200-301 Cisco Practice
To which Open Systems Interconnection (OSI) layer are router-specific functions mapped? Layer 1 Layer 2 Layer 3 Layer 4
Layer 3
Which flag is set in the first TCP packet sent by a device initiating a communication? ACK FIN PSH RST SYN
SYN
A device running a Windows OS has the IP address 169.254.254.254. Which of the following statements is true? The address is automatically configured by the device itself. The device is reachable via the internet. The IP address is used to communicate with the default gateway. The IP address is a loopback address.
The address is automatically configured by the device itself.
Routers communicate First Hop Redundancy Protocol (FHRP) information between each other through hello messages. What is this mechanism called? EtherChannel keepalive link-state VLAN tagging
keepalive
Which type of address is automatically assigned to a physical interface when IPv6 is enabled on that interface? global unicast address link-local address loopback address unique local address
link-local address
Presume that there are multiple paths to a given destination network. Which of the following does a dynamic routing protocol use to determine which route to the destination network is best? administrative distance metrics parameters variables Next Page
metrics
Which type of cable is typically used to connect a core switch with a data center switch, where bandwidth higher than 40 Gbps and low cost are required? Category 5e UTP Category 6 UTP multimode fiber single-mode fiber
multimode fiber
Which two Microsoft Windows commands will display the DNS server address configured on the host? (Choose two.) ipconfig ipconfig /all net config netstat -f nslookup
nslookup ipconfig /all
Which two types of cables can be used to connect to the console port of a Cisco router? (Choose two.) crossover rollover serial straight-through USB
rollover USB The correct answers are rollover and USB. Cisco devices traditionally used rollover cables to connect to the console port. Today, Cisco devices also offer a USB mini console port on the device. Crossover, straight-through, and serial cables are used to interconnect devices.
When a router is calculating the network portion of an IPv4 address, which bitwise operation is performed on the IPv4 address and the subnet mask? AND NAND OR XOR
AND
Which three protocols use UDP? (Choose three.) DHCP FTP HTTPS SNMP TFTP
DHCP SNMP TFTP
hat are the default OSPF hello and dead timer values on point-to-point links? Hello value is 10 seconds, dead value is 20 seconds. Hello value is 10 seconds, dead value is 40 seconds. Hello value is 20 seconds, dead value is 50 seconds. Hello value is 30 seconds, dead value is 120 seconds.
Hello value is 10 seconds, dead value is 40 seconds.
On a Cisco switch, why should you change the default native VLAN configuration of a trunk port? It disables the Dynamic Trunking Protocol (DTP) capability on a port. It leaves the network vulnerable to VLAN hopping attacks from any access port also in the default VLAN. Letting all traffic flow through the default VLAN leads to an increased number of collision domains. It can cause frames to loop when sending a double-tagged frame.
It leaves the network vulnerable to VLAN hopping attacks from any access port also in the default VLAN.
What does each banner do? MOTD Login Exec Incoming
MOTD- Displays message of the day when connected to router. Login- Right before authentication prompt Exec- Before user sees exec prompt Incoming- Displayed for users who connect through reverse telnet? (No idea what this means).
Choose the client technique for delivering electric power along with data to endpoint devices. Dynamic Host Configuration Protocol (DHCP) Power over Ethernet (PoE) Quality of Service (QoS) Secure Shell Host (SSH)
Power over Ethernet (PoE)
Where should Access list be placed on routers to limited remote access to only SSH connections? inbound direction on the Ethernet0/0 interface on R1 inbound direction on the Ethernet0/2 interface on SW1 inbound direction on the vty lines on R1 outbound direction on the Ethernet0/1 interface on SW2 outbound direction on the vty lines on R1
The inbound direction on vty lines. Why not the fast port who knows? The correct answer is inbound direction on the vty lines on R1. The other proposed implementations would also limit other traffic.
In order to allow SNMP traffic to flow throughout the network, which two communication scenarios must be allowed? (Choose two.) TCP to port 161 TCP to port 162 UDP and TCP to port 161 UDP and TCP to port 162 UDP to port 161 UDP to port 162
UDP to port 161 UDP to port 162
Which three types of devices are typically connected to access switches in an enterprise network? (Choose three.) desktops firewalls printers IP phones routers
desktops printers IP phones
When using a AAA server along with an access switch, which two features benefit from centralized authentication? (Choose two.) IPsec VPN access management access network access network telemetry authentication spanning tree authentication
management access network access The correct answers are management access and network access. By having a switch communicating to an authentication server, it is possible to authenticate a user's network access using 802.1X or other methods. It is also possible to authenticate administrative management sessions, such as SSH or HTTPs remote sessions.
