CCNA Practice Exam
Which three statements about IPv4 addresses are true? (Choose three.) 8.0.0.0 is a public address. 10.8.0.0 is a private address. 127.0.0.1 is a reserved address. 172.30.0.0 is a public address. 192.170.0.0 is a private address.
8.0.0.0 is a public address. 10.8.0.0 is a private address. 127.0.0.1 is a reserved address. - 192.170.0.0 is a public IPv4 address, and 172.30.0.0 is a private IPv4 address.
Which three Wi-Fi standards support the 5 GHz spectrum? (Choose three.) 802.11a 802.11ac 802.11b 802.11g 802.11n
802.11a 802.11ac 802.11n
How many bits does the subnet mask consist of? 16 24 32 48
32 - The subnet mask consists of 32 bits, just as the address does. It uses ones and zeros to indicate which bits of the address are network and subnet bits, and which bits are host bits.
Which number represents the default encryption type of the protected password used to restrict access to the privileged EXEC mode? 4 5 8 9
4
From PC1, connect to SW2 using Telnet and verify the console line configuration. How long can a user be inactive while still connected to the console of SW2? 60 minutes and 7 seconds 60 minutes within 7 days 67 minutes 67 seconds
60 minutes and 7 seconds
How many static routing entries did you have to add to the IPv4 routing table on R3? 1 2 3 6
1
Which three IPv4 addresses are private? (Choose three.) 10.255.255.254 172.31.255.254 172.32.255.254 192.168.1.100 192.169.1.100
10.255.255.254 172.31.255.254 192.168.1.100 - These ranges of IP addresses are private: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. Addresses in these ranges are not routed on the internet backbone.
What is the administrative distance of OSPF? 90 110 170 200
110 - Internal EIGRP routes have the administrative distance value of 90, external EIGRP routes have 170 and internal BGP routes have an administrative distance of 200.
A client issues a DNS request to its local DNS server. The local DNS server does not have the information required. Which entity will send a DNS response to the client? the authoritative DNS server for the top-level domain the authoritative top-level domain and subdomain DNS servers the client's local DNS server the Internet Service Provider's DNS server
the client's local DNS server - When the local DNS server cannot find the queried domain in its database, which indicates that the local server is not authoritative for this domain, it will query the authoritative root DNS server for the top-level (root) domain. The root DNS server directs the query to the DNS server for the first subdomain of the queried domain name. The query directing process continues until the local server reaches the authoritative subdomain DNS server. The authoritative subdomain DNS server resolves the initially queried domain name and replies to the local DNS server. This is how the local DNS server gets the resolved IP address. It is then the local DNS who sends the response to the client.
What is the role of a router? to connect departmental devices to connect network segments to provide wireless network access to secure the edge network
to connect network segments
What is the purpose of a Layer 3 switch? to route traffic between company VLANs to route traffic between the company network and the internet to route traffic between multiple geographical locations to route traffic between different protocol networks
to route traffic between company VLANs - Routers route traffic between the company network and the internet, as well as between different geographical networks. Multiprotocol routers provide routing between different networks with different protocols.
What are two field names corresponding to the IPv4 header field and the IPv6 header field that contain Differentiated Services Code Point (DSCP) markings? (Choose two.) flow control flow label IP precedence offset traffic class type of service (ToS)
traffic class type of service (ToS) - In the original RFC definitions of the ToS field, IP precedence was a 3-bit sub-field. The initial definition of the ToS field has been changed to include the flow control field. The offset field is the IPv4 header field used when packets are fragmented. The flow label IPv6 header field can be used to label a set of packets belonging to the same flow and does not contain DSCP markings.
What are two examples of full hypervisors? (Choose two.) Docker DOSBox Kubernetes type-1 type-2
type-1 type-2 - The type-1 hypervisor is also called the bare metal hypervisor, and is installed directly on hardware. The type-2 hypervisor is installed inside an OS, such as Linux or Windows. Docker and Kubernetes are container software packages that don't include any virtualization. DOSBox is an emulator program which emulates an IBM PC running the DOS operational system.
Perform the following tasks: Examine the current NTP and time zone configuration on the devices. Configure R1 as the NTP master with stratum = 1. Configure R2 and SW to synchronize time directly with R1. What is the maximum stratum level that you can configure on a Cisco device?
15
On PC1, which address did you configure as the default gateway? 172.16.31.7 172.16.31.8 172.16.31.14 172.16.31.15
172.16.31.14 -
From the assigned address space, allocate the second available VLSM segment to segment B so that it can accommodate five end devices. Note that the first available segment was already used for segment A (172.16.31.0/29). On R2, configure the Ethernet0/1 interface with the last available IPv4 address in the chosen segment. On PC1, configure the Ethernet0/0 interface with the first available IPv4 address in the chosen segment. On PC1, configure the default gateway. Continue with VLSM subnetting and allocate the next available VLSM segment to segment C. Choose the subnet size so that it exactly meets addressing requirements as represented by the topology. On R1, configure Ethernet0/2 interface with the first available IPv4 address from the chosen VLSM segment. On R4, configure Ethernet0/0 interface on R4 with the last available IPv4 address from the chosen VLSM segment. On PC1, which address did you configure as the default gateway? 172.16.31.7 172.16.31.8 172.16.31.14 172.16.31.15
172.16.31.14 - 172.16.31.7 is the broadcast address of the segment A network. 172.16.31.8 is the IPv4 address of the segment B network and 172.16.31.15 is the broadcast address of that network.
