CCNA Study
What is the MAC address of the interface that autoconfigures itself to the IPv6 address of fe80::2a3:C2ff:fefc:4a5d?
00:a3:c2:fc:4a:5d The correct answer is 00:a3:c2:fc:4a:5d. Autoconfiguration employs the modified EUI-64 format in order to determine the interface ID portion of the address. The modified EUI-64 format uses the MAC address. The last 24 bits of the MAC address are preserved and become the last 24 bits of the autoconfigured IPv6 address. The first 24 bits of the MAC address have the seventh bit inverted. Also, the "fffe" sequence is appended to the end of the modified first 24 bits of the MAC address. This new 40-bit structure is followed by the last 24 bits of the MAC address to form the IPv6 interface ID.
*Lab Question* What is the lease time for the assigned IP address on PC2?
1 minute The correct answer is 1 minute, or 60 seconds. *Study CLI*
Which three IPv4 addresses are private? (Choose three.)
10.255.255.254 172.31.255.254 192.168.1.100 Private Ranges: Class A: 10.0. 0.0 to 10.255. 255.255. Class B: 172.16. 0.0 to 172.31. 255.255. Class C: 192.168. 0.0 to 192.168. 255.255.
After a designated router (DR) and backup designated router (BDR) are selected on the multi-access segment in an OSPF routing domain, what is the OSPF state of the routers that are not elected as DR or BDR?
2-way The correct answer is 2-way. Among the routers on a LAN that are not elected as the DR or BDR, the exchange process stops at this point, and the routers remain in the 2-way state. The master/slave routers exchange one or more database description (DBD) packets that contain a link-state database (LSDB) summary, and they are in the exchange state. When routers start sending link-state requests (LSRs), they are in the loading state. When all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and are in the full state.
What is the IPv6 default gateway address for the SW2 switch?
2001:db8:0:2::2 The correct answer is 2001:db8:0:2::2. The IPv6 default gateway for the SW2 switch is the IPv6 address configured on R2 Ethernet0/0. The IPv6 default gateway and SW2 VLAN1 IPv6 address should have the same IPv6 prefix (2001:DB8:0:2::/64). show running-conifg output on R2: interface Ethernet0/0 description Link to SW2 ip address 10.10.2.1 255.255.255.0 ipv6 address 2001:DB8:0:2::2/64 ospfv3 1 ipv6 area 0
Which IPv6 address is assigned to the SRV1 server?
2001:db8:0:3::31/64 found in show running-config
*Lab Question* What is the IPv4 address of the DNS server assigned by DHCP to PC1?
203.0.113.30 The correct answer is 203.0.113.30. The DNS server resides on SRV2, which has an IP address of 203.0.113.30.
How many bits does the subnet mask consist of?
32
When you examine the MAC address table on SW2, which VLAN does MAC aa-aa-aa-aa-22-22 belong to? Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 aaaa.aaaa.2222 DYNAMIC Et0/1 1 aaaa.bbbb.2222 DYNAMIC Et0/2 Total Mac Addresses for this criterion: 2
65 The correct answer is 65. The MAC address aa-aa-aa-aa-22-22 belongs to PC2 and as such is a member of VLAN 65. VLAN 80 contains both server nodes. VLAN 1001 is not present in this lab topology and VLAN 1005 is a reserved FDDI/Token Ring VLAN.
Which three Wi-Fi standards support the 5 GHz spectrum? (Choose three.)
802.11a 802.11ac 802.11n
From a network perspective, how is a server a different endpoint than a user workstation?
A server requires more bandwidth.
Refer to the exhibit. In an 802.1X implementation, what are the roles of the devices shown? A(client) <---------> B(switch) <---------> C(server)
A: supplicant, B: authenticator, C: authentication server The correct answer is A: supplicant, B: authenticator, C: authentication server. A supplicant is a workstation with 802.1X-compliant client software. An authenticator acts as a proxy between the supplicant and an authentication server. An authentication server authenticates supplicants connecting to a switch port.
When a router is calculating the network portion of an IPv4 address, which bitwise operation is performed on the IPv4 address and the subnet mask?