Which Cisco DNA Center tool shows source IP addresses, destination IP addresses, source ports, and destination ports? inventory path trace service ping service topology
path trace service
What is the purpose of a Layer 3 switch? to route traffic between company VLANs to route traffic between the company network and the internet to route traffic between multiple geographical locations to route traffic between different protocol networks
to route traffic between company VLANs
Which of the following is the correct binary representation of the third octet of the IPv4 address 172.20.170.50? 0001 1110 0110 0110 1010 1010 1100 1011
1010 1010
How many bits does the subnet mask consist of? 16 24 32 48
32
From a network perspective, how is a server a different endpoint than a user workstation? A server requires lower latency. A server requires more bandwidth. A server requires Power over Ethernet (PoE) connectivity. A server requires stricter network access control.
A server requires more bandwidth. The correct answer is A server requires more bandwidth. Since a server is a convergent point on the network that connects multiple devices, it consumes more bandwidth. Low latency is not a differentiator for a server, since it is also a requirement for IP phones, for instance. Servers cannot be powered through PoE, since their power requirements surpass PoE capabilities. Servers are deployed in secured environments (locked closets or server rooms), where network access control is not a focus, since other security measures are implemented
Refer to the exhibit. In an 802.1X implementation, what are the roles of the devices shown? A B C Computer - Switch - Server A: authenticator, B: supplicant, C: authentication server A: client device, B: supplicant, C: authentication server A: supplicant, B: authenticator, C: authentication server A: supplicant, B: client device, C: authentication server
A: supplicant, B: authenticator, C: authentication server The correct answer is A: supplicant, B: authenticator, C: authentication server. A supplicant is a workstation with 802.1X-compliant client software. An authenticator acts as a proxy between the supplicant and an authentication server. An authentication server authenticates supplicants connecting to a switch port.
Refer to the exhibit. Router BR2 receives a packet with the destination IPv4 address of 172.16.5.20. Based on the routing table, what would the router do with the packet? Forward it out of interface Ethernet0/0. Forward it out of interface Ethernet0/1. Forward it out of interface Loopback0. It will discard the packet.
Forward it out of interface Ethernet0/0.
After the Cisco IOS Software image is loaded and started, from which three components can the device load its configuration? (Choose three.) DHCP server DNS server RAM NVRAM SCP server TFTP server
NVRAM SCP server TFTP server
Which language is used in the Cisco Network Services Orchestrator (NSO) to describe the network service intent? Python XML YAML YANG
What the is YANG?
Which feature of PVST+ is not available in RSTP? fast convergence on topology changes per-port STP per-VLAN STP instance edge ports
per-VLAN STP instance
What is the MAC address of the interface that autoconfigures itself to the IPv6 address of fe80::2a3:C2ff:fefc:4a5d? 00:a3:c2:fc:4a:5d 02:a3:c2:fc:4a:5d 02:a3:c2:ff:fe:fc 2a:3c:2f:ff:ec:4a c2:ff:fe:fc:4a:5d
02:a3:c2:ff:fe:fc The correct answer is 00:a3:c2:fc:4a:5d. Autoconfiguration employs the modified EUI-64 format in order to determine the interface ID portion of the address. The modified EUI-64 format uses the MAC address. The last 24 bits of the MAC address are preserved and become the last 24 bits of the autoconfigured IPv6 address. The first 24 bits of the MAC address have the seventh bit inverted. Also, the "fffe" sequence is appended to the end of the modified first 24 bits of the MAC address. This new 40-bit structure is followed by the last 24 bits of the MAC address to form the IPv6 interface ID. Next Page
In the Wi-Fi 2.4 GHz band, which three channels do not overlap? (Choose three.) 0 1 2 6 11 15 21
1 6 11
Which three IPv4 addresses are private? (Choose three.) 10.255.255.254 172.31.255.254 172.32.255.254 192.168.1.100 192.169.1.100
10.255.255.254 172.31.255.254 192.168.1.100
Which three statements about IPv4 addresses are true? (Choose three.) 8.0.0.0 is a public address. 10.8.0.0 is a private address. 127.0.0.1 is a reserved address. 172.30.0.0 is a public address. 192.170.0.0 is a private address.
8.0.0.0 is a public address. 10.8.0.0 is a private address. 127.0.0.1 is a reserved address. The correct answers are 8.0.0.0 is a public address, 10.8.0.0 is a private address, and 127.0.0.1 is a reserved address. 192.170.0.0 is a public IPv4 address, and 172.30.0.0 is a private IPv4 address.
Which statement about Service Set Identifiers (SSIDs) is true? An administrator can only create one SSID on the same access point. An administrator can create several SSIDs on the same access point. An SSID must be advertised by the Wi-Fi access point. An SSID is configured by default on an access point.
An administrator can create several SSIDs on the same access point. The correct answer is An administrator can create several SSIDs on the same access point. An SSID is not configured by default. An administrator configures one or more SSIDs on an access point. The administrator can also decide to hide an SSID.
