 = 32788 0022.55cf.dd00
SW4 = 64000 0041.454d.407f

Which switch becomes the root of a spanning tree for VLAN 20 if all links are of equal speed?
A. SW1
B. SW2
C. SW3
D. SW4
Question 44 Refer to the exhibit.

Router1(config)#interface GigabitEthernet0/0
Router1(config-if)#ip address 209.165.200.225 255.255.255.224
Router1(config-if)#ip nat outside
Router1(config)#interface GigabitEthernet0/1
Router1(config-if)#ip nat inside
Router1(config)#interface GigabitEthernet
Router1(config-if)#encapsulation dot1Q 100
Router1(config-if)#ip address 10.10.10.1 255.255.255.0
Router1(config)#interface GigabitEthernet0/1.200
Router1(config-if)#encapsulation dot1Q 200
Router1(config-if)#ip address 10.10.20.1 255.255.255.0
Router1(config)#ip access-list standard NAT_INSIDE_RANGES
Router1(config-std-nacl)#permit 10.10.10.0 0.0.0.255
Router1(config)#ip nat inside source list NAT_INSIDE_RANGES interface GigabitEthernet0/0 overload
Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish
connectivity to the Internet for users in VLAN 200?
A. Define a NAT pool on the router.
B. Update the NAT INSIDF RANGFS ACL
C. Configure the ip nat outside command on another interface for VLAN 200
D. Configure static NAT translations for VLAN 200
Question 45 Which protocol uses the SSL?
A. HTTP
B. HTTPS
C. SSH
D. Telnet
Question 46 Drag and drop the facts about wireless architectures from the left onto the types of access point on
the right. Not all options are used.

Answer:
Autonomous Access Point
+ requires a management IP address
+ accessible for management via Telnet, SSH, or a web GUI
Cloud-Based Access Point
+ managed from a web-based dashboard
+ supports automatic deployment
Question 47 Which value is the unique identifier that an access point uses to establish and maintain wireless
connectivity to wireless network devices?
A. VLANID
B. SSID
C. RFID
D. WLANID
Question 48 A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer has
already configured the host name on the router. Which additional command must the engineer configure before
entering the command to generate the RSA key?
A. password password
B. crypto key generate rsa modulus 1024
C. ip domain-name domain
D. ip ssh authentication-retries 2
Question 49 Refer to the exhibit.

Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on Gi0/1 must be
configured for the appropriate VLANs to establish connectivity between the PCs. Which command set fulfills the
requirement?
A. SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport access vlan 50
SwitchA(config-if)#switchport voice vlan 51
B. SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport access vlan 50
SwitchA(config-if)#switchport voice vlan untagged
C. SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#switchport trunk allowed vlan add 50, 51
SwitchA(config-if)#switchport voice vlan dot1p
D. SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#switchport trunk allowed vlan 50, 51
SwitchA(config-if)#switchport qos trust cos
Question 50 Which QoS traffic handling technique retains excess packets in a queue and reschedules these packets
for later transmission when the configured maximum bandwidth has been surpassed?
A. traffic shaping
B. traffic policing
C. weighted random early detection
D. traffic prioritization
Question 51 Refer to the exhibit.

R1 learns all routes via OSPF. Which command configures a backup static route on R1 to reach the 192.168.20.0/24
network via R3?
A. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111
B. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90
C. R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2
D. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2
Question 52 Which Layer 2 switch function encapsulates packets for different VLANs so that the packets traverse
the same port and maintain traffic separation between the VLANs?
A. VLAN numbering
B. VLAN DSCP
C. VLAN tagging
D. VLAN marking
Question 53 What is an expected outcome when network management automation is deployed?
A. A distributed management plane must be used.
B. Software upgrades are performed from a central controller
C. Complexity increases when new device configurations are added
D. Custom applications are needed to configure network devices
Question 54Refer to the exhibit.
The primary route across Gi0/0 is configured on both routers. A secondary route must be configured to establish
connectivity between the workstation networks. Which command set must be configured to complete this task?
A. R1
ip route 172.16.2.0 255.255.255.240 172.16.0.2 113
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.1 114
B. R1
ip route 172.16.2.0 255.255.255.240 172.16.0.5 89
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.6 89
C. R1
ip route 172.16.2.0 255.255.255.248 172.16.0.5 110
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.6 110
D. R1
ip route 172.16.2.0 255.255.255.224 172.16.0.6 111
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.5 112
Question 55 Refer to the exhibit.

Which action must be taken so that neighboring devices rapidly discover switch Cat9300?
A. Enable portfast on the ports that connect to neighboring devices
B. Configure the cdp holdtime 10 command on switch Cat9300
C. Configure the cdp timer 10 command on the neighbors of switch Cat9300
D. Configure the cdp timer 10 command on switch Cat9300

Question 56 Refer to the exhibit.

SW2 is replaced due to a hardware failure. A network engineer starts to configure SW2 by copying the Fa0/1
interface configuration from SW1. Which command must be configured on the Fa0/1 interface of SW2 to enable
PC1 to connect to PC2?
A. switchport mode trunk
B. switchport trunk native vlan 10
C. switchport trunk allowed remove 10
D. switchport mode access
Question 57 How do UTP and STP cables compare?
A. STP cables are cheaper to produre and easier to install and UTP cables are more expensive and harder to install.
B. UTP cables are less prone to crosstalk and interference and STP cables are more prone to crosstalk and
interference.
C. UTP cables provide faster and more reliable data transfer rates and STP cables are slower and less reliable.
D. STP cables are shielded and protect against electromagnetic interference and UTP lacks the same protection
against electromagnetic interference.

Question 58 Drag and drop the statements about device management from the left onto the corresponding
device-management types on the right.

Answer:
Cisco DNA Center Device Management:
+ It provides a single interface for network security and analytics
+ It supports CLI templates to apply a consistent configuration to multiple devices
+ It uses NetFlow to analyze potential security threats and take appropriate action on that traffic
Traditional Device Management:
+ It uses multiple tools and applications to analyze and troubleshoot different types of data
+ It manages device configurations on a per-device basis
+ Security is managed near the perimeter of the network with firewalls, VPNs, and IPS
Question 59 Which port type does a lightweight AP use to connect to the wired network when configured in
FlexConnect mode with local switching and VLAN tagging?
A. EtherChannel
B. access
C. LAG
D. trunk
Question 60 An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network. Which
feature must be enabled and configured to prevent connection issues with the printer?
A. passive client
B. static IP tunneling
C. DHCP address assignment
D. client exclusion
Question 61
An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001::/64. The next hop
must be 2019:C15C:0CAF:E002::1 The route must be reachable via the R1 Gigabit 0/0 interface. Which command
configures the designated route?
A. R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
B. R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
C. R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
D. R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
Question 62 Refer to the exhibit. What must be configured to enable 802.11w on the WLAN?

A. Set PMF to Required

B. Enable MAC Filtering
C. Enable WPA Policy
D. Set Fast Transition to Enabled

Question 63 Drag and drop the IPv6 address details from the left onto the corresponding types on the right.
Answer:
Anycast:
+ used exclusively by a non-host device
+ assigned to more than one interface
Multicast:
+ derived from the FF00::/8 address range
+ provides one-to-many communications
Unicast:
+ includes link-local and loopback addresses
+ identifies an interface on an IPv6 device
Question 64 Drag and drop the elements of a security program from the left onto the corresponding descriptions
on the right.

Answer:
+ awareness: user-awareness learning level that focuses on security practice that all employees must understand
and enforce
+ education: user-awareness learning level that focuses on learning about topics and practices beyond what is
typically required by the user’s job
+ security policy: tactical document that sets out specific tasks and methods to maintain security
+ security standard: document that outlines an organization’s security goals and practices and the roles and
responsibilities of the organization’s personnel
+ training: user-awareness learning level that focuses on teaching employees how to perform tasks specifically
required by their jobs
Question 65 Refer to the exhibit.

Which configuration establishes a Layer 2 LACP EtherChannel when applied to both switches?
A. interface range G1/1 -1/3
switchport mode access
channel-group 1 mode passive
no shutdown
B. interface range G1/1 -1/3
switchport mode trunk
channel-group 1 mode desirable
no shutdown
C. interface range G1/1 -1/3
switchport mode trunk
channel-group 1 mode active
no shutdown
D. interface range G1/1 -1/3
switchport mode access
channel-group 1 mode on
no shutdown

Question 66 Refer to the exhibit.

A network engineer configures the Cisco WLC to authenticate local wireless clients against a RADIUS server. Which
task must be performed to complete the process?
A. Disable the Server Status option
B. Enable the Management option
C. Enable the Network User option
D. Enable the Support for CoA option
Question 67 Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic flow?
A. shaping
B. policing
C. CBWFQ
D. LLQ
Question 68 What is the role of disaggregation in controller-based networking?
A. It divides the control-plane and data-plane functions.
B. It summarizes the routes between the core and distribution layers of the network topology.
C. It enables a network topology to quickly adjust from a ring network to a star network
D. It streamlines traffic handling by assigning individual devices to perform either Layer 2 or Layer 3 functions.
Question 69 Which REST method updates an object in the Cisco DNA Center Intent API?
A. CHANGE
B. UPDATE
C. POST
D. PUT

Question 70 Drag and drop the QoS terms from the left onto the descriptions on the right.
Answer:
Class-based weighted fair queuing: Guarantees minimum bandwidth to specific traffic classes when an interface is
congested
Classification: Categorizes packets based on the value of traffic descriptor
Congestion: Outcome of overutilization
Policing: Uses defined criteria to limit the transmission of one or more classes of traffic
Shaping: Prevents congestion by reducing the flow of the outbound traffic
Question 71 What is the function of Cisco Advanced Malware protection for next-generation IPS?
A. authorizing potentially compromised wireless traffic
B. URL filtering
C. authenticating end users
D. inspecting specific files and files types for malware
Question 72 An administrator must use the password complexity not manufacturer-name command to prevent
users from adding “cisco” as a password. Which command must be issued before this command?
A. Password complexity enable
B. confreg 0x2142
C. login authentication my-auth-list
D. service password-encryption
Question 73 What is the function of “off-the-shelf” switches in a controller-based network?
A. Forwarding packets
B. Making routing decision
C. Providing a central view of the deployed network
D. Setting packet-handling policies
Question 74 Which two practices are recommended for an acceptable security posture in a network? (Choose
two)
A. Maintain network equipment in a secure location
B. Backup device configurations to encrypted USB drives for secure retrieval
C. Use a cryptographic keychain to authenticate to network devices
D. Place internal email and file servers in a designated DMZ
E. Disable unused or unnecessary ports, interfaces and services
Question 75 Refer to the exhibit.

What are the two steps an engineer must take to provide the highest encryption and authentication using domain
credentials from LDAP? (Choose two)
A. Select WPA policy with TKIP Encryption
B. Select WPA + WPA2 on layer 2 security
C. Select PSK under authentication key management
D. Select Static-WEP + 802.1x on Layer 2 security
E. Select 802.1x from under authentication key management

Question 76 Refer to the exhibit.

Cat9K-1#show lldp entry Cat9K-2

Local Intf: Gi1/0/21

Chassis ID: 308b.b2b3.2880
Port id: Gi1/0/21
Port Description: GigabitEthernet1/0/21
System Name: Cat9K-2
Management Addresses:
IP: 10.6.110.2

The network administrator must prevent the switch Cat9K-2 IP address from being visible in LLDP without disabling
the protocol. Which action must be taken must be taken to complete the task?
A. Configure the no lldp tlv-select-management-address command globally on Cat9K-2
B. Configure the no lldp transmit command on interface G1/0/21 in Cat9K-1
C. Configure the no lldp receive command on interface G1/0/21 on Cat9K-1
D. Configure the no lldp mac-phy-cfg command globally on Cat9K-2
Question 77 Which WAN topology has the highest degree of reliability?
A. router-on-a-stick
B. Point-to-point
C. hub-and-spoke
D. full mesh
Question 78 What is a feature of WPA?
A. 802.1x authentication
B. preshared key
C. TKIP/MIC encryption
D. small Wi-Fi application
Question 79 Refer to the exhibit.

R1 has taken the DROTHER role in the OSPF DR/BDR election process. Which configuration must an engineer
implement so that R1 is elected as the DR?
A. R1(config)#interface FastEthernet0/0
R1(config-if)#ip ospf priority 1
R1#clear ip ospf process
B. R1(config)#interface FastEthernet0/0
R1(config-if)#ip ospf priority 200
R1#clear ip ospf process
C. R3(config)#interface FastEthernet0/1
R3(config-if)#ip ospf priority 200
R3#clear ip ospf process
D. R2(config)#interface FastEthernet0/2
R2(config-if)#ip ospf priority 1
R2#clear ip ospf process
Question 80 Refer to the exhibit.

The IP address configurations must be completed on the DC-1 and HQ-1 routers based on these requirements.
DC-1 Gi1/0 must be the last usable address on a /30
DC-1 Gi1/1 must be the first usable address on a /29
DC-1 Gi1/2 must be the last usable address on a /28
HQ-1 Gi1/3 must be the last usable address on a /29
Drag and drop the commands from the left onto the destination interfaces on the right. Not all commands are
used.

Answer:
DC-1:
+ ip address 209.165.202.130 255.255.255.252
+ ip address 192.168.4.9 255.255.255.248
+ ip address 192.168.3.14 255.255.255.240
HQ-1:
+ ip address 192.168.3.14 255.255.255.248
Question 81 Refer to the exhibit.

Which type of configuration is represented in the output?

A. Chef
B. JSON
C. Ansibte
D. Puppet
Question 82 How does TFTP operate in a network?
A. relies on the well-known TCP port 20 to transmit data
B. requires two separate connections for control and data traffic
C. uses block numbers to identify and mitigate data-transfer errors
D. provides secure data transfer
 Question 83 Drag and drop the statements about networking from the left onto the corresponding networking
types on the right.

Answer:
Traditional Networking
+ This type implements changes individually at each device.
+ Maintenance costs are higher than with other networking options.
Controller-Based Networking
+ This type provides a centralized view of the network.
+ This type leverages controllers to handle network management.
Question 84 Refer to the exhibit.

What is represented by “R1” and “SW1” within the JSON output?

A. array
B. object
C. value
D. key
Question 85 Refer to the exhibit.
The following must be considered
+ SW1 is fully configured for all traffic
+ The SW4 and SW9 links to SW1 have been configured
+ The SW4 interface Gi0/1 and Gi0/0 on SW9 have been configured
+ The remaining switches have had all VLANs added to their VLAN database
Which configuration establishes a successful ping from PC2 to PC7 without interruption to traffic flow between
other PCs?

Option A Option B

SW4#
interface Gi0/2
switchport mode trunk
switchport trunk allowed vlan 14,108
SW11#
interface Gi0/2
switchport mode trunk
switchport trunk allowed vlan 14,108
! SW11#
interface Gi0/1
switchport mode trunk
switchport trunk allowed vlan 14,108
SW9#
interface Gi0/2
switchport mode trunk
switchport trunk allowed vlan 14
SW4
interface Gi0/7
switchport mode trunk
switchport trunk allowed vlan 108
!
interface Gi0/2
switchport mode access
switchport access vlan 14
interface Gi0/2
switchport mode trunk
switchport trunk allowed vlan 14,108
!
interface Gi0/1
switchport mode trunk
switchport trunk allowed vlan 14,108
SW9#
interface Gi0/2
switchport mode access
switchport access vlan 14

Option C Option D

SW4 SW4
interface Gi0/2 interface Gi0/2
switchport mode trunk switchport mode access
switchport trunk allowed vlan 14 switchport access vlan 14

SW11# SW11#
interface Gi0/1 interface Gi0/2
switchport mode trunk switchport mode access
switchport trunk allowed vlan 14 switchport access vlan 14
!
SW9# interface Gi0/0
interface Gi0/2 switchport mode access
switchport mode trunk switchport access vlan 14
switchport trunk allowed vlan 108 !
interface Gi0/1
switchport mode trunk

SW9#
interface Gi0/2
switchport mode access
switchport access vlan 14
A. Option A
B. Option B
C. Option C
D. Option D
Question 86 An engineer is configuring switch SW1 to act as an NTP server when all upstream NTP server
connectivity fails. Which configuration must be used?
A. SW1# config t
SW1(config)#ntp server 192.168.1.1
SW1(config)#ntp access-group server accesslist1
B. SW1# config t
SW1(config)3 ntp peer 192.168.1.1
SW1(config)#ntp access-group peer accesslist1
C. SW1# config t
SW1(config)#ntp backup
SW1(config)#ntp server 192.168.1.1
D. SW1# config t
SW1(config)#ntp master
SW1(config)#ntp server 192.168.1.1
Question 87 Refer to the exhibit.

An OSPF neighbor relationship must be configured using these guidelines:

– R1 is only permitted to establish a neighbor with R2.
– R1 will never participate in DR elections.
– R1 will use a router-id of 10.1.1.1.
Which configuration must be used?

Option A Option B
 Option C Option D

A. Option A
B. Option B
C. Option C
D. Option D
Question 88 How does authentication differ from authorization?
A. Authentication verifies the identity of a person accessing a network, and authorization determines what
resource a user can access.
B. Authentication is used to determine what resources a user is allowed to access, and authorization is used to
track what equipment is allowed access to the network
C. Authentication is used to verify a person’s identity, and authorization is used to create syslog messages for
logins
D. Authentication is used to record what resource a user accesses, and authorization is used to determine what
resources a user can access
Question 89 A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, to which
type of OSPF network does this interface belong?
A. point-to-multipoint
B. point-to-point
C. nonbroadcast
D. broadcast
Question 90 Refer to the exhibit.

ip arp inspection vlan 5-10

interface fastethernet0/1
switchport mode access
switchport access vlan 5

What is the effect of this configuration?

A. Egress traffic is passed only if the destination is a DHCP server.
B. All ingress and egress traffic is dropped because the interface is untrusted.
C. All ARP packets are dropped by the switch.
D. The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings.
Question 91 Refer to the exhibit.

Which prefix did router R1 learn from internal EIGRP?

A. 192.168.2.0/24
B. 192.168.1.0/24
C. 192.168.3.0/24
D. 172.16.1.0/24
Question 92 Refer to the exhibit.

Router R1 must be configured to reach the 10.0.3.0 network from the 10.0.1.0/24 segment. Which command must
be used to configure the route?
A. route add 10.0.3.0 0.255.255.255 10.0.4.2
B. route add 10.0.3.0 mask 255.255.255.0 10.0.4.3
C. ip route 10.0.3.0 0.255.255.255 10.0.4.2
D. ip route 10.0.3.0 255.255.255.0 10.0.4.3
Question 93 What is a benefit for external users who consume public cloud resources?
A. implemented over a dedicated WAN
B. located in the same data center as the users
C. all hosted on physical servers
D. accessed over the Internet
Question 94 In an SDN architecture, which function of a network node is centralized on a controller?
A. provides protocol access for remote access devices
B. discards a message due filtering
C. creates the IP routing table
D. makes a routing decision
Question 95 An engineer must configure neighbor discovery between the company router and an ISP.

interface gigabitethernet0/0
description Circuit-ATT4202-89930
duplex full
speed 1000
media-type gbic
negotiation auto
lldp transmit
lldp receive

What is the next step to complete the configuration if the ISP uses a third-party router?
A. Disable CDP on gi0/0.
B. Disable auto-negotiation.
C. Enable LLDP TLVs on the ISP router.
D. Enable LLDP globally.
Question 96 Which SDN plane forwards user-generated traffic?
A. policy plane
B. management plane
C. data plane
D. control plane
Question 97 When should an engineer implement a collapsed-core architecture?
A. for large networks that are connected to multiple remote sites
B. the access and distribution layers must be on the same device
C. only when using VSS technology
D. for small networks with minimal need for growth
Question 98 Refer to the exhibit.