AND The correct answer is AND. In order to extract the network part of an IPv4 address, the ANDing logical operation is performed with the IPv4 address and the subnet mask as operands. When the binary digit 1 is ANDed with another digit, the value of the other digit is preserved. ANDing with 0 always results in a 0. Therefore, 1s in the subnet mask will preserve the value found in the IPv4 address. The logical operations NAND, OR, and XOR would not preserve the values found in the IPv4 address. Next Page
On SW2, verify the administrative and operational switching modes on interface Ethernet0/3. Which statement correctly describes the administrative mode and operational mode values? show ip int e0/3 Ethernet0/3 is up, line protocol is up Inbound access list is not set
Administrative mode is dynamic-desirable and operational mode is trunk.
Which Cisco product allows a holistic approach to provisioning, monitoring, optimizing, and troubleshooting your network?
Cisco Digital Network Architecture (DNA) Center
Which three protocols use UDP? (Choose three.)
DHCP SNMP TFTP
Which interfaces on SW1 are trunk interfaces?
E0/0 and E0/3 Pure guess,
What are the OSPF hello and dead timer values on R2?
Hello is 10 seconds and dead is 40 seconds.
What are the default OSPF hello and dead timer values on point-to-point links?
Hello value is 10 seconds, dead value is 40 seconds.
Which three device types can benefit from Power over Ethernet (PoE) connectivity? (Choose three.)
IP cameras VoIP phones wireless access points
Which series of phases correctly represents a common attack methodology?
Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration The correct answer is Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration. Although a unique attack methodology does not exist, the commonly used attack proceeds in the following phases. Initial Compromise—compromising a low-security system to start analyzing the internal network; Escalation of Privileges—getting more options to scan the internal network; Internal Reconnaissance—scanning the internal network to detect an interesting system to compromise; Lateral Movement—compromising others' internal hosts; Exfiltration—data theft.
After the Cisco IOS Software image is loaded and started, from which three components can the device load its configuration? (Choose three.)
NVRAM SCP server TFTP server The correct answers are NVRAM, SCP server, and TFTP server. If there is an existing saved configuration file (startup-config) in NVRAM, it is executed. If the startup configuration file does not exist in NVRAM, the router may search for a network file server (TFTP, SCP, and so on). RAM stores the current configuration after it is loaded. A DHCP server can provide the URL of the configuration file, where the file can then be loaded from. DNS servers are not used for file transfers.
In the routing table on R2, what is the protocol code for the default route?
O*E2
Examine the topology and the configuration. On PC2, when you use the ping command to check connectivity to Server 1, what is the order of the devices that packets traverse?
PC2 > SW2 > SW1 > R1 > SW1 > Server1
Examine the OSPF configurations on routers in the multi-access segment, that is R1, R2, and R3. OSPF priority has been pre-configured on all routers. If all the routers would reboot at the same moment, which two routers would be elected as Designated Router (DR) and Backup Designated Router (BDR)?
R1 is DR and R3 is BDR. The correct answer is R1 is DR and R3 is BDR. Upon examining the interface OSPF configurations, you will see that R1 is given the preferable priority, which ensures it would be elected as DR. The OSPF priority of R3 compared to R2 is preferred.
Two routers, A and B, are part of the Hot Standby Router Protocol (HSRP) standby group. There was no priority configured on the routers for the HSRP group. Which statement is correct?
Router A will be in the ACTIVE state and router B will be in the STANDBY state.
On a router, you manually configure a route by issuing the ip route 0.0.0.0 0.0.0.0 10.1.1.1 command. When this route is added to the routing table, which routing protocol code will mark the entry?
S* The correct answer is S*. If you use the ip route command to manually add a route, it will be marked with the letter "S" in the routing table to indicate that it is a static route. A route that is specified by using a quad zero IPv4 address and a subnet mask is a default route. It is marked with an asterisk sign (*), meaning that the route is a candidate for becoming a default route.
Refer to the exhibit. You must ensure full connectivity in the network. When configuring trunking on SW3, which configuration would you use?
SW3(config)# interface range GigabitEthernet0/1-2 SW3(config-if-range)# switchport mode trunk SW3(config-if-range)# switchport trunk allowed vlan 10,20,30 SW3(config-if-range)# switchport trunk native vlan 39 SW3(config-if-range)# end SW3# configure terminal SW3(config)# vlan 10,20,30 SW3(config-vlan)# end
Which flag is set in the first TCP packet sent by a device initiating a communication?
SYN
Which two statements describe examples of social engineering attacks? (Choose two.)
Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine. The correct answers are Sending an email from a seemingly legitimate address with writing that adopts typical sender language and Sending an infected USB with a magazine. Social engineering is the process of manipulating people in order to capitalize on expected behaviors. Social engineering often involves utilizing social skills, relationships, or understanding of cultural norms to manipulate people inside a network to provide the information that is needed to access the network. Sending a USB with the right magazine or sending an email from a known address are methods of manipulating people. DoS attacks, password cracking, and website defacing are not based on manipulation, even if the information is related to specific users.