Which issue is eliminated when using PortFast? bandwidth throttling DHCP timeout duplex mismatch native VLAN mismatch
DHCP timeout The correct answer is DHCP timeout. When a device is connected to the switch, it sees the interface port as up and it immediately wants to get the IP from the DHCP. However, STP needs time to transition ports to the forwarding state. PortFast solves this issue by not setting STP on that port. STP and PortFast do not have a function for purposely throttling the bandwidth. Duplex mismatch may happen if the auto-negotiating feature is enabled on one device and not on the other. A native VLAN mismatch error happens when you have different native VLAN numbers on connected devices.
Which statement is true about using the Device Provisioning Protocol (DPP) to provision wireless devices? DPP is a replacement of RADIUS with enhanced security. DPP is a replacement of WPA2 with enhanced security. DPP is used to provision an 802.1X-based clientless service. DPP is used with IoT devices to make the provisioning process easier.
DPP is used with IoT devices to make the provisioning process easier.
Which part of the Open Shortest Path First (OSPF) process is omitted if two routers are connected with a point-to-point link? Designated router/Border designated router (DR/BDR) election exchange of hello packets exchange of link-state database (LSDB) summary Shortest Path First (SPF) calculation
Designated router/Border designated router (DR/BDR) election The correct answer is Designated router/Border designated router (DR/BDR) election. Since there can be only two routers on a point-to-point connection, there is no need for a DR/BDR election. DR/BDR elections happen in point-to-multipoint topologies. OSPF exchange of hello packets, exchange of LSDB summaries, and SPF calculation are necessary procedures in an OSPF operation. These procedures are always performed, regardless of the link connection type.
A company needs to implement a secure VPN solution using IPsec. Which protocol and encryption algorithm should be used to guarantee VPN confidentiality? AH protocol with the AES encryption algorithm AH protocol with the SHA-2 encryption algorithm both ESP and AH protocols with the RSA encryption algorithm ESP protocol with the 3DES encryption algorithm ESP protocol with the Diffie-Hellman Group 7 encryption algorithm
ESP protocol with the 3DES encryption algorithm
The console of a device you are administering displays the following syslog message: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to down What is the severity level of the displayed syslog message? Error Log alert Log audit System daemon Warning
Error The correct answer is Error. The general format of syslog messages that the syslog process on Cisco IOS Software generates by default is: seq no:time stamp: %facility-severity-MNEMONIC:description. The "LINK" word of the message indicates which facility is the source of the message. The syslog RFC defines these sources by a numeric value. Cisco facilities are a free-form method of identifying the source message type such as SYS, IP, LDP, L2, MEM, FILESYS, DOT11, LINEPROTO, and so on. Facility indication is followed by a value representing severity. The value 3 corresponds to the severity level called Error, which indicates an error condition.
Which two statements about the HTTP PUT request method are correct? (Choose two.) HTTP PUT creates a new resource. HTTP PUT resends received requests. HTTP PUT retrieves a representation of a resource. HTTP PUT retrieves resource headers. HTTP PUT updates or modifies an existing resource.
HTTP PUT creates a new resource. HTTP PUT updates or modifies an existing resource. The correct answers are HTTP PUT creates a new resource and HTTP PUT updates or modifies an existing resource. Resource representation is retrieved by the HTTP GET method; received requests are resent by the HTTP TRACE method; and resource headers are retrieved by the HTTP HEAD method.
Which three device types can benefit from Power over Ethernet (PoE) connectivity? (Choose three.) access switches computers IP cameras VoIP phones wireless access points
IP cameras VoIP phones wireless access points
What are two field names corresponding to the IPv4 header field and the IPv6 header field that contain Differentiated Services Code Point (DSCP) markings? (Choose two.) flow control flow label IP precedence offset traffic class type of service (ToS)
IPV6 traffic class IPV4 type of service (ToS)
Which three SNMP messages are sent from an SNMP agent to an SNMP manager? (Choose three.) GetRequest GetNextRequest InformRequest Response SetRequest Trap
InformRequest Response Trap
Which series of phases correctly represents a common attack methodology? Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration Lateral movement > Escalation of Privileges > Reconnaissance of internal hosts > Initial Compromise > Exfiltration Lateral movement > Reconnaissance of internal hosts > Escalation of Privileges > Initial Compromise > Exfiltration Reconnaissance of internal hosts > Escalation of Privileges > Initial Compromise > Lateral movement > Exfiltration
Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration
Which series of phases correctly represents a common attack methodology? Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration Lateral movement > Escalation of Privileges > Reconnaissance of internal hosts > Initial Compromise > Exfiltration Lateral movement > Reconnaissance of internal hosts > Escalation of Privileges > Initial Compromise > Exfiltration Reconnaissance of internal hosts > Escalation of Privileges > Initial Compromise > Lateral movement > Exfiltration
Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration The correct answer is Initial Compromise > Escalation of Privileges > Reconnaissance of internal hosts > Lateral movement > Exfiltration. Although a unique attack methodology does not exist, the commonly used attack proceeds in the following phases. Initial Compromise—compromising a low-security system to start analyzing the internal network; Escalation of Privileges—getting more options to scan the internal network; Internal Reconnaissance—scanning the internal network to detect an interesting system to compromise; Lateral Movement—compromising others' internal hosts; Exfiltration—data theft.
