2158 Final

to secure administrative access to the router

A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command? to secure administrative access to the router to display all restricted traffic to secure management traffic into the router to remove all ACLs from the router

#page100

A user is reading a book from the website https://www.books-info.com/author1a/book2.html#page100 . Which part of the web link is called a fragment? https:// /author1a #page100 /book2.html

Ask the user to issue the ipconfig command.

A user reports that the workstation cannot connect to a networked printer in the office in order to print a report created with word processing software. Which troubleshooting action by the helpdesk technician would follow the divide-and-conquer approach? Ask the user to launch the web browser. Ask the user to save the working document. Ask the user to issue the ipconfig command. Ask the user to unplug and reattach the network cable.

8

If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it? 4 6 8 12 16

provides access to the rest of the network through switching, routing, and network access policies

What is a characteristic of the distribution layer in the three layer hierarchical model? acts as the backbone for the network, aggregating and distributing network traffic throughout the campus provides access to the rest of the network through switching, routing, and network access policies distributes access to end users represents the network edge

Cloud computing separates the application from the hardware whereas virtualization separates the OS from the underlying hardware.

What is a difference between the functions of Cloud computing and virtualization? Cloud computing utilizes data center technology whereas virtualization is not used in data centers. Cloud computing requires hypervisor technology whereas virtualization is a fault tolerance technology. Cloud computing separates the application from the hardware whereas virtualization separates the OS from the underlying hardware. Cloud computing provides services on web-based access whereas virtualization provides services on data access through virtualized Internet connections.

It can stop malicious packets.

What is a feature of an IPS? It can stop malicious packets. It has no impact on latency. It is deployed in offline mode. It is primarily focused on identifying possible incidents

traffic marking

What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy? traffic marking policing traffic shaping weighted random early detection (WRED) tail drop

double braces { }

When JSON data format is being used, what characters are used to hold objects? double braces { } double brackets [ ] double quotations " " double colons : :

every 30 minutes

When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers? every 5 minutes every 10 minutes every 30 minutes every 60 minutes

database description

Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? link-state update link-state request database description link-state acknowledgment

virus

Which type of security threat can be described as software that attaches itself to another program to execute a specific unwanted function? virus worm proxy Trojan horse denial of service Trojan horse

protocol analyzer

Which type of tool would an administrator use to capture packets that are going to and from a particular device? NMS tool knowledge base baselining tool protocol analyzer

to ensure that the device loads the startup configuration file during startup

Why would a network administrator use the config-register 0x2102 command on a Cisco network device? to ensure that the device loads the startup configuration file during startup to learn device names, IOS versions, and the number and type of interfaces of connected devices to back up the running configuration onto a USB drive to monitor and manage network performance, find and solve network problems, and plan for network growth

LLQ

Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent? CBWFQ FIFO LLQ FCFS

shaping

Which QoS technique retains excess packets in a separate queue for later transmission? classifying marking queuing shaping

Trap

Which SNMP message type informs the network management system (NMS) immediately of certain specified events? GET request SET request GET response Trap

clientless SSL

Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA? clientless SSL client-based SSL site-to-site using a preshared key site-to-site using an ACL

show ip ospf interface serial 0/0/0

Which command will a network engineer issue to verify the configured hello and dead timer intervals on a point-to-point WAN link between two routers that are running OSPFv2? show ip ospf neighbor show ip ospf interface serial 0/0/0 show ipv6 ospf interface serial 0/0/0 show ip ospf interface fastethernet 0/1

copy startup-config tftp

Which command will backup the configuration that is stored in NVRAM to a TFTP server? copy running-config tftp copy tftp running-config copy startup-config tftp copy tftp startup-config

0

Which number represents the most severe level of syslog logging? 0 1 7 10 100

building the topology table

Which step in the link-state routing process is described by a router building a link-state database based on received LSAs? building the topology table executing the SPF algorithm selecting the router ID declaring a neighbor to be inaccessible

mobile hotspot

Which technology provides laptops the ability to function on a cellular network? mobile hotspot Bluetooth infrared 802.11 Wi-Fi