Which command is used to set 192.168.1.1 as the default gateway on a Layer 2 switch?
Switch(config)# ip default-gateway 192.168.1.1
Which three commands should you use to configure data and voice VLAN on the same interface? (Choose three.)
Switch(config-if)# switchport access vlan 2 Switch(config-if)# switchport mode access Switch(config-if)# switchport voice vlan 3
The R4 router is not participating in OSPF. What is causing the issue?
The OSPF area is configured incorrectly on R4. The correct answer is The OSPF area is configured incorrectly on R4. For OSPF to advertise routes, the area ID must be the same on all routers in a single-area OSPF domain. The router ID uniquely identifies the router; it must be unique on each router in the network, and the OSPF process ID do not need to be agreed upon by two interconnected routers.
You have restarted a router, which has the default booting procedure. During the reboot, the following messages appear on the console: %Error opening tftp://255.255.255.255/network-confg (Timed out) %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out) What can you conclude based on the messages?
The configuration file is not found on the TFTP server. The correct answer is The configuration file is not found on the TFTP server. By default, the router first attempts to load the startup configuration from the NVRAM. If the startup configuration file does not exist in NVRAM, the router searches for a TFTP server. If the router detects that it has an active link, it sends a broadcast searching for a configuration file across the active link. No specific TFTP URL is used. If the router does not find the configuration source, it will display the error console messages. Next Page
Refer to the exhibit. It represents the Cisco Enterprise Architecture model. In this model, where is the firewall located? Aggregation Switch ---> Core Switch ---> Router ----> ISP | | V Switch / | \ SV SV SV
The correct answer is between the internet and the edge router. Putting the edge router between the internet and the firewall exposes the router to attacks. The connection sequence should be: internet, firewall, edge router, switch.
Which two symptoms indicate a duplex mismatch between a client and an Ethernet switch? (Choose two.)
The full-duplex interface will report increasing numbers of FCS errors or runts on the port. The half-duplex side of the link will waste bandwidth due to increased packet retransmissions caused by increasing collisions.
Which two symptoms are characteristic of a duplex mismatch? (Choose two.)
The half-duplex side of the link will experience increased collision rates. The full-duplex side of the link will have a large number of CRC errors.
You want to deny Telnet and permit ping from SRV1 to SRV2. The access list 101 will be used and you have already prepared two access list given below. The access list will be applied in the inbound direction on the R1 Ethernet 0/1 interface. Which statement describes the correct configuration? access-list 101 deny tcp host 10.10.2.20 host 203.0.113.30 eq telnet access-list 101 permit icmp host 10.10.2.20 host 203.0.113.30
The order of the two prepared statements is not important. The correct answer is The order of the two prepared statements is not important. Since Telnet uses TCP and ping uses ICMP, the order of access list commands is not important. There is always an implicit deny at the end of the access list, and there is no need to explicitly configure a deny any any statement.
If you change the IP address on the PC1 Ethernet0/0 interface to 10.10.2.10/24, what will happen with the ping connectivity test from PC1 to SRV2?
The ping will fail because PC1 and R1 are not in the same subnet, and PC1 will not send the packet. The correct answer is The ping will fail because PC1 and R1 are not in the same subnet, and PC1 will not send the packet. The PC1 Ethernet 0/0 IP address (10.10.2.10/24) and the default gateway on PC1 (10.10.1.1) are not in the same subnet. That is why the packet will never be sent out of PC1.
Refer to the exhibit. The service provider is implementing Multiprotocol Label Switching Virtual Private Network (MPLS VPN) service. Which two options indicate the specific VPN type that is implemented and how the service provider appears from the perspective of the customer? (Choose two.)
The service provider is implementing MPLS L3VPN. The service provider network can be represented as a router from the customer perspective.
You are tasked with installing and configuring a new PoE-supported IP camera with a power consumption of 20 W. After connecting it to a PoE-enabled switch, the camera does not turn on. What is the likely cause of the problem?
The switch does not support the PoE Plus standard.
Which statement is true regarding subnet 192.168.1.64/26?
There are 6 bits available for addressing hosts.
In order to allow SNMP traffic to flow throughout the network, which two communication scenarios must be allowed? (Choose two.)
