Boson - Practice Exams
You enter the command: "ip arp inspection vlan 11" What additional command is required to enable DAI?
"ip arp inspection"
Which of the following IP address blocks are defined in RFC 1918 (2) - 192.168.0.0 /16 - 192.0.2.0 /24 - 172.16.0.0 /12 - 203.0.113.0 /24 - 198.51.100.0 /24
- 192.168.0.0 /16 - 172.16.0.0 /12 Reason: (RFC1918): 10.0.0.0 /8 172.16.0.0 /12 192.168.0.0 /16
You are configuring security on a new Guest LAN by using the WLC GUI. Which of the following security settings are you most likely to configure using the Layer 2 Security drop-down list box on the Layer 2 tab? (2) - VPN Passthrough - IPSec - 802.1X - Web authentication - CKIP
- 802.1X - CKIP
Which of the following statements is true regarding ACLs? - ACLs are processed from the most specific entry in the list to the least specific entry - ACLs are processed from the first entry in the list to the last entry - ACLs are processed from the last entry in the list to the first entry - ACLs are processed from the least specific entry in the list to the most specific entry
- ACLs are processed from the first entry in the list to the last entry
What is the benefit of a SDK (Software Dev Kit) as apart of DNA Center? - Network assurance for Cisco devices - East-West communications - Additional flexibility - Multi-factor authentication
- Additional flexibility
Which of the following statements are true regarding LLDP? (2) - An LLDP interface can be configured to receive LLDP messages but not transmit them - It is enabled by default on Cisco switches - It cannot be disabled at the interface level - It can convey VTP information - An LLDP interface can be configured to transmit LLDP messages but not receive them.
- An LLDP interface can be configured to receive LLDP messages but not transmit them. - An LLDP interface can be configured to transmit LLDP messages but not receive them.
Which of the following Cisco SDA components are typically located north of the DNA Center controller? (2) - Overlay network - Underlay network - Fabric - Applications - Scripts
- Applications - Scripts
You connect a new, unconfigured switch to an existing switch's F0/1 interface. This interface was previously connected to an end user's workstation. You notice that the F0/1 interface on the existing switch enters the error-disabled state. (2) Which of the following are the most likely causes of the problem? - BPDU guard is enabled on F0/1 - Loop guard is enabled on F0/1 - The interface on the new switch is a statically configured trunk port - PortFast is enabled on F0/1 - Root guard is enabled on F0/1
- BPDU guard is enabled on F0/1 - PortFast is enabled on F0/1
By default, EIGRP uses which of the following metrics (2): - Load - Bandwidth - Reliability - Delay
- Bandwidth - Delay
EIGRP uses which of the following metrics by default? - Bandwidth - Cost - Delay - Load - MTU - Reliability - Hop count
- Bandwidth - Delay
OSPF network where DR & BDR elections are performed (1)
- Broadcast
Which of the following are used by WPA2 to provide MICs and encryption (2) - GCMP - CCMP - TKIP - RC4 - AES
- CCMP - AES
VTP: A transparent does which of the following: - Creates, modifies, deletes VLANs - Synchronizes VTP information - Originates VTP advertisements - Forwards VTP advertisements - Stores VLAN information for NVRAM
- Creates, modifies, deletes VLANs - Forwards VTP advertisements - Stores VLAN information for NVRAM
Which of the following application layer protocols correspond with UDP (3): - DNS - DHCP - FTP - HTTP - SMTP - SNMP - TFTP
- DHCP - SNMP - TFTP
Which of the following application layer protocols correspond with both UDP & TCP (1): - DNS - DHCP - FTP - HTTP - SMTP - SNMP - TFTP
- DNS
Which of the following features are provided by IPSec? (2) - Data confidentiality - Broadcast packet encapsulation - Multicast packet encapsulation - Data integrity
- Data confidentiality - Data integrity
Which of the following are benefits of network automation (2): - Data models are formed to show command output that is processed by automation scripts - Data models are formalized and defined by a centralized controller - Data models are human-interpreted from the output of show commands - Data models are enhanced by APIs to provide only the most specific information - Aids in the reliable deployment of device configurations throughout an enterprise
- Data models are formalized and defined by a centralized controller - Aids in the reliable deployment of device configurations throughout an enterprise
What is the last step of the site-to-site IPSec encryption process? - Encapsulation: Sending device encapsulates the encrypted data and session key into a packet with a VPN header and a new IP header. These headers contain the source and destination information that is used to transport the encrypted data and session key over the tunnel. - Session Key: Sending device combines a session key (aka encryption key, shared key) with the data that is to be transported over the tunnel. It uses the session key to encrypt both the data and the key - Decrypt: Receiving device uses the same session key to decrypt the encrypted packet and session key - Send: The sending device sends the completed packet to the destination device at the other end of the tunnel, or site-to site VPN
- Decrypt: Receiving device uses the same session key to decrypt the encrypted packet and session key
VLAN Hopping: An attacker sends double-tagged 802.1Q frames over a trunk link. How can you prevent this? (3)
- Disabling DTP - Changing native VLAN - Configuring access ports
VTP: In order for VTP to work, what are the two requirements? (2)
- Domain name must match across all switches (Ex. lab.com) - VTP version must match across all switches (Ex. "vtp version 1" or "vtp version 2")
OSPF: Arrange the OSPF neighbor states in the correct order: - 2-Way - Down - Exchange - Exstart - Full - Init - Loading
- Down - Init - 2-Way - Exstart - Exchange - Loading - Full "Darling I Taste Some Extremely Large Farts"
In a controller-based network, the functions of which of the following protocols are most likely to be moved to a centralized controller? (2) - SNMP - SYSLOG - SSH - EIGRP - OSPF
- EIGRP - OSPF Network "decision making" logic is moved to a centralized controller.
Which of the following best describes an AP deployment that connects APs to a WLC that is housed within a switch stack? - Embedded AP deployment - Lightweight AP deployment - Autonomous AP deployment - Cloud-based AP deployment
- Embedded AP deployment
What is the 2nd step of the site-to-site IPSec encryption process? - Encapsulation: Sending device encapsulates the encrypted data and session key into a packet with a VPN header and a new IP header. These headers contain the source and destination information that is used to transport the encrypted data and session key over the tunnel. - Session Key: Sending device combines a session key (aka encryption key, shared key) with the data that is to be transported over the tunnel. It uses the session key to encrypt both the data and the key - Decrypt: Receiving device uses the same session key to decrypt the encrypted packet and session key - Send: The sending device sends the completed packet to the destination device at the other end of the tunnel, or site-to site VPN
- Encapsulation: Sending device encapsulates the encrypted data and session key into a packet with a VPN header and a new IP header. These headers contain the source and destination information that is used to transport the encrypted data and session key over the tunnel.
On which interfaces is the OSPF broadcast network type enabled by default? (2) - Frame Relay - HDLC - FDDI - Ethernet - PPP - X.25
- FDDI - Ethernet Note: Fiber Distributed Data Interface
Which of the following IPv6 address prefixes are not routable? (2) - FC00::/8 - FF02::/16 - FD00::/8 - FE80::/10 - 2000::/3 - FF05::/16
- FF02::/16 - FE80::/10 - Link-local multicast - Link-local unicast
Which of the following application layer protocols correspond with TCP (3): - DNS - DHCP - FTP - HTTP - SMTP - SNMP - TFTP
- FTP - HTTP - SMTP
Which of the following SNMP actions are used by an NMS to extract information from an SNMP agent? - Trap - Set - Get - Inform - GetNext
- Get - GetNext
Which of the following are valid HTTP verbs? (2) - Get - Push - Post - Update
- Get - Post
FHRP Protocols: Which of the two protocols cannot load balance? (2) - HSRP - GLBP - VRRP
- HSRP - VRRP
You issue the following command on your router: RouterA# show cdp neighbors Which of the following information will be displayed? (4) - Software version running on the neighboring device - Interface on RouterA that is connected to the neighboring device - Device ID of the neighboring device - Interface on the neighboring device that is connected to RouterA - IP address of the neighboring device - Capabilities and product number of the neighboring device
- Interface on RouterA that is connected to the neighboring device - Device ID of the neighboring device - Interface on the neighboring device that is connected to RouterA - Capabilities and product number of the neighboring device
Which of the following are characteristics of "controller-based" network? (2) - Intermediary between the business and the network - Integration of control and data plane - Separation of control and data plane - Routing protocols on local L3 devices
- Intermediary between the business and the network - Integration of control and data plane
You are trying to configure OSPF to perform equal-cost load balancing. Router1 should have eight equal-cost OSPF routes to the 192.168.102.0/24 network. However, only four OSPF routes exist. Which of the following should you do to perform equal-cost load balancing over all eight routes? - Issue the "maximum-paths 8" command - Configure EIGRP throughout the network - Configure the variance to a value of 8 - Issue the "ip ospf cost 1" command on all interfaces
- Issue the "maximum-paths 8" command Default maximum equal cost paths is 4 (this can be overridden using the command above).