Which three characteristics apply to the 802.1Q protocol? (Choose three.) It carries untagged frames. It modifies the 802.3 frame header. It includes an 8-bit field for TTL (Time to Live). It is a messaging protocol that carries a VLAN configuration. It uses an internal tagging mechanism.
It carries untagged frames. It modifies the 802.3 frame header. It uses an internal tagging mechanism. The correct answers are It carries untagged frames, It modifies the 802.3 frame, and It uses an internal tagging mechanism. The 802.1Q protocol does not include an 8-bit field for TTL, and it is not a messaging protocol that carries a VLAN configuration.
Which statement regarding a small office/home office (SOHO) of a remote worker is correct? It is a LAN that includes both wireless and wired network devices. It must be permanently connected to the main office. It must follow the three-tier architecture model. It typically uses dark fiber to connect to the main office.
It is a LAN that includes both wireless and wired network devices.
Which APIs are used for communication between a software-defined networking (SDN) application and a controller? Eastbound APIs Northbound APIs Southbound APIs Westbound APIs
Northbound APIs The correct answer is Northbound APIs. Northbound APIs or northbound interfaces are responsible for the communication between the SDN controller and the services that run over the network. Northbound APIs enable your applications to manage and control the network. Therefore, rather than adjusting and tweaking your network repeatedly to get a service or application running correctly, you can set up a framework that allows the application to demand the network setup that it needs.
Which two options are common IPsec or SSL VPN implementations? 1. Firewall - IPsec Tunnel VPN - Router 2. Firewall - SSL VPN - Router 3. Client - IPsec VTI VPN - Server 4. Firewall - DMVPN - Server 5. Client - SSL VPN - Firewall
Option 1 and 5 An IPsec Tunnel VPN is typically established between two network devices, connecting two or more remote networks. An SSL VPN is typically established between a client and a network device. DMVPN and IPsec VTI VPN are typically established between network devices. Next Page
Refer to the exhibit. The administrator has configured Hot Standby Router Protocol (HSRP) to provide default gateway redundancy. Which statement correctly describes the behavior of the network? Virtual IP 172.17.1.100 R1 172.17.1.1 R2 172.17.1.2 PC1 ip 172.17.1.105 default gateway 172.17.1.1 PC1 will be able to reach remote networks if either R1 or R2 fails. PC1 will be able to reach remote networks while R1 is operational. PC1 will not be able to reach remote networks if either R1 or R2 fails. PC1 will not be able to reach remote networks if R2 fails.
PC1 will be able to reach remote networks while R1 is operational The correct answer is PC1 will be able to reach remote networks while R1 is operational. Because of the explicit default gateway configuration, the ARP table of PC1 has the default gateway IPv4 mapped to the R1 MAC address, and not to the virtual MAC address of the HSRP group. When R1 fails, the PC1 ARP table will not be updated, and PC1 will not be able to reach R2, which would take over the role of the default gateway.
Refer to the exhibit. PC_A wants to communicate with PC_B, which resides on a different network. The hosts are connected via a router that acts as the default gateway for both. The ARP tables on all three devices are empty. When PC_A sends the first frame, which two things happen in the process? (Choose two.) PC_A broadcasts the frame intended for PC_B. PC_A sends a broadcast ARP request looking for the MAC address of the router. The router adds an IPv4 address to the MAC address's mapping for PC_A to its ARP table. The router drops the packet after checking for the mapping of PC_B's IP address. The router receives a frame with its own MAC and mismatched IP address, and drops it.
PC_A sends a broadcast ARP request looking for the MAC address of the router. The router adds an IPv4 address to the MAC address's mapping for PC_A to its ARP table.
Which command would you use to configure a router ID on a Cisco router? R1 (config-router)# ip router-id ip-address R1 (config-router)# router-id ip-address R1 (config)# ip router-id ip-address R1 (config)# router-id ip-address
R1 (config-router)# router-id ip-address
Which command would you use to configure a router ID on a Cisco router? R1 (config-router)# ip router-id ip-address R1 (config-router)# router-id ip-address R1 (config)# ip router-id ip-address R1 (config)# router-id ip-address
R1 (config-router)# router-id ip-address
What are two differences between the RADIUS and TACACS+ protocols? (Choose two.) RADIUS combines authentication and authorization, while TACACS+ implements two separate processes. RADIUS encrypts the entire payload, while TACACS+ encrypts only the password. RADIUS is a TCP-based protocol, while TACACS+ is a UDP-based protocol. RADIUS is a UDP based protocol. TACACS+ is a TCP based protocol. RADIUS supports bidirectional authentication, while TACACS+ supports only unidirectional authentication.