UDP to port 161 UDP to port 162
Which fields does the 802.1Q header add to an Ethernet frame?
VLAN ID
When is an architecture design called a "collapsed core architecture"?
When the core and the distribution layer are merged into one layer.
As an administrator, you are configuring a Cisco Wireless LAN Controller (Cisco WLC). You are prompted by a pop-up message: "Changing WLAN parameters while it is enabled will cause the WLAN to be momentarily disabled and radio reset thus may result in loss of connectivity for some clients. Press OK to continue." What is the cause of the message?
You are applying a configuration to the Cisco WLC.
Which network topology layer does a wireless access point (WAP) belong to?
access
Which line in the preconfigured access list 10 on router R1 will cause the ping connectivity test from PC1 to SRV2 (203.0.113.30) to fail? PC1 Ethernet 0/0 10.10.1.10/24 10.10.1.1 Standard IP access list 10 10 permit 10.10.1.10 20 deny 10.10.1.0, wildcard bits 0.0.0.255 30 permit 10.10.0.0, wildcard bits 0.0.255.255 40 deny 10.0.0.0, wildcard bits 0.255.255.255 50 permit any
access-list 10 deny 10.10.1.0 0.0.0.255
How many switch ports are designated ports on a root bridge?
all of them The correct answer is all of them. For root bridges, all switch ports are designated ports. Non-root bridges have only one designated switch port
On a Cisco device, what is the default destination for syslog logging messages?
console line
What does a switch on an Ethernet network do if it receives a unicast frame with the destination MAC address that resides at the same switch port as the source frame?
drop the frame
Use the show ipv6 route command, examine the routing table on the R1 router. What is the next-hop IPv6 address to the 2001:db8:0:2::/64 network? R1#show ipv6 route IPv6 Routing Table - default - 7 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP C 2001:DB8:0:1::/64 [0/0] via Ethernet0/0, directly connected L 2001:DB8:0:1::1/128 [0/0] via Ethernet0/0, receive C 2001:DB8:0:12::/64 [0/0] via Ethernet0/2, directly connected L 2001:DB8:0:12::1/128 [0/0] via Ethernet0/2, receive C 2001:DB8:0:13::/64 [0/0] via Ethernet0/1, directly connected L 2001:DB8:0:13::1/128 [0/0] via Ethernet0/1, receive L FF00::/8 [0/0] via Null0, receive
fe80::2 The correct answer is fe80::2. The next-hop IPv6 address is a link-local IPv6 address of R2 Ethernet0/2. You have manually configured link-local IPv6 addresses on all R2 router interfaces to fe80::2.
Use the shutdown command, disable the R2 Ethernet0/2 interface. What is the next-hop IPv6 address to the 2001:DB8:0:2::/64 network when examining the IPv6 routing table on the R1 router?
fe80::3 The correct answer is fe80::3. Since you have disabled the link between R1 and R2, the routing protocol calculates a new path from R1 router to the 2001:db8:0:2::/64 network. The next-hop IPv6 address is a link-local IPv6 address of R3 Ethernet0/1. You have manually configured link-local IPv6 addresses on all R3 router interfaces to fe80::3.
A company wants to interconnect all its branches. To ensure minimum downtime, the company wants to use a WAN that provides high availability and high redundancy. Which WAN topology should the company use?
full mesh
Refer to the network diagram for the lab. What are two physical topologies of the router interconnections? (Choose two.)
full mesh ring
Which command would you use to configure a floating static route?
ip route 192.168.13.0 255.255.255.0 172.17.10.1 100 The correct answer is ip route 192.168.13.0 255.255.255.0 172.17.10.1 100. It is the only option with the correct syntax. The ip route static 192.168.13.0 255.255.255.0 100 command is missing the gateway IPv4 address or interface to that network. The ip route 192.168.13.0 255.255.255.0 172.17.10.1 command has the default administrative distance of 1 set, and is therefore not classified as a floating static route. In the ip route 192.168.13.0 255.255.255.0 172.17.10.1 metric 100 command, the keyword "metric" is redundant.
Which Windows Command Prompt command do you use to view the IP address of a host?
ipconfig
Which command is used to assign IPv6 addresses to PC1 and PC2?
ipv6 address autoconfig default The correct answer is ipv6 address autoconfig default. The ipv6 address autoconfig command enables autoconfiguration for IPv6 address assignment only, but the default route is not injected into the routing table. The ipv6 address dhcp command requires a DHCP server to be installed. The ipv6 address 2001:db8:0:1::/64 eui-64 and ipv6 address 2001:db8:0:2::/64 eui-64 commands manually configure the IPv6 address prefix, where the host portion of the IPv6 address is calculated from the EUI-64 method.