Switch -- IP Phone -- PC Which of the following should you do to move the trust boundary to the IP phone? - Issue the "mls qos trust cos" command on the IP phone - Issue the "mls qos trust cos" command on the switch port connected to the IP phone - Issue the "switchport priority extend cos" command on the switch port connected to the IP phone - Issue the "switchport priority extend cos" command on the IP phone
- Issue the "mls qos trust cos" command on the switch port connected to the IP phone
Which of the following best describes a lightweight AP in bridge mode? - It is the default operating mode for a lightweight AP - It captures wireless traffic for analysis - It acts as a dedicated connection between two networks - It enables a failsafe if the CAPWAP connection goes down
- It acts as a dedicated connection between two networks
Which of the following devices cannot be connected to leaf nodes in the Cisco ACI architecture? - Spine nodes - APICs - Application servers - EPGs - Leaf nodes
- Leaf nodes
In a split-MAC deployment, which device is responsible for prioritizing packets and responding to beacon and probe requests? - Lightweight AP - Switch - Router - WLC
- Lightweight AP
Attacker generates towards of forged frames with intent to overwhelm the switches MAC table. This way the switch can no longer make intelligent forwarding decisions. What is this called? (2)
- MAC flooding attack - CAM overflow attack
WLC: Which of the following is used for in-band management interfaces. This interface is used for all Layer 2 LWAPP communications between the controller and the lightweight APs. In addition, it's used to communicate with other WLCs on the wireless network. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
- Management interface
OSPF: Routers are stuck in the "Loading" state. What could be the problem? (2)
- Mismatched MTU settings - Corrupted LSR packets
OSPF: A router is stuck in "ExStart" state. What should you check? (2)
- Mismatched MTU settings - Duplicate RIDs
OSPF: Routers are stuck in the "Exchange" state. What should you check? (2)
- Mismatched MTU settings - Duplicate RIDs
Which of the following applies to Cisco API Leaf Nodes (4): - Must connect to every leaf node - Must connect to every spine node - Cannot connect to a leaf node - Cannot connect to a spine node - Can connect to an APIC - Can connect to an EPG
- Must connect to every leaf node - Cannot connect to a leaf node - Can connect to an APIC - Can connect to an EPG
Which of the following applies to Cisco API Spine Nodes (2): - Must connect to every leaf node - Must connect to every spine node - Cannot connect to a leaf node - Cannot connect to a spine node - Can connect to an APIC - Can connect to an EPG
- Must connect to every leaf node - Must connect to every spine node
Name the terms below which are SBIs (4): - RESTCONF - OSGi - OnePK - OpenFlow - OpFlex - REST
- NETCONF - OnePK - OpenFlow - OpFlex
OSPF networks where DR & BDR elections are NOT performed (5) Note: "neighbor" command required to establish adjacencies
- Nonbroadcast - Point-To-Point - Point-To-Multipoint - Point-To-Multipoint Broadcast - Point-To-Multipoint Nonbroadcast
Which are true about APIs in SDN? - Southbound APIs primarily use SSH - Northbound is between applications and the controller - Southbound is between a controller and a network device - Northbound APIs primarily use SSH
- Northbound is between applications and the controller - Southbound is between a controller and a network device
Automation of network management likely causes (2): - OPEX (Operating Expense) to be reduced - CAPEX (Capital Expense) to be increased - CAPEX (Capital Expense) to be reduced - OPEX (Operating Expense) to be increased
- OPEX (Operating Expense) to be reduced - CAPEX (Capital Expense) to be increased
Name the terms below which are NBIs (2): - RESTCONF - OSGi - OnePK - OpenFlow - OpFlex - REST
- OSGi - REST
On RouterA, you administer the "default-information originate" command. Which of the following statements are true? (2) - OSPF will advertise RouterA's gateway of last resort - RouterA will become the OSPF ABR - OSPF will redistribute all of RouterAs directly connected routes - OSPF will summarize all of RouterA's directly connected routes - RouterA will become the OSPF ASBR
- OSPF will advertise RouterA's gateway of last resort - RouterA will become the OSPF ASBR
Which of the following are examples of southbound APIs? - OpFlex - OpenFlow - RESTCONF - OpenStack
- OpFlex - OpenFlow - RESTCONF - OpenStack Note: All of them are southbound APIs
Which of the following security threats can be mitigated with "User Awareness or Training"? - Pharming - Tailgating - Burglary - Social engineering - Brute-force attack
- Pharming - Social Engineering - Brute-force attack
SSH: You enter the "ip ssh time-out 60" command on an unconfigured router. What is the order you will receive the following errors: - Please define a domain-name first - Please create RSA keys to enable SSH - Please Please define a hostname other than Router
- Please create RSA keys to enable SSH - Please Please define a hostname other than Router - Please define a domain-name first
Which of the following APIs are typically used to enable communication between an SDN controller and the application plane? - NETCONF - REST - OpenFlow - OpFlex - OSGi - OnePK
- REST - OSGi
Which of the following statements about REST APIs are true? (2) - REST APIs encode data exclusively in XML format - REST APIs encode data either in XML format or JSON format - REST APIs encode data exclusively in JSON format - REST APIs are typically used to communicate with an SDN data plane -REST APIs are typically used to communicate with an SDN application plane
- REST APIs encode data either in XML format or JSON format - REST APIs are typically used to communicate with an SDN application plane.
Which of the following functions are performed by a WLC in a split-MAC deployment? (2) - Packet prioritization - Resource reservation - Encryption - Authentication - Beacon and probe response
- Resource reservation - Authentication
In a controller based network, the functions of which of the following protocols are least likely to be moved to a centralized controller? - OSPF - SSH - BGP - EIGRP - SNMP
- SSH - SNMP
What is the 3rd step of the site-to-site IPSec encryption process? - Encapsulation: Sending device encapsulates the encrypted data and session key into a packet with a VPN header and a new IP header. These headers contain the source and destination information that is used to transport the encrypted data and session key over the tunnel. - Session Key: Sending device combines a session key (aka encryption key, shared key) with the data that is to be transported over the tunnel. It uses the session key to encrypt both the data and the key - Decrypt: Receiving device uses the same session key to decrypt the encrypted packet and session key - Send: The sending device sends the completed packet to the destination device at the other end of the tunnel, or site-to site VPN
- Send: The sending device sends the completed packet to the destination device at the other end of the tunnel, or site-to site VPN
What is the 1st step of the site-to-site IPSec encryption process? - Encapsulation: Sending device encapsulates the encrypted data and session key into a packet with a VPN header and a new IP header. These headers contain the source and destination information that is used to transport the encrypted data and session key over the tunnel. - Session Key: Sending device combines a session key (aka encryption key, shared key) with the data that is to be transported over the tunnel. It uses the session key to encrypt both the data and the key - Decrypt: Receiving device uses the same session key to decrypt the encrypted packet and session key - Send: The sending device sends the completed packet to the destination device at the other end of the tunnel, or site-to site VPN
- Session Key: Sending device combines a session key (aka encryption key, shared key) with the data that is to be transported over the tunnel. It uses the session key to encrypt both the data and the key
VTP: A client does which of the following: - Creates, modifies, deletes VLANs - Synchronizes VTP information - Originates VTP advertisements - Forwards VTP advertisements - Stores VLAN information for NVRAM
- Synchronizes VTP information - Originates VTP advertisements - Forwards VTP advertisements
Which of the following statements best describe why WRED is useful for networks where the majority of traffic uses TCP? - TCP packets that are not dropped must be retransmitted - TCP packets must have priority over UPD packets. - TCP packets cannot arrive out of sequence. - TCP sources reduce traffic flow when congestion occurs. - TCP packets have large header sizes.
- TCP packets that are not dropped must be retransmitted - TCP sources reduce traffic flow when congestion occurs.
Which of the following security threats can be mitigated with "Physical Access Control"? - Pharming - Tailgating - Burglary - Social engineering - Brute-force attack
- Tailgating - Burglary
Arrange the Site-To-Site IPSec steps below in the correct order: - The destination device decrypts the data and the session key - The sending device encapsulates the encrypted data with new headers - The sending device encrypts the original packet and the session key - The sending device sends the encrypted packet to the destination device.
- The sending device encrypts the original packet and the session key - The sending device encapsulates the encrypted data with new headers - The sending device sends the encrypted packet to the destination device. - The destination device decrypts the data and the session key
The sending host on a site-to-site VPN that is constructed by using GRE with IPSec for transport encrypts a new packet. Which of the following steps occurs next? - The sending host adds a VPN header and an IP header - The sending host sends the packet to the destination - The receiving host decrypts the packet - The sending host adds the session key to the packet
- The sending host adds a VPN header and an IP header
Which of the following are used in the calculation of EIGRP metric weights? (2) - The sum of the segments delays - The average segment delay - The lowest segment bandwidth - The highest segment bandwidth
- The sum of the segment delays - The lowest segment bandwidth
You are configuring a normal WLAN by using the WLC GUI. You have configured the first three fields on the WLANs > New page. You now want to select a value from the ID drop-down list box. Which of the following are you configuring? - The unique ID on which the WLAN will operate - The type of WLAN you are attempting to create - Network name that wireless clients will use to connect to the WLAN - The WLANs configuration name that will be used elsewhere in the WLC GUI
- The unique ID on which the WLAN will operate
A REST API query returns the following output: { "id": 12345, "fname": "John", "lname": "doe", "group": { "role": "Receivables", "Read-only": [ "Accounting Folder", "Sales Folder" ] } } Which of the following statements is true? - The value of the group key is an array - The value of the id key is an array - The value of the fname key is equal to the lname key and its value. - The value of the role key is an object. - The value of the read-only key is a text value - The value of the lname key is a text value.
- The value of the lname key is a text value
Which of the following statements are true regarding dynamic interfaces on WLCs? (2) - Typically used for client data - User Defined - Used for maintenance purposes - Must be reachable by other WLCs - Typically used for management information
- Typically used for client data - User Defined
You are configuring security on a new Guest LAN by using the WLC GUI. Which of the following security settings are you most likely to configure using the Layer 3 Security drop-down list box on the Layer 3 tab? (2) - Web Passthrough - Static WEP - WPA + WPA2 - Web Authentication - 802.1X
- Web Passthrough - Web Authentication
On which of the interfaces is the OSPF nonbroadcast network type enabled by default? (2) - PPP - X.25 - FDDI - HDLC - Frame Relay - Ethernet
- X.25 - Frame Relay
Which of the following commands should you issue in order to encrypt the password that is required to access privilege level 7 on a router? - enable password 7 cisco - enable password level 7 cisco - enable secret 7 cisco - enable secret level 7 cisco
- enable secret level 7 cisco
An administrator issues the service password-encryption command on a Cisco router. Which of the following passwords will be encrypted on the router? - passwords configured by using the enable secret command only - passwords configured by using the password command only - passwords configured by using the enable password command only - passwords configured by any means along with any passwords configured in the future
- passwords configured by any means along with any passwords configured in the future
Which of the following commands should you issue in interface configuration mode on the Catalyst 2950 switch to make the IP phone trust the CoS priority of incoming data packets generated by the attached host? - switchport priority extend cos - mls qos trust extend - mls qos trust cos - switchport priority extend trust
- switchport priority extend trust
RFC 1918: What is the corresponding subnet mask (CIDR notation) for the private address block: 172.16.0.0
/12
RFC 1918: What is the corresponding subnet mask (CIDR notation) for the private address block: 192.168.0.0
/16
RFC 1918: What is the corresponding subnet mask (CIDR notation) for the private address block: 10.0.0.0
/8
Directly Connected What is the default administrative distance of this type of route?