What is the broadcast address of segment B? 172.16.31.7 172.16.31.8 172.16.31.15 172.16.31.16
172.16.31.15 -
From the assigned address space, allocate the second available VLSM segment to segment B so that it can accommodate five end devices. Note that the first available segment was already used for segment A (172.16.31.0/29). On R2, configure the Ethernet0/1 interface with the last available IPv4 address in the chosen segment. On PC1, configure the Ethernet0/0 interface with the first available IPv4 address in the chosen segment. On PC1, configure the default gateway. Continue with VLSM subnetting and allocate the next available VLSM segment to segment C. Choose the subnet size so that it exactly meets addressing requirements as represented by the topology. On R1, configure Ethernet0/2 interface with the first available IPv4 address from the chosen VLSM segment. On R4, configure Ethernet0/0 interface on R4 with the last available IPv4 address from the chosen VLSM segment. What is the broadcast address of segment B? 172.16.31.7 172.16.31.8 172.16.31.15 172.16.31.16
172.16.31.15 - 172.16.31.7 is the broadcast address of the segment A network, 172.16.31.8 is the IPv4 address of the segment B network, and 172.16.31.16 is the IPv4 address of the segment C network.
What is the IP address of the R2 interface connecting to R1? 10.10.1.3 192.168.3.1 192.168.3.2 192.168.3.3
192.168.3.2 - By issuing the show cdp neighbors detail command on R1, you are able to get the IPv4 address of R2's interface connecting to R1.
Perform the following tasks: Examine the current NTP and time zone configuration on the devices. Configure R1 as the NTP master with stratum = 1. Configure R2 and SW to synchronize time directly with R1. On the SW switch, display the established NTP associations. What is the value displayed in the address column? *~198.51.100.2 *198.51.100.2 ~198.51.100.2 198.51.100.2
198.51.100.2 - An asterisk (*) next to a configured peer represents that the device is synced to this peer and using it as the master clock. A tilde (~) next to a configured peer represents that this is a configured master server.
What is the network ID of the IPv6 address 2001:db8:deca:abce:45eb:27ff:feba:fa38/48? 2001:: 2001:db8:: 2001:db8:deca:: 2001:db8:deca:abce::
2001:db8:deca:: - Each hexadecimal character represents 4 binary bits. The first 12 characters correspond to 48 bits. 2001:db8:deca:abce:: would have the /64 prefix, 2001:db8:: would have the /32 prefix, and 2001: would have the /16 prefix.
Which is the correct subnet mask for a host route? 0.0.0.0 255.254.0.0 255.255.255.254 255.255.255.255
255.255.255.255 - The host route is a static route for a single host. A single host is specified by the subnet mask of 255.255.255.255. The host route has all the bits in the network mask set to 1, for IPv4 this can be 192.168.1.1/32, and for IPv6 it could be ::1/128.
From the assigned address space, allocate the second available VLSM segment to segment B so that it can accommodate five end devices. Note that the first available segment was already used for segment A (172.16.31.0/29). On R2, configure the Ethernet0/1 interface with the last available IPv4 address in the chosen segment. On PC1, configure the Ethernet0/0 interface with the first available IPv4 address in the chosen segment. On PC1, configure the default gateway. Continue with VLSM subnetting and allocate the next available VLSM segment to segment C. Choose the subnet size so that it exactly meets addressing requirements as represented by the topology. On R1, configure Ethernet0/2 interface with the first available IPv4 address from the chosen VLSM segment. On R4, configure Ethernet0/0 interface on R4 with the last available IPv4 address from the chosen VLSM segment. How many end devices can be addressed in segment D? 6 14 30 62
30 - Segment D has a network prefix of /27, which means that there are 32 possible addresses to be assigned, one of which is reserved for the network address and one for the broadcast address. That leaves 30 IPv4 addresses that can be assigned to end devices.
How many end devices can be addressed in segment D prefix/27? The correct answer is 30. Segment D has a network prefix of /27, which means that there are 32 possible addresses to be assigned, one of which is reserved for the network address and one for the broadcast address. That leaves 30 IPv4 addresses that can be assigned to end devices. 6 14 30 62
30 - Segment D has a network prefix of /27, which means that there are 32 possible addresses to be assigned, one of which is reserved for the network address and one for the broadcast address. That leaves 30 IPv4 addresses that can be assigned to end devices.
What is the default aging timer value on Cisco switches? 180 seconds 240 seconds 300 seconds 360 seconds
300 seconds
Refer to the exhibit. In an 802.1X implementation, what are the roles of the devices shown? A: authenticator, B: supplicant, C: authentication server A: client device, B: supplicant, C: authentication server A: supplicant, B: authenticator, C: authentication server A: supplicant, B: client device, C: authentication server
A: client device, B: supplicant, C: authentication server - A supplicant is a workstation with 802.1X-compliant client software. An authenticator acts as a proxy between the supplicant and an authentication server. An authentication server authenticates supplicants connecting to a switch port.
An enterprise wants to provide a global service that would be provided from an enterprise resource nearest to the user. For which three reasons does the enterprise choose to assign anycast IPv6 addresses to the relevant devices? (Choose three.) Because all the devices configured with the IPv6 anycast address would be aware of the user session. Because IPv6 anycast addresses are globally routable. Because routing of IPv6 anycast addresses is more secure than routing other IPv6 address types. Because routing tables will point to the nearest resource configured with the IPv6 anycast address. Because using IPv6 anycast addresses provides automatic failover.
Because IPv6 anycast addresses are globally routable. Because routing tables will point to the nearest resource configured with the IPv6 anycast address. Because using IPv6 anycast addresses provides automatic failover. - The nearest resource provides a service to the user; other resources, which are equally capable of providing the service, are not involved. Routing information exchange is no more or less secure for anycast IPv6 addresses than it is for other IPv6 address types.