Routers R1 and R2 have been configured with their respective LAN interfaces. The two circuits are operational and
reachable across WAN. Which command set establishes failover redundancy if the primary circuit goes down?
A. R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.6 2
R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.5 2
B. R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.6
R2(config)#ip route 192.166.0.100 255.255.255.255 10.10.10.5
C. R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.2
R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.1
D. R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.6
R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.5
Question 99 Drag and drop the traffic types from the left onto the QoS delivery mechanisms on the right.

Answer:
+ best effort: standard Web browsing traffic
+ priority queue: VoIP traffic
+ policing: video traffic
+ shaping: database synchronization traffic
Question 100 What is a function performed by a web server?
A. provide an application that is transmitted over HTTP
B. send and retrieve email from client devices
C. securely store files for FTP access
D. authenticate and authorize a user’s identity
Question 101 Drag and drop the functions of AAA supporting protocols from the left onto the protocols on the
right.

Answer:
RADIUS
+ encrypts only the password when it sends an access request
+ combines authentication and authorization
+ uses UDP
TACACS+
+ separates all three AAA operations
+ encrypts the entire body of the access-request packet
+ uses TCP
Question 102 Which two wireless security standards use Counter Mode Cipher Block Chaining Message
Authentication Code Protocol for encryption and data integrity? (Choose two)
A. WPA2
B. WPA3
C. WEP
D. WPA
E. Wi-Fi 6
Question 103 What is a practice that protects a network from VLAN hopping attacks?
A. Implement port security on internet-facing VLANs.
B. Configure an ACL to prevent traffic from changing VLANs.
C. Assign all access ports to VLANs other than the native VLAN.
D. Enable dynamic ARP inspection.
Question 104 Refer to the exhibit.

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.56.0.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.56.0.1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.56.0.0/17 is directly connected, Vlan56
L 10.56.0.19/32 is directly connected, Vlan56
C 10.56.128.0/18 is directly connected, Vlan57
L 10.56.128.19/32 i directly connected, Vlan57

When router R1 is sending traffic to IP address 10.56.192.1, which interface or next hop address does it use to
route the packet?
A. 0.0.0.0/0
B. Vlan57
C. 10.56.0.1
D. 10.56.128.19
Question 105 What is a function of MAC learning on a switch?
A. A static MAC address is manually added to the MAC table.
B. MAC address learning is disabled by default on all VLANs.
C. Frames received for a destination MAC address not listed in the address table are dropped.
D. The MAC address table is used to populate the ARP table.
Question 106 What is the difference between 1000BASE-LX/LH and 1000BASE-ZX interfaces?
A. 1000BASE-LX/LH interoperates with multimode and single-mode fiber, and 1000BASE-ZX needs a conditioning
patch cable with a multimode.
B. 1000BASE-ZX is supported on links up to 1000km, and 1000BASE-LX/LH operates over links up to 70 km.
C. 1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP over multimode fiber, and 1000BASE-LX/LH
supports only single-rate.
D. 1000BASE-LX/LH is supported on links up to 10km, and 1000BASE-ZX operates over links up to 70 km.
Question 107 What is the effect when loopback interfaces and the configured router ID are absent during the OSPF
Process configuration?
A. The router ID 0.0.0.0 is selected and placed in the OSPF process.
B. No router ID is set, and the OSPF protocol does not run.
C. The highest up/up physical interface IP address is selected as the router ID.
D. The lowest IP address is incremented by 1 and selected as the router ID.

Question 108 Refer to the exhibit.

What is expected when PC_A sends data to PC_B after their initial communication?
A. The source and destination MAC addresses remain the same
B. The switch rewrites the source and destination MAC addresses with its own
C. The source MAC address is changed
D. The destination MAC address is replaced with ffff.ffff.ffff

PART 10
Question 1 Refer to the exhibit.

An engineer is asked to configure router R1 so that it forms an OSPF single-area neighbor relationship with R2.
Which command sequence must be implemented to configure the router?
A. router ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.2.0 0.0.0.255 area 0
B. router ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.1.0 0.0.0.255 area 0
C. router ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.2.0 255.255.255.0 area 0
D. router ospf 10
network 10.0.0.0 0.0.0.252 area 0
network 10.0.1.0 0.0.0.255 area 0
Question 2 Drag and drop the HTTP methods used with REST-Based APIs from the left onto the descriptions on the
right.

Answer:
+ creates a resource and returns to URI in the response header: POST
+ creates or replaces a previously modified resource using information in the request body: PUT
+ removes a resource: DELETE
+ retrieves a list of a resource’s URIs: GET
+ updates a resource using instructions included in the request body: PATCH
Question 3 What is the collapsed layer in collapsed core architectures?
A. core and WAN
B. access and WAN
C. distribution and access
D. core and distribution
Question 4 What is the MAC address used with VRRP as a virtual address?
A. 00-00-0C-07-AD-89
B. 00-00-5E-00-01-0a
C. 00-07-C0-70-AB-01
D. 00-C6-41-93-90-91
Question 5 Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.

Answer:
Global unicast: 2001:db8:600d:cafe::123
Link-Local unicast: fe80:a00:27ff:feeb:8eaa
Multicast: ff05::1:3
Unique Local: fcba:926a:e8e:7a25:b1:c6d2:1a76:8fdc
Question 6 Refer to the exhibit.

All routers in the network are configured. R2 must be the DR. After the engineer connected the devices, R1 was
elected as the DR. Which command sequence must be configure on R2 to be elected as the DR in the network?
A. R2(config)#interface gi0/0
R2(config-if)#ip ospf priority 1
B. R2(config)#interface gi0/0
R2(config-if)#ip ospf priority 100
C. R2(config)#router ospf 1
R2(config-router)#router-id 10.100.100.100
D. R2(config)#router ospf 1
R2(config-router)#router-id 192.168.2.7
Question 7 Which set of 2.4 GHz nonoverlapping wireless channels is standard in the United States?
A. channels 2, 7, 9, and 11
B. channels 1, 6, 11, and 14
C. channels 2, 7, and 11
D. channels 1, 6, and 11
Question 8 Which command entered on a switch configured with Rapid-PVST+ listens and learns for a specific time
period?
A. switch(config)#spanning-tree vlan 1 max-age 6
B. switch(config)#spanning-tree vlan 1 hello-time 10
C. switch(config)#spanning-tree vlan 1 priority 4096
D. switch(config)#spanning-tree vlan 1 forward-time 20
Question 9 Drag and drop the Wi-Fi terms from the left onto the descriptions on the right.

Answer:
+ Wi-Fi option based around one or more access points: distribution system
+ Wi-Fi option in which cells from different access points are linked together: extended service set
+ alphanumeric text string that identifies a wireless network: SSID
+ Wi-Fi option that enables two or more clients to communicate directly without a central access point:
independent basic service set
+ entire wireless cell of an access point and the linkage to the wired network: infrastructure mode
Question 10 Refer to the exhibit.

interface g2/0/0
channel-group 1 mode active
interface g4/0/0
channel-group 1 mode active
interface Port-channel1
ip address 203.0.113.65 255.255.255.252
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down

An engineer is configuring a Layer 3 port-channel interface with LACP. The configuration on the first device is
complete, and it is verified that both interfaces have registered the neighbor device in the CDP table. Which task
on the neighbor device enables the new port channel to come up without negotiating the channel?
A. Bring up the neighboring interfaces using the no shutdown command.
B. Change the EtherChannel mode on the neighboring interfaces to auto
C. Modify the static EtherChannel configuration of the device to passive mode
D. Configure the IP address of the neighboring device
Question 11 Refer to the exhibit.

What is the next hop for traffic entering R1 with a destination of 10.1.2.126?
A. 10.165.20.126
B. 10.165.20.146
C. 10.165.20.166
D. 10.165.20.226
Question 12 Refer to the exhibit.

A network engineer must configure R1 so that it sends all packets destined to the 10.0.0.0/24 network to R3, and
all packets destined to PC1 to R2. Which configuration must the engineer implement?
A. R1(config)#ip route 10.0.0.0 255.255.0.0 172.16.0.2
R1(config)#ip route 10.0.0.5 255.255.255.255 192.168.0.2
B. R1(config)#ip route 10.0.0.0 255.255.255.0 172.16.0.2
R1(config)#ip route 10.0.0.5 255.255.255.255 192.168.0.2
C. R1(config)#ip route 10.0.0.0 255.255.0.0 192.168.0.2
R1(config)#ip route 10.0.0.0 255.255.255.0 172.16.0.2
D. R1(config)#ip route 10.0.0.0 255.255.255.0 192.168.0.2
R1(config)#ip route 10.0.0.5 255.255.255.255 172.16.0.2
Question 13 Drag and drop the facts about wireless architectures from the left onto the types of access point on
the right. Not all options are used.

Answer:
Autonomous Access Point
+ acccessible for management via Tenet SSH, or a Web GUI
+ requires a management IP address
Lightweight Access Point
+ configured and managed by a WLC
+ supports different operational modes
Question 14 Drag and drop the functions of SNMP fault-management from the left onto the definitions on the
right.

Answer:
+ The network management system launches a preconfigured script to restore functionality: restoration of service
+ The administrator can manually intervene at the source of the fault: problem resolution
+ The system identifies performance degradation or service interruption: fault detection
+ The system groups alarms from related issues: event correlation and aggregation
+ The system reports on the source of the issue: fault diagnosis and isolation
Question 15 What is the purpose of the Cisco DNA Center controller?
A. to securely manage and deploy network devices
B. to scan a network and generate a layer 2 network diagram
C. to provide Layer 3 services to autonomous access points
D. to secure physical access to a data center
Question 16 Refer to the exhibit.

An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence
must be configured?
A. interface gigabitethernet0/0
ip address 10.0.1.1 255.255.255.224
ip ospf priority 98
B. interface gigabitethernet0/0
ip address 10.0.1.1 255.255.255.0
ip ospf priority 255
C. interface gigabitethernet0/0
ip address 10.0.0.34 255.255.255.248
ip ospf priority 0
D. interface gigabitethernet0/0
ip address 10.0.0.34 255.255.255.224
ip ospf priority 100
Question 17 Refer to the exhibit.

R1 has just received a packet from host A that is destined to host B. Which route in the routing table is used by R1
to reach host B?
A. 10.10.13.0/25[1/0] via 10.10.10.2
B. 10.10.13.0/25[110/2] via 10.10.10.6
C. 10.10.13.0/25[110/2] via 10.10.10.2
D. 10.10.13.0/25[108/0] via 10.10.10.10
Question 18 Refer to the exhibit.

The given Windows PC is requesting the IP address of the host at www.cisco.com. To which IP address is the
request sent?
A. 192.168.1.226
B. 192.168.1.253
C. 192.168.1.100
D. 192.168.1.254
Question 19 What is a feature of TFTP?
A. provides secure data transfer
B. relies on the well-known TCP port 20 to transmit data
C. uses two separate connections for control and data traffic
D. offers anonymous user login ability
Question 20 Which access point mode relies on a centralized controller tor management, roaming, and SSID
configuration?
A. repeater mode
B. bridge mode
C. lightweight mode
D. autonomous mode
Question 21 Which command creates a static NAT binding for a PC address of 10.1.1.1 to the public routable
address 209.165.200.225 assigned to the PC?
A. R1(config)#ip nat outside source static 209.165.200.225 10.1.1.1
B. R1(config)#ip nat inside source static 209.165.200.225 10.1.1.1
C. R1(config)#ip nat outside source static 10.1.1.1 209.165.200.225
D. R1(config)#ip nat inside source static 10.1.1.1 209.165.200.225
Question 22 Refer to the exhibit.

RIP 10.1.1.16/28[120/5] via F0/0

OSPF 10.1.1.0/24[110/30] via F0/1
OSPF 10.1.1.0/24[110/40] via F0/2
EIGRP 10.1.0.0/26[90/20] via F0/3
EIGRP 10.0.0.0/8[90/133] via F0/4

Packets received by the router from BGP enter via a serial interface at 209.165.201.1. Each route is present within
the routing table. Which interface is used to forward traffic with a destination IP of 10.1.1.19?
A. F0/0
B. F0/1
C. F0/3
D. F0/4
Question 23 Which two REST API status-code classes represent errors? (Choose two)
A. 1XX
B. 2XX
C. 3XX
D. 4XX
E. 5XX
Question 24 An engineer has configured the domain name, user name, and password on the local router. What is
the next step to complete the configuration for a Secure Shell access RSA key?
A. crypto key generate rsa
B. crypto key pubkey-chain rsa
C. crypto key import rsa pem
D. crypto key zeroize rsa
Question 25 Which encryption method is used by WPA3?
A. TKIP
B. SAE
C. PSK
D. AES
Question 26 An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain
name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination
router?
A. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.248
ip access-group 10 in
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
B. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 105 in
ip access-list standard 105
permit tcp 10.139.58.0 0.0.0.7 eq 22 host 10.122.49.1
C. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in
ip access-list extended 110
permit tcp 10.139.58.0 0.0.0.15 host 10.122.49.1 eq 22
D. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.240
access-group 120 in
ip access-list extended 120
permit tcp 10.139.58.0 255.255.255.248 any eq 22
Question 27 What is a function of spine-and-leaf architecture?
A. mitigates oversubscription by adding a layer of leaf switches
B. limits payload size of traffic within the leaf layer
C. offers predictable latency of the traffic path between end devices
D. exclusively sends multicast traffic between servers that are directly connected to the spine
Question 28 What differentiates device management enabled by Cisco DNA Center from traditional campus
device management?
A. CLI-oriented device
B. centralized
C. per-device
D. device-by-device hands-on
Question 29 Refer to the exhibit.

Router R1 is added to the network and configured with the 10.0.0.64/26 and 10.0.20.0/24 subnets. However,
traffic destined for the LAN on R3 is not accessible. Which command when executed on R1 defines a static route to
reach the R3 LAN?
A. ip route 10.0.15.0 255.255.255.0 10.0.20.1
B. ip route 10.0.15.0 255.255.255.192 10.0.20.1
C. ip route 10.0.0.64 255.255.255.192 10.0.20.3
D. ip route 10.0.15.0 255.255.255.0 10.0.20.3
Question 30 Refer to the exhibit.

Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0

209.165.200.0/27 is sudnetted, 1 subnets

B 209.165.200.224 [20/0] via 10.10.12.2, 03:03:03
209.165.201.0/27 is sudnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2, 03:03:03
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2, 03:03:03
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.11.0/30 is directly connected, FastEthernet2/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
O 10.10.13.144/28 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
O 10.10.13.160/29 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
O 10.10.13.208/29 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.11.2
Drag and drop the prefix lengths from the left onto the corresponding prefixes on the right. Not all prefixes are
used.

Answer:
10.10.13.0 – 255.255.255.128
10.10.13.144 – 255.255.255.240
10.10.13.160 – 255.255.255.248
209.165.202.128 – 255.255.255.224
Question 31 What is a zero-day exploit?
A. It is when an attacker inserts malicious code into a SQL server.
B. It is when a new network vulnerability is discovered before a fix is available.
C. It is when the perpetrator inserts itself in a conversation between two parties and captures or alters data.
D. It is when the network is saturated with malicious traffic that overloads resources and bandwidth.
Question 32 After a recent security breach and a RADIUS failure, an engineer must secure the console port of each
enterprise router with a local username and password. Which configuration must the engineer apply to accomplish
this task?
A. aaa new-model
aaa authorization exec default local
aaa authentication login default radius
username localuser privilege 15 secret plaintextpassword
B. username localuser secret plaintextpassword
line con 0
login authentication default
privilege level 15
C. username localuser secret plaintextpassword
line con 0
no login local
privilege level 15
D. aaa new-model
line con 0
password plaintextpassword
privilege level 15
Question 33 Which command implies the use of SNMPv3?
A. snmp-server community
B. snmp-server host
C. snmp-server enable traps
D. snmp-server user
Question 34 Refer to the exhibit.

Clients on the WLAN are required to use 802.11r. What action must be taken to meet the requirement?
A. Enable CCKM under Authentication Key Management
B. Under Protected Management Frames, set the PMF option to Required
C. Set the Fast Transition option to Enable and enable FT 802.1X under Authentication Key Management
D. Set the Fast Transition option and the WPA gtk-randomize State to disable
Question 35 When a switch receives a frame for an unknown destination MAC address, how is the frame handled?
A. broadcast to all ports on the switch
B. flooded to all ports except the origination port
C. forwarded to the first available port
D. inspected and dropped by the switch
Question 36 What is the default port-security behavior on a trunk link?
A. It causes a network loop when a violation occurs.
B. It disables the native VLAN configuration as soon as port security is enabled.
C. It places the port in the err-disabled state if it learns more than one MAC address.
D. It places the port in the err-disabled state after 10 MAC addresses are statically configured.
Question 37 Refer to the exhibit.

How many objects are present in the given JSON-encoded data?

A. one
B. four
C. seven
D. nine
Question 38 What are two examples of multifactor authentication? (Choose two)
A. single sign-on
B. unique user knowledge
C. passwords that expire
D. soft tokens
E. shared password responsibility
Question 39 Refer to the exhibit.

Router1#show ip route

Gateway of last resort is 10.10.11.2 to network 0.0.0 0

209.165.200.0/27 is subnetted, 1 subnets

B 209.165.200.224 [20/0] via 10 10.12.2,03:22:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2, 02:26:33
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:26:03
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.11.0/30 is directly connected, FastEthernet2/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.144/28 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.160/29 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.208/29 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
S* 0.0.0 0/0 [1/0] via 10.10.11.2

What is the subnet mask of the route to the 10.10.13.160 prefix?

A. 255.255.255.240
B. 255.255.255.128
C. 255.255.248.0
D. 255.255.255.248
Question 40 Refer to the exhibit.

Routers R1, R2, and R3 use a protocol to identify their neighbors’ IP addresses, hardware platforms, and software
versions. A network engineer must configure R2 to avoid sharing any neighbor information with R3, and maintain
its relationship with R1. What action meets this requirement?
A. Configure the no lldp run command globally
B. Configure the no lldp receive command on g0/1
C. Configure the no cdp run command globally
D. Configure the no cdp enable command on g0/2
Question 41 What is a function of an endpoint?
A. It passes unicast communication between hosts in a network
B. It is used directly by an individual user to access network services
C. It provides security between trusted and untrusted sections of the network
D. It transmits broadcast traffic between devices in the same VLAN
Question 42 Refer to the exhibit.

A network engineer started to configure port security on a new switch. These requirements must be met:
– MAC addresses must be learned dynamically.
– Log messages must be generated without disabling the interface when unwanted traffic is seen.
Which two commands must be configured to complete this task? (Choose two)
A. SW(config-if)#switchport port-security mac-address 0010.7B84.45E6
B. SW(config-if)#switchport port-security maximum 2
C. SW(config-if)#switchport port-security mac-address sticky
D. SW(config-if)#switchport port-security violation shutdown
E. SW(config-if)#switchport port-security violation restrict
Question 43 What are two features of the DHCP relay agent? (Choose two)
A. minimizes the necessary number of DHCP servers
B. assigns DNS locally and then forwards request to DHCP server
C. is configured under the Layer 3 interface of a router on the client subnet
D. allows only MAC-to-IP reservations to determine the local subnet of a client
E. permits one IP helper command under an individual Layer 3 interface
Question 44 Refer to the exhibit.