0
VoIP: What is the default CoS value for traffic received from the host on the access port?
0
Which of the following CoS priority values does a Cisco IP phone assign to traffic receives from a host on its access port by default? - 7 - 0 - 5 - 3
0 Because voice traffic is vulnerable to degradation and deterioration.
SYSLOG: Arrange the logging keywords from 0-7 - Alerts - Critical - Debugging - Emergencies - Errors - Informational - Notifications - Warnings
0 - Emergencies 1 - Alerts 2 - Critical 3 - Errors 4 - Warnings 5 - Notifications 6 - Informational 7 - Debugging "Every Awesome Cisco Engineer Will Need Ice-cream Daily"
Which of the following is a valid HSRP version 1 virtual MAC address? - 0000.0C9F.F00A - 007.B400.0102 - 0000.0C07.AC0B - 0005.73A0.0FFF - 0000.5E00.0101
0000.0C07.AC0B
Which of the following is a valid HSRP version 2 virtual MAC address? - 0000.0C9F.F00A - 007.B400.0102 - 0000.0C07.AC0B - 0005.73A0.0FFF - 0000.5E00.0101
0000.0C9F.F00A
Which of the following MAC addresses represents an IP multicast address? FF-FF-FF-FF-FF-FF 00-00-0C-F0-F0-F0 01-00-5E-0F-0F-0F CF-00-00-00-00-00
01-00-5E-0F-0F-0F
You are configuring HSRP version 1 for a group of Layer 3 switches in your company's network. The HSRP group has a virtual MAC address of 0000.0C07.AC0B. Which part of the virtual MAC address identifies the HSRP group number? - AC - 0C - 00 - 07 - 0B
0B
Static Route What is the default administrative distance of this type of route?
1
You administer the network of a manufacturing plan in NY City. You want to install three 802.1b WAPs in the administrative offices. Which channels should you configure on three APs? - 1, 7, 13 - 1, 2, 3 - 1, 6, 11
1, 6, 11 These are nonoverlapping channels. Note: Channel 13 cannot be used in the US. Channels 1 - 13 can be used in Japan and Europe.
OSPF Broadcast & P2P: What is the default "Hello Timer"?
10 seconds
What percentage of wireless coverage overlap is considered appropriate to ensure that wireless clients do not lose connectivity when roaming from one AP to another? 40% - 50% 10% - 15% 20% - 35% 0% - 5% 50%+
10% - 15%
RFC 1918: What is the range for a Class A network block?
10.0.0.0 - 10.255.255.255
You configure OSPF on a router with the following loopback interfaces: Loopback0 10.10.10.10 Loopback1 5.5.5.5 Which address will get selected as the router ID?
10.10.10.10 "Highest" loopback interface.
What is the Administrative Distance of IGRP?
100
RouterA----------RouterB---------RouterC You are configuring OSPF Area 0 on all three routers in the exhibit above. The link between RouterA and RouterB is a FastEthernet link. The link between RouterB and RouterC is an Ethernet link. You have not yet modified any of the OSPF default settings. Which of the following will most likely be the cost of the OSPF path from RouterA to RouterC? - 1 - 11 - 30 - 20 - 24 - 64
11
OSPF What is the default administrative distance of this type of route?
110
IS-IS What is the default administrative distance of this type of route?
115
RIP What is the default administrative distance of this type of route?
120
LLDP: What is the default maximum amount of time the switch will retain LLDP information before discarding?
120 seconds Note: change using the "lldp holdtime" command.
RFC 1918: What is the range for a Class B network block?
172.16.0.0 - 172.31.255.255
Which of the following networks is not defined by RFC 1918? - 10.1.1.0 - 172.20.1.0 - 10.16.1.0 - 192.168.111.0 - 192.168.1.0 - 172.172.1.0
172.172.1.0
RFC 1918: What is the range for a Class C network block?
192.168.0.0 - 192.168.255.255
OSPF Neighbor State: The neighbor router replies to the Hello packet with a new Hello packet that contains the RID. In a "Broadcast" OSPF network, DR & BDR elections will take place after this state. - Down - Init - 2-Way
2-Way
What is the normal OSPF neighbor state for a router that is neither the DR nor the BDR? - Down - Exchange - Full - 2-Way - Loading
2-Way
eBGP What is the default administrative distance of this type of route?
20
What status code would you expect for a successful POST creation? - 101 - 201 - 301 - 401
201
VoIP: What is the default CoS value for Voice signaling packets?
3
LLDP: Update Frequency: _____ seconds Hold Timer: _____ seconds
30 seconds 120 seconds
LLDP: How often will a switch send out LLDP advertisements?
30 seconds Note: change using the "lldp timer" command.
How many static interfaces can a WLC have? - 0 - 3 - 4 - 5
4 - Management interface - AP manager interface - Virtual Interface - Service port interface
OSPF Broadcast & P2P: What is the default "Dead Timer"?
40 seconds
VoIP: What is the default CoS value for Voice Data packets?
5
CDP: Update Frequency: _____ seconds Hold Timer: _____ seconds
60 seconds 180 seconds
You enter the command: "enable password 7 password123" You get the error: "Invalid encrypted password: password123" Why did you receive this error?
7 specifies a "Hidden" password will follow. Must already be encrypted. Ex. enable password 7 08314D5D1A0E0A05165A5E57
You are configuring Layer 2 security on a WLAN by using the WLC GUI. You select WPA+WPA2 from the Layer 2 Security drop-down list box. You want to minimize the amount of time it takes an 802.1X client to roam between access points. Which of the following WPA2 key management methods should you select the "Auth Key Mgmt" drop-down list box? - CCKM - 802.1X + CCKM - PSK - 802.1X
802.1X + CCKM Cisco Centralized Key Management (CCKM)
Which of the following standards natively includes PortFast, UplinkFast, and BackboneFast? - 802.1D & 802.1s - 802.1D & 802.1w - 802.1D - 802.1s - 802.1w
802.1w
Internal EIGRP What is the default administrative distance of this type of route?
90
Which of the following examples best describes the SaaS service model? - A company moves all company-wide policy documents to an Internet-based virtual file system hosted by a service provider. - A company licenses an office suite, including email service, that is delivered to the end user through a web browser. - A company obtains a subscription to use a service provider's infrastructure, programming tools, and programming languages to develop and serve cloud-based applications. - A company hires a service provider to deliver cloud-based processing and storage that will house multiple virtual hosts configured in a variety of ways.
A company licenses an office suite, including email service, that is delivered to the end user through a web browser.
You've created the following ACLs and applied them to interface G0/0/0: access-list 100 deny ip 0.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.1.0 0.0.0.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 104 deny ip 192.168.0.0 0.0.255.255 any acecss-list 105 deny ip 224.0.0.0 15.255.255.255 any access-list 106 permit ip any 172.16.1.0 0.0.0.255 Which ACL number(s) will take effect on the interface?
ACL 106 When multiple ACLs that use the same protocol are applied to an interface, only the last ACL applied to the interface will affect traffic.
EIGRP: Metric used by neighboring router that is advertising to this device. Ex. 20
AD Advertised Distance
802.11 MAC Frame: FC -- DUR -- What is the next 3 components?
ADD1 -- ADD2 -- ADD3 Address: Conveys MAC address and BSSID information.
802.11 MAC Frame: FC -- DUR -- ADD1 -- ADD2 -- ADD3 -- SEQ -- What is the next component?
ADD4
Which of the following encryption standards is more secure? - RC4 - AES
AES
Which of the following is used by both WPA2 and WPA3 to provide encryption? - CCMP - RC4 - TKIP - AES - GCMP
AES
WLC: Once an interface has been configured the WLC uses this type of interface to listen for Layer 3 LWAPP (Lightweight Access Point Protocol) communications. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
AP manager interface
WLC: Which of the following WLC interfaces controls all Layer 3 communication between a WLC and a lightweight AP? - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
AP manager interface
Which of the following is a Cisco based data center technology that uses switches, categorized as spine and leaf nodes, to dynamically implement network application policies in response to application-level requirements. - EPG - API - APIC
API Cisco Application Centric Infrastructure
In the Cisco data center technology called API, which of the following are defined by network application policies and are implemented by spine leaf nodes? - EPG - APIC - ASIC
APIC Application Policy Infrastructure Controller
OSPF: This redistributes routes form other routing protocols into the OSPF domain. This would take place if you entered the "default-information originate" command. - ABR - BDR - ASBR - DR
ASBR
Which of the following is not a type of IEEE 802.11 control frame? - CTS - ATIM - ACK - RTS
ATIM
Which of the following HSRP routers has the highest priority? - Standby router - Master router - Backup router - Active router
Active router
Routing Table: Multiple routes to the same destination network 10.1.1.0 are received (All from a different routing protocol). What is used to determine route selection?
Administrative Distance.