R2# show ip nat statistics

A network administrator is troubleshooting the dynamic NAT that is configured on router R2. Which command can the administrator use to see the total number of active NAT translations and the number of addresses that are allocated from the NAT pool? R2# show ip nat statistics R2# show ip nat translations R2# show running-config R2# clear ip nat translation

The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.3.255

A network technician has used the access-llst 1 permit 172.16.0.0 0.0.0.255 command to configure NAT on an edge router to translate only four networks, 172.16.0.0 /24, 172.16.1.0 /24, 172.16.2.0 /24, and 172.16.3.0 /24. After receiving complaints about limited access to the Internet, issuing the show ip nat translations command reveals that some networks are missing from the output. Which change will resolve the problem? The access list should be replaced with access-list 1 permit 172.16.0.0 255.255.255.0. The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.1.255 . The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.0.255 The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.3.255

R1(config-line)# access-class 1 in

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? R1(config-if)# ip access-group 1 in R1(config-if)# ip access-group 1 out R1(config-line)# access-class 1 in R1(config-line)# access-class 1 out

1. Down 2. Initial 3. 2-way 4. Exstart 5. Exchange 6. Loading 7. Full

List all the OSPF states in order

The sequence of the ACEs is incorrect

Refer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure? The permit statement specifies an incorrect wildcard mask. The sequence of the ACEs is incorrect. The established keyword is not specified. The port number for the traffic has not been identified with the eq keyword.

Change the IP address on S0/0 of router R2 to 192.168.20.2.

Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers as shown. The routers are unable to form a neighbor adjacency. What should be done to fix the problem? Remove the FastEthernet0/0 passive interface configuration on router R1. Add the command network 192.168.20.1 0.0.0.0 area 0 on router R1. Add the command network 192.168.30.0 0.0.0.255 area 0 on router R1. Change the IP address on S0/0 of router R2 to 192.168.20.2.

ACL 10 is removed from the running configuration.

Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered? ACL 10 is disabled on Fa0/1. ACL 10 is removed from the running configuration. ACL 10 will be disabled and removed after R1 restarts. ACL 10 is removed from both the running configuration and the interface Fa0/1.

Router R4 will become the DR and router R1 will become the BDR.

Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR? Router R4 will become the DR and router R1 will become the BDR. Router R2 will become the DR and router R3 will become the BDR. Router R1 will become the DR and router R2 will become the BDR. Router R4 will become the DR and router R3 will become the BDR

209.165.200.225

Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1?

A. R1 Gi0/1.12 F. outbound

Refer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.) A. R1 Gi0/1.12 B. R1 S0/0/0 C. R2 S0/0/1 D. R2 Gi0/1.20 E. inbound F. outbound

c. access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any e. R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out

Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.) a. access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any b. access-list 105 permit tcp host 10.0.54.5 any eq www access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 c. access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any d. R2(config)# interface gi0/0 R2(config-if)# ip access-group 105 in e. R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out f. R1(config)# interface s0/0/0 R1(config-if)# ip access-group 105 out

Interface S0/0/0 should be configured with the command ip nat outside

Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1? R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11 . R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11 . Interface S0/0/0 should be configured with the command ip nat outside Interface Fa0/0 should be configured with the command no ip nat inside

65

Refer to the exhibit. What is the OSPF cost to reach the router A LAN 172.16.1.0/24 from B? 782 74 128 65

YAML

Refer to the exhibit. Which data format is used to represent the data for network automation applications? XML HTML YAML JSON

The serial interfaces are not in the same area.

Refer to the exhibit. Why are routers R1 and R2 not able to establish an OSPF adjacency?​ The router ID values are not the same in both routers. The serial interfaces are not in the same area. The process numbers are not the same in both routers. A backbone router cannot establish an adjacency with an ABR router.

2. to uniquely identify the router within the OSPF domain 4. to facilitate router participation in the election of the designated router

What are the two purposes of an OSPF router ID? (Choose two.) 1. to facilitate the establishment of network convergence 2. to uniquely identify the router within the OSPF domain 3. to facilitate the transition of the OSPF neighbor state to Full 4. to facilitate router participation in the election of the designated router 5. to enable the SPF algorithm to determine the lowest cost path to remote networks

The Cisco APICs and all other devices in the network physically attach to leaf switches

What defines a two-tier spine-leaf topology? The spine tier can be implemented with Cisco Nexus 9500 switches connected to each other and to the leaf switches. Everything is two hops from everything else. The APIC controller manipulates the data path directly. The Cisco APICs and all other devices in the network physically attach to leaf switches

It is a temporary mechanism to assist in the migration from IPv4 to IPv6.