When determining the OSPF router ID, what is the last action that the router will perform? Choosing the highest IPv4 address on a loopback interface. Choosing the highest IPv4 address on an active interface. Choosing the lowest IPv4 address on a loopback interface. Choosing the lowest IPv4 address on an active interface.
Choosing the highest IPv4 address on an active interface. - The router will set the OSPF router ID to the manually configured value. If the OSPF router ID is not configured, then the router will use the highest IPv4 address on a loopback interface for the OSPF router ID. When neither the manual nor loopback-based router ID is determined, the last action the router performs is to use the highest IPv4 address of an active interface.
On R1, at the command prompt, issue the exit command as many times as necessary until you get the "Press RETURN to get started" prompt. Which password do you have to type to access the USER exec mode? Cisco123! Cisco333! CiscoR1! password is not required
Cisco333! - When accessing the USER exec mode, the system will prompt you for a password. You must enter the password configured for the console line.
Which two statements about the Dynamic Multipoint Virtual Private Network (DMVPN) are true? (Choose two.) DMVPN creates hub-to-spoke tunnels. DMVPN creates spoke-to-spoke tunnels. DMVPN is used for connection between an enterprise and a provider. DMVPN is used for connection between enterprises. DMVPN is used within a branch network.
DMVPN creates hub-to-spoke tunnels. DMVPN creates spoke-to-spoke tunnels. - After building the hub-and-spoke VPNs, the spokes can establish direct spoke-to-spoke tunnels, based on the information they obtain from the hub.
A company needs to implement a secure VPN solution using IPsec. Which protocol and encryption algorithm should be used to guarantee VPN confidentiality? AH protocol with the AES encryption algorithm AH protocol with the SHA-2 encryption algorithm both ESP and AH protocols with the RSA encryption algorithm ESP protocol with the 3DES encryption algorithm ESP protocol with the Diffie-Hellman Group 7 encryption algorithm
ESP protocol with the 3DES encryption algorithm - Of the two IPsec tunnel protocols, only the Encapsulating Security Payload (ESP) supports confidentiality. 3DES and AES are symmetric encryption algorithms, and both can be used in IPsec VPNs. SHA-2 is a hash function, RSA is a public-key cryptosystem, and Diffie-Hellman is a key exchange algorithm.
What are two characteristics of a pre-shared key wireless implementation? (Choose two.) Access control is centralized. An authentication server is required. Encryption uses an optional Advanced Encryption Standard (AES). Encryption uses the Temporal Key Integrity Protocol (TKIP). The authentication key is rotated automatically.
Encryption uses an optional Advanced Encryption Standard (AES). Encryption uses the Temporal Key Integrity Protocol (TKIP). - TKIP uses a suite of algorithms surrounding Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) to enhance its security. AES allows for longer keys and is used for most WLAN security solutions. TKIP and AES are both used in the Personal mode of wireless protected access.
Which two of the following protocols does the distribution layer use to provide default gateway redundancy? (Choose two.) Device Control Protocol (DCP) Distributed Network Protocol (DNP3) Dynamic Source Routing Protocol (DSR) First Hop Redundancy Protocol (FHRP) Hot Standby Router Protocol (HSRP)
First Hop Redundancy Protocol (FHRP) Hot Standby Router Protocol (HSRP) - FHRP and HSRP are designated to allow two or more routers to take the role of the default gateway in the network. DCP is designed for integration, monitoring and controlling of devices in the network. DSR is a routing protocol for wireless mesh networks. DNP3 is a set of open source protocols, developed for communication mainly in equipment used by utilities such as electric and water companies.
Which two parameters can be used for metric calculations? (Choose two.) IP Address Hop count Link Up/Downtime Bandwidth Default Route Local Routes
Hop count Bandwidth - The metric calculation is a critical component of any routing protocol. The routing protocol uses multiple factors to calculate the metric for a path, such as Hop Count, Bandwidth, Delay, and Cost.
Which three device types can benefit from Power over Ethernet (PoE) connectivity? (Choose three.) access switches computers IP cameras VoIP phones wireless access points
IP cameras VoIP phones wireless access points - PoE is typically used to provide both connectivity and power to devices installed at locations where power is not readily available.
Which three SNMP messages are sent from an SNMP agent to an SNMP manager? (Choose three.) GetRequest GetNextRequest InformRequest Response SetRequest Trap
InformRequest Response Trap - GetRequest, GetNextRequest and SetRequest are SNMP messages that an SNMP manager sends to an SNMP agent.
When creating and maintaining the MAC address table, which two activities does a switch perform? (Choose two.) It adds the destination MAC address in the frame and the incoming port number. It adds the destination MAC address in the frame and the outgoing port number. It adds the source MAC address in the frame and the incoming port number. It resets the aging timer of all the entries related to the incoming port. It resets the aging time of the MAC table entry for the source MAC address.
It adds the source MAC address in the frame and the incoming port number. It resets the aging time of the MAC table entry for the source MAC address. - A switch uses the destination MAC address to decide whether to forward or flood a frame. The destination MAC address is not stored in the MAC address table. The aging timer is reset for the source MAC address entry each time the switch receives a frame from that source MAC address.
What are two characteristics of an anycast IPv6 address? (Choose two.)
It can be assigned to multiple nodes. It is assigned from the unicast IPv6 address space. - Anycast IPv6 addresses are syntactically indistinguishable from unicast IPv6 addresses, and they do not have a dedicated prefix assigned. Anycast IPv6 addresses cannot be used by hosts, and they must not be used as the source address of an IPv6 packet.
A device has been assigned an IPv6 address through the Stateless Address Autoconfiguration (SLAAC) process. Which three statements about SLAAC are correct? (Choose three.) It generates link-local addresses. It generates global unicast IPv6 addresses. It must be used in combination with a DHCPv6 server. It relies on ICMPv6 router advertisements. It requires a device to use the EUI-64 format in the process. It relies on a DHCPv6 server for duplicate address detection (DAD).