RADIUS combines authentication and authorization, while TACACS+ implements two separate processes. RADIUS is a UDP based protocol. TACACS+ is a TCP based protocol.
Which of the following network devices defines a broadcast domain and a collision domain on every one of its ports? bridge hub router switch
Router The correct answer is router. Switches and bridges create separate collision domains on their ports, but do not limit the broadcast domain to only one port. The broadcast domain on a switch includes all the ports in one VLAN. The hub extends both the collision and broadcast domains to all its ports.
Two routers, A and B, are part of the Hot Standby Router Protocol (HSRP) standby group. There was no priority configured on the routers for the HSRP group. Which statement is correct? Router A will be in the ACTIVE state and router B will be in the ACTIVE state. Router A will be in the ACTIVE state and router B will be in the STANDBY state. Router A will be in the LISTEN state and router B will be in the STANDBY state Router A will be in the STANDBY state and router B will be in the STANDBY state. Next Page
Router A will be in the ACTIVE state and router B will be in the STANDBY state.
Refer to the exhibit. You must ensure full connectivity in the network. When configuring trunking on SW3, which configuration would you use? SW1 Int G0/1 SW1 Mode trunk SW1 Allowed VLANS 10,20,30 SW2 Native VLAN 39 SW2 Int g0/2 SW2 Mode trunk SW2Allowed VLANS 10,20,30 SW2 Native VLAN 39
SW3(config)# interface range GigabitEthernet0/1-2 SW3(config-if-range)# switchport mode trunk SW3(config-if-range)# switchport trunk allowed vlan 10,20,30 SW3(config-if-range)# switchport trunk native vlan 39 SW3(config-if-range)# end SW3# configure terminal SW3(config)# vlan 10,20,30 SW3(config-vlan)# end The correct answer is SW3(config)# interface range GigabitEthernet0/1-2 SW3(config-if-range)# switchport mode trunk SW3(config-if-range)# switchport trunk allowed vlan 10,20,30 SW3(config-if-range)# switchport trunk native vlan 39 SW3(config-if-range)# end SW3# configure terminal SW3(config)# vlan 10,20,30 SW3(config-vlan)# end. To have an operational trunk link, it must be configured with the same native VLAN and it must support the same VLANs on both sides of the link. If VLANs are not created on the switch, if native VLAN settings do not match, or if the same switchport mode is not negotiated or configured on both sides of the link, the trunk will not be operational.
Which two statements describe examples of social engineering attacks? (Choose two.) Cracking a user password using personal data related to the victim. Defacing a website and explaining the political ideology behind the attack. Delivering a DoS attack from a server trusted by all company users. Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine. Next Page
Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine.
Which two statements describe examples of social engineering attacks? (Choose two.) Cracking a user password using personal data related to the victim. Defacing a website and explaining the political ideology behind the attack. Delivering a DoS attack from a server trusted by all company users. Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine.
Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine.
Which command is used to set 192.168.1.1 as the default gateway on a Layer 2 switch? Switch(config)# ip default-gateway 192.168.1.1 Switch(config)# ip default-network 192.168.1.1 Switch(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1 Switch(config)# ip route 0.0.0.0 0.0.0.0 DHCP 1
Switch(config)# ip default-gateway 192.168.1.1 The correct answer is Switch(config)# ip default-gateway 192.168.1.1. This command sets a default gateway for devices that do not support IP routing. The ip default-network command sets a classful default route. The ip route 0.0.0.0 0.0.0.0 192.168.1.1 command sets the default route via the forwarding router IP address. The DHCP keyword instructs the switch to get the forwarding router IP address from the DHCP.
Which two symptoms indicate a duplex mismatch between a client and an Ethernet switch? (Choose two.) Auto-negotiation will report speed and duplex mismatch errors on the client NIC interface. Interface statistics for the full-duplex side of the link will show increasing late collision errors. The full-duplex interface will report increasing numbers of FCS errors or runts on the port. The full-duplex side of the link will slow as CSMA/CD will force it to wait for incoming packets from the other side of the link. The half-duplex side of the link will waste bandwidth due to increased packet retransmissions caused by increasing collisions.
The full-duplex interface will report increasing numbers of FCS errors or runts on the port. The half-duplex side of the link will waste bandwidth due to increased packet retransmissions caused by increasing collisions.