What is correct in relation to NAT for IPv6? It is used to convert private IPv6 addresses to public IPv6 addresses.​ It is a temporary mechanism to assist in the migration from IPv4 to IPv6. NAT64 has been deprecated by IETF in favor of NAT-PT. Dual stack is an example of implementation of NAT for IPv6.

It appears as useful software but hides malicious code

What is the best description of Trojan horse malware? It is the most easily detected form of malware. It is malware that can only be distributed over the Internet. It is software that causes annoying but not fatal computer problems. It appears as useful software but hides malicious code

They streamline forwarding of IP packets in a multilayer switch by bypassing the CPU.

What is the function of ASICs in a multilayer switch? They provide power to devices such as IP phones and wireless access points through Ethernet ports. They streamline forwarding of IP packets in a multilayer switch by bypassing the CPU. They prevent Layer 2 loops by disabling redundant links between switches. They aggregate multiple physical switch ports into a single logical port.

the number of available ports on a switch

What is the port density of a switch? the bandwidth of a port the throughput of a port the number of available ports on a switch the combined bandwidth of all ports on a switch

A worm can execute independently of the host system.

What is the significant characteristic of worm malware? Worm malware disguises itself as legitimate software. A worm can execute independently of the host system. A worm must be triggered by an event on the host system. Once installed on a host system, a worm does not replicate itself.

Internal hosts send normal, unencapsulated packets.

Which statement describes a feature of site-to-site VPNs? The VPN connection is not statically defined. VPN client software is installed on each host. Internal hosts send normal, unencapsulated packets. Individual hosts can enable and disable the VPN connection.

3. Filter unwanted traffic before it travels onto a low-bandwidth link. 4. Place extended ACLs close to the source IP address of the traffic. 5. Place standard ACLs close to the destination IP address of the traffic.

Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.) 1. Place standard ACLs close to the source IP address of the traffic. 2. Place extended ACLs close to the destination IP address of the traffic. 3. Filter unwanted traffic before it travels onto a low-bandwidth link. 4. Place extended ACLs close to the source IP address of the traffic. 5. Place standard ACLs close to the destination IP address of the traffic. 6. For every inbound ACL placed on an interface, there should be a matching outbound ACL.

type of traffic amount of traffic security needs

Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.) - type of traffic - amount of traffic - cost of the link - security needs - distance between sites - reliability

Layer 2 Layer 3

Which two layers of the OSI model are associated with SDN network control plane functions that make forwarding decisions? (Choose two.)​ Layer 1 Layer 2 Layer 3 Layer 4 Layer 5

installing duplicate equipment to provide failover services using redundant connections to provide alternate physical paths

Which two methods help to prevent the disruption of network services? (Choose two.) using VLANs to segment network traffic changing the routing protocols at regular intervals installing duplicate equipment to provide failover services using redundant connections to provide alternate physical paths removing switches which cause loops

Client software is usually required to be able to access the network. Remote access VPNs support the needs of telecommuters and mobile users

Which two statements describe remote access VPNs? (Choose two.) Remote access VPNs are used to connect entire networks, such as a branch office to headquarters. End users are not aware that VPNs exists. A leased line is required to implement remote access VPNs. Client software is usually required to be able to access the network. Remote access VPNs support the needs of telecommuters and mobile users

clientless SSL VPN client-based IPsec VPN

Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.) IPsec VPN clientless SSL VPN GRE over IPsec VPN client-based IPsec VPN IPsec Virtual Tunnel Interface VPN

Broadband Modem CSU/DSU​

Which two types of devices are specific to WAN environments and are not found on a LAN? (Choose two.) - access layer switch - broadband modem - core switch - CSU/DSU​ - distribution layer router

type 2

Which type of Hypervisor is implemented when a user with a laptop running the Mac OS installs a Windows virtual OS instance? virtual machine bare metal type 1 type 2

static

Which type of NAT maps a single inside local address to a single inside global address? dynamic static port address translation overloading