EIGRP: The metric that the next-hop router has calculated. - Advertised Distance - Feasible Distance - Feasible Successor - Successor
Advertised Distance
You want to decrease the amount of time that it takes for switch ports on SwitchA to begin forwarding. PortFast is not configured on any of the switch ports on SwitchA. You issue the spanning-tree portfast default command from global configuration mode. Which of the ports on SwitchA will use PortFast? - All trunk ports - All access ports - All ports - No ports, because PortFast cannot be enabled globally
All access ports
RouterA receives routes to the following overlapping networks: 192.168.1.0/24 192.168.1.0/25 192.168.1.0/26 192.168.1.0/28 Each of the routes is received with a "different" routing protocol. Which of the following routes will RouterA install in the routing table? - The route with the longest prefix match - All of the routes - The route with the shortest prefix patch - The route with the lowest AD - The route with the highest AD
All of the routes
VTP: A server does which of the following: - Creates, modifies, deletes VLANs - Synchronizes VTP information - Originates VTP advertisements - Forwards VTP advertisements - Stores VLAN information for NVRAM
All: - Creates, modifies, deletes VLANs - Synchronizes VTP information - Originates VTP advertiseterm-48ments - Forwards VTP advertisements - Stores VLAN information for NVRAM
Automation: Which configuration management tool stores it's configurations in "playbooks" that are written in YAML? - Ansible - Puppet - Chef - Salt
Ansible
Automation: Which configuration management tool uses SSH to connect to remote hosts? - Ansible - Puppet - Chef - Salt
Ansible
Automation: Which plane is the component of a controller based network in which applications that are written to allow interaction with the centralized controller. These these applications are typically designed to improve network management efficiency through network automation. - Data plane - Control plane - Management plane - Application plane
Application Plane
What plane does a centralized controller connect by using a northbound API? Which Plane?
Application Plane
REST API: "read-only": [ "Accounting Folder", "Sales Folder" ] "read-only" key is an _______.
Array
Disables ports that erroneously receive BPDUs. This is applied to edge ports that have PortFast enabled. - BPDU guard - Root guard - Loop guard
BPDU guard
Which of the following should be enabled on ports that have been enabled with PortFast so that it can prevent a rogue switch from modifying the STP topology? - Root guard - Loop guard - BPDU guard
BPDU guard
WLC QoS: Which QoS option provides the lowest bandwidth (Typically for guest services). - Bronze - Silver - Gold - Platinum
Bronze
You have enabled LAG on a WLC that contains eight distribution system ports. Which of the following is true? - By default, LAG will be enabled on all eight ports. - By default, LAG will be enabled only on one physical port. - By default, LAG will aggregate all ports by using the LACP protocol. - By default, LAG will aggregate all ports by using PAgP protocol. - By default, LAG will cause each port to trunk independently of the others.
By default, LAG will be enabled on all eight ports.
Wireless Authentication: _______ is a key management method that allows you to roam between access points without performing a complete 802.1X authentication process again.
CCKM Cisco Centralized Key Management
Which of the following can convey VTP information? - CDP - LLDP
CDP
Automation: Which configuration management tool stores configurations in "cookbooks" written Ruby DSL? - Ansible - Puppet - Chef - Salt
Chef
Automation: Which configuration management tool uses HTTPS? - Ansible - Puppet - Chef - Salt
Chef
Enterprise management platform that is specifically built to support Cisco SDA. Abstracts the complexity of network configuration by implementing a centralized controller and GUI. This also supports many of the same traditional campus device management features that are supported by other Cisco management solutions. Typically interacted with using a browser based GUI. - Cisco Network Assistant - Cisco DNA Center - Cisco IOS 15 - Cisco PI
Cisco DNA Center
Which of the following Cisco management solutions supports Cisco SDA? - Cisco Network Assistant - Cisco PI - Cisco IOS 15 - Cisco DNA Center
Cisco DNA Center
Network device OS. Administrators typically interact with Cisco _____ by using a CLI. Access to the CLI can be accomplished by connecting through the console port, Telnet, SSH.
Cisco IOS
LAN management platform, not an enterprise management platform. Predates Cisco SDA. Free Java based desktop application that enables a LAN administrator to perform network operations, diagnose problems, and interact with network device by using a GUI. Typical installation supports the management of up to 80 devices.
Cisco Network Assistant
Which of the following Cisco management solutions is typically installed on a desktop workstation? - Cisco DNA Center - Cisco IOS 15 - Cisco PI - Cisco Network Assistant
Cisco Network Assistant
Management platform that does not support Software Defined Access (SDA). This is a traditional enterprise Cisco management platform that relies on a browser-based GUI to enable administrators to perform operations, diagnose, and interact with devices on the network. - Cisco Network Assistant - Cisco DNA Center - Cisco IOS 15 - Cisco PI
Cisco PI Prime Infrastructure
Which of the following is the Cisco enterprise management platform that does not support Cisco SDA? - Cisco Network Assistant - Cisco DNA Center - Cisco IOS 15 - Cisco PI
Cisco PI Prime Infrastructure
A Cisco developed means of building LANs by using policies of automation. - Cisco Network Assistant - Cisco SDA - Cisco DNA Center - Cisco IOS 15 - Cisco PI
Cisco SDA
Which of the following enables a Cisco Meraki AP to automatically configure itself when it is connected to a network? - Autonomous AP deployment - Lightweight AP deployment - Embedded AP deployment - Cloud-based AP deployment
Cloud-based AP deployment
Cisco Meraki AP provides wireless access by connecting to a centralized management system known as the Cisco Meraki _______.
Cloud. APs deployed at the access layer of the three-tier hierarchical network model contact the cloud in order to automatically configure themselves.
By default, a Cisco IP phone assigns a ____ priority value of 0 to traffic received from a host on its access port.
CoS Class Of Service
Which of the following best describes what occurs when a packet must be re-sent because of an interruption that occurs before the 64th byte has been transmitted? - Baby Giant - Jumbo Frame - Runt - Late Collision - Collision
Collision
- RTS (Ready-to-Send) - CTS (Clear-to-Send) - ACK (Acknowledgement) - PS Poll These are examples of _______ frames.
Control frames. Used to manage access to a wireless medium.
Automation: OSPF running on individual routers in a traditional network is an example of what? - Data plane - Control plane - Management plane - Application plane
Control plane
Automation: Which plane is responsible for the network decision making in both a controller based network & a traditional network? - Data plane - Control plane - Management plane - Application plane
Control plane
Which of the following is centralized on an SDN network? - Data plane - Control plane - Management plane - Application plane
Control plane
What is the metric used by IS-IS? - Bandwidth and delay - Hop count - Cost
Cost
802.11 MAC Frame: FC -- DUR -- ADD1 -- ADD2 -- ADD3 -- SEQ -- ADD4 What is the next component?
DATA Contains frame payload.
802.11 MAC Frame: FC -- What is the next component?
DUR Duration: Indicates transmission timers.
Ethernet Frame: Preamble --- SOF --- Destination MAC --- Source MAC --- Type field --- What is the next section? - Data - FCS
Data
Which of the following is a benefit of network automation? - Data models are formed from show command output that is processed by automation scripts - Data models are human-interpreted from the output of show commands - Data models are enhanced by APIs to provide only the most specific information. - Data models are formalized and defined by a centralized controller.
Data models are formalized and defined by a centralized controller.
Automation: L2 switches, L3 switches & end devices typically operate in which plane? - Data plane - Control plane - Management plane - Application plane
Data plane
Automation: Which plane deals with the following: - Encapsulation / Decapsulation of packets - Adding / Removing of trunk headers - MAC table - Routing tables (IP addresses) - Encryption - NAT - ACLs Answers: - Data plane - Control plane - Management plane - Application plane
Data plane
Ethernet Frame: Preamble --- SOF --- What is the next section? - Destination MAC - Data - Source MAC - FCS - Length
Destination MAC
ip route 10.1.1.0 255.255.255.0 f0/1 This is example of what type of route?
Directly Attached Static Route Only includes the interface.
WLC: User defined interfaces typically used for client data. These are called _______ interfaces.
Dynamic interfaces
WLC: In addition to four static interfaces, a WLC can contain up to 512 of this type of interface. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Dynamic interfaces
WLC: Which of the following interfaces are user defined and are typically used for wireless client data. These interfaces function similar to VLANs. You can use these interfaces to segment traffic on the WLC (up to 512 can be created). - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Dynamic interfaces
Which of the following support load balancing over unequal-cost paths? - OSPF - EIGRP - ISIS - BGP
EIGRP
You administer a router that contains five routes to the same network: a static route, a RIPv2 route, an IGRP route, an OSPF route, and an internal EIGRP route. The default ADs are used. The link to the static route has just failed. Which of the following routes will be used? - EIGRP - RIPv2 & EIGRP - RIPv2 - OSPF - IGRP
EIGRP
You have enabled LAG on a WLC that contains eight distributions system ports. How many ports will be included in the LAG bundle by default? - Four - One - None - Eight
Eight
"spanning-tree portfast default" What is the function of this command?
Enables PortFast globally.
You receive the following output: 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up What is the severity level of this SYSLOG message? - Informational - Notifications - Warnings - Errors - Alerts
Errors 0 - Emergencies 1 - Alerts 2 - Critical 3 - Errors 4 - Warnings 5 - Notifications 6 - Informational 7 - Debugging
OSPF Neighbor State: After DR and BDR are elected, neighbor routers form master-slave relationships in order to establish the method for exchanging link state information. - Down - Init - 2-Way - Exstart - Exchange
ExStart
OSPF Neighbor States: Routers exchange DBD packets. These DBD packets contain LSA headers that describe the contents of the Link State Database (LSDB). - Down - Init - 2-Way - Exstart - Exchange - Loading - Full
Exchange
Which of the following fields in an 802.11 MAC frame is used to indicate whether the frame is a management frame? - DUR - FC - FCS - SEQ
FC
802.11 MAC Frame: What is the 1st component?
FC Frame Control: Identifies the type of 802.11 frame (2 bytes).
Ethernet Frame: Preamble --- SOF --- Destination MAC --- Source MAC --- Type field --- Data --- What is the last field?
FCS
802.11 MAC Frame: FC -- DUR -- ADD1 -- ADD2 -- ADD3 -- SEQ -- ADD4 -- DATA -- What is the next component?
FCS Contains CRC. Determines if frame was corrupted in transit.
EIGRP: The ___ is the metric to a neighbor router plus that neighbor router's AD (Advertised Distance) to the destination network.
