S3 Part 3

162. Refer to the exhibit. If no router ID was manually configured, what would router Branch1 use as its OSPF router ID? - 10.0.0.1 - 10.1.0.1 - 192.168.1.100 - 209.165.201.1

- 192.168.1.100

146. A network administrator modified an OSPF-enabled router to have a hello timer setting of 20 seconds. What is the new dead interval time setting by default? - 40 seconds - 60 seconds - 80 seconds - 100 seconds

- 80 seconds

141. A student, doing a summer semester of study overseas, has taken hundreds of pictures on a smartphone and wants to back them up in case of loss. What service or technology would support this requirement? - Cisco ACI - cloud services - software defined networking - dedicated servers

- Cloud Services

167. What type of traffic is described as consisting of traffic that requires a higher priority if interactive? - voice - data - video

- Data

199. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp . If a packet with a source address of 172.18.20.55, a destination address of 172.18.20.3, and a protocol of 21 is received on the interface, is the packet permitted or denied? - permitted - denied

- Denied

149. Which queuing mechanism has no provision for prioritizing or buffering but simply forwards packets in the order they arrive? - FIFO - LLQ - CBWFQ - WFQ

- FIFO (first in First out)

184. What type of traffic is described as using either TCP or UDP depending on the need for error recovery? video voice data

Data

195. What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy? - policing - traffic marking - weighted random early detection (WRED) - traffic shaping - tail drop

traffic marking

143. Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.) - Filter unwanted traffic before it travels onto a low-bandwidth link. - Place standard ACLs close to the destination IP address of the traffic. - Place standard ACLs close to the source IP address of the traffic. - Place extended ACLs close to the destination IP address of the traffic. - Place extended ACLs close to the source IP address of the traffic. - For every inbound ACL placed on an interface, there should be a matching outbound ACL.

- Filter unwanted traffic before it travels on a low bandwidth link. - Place standard ACLs close to the destination IP address of the traffic. - Place extended ACLs close to the source IP address of the traffic.

Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec? - SSL VPN - Dynamic multipoint VPN - GRE over IPsec - IPsec virtual tunnel interface

- GRE over IPsec

182. Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding? - MPLS VPN - IPsec virtual tunnel interface - dynamic multipoint VPN - GRE over IPsec

- IPsec virtual tunnel interface

150. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers. The routers are unable to form a neighbor adjacency. What should be done to fix the problem on router R2? - Implement the command no passive-interface Serial0/1. - Implement the command network 192.168.2.6 0.0.0.0 area 0 on router R2. - Change the router-id of router R2 to 2.2.2.2. - Implement the command network 192.168.3.1 0.0.0.0 area 0 on router R2.

- Implement the command no passive-interface Serial0/1

174. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers but PC1 is unable to connect to PC2. What is the most likely problem? - Interface Fa0/0 has not been activated for OSPFv2 on router R2. - Interface Fa0/0 is configured as a passive-interface on router R2. - Interface S0/0 is configured as a passive-interface on router R2. - Interface s0/0 has not been activated for OSPFv2 on router R2.

- Interface Fa0/0 has not been activated for OSPFv2 on router R2.

198. What protocol is a vendor-neutral Layer 2 discovery protocol that must be configured separately to transmit and receive information packets? - SNMP - MPLS - LLDP - NTP

- LLDP

177. Which type of VPN involves the forwarding of traffic over the backbone through the use of labels distributed among core routers? - MPLS VPN - GRE over IPsec - IPsec virtual tunnel interface - dynamic multipoint VPN

- MPLS VPN

161. What protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers? - TFTP - SYSLOG - NTP - MPLS

- NTP Network Time Protocol

Consider the following access list that allows IP phone configuration file transfers from a particular host to a TFTP server: R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000 R1(config)# access-list 105 deny ip any any R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out Which method would allow the network administrator to modify the ACL and include FTP transfers from any source IP address? Which method would allow the network administrator to modify the ACL and include FTP transfers from any source IP address? - R1(config)# interface gi0/0R1(config-if)# no ip access-group 105 out R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21 R1(config)# interface gi0/0R1(config-if)# ip access-group 105 out - R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21 - R1(config)# interface gi0/0R1(config-if)# no ip access-group 105 outR1(config)# no access-list 105R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21R1(config)# access-list 105 deny ip any anyR1(config)# interface gi0/0R1(config-if)# ip access-group 105 out - R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21R1(config)# access-list 105 deny ip any any

- R1(config)# interface gi0/0R1(config-if)# no ip access-group 105 outR1(config)# no access-list 105R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21R1(config)# access-list 105 deny ip any anyR1(config)# interface gi0/0R1(config-if)# ip access-group 105 out

170. Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface, but not the G0/0 interface. When following the best practices, in what location should the standard ACL be applied? - R1 S0/0/0 outbound - R2 G0/0 outbound - R2 S0/0/1 outbound - R1 S0/0/0 inbound - R2 G0/1 inbound