Which two symptoms are characteristic of a duplex mismatch? (Choose two.) The full-duplex side of the link will experience increased collision rates. The half-duplex side of the link will experience increased collision rates. TCP data transfer will perform better than UDP data transfer. The connection will not be operational. The full-duplex side of the link will have a large number of CRC errors.
The half-duplex side of the link will experience increased collision rates. The full-duplex side of the link will have a large number of CRC errors. The correct answers are The half-duplex side of the link will experience increased collision rates and The full-duplex side of the link will have a large number of CRC errors. The full-duplex side of the link does not detect any collisions, since Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is disabled on the full-duplex side of the link. The connections with a duplex mismatch are typically operational, but they operate poorly. When used to send a larger amount of data, the TCP data transfer would provoke collisions and trigger TCP retransmissions, which slows down the transfer.
You have restarted a router, which has the default booting procedure. During the reboot, the following messages appear on the console: %Error opening tftp://255.255.255.255/network-confg (Timed out) %Error opening tftp://255.255.255.255/cisconet.cfg (Timed out) What can you conclude based on the messages? The router will attempt to load the configuration from the NVRAM. The router configuration will be loaded from the TFTP server. The TFTP server URL is incorrect. The configuration file is not found on the TFTP server.
The router configuration will be loaded from the TFTP server. The correct answer is The configuration file is not found on the TFTP server. By default, the router first attempts to load the startup configuration from the NVRAM. If the startup configuration file does not exist in NVRAM, the router searches for a TFTP server. If the router detects that it has an active link, it sends a broadcast searching for a configuration file across the active link. No specific TFTP URL is used. If the router does not find the configuration source, it will display the error console messages.
You are tasked with installing and configuring a new PoE-supported IP camera with a power consumption of 20 W. After connecting it to a PoE-enabled switch, the camera does not turn on. What is the likely cause of the problem? The cable connecting the switch and the camera is too long. The camera requires additional configuration to work with PoE. The switch does not support the PoE Plus standard. The switch requires additional configuration to enable PoE on the interface.
The switch does not support the PoE Plus standard. The correct answer is The switch does not support the PoE Plus standard. Normal PoE can only provide up to 15.4 W of power, while PoE Plus provides up to 30 W. Devices that support PoE do not need to be configured to use it, as they will power on when connected to the Ethernet. PoE is enabled on all ports. Supplied PoE power decreases with range, but the drop is minimal.
What is the purpose of the blocking state of ports in STP (Spanning Tree Protocol)? To prevent MITM (man-in-the-middle) attacks. To prevent retransmission of routing protocol updates. To prevent path loops. To prevent unauthorized usage of unused ports.
To prevent path loops.
When is an architecture design called a "collapsed core architecture"? When the core and the distribution layer are merged into one layer. When the core layer fails to provide fault tolerance. When the backbone and the access layer are merged into one layer. When the distribution and access layer are merged into the core layer.
When the core and the distribution layer are merged into one layer.
Two computers are connected to a Cisco Catalyst Layer 2 switch. PC1 is assigned the address 10.250.20.20/26 and PC2 is assigned the address 10.250.20.50/26. When a user on PC1 issues the ping 10.250.20.63 command, will PC2 respond to it? No, because 10.250.20.63 is not in the subnet that PC1 belongs to. No, because 10.250.20.63 is not the IP of PC2. Yes, if both ports are operationally in access mode and in the same VLAN. Yes, if the ip routing command is configured on the switch.
Yes, if both ports are operationally in access mode and in the same VLAN. The correct answer is Yes, if both ports on the switch belong to the same VLAN. The IPv4 address 10.250.20.63 is the broadcast address of the 10.250.20.0/26 subnet. A switch forwards broadcast communication to all ports in a VLAN. If both ports that connect PC1 and PC2 belong to the same VLAN, then PC2, as well as other devices in the same subnet, will receive the ICMP request from PC1 and respond to it.
As an administrator, you are configuring a Cisco Wireless LAN Controller (Cisco WLC). You are prompted by a pop-up message: "Changing WLAN parameters while it is enabled will cause the WLAN to be momentarily disabled and radio reset thus may result in loss of connectivity for some clients. Press OK to continue." What is the cause of the message? You clicked on the SSID parameter of an existing WLAN. You are applying a configuration to the Cisco WLC. You are manually adding a rogue AP to the controller. You are trying to reload the Cisco WLC.
You are applying a configuration to the Cisco WLC.
You have set up a small office/home office (SOHO) to work from home. You are using broadband internet with a remote-access Virtual Private Network (VPN) to connect to your company resources. Which statement correctly describes this deployment mode? A VPN-capable router is required for the SOHO network. You can use the web browser to establish a VPN tunnel. A permanent VPN connection is required. VPN tunneling is performed by the internet service provider (ISP).