It generates link-local addresses. It generates global unicast IPv6 addresses. It relies on ICMPv6 router advertisements. - SLAAC is an autoconfiguration mechanism that automatically configures the IPv6 address of a device. The device picks its own address based on the network prefix being advertised by the router on their connected interface. As defined in RFC 4862, the autoconfiguration process includes generating a link-local address, generating global addresses through SLAAC, and the duplicate address detection procedure to verify the uniqueness of the addresses on a link. Some devices may choose to use EUI-64 or a randomized value for the interface ID.
Which statement regarding a small office/home office (SOHO) of a remote worker is correct? It is a LAN that includes both wireless and wired network devices. It must be permanently connected to the main office. It must follow the three-tier architecture model. It typically uses dark fiber to connect to the main office.
It is a LAN that includes both wireless and wired network devices. - The SOHO connectivity to other enterprise network segments can be established when required. To connect to other segments, SOHO networks usually use public internet, which they access via broadband connection. Since SOHO networks are typically small and consist of only a small number of devices, such as a computer and a printer, they do not need to follow the three-tier architecture model to ensure network operation.
Which three characteristics differentiate Ansible from other automation tools? (Choose three.) It is agent-based. It is agentless. It is written in Python. It is written in Ruby. It uses YAML definitions.
It is agentless. It is written in Python. It uses YAML definitions. - Ansible is an agentless automation tool, so it does not require any application to be installed in the target system. Ansible is written in Python and uses YAML files to define the configuration, as well as the automation steps.
Which three statements are correct about the JSON data format? (Choose three.) Empty values cannot be used in the JSON data format. JSON arrays separate elements using a semicolon. JSON can be used when data is sent from a server to a web page. JSON does not support comments. JSON is a hierarchical data format.
JSON can be used when data is sent from a server to a web page. JSON does not support comments. JSON is a hierarchical data format. - Arrays use a curly bracket notation with comma-separated elements (example: {"firstName":"John", "lastName":"Doe"}, {"firstName":"Anna", "lastName":"Smith"}). Empty values can be used in the JSON data format by using the word "null." Previous
From PC2, connect to SW2 using Telnet. Examine the running configuration. Which time zone is set? CET LJUB MDT PST
LJUB - When you issue the show running-config command, the outup displays the clock timezone LJUB 8 0. You can obtain the same information using the show clock command.
After the Cisco IOS Software image is loaded and started, from which three components can the device load its configuration? (Choose three.) DHCP server DNS server RAM NVRAM SCP server TFTP server
NVRAM SCP server TFTP server - If there is an existing saved configuration file (startup-config) in NVRAM, it is executed. If the startup configuration file does not exist in NVRAM, the router may search for a network file server (TFTP, SCP, and so on). RAM stores the current configuration after it is loaded. A DHCP server can provide the URL of the configuration file, where the file can then be loaded from. DNS servers are not used for file transfers.
In the topology you discovered in this exercise, can R1 obtain information about SW1 using CDP? No, because R1 and SW1 are not directly connected. No, because STP is blocking the connection between R1 and SW1. Yes, because R1 and SW1 are directly connected. Yes, because R1 and SW1 both have CDP enabled.
No, because R1 and SW1 are not directly connected. -
Trace the path that IPv4 packets take from PC1 to SRV1. What is the hop sequence that the packets follow? PC1 > R1 > R2 > R3 > SRV1 PC1 > R1 > R2 > R3 > SW3 > SRV1 PC1 > R1 > R3 > SW2 > SRV1 PC1 > SW1 > R1 > R2 > R3 > SRV1
PC1 > R1 > R2 > R3 > SRV1
Trace the path that IPv4 packets take from PC1 to SRV1. What is the hop sequence that the packets follow? PC1 > R1 > R2 > R3 > SRV1 PC1 > R1 > R2 > R3 > SW3 > SRV1 PC1 > R1 > R3 > SW2 > SRV1 PC1 > SW1 > R1 > R2 > R3 > SRV1
PC1 > R1 > R2 > R3 > SRV1 - SW1 and SW3 do not participate in Layer 3 processing of either ICMP or UDP messages that are generated by the traceroute tool. Therefore, switches do not respond with ICMP replies. If the static routing was correctly configured as instructed, the traceroute traffic should flow from PC1 through R1 to R2, and terminate at SRV1.
Refer to the exhibit. PC_A wants to communicate with PC_B, which resides on a different network. The hosts are connected via a router that acts as the default gateway for both. The ARP tables on all three devices are empty. When PC_A sends the first frame, which two things happen in the process? (Choose two.) PC_A broadcasts the frame intended for PC_B. PC_A sends a broadcast ARP request looking for the MAC address of the router. The router adds an IPv4 address to the MAC address's mapping for PC_A to its ARP table. The router drops the packet after checking for the mapping of PC_B's IP address. The router receives a frame with its own MAC and mismatched IP address, and drops it.
PC_A sends a broadcast ARP request looking for the MAC address of the router. The router adds an IPv4 address to the MAC address's mapping for PC_A to its ARP table. - Since PC_A does not have a destination MAC address for the IP address of host B, it first acquires this information using ARP. The ARP request is broadcast, and the router and all other devices on the same network segment receive the ARP request. Only the router responds to it with its own MAC address.
On R4, issue the ping command sourced from the address allocated to the interface E0/0 and test connectivity to the internet test address. What is the resulting output? Ping is not successful because an ACL is blocking traffic. Ping is not successful because IP routing is not enabled on R4. Ping is partially successful (30%). Ping is successful (80-100%).