- R2 G0/0 outbound

203. Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. When following the best practices, in what location should the standard ACL be applied? - R2 G0/1 inbound - R2 S0/0/1 outbound - R1 S0/0/0 outbound - R2 G0/1 outbound - R2 G0/0 outbound

- R2 G0/1 outbound

159. A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.) - Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0 - Router(config)# access-list 95 permit any - Router(config)# access-list 95 host 172.16.0.0 - Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 - Router(config)# access-list 95 172.16.0.0 255.255.255.255 - Router(config)# access-list 95 deny any

- Router(config)# access-list 95 permit any - Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255

192. What protocol allows the manager to poll agents to access information from the agent MIB? - CBWFQ - SYSLOG - TFTP - SNMP

- SNMP

147. Which type of VPN is the preferred choice for support and ease of deployment for remote access? - SSL VPN - GRE over IPsec - dynamic multipoint VPN - IPsec virtual tunnel interface

- SSL VPN

152. Refer to the exhibit. Internet privileges for an employee have been revoked because of abuse but the employee still needs access to company resources. What is the best ACL type and placement to use in this situation? - standard ACL inbound on R2 WAN interface connecting to the internet - standard ACL outbound on R2 WAN interface towards the internet - standard ACL inbound on R1 G0/0 - standard ACL outbound on R1 G0/0

- Standard ACL outbound on R2 WAN interface towards the internet.

164. Refer to the exhibit. A web designer calls to report that the web server web-s1.cisco.com is not reachable through a web browser. The technician uses command line utilities to verify the problem and to begin the troubleshooting process. Which two things can be determined about the problem? (Choose two.) - The web server at 192.168.0.10 is reachable from the source host. - DNS cannot resolve the IP address for the server web-s1.cisco.com. - A router is down between the source host and the server web-s1.cisco.com. - There is a problem with the web server software on web-s1.cisco.com. - The default gateway between the source host and the server at 192.168.0.10 is down.

- The web server at 198.168.0.10 is reachable from the source host. - DNS cannot resolve the Ip address for the server web-s1.cisco.com

160. Refer to the exhibit. The company has decided that no traffic initiating from any other existing or future network can be transmitted to the Research and Development network. Furthermore, no traffic that originates from the Research and Development network can be transmitted to any other existing or future networks in the company. The network administrator has decided that extended ACLs are better suited for these requirements. Based on the information given, what will the network administrator do? - One ACL will be placed on the R1 Gi0/0 interface and one ACL will be placed on the R2 Gi0/0 interface. - Only a numbered ACL will work for this situation. - One ACL will be placed on the R2 Gi0/0 interface and one ACL will be placed on the R2 S0/0/0 interface. - Two ACLs (one in each direction) will be placed on the R2 Gi0/0 interface.

- Two ACLs (one is each direction) will be. placed on the R2 gi0/0 interface.

205. What are two features to consider when creating a named ACL? (Choose two.) - Use alphanumeric characters if needed. - Use special characters, such as ! or * to show the importance of the ACL. - Modify the ACL using a text editor. - Be descriptive when creating the ACL name. - Use a space for ease of reading to separate the name from the description

- Use alphanumeric characters if needed. - Be descriptive when creating the ACL name.

175. ABCTech is investigating the use of automation for some of its products. In order to control and test these products, the programmers require Windows, Linux, and MAC OS on their computers. What service or technology would support this requirement? - dedicated servers - software defined networking - virtualization - Cisco ACI

- Virtualization

148. What type of traffic is described as predictable and smooth? - video - data - Voice

- Voice

202. Which virtual resource would be installed on a network server to provide direct access to hardware resources? - VMware Fusion - a management console - a dedicated VLAN - a Type 1 hypervisor

- a Type 1 hypervisor

196. Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.) - cost of the link - amount of traffic - distance between sites - reliability - security needs - type of traffic

- amount of traffic - security needs - type of traffic

212. A network technician is configuring SNMPv3 and has set a security level of SNMPv3 authPriv. What is a feature of using this level? - authenticates a packet by using the SHA algorithm only - authenticates a packet by a string match of the username or community string - authenticates a packet by using either the HMAC with MD5 method or the SHA method - authenticates a packet by using either the HMAC MD5 or HMAC SHA algorithms and a username

- authenticates a packet by using either the HMAC with MD5 method or the SHA method

208. Which step in the link-state routing process is described by a router inserting best paths into the routing table? - declaring a neighbor to be inaccessible - executing the SPF algorithm - load balancing equal-cost paths - choosing the best route

- choosing the best route

209. Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting. What service or technology would support this requirement? - data center - virtualization - cloud services - dedicated servers

- cloud service

187. What is the name of the layer in the Cisco borderless switched network design that is considered to be the backbone used for high-speed connectivity and fault isolation? - data link - access - core - network - network access

- core

189. What type of traffic is described as consisting of traffic that gets a lower priority if it is not mission-critical? - video - data - voice