A network engineer must configure router R1 with a host route to the server. Which command must the engineer
configure?
A. R1(config)#ip route 10.10.10.10 255.255.255.255 192.168.0.2
B. R1(config)#ip route 10.10.10.0 255.255.255.0 192.168.0.2
C. R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2
D. R1(config)#ip route 192.168.0.2 255.255.255.255 10.10.10.10
Question 45 In a cloud-computing environment, what is rapid elasticity?
A. automatic adjustment of capacity based on need
B. control and monitoring of resource consumption by the tenant
C. pooling resources in a multitenant model based on need
D. self-service of computing resources by the tenant
Question 46 Drag and drop the steps in a standard DNS lookup operation from the left into the order on the right.
Answer:
Step 1: An endpoint submits a request for the IP address of a domain name
Step 2: The DNS submits a request to a root DNS server
Step 3: The DNS submits a request to the domain DNS server
Step 4: The DNS receives a reply from the domain DNS server
Step 5: The DNS responds to the endpoint
Question 47 What must be considered for a locally switched FlexConnect AP if the VLANs that are used by the AP
and client access are different?
A. The APs must be connected to the switch with multiple links in LAG mode.
B. The native VLAN must match the management VLAN of the AP.
C. The switch port mode must be set to trunk.
D. IEEE 802.1Q trunking must be disabled on the switch port.
Question 48 Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being
automatically logged out?
A. config sessions maxsessions 0
B. config serial timeout 9600
C. config serial timeout 0
D. config sessions timeout 0
Question 49 Which two IPv6 addresses are used to provide connectivity between two routers on a shared link?
(Choose two)
A. 2002::512:1204b:1111::1/64
B. ff06:bb43:cc13:dd16:1bb:ff14:7545:234d
C. FF02::0001:FF00:0000/104
D. 2001:701:104b:1111::1/64
E. ::ffff:10.14.101.1/96
Question 50 Refer to the exhibit.
An architect is managing a wireless network with APs from several branch offices connecting to the WLC in the
data center. There is a new requirement for a single WLAN to process the client data traffic without sending it to
the WLC. Which action must be taken to complete the request?
A. Enable local HTTP profiling
B. Enable FlexConnect Local Switching
C. Enable local DHCP Profiling
D. Enable Disassociation Imminent
Question 51 What is a function of MAC address learning?
A. It is disabled by default on all interfaces connected to trunks
B. It increases security on the management VLAN
C. It is enabled by default on all VLANs and interfaces
D. It increases the potential for MAC address flooding
Question 52 A Cisco engineer at a new branch office is configuring a wireless network with access points that
connect to a controller that is based at corporate headquarters. Wireless client traffic must terminate at the
branch office and access-point survivability is required in the event of a WAN outage. Which access point mode
must be selected?
A. Lightweight with local switching disabled
B. Local with AP fallback enabled
C. OfficeExtend with high availability disabled
D. FlexConnect with local switching enabled
Question 53 What is an advantage of using auto mode versus static mode for power allocation when an access
point is connected to a PoE switch port?
A. The default level is used for the access point
B. It detects the device is a powered device
C. All four pairs of the cable are used
D. Power policing is enabled at the same time
Question 54 Refer to the exhibit.

R1# show ip route | begin gateway

Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 5 subnets, 5 masks
O 172.16.2.128/25 [110/3184437] via 207.165.200.250, 00:00:24, Serial0/0/0
O 172.16.3.64/27 [110/3184437] via 207.165.200.250, 00:00:24, Serial0/0/0
O 172.16.3.128/28 [110/3184437] via 207.165.200.250, 00:00:24, Serial0/0/0
O 172.16.3.192/29 [110/3184437] via 207.165.200.250, 00:00:24, Serial0/0/0
O 172.16.4.0/23 [110/3184437] via 207.165.200.250, 00:00:24, Serial0/0/0
207.165.200.0/24 is variably subnetted, 4 subnets, 2 masks
C 207.165.200.248/30 is directly connected, Serial0/0/0
L 207.165.200.249/32 is directly connected, Serial0/0/0
C 207.165.200.252/30 is directly connected, Serial0/0/1
L 207.165.200.253/32 is directly connected, Serial0/0/1

Drag and drop the learned prefixes from the left onto the subnet masks on the right.

Answer:
172.16.4.0 – 255.255.254.0
172.16.2.128 – 255.255.255.128
172.16.3.64 – 255.255.255.224
172.16.3.128 – 255.255.255.240
172.16.3.192 – 255.255.255.248
Question 55 Drag and drop the Ansible features from the left to the right. Not all features are used.
Answer:
uses the YAML language
executes modules via SSH by default
pushes configurations to the client
operates without agents
Question 56 Refer to the exhibit.

--Some output missing--

Routing Descriptor Blocks:
* directly connected, via Ethernet0/1
Route metric is 0, traffic share count is 1

CPE# ping 203.0.113.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/oax = 1/1/1 ms

CPE# show ip route

Gateway of last resort is 198.51.100.1 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 198.51.100.1, 00:02:07
198.51.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 198.51.100.0/30 is directly connected, Ethernet0/0
L 198.51.100.2/32 is directly connected, Ethernet0/0
203.0.113.0/24 is variably subnetted, 2 subnets, 2 masks
C 203.0.113.0/30 is directly connected, Ethernet0/1
L 203.0.113.2/32 is directly connected, Etheraet0/1

After configuring a new static route on the CPE, the engineer entered this series of commands to verify that the
new configuration is operating normally. When is the static default route installed into the routing table?
A. when the default route learned over external BGP becomes invalid
B. when 203.0.113.1 is no longer reachable as a next hop
C. when the default route learned over external BGP changes its next hop
D. when a route to 203.0.113.1 is learned via BGP
Question 57 Refer to the exhibit.

Wireless LAN access must be set up to force all clients from the NA WLAN to authenticate against the local
database. The WLAN is configured for local EAP authentication. The time that users access the network must not
be limited. Which action completes this configuration?
A. Check the Guest User Role check box
B. Clear the Lifetime (seconds) value
C. Set the Lifetime (seconds) value to 0
D. Uncheck the Guest User check box
Question 58 Which remote access protocol provides unsecured remote CLI access?
A. Telnet
B. SSH
C. console
D. Bash
Question 59 Refer to the exhibit.
An engineer must configure the interface that connects to PC1 and secure it in a way that only PC1 is allowed to
use the port. No VLAN tagging can be used except for a voice VLAN. Which command sequence must be entered to
configure the switch?
A. SW1(config-if)#switchport mode nonegotiate
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum 1
B. SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security mac-address 0050.7966.6800
C. SW1(config-if)#switchport mode dynamic desirable
SW1(config-if)#switchport port-security mac-address 0050.7966.6800
SW1 (config-if)#switchport port-security mac-address sticky
D. SW1(config-if)#switchport mode dynamic auto
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security violation restrict

Question 60 Refer to the exhibit.

A public IPv6 address must be configured for internet access. Which command must be configured on the R2 WAN
interface to the service provider?
A. ipv6 address fe80::260:3EFF:FE11:6770 link-local
B. ipv6 address fe80: :/10
C. ipv6 address 2001:db8:433:47:4620:ffff:ffff:ffff/64 anycast
D. ipv6 address 2001:db8:123:45::4/64
Question 61 Drag and drop the device behaviors from the left onto the matching HSRP state on the right.

Answer:
+ is waiting to hear from the neighbor device: Learn
+ is forwarding packets: Active
+ has heard from the neighbor device and is receiving hello packets: Listen
+ is transmitting and receiving hello packets: Speak
+ is ready to forward packets if the device that is currently forwarding packets fails: Standby
Question 62 Which two functions does a WLC perform in the lightweight access-point architecture that an AP
performs independently in an autonomous architecture? (Choose two)
A. handling the association, authentication, and roaming of wireless clients
B. encrypting and decrypting traffic that uses the WAP protocol family
C. preventing collisions between wireless clients on the same RF channel
D. managing RF channels, including transmission power
E. sending and processing beacon frames
Question 63 Refer to the exhibit.

Current Neighbor Relationship

Neighbor ID Pri State Dead Time Address Interface
192.168.1.1 1 FULL/DR 00:00:33 192.168.1.1 GigabitEthernet0/0

Desired Neighbor Relationship

Neighbor ID Pri State Dead Time Address Interface
192.168.1.1 0 FULL/ - 00:00:31 192.168.1.1 GigabitEthernet0/0

How must OSPF be configured on the GigabitEthernet0/0 interface of the neighbor device to achieve the desired
neighbor relationship?
A. Router(config)#interface GigabitEthernet 0/0
Router(config-if)#ip ospf cost 5
B. Router(config)#interface GigabitEthernet 0/0
Router(config-if)#ip ospf 1 area 2
C. Router(config)#interface GigabitEthernet 0/0
Router(config-if)#ip ospf network point-to-point
D. Router(config)#interface GigabitEthernet 0/0
Router(config-if)#ip ospf priority 1
Question 64 What causes a port to be placed in the err-disabled state?
A. latency
B. nothing plugged into the port
C. shutdown command issued on the port
D. link flapping
Question 65 Which function forwards frames to ports that have a matching destination MAC address?
A. frame pushing
B. frame filtering
C. frame flooding
D. frame switching
Question 66 Refer to the exhibit.

The SW1 and SW2 Gi0/0 ports have been preconfigured. An engineer is given these requirements:
+ Allow all PCs to communicate with each other at Layer 3.
+ Configure untagged traffic to use VLAN 5.
+ Disable VLAN 1 from being used.
Which configuration set meets these requirements?

Option A Option B
SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 5,7,9,108 switchport trunk allowed vlan 5,7,9,108
switchport trunk native vlan 5
interface Gi0/2
switchport mode trunk interface Gi0/2
switchport trunk allowed vlan 7,9,108 switchport mode access
switchport trunk allowed vlan 7,9,108
SW2#
interface Gi0/1 SW2#
switchport mode trunk interface Gi0/1
switchport trunk allowed vlan 7 switchport mode access
no switchport access vlan 1
interface Gi0/7 switchport access vlan 7
switchport mode trunk
 switchport trunk allowed vlan 5,7,9,108 interface Gi0/7
switchport mode trunk
switchport trunk allowed vlan 7,9,108
switchport trunk native vlan 5

Option C Option D
SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 5,7,9,108 switchport trunk allowed vlan 5,7,9,108
switchport trunk native vlan 5 switchport trunk native vlan 5
interface Gi0/2 interface Gi0/2
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 5,7,9,108 switchport trunk allowed vlan 5,7,9,108
SW2# SW2#
interface Gi0/1 interface Gi0/1
switchport mode access switchport mode access
switchport access vlan 7 switchport access vlan 7
interface Gi0/7 interface Gi0/7
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 7,9,108 switchport trunk allowed vlan 5,7,9,108
switchport trunk native vlan 5

A. Option A
B. Option B
C. Option C
D. Option D

Question 67 Refer to the exhibit.

SW1#show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual down down
SW1#show interface fa0/1 status
Port Name Status Vlan Duplex Speed Type
Fa0/1 notconnect 1 a-full a-100 10/100BaseTX

What is the cause of the issue?

A. STP
B. shutdown command
C. port security
D. wrong cable type
Question 68 Refer to the exhibit.

Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2,03:32:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2,02:26:53
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:46:03
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.11.0/30 is directly connected, FastEthernet2/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.1, 00:00:12, GigabitEthernet0/0
O 10.10.13.144/28 [110/2] via 10.10.10.1, 00:01:57, GigabitEthernet0/0
O 10.10.13.160/29 [110/2] via 10.10.10.1, 00:00:12, GigabitEthernet0/0
O 10.10.13.208/29 [110/2] via 10.10.10.1, 00:01:57, GigabitEthernet0/0
O 10.10.13.252/30 [110/2] via 10.10.10.1, 00:01:57, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.11.2

Drag and drop the subnet masks from the left onto the corresponding subnets on the right. Not all subnet masks
are used.

Answer:
10.10.13.0 – 255.255.255.128
10.10.13.128 – 255.255.255.240
10.10.13.160 – 255.255.255.248
10.10.13.252 – 255.255.255.252
Question 69 Refer to the exhibit.

A network engineer must configure the link with these requirements:

• Consume as few IP addresses as possible.
• Leave at least two additional useable IP addresses for future growth.
Which set of configurations must be applied?
A. R1(config-if)#ip address 10.10.10.1 255.255.255.248
R2(config-if)#ip address 10.10.10.4 255.255.255.248
B. R1(config-if)#ip address 10.10.10.1 255.255.255.240
R2(config-if)#ip address 10.10.10.12 255.255.255.240
C. R1 (config-if)#ip address 10.10.10.1 255.255.255.252
R2(config-if)#ip address 10.10.10.2 255.255.255.252
D. R1 (config-if)#ip address 10.10.10.1 255.255.255.0
R2(config-if)#ip address 10.10.10.5 255.255.255.0
Question 70 What is a function of Layer 3 switches?
A. They route traffic between devices in different VLANs.
B. They transmit broadcast traffic when operating in Layer 3 mode exclusively.
C. They forward Ethernet frames between VLANs using only MAC addresses.
D. They move frames between endpoints limited to IP addresses.

Question 71 Refer to the exhibit.

IPv6 is being implemented within the enterprise. The command ipv6 unicast-routing is configured. Interface
Gig0/0 on R1 must be configured to provide a dynamic assignment using the assigned IPv6 block. Which command
accomplishes this task?
A. ipv6 address 2001:DB8:FFFF:FCF3::/64 eui-64
B. ipv6 address 2001:DB8:FFFF:FCF3::/64 link-local
C. ipv6 address 2001:0B8:FFFF:FCF3::1/64
D. ipv6 address autoconfig 2001:DB8:FFFF:FCF2::/64
Question 72 Refer to the exhibit.

Which router or router group are NTP clients?

A. R1, R2, and R3
B. R1
C. R2 and R3
D R1, R3, and R4
Question 73 A network engineer is replacing the switches that belong to a managed-services client with new Cisco
Catalyst switches. The new switches will be configured for updated security standards, including replacing Telnet
services with encrypted connections and doubling the modulus size from 1024. Which two commands must the
engineer configure on the new switches? (Choose two)
A. transport input ssh
B. transport input all
C. crypto key generate rsa general-keys modulus 1024
D. crypto key generate rsa usage-keys
E. crypto key generate rsa modulus 2048
Question 74 Refer to the exhibit.
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, GigabitEthernet0/0
L 10.1.1.2/32 is directly connected, GigabitEthernet0/0
S 192.168.0.0/20 [1/0] via 10.1.1.1
192.168.1.0/30 is subnetted, 1 subnets
S 192.168.1.0/30 [1/0] via 10.1.1.1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
S 192.168.2.0/28 [1/0] via 10.1.1.1
S 192.168.2.0/29 [1/0] via 10.1.1.1

An engineer is checking the routing table in the main router to identify the path to a server on the network. Which
route does the router use to reach the server at 192.168.2.2?
A. S 192.168.2.0/28 [1/0] via 10.1.1.1
B. S 192.168.1.0/30(1/0] via 10.1.1.1
C. S 192.168.0.0/20 [1/0] via 10.1.1.1
D. S 192.168.2.0/29 [1/0] via 10.1.1.1
Question 75 Refer to the exhibit.

{
"myCar": {
"name": "thunder",
"wheels": ["good", "good", "pressureLow", "warning"],
"gasLight": false
},
"oldCar": {
"name": "sleepy",
"wheels": ["pressureLow", "pressureLow", "pressureLow", "pressureLow"],
"color": "rust"
"gasLight": true
},
"newCar": {
"name": "lightning",
"wheels": ["pressureLow", "good", "pressureLow", "good"],
"color": "blue"
"gasLight": true
}
}

In which structure does the word “warning” directly reside?

A. array
B. object
C. Boolean
D. string
Question 76 Refer to the exhibit.

After applying this configuration to router R1, a network engineer is verifying the implementation. If all links are
operating normally, and the engineer sends a series of packets from PC1 to PC3, how are the packets routed?
A. They are routed to 172.16.20.2.
B. They are distributed sent round robin to interfaces S0/0/0 and S0/0/1.
C. They are routed to 192.168.100.2.
D. They are routed to 10.0.0.2.
Question 77
A network administrator plans an update to the Wi-Fi networks in multiple branch offices. Each location is
configured with an SSID called “Office”. The administrator wants every user who connects to the SSID at any
location to have the same access level. What must be set the same on each network to meet the requirement?
A. radio policy
B. security policies
C. NAS-ID configuration
D. profile name
Question 78 Refer to the exhibit.
Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet while
using 209.165.202.129 for Port Address Translation?
A. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0
access-list 10 permit 192.168.0.0 0.0.0.255
ip nat inside source list 10 pool CCNA overload
B. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255
access-list 10 permit 192.168.1.0 255.255.255.0
ip nat inside source list 10 pool CCNA overload
C. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0
access-list 10 permit 192.168.0.0 255.255.255.0
ip nat inside source list 10 pool CCNA overload
D. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255
access-list 10 permit 192.168.1.0 0.0.0.255
ip nat inside source list 10 pool CCNA overload

Question 79 Refer to the exhibit.

A multivendor network exists and the company is implementing VoIP over the network for the first time. Which
configuration is needed to implement the neighbor discovery protocol on the interface and allow it to remain off
for the remaining interfaces?
A. SW1(config)#no cdp enable
SW1 (config)#interface gigabitethernet1/0/1
SW1(config-if)#cdp run
B. SW1(config)#lldp enable
SW1(config)#interface gigabitethernet1/0/1
SW1(config-if)#lldp run
C. SW1(config)#lldp run
SW1 (config)#interface gigabitethernet1/0/1
SW1(config-if)#lldp enable
D. SW1(config)#no cdp run
SW1(config)#interface gigabitethernet1/0/1
SW1(config-if)#lldp transmit
SW1(config-if)#lldp receive
Question 80 A network architect is considering whether to implement Cisco DNA Center to deploy devices on a
new network. The organization is focused on reducing the time it currently takes to deploy devices in a traditional
campus design. For which reason would Cisco DNA Center be more appropriate than traditional management
options?
A. Cisco DNA Center provides zero-touch provisioning to third-party devices.
B. Cisco DNA Center supports deployment with a single pane of glass.
C. Cisco DNA Center minimizes the level of syslog output when reporting on Cisco devices.
D. Cisco DNA Center reduces the need for analytics on third-party access points and devices.
Question 81 How do TCP and UDP fit into a query-response model?
A. TCP avoids using sequencing, and UDP avoids using acknowledgments.
B. TCP uses error detection for packets, and UDP uses error recovery.
C. TCP establishes a connection prior to sending data, and UDP sends immediately.
D. TCP encourages out-of-order packet delivery, and UDP prevents re-ordering.