FD Feasible Distance
Total metric to get to the destination. Ex. 20 + 5 + 5 = 30
FD Feasible Distance
Which of the following multicast addresses are non-routable: FF01::/16 (Node Local) FF02::/16 (Link Local) FF05::/16 (Site Local) FF08::/16 (Organization local) FF0E::/16 (Global)
FF02::/16 (Link Local)
Which of the following IPv6 addresses is a link-local multicast address that is used to send a packet to all routers on a segment? - FF02::2 - FF02::1 - FF05::2 - FF05::1
FF02::2
Congestion management method, not a congestion avoidance method. Basic queuing method that offers no packet prioritization or congestion avoidance. Packets are processed in the order they are received without any regard to their IP precedence. - RED - WFQ - FIFO - WRED
FIFO
Is the entirety of the overlay network and the underlay network. - Overlay - Underlay - Northbound API - Fabric - Southbound API
Fabric
Wireless: FlexConnect ACLs can be configured with a per-rule direction (True/False)
False A FlexConnect ACL is applied in the ingress or egress direction as an entire set of rules, not on a per-rule basis.
Wireless: FlexConnect ACLs are NOT supported on the Native VLAN (True/False)
False FlexConnect ACLs are supported on the native VLAN.
Wireless: FlexConnect ACLs do NOT support the implicit deny rule, unlike traditional ACLs (True/False)
False FlexConnect ACLs do support the implicit deny rule.
The management plane is centralized on an SDN network (True/False)
False Management plane is NOT centralized
The application plane is centralized on an SDN network (True/False)
False The application plane is NOT centralized.
EIGRP: The best metric along a path. - Advertised Distance - Feasible Distance - Feasible Successor - Successor
Feasible Distance
EIGRP: A backup path that is guaranteed to be loop-free. - Advertised Distance - Feasible Distance - Feasible Successor - Successor
Feasible Successor
EIGRP: Second best entry in the topology table.
Feasible Successor
Wireless: You want to prevent administration of the WLAN from a particular VLAN. What feature can you leverage on the AP?
Flex Connect ACLs
A LAP operating in ________ mode enables failsafe if the CAPWAP connection goes down. Does not provide BSS. Enables LAP to switch traffic between a given SSID and a given VLAN. - Bridge Mode - FlexConnect mode - Sniffer mode - Local mode
FlexConnect
APs operating in ______________ mode enables a failsafe for if the CAPWAP tunnel to the WLC goes down.
FlexConnect
Switch Frame: What does a switch do if the destination MAC does not appear in it's CAM table?
Floods the frame out all interfaces (except for the originating interface).
OSPF Neighbor States: DR & BDR are fully synchronized. A router will periodically send Hello packets to its neighbors to indicate that it is still functional. - Down - Init - 2-Way - Exstart - Exchange - Loading - Full
Full
ip route 10.1.1.0 255.255.255.0 f0/1 172.1.1.1 This is example of what type of route?
Fully Specified Static Route Includes both the interface and next hop address.
Which of the following is a Cisco-proprietary FHRP that elects an AVG and up to four primary AVFs? AVG: Active Virtual Gateway AVF: Active Virtual Forwarders - HSRP - GLBP - VRRP - LACP
GLBP
FHRP Protocols: Which of the following elects an AVG (Active Virtual Gateway) and up to four primary AVFs (Active Virtual Forwarders). This provides Layer 3 gateway redundancy, such as failover and load balancing? - HSRP - GLBP - VRRP - LACP
GLBP Gateway Load Balancing Protocol
Because the focus of ______ is to transport many different protocols, it has very limited security features. By contrast, IPSec has strong data confidentiality and data integrity features, but it can transport only IP traffic. _____ over IPSec combines the best features of both protocols to securely transport any protocol over an IP network.
GRE
Which of the following technologies can you use to tunnel any Layer 3 protocol through an IP transport network? - PPPoA - PPPoE - GRE - IPSec
GRE
Acronym: GRE What is this acronym?
Generic Routing Encapsulation
Which of the following terms best describes an Ethernet frame that exceeds 1518 bytes and has bad FCS value? - Giant - Jumbo - Baby Giant - Runt
Giant
WLC QoS: Which QoS option prioritizes video traffic? - Bronze - Silver - Gold - Platinum
Gold
WLC: It is NOT possible to enable Layer 2 security on a _______ LAN.
Guest
FHRP Protocols: Which of the following protocols only elects an active router and a standby router (based on the priority value). The active router has the highest priority? - HSRP - GLBP - VRRP - LACP
HSRP
OSPF: If the "router-id" command has not been entered, OSPF will use the loopback interface with the highest/lowest IP address to assign it's RID?
Highest
SwitchA: VLAN 11 (Native) SwitchB: VLAN 111 (Native) Both of these switches are connected with a trunk port. Which of the following is true? - None of the hosts can ping each other - Hosts on VLAN 11 can ping VLAN 111
Hosts on VLAN 11 can ping VLAN 111 Reason: Packets are untagged between the two switches
Cloud: Which cloud service model offers the greatest degree of freedom by allowing the consumer to do the following: - Provision processing, memory, storage & network resources - Install applications, operating systems & applications
IaaS
Cloud: Company uses cloud service to host DNS & DHCP servers. This is an example of what type of cloud environment?
IaaS
Cloud: Company wants to establish a web server farm by configuring multiple LAMP servers. They resort to a cloud service to provide the physical hardware & bandwidth, but the company is still responsible for the OS, software & server configuration. This is an example of what type of cloud environment?
IaaS
Consumer installs applications, including the OS and custom applications. Cloud infrastructure remains in control of the service provider. - SaaS - PaaS - IaaS
IaaS
ACLs: Ensures that traffic that is not explicitly matched by a previous rule is denied. This is called the ________ _______ rule.
Implicit deny rule
OSPF Neighbor State: Router has sent Hello packets, but has not received any from the neighbor router with their RID. - Down - Init - 2-Way - Exstart - Exchange
Init
Which of the following statements is correct regarding an EIGRP feasible successor? - It has the lowest advertised distance - It has an advertised distance that is less than the feasible distance of the successor - It has the lowest feasible distance - It has an advertised distance that is greater than the feasible distance of the successor.
It has an advertised distance that is less than the feasible distance of the successor. Note: If the AD of a route is greater than the FD of the successor, the route cannot be guaranteed to be free of loops and cannot be chosen as a feasible successor.
Which of the following is true about this exhibit? { "ietf-interfaces:interface": { "name": "Loopback99", "type" "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "99.99.99.99", "netmask": "255.255.255.255" } ] } } } - XML plane text data - It is JSON plane text data - It is missing 1 curly bracket - It is missing 1 comma
It is JSON plane text data
Which of the following best describes a lightweight AP in local mode? - It enables a failsafe if the CAPWAP connection goes down - It is the default operating mode for a LAP - It acts as a dedicated connection between two network. - It captures wireless traffic for analysis.
It is the default operating mode for a LAP
Data modeling language that returns data in the form of an object that contains key value pairs. - XML - ACI - JSON - REST
JSON
In order for SSH to be enabled on a Cisco device, the device must be running a ___ IOS image, which provides cryptographic functionality.
K9
You want to install an IOS image on a router so that it will support SSH. Which of the following should you install? - Image with the Advanced IP Service package - NPE image - K9 image - Image with the Advanced Enterprise Services package - WAN image
K9 image
Which of the following entries from the "show ip route" command indicates a host route? L 192.168.1.1/32 is directly connected, F0/1 O 192.168.1.0/24 [110/2] via 10.1.1.3, F0/0 C 192.168.1.0/30 is directly connected, F0/0 S 192.168.1.0/24 [5/0] via 10.1.2.3 S* 0.0.0.0/0 [1/0] via F0/0 D 92.168.0.4/30 [90/2195456] via 192.168.0.18 F0/0
L 192.168.1.1/32 is directly connected, F0/1
EtherChannel: Active / Passive refers to which protocol?
LACP
FlexConnect ACLs are configured on __________s Hint: Acronym
LAP
OSPF Neighbor States: Routers then send LSR (link-state request) packets to request the contents of the neighbor router's OSPF database. The neighbor router replies with LSU (Link State Update) packets that contain the routing database information. - Down - Init - 2-Way - Exstart - Exchange - Loading - Full
Loading
A LAP operating in _______ mode is capable of providing multiple BSS on a single channel. In this mode, the LAP can connect to a WLC and can provide client connectivity.
Local
A Cisco lightweight AP operating in _______ mode provides BSS; it does not form a mesh when it is enabled on multiple APs. _________ mode is required to form a mesh when it is enabled on multiple APs. (2)
Local Mode Bridge Mode
Places inconsistent ports into the blocking state. It also prevents a switch port from transitioning to the forwarding state when it stops receiving BPDUs. - PortFast - BPDU guard - Root guard - Loop guard
Loop guard
Automation: Which of the planes allow the administrator to connect and manage a network device (Ex. Telnet, SSH, SNMP, SYSLOG)? - Data plane - Control plane - Management plane - Application plane
Management Plane
Automation: Which plane deals with the following: - Telnet - SSH - SNMP - SYSLOG Answers: - Data plane - Control plane - Management plane - Application plane
Management Plane
- Beacons - Probe requests - Probe responses - Association requests - Ruthentication responses - Deauthentications - Reassociation requests - Reassociation responses These are examples of __________ frames.
Management frames. Manage the connection between the AP and wireless client.
FHRP Protocols: AVG (Active Virtual Gateway) may also be referred to as the __________ router, depending on the protocol.
Master Router
Automation: Uses XML and RPC (Remote Procedure Calls) to configure network devices. XML is used for both data encoding and protocol messages. Typically relies on SSH for transport. - OnePK - OpenFlow - OpFlex - NETCONF
NETCONF
Automation: Which southbound API matches this description: Uses XML and RPCs to configure network devices. - NETCONF - OnePK - OpenFlow - OpFlex
NETCONF RPC: Remote Procedure Call (layer)
EIGRP keeps track of directly connected neighbors in the __________ ____________.