Ping is successful (80-100%) .- The correct answer is Ping is successful (80-100%). If everything was correctly configured in the lab, then the ping to the internet test address should be successful.
From the assigned address space, allocate the second available VLSM segment to segment B so that it can accommodate five end devices. Note that the first available segment was already used for segment A (172.16.31.0/29). On R2, configure the Ethernet0/1 interface with the last available IPv4 address in the chosen segment. On PC1, configure the Ethernet0/0 interface with the first available IPv4 address in the chosen segment. On PC1, configure the default gateway. Continue with VLSM subnetting and allocate the next available VLSM segment to segment C. Choose the subnet size so that it exactly meets addressing requirements as represented by the topology. On R1, configure Ethernet0/2 interface with the first available IPv4 address from the chosen VLSM segment. On R4, configure Ethernet0/0 interface on R4 with the last available IPv4 address from the chosen VLSM segment. On R4, issue the ping command sourced from the address allocated to the interface E0/0 and test connectivity to the internet test address. What is the resulting output? Ping is not successful because an ACL is blocking traffic. Ping is not successful because IP routing is not enabled on R4. Ping is partially successful (30%). Ping is successful (80-100%).
Ping is successful (80-100%). - If everything was correctly configured in the lab, then the ping to the internet test address should be successful.
Which command would you use to configure a router ID on a Cisco router? R1 (config-router)# ip router-id ip-address R1 (config-router)# router-id ip-address R1 (config)# ip router-id ip-address R1 (config)# router-id ip-address
R1 (config-router)# router-id ip-address - For the network device administrator to configure a router ID on a router, the router-id ip-address command is used. The ip router-id ip-address, ip router-id ip-address, and router-id ip-address commands do not configure router IDs.
What are two differences between the RADIUS and TACACS+ protocols? (Choose two.) RADIUS combines authentication and authorization, while TACACS+ implements two separate processes. RADIUS encrypts the entire payload, while TACACS+ encrypts only the password. RADIUS is a TCP-based protocol, while TACACS+ is a UDP-based protocol. RADIUS is a UDP based protocol. TACACS+ is a TCP based protocol. RADIUS supports bidirectional authentication, while TACACS+ supports only unidirectional authentication.
RADIUS combines authentication and authorization, while TACACS+ implements two separate processes. RADIUS is a UDP based protocol. TACACS+ is a TCP based protocol. - RADIUS is an open standard that combines authentication and authorization services into a single process. TACACS+ is a Cisco proprietary security mechanism that can be used only for authorization and accounting while using another method of authentication. TACACS+ uses the Transmission Control Protocol (TCP) for all three services.
Two routers, A and B, are part of the Hot Standby Router Protocol (HSRP) standby group. There was no priority configured, and router A with the highest IP address for this HSRP group. Which statement is correct? Router A will be in the ACTIVE state and router B will be in the ACTIVE state. Router A will be in the ACTIVE state and router B will be in the STANDBY state. Router A will be in the LISTEN state and router B will be in the STANDBY state Router A will be in the STANDBY state and router B will be in the STANDBY state.
Router A will be in the ACTIVE state and router B will be in the STANDBY state. - In normal operation, one router is always active and the other on standby, waiting to take over if the active router fails.
What are the ports that interconnect switches SW1 and SW2? SW1 Ethernet0/0 and SW2 Ethernet0/0 SW1 Ethernet0/0 and SW2 Ethernet0/1 SW1 Ethernet0/1 and SW2 Ethernet0/0 SW1 Ethernet0/1 and SW2 Ethernet0/1
SW1 Ethernet0/0 and SW2 Ethernet0/0 -
Refer to the exhibit. You must ensure full connectivity in the network. When configuring trunking on SW3, which configuration would you use?
SW3(config)# interface range GigabitEthernet0/1-2 SW3(config-if-range)# switchport mode trunk SW3(config-if-range)# switchport trunk allowed vlan 10,20,30 SW3(config-if-range)# switchport trunk native vlan 39 SW3(config-if-range)# end SW3# configure terminal SW3(config)# vlan 10,20,30 SW3(config-vlan)# end
Which flag is set in the first TCP packet sent by a device initiating a communication? ACK FIN PSH RST SYN
SYN - ACK is the acknowledgment flag, used to confirm the reception of the sent bytes. The FIN flag identifies the last packet received from the sender. The RST flag is used to reset the connection, and the PSH flag is used when buffered data must be sent to the receiving application without waiting.
Which two statements describe examples of social engineering attacks? (Choose two.) Cracking a user password using personal data related to the victim. Defacing a website and explaining the political ideology behind the attack. Delivering a DoS attack from a server trusted by all company users. Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine.
Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine. - Social engineering is the process of manipulating people in order to capitalize on expected behaviors. Social engineering often involves utilizing social skills, relationships, or understanding of cultural norms to manipulate people inside a network to provide the information that is needed to access the network. Sending a USB with the right magazine or sending an email from a known address are methods of manipulating people. DoS attacks, password cracking, and website defacing are not based on manipulation, even if the information is related to specific users.
Which command is used to set 192.168.1.1 as the default gateway on a Layer 2 switch? Switch(config)# ip default-gateway 192.168.1.1 Switch(config)# ip default-network 192.168.1.1 Switch(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1 Switch(config)# ip route 0.0.0.0 0.0.0.0 DHCP 1
Switch(config)# ip default-gateway 192.168.1.1 - This command sets a default gateway for devices that do not support IP routing. The ip default-network command sets a classful default route. The ip route 0.0.0.0 0.0.0.0 192.168.1.1 command sets the default route via the forwarding router IP address. The DHCP keyword instructs the switch to get the forwarding router IP address from the DHCP.