Question 82 Drag and drop the RF terms from the left onto the corresponding statements on the right.
Answer:
+ measure of the minimum power required to decode a radio signal without excessive errors: receiver sensitivity
+ deviation from the propagation path that occurs when a signal encounters an obstacle: reflection
+ reduction of energy in a signal as it travels away from the access point and encounters free space or
obstacles: absorption
+ measure of the total unwanted signals at the receiver: noise floor
+ relative power of the desired radio signal to unwanted signals at the receiver: signal-to-noise ratio
Question 83 Which interface type enables an application running on a client to send data over an IP network to a
server?
A. southbound interface
B. application programming interface
C. northbound interface
D. Representational State Transfer application programming interface
Question 84 Refer to the exhibit.

access-list 10 permit 10.0.0.0 0.0.0.255

interface Serial0
ip access-list 10 in

A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interface Serial0. What is
the effect of the configuration as the administrator applies the command?
A. The sourced traffic from IP range 10.0.0.0 – 10.0.0.255 is allowed on Serial0.
B. The permit command fails and returns an error code.
C. The router fails to apply the access list to the interface.
D. The router accepts all incoming traffic to Serial0 with the last octet of the source IP set to 0.

Question 85 Refer to the exhibit.

Gateway of last resort is 172.16.2.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.10.8.0/28 is directly connected, GigabitEthernet0/0/2
C 10.10.10.0/24 is directly connected, GigabitEthernet0/0/0
L 10.10.10.3/32 is directly connected, GigabitEthernet0/0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.16.1.33/32 is directly connected, GigabitEthernet0/0/1
C 172.16.2.0/23 is directly connected, GigabitEthernet0/0/1
L 172.16.2.1/32 is directly connected, GigabitEthernet0/0/1
S* 0.0.0.0/0 [1/0] via 172.16.2.2

A packet sourced from 10.10.10.1 is destined for 10.10.8.14. What is the subnet mask of the destination route?
A. 255.255.254.0
B. 255.255.255.240
C. 255.255.255.248
D. 255.255.255.252
Question 86 What are two reasons to implement IPv4 private addressing on a network? (Choose two)
A. to expand the routing table on the router
B. to facilitate renumbering when merging networks
C. to enable internal applications to treat the private IPv4 addresses as unique
D. to conserve global unique IPv4 addresses
E. to provide protection from external denial-of-service attacks
Question 87 Refer to the exhibit.

A guest WLAN must be created that prompts the client for a username and password on the local web page of the
WLC. Which two actions must be performed on the Layer 2 tab before enabling the Authentication option on the
Layer 3 tab? (Choose two)
A. Uncheck the MAC Filtering option check box.
B. Set the Security Type option to Personal.
C. Change the WPA Encryption option from TKIP to CCMP128(AES).
D. Set the Layer 2 Security option to None.
E. Uncheck the WPA Policy option check box, and check the WPA2 Policy option check box.
Question 88 Which script paradigm does Puppet use?
A. manifests and modules
B. strings and marionettes
C. recipes and cookbooks
D. playbooks and roles
Question 89 Which IPsec transport mode encrypts the IP header and the payload?
A. pipe
B. tunnel
C. control
D. transport
Question 90 What does WPA3 provide in wireless networking?
A. increased security and requirement of a complex configuration
B. backward compatibility with WPA and WPA2
C. optional Protected Management Frame negotiation
D. safeguards against brute force attacks with SAE
Question 91 Refer to the exhibit. With which metric does router R1 learn the route to host 172.16.0.202?

R1#show ip route | begin gateway

Gateway of last resort is 209.165.200.246 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 209.165.200.246, Serial0/1/0
is directly connected, Serial0/1/0
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
S 172.16.0.0/24 [1/0] via 207.165.200.250, Serial0/0/0
O 172.16.0.128/25 [110/32445] via 207.165.200.254, 00:00:33, Serial0/0/1
D 172.16.0.192/29 [90/3184439] via 207.165.200.254, 00:00:33, Serial0/0/1
207.165.200.0/24 is variably subnetted, 4 subnets, 2 masks
C 207.165.200.248/30 is directly connected, Serial0/0/0
L 207.165.200.249/32 is directly connected, Serial0/0/0
C 207.165.200.252/30 is directly connected, Serial0/0/1
L 207.165.200.253/32 is directly connected, Serial0/0/1

A. 0
B. 110
C. 32445
D. 3184439

Question 92 Which two actions are taken as the result of traffic policing? (Choose two)
A. bursting
B. fragmentation
C. dropping
D. remarking
E. buffering
Question 93 Refer to the exhibit.

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
S 10.0.0.0/8 is directly connected, GigabitEthernet0/0
C 10.1.1.0/24 is directly connected, GigabitEthernet0/0
L 10.1.1.1/32 is directly connected, GigabitEthernet0/0
S 10.10.0.0/22 is directly connected, GigabitEthernet0/0
S 10.10.10.0/28 is directly connected, GigabitEthernet0/0
S 10.10.10.1/32 is directly connected, GigabitEthernet0/0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0

Which IP route command created the best path for a packet destined for 10.10.10.3?
A. ip route 10.0.0.0 255.0.0.0 g0/0
B. ip route 10.10.10.1 255.255.255.255 g0/0
C. ip route 10.10.10.0 255.255.255.240 g0/0
D. ip route 10.10.0.0 255.255.252.0 g0/0
Question 94 A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are
caused by a legitimate autonomous AP. How must the alarms be stopped for the MAC address of the AP?
A. Place the AP into manual containment.
B. Remove the AP from WLC management.
C. Manually remove the AP from Pending state.
D. Set the AP Class Type to Friendly.
Question 95 Which security method is used to prevent man-in-the-middle attack?
A. authorization
B. authentication
C. anti-replay
D. accounting
PART 11
Question 1 What is the function of northbound API?
A. It upgrades software and restores files.
B. It relies on global provisioning and configuration.
C. It supports distributed processing for configuration.
D. It provides a path between an SDN controller and network applications.

Question 2 Drag and drop the wireless architecture benefits from the left onto the architecture types on the right.
Answer:
Split-MAC:
+ Work is divided between the access point and the controller
+ The access points transmit beacon frames
+ Uses the CAPWAP tunneling protocol
Autonomous:
+ Appropriate for a small-business environment
+ Supports per device configuration and management
Question 3 Drag and drop the Ansible terms from the left onto the right

Answer:
+ collection of actions to perform on target devices, expressed in YAML format: playbook
+ device with Ansible installed that manages target devices: control node
+ network device, without Ansible installed, upon which commands can be executed: managed node
+ specific action to be performed on one or more target devices: module
+ unit of Python code to be executed: task
+ Ansible file that defines the target devices upon which commands and tasks can be executed: inventory
Question 4 What is a purpose of traffic shaping?
A. It enables dynamic flow identification.
B. It enables policy-based routing.
C. It provides best-effort service.
D. It limits bandwidth usage.
Question 5 Drag and drop the characteristics of device-management technologies from the left onto the
corresponding deployment types on the right.

Answer:
Cisco DNA Center
+ orchestrates background device configuration
+ supports centralized software management
+ supports open APIs
Traditional
+ relies on per-device management
+ provides greater flexibility for custom and non-standard configurations
+ uses individual software management
Question 6 Which type of port is used to connect to the wired network when an autonomous AP maps two VLANs
to its WLANs?
A. LAG
B. EtherChannel
C. trunk
D. access
Question 7 Refer to the exhibit.

R1#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.2/24, Area 0
Process ID 1, Router ID 192.168.1.2, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
 Timer intervals configured, Hello 15, Dead 20, Wait 20, Retransmit 5
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0) /0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)

R2#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:11
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)

The network engineer is configuring router R2 as a replacement router on the network. After the initial
configuration is applied it is determined that R2 failed to show R1 as a neighbor. Which configuration must be
applied to R2 to complete the OSPF configuration and enable it to establish the neighbor relationship with R1?

Option A Option B

R2(config)#interface g0/0/0 R2(config)#router ospf 1

R2(config-if)#ip ospf hello-interval 15 R2(config-router)#router-id 192.168.1.2
R2(config-if)#ip ospf dead-interval 20

Option C Option D

R2(config)#router ospf 1 R2(config)#interface g0/0/0

R2(config-router)#network 192.168.1.0 255.255.255.0 area 2 R2(config-if)#ip ospf dead-interval 20
R2(config-router)#network 10.1.1.0 255.255.255.255 area 2

A. Option A
B. Option B
C. Option C
D. Option D
Question 8 What is a characteristics of a collapsed-core network topology?
A. It allows the core and distribution layers to run as a single combined layer.
B. It enables the core and access layers to connect to one logical distribution device over an EtherChannel.
C. It enables all workstations in a SOHO environment to connect on a single switch with internet access.
D. It allows wireless devices to connect directly to the core layer, which enables faster data transmission.
Question 9 What is the purpose of configuring different levels of syslog for different devices on the network?
A. to rate-limit messages for different severity levels from each device
B. to set the severity of syslog messages from each device
C. to identify the source from which each syslog message originated
D. to control the number of syslog messages from different devices that are stored locally
Question 10 Which interface enables communication between a program on the controller and a program on the
networking devices?
A. northbound interface
B. software virtual interface
C. southbound interface
D. tunnel interface
Question 11 Drag and drop the REST API call method for HTTP from the left onto the action they perform on the
right.

Answer:
+ creates a resource on the server: POST
+ reads data from the server: GET
+ removes a resource from the server: DELETE
+ updates an entry in the database: PUT
Question 12 What is the primary purpose of private address space?
A. conserve globally unique address space
B. simplify the addressing in the network
C. limit the number of nodes reachable via the Internet
D. reduce network complexity
Question 13 What is a reason to configure a trunk port that connects to a WLC distribution port?
A. Eliminate redundancy with a link failure in the data path.
B. Allow multiple VLAN to be used in the data path.
C. Provide redundancy if there is a link failure for out-of-band management.
D. Permit multiple VLANs to provide out-of-band management.
Question 14 Refer to the exhibit.

Traffic from R1 to the 10.10.2.0/24 subnet uses 192.168.1.2 as its next hop. An network engineer wants to update
the R1 configuration so that traffic with destination 10.10.2.1 passes through router R3, and all other traffic to the
10.10.2.0/24 subnet passes through r2. Which command must be used?
A. ip route 10.10.2.1 255.255.255.255 192.168.1.4 115
B. ip route 10.10.2.0 255.255.255.0 192.168.1.4 100
C. ip route 10.10.2.0 255.255.255.0 192.168.1.4 115
D. ip route 10.10.2.1 255.255.255.255 192.168.1.4 100
Question 15 Which cipher is supported for wireless encryption only with the WPA2 standard?
A. AES256
B. AES
C. RC4
D. SHA
Question 16 Refer to the exhibit.

Entry #
1 192.168.10.0 255.255.254.0
2 192.168.10.0 255.255.255.192
3 192.168.10.0 255.255.0.0
4 192.168.10.0 255.255.224.0

Which entry is the longest prefix match for host IP address 192.168.10.5?
A. 1
B. 2
C. 3
D. 4
Question 17 Which two features introduced in SNMPv2 provides the ability to retrieve large amounts of data in
one request? (Choose two)
A. Get
B. GetNext
C. Set
D. GetBulk
E. Inform

Question 18 Refer to the exhibit.

router# show ip route

...
D 172.18.32.0/26 [90/25789217] via 10.1.1.1
R 172.18.32.0/24 [120/4] via 10.1.1.2
O 172.18.32.0/19 [110/229840] via 10.1.1.3
C 172.18.32.32/32 is directly connected, Loopback0
C 172.18.32.36/30 directly connected, GigabitEthernet0/0
L 172.18.32.37/32 is directly connected, GigabitEthernet0/0

A packet sourced from 172.18.33.2 is destined for 172.18.32.38. Where does the router forward the packet?
A. GigabitEthernet0/0
B. Loopback0
C. 10.1.1.1
D. 10.1.1.3
Question 19 Refer to the exhibit.

The Router1 routing table has multiple methods to reach 10.10.10.0/24 as shown. The default Administrative
Distance is used. Drag and drop the network conditions from the left onto the routing methods that Router1 uses
on the right.
Answer:
eBGP:
+ The static route and EIGRP are down
+ The static route and OSPF are down
EIGRP:
+ The static route and eBGP are down
Static:
+ All protocols are up
+ OSPF and eBGP are down
Question 20 Refer to the exhibit.

A newly configured PC fails to connect to the internet using TCP port 80 to www.cisco.com. Which setting must be
modified for the connection to work?
A. Subnet Mask
B. DNS Servers
C. Default Gateway
D. DHCP Server
Question 21 What does a switch do when it receives a frame whose destination MAC address is missing from the
MAC address table?
A. It floods the frame unchanged across all remaining ports in the incoming VLAN.
B. It appends the table with a static entry for the MAC and shuts down the port.
C. It updates the CAM table with the destination MAC address of the frame.
D. It changes the checksum of the frame to a value that indicates an invalid frame.
Question 22 Which enhancement is implemented in WPA3?
A. applies 802.1x authentication
B. uses TKIP
C. employs PKI to identify access points
D. protects against brute force attacks

Question 23 Which type of address is shared by routers in a HSRP implementation and used by hosts on the subnet
as their default gateway address?
A. multicast address
B. loopback IP address
C. virtual IP address
D. broadcast address
Question 24 What are two reasons a switch experiences frame flooding? (Choose two)
A. A defective patch cable is connected to the switch port
B. Topology changes are occurring within spanning-tree
C. An aged MAC table entry is causing excessive updates
D. Port-security is configured globally
E. The forwarding table has overflowed
Question 25 Why is TCP desired over UDP for application that require extensive error checking, such as HTTPS?
A. UDP operates without acknowledgments, and TCP sends an acknowledgment for every packet received.
B. UDP reliably guarantees delivery of all packets, and TCP drops packets under heavy load.
C. UDP uses flow control mechanisms for the delivery of packets, and TCP uses congestion control for efficient
packet delivery.
D. UDP uses sequencing data for packets to arrive in order, and TCP offers the capability to receive packets in
random order.
Question 26 To improve corporate security, an organization is planning to implement badge authentication to
limit access to the data center. Which element of a security program is being deployed?
A. user training
B. user awareness
C. vulnerability verification
D. physical access control
Question 27 Drag and drop the statement about AAA services from the left to the corresponding AAA services on
the right.
Answer:
Accounting
+ It records the duration of each connection
+ It supports User Access Reporting
Authorization
+ It restricts the CLI commands that a user is able to perform
+ It performs user validation via TACACS+
Question 28 The address block 192.168.32.0/24 must be subnetted into smaller networks. The engineer must
meet these requirements:
* Create 8 new subnets
* Each subnet must accommodate 30 hosts
* Interface VLAN 10 must use the last usable IP in the first new subnet
* A Layer 3 interface is used
Which configuration must be applied to the interface?
A. no switchport mode access
ip address 192.168.32.62 255.255.255.240
B. switchport
ip address 192.168.32.65 255.255.255.240
C. no switchport mode trunk
ip address 192.168.32.97 255.255.255.224
D. no switchport
ip address 192.168.32.30 255.255.255.224
Question 29 Refer to the exhibit.

How many JSON objects are presented?

A. 1
B. 2
C. 3
D. 4
Question 30 Refer to the exhibit.

PC1 regularly sends 1800 Mbps of traffic to the server. A network engineer needs to configure the EtherChannel to
disable Port Channel 1 between SW1 and SW2 when the Ge0/0 and Ge0/1 ports on SW2 go down. Which
configuration must the engineer apply to the switch?
A. SW2#configure terminal
SW2(config)# interface port-channel 1
SW2(config-if)#lacp port-priority 32000
B. SW2#configure terminal
SW2(config)#interface port-channel 1
SW2(config-if)#lacp max-bundle 2
C. SW2#configure terminal
SW2(config)#lacp system-priority 32000
D. SW2#configure terminal
SW2(config)#interface port-channel 1
SW2(config-if)#port-channel min-links 2
Question 31 Which IPv6 address range is suitable for anycast addresses for distributed services such DHCP or DNS?
A. FF00:1/12
B. 2001:db8:0234:ca3e::1/128
C. 2002:db84:3f37:ca98:be05:8/64
D. FE80::1/10
Question 32 Refer the exhibit.

R19#show int fa0/0

FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca02.7788.0000 (bia ca02.7788.0000)
Description: SALES_SUBNET
Internet address is 10.32.102.2/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (60 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops:
135298429
Queueing strategy: fifo
Output queue: 0/300 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
73310 packets input, 7101162 bytes
Received 73115 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
3927513096455 packets output, 14404034810952 bytes, 0 underruns
0 output errors, 11 collisions, 0 interface resets

What is the cause of poor performance on router R19?

A. excessive collisions
B. speed and duplex mismatch
C. port oversubscription
D. excessive CRC errors
Question 33 An engineer is configuring a switch port that is connected to a VoIP handset. Which command must
the engineer configure to enable port security with a manually assigned MAC address of abcd.abcd.abcd on voice
VLAN 4?
A. switchport port-security mac-address abcd.abcd.abcd
B. switchport port-security mac-address abcd.abcd.abcd vlan 4
C. switchport port-security mac-address sticky abcd.abcd.abcd vlan 4
D. switchport port-security mac-address abcd.abcd.abcd vlan voice
Question 34 Drag and drop the DNS commands from the left onto their effects on the right.
Answer:
+ enables host-to-IP-address translation: ip domain-lookup
+ adds an entry to the host table: ip host switch_1 192.168.0.1
+ displays address-mapping information: show hosts
+ specifies the IP address of the DNS server: ip name-server
+ completes the FQDN of the DNS server: ip domain-name
Question 35 How does encryption protect the wireless network?
A. via integrity checks to identify wireless forgery attacks in the frame
B. via specific ciphers to detect and prevent zero-day network attacks
C. via an algorithm to change wireless data so that only the access point and client understand it
D. via a policy to prevent unauthorized users from communicating on the wireless network

Question 36 Which device segregates a network into separate zones that have their own security policies?
A. IPS
B. firewall
C. access point
D. switch
Question 37 What is a specification for SSIDS?
A. They are a Cisco proprietary security feature.
B. They must include one number and one letter.
C. They define the VLAN on a switch.
D. They are case sensitive.
Question 38 Refer to the exhibit.
An engineer is configuring a new Cisco switch NewSW, to replace SW2. The details have been provided:
* Switches SW1 and SW2 are third-party devices without support for trunk ports
* The existing connections must be maintained between PC1 PC2 and PC3
* Allow the switch to pass traffic from future VLAN 10. Which configuration must be applied?

Option A
NewSW(config)#interface f0/0
NewSW(config-if)#switchport mode trunk
NewSW(config-if)#switchport trunk allowed vlan 2,10
NewSW(config-if)#switchport trunk native vlan 2
Option B
NewSW(config)#interface f0/0
NewSW(config-if)#switchport mode trunk
NewSW(config-if)#switchport trunk allowed vlan 10
NewSW(config-if)#switchport trunk native vlan 10

Option C
NewSW(config)#interface f0/0
NewSW(config-if)#switchport mode access
NewSW(config-if)#switchport trunk allowed vlan 2,10
NewSW(config-if)#switchport trunk native vlan 10
Option D
NewSW(config)#interface f0/0
NewSW(config-if)#switchport mode access
NewSW(config-if)#switchport trunk allowed vlan 2,10
NewSW(config-if)#switchport trunk native vlan 2

A. Option A
B. Option B
C. Option C
D. Option D
Question 39 What is a reason to implement IPv4 private addressing?
A. Reduce the risk of a network security breach
B. Comply with PCI regulations
C. Comply with local law
D. Reduce the size of the forwarding table on network routers
Question 40 Which is a fact related to FTP?
A. It uses block numbers to identify and mitigate data-transfer errors
B. It always operates without user authentication
C. It relies on the well-known UDP port 69.
D. It uses two separate connections for control and data traffic
Question 41 Which two protocols are used by an administrator for authentication and configuration on access
points? (Choose two)
A. Kerberos
B. 802.1Q
C. 802.1x
D. TACACS+
E. RADIUS
Question 42 Refer to the exhibit.