Neighbor Table
EIGRP: Directly connected routers are placed into the __________ table.
Neighbor table
An API provides data to an administrator from a centralized controller. Which type of network management techniques is being used? - An automation script - The issuing of show commands - The TFTP download of a startup configuration - Network Automation
Network Automation
Spine-Leaf Architecture: Are spine nodes supposed to connect to each other?
No Because spine node has a connection to every leaf node, the scalability of the fabric is limited by the number of ports on the spine node.
- OSGi (Java Open Services Gateway initiative) - REST (Representative State Transfer) These are examples of what?
Northbound API
Automation: A controller communicates with applications in the application plane by using ________ ____ such as REST or OSGi.
Northbound API
Enable an SDN controller to communicate with applications in the application plane.
Northbound API
Enables an SDN controller to communicate with an application in the application plane. - Overlay - Underlay - Northbound API - Fabric - Southbound API
Northbound API
Command: "ip ospf network non-broadcast" What is required to establish adjacencies on this type of OSPF network?
OSPF "neighbor" command. Ex. router ospf 1 neighbor 2.2.2.2
Automation: Cisco proprietary API. Uses Java, C, or Python to configure network devices. It can use either SSL or TLS to encrypt data in transit. - OnePK - OpenFlow - OpFlex - NETCONF
OnePK
Automation: Which southbound API matches this description: A Cisco proprietary API. - NETCONF - OnePK - OpenFlow - OpFlex
OnePK
HostA --------- --- R1 ---Internet --- WWW_server DNS ----------- A web browser on HostA sends an HTTP request to WWW_server. This is the first time HostA has ever sent a request to WWW_server. HostA does not use a hosts file. WIth which of the following does HostA establish TCP connectino in this scenario? - Only R1 & WWW_server - Only WWW_server - Only DNS & WWW_server - DNS, R1 & WWW_server
Only WWW_server
Which HSRP router or routers will use the HSRP virtual IP address and will respond to ARP requests with the HSRP virtual MAC address? - Only the active router and the standby router - Only the standby router - All HSRP routers in a group - Only the active router
Only the active router
Automation: Uses declarative SDN model in which the instructions that are sent to the controller are not so detailed. The controller allows the devices in the data plane to make more network decisions about how to implement the policy. - OnePK - OpenFlow - OpFlex - NETCONF
OpeFlex
Automation: Which southbound API matches this description: Uses declarative SDN model - NETCONF - OnePK - OpenFlow - OpFlex
OpeFlex
Automation: Uses imperative SDN model in which detailed instructions are sent to the SDN controller when a new policy is configured. The SDN controller manages both the network and the policies applied to the device. - OnePK - OpenFlow - OpFlex - NETCONF
OpenFlow
Automation: Which southbound API matches this description: Uses an imperative SDN model. - NETCONF - OnePK - OpenFlow - OpFlex
OpenFlow
Creates VXLAN tunnels between SDA switches. - Overlay - Underlay - Northbound API - Fabric - Southbound API
Overlay
Etherchannel: Auto / Desirable refers to which protocol?
PAGP
Traditional enterprise Cisco management platform that relies on a browser based GUI to enable administrators to perform operations, diagnose problem, and interact with devices. Does not support Cisco SDA. - DNA Center - IOS 15 - PI - Network Assistant
PI Prime Infrastructure
Used to initiate a session with DSL service provider. The session is initiated between an ADSL enabled router and an access concentrator. Traffic is encapsulated in PPP frames. The PPP frames are then encapsulated directly into ATM cells and transmitted across the ADSL circuit. Neither the PPP frames nor ATM cells are encrypted. - PPPoA - PPPoE - GRE - IPSEC
PPPoA Point-To-Point over ATM
Typically used to initiate a session with a DSL service provider. Frames are encapsulated into Ethernet frames for transmission to the service provider. Because these frames are not encrypted, it cannot provide a secure connection between a remote location and a company headquarters. - PPPoA - PPPoE - GRE - IPSEC
PPPoE Point-To-Point over Ethernet
Cloud: Company uses third party MySQL database & Apache services to build a cloud-based consumer relationship platform. Services like Gmail & Outlook are examples of what type of cloud infrastructure?
PaaS
Cloud: Which cloud service allows the consumer to install and configure provider-supported applications? The company can then uses the service provider's infrastructure, programming tools, and programming languages to develop and service cloud-based applications.
PaaS
Install and configure provider to install and possibly configure provider supported applications in the cloud infrastructure. Company obtains subscription to use a service provider's infrastructure, programming tool, and programming languages to develop and serve cloud based applications. - SaaS - PaaS - IaaS
PaaS
The use of legitimate service to redirect users to a malicious or compromised site. This is called __________
Pharming
WLC QoS: Which QoS option prioritizes VoIP? - Bronze - Silver - Gold - Platinum
Platinum
Power ________ is a Cisco feature that enables a switch to monitor the current draw of connected devices and to take action if the draw exceeds the amount allocated to the PD in accordance with its negotiated power class.
Policing
MAC flooding / CAM overflow: Attacker generates towards of forged frames with intent to overwhelm the switches MAC table. This way the switch can no longer make intelligent forwarding decisions. What can you enable to prevent this?
Port-Security: Limit the number of MAC addresses that can be learned on an interface.
Reduces convergence time by placing edge ports into a forwarding state. - PortFast - BPDU guard - Root guard - Loop guard
PortFast
When a Voice VLAN is configured, _________ is automatically enabled; however _________ is not automatically disabled when that same voice VLAN is disabled.
PortFast
Ethernet Frame: What is the first section? - Destination MAC - Preamble - Data - Source MAC - FCS - Length - SOF
Preamble
You issue the "spanning-tree guard root" command on a switch port that you are connecting to a new, unconfigured switch. Which of the following are you most likely attempting to do? - Prevent loops on a port that could erroneously receive BPDUs - Prevent the new switch from being elected root - Prevent a port from transitioning through all of the STP states - Prevent loops from interruption of BPDU flow
Prevent the new switch from being elected root
Automation: Which configuration management tool stores configurations in "modules" written Ruby DSL? - Ansible - Puppet - Chef - Salt
Puppet
Which configuration management tool uses manifest files with a .pp extension? - Ansible - Puppet - Chef - Saltstack
Puppet
Which of the following configuration management tools accepts inbound requests from agents by using HTTPS on TCP port 8140? - Puppet - Chef - Ansible - Salt
Puppet
Only encrypts the password for Access-Request packets; does NOT encrypt the entire packet. - RADIUS - TACACS+
RADIUS
Combines authentication and authorization services into a single function. - RADIUS - TACACS+
RADIUS Less granular.
Which of the following is used by WEP to provide encryption? - GGMP - TKIP - AES - CCMP - RC4
RC4
Congestion avoidance method that drops packets if network congestion is detected. Does NOT use IP precedence to determine the priority of packets. Instead, it randomly drops packets based on a mark probability denominator: the fraction of packets that should be dropped when a queue reaches its minimum threshold. Because it does not selectively drop packets, high priority packets have the same probability of being dropped as low priority packets if network congestion is detected. - RED - WFQ - FIFO - WRED
RED Random Early Detection
ip route 10.1.1.0 255.255.255.0 172.1.1.1 This is example of what type of route?
Recursive Static Route Contains the destination network and next hop address only.
Prevents introduced switches from being elected the new root. - PortFast - BPDU guard - Root guard - Loop guard
Root guard
What is actually used for forwarding traffic. Takes the successor route from the "Topology Table".
Routing table.
Automation: Southbound protocols which connect to a network's physical devices are typically linked to the SDN controller by using a ______. This is a database or registry of services provided by the southbound APIs. The APIs are bound to the registry so that the ______ can service an application request.
SAL Service Abstraction Layer
Southbound protocols, which connect to a network's physical devices, are typically linked to the SDN controller by using a _____. This is a database, or registry, of the services provided by the southbound APIs.
SAL Service Abstraction Layer
Intelligent network architecture in which a software controller assumes the control plane functionality for all network devices.
SDN Software Defined Networking
802.11 MAC Frame: FC -- DUR -- ADD1 -- ADD2 -- ADD3 What is the next component?
SEQ Sequence: Fragment Number / Sequence number of each frame.
Ethernet Frame: Preamble --- What is the next section? - Destination MAC - Data - Source MAC - FCS - Length - SOF
SOF Start of frame field
Cloud: A company licenses a service provider's office software & email service through a web browser. This is an example of what type of cloud environment?
SaaS
Cloud: Services like Gmail & Outlook are examples of what type of cloud infrastructure?
SaaS
Cloud: Which cloud service model allows its consumer to access applications running in the cloud infrastructure, but does NOT enable the consumer to manage the cloud infrastructure, or configure the applications?
SaaS
Company licenses an office suite, including email service, that is delivered to the end user through a web browser. Least likely to require changes to the consumer's network design. - SaaS - PaaS - IaaS
SaaS
When would you enter the command then receive an error: Command: "enable secret 5 password123" ERROR: "The secret you entered is not a valid encrypted secret. To enter an UNENCRYPTED secret, do not specify type 5 encryption. When you properly enter an UNENCRYPTED secret, it will be encrypted. Why did you receive this error?
Secret must be an MD5 hash. Ex. $1$cf6N$Ugo.y0cxMLffTfQtyO/Xt.
WLC: Which of the following is the only interface that is available while the WLC is booting? - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Service port interface
WLC: Which of the following is used for maintenance purposes on a WLC? This interface is a physical interface on the WLC that can be used to recover the WLC in the vent that the WLC fails. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Service port interface
Which of the following WLC interfaces is the only available interface when the WLC is booting? - Virtual Interface - Management interface - Dynamic interface - Service port interface - AP manager interface
Service port interface
WLC QoS: Which QoS option provides "Best Effort"?
Silver
Ethernet Frame: Preamble --- SOF --- Destination MAC --- What is the next section? - Data - Source MAC - FCS - Length - SOF
Source MAC
Which of the following addresses will a switch use to populate the CAM table? - Destination IP - Source MAC - Source IP - Destination MAC
Source MAC
Automation: A controller communicates with the data plane by using ___________ _____ such as NETCONF, OpenFlow, OpFlex, or OnePK.