You can use the web browser to establish a VPN tunnel. The correct answer is You can use the web browser to establish a VPN tunnel. Remote-access VPN allows you to establish VPNs using VPN-client software or a web-based client. Remote-access VPNs are not statically set up. Site-to-site VPNs, on the other hand, require VPN-capable devices to connect to the VPN gateway at the company's side. In site-to-site deployment mode, the end hosts are not aware of the tunneling.
What is the interface ID of the IPv6 address 2001:db8::a:a9cd:47ff:fe57:fe94/64? 47ff:fe57:fe94 a:a9cd:47ff:fe57:fe94 a9cd:47ff:fe57:fe94 fe57:fe94 2001:db8 2001:db8::a
a9cd:47ff:fe57:fe94. The correct answer is a9cd:47ff:fe57:fe94. An IPv6 address starting with the hexadecimal digits 2 or 3 falls into the category of global unicast addresses. The first 48 bits represent the Global Routing Prefix and are followed by a 16-bit Subnet ID. The remaining 64 bits represent the Interface ID, which is equivalent to the host portion of an IPv4 address.
Which three layers does the hierarchical three-tier model include? (Choose three.) access core data link distribution network
access core distribution
Which three security services does the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) provide? (Choose three.) access control authentication authorization data confidentiality data redundancy
access control authentication data confidentiality The correct answers are access control, authentication, and data confidentiality. CCMP is the standard encryption protocol for use with Wi-Fi Protected Access 2 (WPA2). CCMP does not provide authorization and data redundancy
For a router, which of the following is the preferred source of information about a destination network? an active local interface connected to the network Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF) the ip route configuration command
an active local interface connected to the network
Where in the network should you implement QoS packet classification? at the input interface of a device at the LAN access edge of the network at the input interface of a device at the WAN edge of the network at the output interface of a device at the LAN access edge of the network at the output interface of a device at the WAN edge of the network
at the input interface of a device at the LAN access edge of the network
Which three types of booting are supported on servers? (Choose three.) booting from internal storage booting from LAN booting from SAN booting from WAN booting from wireless
booting from internal storage booting from LAN booting from SAN
On a Cisco device, what is the default destination for syslog logging messages? console line logging buffer syslog server terminal lines
console line
Which type of Cisco switch memory location stores the MAC address table? content-addressable memory (CAM) flash non-volatile random-access memory (NVRAM) read-only memory (ROM)
content-addressable memory (CAM)
In which network implementations is the spine-leaf topology most commonly used? enterprise LAN enterprise edge data centers ISP backbone
data centers
For an administrator (209.168.200.225/27) to be able to access the Layer 2 switch S1 (192.168.3.0/24) from the internet, which IP connectivity parameters do you have to configure on the S1 switch? default gateway to 192.168.3.254 default route via 192.168.3.254 IPv4 address in the 209.168.200.224/27 subnet static route to 209.168.200.254/27
default gateway to 192.168.3.254 The correct answer is default gateway to 192.168.3.254. For Switch S1 to be able to replay and respond as the administrator manages it, it must have a default gateway set. On a Layer 2 switch, you cannot configure routes, since IP routing is not enabled. For the switch virtual interface to work, the VLAN must be associated and active on at least one physical port.
When configuring a trunk port on a Cisco switch, which VLAN ranges can be used to specify the allowed VLANs? extended and standard extended standard standard and reserved
extended and standard?
Which four of the following are valid link-local IPv6 addresses? (Choose four.) fe80::1 ff80::1 fe90::1 feb1::1 fea3::1 fec3::1
fe80::1 fe90::1 feb1::1 fea3::1 The correct answers are fe80::1, fe90::1, feb1::1, and fea3::1. All addresses encompassed by the fe80::/10 prefix are considered valid link-local IPv6 addresses. The ff00::/8 prefix is the prefix of multicast IPv6 addresses. Addresses starting with the hexadecimal digits fec3 do not belong to a link-local IPv6 address range.