CPE1# show protocols e0/1

Ethernet0/1 is up, line protocol is up
Internet address is 10.0.12.2/24

CPE1#show ip access-list LAN

Standard IF access list LAN
10 permit 10.0.12.0, wildcard bits 0.0.0.255

CPE1# show ip nat translations

CPE1# show ip net statistics

Total active translations: 0 (0 static, 0 dynamic, 0 extended)

Peak translations: 0
Outside interfaces:
Inside interfaces:
Ethernet0/1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Funted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list LAN pool NATPOOL refcount 0
pool NATPOOL: netmask 255.255.255.0
start 198.51.100.11 end 198.51.100.20
type generic, total addresses 10, allocated 0 (0%), misses 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

What is the next step to complete the implementation for the partial NAT configuration shown?
A. Reconfigure the static NAT entries that overlap the NAT pool
B. Configure the NAT outside interface
C. Modify the access list for the internal network on e0/1
D. Apply the ACL to the pool configuration
Question 43 Which type of IPv4 address type helps to conserve the globally unique address classes?
A. multicast
B. private
C. loopback
D. public
Question 44 Drag and drop the IPv6 address types from the left onto their description on the right.

Answer:
+ multicast address used only locally within the site: FF05::23:becf:22:1111
+ address that is automatically created on a link when IPv6 is enabled on an interface: FE80::abcf:ffff:12de:3992
+ address that is prohibited from routing to the Internet: FD00:0000:0000:1a2d:a153:3992:a19d:ccca
+ address that is unique and reserved for documentation purposes: 2001:DB8::bced:1234:456d:aacc

Question 45 Drag and drop the wireless standards from the left onto the number of nonoverlapping channels they
support on the right.
Answer:
3 Non-Overlapping Channels:
+ 802.11b
+ 802.11g
+ 802.11n 2.4 GHz
23 Non-Overlapping Channels:
+ 802.11a
+ 802.11n 5 GHz
Question 46 Drag and drop the statements about AAA from the left onto the corresponding AAA services on the
right. Not all options are used.

Answer:
Authentication
+ It permits and denies login attempts
+ It supports local, PPP, RADIUS, and TACACS+ options
Authorization
+ It assigns per-user attributes
+ It restricts the CLI commands that a user is able to perform
Question 47 Drag and drop the cloud-computing components from the left onto the correct descriptions on the
right.
Answer:
+ The resource pool can expand quickly to meet demand: rapid elasticity
+ The consumer can choose when to start or stop using the service: on-demand self-service
+ The provider allocates CPU, memory, and disk from its shared compute resources to multiple
customers: resource pooling
+ The provider can bill the consumer in accordance with the level of usage: measured service
+ The service is available from many types of devices and networks: broad network access
Question 48 Refer to the exhibit.

EIGRP: 192.168.12.0/24
RIP: 192.168.12.0/27
OSPF: 192.168.12.0/28

How does the router manage traffic to 192.168.12.16?

A. It selects the RIP route because it has the longest prefix inclusive of the destination address.
B. It load-balances traffic between all three routes.
C. It chooses the OSPF route because it has the longest prefix inclusive of the destination address.
D. It chooses the EIGRP route because it has the lowest administrative distance.

Question 49 Drag and drop the VLAN port modes from the left onto the descriptions on the right.
Answer:
+ allows the port to belong to one VLAN when manually configured: static access
+ allows the port to be assigned automatically to one VLAN: dynamic access
+ allows the port to belong to one or more VLANs: trunk
+ allows the port to support a single VLAN across a service-provider network: tunnel
+ allows the port to communicate with others within the same community VLAN: private
Question 50 Refer to the exhibit.

CPE# show ipv6 route

IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, II - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
lA - LISP away, le - LISP extranet-policy, lp - LISP publications
ND ::/0 [2/0]
via FE80::A8BB:CCFF:FE00:200, Ethernet0/0
NDp 2001:DB8:1234:1::/64 [2/0]
via Ethernet0/0, directly connected
L 2001:DB8:1234:1:A8BB:CCFF:FE00:100/128 [0/0]
via Ethernet0/0, receive
C 2001:DB8:1234:2::/64 [0/0]
via Ethernet0/1, directly connected
L 2001:DB8:1234:2:A8BB:CCFF:FE00:110/128 [0/0]
via Ethernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
The administrator must configure a floating static default route that points to 2001:db8:1234:2::1 and replaces the
current default route only if it fails. Which command must the engineer configure on the CPE?
A. ipv6 route ::/0 2001:db8:1234:2::1 2
B. ipv6 route ::/0 2001:db8:1234:2::1 3
C. ipv6 route ::/128 2001:db8:1234:2::1 3
D. ipv6 route ::/0 2001:db8:1234:2::1 1
Question 51 What is the benefit of using private IPv4 addressing?
A. to provide reliable connectivity between like devices
B. to enable secure connectivity over the Internet
C. to shield internal network devices from external access
D. to be routable over an external network
Question 52 Which QoS feature drops traffic that exceeds the committed access rate?
A. weighted fair queuing
B. FIFO
C. shaping
D. policing
Question 53 Two switches have been implemented and all interfaces are at the default configuration level. A
trunk link must be implemented between two switches with these requirements:
+ using an industry-standard trunking protocol
+ permitting VLANs 1-10 and denying other VLANs
How must the interconnecting ports be configured?
A. switchport mode trunk
switchport trunk allowed vlans 1-10
switchport trunk native vlan 11
B. switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlans 1-10
C. switchport mode dynamic desirable
channel-group 1 mode desirable
switchport trunk encapsulation isl
switchport trunk allowed vlan except 11-4094
D. switchport mode dynamic
channel-protocol lacp
switchport trunk allowed vlans 1-10
Question 54 Refer to the exhibit.
A network engineer is configuring a WLAN to connect with the 172.16.10.0/24 network on VLAN 20. The engineer
wants to limit the number of devices that connect to the WLAN on the USERWL SSID to 125. Which configuration
must the engineer perform on the WLC?
A. In the WLAN configuration, set the Maximum Allowed Clients value to 125.
B. In the Advanced configuration, set the DTIM value to 125.
C. In the Controller IPv6 configuration, set the Throttle value to 125.
D. In the Management Software activation configuration, set the Clients value to 125.
Question 55 Why would a network administrator choose to implement automation in a network environment?
A. to centralize device information storage
B. to simplify the process of maintaining a consistent configuration state across all devices
C. to deploy the management plane separately from the rest of the network
D. to implement centralized user account management
Question 56 When deploying a new network that includes both Cisco and third-party network devices, which
redundancy protocol avoids the interruption of network traffic if the default gateway router fails?
A. FHRP
B. VRRP
C. HSRP
D. GLBP
Question 57 Refer to the exhibit.

A network administrator configures the CPE to provide internet access to the company headquarters. Traffic must
be load-balanced via ISP1 and ISP2 to ensure redundancy. Which two command sets must be configured on the
CPE router? (Choose two)
A. ip route 0.0.0.0 0.0.0.0 198.51.100.1
ip route 0.0.0.0 0.0.0.0 203.0.113.1 2
B. ip route 0.0.0.0 128.0.0.0 198.51.100.1
ip route 128.0.0.0 128.0.0.0 203.0.113.1
ip route 0.0.0.0 0.0.0.0 198.51.100.1
ip route 0.0.0.0 0.0.0.0 203.0.113.1
C. ip route 0.0.0.0 128.0.0.0 198.51.100.1
ip route 128.0.0.0 128.0.0.0 203.0.113.1
D. ip route 0.0.0.0 0.0.0.0 198.51.100.1 255
ip route 0.0.0.0 0.0.0.0 203.0.113.1 255
ip route 128.0.0.0 128.0.0.0 203.0.113.1
E. ip route 0.0.0.0 0.0.0.0 198.51.100.1
ip route 0.0.0.0 0.0.0.0 203.0.113.1
Question 58 Refer to the exhibit.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ip domain-name CC-Net.com
R1(config)#enable secret Passfornewuser
R1(config)#line vty 0 15
R1(config-line)#transport input ssh
R1(config-line)#login local

A network administrator is configuring a router for user access via SSH. The service-password
encryption command has been issued. The configuration must meet these requirements:
– Create the username as CCUser.
– Create the password as NA!2$cc.
– Encrypt the user password.
What must be configured to meet the requirements?
A. username CCUser password NA!2$cc
enable password level 5 NA!2$cc
B. username CCUser privilege 15 password NA!2$cc
enable secret 0 NA!2$cc
C. username CCUser secret NA!2$cc
D. username CCUser privilege 10 password NA!2$cc
Question 59 Refer to the exhibit.

An engineer must configure a static network route between two networks so that host A communicates with host
B. Drag and drop the commands from the left onto the routers where they must be configured on the right. Not all
commands are used.
Answer:
R1:
ip route 10.10.13.0 255.255.255.128 10.10.10.1
R2:
ip route 10.10.13.0 255.255.255.128 10.10.10.5
ip route 10.10.14.0 255.255.255.0 10.10.10.2
R3:
ip route 10.10.14.0 255.255.255.0 10.10.10.6
Question 60 Refer to the exhibit.

R1# show ip route | begin Gateway

Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Serial0/0/1
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.2.0/24 is directly connected, GigabitKthernet0/0
L 172.16.2.2/32 is directly connected, GigabitEthernet0/0
C 172.16.4.0/21 is directly connected, Serial0/0/1
L 172.16.8.2/26 is directly connected, Serial0/0/1

What is the subnet mask for route 172.16.4.0?

A. 255.255.255.192
B. 255.255.248.0
C. 255.255.254.0
D. 255.255.240.0
Question 61 Which interface or port on the WLC is the default for in-band device administration and
communications between the controller and access points?
A. virtual interface
B. management interface
C. console port
D. service port
Question 62 Refer to the exhibit.

The IPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address
must be used?
A. ipv6 address 2001:DB8:D8D2:1009:10A0:ABFF:FECC:1 eui-64
B. ipv6 address 2001:DB8:D8D2:1009:12A0:AB34:FFCC:1 eui-64
C. ipv6 address 2001:DB8:D8D2:1009:1230:ABFF:FECC:1 eui-64
D. ipv6 address 2001:DB8:D8D2:1009:4345:80FF:FF16:7 eui-64
Question 63 A company has each office using wireless access with multiple SSIDs while limiting roaming
capabilities, covering different locations on the internal office LAN, guest networks, and BYOD access for
employees. Which change must be enabled to improve the customer experience during SSID changes?
A. Assisted Roaming Prediction Optimization
B. Fast Transition
C. Neighbor List Dual Band
D. Fast SSID Change
Question 64 Refer to the exhibit.

The EtherChannel is configured with a speed of 1000 and duplex as full on both ends of channel group 1. What is
the next step to configure the channel on switch A to respond to but not initiate LACP communication?
A. interface range gigabitethernet0/0/0 -15
channel-group 1 mode desirable
B. interface range gigabitethernet0/0/0 -15
channel-group 1 mode on
C. interface port-channel 1
channel-group 1 mode auto
D. interface port-channel 1
channel-group 1 mode passive
Question 65 Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale
deployments? (Choose two)
A. IPsec remote access
B. site-to-site VPN
C. clientless VPN
D. GETVPN
E. DMVPN
Question 66 Refer to the exhibit.

{
"Test_Questions" : [
"Automation",
"Configuration",
],
"Test_Exam_Level" : [
"CCNA",
"CCNP",
],
"Test_Response" : [
"Correct",
"Incorrect",
]
}

How many arrays are present in the JSON data?

A. one
B. three
C. six
D. nine
Question 67 Refer to the exhibit.

Router1#show interface ethernet 1

Ethernet1 is up, line protocol is up
Hardware is Lance, address is 0010.7b36.Ibe8 (bia 0010.7b36.Ibe8)
Internet address is 10.100.48.240/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:06, output hang never
Last clearing of "show interface” counters never
Input queue: 1/75/1/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: random early detection(RED)
Output queue :0/40 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
7558065 packets input, 783768942 bytes, 1 no buffer
Received 8280963 broadcasts, 0 runts, 0 giants, 1 throttles
15 input errors, 14278 GRC, 0 frame, 0 overrun, 3 ignored
0 input packets with dribble condition detected
798092 packets output, 50280266 bytes, 0 underruns
0 output errors, 15000 collisions, 0 interface resets
0 babbles, 0 late collision, 179 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

An administrator received a call from a branch office regarding poor application performance hosted at the
headquarters. Ethernet 1 is connected between Router1 and the LAN switch. What identifies the issue?
A. There is a duplex mismatch.
B. The MTU is not set to the default value.
C. The link is over utilized.
D. The QoS policy is dropping traffic.
Question 68 Refer to the exhibit.

SW1#show etherchannel
Channel-group listing:
----------------------
Group: 2
--------
Group state = L2
Ports: 1 Maxports = 8
Port-channels: 1 Max Portchannels = 1
Protocol: PAGP
A network engineer updates the existing configuration on interface fastethernet1/1 switch SW1. It must establish
an EtherChannel by using the same group designation with another vendor switch. Which configuration must be
performed to complete the process?
A. interface port-channel 2
channel-group 2 mode desirable
B. interface fastethernet 1/1
channel-group 2 mode on
C. interface port-channel 2
channel-group 2 mode auto
D. interface fastethernet 1/1
channel-group 2 mode active
Question 69 Refer to the exhibit.

Local access for R4 must be established and these requirements must be met:
– Only Telnet access is allowed.
– The enable password must be stored securely.
– The enable password must be applied in plain text
– Full access to R4 must be permitted upon successful login
Which configuration script meets the requirements?

Option A Option B
! conf t
conf t !
! username test1 password testpass1
username test1 password testpass1 enable secret level 15 0 Test123
enable password level 1 7 Test123 !
! line vty 0 15
line vty 0 15 login local
accounting exec default transport input telnet
transport input all

Option C Option D
! !
config t config t
! !
username test1 password testpass1 username test1 password testpass1
enable secret level 1 0 Test123 enable password level 15 0 Test123
! !
 line vty 0 15 line vty 0 15
login authentication password Test123
password Test123 transport input all
transport input telnet

A. Option A
B. Option B
C. Option C
D. Option D
Question 70 A packet from a company’s branch office is destined to host 172.31.0.1 at headquarters. The sending
router has three possible matches in its routing table for the packet: prefixes 172.31.0.0/16, 172.31.0.0/24, and
172.31.0.0/25. How does the router handle the packet?
A. It sends the traffic via the default gateway 0.0.0.0/0.
B. It sends the traffic via prefix 172.31.0.0/16.
C. It sends the traffic via prefix 172.31.0.0/25.
D. It sends the traffic via prefix 172.31.0.0/24.
Question 71 Which action must be taken when password protection is implemented?
A. Store passwords as contacts on a mobile device with single-factor authentication.
B. Share passwords with senior IT management to ensure proper oversight.
C. Include special characters and make passwords as long as allowed.
D. Use less than eight characters in length when passwords are complex.
Question 72 When an access point is seeking to join a wireless LAN controller, which message is sent to the AP-
Manager interface?
A. DHCP request
B. DHCP discover
C. discovery response
D. discovery request
Question 73 What is a reason why an administrator would choose to implement an automated network
management approach?
A. Reduce inconsistencies in the network configuration.
B. Increase recurrent management costs.
C. Enable “box by box” configuration and deployment.
D. Decipher simple password policies.
Question 74 Which device separates networks by security domains?
A. access point
B. firewall
C. intrusion protection system
D. wireless controller
Question 75 Which two characteristics are representative of virtual machines (VMs)? (Choose two)
A. A VM on a hypervisor is automatically interconnected to other VMs.
B. A VM on an individual hypervisor shares resources equally.
C. Each VMs operating system depends on its hypervisor.
D. Each VM runs independently of any other VM in the same hypervisor.
E. multiple VMs operate on the same underlying hardware.
Question 76 Refer to the exhibit.
R7#
172.22.0.0/24 is subnetted, 1 subnets
D 172.22.49.0 [90/284160] via 10.81.22.2, 04:55:53, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 26 subnets, 5 masks
D EX 10.10.10.10/32 [170/35840] via 10.3.5.1, 04:55:55, FastEthernet0/1
D 10.9.1.0/30 [90/33280] via 10.3.5.1, 04:55:56, FastEthernet0/1
B 10.111.99.0/24 [20/0] via 10.6.25.2, 03:58:52
D 10.14.3.0/30 [90/30720] via 10.3.5.1, 04:55:58, FastEthernet0/1
C 10.9.4.0/30 is directly connected, FastEthernet1/0
B 10.100.100.0/24 [20/0] via 10.6.25.2, 03:58:53
D 10.0.1.0/30 [90/30720] via 10.3.5.1, 04:55:58, FastEthernet0/1
D EX 10.10.10.70/32 [170/1612801 via 10.3.5.1, 04:55:57, FastEthernet0/1
B 10.90.0.0/16 [200/0] via 0.0.0.0, 03:57:59, Null0
D EX 10.90.1.0/24 [170/158720] via 10.3.5.1, 04:55:57, FastEthernet0/1
D EX 10.90.2.0/24 [170/158720] via 10.3.5.1, 04:55:57, FastEthernet0/1
D 10.90.3.0/29 [90/161280] via 10.3.5.1, 02:46:03, FastEthernet0/1
D EX 10.90.3.0/24 [170/158720] via 10.3.5.1, 02:46:04, FastEthernet0/1
D EX 10.90.4.0/24 [170/158720] via 10.3.5.1, 04:55:59, FastEthernet0/1
D EX 10.90.5.0/24 [170/158720] via 10.3.5.1, 04:55:59, FastEthernet0/1
B* 0.0.0.0/0 [20/0] via 10.6.25.2, 02:22:38

According to the output, which parameter set is validated using the routing table of R7?
A. R7 is missing a gateway of last resort.
R7 is receiving routes that were redistributed from BGP
R7 will forward traffic destined to 10.90.8.0/24.
B. R7 is missing a gateway of last resort.
R7 is receiving routes that were redistributed in EIGRP
R7 will forward traffic destined to 10.90.8.0/24.
C. R7 has a gateway of last resort available.
R7 is receiving routes that were redistributed from BGP
R7 will drop traffic destined to 10.90.8.0/24
D. R7 has a gateway of last resort available.
R7 is receiving routes that were redistributed in EIGRP
R7 will drop traffic destined to 10.90.8.0/24.
Question 77 Refer to the exhibit.