Southbound API
Enable an SDN controller to communicate with devices on the network data plane.
Southbound API
Enables an SDN controller to communicate with devices in the data plane. - Overlay - Underlay - Northbound API - Fabric - Southbound API
Southbound API
- OnePK - OpenFlow - OpFlex - NETCONF These are examples of what?
Southbound APIs
EIGRP: The best path to a destination network. - Advertised Distance - Feasible Distance - Feasible Successor - Successor
Successor
EIGRP: Best entry in the topology table. This is called the __________.
Successor
Which of the following are found in the EIGRP routing table? - successors and feasible successors - feasible successor - successors - all neighbor routers
Successors The best next-hop routes to a destination. Command: "show ip route eigrp"
Encrypts the entire contents of packets: - RADIUS - TACACS+ - AAA
TACACS+
Separates AAA operations such as authentication and authorization. Thereby administrators have more controller over access to configuration commands. - RADIUS - TACACS+ - AAA
TACACS+ Thereby administrators have more controller over access to configuration commands.
Which of the following ports is used by FTP? (2) - UDP/21 - UDP/69 - TCP/21 - UDP/20 - TCP/20 - TCP/69
TCP/20 TCP/21
Which of the following does RED and WRED address? - Strict priority queuing - Bandwidth guarantees - Bandwidth starvation - Tail drop
Tail drop Occurs when new incoming packets are dropped because a router's queues are too full to accept them.
LAG is enabled on a WLC that contains eight distribution system ports. All eight distribution system ports are connected to a single switch that is correctly configured unconditionally bundle its ports. Seven of the eight links fail. Which of the following is true? - The WLC will no longer pass wireless client traffic to the switch - The WLC will automatically reconfigure all eight ports as 802.1Q trunk ports - The WLC will pass all wireless client traffic to the switch - The WLC will intermittently pass wireless client traffic to the switch
The WLC will pass all wireless client traffic to the switch. Note: LAG enables load balancing across all eight links. If one fails, the other links in the LAG bundle will continue to function.
Which of the following VLANs is used by DTP to negotiate a trunk link when 802.1Q encapsulation is configured on the interface? - 4094 - 0 - 1 - The native VLAN
The native VLAN
You have issued the "power inline police" command from interface configuration mode on a Cisco switch. Which of the following best describes what will occur when an attached PD attempts to draw more than its allocated amount of power from the configured interface? - The port will enter an error-disabled state, and a log message will appear on the console - The port will enter an error-disabled state - The port will restart, and a log message will appear on the console - A log message will appear on the console
The port will enter an error-disabled state, and a log message will appear on the console
You have issued the "power inline police action log" command from interface configuration mode on a Cisco switch. Which of the following best describes that will occur when an attached PD attempts to draw more than its allocated amount of power from the configured interface? - A log message will appear on the console. - The port will restart, and a log message will appear on the console. - The port will enter an error-disabled state - The port will enter an error-disabled state, and a log message will appear on the console.
The port will restart, and a log message will appear on the console.
The sending host on a site-to-site VPN that is constructed by using GRE with IPSec for transport adds a VPN header and an IP header to the packet. Which of the following steps occur next? - The receiving host decrypts the packet. - The sending host encapsulates the packet - The sending host adds the session key to the packet - The sending host sends the packet to the destination
The sending host sends the packet to the destination
Which of the following statements about FlexConnect ACLs is true? - They do not support the implicit deny rule - They can be configured with a per-rule direction. - They are supported on the native VLAN - They are applied per AP and per interface
They are supported on the native VLAN
Which of the following statements about FlexConnect ACLs is true? - They are applied per AP and per port - They cannot be configured with a per-rule direction - They are not supported on the native VLAN - They do not support an implicit deny rule
They cannot be configured with a per-rule direction. Reason: This is in contrast to traditional ACLs, which can be configured with inbound rules or outbound rules.
How many address fields can be expected in an 802.11 data frame that is sent from a wireless station and destined to a host on a wired network? - Three - Two - One - Four
Three
How many octets of a MAC address represent the OUI? - Four - Five - Three - Two - One Ex. 00-50-56-C0-00-04
Three
Lists all networks that EIGRP networks found and their connected interfaces Ex. 10.1.1.0 S0/0 Ex. 172.1.1.0 Fa0/1 This is called the __________ ___________.
Topology Table
The data plane is NOT centralized on an SDN network (True/False)
True
Wireless: It is NOT possible to configure FlexConnect ACLs for the native VLAN if the VLAN configuration is inherited from a FlexConnect group (True/False)
True
Ethernet Frame: Preamble --- SOF --- Destination MAC --- Source MAC --- What is the next section? - Data - FCS - Length - Type field - SOF
Type field
Designed to determine whether a communication link is occurring in only one direction. Unidirectional links can result in switching loops if the switch does not know that the link is unidirectional. If _______ detects an unidirectional link, it places the port into an error-disable state. - BPDU Guard - Loop Guard - UDLD - Root Guard
UDLD UniDirectional Link Detection
Which of the following ports is used by TFTP? - UDP/21 - UDP/69 - TCP/21 - UDP/20 - TCP/20 - TCP/69
UDP/69
Collection of devices that comprises the IP network that connects to each fabric node. - Overlay - Underlay - Northbound API - Fabric - Southbound API
Underlay
Which SNMP version supports the user and group configuration in its authentication security model?
V3
An attacker sends double-tagged 802.1Q frames over a trunk link. This is called _______ ___________.
VLAN hopping
Which of the following is used to run a guest OS within a host OS? - Virtual memory - Virtual switch - VM - Virtual PBX
VM
Which of the following is another name for a hypervisor? - VMM - VM - PaaS - IaaS
VMM Virtual Machine Monitor
You are configuring security on a new WLAN by using the WLC GUI. Which of the following security settings are most likely to configure by using the Layer 3 Security drop down list box on the Layer 3 tab? - VPN pass through - Web authentication - Web passthrough - WPA+WPA2
VPN pass through
FHRP Protocols: Which of the following protocols is not Cisco-proprietary. Elects a master router & a virtual router backup? - HSRP - GLBP - VRRP - LACP
VRRP
Which has a master router and one or more backup routers. The master router has the highest priority. - VRRP - HSRP - GLBP - RSVP
VRRP
Which of the following FHRP would use the virtual MAC address 0000.5E00.0101? - GLBP - VRRP - HSRP - GLBP and HSRP
VRRP
Which of the following is a virtual device used to route telephone calls? It serves as a centralized device that routes calls between a telephone company and phones within a single office location: - Virtual memory - Virtual switch - VM - Virtual PBX
Virtual PBX
Which of the following is a virtual device that allows multiple VMs to communicate within a host system? - Virtual memory - Virtual switch - VM - Virtual PBX
Virtual Switch
WLC: Which of the following interfaces is used if DHCP relay has been enabled on the controller. This interface can be used as the DHCP server address on wireless clients. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Virtual interface
WLC: Which of the following interfaces is used in situations where web authorization has been enabled for clients; the user is redirected to the IP address of this interface when the user opens a web browser. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Virtual interface
WLC: Which of the following interfaces is used to provide a specific IP address that is the same across multiple controllers when wireless clients roam among the controllers. This enables seamless roaming among the controllers. - AP manager interface - Service port interface - Virtual interface - Dynamic interface - Management interface
Virtual interface
IOS feature that can be installed on APs and used to enable those APs to interact with a CiscoWorks WLSE. For example, it collects and aggregates radio information from APs and forwards that data to a CIscoWorks WLSE. - WLC - WDS - WiSM
WDS Wireless Domain Services
Congestion management method, not a congestion avoidance method. Traffic flows are identified by _____ based on the source and destination IP address, port number, protocol number, and ToS. Although ____ is easy to configure, it is supported only on interfaces at 2.048 Mbps or lower and does not provide any bandwidth or delay guarantees. ____ addresses the jitter and delay problems inherent with FIFO queuing, and it addresses the bandwidth starvation problem inherent with other congestion management method such as priority queuing (PQ) - RED - WFQ - FIFO - WRED
WFQ
Provides wireless network management services in a Cisco Unified Wireless Network. Uses LWAPP (Lightweight Access Point Protocol) and a combination of lightweight APs. - WLC - WLSE - WDS - WiSM
WLC
In CiscoWorks _______ can be installed to help automate the management and deplo9yment of the APs in a Cisco Autonomous WLAN solution. Features include, dynamic RF frequency, network security, intrusion detection, self-healing capabilities, and monitoring and reporting service for the wireless network. - WLC - WLSE - WDS - WiSM
WLSE Wireless LAN Solution Engine
WLC module that can be installed on Catalyst 6500 series switches, or Cisco 7600 series routers. They're used on Cisco Unified Wireless Networks are not part of Cisco Autonomous WLAN solutions. - WLC - WLSE - WDS - WiSM
WLSE Wireless LAN Solution Engine
Which of the following components simplifies the management and deployment of wireless APs in a Cisco Autonomous WLAN solution? - WLC - WLSE - WDS - WiSM
WLSE Wireless LAN Solution Engine
Which of the following is a congestion avoidance method that drops lower-priority packet if network congestion is detected? - RED - WFQ - FIFO - WRED
WRED
Congestion avoidance mechanism that addresses packet loss caused by tail drop. This occurs when new incoming packets are dropped due to the routers stacked queue. Useful for networks where the majority of traffic uses TCP because TCP packets that are dropped must be retransmitted. Additionally TCP sources reduce traffic flow when congestion occurs, further slowing down the network. This is called ________ (Acronym)
WRED Weighted Random Early Detection
Congestion avoidance method that drops lower-priority packets if network congestion detected. Selectively drops packets when output queues reach predefined threshold. When the average queue depth exceeds the minimum threshold for a designated service level, WRED begins to drop packets that match that service level. When the average queue depth reaches the maximum threshold for a designated service level, all packets are dropped that match that service level. Low priority packets are dropped before high priority packets are dropped. - RED - WFQ - FIFO - WRED
WRED Weighted Random Early Detection
Which of the following is a REST API encoding format that uses HTML-like tags to define blocks of data? - BSON - YAML - XML - JSON
XML
You enter the following commands: access-list 101 deny ip 172.16.1.0 0.0.0.255 any access-list 102 permit ip any 172.16.1.0 0.0.0.255 interface GigabitEthernet0/0 access-group 101 in access-group 102 in Will traffic destined for the 172.16.1.0 /24 network be allowed? Why?