You are configuring an IPv6 static route using the link-local IPv6 address as the next-hop. Which command has the correct syntax?
ipv6 route 2001:0db8:beef::/32 fa1/0 fe80::2 The correct answer is ipv6 route 2001:0db8:beef::/32 fa1/0 fe80::2. A static route gives an option for the link-local next hop address, which is specified with the "fe80" prefix. When using a link-local address as the next hop, you must use an exit interface, as this link-local address can be used on any interface. "2001:0db8:feed::1" shows a route to the network that points to the global IPv6 address. The answers ipv6 route 2001:0db8:beef:: 2001:0db8:feed::1 and ipv6 route 2001:0db8:beef:: fa1/0 fe80::2 are missing prefixes.
Routers communicate First Hop Redundancy Protocol (FHRP) information between each other through hello messages. What is this mechanism called?
keepalive The correct answer is keepalive. EtherChannel is a technology that enables link aggregation. A link-state router uses the link-state information to create a topology map and to select the best path to all destination networks in the topology. Switches use a process called VLAN tagging, in which the sending switch adds another header to the frame before sending it over the trunk.
Which component is used to generate a signal for single-mode fiber connections?
laser transmitter The correct answer is laser transmitter. Single-mode fiber optics use a laser transmitter to transmit a single stream of light through the core. Multimode fiber optics use a LED diode to transmit multiple streams of light through the core, each on a different path. Cathodes and oscillators generate electrical signals, not optical signals.
When using a AAA server along with an access switch, which two features benefit from centralized authentication? (Choose two.)
management access network access The correct answers are management access and network access. By having a switch communicating to an authentication server, it is possible to authenticate a user's network access using 802.1X or other methods. It is also possible to authenticate administrative management sessions, such as SSH or HTTPs remote sessions.
Which type of cable is typically used to connect a core switch with a data center switch, where bandwidth higher than 40 Gbps and low cost are required?
multimode fiber
When an access point (AP) is operating in local mode, on which network device is wireless client traffic switched?
on a wireless access controller (WLC) The correct answer is on a wireless access controller (WLC). In local mode, the AP sends all the client traffic to the WLC. The network switch would switch the traffic between two stand-alone APs. The egress and ingress points have no influence on the switching decision.
What are two valid IPv6 address scopes for a unique local IPv6 address? (Choose two.)
organization-local site-local The correct answers are organization-local and site-local. Unique local IPv6 addresses are equivalents of private IPv4 addresses. They can be considered globally unique, because the probability of duplication is extremely low. Unique local IPv6 addresses are routable inside of a limited area, such as a site. Also, unique local IPv6 addresses may be routed between a limited set of sites (within an organization), but are not expected to be routable on the global internet.
Which Cisco DNA Center tool shows source IP addresses, destination IP addresses, source ports, and destination ports? inventory
path trace service
Which feature of PVST+ is not available in RSTP?
per-VLAN STP instance
When an enterprise has to comply with strict data security regulations, which cloud deployment model should they use for their services?
private
When a network handles Voice over IP (VoIP) packets differently than HTTP packets, which network feature is implemented?
quality of service
Which two types of cables can be used to connect to the console port of a Cisco router? (Choose two.)
rollover USB
Which Cisco IOS command displays the sequence numbers of the statements in the access list?
show ip access-lists
Which command would you use to verify the number of excluded addresses on a router configured as a DHCP server?
show ip dhcp pool The correct answer is show ip dhcp pool. To display a list of all IPv4 address-to-MAC bindings, you can use the show ip dhcp binding command. The show ip dhcp database command displays information about the DHCP server database agent, and the show ip dhcp conflict command displays the address conflicts found by a DHCP server when addresses are offered to the client.
Which command is used to verify a default gateway configuration on a Layer 2 switch? (
show running-config The correct answers is show running-config. The show interface description command displays the interface protocol status and the interface description. The show interface stats command displays interface statistics. The show management command displays the management applications.
A client issues a DNS request to its local DNS server. The local DNS server does not have the information required. Which entity will send a DNS response to the client?
the client's local DNS server
What are two field names corresponding to the IPv4 header field and the IPv6 header field that contain Differentiated Services Code Point (DSCP) markings? (Choose two.)
traffic class type of service (ToS)