Gateway of last resort is 172.16.2.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.10.10.0/24 is directly connected, GigabitEthernet0/0/0
L 10.10.10.3/32 is directly connected, GigabitEthernet0/0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.16.1.33/32 is directly connected, GigabitEthernet0/0/1
C 172.16.2.0/23 is directly connected, GigabitEthernet0/0/1
L 172.16.2.1/32 is directly connected, GigabitEthernet0/0/1
S* 0.0.0.0/0 [1/0] via 172.16.2.2

A packet sourced from 10.10.10.1 is destined for 172.16.3.254. What is the subnet mask of the destination route?
A. 0.0.0.0
B. 255.255.254.0
C. 255.255.255.0
D. 255.255.255.255
Question 78 What is the operating mode and role of a backup port on a shared LAN segment in Rapid PVST+?
A. blocking mode and provides an alternate path toward the designated bridge
B. listening mode and provides an alternate path toward the root bridge
C. forwarding mode and provides the lowest-cost path to the root bridge for each VLAN
D. learning mode and provides the shortest path toward the root bridge handling traffic away from the LAN
Question 79 Which DSCP per-hop forwarding behavior is divided into subclasses based on drop probability?
A. class-selector
B. assured
C. expedited
D. default
Question 80 What occurs when a switch receives a frame that has a destination that is an unknown MAC address?
A. The frame is flooded to all interfaces in the VLAN to which the frame belongs.
B. The frame is flooded to all interfaces in the switch.
C. The frame is discarded
D. The MAC address table of the switch is flushed
Question 81 Drag and drop the facts about wireless architectures from the left onto the types of access point on
the right. Not all options are used.
Answer:
Cloud-Based Access Point
+ managed from a Web-based dashboard
+ supports automatic deployment
Lightweight Access Point
+ configured and managed by a WLC
+ supports different operational modes
Question 82 SIP-based Call Admission Control must be configured in the Cisco WLC GUI. SIP call-snooping ports are
configured. Which two actions must be completed next? (Choose two)
A. Set the QoS level to silver or greater for voice traffic
B. Enable Media Session Snooping on the WLAN
C. Configure two different QoS roles for data and voice traffic
D. Set the QoS level to platinum for voice traffic
E. Enable traffic shaping for the LAN interface of the WLC
PART 12
Question 1 Drag and drop the SNMP components from the left onto the descriptions on the right.

Answer:
+ network node controlled by SNMP: managed device
+ collection of uniquely identifiable objects whose state can be interrogated over SNMP: MIB
+ system that runs monitoring applications and controls network nodes: NMS
+ SNMP component that captures and translates device and network data: agent
Question 2 Refer to the exhibit.

An engineer must configure a floating static route on an external EIGRP network. The destination subnet is the /29
on the LAN interface of R86. Which command must be executed on R14?
A. ip route 10.80.65.0 255.255.248.0 10.73.65.66 1
B. ip route 10.80.65.0 255.255.255.240 fa0/1 89
C. ip route 10.80.65.0 255.255.255.248 10.73.65.66 171
D. ip route 10.73.65.66 0.0.0.224 10.80.65.0 255
Question 3 Drag and drop the statements about device management from the left onto the corresponding types
on the right.

Answer:
Traditional Campus Device Management:
+ requires manual configuration of complex protocols
+ leverages Cisco Prime Infrastructure
+ lacks support for SDA
Cisco DNA Center:
+ reduces the workload for enterprise customers
+ uses algorithms to detect security threats
+ uses northbound APIs
Question 4 A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which
encryption cipher must be configured?
A. GCMP128
B. GCMP256
C. CCMP256
D. CCMP128
Question 5 What is the functionality of the Cisco DNA Center?
A. data center network policy controller
B. software-defined controller for automation of devices and services
C. console server that permits secure access to all network devices
D. IP address pool distribution scheduler
Question 6 Which IP header field is changed by a Cisco device when QoS marking is enabled?
A. Header Checksum
B. Type of Service
C. DSCP
D. ECN
Question 7 Refer to the exhibit.

An IPv6 address must be obtained automatically on the LAN interface on R1. Which command must be
implemented to accomplish the task?
A. ipv6 address 2001:db8:d8d2:1008:4358:23:1390::/64
B. ipv6 address fe80::/10
C. ipv6 address dhcp
D. ipv6 address autoconfig
Question 8 Refer to the exhibit.

Router-Y#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted

B 10.0.0.0/8 [1/0] via 10.224.1.2
B 10.27.150.224/27 [20/0] via 10.224.1.3, 1w6d
S 10.128.0.0/9 [1/0] via 10.224.1.3
B 10.224.0.0/11 [20/0] via 10.224.1.5, 5d18h
B 10.224.0.0/15 [20/0] via 10.224.1.4, 5d18h
C 10.223.0.0/24 is directly connected, GigabitEthernet0/1
C 10.224.0.0/24 is directly connected, GigabitEthernet0/0
B 10.226.34.0/24 [20/0] via 10.224.1.5, 5d18h

PC A is communicating with another device at IP address 10.227.225.255. Through which router does router Y
route the traffic?
A. router A
B. router B
C. router C
D. router D
Question 9 What are two protocols within the IPsec suite? (Choose two)
A. 3DES
B. AH
C. ESP
D. TLS
E. AES
Question 10 Drag and drop the IPv6 address type characteristics from the left to the right.

Answer:
Global Unicast Address
+ routable and reachable via the Internet
+ equivalent to public IPv4 addresses
Unique Local Address
+ addresses with prefix FC00::/7
+ addressing for exclusive use internally without Internet routing
Question 11 What are two benefits of private IPv4 addressing? (Choose two)
A. reuses addresses at multiple sites
B. provides external internet network connectivity
C. conserves globally unique address space
D. propagates routing information to WAN links
E. provides unlimited address ranges
Question 12 Refer to the exhibit.

Router R14 is in the process of being configured. Which configuration must be used to establish a host route to PC
10?
A. ip route 10.80.65.10 255.255.255.254 10.80.65.1
B. ip route 10.73.65.66 0.0.0.255 10.80.65.10
C. ip route 10.80.65.10 255.255.255.255 10.73.65.66
D. ip route 10.73.65.65 255.0.0.0 10.80.65.10
Question 13 Refer to the exhibit.

A static route must be configured on R86 to forward traffic for the 172.16.34.0/29 network, which resides on R14.
Which command must be used to fulfill the request?
A. ip route 172.16.34.0 255.255.255.248 10.73.65.65
B. ip route 172.16.34.0 255.255.255.224 10.73.65.66
C. ip route 10.73.65.65 255.255.255.248 172.16.34.0
D. ip route 172.16.34.0 0.0.0.7 10.73.65.64
Question 14 Refer to the exhibit.

The network engineer is configuring a new WLAN and is told to use a setup password for authentication instead of
the RADIUS servers. Which additional set of tasks must the engineer perform to complete the configuration?
A. Disable PMF
Enable PSK
Enable 802.1x
B. Select WPA Policy
Select WPA2 Policy
Enable FT PSK
C. Select WPA2 Policy
Disable PMF
Enable PSK
D. Select WPA Policy
Enable CCKM
Enable PSK
Question 15 Refer to the exhibit.

SW1#show run
Building configuration...
!
hostname SW1
!
ip domain-name test
!
username CCNA privilege 1 password 0 ciscol23
!
interface FastEthernet0/1
switchport access vlan 10
!
interface Vlan10
ip address 192.168.1.2 255.255.255.0
!
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet

SW1#show crypto key mypubkey rsa

% Key pair was generated at: 0:1:23 UTC Mar 1 2021
Key name: SW1.test

An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote
configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two)
A. SW1(config)#line vty 0 15
SW1(config-line)#transport input ssh
B. SW1(config)# crypto key generate rsa
C. SW1(config)# interface f0/1
SW1(config-if)# switch port mode trunk
D. SW1(config)#enable secret ccnaTest123
E. SW1(config)# username NEW secret R3mote123
Question 16 Refer to the exhibit.

Which two values does router R1 use to identify valid routes for the R3 loopback address 1.1.1.3/32? (Choose two)
A. lowest cost to reach the next hop
B. lowest administrative distance
C. lowest metric
D. highest metric
E. highest administrative distance
Question 17 Refer to the exhibit.

[
{"switch": "3750", "port": e2},
{"router": "2951", "port": e20},
{"switch": "3750", "port": e23}
]

What is represented by the word “switch” in line 2 of the JSON schema?

A. object
B. key
C. value
D. array
Question 18 Refer to the exhibit.

User traffic originating within site B is failing to reach an application hosted on IP address 192.168.0.10, which is
located within site A. What is determined by the routing table?
A. The traffic to 192.168.0.10 requires a static route to be configured in router1
B. The lack of a default route prevents delivery of the traffic
C. The default gateway for site B is configured incorrectly.
D. The traffic is blocked by an implicit deny in an ACL on router2.
Question 19 Which cable type must be used to interconnect one switch using 1000 BASE-SX GBIC modules and
another switch using 1000 BASE-SX SFP modules?
A. LC to LC
B. LC to SC
C. SC to SC
D. SC to ST
Question 20 Drag and drop the virtualization concepts from the left onto the matching statements on the right.

Answer:
+ An operating system instance that is decoupled from the server hardware: host operating system
+ Each core can run more than one process simultaneously: multithreading
+ Runs on a physical server, manages, and allocates the physical resources: hypervisor
+ The software that manages the basic functions of the physical hardware: virtual machine
+ The software that manages the basic functions of the virtual machine: guest operating system

Question 21 Which channel-group mode must be configured when multiple distribution switch interfaces
connected to a WLC are bundled?
A. channel-group mode active
B. channel-group mode on
C. channel-group mode desirable
D. channel-group mode passive

Question 22 Refer to the exhibit.

An engineer must translate the PC1 IP address to 10.199.77.100 and permit PC1 to ping the loopback 0 interface
on router R2. What command set must be used?

Option A Option B

R1# R1#
! !
interface Loopback0 interface Loopback0
ip address 10.1.1.1 255.255.255.255 ip address 10.1.1.1 255.255.255.255
! !
interface FastEthernet0/0 interface FastEthernet0/0
ip address 10.139.91.1 255.255.255.252 ip address 10.139.91.1 255.255.255.252
ip nat outside ip nat inside
ip virtual-reassembly in ip virtual-reassembly in
! !
interface FastEthernet1/0 interface FastEthernet1/0
ip address 172.16.29.1 255.255.255.0 ip address 172.16.29.1 255.255.255.0
ip nat inside ip nat outside
ip virtual-reassembly in ip virtual-reassembly in
! !
router eigrp 100 router eigrp 100
network 10.1.1.1 0.0.0.0 network 10.1.1.1 0.0.0.0
network 10.139.91.0 0.0.0.3 network 10.139.91.0 0.0.0.3
! !
ip nat inside source static 172.16.29.78 10.199.77.100 ip nat inside source static 10.199.77.100 172.16.29.78

R2# R2#
ip route 10.199.77.100 255.255.255.255 10.139.91.1 ip route 10.199.77.100 255.255.255.255 10.139.91.1

Option C Option D

R1# R1#
! !
interface Loopback0 interface Loopback0
ip address 10.1.1.1 255.255.255.255 ip address 10.1.1.1 255.255.255.255
! !
 interface FastEthernet0/0 interface FastEthernet0/0
ip address 10.139.91.1 255.255.255.252 ip address 10.139.91.1 255.255.255.252
ip nat outside ip nat outside
ip virtual-reassembly in ip virtual-reassembly in
! !
interface FastEthernet1/0 interface FastEthernet1/0
ip address 172.16.29.1 255.255.255.0 ip address 172.16.29.1 255.255.255.0
ip nat inside ip nat inside
ip virtual-reassembly in ip virtual-reassembly in
! !
router eigrp 100 router eigrp 100
network 10.1.1.1 0.0.0.0 network 10.1.1.1 0.0.0.0
network 10.139.91.0 0.0.0.3 network 10.139.91.0 0.0.0.3
! !
ip nat inside source static 172.16.29.78 10.199.77.100 ip nat inside source static 172.16.29.78 10.199.77.100

R2# R2#
ip route 172.16.29.78 255.255.255.255 10.139.91.1 ip route 172.16.29.78 255.255.255.255 10.139.91.1

A. Option A
B. Option B
C. Option C
D. Option D
Question 23 Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.

Answer:
TCP
+ used to reliably share files between devices
+ supports reliable data transmission
UDP
+ provides best-effort service
+ appropriate for streaming operations with minimal latency
Question 24 A network engineer must configure an interface with IP address 10.10.10.145 and a subnet mask
equivalent to 11111111.11111111.11111111.11111000. Which subnet mask must the engineer use?
A. /27
B. /28
C. /29
D. /30
Question 25 Which two server types support domain name to IP address resolution? (Choose two)
A. ESX host
B. web
C. resolver
D. authoritative
E. file transfer
Question 26 Refer to the exhibit.

The router R1 is in the process of being configured. Routers R2 and R3 are configured correctly for the new
environment. Which two commands must be configured on R1 for PC1 to communicate to all PCs on the
10.10.10.0/24 network? (Choose two)
A. ip route 10.10.10.8 255.255.255.248 g0/1
B. ip route 10.10.10.10 255.255.255.255 g0/1
C. ip route 10.10.10.0 255.255.255.248 192.168.2.2
D. ip route 10.10.10.0 255.255.255.0 192.168.2.3
E. ip route 10.10.10.10 255.255.255.255 192.168.2.2
Question 27 Which switching feature removes unused MAC addresses from the MAC address table, which allows
new MAC addresses to be added?
A. MAC move
B. MAC address aging
C. dynamic MAC address learning
D. MAC address auto purge
Question 28 Which two northbound APIs are found in a software-defined network? (Choose two)
A. SOAP
B. OpFlex
C. REST
D. NETCONF
E. OpenFlow
Question 29 What uses HTTP messages to transfer data to applications residing on different hosts?
A. REST
B. OpenStack
C. OpFlex
D. OpenFlow

Question 30 Refer to the exhibit.

What is the next-hop IP address for R2 so that PC2 reaches the application server via EIGRP?
A. 10.10.10.5
B. 192.168.20.1
C. 10.10.10.6
D. 192.168.30.1
Question 31 Drag and drop the configuration management terms from the left onto the descriptions on the right.
Not all terms are used.

Answer:
+ easy-to-manage deployment option that may lack scalability: agent
+ device hardware that runs without embedded management features: agentless
+ to automatically install or deploy a configuration or update: pull
+ daemon that determines when the central authority has updates available: provision
+ model in which the central server sends updates to nodes on an as-needed basis: push
Question 32 A switch is forwarding a frame out of all interfaces except the interface that received the frame. What
is the technical term for this process?
A. CDP
B. multicast
C. flooding
D. ARP
Question 33 What is a characteristic of RSA?
A. It uses preshared keys for encryption
B. It is an asymmetric encryption algorithm
C. It requires both sides to have identical keys for encryption
D. It is a symmetric decryption algorithm.
Question 34 Refer to the exhibit.

All interfaces are in the same VLAN. All switches are configured with the default STP priorities. During the STP
elections, which switch becomes the root bridge?
A. MDF-DC-3: 08:0E:18:1A:3C:9D
B. MDF-DC-4: 08:E0:19:A1:B3:19
C. MDF-DC-2: 08:0E:18:22:05:97
D. MDF-DC-1: 08:E0:43:78:24:50
Question 35 Which advantage does the network assurance capability of Cisco DNA Center provide over traditional
campus management?
A. Cisco DNA Center leverages YANG and NETCONF to assess the status of fabric and nonfabric devices, and
traditional campus management uses CLI exclusively
B. Cisco DNA Center correlates information from different management protocols to obtain insights, and
traditional campus management requires manual analysis
C. Cisco DNA Center automatically compares security postures among network devices, and traditional campus
management needs manual comparisons
D. Cisco DNA Center handles management tasks at the controller to reduce the load on infrastructure devices, and
traditional campus management uses the data backbone.
Question 36 Which signal frequency appears 60 times per minute?
A. 1 Hz signal
B. 1 GHz signal
C. 60 Hz signal
D. 60 GHz signal
Question 37 Which port type does a lightweight AP use to connect to the wired network when it is configured in
local mode?
A. access
B. trunk
C. EtherChannel
D. LAG

Question 38 Refer to the exhibit.

Cat9300-1# show interface g1/0/1 switchport

Name: Gi1/0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 321 (VLAN0321)
Administrative Native VLAN tagging: enabled
Trunking VLANs Enabled: 100,200,300
Pruning VLANs Enabled: 2-1001

A network administrator configures an interface on a new switch so that it connects to interface Gi1/0/1 on switch
Cat9300-1. Which configuration must be applied to the new interface?
A. switchport trunk encapsulation dot1q
switchport trunk native vlan 321
switchport trunk allowed vlan 100-300
B. switchport mode dynamic desirable
switchport trunk native vlan 321
switchport trunk allowed vlan 100,200,300
C. switchport nonegotiate
switchport access vlan 321
switchport trunk allowed vlan except 2-1001
D. switchport mode trunk
switchport trunk native vlan 321
switchport trunk allowed vlan 100,200,300
Question 39 What is the function of a controller in a software-defined network?
A. multicast replication at the hardware level
B. setting packet-handling policies
C. forwarding packets
D. fragmenting and reassembling packets
Question 40 A client experiences slow throughput from a server that is directly connected to the core switch in a
data center. A network engineer finds minimal latency on connections to the server, but data transfers are
unreliable, and the output of the show interfaces counters errors command shows a high FCS-Err count on the
interface that is connected to the server. What is the cause of the throughput issue?
A. high bandwidth usage
B. a physical cable fault
C. a speed mismatch
D. a cable that is too long

Question 41 Which component controls and distributes physical resources for each virtual machine?
A. physical enclosure
B. OS
C. hypervisor
D. CPU
Question 42 Which command enables HTTP access to the Cisco WLC?
A. config network secureweb enable
B. config certificate generate webadmin
C. config network webmode enable
D. config network telnet enable
Question 43 A network engineer must migrate a router loopback interface to the IPv6 address space. If the
current IPv4 address of the interface is 10.54.73.1/32, and the engineer configures IPv6 address
0:0:0:0:0:ffff:a36:4901, which prefix length must be used?
A. /64
B. /96
C. /124
D. /128
Question 44 What is the primary purpose of a console port on a Cisco WLC?
A. out-of-band management via an IP transport
B. out-of-band management via an asynchronous transport
C. in-band management via an asynchronous transport
D. in-band management via an IP transport
Question 45 Drag and drop the AAA features from the left onto the corresponding AAA security services on the
right. Not all options are used

Answer:
Authentication
+ It leverages a RADIUS server to grant user access to a reverse Telnet session
+ It verifies the user before granting access to the device
Authorization
+ It enables the device to allow user- or group-based access
+ It restricts the CLI commands that a user is able to perform
Question 46 What does the implementation of a first-hop redundancy protocol protect against on a network?
A. BGP neighbor flapping
B. default gateway failure
C. root-bridge loss
D. spanning-tree loops
Question 47 Refer to the exhibit.

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Null0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.0.12.0/24 is directly connected, GigabitEthernet0/1
L 10.0.12.1/32 is directly connected, GigabitEthernet0/1
C 10.0.13.0/24 is directly connected, GigabitEthernet0/2
L 10.0.13.1/32 is directly connected, GigabitEthernet0/2
C 10.0.14.0/24 is directly connected, GigabitEthernet0/3
L 10.0.14.1/32 is directly connected, GigabitEthernet0/3
D 192.168.0.0/16 [90/130816] via 10.0.13.3, 00:10:09, GigabitEthernet0/2
O 192.168.0.0/23 [110/2] via 10.0.14.4, 00:00:46, GigabitEthernet0/3
S 192.168.0.0/24 [100/0] via 10.0.12.2

Which interface is chosen to forward traffic to the host at 192.168.0.55?