Examine the configurations of the devices in segment A. Which two address configuration mistakes were made? (Choose two.) The IPv4 address was incorrect on R1. The IPv4 address was incorrect on R2. The IPv4 address was incorrect on R3. The subnet mask was incorrect on R1. The subnet mask was incorrect on R3.
The IPv4 address was incorrect on R1. The subnet mask was incorrect on R3. - The R1 router had an IP address of 172.16.31.9 set, which is not part of the first VLSM network (172.16.31.0/29). The subnet mask on R3 was 255.255.255.240, which sets a bigger network (14 hosts) than is necessary.
Perform the following tasks: Examine the current NTP and time zone configuration on the devices. Configure R1 as the NTP master with stratum = 1. Configure R2 and SW to synchronize time directly with R1. After configuring R2 and SW to synchronize their clocks directly to R1, what are the stratum levels of R2 and SW? The R2 stratum level is 1 and the SW stratum level is 1. The R2 stratum level is 2 and the SW stratum level is 2. The R2 stratum level is 2 and the SW stratum level is 3. The R2 stratum level is 3 and the SW stratum level is 3.
The R2 stratum level is 2 and the SW stratum level is 2.
A device running a Windows OS has the IP address 169.254.254.254. Which of the following statements is true? The address is automatically configured by the device itself. The device is reachable via the internet. The IP address is used to communicate with the default gateway. The IP address is a loopback address.
The address is automatically configured by the device itself. - The address space 169.254.0.0/16 is reserved for link-local IPv4 addresses. An end-device that supports IPv4 link-local addresses self-assigns an IPv4 address from the 169.254.0.0/16 range, when the address is not specified otherwise. The link-local IPv4 address can be used only for local network connectivity and will not be routed.
%Error opening tftp://255.255.255.255/network-confg (Timed out) %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out) What can you conclude based on the messages? The router will attempt to load the configuration from the NVRAM. The router configuration will be loaded from the TFTP server. The TFTP server URL is incorrect. The configuration file is not found on the TFTP server.
The configuration file is not found on the TFTP server. - By default, the router first attempts to load the startup configuration from the NVRAM. If the startup configuration file does not exist in NVRAM, the router searches for a TFTP server. If the router detects that it has an active link, it sends a broadcast searching for a configuration file across the active link. No specific TFTP URL is used. If the router does not find the configuration source, it will display the error console messages.
Which two symptoms are characteristic of a duplex mismatch? (Choose two.) The full-duplex side of the link will experience increased collision rates. The half-duplex side of the link will experience increased collision rates. TCP data transfer will perform better than UDP data transfer. The connection will not be operational. The full-duplex side of the link will have a large number of CRC errors.
The half-duplex side of the link will experience increased collision rates. The full-duplex side of the link will have a large number of CRC errors. - The full-duplex side of the link does not detect any collisions, since Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is disabled on the full-duplex side of the link. The connections with a duplex mismatch are typically operational, but they operate poorly. When used to send a larger amount of data, the TCP data transfer would provoke collisions and trigger TCP retransmissions, which slows down the transfer.
You are tasked with installing and configuring a new PoE-supported IP camera with a power consumption of 20 W. After connecting it to a PoE-enabled switch, the camera does not turn on. What is the likely cause of the problem? The cable connecting the switch and the camera is too long. The camera requires additional configuration to work with PoE. The switch does not support the PoE Plus standard. The switch requires additional configuration to enable PoE on the interface.
The switch does not support the PoE Plus standard. - The switch does not support the PoE Plus standard. Normal PoE can only provide up to 15.4 W of power, while PoE Plus provides up to 30 W. Devices that support PoE do not need to be configured to use it, as they will power on when connected to the Ethernet. PoE is enabled on all ports. Supplied PoE power decreases with range, but the drop is minimal.
Which two characteristics apply to small office/home office (SOHO) routers? (Choose two.) They are more expensive than enterprise routers. They are more reliable than enterprise routers. They have a web-based administration interface. They have integrated security functionality. They perform intensive routing tasks.
They have a web-based administration interface. They have integrated security functionality. - SOHO routers usually route between a small number of subnets, thereby freeing resources to perform other networking tasks. SOHO routers integrate functionalities provided by other networking devices, such as switches, firewalls and DNS servers. Enterprise-grade routers are designed for very high reliability and are more reliable than SOHO routers.
What is a way of mitigating social engineering attacks? Avoiding making copies of files on external memory devices. Avoiding using personal data to create a password. Assigning administration privileges only to people with technical knowledge. Training users about correct security behaviors.
Training users about correct security behaviors. - Social engineering attacks are based on manipulating people. The usual goal of these attacks is to trick a user into launching malware or sharing certain information. The most important aspect of mitigating social engineering attacks is to make users aware of the existence of such attacks and advise them regarding appropriate behavior in case of anomalous requests.
In order to allow SNMP traffic to flow throughout the network, which two communication scenarios must be allowed? (Choose two.) TCP to port 161 TCP to port 162 UDP and TCP to port 161 UDP and TCP to port 162 UDP to port 161 UDP to port 162
UDP to port 161 UDP to port 162 - SNMP uses the UDP transport mechanism to retrieve and send management information. The SNMP manager polls the SNMP agents and queries the MIB via SNMP agents on UDP port 161. The SNMP agent can also send triggered messages called traps to the SNMP manager, on UDP port 162.
Which fields does the 802.1Q header add to an Ethernet frame? CRC EtherType preamble VLAN ID
VLAN ID - The 802.1Q header is a tag which includes VLAN ID. This header does not include CRC, EtherType or preamble.
In a wireless IEEE 802.11 implementation, what is the most secure option to protect user traffic? WEP WPA WPA2 WPA3
WPA3 - Wi-Fi Protected Access 3 (WPA3) is a replacement of WPA2 and is the next generation of wireless security standards that provides more resiliency to network attacks.