If a port is still a designated or root port at the end of the learning state, which state will it enter? blocking disabled forwarding learning listening
forwarding
A company wants to interconnect all its branches. To ensure minimum downtime, the company wants to use a WAN that provides high availability and high redundancy. Which WAN topology should the company use? full mesh hub-and-spoke partial mesh ring
full mesh
After receiving an Ethernet frame, a switch examines the destination MAC address, and forwards the frame out of all ports except the incoming port. In which communication types can this behavior occur? in broadcast and multicast communication in broadcast communication in broadcast, multicast, and unicast communication in unicast communication
in broadcast, multicast, and unicast communication
When configuring an IPv4 static route pointing to the next-hop IPv4, which command should you use? ip route 172.16.1.0 255.255.255.0 172.16.2.1 ip route 172.16.1.0 net-mask 255.255.255.0 next-hop 172.16.2.1 ip route 172.16.1.0/24 172.16.2.1 ip route static 172.16.1.0 net-mask 255.255.255.0 next-hop 172.16.2.1
ip route 172.16.1.0 255.255.255.0 172.16.2.1
Which command would you use to configure a floating static route? ip route static 192.168.13.0 255.255.255.0 100 ip route 192.168.13.0 255.255.255.0 172.17.10.1 100 ip route 192.168.13.0 255.255.255.0 172.17.10.1 ip route 192.168.13.0 255.255.255.0 172.17.10.1 metric 100
ip route 192.168.13.0 255.255.255.0 172.17.10.1 100 The correct answer is ip route 192.168.13.0 255.255.255.0 172.17.10.1 100. It is the only option with the correct syntax. The ip route static 192.168.13.0 255.255.255.0 100 command is missing the gateway IPv4 address or interface to that network. The ip route 192.168.13.0 255.255.255.0 172.17.10.1 command has the default administrative distance of 1 set, and is therefore not classified as a floating static route. In the ip route 192.168.13.0 255.255.255.0 172.17.10.1 metric 100 command, the keyword "metric" is redundant.
Which Windows Command Prompt command do you use to view the IP address of a host? ip address ifconfig ipconfig show ip addres
ipconfig
When an access point (AP) is operating in local mode, on which network device is wireless client traffic switched? on a network switch on a wireless access controller (WLC) on the egress AP on the ingress AP
on a wireless access controller (WLC) The correct answer is on a wireless access controller (WLC). In local mode, the AP sends all the client traffic to the WLC. The network switch would switch the traffic between two stand-alone APs. The egress and ingress points have no influence on the switching decision.
When an enterprise has to comply with strict data security regulations, which cloud deployment model should they use for their services? community hybrid private public
private
When a network handles Voice over IP (VoIP) packets differently than HTTP packets, which network feature is implemented? fault tolerance quality of service scalability security
quality of service
Which three of the following application characteristic values are determined in the service level specification phase when designing the quality of service (QoS) policy of a network? (Choose three.) generated data flows required bandwidth required responsiveness response criticality tolerable jitter tolerable packet loss
required bandwidth tolerable jitter tolerable packet loss The correct answers are required bandwidth, tolerable jitter, and tolerable packet loss. When you specify the service levels for a class of traffic, you define specific values for delay and jitter, packet loss tolerance, required bandwidth, and time sensitivity. After the implementation of the QoS policy, the performance of your network can then be measured and evaluated against the specified service levels. You should identify the data flows generated by the application prior to determining service levels, in the first phase of policy design. Required responsiveness and response criticality are performed within the business audit phase, which precedes service-level specification.
Which two commands display the type of trunking encapsulation of an interface? (Choose two.) show interfaces Ethernet0/0 switchport show interfaces status show interfaces summary show interfaces trunk show ip interfaces brief
show interfaces trunk show interfaces Ethernet0/0 switchport The correct answers are show interfaces Ethernet0/0 switchport and show interfaces trunk. The show interfaces status, show ip interfaces brief, and show interfaces summary commands do not display the type of trunking encapsulation of an interface.
Which command would you use to verify the number of excluded addresses on a router configured as a DHCP server? show ip dhcp bindings show ip dhcp conflict show ip dhcp database show ip dhcp pool
show ip dhcp pool
Which command is used to verify a default gateway configuration on a Layer 2 switch? ( show interface description show interface stats show ip default-gateway network show management show running-config
show running-config The correct answers is show running-config. The show interface description command displays the interface protocol status and the interface description. The show interface stats command displays interface statistics. The show management command displays the management applications.
A client issues a DNS request to its local DNS server. The local DNS server does not have the information required. Which entity will send a DNS response to the client? the authoritative DNS server for the top-level domain the authoritative top-level domain and subdomain DNS servers the client's local DNS server the Internet Service Provider's DNS server
the client's local DNS server The correct answer is the client's local DNS server. When the local DNS server cannot find the queried domain in its database, which indicates that the local server is not authoritative for this domain, it will query the authoritative root DNS server for the top-level (root) domain. The root DNS server directs the query to the DNS server for the first subdomain of the queried domain name. The query directing process continues until the local server reaches the authoritative subdomain DNS server. The authoritative subdomain DNS server resolves the initially queried domain name and replies to the local DNS server. This is how the local DNS server gets the resolved IP address. It is then the local DNS who sends the response to the client.
When using Hot Standby Router Protocol (HSRP) for gateway redundancy, which router's IP address is used for the gateway on hosts? active active and standby standby virtual
virtual
In which situation would you choose to use UDP instead of TCP for IP applications? when ensuring accurate file transfers even in the face of network issues when ensuring packet headers are not changed during transmission from source to destination when speed of delivery is more important than error correction in IP packet transmissions when you require that the recipient of the packets verify that the packets are delivered
when speed of delivery is more important than error correction in IP packet transmissions