A. GigabitEthernet0/1
B. Null0
C. GigabitEthernet0/3
D. GigabitEthernet0/2
Question 48 Refer to the exhibit.

SW_1 and SW_12 represent two companies that are merging. They use separate network vendors. The VLANs on
both sides have been migrated to share IP subnets. Which command sequence must be issued on both sides to join
the two companies and pass all VLANs between the companies?
A. switchport mode trunk
switchport trunk encapsulation dot1q
B. switchport mode trunk
switchport trunk allowed vlan all
switchport dot1q ethertype 0800
C. switchport mode dynamic desirable
switchport trunk allowed vlan all
switchport trunk native vlan 7
D. switchport dynamic auto
switchport nonegotiate
Question 49 A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet cable.
The neighbors are taking too long to become fully adjacent. Which command must be issued under the interface
configuration on each router to reduce the time required for the adjacency to reach the FULL state?
A. ip ospf priority 0
B. ip ospf network broadcast
C. ip ospf dead-interval 40
D. ip ospf network point-to-point
Question 50 Refer to the exhibit.

{
"Test_Questions" : [
"Automation",
"Configuration",
],
"Test__Exam_Level" : [
"CCNA",
"CCNP",
],
"Test_Response" : [
"Correct",
"Incorrect",
],
}

How many objects, keys, and JSON list values are present?
A. three objects, three keys, and two JSON list values
B. one object, three keys, and two JSON list values
C. three objects, two keys, and three JSON list values
D. one object, three keys, and three JSON list values
Question 51 What is a benefit of a point-to-point leased line?
A. full-mesh capability
B. flexibility of design
C. low cost
D. simplicity of configuration
Question 52 What are two differences between WPA2 and WPA3 wireless security? (Choose two)
A. WPA3 uses SAE for stronger protection than WPA2, which uses AES
B. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption
C. WPA3 uses AES for stronger protection than WPA2, which uses SAE
D. WPA3 uses AES for stronger protection than WPA2, which uses TKIP
E. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption
Question 53 Refer to the exhibit.
Each router must be configured with the last usable IP address in the subnet. Which configuration fulfills this
requirement?

Option A
R7#
interface FastEthernet1/0
ip address 10.88.31.126 255.255.255.192
R8#
interface FastEthernet0/0
ip address 10.19.63.95 255.255.255.192
R9#
interface FastEthernet1/1
ip address 10.23.98.159 255.255.255.248
Option B
R7#
interface FastEthernet1/0
ip address 10.88.31.126 255.255.255.240
R8#
interface FastEthernet0/0
ip address 10.19.63.94 255.255.255.192
R9#
interface FastEthernet1/1
ip address 10.23.98.158 255.255.255.248

Option C
R7#
interface FastEthernet1/0
ip address 10.88.31.127 255.255.255.240
R8#
interface FastEthernet0/0
ip address 10.19.63.95 255.255.255.192
R9#
interface FastEthernet1/1
ip address 10.23.98.159 255.255.255.248
Option D
R7#
interface FastEthernet1/0
ip address 10.88.31.127 255.255.255.192
R8#
interface FastEthernet0/0
ip address 10.19.63.95 255.255.255.240
R9#
interface FastEthernet1/1
ip address 10.23.98.159 255.255.255.224

A. Option A
B. Option B
C. Option C
D. Option D
Question 54 Refer to the exhibit.
A network engineer is updating the configuration on router R1 to connect a new branch office to the company
network. R2 has been configured correctly. Which command must the engineer configure so that devices at the
new site communicate with the main office?
A. ip route 172.25.25.1 255.255.255.255 g0/2
B. ip route 172.25.25.0 255.255.255.0 192.168.2.1
C. ip route 172.25.25.1 255.255.255.255 g0/1
D. ip route 172.25.25.0 255.255.255.0 192.168.2.2

Question 55 Which two transport layer protocols carry syslog messages? (Choose two)
A. TCP
B. UDP
C. ARP
D. RTP
E. IP
Question 56 Refer to the exhibit.

Gateway of last resort is 172.16.2.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

10.10.100.0/26 is directly connected, GigabitEthernet0/0/6
C 10.10.10.0/24 is directly connected, GigabitEthernet0/0/0
L 10.10.10.3/32 is directly connected, GigabitEthernet0/0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.16.1.33/32 is directly connected, GigabitEthernet0/0/1
C 172.16.2.0/23 is directly connected, GigabitEthernet0/0/1
L 172.16.2.1/32 is directly connected, GigabitEthernet0/0/1
S* 0.0.0.0/0 [1/0] via 172.16.2.2

A packet sourced from 10.10.10.32 is destined for the Internet. What is the administrative distance for the
destination route?
A. 0
B. 1
C. 2
D. 32
Question 57 When is the PUT method used within HTTP?
A. to update a DNS server
B. when a read-only operation is required
C. to display a web site
D. when a nonidempotent operation is needed
Question 58 What describes a northbound REST API for SDN?
A. network-element-facing interface for the control and data planes
B. application-facing interface for GET, POST, PUT, and DELETE methods
C. network-element-facing interface for GET, POST, PUT, and DELETE methods
D. application-facing interface for SNMP GET requests

Question 59 Refer to the exhibit.

SW1 supports connectivity for a lobby conference room and must be secured. The engineer must limit the
connectivity from PC1 to the SW1 and SW2 network. The MAC addresses allowed must be limited to two. Which
configuration secures the conference room connectivity?
A. interface gi1/0/15
switchport port-security
switchport port-security mac-address 0000.abcd.0004 vlan 100
B. interface gi1/0/15
switchport port-security mac-address 0000.abcd.0004 vlan 100
C. interface gi1/0/15
switchport port-security mac-address 0000.abcd.0004 vlan 100
interface switchport secure-mac limit 2
D. interface gi1/0/15
switchport port-security
switchport port-security maximum 2
Question 60 Refer to the exhibit.
R1# show ip route
Codes: C — connected, S — static, I — IGRP, R - RIP, M - mobile, B — BGP
D — EIGRP, EX - EIGRP external, O — OSPF, IA — OSPF inter area
N1 — OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 — OSPF external type 2, E — EGP
i — IS-IS, L1 - IS-IS level-1, L2 — IS-IS level-2, * — candidate default
U - per-user static route, o — ODR
Gateway of last resort is not set
C 172.16.0.0/16 is directly connected, Loopback0
172.16.0/16 is variably subnetted, 4 subnets, 2 masks
O 172.16.1.3/3 [110/100] via 192.168.7.40, 00:39:08, Serial0
C 172.16.1.0/24 is directly connected, Serial0
O 172.16.1.184/29 [110/5] via 192.168.7.35, 00:39:08, Serial0
O 172.16.3.0/24 [110/10] via 192.168.7.4, 00:39:08, GigabitEthernet 0/0
D 172.16.1.0/28 [90/10] via 192.168.7.7, 00:39:08, GigabitEthernet 0/0

Load-balanced traffic is coming in from the WAN destined to a host at 172.16.1.190. Which next-hop is used by the
router to forward the request?
A. 192.168.7.4
B. 192.168.7.7
C. 192.168.7.35
D. 192.168.7.40
Question 61 Refer to the exhibit.

R1#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.2/24, Area 0
Process ID 1, Router ID 192.168.1.2, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 15, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0) /0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)

R2#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 15, Dead 45, Wait 15, Retransmit 5
Hello due in 00:00:11
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)

The network engineer is configuring router R2 as a replacement router on the network. After the initial
configuration is applied it is determined that R2 failed to show R1 as a neighbor. Which configuration must be
applied to R2 to complete the OSPF configuration and enable it to establish the neighbor relationship with R1?

Option A Option B

R2(config)#interface g0/0/0 R2(config)#router ospf 1

R2(config-if)#ip ospf hello-interval 10 R2(config-router)#router-id 192.168.1.2

Option C Option D

R2(config)#router ospf 1 R2(config)#interface g0/0/0

R2(config-router)#network 192.168.1.0 255.255.255.0 area 2 R2(config-if)#ip ospf dead-interval 40

A. Option A
B. Option B
C. Option C
D. Option D
Question 62 Refer to the exhibit.

The DHCP server is configured with a DHCP pool for each of the subnets represented. Which command must be
configured on switch SW1 to allow DHCP clients on VLAN 10 to receive dynamic IP addresses from the DHCP
server?
A. SW1(config-if)#ip helper-address 192.168.10.2
B. SW1(config-if)#ip helper-address 192.168.20.1
C. SW1(config-if)#ip helper-address 192.168.20.2
D. SW1(config-if)#ip helper-address 192.168.10.1
Question 63 Drag and drop the DNS lookup commands from the left onto the functions on the right.

Answer:
+ enables DNS lookup on an individual interface: ip domain lookup source-interface
+ enables the DNS server on the device: ip dns server
+ identifies a DNS server to provide lookup services: ip name-server
+ specifies a sequence of domain names: ip domain list
+ specifies the default domain to append to unqualified host names: ip domain name
+ statically maps an IP address to a hostname: ip host
Question 64 Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.

Answer:
TCP
+ requires the client and the server to establish a connection before sending the packet
+ supports reliable data transmission
UDP
+ provides best-effort service
+ transmitted based on data contained in the packet without the need for a data channel
Question 65 Refer to the exhibit.

hostname CPE
service password-encryption
ip domain name ccna.cisco.com
ip name-server 198.51.100.210

crypto key generate rsa modulus 1024

username admin privilege 15 secret S0m3s3cr3t

line vty 0 4
transport input ssh
login local

An engineer executed the script and added commands that were not necessary for SSH and now must remove the
commands. Which two commands must be executed to correct the configuration? (Choose two)
A. no ip domain name ccna.cisco.com
B. no login local
C. no ip name-server 198.51.100.210
D. no service password-encryption
E. no hostname CPE
Question 66 Refer to the exhibit.
OSPF is running between site A and site B. Drag and drop the destination IPs from the left onto the network
segments used to reach the destination on the right.
Answer:
Internet
+ 10.10.10.16
+ 10.10.13.129
+ 10.10.100.128
Router1
+ 10.10.13.1
+ 10.10.13.150
Question 67 What is a reason to implement LAG on a Cisco WLC?
A. Enable the connected switch ports to use different Layer 2 configurations.
B. Increase the available throughput on the link.
C. Allow for stateful failover between WLCs.
D. Increase security by encrypting management frames.
Question 68 What are two port types used by a Cisco WLC for out-of-band management? (Choose two)
A. redundant
B. distribution system
C. service
D. management
E. console
Question 69 Drag and drop the statement about AAA services from the left to the corresponding AAA services on
the right.
Answer:
Accounting:
+ It records the duration of each connection.
+ It supports User Access Reporting.
Authentication:
+ It performs user validation via TACACS+.
+ It verifies “who you are”.

Question 70 Refer to the exhibit.

Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A network engineer must configure R1
with floating static route to serve as a backup route to network 192.168.23. Which command must the engineer
configure on R1?
A. ip route 192.168.23.0 255.255.255.255 192.168.13.3 121
B. ip route 192.168.23.0 255.255.255.0 192.168.13.3 100
C. ip route 192.168.23.0 255.255.255.0 192.168.13.3
D. ip route 192.168.23.0 255.255.255.0 192.168.13.3 121
Question 71 What are two facts that differentiate optical-fiber cabling from copper cabling? (Choose two)
A. It carries signals for longer distances.
B. It provides greater throughput options.
C. It carries electrical current further distances for PoE devices.
D. It is less expensive when purchasing patch cables.
E. It has a greater sensitivity to changes in temperature and moisture
Question 72 Why would VRRP be implemented when configuring a new subnet in a multivendor environment?
A. to ensure that the spanning-tree forwarding path to the gateway is loop-free
B. when a gateway protocol is required that supports more than two Cisco devices for redundancy
C. to interoperate normally with all vendors and provide additional security features for Cisco devices
D. to enable normal operations to continue after a member failure without requiring a change in a host ARP
cache
Question 73 What must a network administrator consider when deciding whether to configure a new wireless
network with APs in autonomous mode or APs running in cloud-based mode?
A. Autonomous mode APs are less dependent on an underlay but more complex to maintain than APs in cloud-
based mode
B. Autonomous mode APs are easy to deploy and automate than APs in cloud-based mode
C. Cloud-based mode APs are easy to deploy but harder to automate than APs in autonomous mode
D. Cloud-based mode APs rely on underlays and are more complex to maintain than APs in autonomous mode
Question 74 Under the CRUD model, which two HTTP methods support the UPDATE operation? (Choose two)
A. PUT
B. PATCH
C. DELETE
D. POST
E. GET

Question 75 What are two advantages of implementing a controller-based architecture instead of a traditional
network architecture? (Choose two)
A. It supports complex and high-scale IP addressing schemes.
B. It provides increased scalability and management options.
C. It allows for seamless connectivity to virtual machines.
D. It enables configuration task automation.
E. It increases security against denial-of-service attacks.
Question 76 Refer to the exhibit.

The switches are connected via a Cat5 Ethernet cable that was successfully tested. The interfaces are configured as
access ports and are both in a “down” status. What is the cause of this issue?
A. The switches are configured with incompatible duplex settings.
B. The speed settings on the switches are mismatched.
C. The distance between the two switches is not supported by Cat5.
D. The portfast command is missing from the configuration.
Question 77 A technician receives a report of network slowness and the issue has been isolated to the interface
FastEthernet0/13. What is the root cause of the issue?

FastEthernet0/13 is up, line protocol is up

Hardware is Fast Ethernet, address is 0001.4d27.66cd (bia 0001.4d27.66cd)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 250/255, txload 1/255, ndoad 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 18:52:43, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40,0 drops; input queue 0/75, 0 drops
5 minute input rate 12000 bits/sec, 6 packets/sec
5 minute output rate 24000 bits/sec, 6 packets/sec
14488019 packets input, 2441805322 bytes
Received 345346 broadcasts, 0 runts, 0 giants, 0 throttles
261028 input errors, 259429 CRC, 1599 frame, 0 overrun, 0 ignored
0 watchdog, 84207 multicast 0 input packets with dribble condition detected
19658279 packets output, 3529106068 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

A. physical errors
B. local buffer overload
C. duplicate IP addressing
D. err-disabled port on the far end
Question 78 A router received three destination prefixes: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. When
the show ip route command is executed, which output does it return?
A. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
O E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2
B. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
O E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1
O E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2
C. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
O E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0
D. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
O E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0
O E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1
O E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2
Question 79 Refer to the exhibit.

A network engineer configures the CCNA WLAN so that clients must reauthenticate hourly and to limit the number
of simultaneous connections to the WLAN to 10. Which two actions complete this configuration? (Choose two)
A. Set the Maximum Allowed Clients value to 10.
B. Enable the Client Exclusion option and set the value to 3600.
C. Set the Maximum Allowed Clients Per AP Radio value to 10.
D. Enable the Wi-Fi Direct Clients Policy option.
E. Enable the Enable Session Timeout option and set the value to 3600.
Question 80 Which state is bypassed in Rapid PVST+ when PortFast is enabled on a port?
A. discarding
B. learning
C. blocking
D. forwarding
Question 81 When a switch receives a frame from an unknown source MAC address, which action does the switch
take with the frame?
A. It floods the frame out all interfaces, including the interface it was received on.
B. It attempts to send the frame back to the source to ensure that the source MAC address is still available for
transmissions.
C. It sends the frame to ports within the CAM table identified with an unknown source MAC address.
D. It associate the source MAC address with the LAN port on which it was received and saves it to the MAC
address table.
Question 82 What is a function of a southbound API?
A. Automate configuration changes between a server and a switching fabric.
B. Manage flow control between an SDN controller and a switching fabric.
C. Use orchestration to provision a virtual server configuration from a web server.
D. Facilitate the information exchange between an SDN controller and application.
Question 83 Which interface condition is occurring in this output?
R25# show interface fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca02.7788.0000 (bia ca02.7788.0000)
Description: atlanta_subnet
Internet address is 10.32.102.2/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (60 sec)
Full-duplex, 100 Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/300 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
7331 packets input, 7101162 bytes
Received 267 broadcasts (0 IP multicasts)
1876 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
3927 packets output, 1440403 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

A. bad NIC
B. duplex mismatch
C. collisions
D. high throughput
Question 84 Which interface condition is occurring in this output?

R25# show interface fa0/0

FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca02.7788.0000 (bia ca02.7788.0000)
Description: singapore_subnet
Internet address is 10.32.102.2/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 255/255, rxload 255/255
Encapsulation ARPA, loopback not set
Keepalive set (60 sec)
Full-duplex, 100 Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/300 (size/max)
30 second input rate 225953751 bits/sec, 0 packets/sec
30 second output rate 232423817 bits/sec, 0 packets/sec
7331 packets input, 7101162 bytes
Received 267 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
3927 packets output, 1440403 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

A. bad NIC
B. duplex mismatch
C. collisions
D. high throughput
Question 85 The clients and DHCP server reside on different subnets. Which command must be used to forward
requests and replies between clients on the 10.10.0.1/24 subnet and the DHCP server at 192.166.10.1?
A. ip route 192.168.10.1
B. ip helper-address 192.168.10.1
C. ip dhcp address 192.168.10.1
D. ip default-gateway 192.168.10.1
Question 86 What is the PUT method within HTTP?
A. It replaces data at the destination.
B. It displays a web site.
C. It is a read-only operation.
D. It is a nonidempotent operation.
Question 87 Refer to the exhibit.

R1
interface GigabitEthernet0/1
ip address 192.168.12.1 255.255.255.128
no shutdown
router ospf 1
network 192.168.12.1 0.0.0.0 area 1

R2
interface GigabitEthernet0/1
ip address 192.168.12.2 255.255.255.128
no shutdown

A network engineer started to configure two directly-connected routers as shown. Which command sequence
must the engineer configure on R2 so that the two routers become OSPF neighbors?
A. interface GigabitEthernet0/1
ip ospf 1 area 0
B. interface GigabitEthernet0/1
ip ospf 1 area 1
C. router ospf 1
network 192.168.12.0 0.0.0.127 area 0
D. router ospf 1
network 192.168.12.1 0.0.0.0 area 1
Question 88 Refer to the exhibit.

R1# show ip route

Codes: C - connected, S - static, I - IGRP, R - rip, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.0.1.3/32 [110/100] via 10.0.1.100, 00:39:08, Serial0
C 10.0.1.0/24 is directly connected, Serial0
O 10.0.1.5/32 [110/5] via 10.0.1.50, 00:39:08, Gigabit Ethernet 0/0
D 10.0.1.4/32 [110/10] via 10.0.1.4, 00:39:08, Gigabit Ethernet 0/0

What does route 10.0.1.3/32 represent in the routing table?

A. all hosts in the 10.0.1.0 subnet
B. the source 10.0.1.100
C. a single destination address
D. the 10.0.0.0 network
Question 89 Refer to the exhibit.
A Cisco engineer creates a new WLAN called lantest. Which two actions must be performed so that only high-
speed 2.4-Ghz clients connect? (Choose two)
A. Enable the Status option.
B. Set the Interface/Interface Group(G) to an interface other than guest.
C. Set the Radio Policy option to 802.11g only.
D. Set the Radio Policy option to 802.11a only.
E. Enable the Broadcast SSID option.

Question 90 Refer to the exhibit.