Refer to the exhibit. PC1 does not have a default gateway configured. The R1 router has a proxy ARP feature enabled on all its Ethernet interfaces. When PC1 sends a frame to the File Server, what is the destination MAC address in the outgoing frame? aa:aa:aa:11:11:11 - R1 interface to PC1 aa:aa:aa:22:22:22 bb:bb:bb:11:11:11 bb:bb:bb:22:22:22
aa:aa:aa:11:11:11 - R1 interface to PC1
Which 802.11 frame is a control frame? association request association response acknowledgment beacon
acknowledgment - Association request, response, and beacon frames are 802.11 management frames.
Which group of devices in a network receive IPv6 packets with the destination address of ff05::2? all IPv6 nodes on all the network segments within a site all IPv6 nodes on the local network segments all IPv6 routers on all the network segments within a site all IPv6 routers on the local network segments all OSPFv3 routers on all the network segments within a site all OSPFv3 routers on the local network segments
all IPv6 routers on all the network segments within a site - The hexadecimal digits "ff" in the IPv6 address prefix are an indication of a multicast address. The fourth hexadecimal digit indicates the scope, with the number five representing a site-local scope. The group ID of ::2 represents all IPv6 routers.
Examine the configurations of the switches SW1 and SW2. SW2 cannot obtain Layer 2 information from SW1 using CDP. Why? because CDP is disabled on the interface connecting to SW1 because CDP is globally disabled on SW2 because the interface connecting to SW1 is down because the interface connecting to SW1 is in the wrong VLAN because STP is blocking the interface connecting to SW1
because CDP is globally disabled on SW2 - The Cisco Discovery Protocol works as long it is globally enabled and not disabled on specific interfaces connecting two devices, and the two devices have L1 and L2 connectivity.
Which three types of booting are supported on servers? (Choose three.) booting from internal storage booting from LAN booting from SAN booting from WAN booting from wireless
booting from internal storage booting from LAN booting from SAN
For an administrator to be able to access the Layer 2 switch S1 from the internet, which IP connectivity parameters do you have to configure on the S1 switch? default gateway to 192.168.3.254 default route via 192.168.3.254 IPv4 address in the 209.168.200.224/27 subnet static route to 209.168.200.254/27
default gateway to 192.168.3.254 which is the edge router in this situation - For Switch S1 to be able to replay and respond as the administrator manages it, it must have a default gateway set. On a Layer 2 switch, you cannot configure routes, since IP routing is not enabled. For the switch virtual interface to work, the VLAN must be associated and active on at least one physical port.
Which three fields are included in a TCP header? (Choose three.) destination address destination port flags frame check sequence window size
destination port flags window size - The destination port is the sequence of the called port (16 bits), window size is the sequence of the data amount the destination can accept (16 bits), and flags are control bits (9 bits).
Which task makes configuring network devices more efficient and reduces errors? compliance checks data collection and telemetry device provisioning device software management
device provisioning - Device provisioning configures network devices more efficiently, faster, and with fewer errors because human interaction with each network device is decreased.
If a port is still a designated or root port at the end of the learning state, which state will it enter? blocking disabled forwarding learning listening
forwarding - This port sends and receives all data frames on the bridged port. A blocked port only listens to BPDUs (Bridge Protocol Data Units), and it does not forward any frames. Disabled ports do not participate in frame forwarding. A port changes to a learning state after a listening state. After a blocking state, the designated port moves to a listening state.
After receiving an Ethernet frame, a switch examines the destination MAC address, and forwards the frame out of all ports except the incoming port. In which communication types can this behavior occur? in broadcast and multicast communication in broadcast communication in broadcast, multicast, and unicast communication in unicast communication
in broadcast, multicast, and unicast communication - An Ethernet switch forwards a frame out of all ports except the incoming port when the intended recipients are all devices in a network, like in broadcast communication. It also forwards a frame out of all ports except the incoming port when communication is sent to a specific group of hosts, which is the case in multicast communications. In unicast communication, the switch will forward the frame out of all ports except the incoming port only when it does not have the destination MAC address in its MAC table.
Which Windows Command Prompt command do you use to view the IP address of a host? ip address ifconfig ipconfig show ip address
ipconfig - The Windows Command Prompt tool uses the ipconfig command to display network interface settings. The ifconfig and ip address commands are used in Linux systems. Show commands are used on Cisco IOS devices.
Routers communicate First Hop Redundancy Protocol (FHRP) information between each other through hello messages. What is this mechanism called? EtherChannel keepalive link-state VLAN tagging
keepalive - EtherChannel is a technology that enables link aggregation. A link-state router uses the link-state information to create a topology map and to select the best path to all destination networks in the topology. Switches use a process called VLAN tagging, in which the sending switch adds another header to the frame before sending it over the trunk.
Which component is used to generate a signal for single-mode fiber connections? cathode laser transmitter LED diode oscillator
laser transmitter -
Which type of cable is typically used to connect a core switch with a data center switch, where bandwidth higher than 40 Gbps and low cost are required? Category 5e UTP Category 6 UTP multimode fiber single-mode fiber
multimode fiber - When connecting data center switches to the network core, high bandwidth is required. Because data centers are typically at the same location as the network core, multimode fiber cables are used to connect the switches instead of single-mode fiber cables.
When an access point (AP) is operating in local mode, on which network device is wireless client traffic switched? on a network switch on a wireless access controller (WLC) on the egress AP on the ingress AP
on a wireless access controller (WLC) - In local mode, the AP sends all the client traffic to the WLC. The network switch would switch the traffic between two stand-alone APs. The egress and ingress points have no influence on the switching decision.