Yes When multiple ACLs that use the same protocol (ip) are applied to an interface, only the last ACL applied to the interface will affect traffic on the interface.
You are configuring a normal WLAN by using the WLC GUI. You configure the Profile Name field on the WLANs > New page with a value of MyCompanyLAN. Which of the following statements about SSID field is true? - You can configure it with the Profile Name value, but it is not required - You can configure it with a reserved keyword - You must configure it with the Profile Name value - You must not configure it with the Profile Name value
You can configure it with the Profile Name value, but it is not required
A single-line access control list (ACL) has been added to a router configuration using the command ip access-list 1 permit 172.16.4.0 0.0.1.255. The configuration also includes the access-class 1 in command in virtual terminal configuration mode. Which answer accurately describes how the router uses ACL 1? a. Hosts in subnet 172.16.4.0/23 alone can telnet into the router. b. Command-line interface (CLI) users cannot telnet from the router to hosts in subnet 172.16.4.0/23 alone. c. Hosts in subnet 172.16.4.0/23 alone can log in but cannot reach enable mode of the router. d. The router will only forward packets with source addresses in subnet 172.16.4.0/23.
a. Hosts in subnet 172.16.4.0/23 alone can telnet into the router.
Some Cisco IOS commands store passwords as clear text, but you can then encrypt the passwords with the service password-encryption global command. By comparison, other commands store a computed hash of the password instead of storing the password. Comparing the two options, which one answer is the most accurate about why one method is better than the other? a. Using hashes is preferred because encrypted Cisco IOS passwords can be easily decrypted. b. Using hashes is preferred because of the large CPU effort required for encryption. c. Using encryption is preferred because it provides stronger password protection. d. Using encryption is preferred because of the large CPU effort required for hashes.
a. Using hashes is preferred because encrypted Cisco IOS passwords can be easily decrypted.
Which of the following management frames that are sent from the wireless client to the AP request access to the wireless network. The process of requesting access to the wireless network comes after the client has ben authenticated by an AP or authentication server. - beacons - association responses - probe requests - association requests - deauthentications
association request
A next-generation firewall (NGFW) sits at the edge of a company's connection to the internet. It has been configured to prevent Telnet clients residing in the internet from accessing Telnet servers inside the company. Which of the following might an NGFW use that a traditional firewall would not? a. Match message destination well-known port 23 b. Match message application data c. Match message IP protocol 23 d. Match message source TCP ports great than 49152
b. Match message application data
A network engineer issues a show running-config command and sees only one line of output that mentions the enable secret command, as follows: enable secret 5 $1$ZGMA$e8cmvkz4UjiJhVp7.maLE1 Which of the following is true about users of this router? a. A user must type $1$ZGMA$e8cmvkz4UjiJhVp7.maLE1 to reach enable mode. b. The router will hash the clear-text password that the user types to compare to the hashed password. c. A no service password-encryption configuration command would decrypt this password. d. The router will decrypt the password in the configuration to compare to the clear-text password typed by the user.
b. The router will hash the clear-text password that the user types to compare to the hashed password.
Imagine that you have configured the enable secret command, followed by the enable password command, from the console. You log out of the switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode? a. enable password b. enable secret c. Neither d. The password command, if it's configured
b. enable secret
Which of the following management frames contain the SSID of the wireless network? - beacons - association responses - probe requests - association requests - deauthentications
beacons Beacon frames contain a variety of information about wireless networks.
REST API: "extra": true, The "extra" key value is a _________ value.
boolean
Which of the following Cisco lightweight AP modes can form a mesh when it is enabled on multiple AP? - FlexConnect - bridge - sniffer - local
bridge
You issue the command: "ntp server 10.1.1.5" This puts the current router into static _______ mode.
client
Which of the following is considered best practice when expanding an existing 802.l11 wireless network? - configuring each AP with a unique SSID and a unique, nonoverlapping channel - configuring each AP with the same SSID and a unique, overlapping channel - configuring each AP with the same SSID and unique, nonoverlapping channel - configuring each AP with a unique SSID and the same channel
configuring each AP with the same SSID and unique, nonoverlapping channel Reason: APs operating on the same channel and within close physical proximity to other APs may experience some interference.
Which of the following frames are sent by either the AP or wireless client to terminate the connection. These messages are typically used to end an authoized connection; however, they can also be used to end wireless sessions between rogue clients or rogue APs. - beacons - association responses - probe requests - association requests - deauthentications
deauthentications
Command that allows you to display debugging messages.
debug
Which actions show a behavior typically supported by a Cisco next-generation intrusion prevention system beyond the capabilities of a traditional IPS? a. Gather and use host-based information for context b. Comparisons between messages and a database of exploit signatures c. Logging events for later review by the security team d. Filter URIs using reputation scores e. Both A and D f. Both A and C
e. Both A and D
Connects a wireless client to a wired network, but requires a separate wireless controller. The primary difference between this deployment and others is that the WLC is embedded within a stack of switching hardware instead of existing as a separate entity. - embedded AP deployment - lightweight AP deployment - cloud-based AP deployment - autonomous AP deployment
embedded AP deployment
Configures a clear-text password for gaining access to enable mode: - enable secret - password 7 - service password-encryption - enable password - enable secret 5
enable password
Configure an already encrypted password with type 7 encryption. - enable secret - enable password 7 - service password-encryption - enable password - enable secret 5
enable password 7
Configures and encrypts a clear-text password for gaining access to enable mode: - enable secret - password 7 - service password-encryption - enable password - enable secret 5
enable secret
What command would you use to enter the following information: Secret: password123 Note: NO encryption (Unencrypted)
enable secret 0 password123
Configures a previously encrypted password for gaining access to enable mode: - enable secret - password 7 - service password-encryption - enable password - enable secret 5
enable secret 5
You enter the command "show access-lists" and it displays the following output: Standard IP access-lists 10: 10 permit host 192.168.1.34 (0 matches) 20 permit host 192.168.1.50 (5 matches) All other traffic is being dropped due to the ________ ________ rule that applies to all ACLs.
implicit deny
Command that allows you to filter SYSLOG messages by severity-level
logging console [severity level]
Command that allows you to filter log messages to a SYSLOG server
logging trap
Unlike OSPF which uses the highest IP to determine the RID, STP uses the _________ Bridge ID to determine the root bridge.
lowest
Command that allows you to stop debug message output.
no debug all
Which of the following commands should you issue to restore the LLDP hold timer configuration to its default value? - lldp holdtime 0 - lldp timer 120 - lldp holdtime 180 - no lldp holdtime
no lldp holdtime
What is the command to disable LLDP globally?
no lldp run
REST API: "extra": null, The "extra" key value is a ______ value. Note: This means it has no value at all, however are not the same numeric value of 0.
null
REST API: "id": 12345, The value of the "id" key is __________
numeric
REST API: "group": { "role": "Receivables", "read-only": [ "Accounting Folder", "Sales Folder" ] } "group" is an example of an _______.
object
OSPF: All routers are in the 2-Way state on a "Broadcast" OSPF network. You should verify whether all routers on the segment are set with the same ____________ of 0, which prevents any of them from becoming the DR or BDR.
priority
Which of the following are management frames that are sent by wireless clients to request network information from any AP in the transmission range of the client. - beacons - association responses - probe requests - association requests - deauthentications
probe requests
What 2 commands would you enter the change the administrative distance of OSPF from 110 to 25 Hint: OSPF PID is 1
router ospf 1 distance 25
Enables global password encryption: - enable secret - password 7 - service password-encryption - enable password - enable secret 5
service password-encryption
WLC GUI (Command): Display the memory dump for a specific lightweight AP. Note: MYLAP
show ap config core-dump MYLAP
WLC GUI (Command): Displays IP addressing and other information about the specified AP. Hint: MyLap
show ap config general MY LAP.
Which of the following commands are you most likely to issue in order to view general IP addressing information for a specific Cisco AP named MyLAP? - show ap config general MyLAP - show ap crash-file - show ap config global - show ap core-dump MyLAP
show ap config general MyLAP
WLC GUI (Command): Display SYSLOG server settings for every AP joined to the WLC.
show ap config global
WLC GUI (Command): Displays a list of dump files generated by lightweight APs.
show ap crash-file
You need to discover the following information about a device connected to a switch: - The IP address of the neighboring device - The interface on the switch that is connected to the neighboring device - The interface on the neighboring device that is connected to the switch Which of the following commands should you use? - show cdp - show cdp neighbors detail - show cdp interface - show cdp neighbors
show cdp neighbors detail
You've enabled Port-Fast on interface F0/1. What command would you enter to enable BPDU Guard in interface configuration mode?
spanning-tree bpduguard enable
STP: You want to prevent new switches from being elected root. Which command should you enter?
spanning-tree guard root
REST API: "fname" "John", "lname": "Doe", "fname" & "lname" are examples of ______ _______.
text values
You have issued the errordisable detect cause inline-power command from global configuration mode on a Cisco switch. Power policing is enabled with default settings. If a PD attempts to draw more than the cutoff power from a PoE enabled interface, how long will the interface remain in an error-disabled state? - 300 seconds - until it is manually reset with the shutdown and no shutdown commands - 30 seconds - 86400 seconds
until it is manually reset with the shutdown and no shutdown commands
EIGRP: The __________ command is used to determine whether EIGRP feasible successors can be used for unequal-cost load balancing.
variance