Which two values does router R1 use to determine the best path to reach destinations in network 1.0.0.0/8?
(Choose two)
A. longest prefix match
B. lowest cost to reach the next hop
C. highest administrative distance
D. highest metric
E. lowest metric
Question 91 An engineer is configuring SSH version 2 exclusively on the R1 router. What is the minimum
configuration required to permit remote management using the cryptographic protocol?

Option A Option B

hostname R1 hostname R1
ip domain name cisco crypto key generate rsa general-keys modulus 1024
crypto key generate rsa general-keys modulus 1024 username cisco privilege 15 password 0 cisco123
username cisco privilege 15 password 0 cisco123 ip ssh version 2
ip ssh version 2 line vty 0 15
line vty 0 15 transport input all
transport input all login local
login local

Option C Option D

hostname R1 hostname R1
service password-encryption ip domain name cisco
crypto key generate rsa general-keys modulus 1024 crypto key generate rsa general-keys modulus 1024
username cisco privilege 15 password 0 cisco123 username cisco privilege 15 password 0 cisco123
ip ssh version 2 ip ssh version 2
line vty 0 15 line vty 0 15
transport input ssh transport input ssh
 login local login local

A. Option A
B. Option B
C. Option C
D. Option D
Question 92 Refer to the exhibit.

Configured routers IPv6 addresses:

Atlanta: New York: Washington:

S0/0/0: 2012::1/126 S0/0/0: 2012::2/126 S0/0/0: 2023::3/126
S0/0/1: 2013::1/126 S0/0/1: 2023::2/126 S0/0/1: 2013::3/126
Loopback1: 2000::1/128 Loopback2:2000::2/128 Loopback3: 2000::3/128

The New York router must be configured so that traffic to 2000::1 is sent primarily via the Atlanta site, with a
secondary path via Washington that has an administrative distance of 2. Which two commands must be configured
on the New York router? (Choose two)
A. ipv6 route 2000::1/128 2012::1 5
B. ipv6 route 2000::1/128 2023::2 5
C. ipv6 route 2000::1/128 2012::1
D. ipv6 route 2000::1/128 2023::3 2
E. ipv6 route 2000::1/128 2012::2
Question 93 Which interface condition is occurring in this output?

R19# show interface fa0/0

FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca02.7788.0000 (bia ca02.7788.0000)
Description: portland_subnet
Internet address is 10.32.102.2/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (60 sec)
Full-duplex, 100 Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/300 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
7331 packets input, 7101162 bytes
Received 267 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
3927 packets output, 1440403 bytes, 0 underruns
0 output errors, 139 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

A. queueing
B. duplex mismatch
C. collisions
D. high throughput
Question 94 A router has two static routes to the same destination network under the same OSPF process. How
does the router forward packets to the destination if the next-hop devices are different?
A. The router chooses the next hop with the lowest IP address.
B. The router load-balances traffic over all routes to the destination.
C. The router chooses the next hop with the lowest MAC address.
D. The router chooses the route with the oldest age.
Question 95 Which interface condition is occurring in this output?

R17# show interface fa0/0

FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca02.7788.0000 (bia ca02.7788.0000)
Description: chicago_subnet
Internet address is 10.32.102.2/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 255/255, rxload 255/255
Encapsulation ARPA, loopback not set
Keepalive set (60 sec)
Full-duplex, 100 Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/300 (size/max)
30 second input rate 201240151 bits/sec, 0 packets/sec
30 second output rate 228594263 bits/sec, 0 packets/sec
7331 packets input, 7101162 bytes
Received 267 broadcasts (0 IP multicasts)
1876 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
3927 packets output, 1440403 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

A. high throughput
B. queueing
C. bad NIC
D. broadcast storm
Question 96 Which property is shared by 10GBase-SR and 10GBase-LR interfaces?
A. Both use the multimode fiber type.
B. Both require UTP cable media for transmission.
C. Both use the single-mode fiber type.
D. Both require fiber cable media for transmission.
Question 97 A network engineer is upgrading a small data center to host several new applications, including
server backups that are expected to account for up to 90% of the bandwidth during peak times. The data center
connects to the MPLS network provider via a primary circuit and a secondary circuit. How does the engineer
inexpensively update the data center to avoid saturation of the primary circuit by traffic associated with the
backups?
A. Place the backup servers in a dedicated VLAN.
B. Configure a dedicated circuit for the backup traffic.
C. Assign traffic from the backup servers to a dedicated switch.
D. Advertise a more specific route for the backup traffic via the secondary circuit.
Question 98 Refer to the exhibit.

R1#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.2/24, Area 0
Process ID 1, Router ID 192.168.1.2, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Index 1/1, flood queue length 0
 Next 0x0(0) /0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)

R2#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 15, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:11
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)

The network engineer is configuring router R2 as a replacement router on the network. After the initial
configuration is applied it is determined that R2 failed to show R1 as a neighbor. Which configuration must be
applied to R2 to complete the OSPF configuration and enable it to establish the neighbor relationship with R1?

Option A Option B

R2(config)#interface g0/0/0 R2(config)#router ospf 1

R2(config-if)#ip ospf hello-interval 10 R2(config-router)#router-id 192.168.1.1

Option C Option D

R2(config)#router ospf 1 R2(config)#interface g0/0/0

R2(config-router)#network 192.168.1.0 255.255.255.0 area 2 R2(config-if)#ip ospf dead-interval 45

A. Option A
B. Option B
C. Option C
D. Option D
Question 99 What are two characteristics of a small office / home office connection environment? (Choose two)
A. It supports between 1 and 50 users.
B. It requires a core, distribution, and access layer architecture.
C. It supports between 50 and 100 users.
D. A router port connects to a broadband connection.
E. It requires 10Gb ports on all uplinks.
Question 100 Which syslog severity level is considered the most severe and results in the system being considered
unusable?
A. Critical
B. Emergency
C. Alert
D. Error
Question 101 Drag and drop the statements about AAA from the left onto the corresponding AAA services on the
right. Not all options are used.

Answer:
Accounting:
+ It records the amount of network resources consumed by the user
+ It tracks the services that a user is using
Authentication:
+ It permits and denies login attempts
+ It supports local, PPP, RADIUS, and TACACS+ options
Question 102 Which benefit does Cisco DNA Center provide over traditional campus management?
A. Cisco DNA Center leverages SNMPv3 for encrypted management, and traditional campus management uses
SNMPv2.
B. Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.
C. Cisco DNA Center automates SSH access for encrypted entry, and SSH is absent from traditional campus
management.
D. Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.
Question 103 Which interface condition is occurring in this output?

R25# show interface fa0/0

FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca02.7788.0000 (bia ca02.7788.0000)
Description: tokyo_subnet
Internet address is 10.32.102.2/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (60 sec)
Full-duplex, 100 Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 185/300 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
7331 packets input, 7101162 bytes
Received 267 broadcasts (0 IP multicasts)
1876 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
3927 packets output, 1440403 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

A. bad NIC
B. broadcast storm
C. queueing
D. duplex mismatch
Question 104 Drag and drop the characteristics of northbound APIs from the left onto any position on the right.
Not all characteristics are used.

Answer:
+ supports automation
+ communicates between the SDN controller and the application plane
+ supports network virtualization protocols
+ supports REST-based requirements
Question 105 What is the role of community strings in SNMP operations?
A. It serves as a sequence tag on SNMP traffic messages.
B. It serves as a password to protect access to MIB objects.
C. It passes the Active Directory username and password that are required for device access.
D. It translates alphanumeric MIB output values to numeric values.

Question 106 Drag and drop the statements about access-point modes from the left onto the corresponding
modes on the right.

Answer:
Monitor:
+ It enables enhanced RFID-tag location tracking.
+ It supports analytics for wireless performance testing
Sensor:
+ It supports real-time Wi-Fi client troubleshooting when network engineers are offsite
+ It provides air-quality data and interference detection across all enabled channels
Sniffer:
+ It captures and forwards packets on a specific wireless channel
+ It supports software that analyzes wireless frames on a remote device
Question 107 Refer to the exhibit.
Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2, 03:32:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2, 02:26:53
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2, 02:46:03
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.5, 00:00:12, GigabitEthernet0/1
O 10.10.13.144/28 [110/2] via 10.10.10.9, 00:01:57, GigabitEthernet0/2
O 10.10.13.160/29 [110/2] via 10.10.10.5, 00:00:12, GigabitEthernet0/1
O 10.10.13.208/29 [110/2] via 10.10.10.13, 00:01:57, GigabitEthernet0/3
S* 0.0.0.0/0 [1/0] via 10.10.11.2

Drag and drop the destination IPs from the left onto the paths to reach those destinations on the right.

Answer:
+ Router 2: 10.10.13.126
+ Router 3: 10.10.13.129
+ Router 4: 10.10.13.150
+ Router 5: 10.10.13.209
+ Internet cloud: 1.1.1.1
+ MPLS cloud: 209.165.200.30
Question 108 Drag and drop the IPv6 address descriptions from the left onto the IPv6 address types on the right.
Not all options are used.

Answer:
Unique Local Addresses
+ IPv6 addresses that begin with FD
+ may be used by multiple organizations at the same time
+ private IPv6 addresses
Link-Local Addresses
+ serve as next-hop addresses
+ unable to serve as destination addresses
Question 109 (similar to an old question)
How will Link Aggregation be implemented on a Cisco Wireless LAN Controller?
A. To pass client traffic, two or more ports must be configured
B. The EtherChannel must be configured in “mode active”
C. When enabled, the WLC bandwidth drops to 500 Mbps
D. One functional physical port is needed to pass client traffic
Question 110 (similar to an old question) Refer to the exhibit.

Switch(config)#hostname R1
R1(config)#interface FastEthernet0/1
R1(config-if)#no switchport
R1(config-if)#ip address 10.100.20.42 255.255.255.0
R1(config-if)#line vty 0 4
R1(config-line)#login

An engineer booted a new switch and applied this configuration via the console port. Which additional
configuration must be applied to allow administrators to authenticate directly to global configuration mode via
Telnet using a local username and password?
A.
R1(config)#username admin
R1(config-if)#line vty 0 4
R1(config-line)#password p@ss1234
B.
R1(config)#username admin
R1(config-if)#line vty 0 4
R1(config-line)#password p@ss1234
R1(config-line)#transport input telnet
C.
R1(config)#username admin secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local
R1(config)#enable secret p@ss1234
D.
R1(config)#username admin privilege 15 secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local

Question 111 What is the definition of backdoor malware?

A. malicious program that is used to launch other malicious programs
B. malicious code that infects a user machine and then uses that machine to send spam
C. malicious code with the main purpose of downloading other malicious code
D. malicious code that is installed onto a computer to allow access by an unauthorized user
Question 112 Refer to the exhibit.

Host A switch interface is configured in VLAN 2. Host D sends a unicast packet destined for the IP address of host A.

Sw1#show mac-address table

Mac Address Table
-----------------------------
Vlan Mac Address Type Ports
---- ----------- ------- ----
2 000c.859c.bb7b DYNAMIC e0/1
3 000c.85dc.bb7b DYNAMIC e0/1
2 0010.11dc.3e91 DYNAMIC e0/2
3 0010.11dC.3e91 DYNAMIC e0/2
2 0044.42d9.c693 DYNAMIC e0/3
Sw1#
What does the switch do when it receives the frame from host D?
A. It floods the frame out of every port except the source port.
B. It shuts down the source port and places It in err-disable mode.
C. It drops the frame from the MAC table of the switch.
D. It creates a broadcast storm.
Question 113 Which functionality is provided by the console connection on a Cisco WLC?
A. secure In-band connectivity for device administration
B. out-of-band management
C. HTTP-based GUI connectivity
D. unencrypted in-band connectivity for file transfers

Question 114 Refer to the exhibit.

R1# show ip route

C 1.0.0.0/8 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.10.10.3/32 [110/100] via 10.10.10.3, 00:39:08, Gigabitethernet0/3
C 10.10.10.0/24 is directly connected, Gigabitethernet0/0
O 10.10.10.2/32 [110/5] via 10.10.10.2, 00:39:08, Gigabitethernet0/2
R 10.10.10.4/32 [120/10] via 10.10.10.4, 00:39:08, Gigabitethernet0/4

Which next-hop IP address has the least desirable metric when sourced from R1?
A. 10.10.10.4
B. 10.10.10.2
C. 10.10.10.5
D. 10.10.10.3
Part 13
Question 1 Refer to the exhibit.
A new VLAN and switch are added to the network. A remote engineer configures OldSwitch and must ensure that
the configuration meets these requirements:
* accommodates current configured VLANs
* expands the range to include VLAN 20
* allows for IEEE standard support for virtual LANs
Which configuration on the NewSwitch side of the link meets these requirements?
A.
no switchport trunk encapsulation isl
switchport trunk encapsulation dot1q
switchport trunk allowed vlan add 20
B.
switchport nonnegotiate
no switchport trunk allowed vlan 5,10
switchport trunk allowed vlan 5,10,15,20
C.
no switchport mode trunk
switchport trunk encapsulation isl
switchport mode access vlan 20
D.
switchport mode dynamic
channel-group 1 mode active
switchport trunk allowed vlan 5,10,15,20
Question 2 Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Multicast
+ sends packets to a group address rather than a single address
+ has a unicast source sent to a group
Anycast
+ is used exclusively by a non-host device
+ is routed to the nearest interface that has the address

Question 3 Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Answer:
Global Unicast Address
+ enables aggregation of routing prefixes
+ is routable and reachable via the Internet
Multicast
+ provides one-to-many communications
+ has a unicast source sent to a group
Question 4 How does frame switching function on a switch?
A. forwards frames to a neighbor port using CDP
B. modifies frames that contain a known source VLAN
C. inspects and drops frames from unknown destinations
D. forwards known destinations to the destination port
Question 5 What is used as a solution for protecting an individual network endpoint from attack?
A. Router
B. Wireless controller
C. Anti software
D. Cisco DNA Center
Question 6 Refer to Exhibit.

An engineer is building a new Layer 2 LACP EtherChannel between SW1 and SW2. and they executed the given
show commands to verify the work. Which additional task must be performed so that the switches successfully
bundle the second member in the LACP port-channel?
A. Configure the switchport trunk allowed vlan 300 command on SW1 port-channel 1
B. Configure the switchport trunk allowed vlan 300 command on interface Fa0/2 on SW1
C. Configure the switchport trunk allowed vlan add 300 command on interface Fa0/2 on SW2
D. Configure the switchport trunk allowed vlan add 300 command on SW1 port-channel 1
Question 7 Which two HTTP methods are suitable for actions performed by REST-based APIs? (Choose two)
A. REMOVE
B. REDIRECT
C. POST
D. GET
E. POP
Question 8 What provides connection redundancy increased bandwidth and load sharing between a wireless LAN
controller and a Layer 2 switch?
A. VLAN trunking
B. tunneling
C. first hop redundancy
D. link aggregation
Question 9 Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Global Unicast Address
+ allows sites to be combined without address conflicts
+ is publicly routable in the same way as IPv4 addresses
Unique Local
+ provides for one-to-one communication
+ is a counterpart of private IPv4 addresses
Question 10 When the LAG configuration is updated on a Cisco WLC, which additional task must be performed
when changes are complete?
A. Flush all MAC addresses from the WLC
B. Re-associate the WLC with the access point.
C. Re-enable the WLC interfaces
D. Reboot the WLC

Question 11 Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and
automatically when edge devices or access circuits fail?
A. SLB
B. FHRP
C. VRRP
D. HSRP
Question 12 Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Answer:
Global Unicast Address
+ is publicly routable in the same way as IPv4 addresses
+ provides for one-to-one communication
Link-Local Address
+ serves as the next-hop addresses
+ required on all IPv6 devices
Question 13 What is an enhancement implemented in WPA3?
A. employs PKI and RADIUS to identify access points
B. applies 802.1x authentication and AES-128 encryption
C. uses TKIP and per-packet keying
D. defends against deauthentication and disassociation attacks
Question 14 What is a link-local all-nodes IPv6 multicast address?
A. ff02:0:0:0:0:0:0:1
B. 2004:31c:73d9:683e:255::
C. fffe:034:0dd:45d6:789e::
D. fe80:4433:034:0dd::2
Question 15 Refer to the exhibit.

GigabitEthernet1 it up, line protocol is up

Hardware it CSR vNIC, address it 5000.0004.0000 (bia 5000.0004.0000)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000MBps, link type is auto, media type it RJ45

Which format matches the Modified EUI-64 IPv6 interface address for the network 2001:db8::/64?
A. 2001:db8::5000:0004:5678:0090/64
B. 2001:db8:4425:5400:77ff:fe07:/64
C. 2001:db8::5000:00ff:fe04:0000/64
D. 2001:db8::5200:00ff:fe04:0000/64
Question 16 What are two disadvantages of a full-mesh topology? (Choose two)
A. It needs a high MTU between sites.
B. It has a high implementation cost.
C. It must have point-to-point communication.
D. It requires complex configuration.
E. It works only with BGP between sites.
Question 17 Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Global Unicast Address
+ provides for one-to-one communication
+ is routable and reachable via the Internet
Link-Local Address
+ confined to a single link
+ serves as the next-hop addresses
Question 18 How does MAC learning function on a switch?
A. broadcasts frames to all ports without queueing
B. adds unknown source MAC addresses to the address table
C. sends a retransmission request when a new frame is received
D. sends frames with unknown destinations to a multicast group
Question 19 What is the purpose of classifying network traffic in QoS?
A. services traffic according to its class
B. identifies the type of traffic that will receive a particular treatment
C. writes the class identifier of a packet to a dedicated field in the packet header
D. configures traffic-matching rules on network devices
Question 20 What is a benefit of using private IPv4 addressing?
A. Multiple companies can use the same addresses without conflicts.
B. Direct connectivity is provided to internal hosts from outside an enterprise network.
C. Communication to the internet is reachable without the use of NAT.
D. All external hosts are provided with secure communication to the Internet.
Question 21 What is the advantage of separating the control plane from the data plane within an SDN network?
A. decreases overall network complexity
B. limits data queries to the control plane
C. reduces cost
D. offloads the creation of virtual machines to the data plane
Question 22 Drag and drop the use cases for device-management technologies from the left onto the
corresponding.
Answer:
Cisco DNA Center
+ overlay and underlay configuration
+ routed access deployment
+ VXLAN and LISP configuration
Traditional
+ STP deployment
+ VLAN and HSRP configuration
+ configuration via console
Question 23 Why is a first-hop redundancy protocol implemented?
A. to protect against default gateway failures
B. to prevent loops in a network
C. to enable multiple switches to operate as a single unit
D. to provide load-sharing for a multilink segment
Question 24 Which WPA mode uses PSK authentication?
A. Local
B. Client
C. Enterprise
D. Personal

Question 25 Drag and drop the AAA features from the left onto the corresponding AAA security services on the
right. Not all options are used.
Answer:
Accounting
+ It records the amount of time for which a user accesses the network on a remote server
+ It uses TACACS+ to log the configuration commands entered by a network administrator
Authorization
+ It enables the device to allow user- or group-based access
+ It restricts the CLI commands that a user is able to perform
Question 26 What is a function of the core and distribution layers in a collapsed-core architecture?
A. The router must use IPv4 and IPv6 addresses at Layer 3.
B. The core and distribution layers are deployed on two different devices to enable failover.
C. The router can support HSRP for Layer 2 redundancy in an IPv6 network.
D. The router operates on a single device or a redundant pair.