Refer to the exhibit. Which two options are common IPsec or SSL VPN implementations? (Choose two.) option 1 option 2 option 3 option 4 option 5
option 1 option 5 - An IPsec Tunnel VPN is typically established between two network devices, connecting two or more remote networks. An SSL VPN is typically established between a client and a network device. DMVPN and IPsec VTI VPN are typically established between network devices.
Which feature of PVST+ is not available in RSTP? fast convergence on topology changes per-port STP per-VLAN STP instance edge ports
per-VLAN STP instance - PVST+ is used on VLANs, while RSTP is used in LANs. Convergence is the state of a set of routers that have the same topological information about the internetwork where they are connected. Per-port STP is available in both PVST+ and RSTP, and PVST+ PortFast corresponds with the RSTP edge port concept.
On R3, shut down the interface toward R2. On PC1, issue the ping command toward the IPv4 address of SRV1. What is the result? an "unreachable network" error is returned ping is only partly successful (20-30%) ping is successful (80-100%) ping is unsuccessful (0%)
ping is unsuccessful (0%) - If static routing was correctly configured and connection between R2 and R3 disabled, the ping is unsuccessful, because no traffic can pass between R2 and R3. The unreachable network error is returned if no route (default or otherwise) exists on PC1 to the network of SRV1.
When an enterprise has to comply with strict data security regulations, which cloud deployment model should they use for their services? community hybrid private public
private - The main characteristic of a private cloud is lack of public access. It is a type of deployment where the infrastructure is owned, managed and operated by the user. It provides the benefits of cloud computing while maintaining control over corporate data, security and performance. Community, hybrid, and public cloud deployments do not provide full control over infrastructure and, as such, do not comply with the necessary regulations.
Which three elements are parts of an HTTP status line? (Choose three.) protocol version requested method status code status message target URL
protocol version status code status message
When a network handles Voice over IP (VoIP) packets differently than HTTP packets, which network feature is implemented? fault tolerance quality of service scalability security
quality of service - Quality of service (QoS) includes tools, mechanisms, and architectures that allow you to control how and when network resources are used by applications. QoS is especially important for prioritizing traffic when the network is congested. Scalability ensures that a network can easily accommodate more users and data transmission requirements, while security indicates how well the network is defended from potential threats. Fault tolerance indicates how resilient the network is in case of failure.
Which two types of cables can be used to connect to the console port of a Cisco router? (Choose two.) crossover rollover serial straight-through USB
rollover USB - Cisco devices traditionally used rollover cables to connect to the console port. Today, Cisco devices also offer a USB mini console port on the device.
Which of the following network devices defines a broadcast domain and a collision domain on every one of its ports? bridge hub router switch
router - Switches and bridges create separate collision domains on their ports, but do not limit the broadcast domain to only one port. The broadcast domain on a switch includes all the ports in one VLAN. The hub extends both the collision and broadcast domains to all its ports.
Which two commands display the type of trunking encapsulation of an interface? (Choose two.) show interfaces Ethernet0/0 switchport show interfaces status show interfaces summary show interfaces trunk show ip interfaces brief
show interfaces Ethernet0/0 switchport show interfaces trunk - The show interfaces status, show ip interfaces brief, and show interfaces summary commands do not display the type of trunking encapsulation of an interface.
On a Cisco switch, which two commands would you use to identify ports that are configured as trunks? (Choose two.) show interfaces status show interfaces summary show interfaces trunk show ip interface brief show vlan brief
show interfaces status show interfaces trunk
On a Cisco switch, which two commands display the VLANs allowed on trunk interfaces? (Choose two.) show interfaces show interfaces stats show interfaces summary show interfaces switchport show interfaces trunk
show interfaces switchport show interfaces trunk - The show interfaces summary command displays a summary of statistics for all interfaces that are configured on a switch. The show interfaces stats command displays the input and output packets by switching the path for the interface.
Which command would you use to verify the number of excluded addresses on a router configured as a DHCP server? show ip dhcp bindings show ip dhcp conflict show ip dhcp database show ip dhcp pool
show ip dhcp pool - To display a list of all IPv4 address-to-MAC bindings, you can use the show ip dhcp binding command. The show ip dhcp database command displays information about the DHCP server database agent, and the show ip dhcp conflict command displays the address conflicts found by a DHCP server when addresses are offered to the client.
Which command is used to verify a default gateway configuration on a Layer 2 switch? show interface description show interface stats show ip default-gateway network show management show running-config
show running-config - The show interface stats command displays interface statistics. The show management command displays the management applications.
Examine the Device Access table in the Job Aid. There are four users configured on SW2. The SW2 switch console line access is set to privilege level 5. Presuming command privileges are set to default, which username should you use to be able to change the SW2 configuration? admin monitor operator superadmin
superadmin - By default, Cisco IOS configuration commands require the maximum privilege level, which is 15. This is the privilege level of the user superadmin.
Which wired network device is an equivalent of a wireless access point (AP)? firewall hub router switch
switch - A wireless AP also provides connectivity to end devices over multiple VLANs. Firewalls secure network traffic, routers connect multiple network segments, and hubs are not VLAN-aware.
In which situation would you choose to use UDP instead of TCP for IP applications? when ensuring accurate file transfers even in the face of network issues when ensuring packet headers are not changed during transmission from source to destination when speed of delivery is more important than error correction in IP packet transmissions when you require that the recipient of the packets verify that the packets are delivered
when speed of delivery is more important than error correction in IP packet transmissions - Both UDP and TCP can provide integrity verification via checksum calculation. However, the usage of the checksum field is mandatory only in the TCP. TCP, unlike UDP, provides features that guarantee the delivery of the packets, by using sequence numbering, acknowledgments, and retransmissions.