- data

168. Which type of VPN provides a flexible option to connect a central site with branch sites? - IPsec virtual tunnel interface - MPLS VPN - dynamic multipoint VPN - GRE over IPsec

- dynamic Multipoint VPN

172. Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces? - exchanging link-state advertisements - electing the designated router - injecting the default route - establishing neighbor adjacencies

- establishing neighbor adjacencies

183. Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link? - building the topology table - selecting the router ID - exchanging link-state - advertisements - injecting the default route

- exchanging link-state advertisements

211. Refer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation? - extended ACL inbound on R1 G0/0 - extended ACL outbound on R2 WAN interface towards the internet - extended ACL outbound on R2 S0/0/1 - extended ACLs inbound on R1 G0/0 and G0/1

- extended ACL inbound on R1 G0/0

200. Refer to the exhibit. Corporate policy demands that access to the server network be restricted to internal employees only. What is the best ACL type and placement to use in this situation? - extended ACL outbound on R2 S0/0/1 - standard ACL outbound on R2 S0/0/0 - standard ACL inbound on R2 WAN interface connecting to the internet - extended ACL inbound on R2 S0/0/0

- extended ACL outbound on R2 S0/0/1

185. Refer to the exhibit. The company CEO demands that one ACL be created to permit email traffic to the internet and deny FTP access. What is the best ACL type and placement to use in this situation? - extended ACL outbound on R2 WAN interface towards the internet - standard ACL outbound on R2 S0/0/0 - extended ACL inbound on R2 S0/0/0 - standard ACL inbound on R2 WAN interface connecting to the internet

- extended ACl outbound on R2 WAN interface towards the internet.

197. What command would be used as part of configuring NAT or PAT to link the inside local addresses to the pool of addresses available for PAT translation? - ip nat inside source list ACCTNG pool POOL-STAT - ip nat translation timeout 36000 - ip nat inside source list 14 pool POOL-STAT overload - ip nat inside source static 172.19.89.13 198.133.219.65

- ip nat inside source list 14 pool POOL-STAT overload

180. What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network? - ip pat inside - access-list 10 permit 172.19.89.0 0.0.0.255 - ip nat inside - ip nat outside

- ip nat outside

186. What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation? - ip nat inside source static 172.19.89.13 198.133.219.65 - ip nat inside source list 24 interface serial 0/1/0 overload - ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240 - ip nat outside

- ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240

204. Which OSPF database is identical on all converged routers within the same OSPF area? - neighbor - forwarding - link-state - adjacency

- link-state

151. A network administrator is troubleshooting an OSPF problem that involves neighbor adjacency. What should the administrator do? - Make sure that the router priority is unique on each router. - Make sure that the DR/BDR election is complete. - Make sure that the router ID is included in the hello packet. - Make sure that the hello and dead interval timers are the same on all routers.

- make sure that the hello and dead interval timers are the same on al routers.

153. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 100 permit tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq www . If a packet with a source address of 192.168.10.244, a destination address of 172.17.200.56, and a protocol of 80 is received on the interface, is the packet permitted or denied? denied permitted

- permitted

188. An ACL is applied inbound on router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.47 any eq ftp If a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2, and a protocol of 21 is received on the interface, is the packet permitted or denied? - permitted - denied

- permitted

191. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www . If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27, and a protocol of 80 is received on the interface, is the packet permitted or denied? - permitted - denied

- permitted

210. Which QoS technique smooths packet output rate? - policing - shaping - weighted random early detection - Integrated Services (IntServ) - marking

- shaping

201. A technician is working on a Layer 2 switch and notices that a %CDP-4-DUPLEX_MISMATCH message keeps appearing for port G0/5. What command should the technician issue on the switch to start the troubleshooting process? - show cdp neighbors - show ip interface brief - show interface g0/5 - show cdp

- show interface g0/5

145. What command would be used as part of configuring NAT or PAT to display all static translations that have been configured - show ip nat translations - show ip pat translations - show ip cache - show running-config

- show ip nat translations

155. What command would be used as part of configuring NAT or PAT to display any dynamic PAT translations that have been created by traffic? - show ip pat translations - show ip cache - show running-config - show ip nat translations

- show ip nat translations

176. A network engineer has noted that some expected network route entries are not displayed in the routing table. Which two commands will provide additional information about the state of router adjacencies, timer intervals, and the area ID? (Choose two.) - show ip protocols - show ip ospf neighbor - show running-configuration - show ip ospf interface - show ip route ospf

- show ip ospf neighbor - show ip ospf interface

171. Two OSPF-enabled routers are connected over a point-to-point link. During the ExStart state, which router will be chosen as the first one to send DBD packets? - the router with the highest router ID - the router with the lowest IP address on the connecting interface - the router with the highest IP address on the connecting interface - the router with the lowest router ID

- the router with the highest router ID

173. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use forensic tools? - to obtain specially designed operating systems preloaded with tools optimized for hacking - to detect any evidence of a hack or malware in a computer or network - to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network - to reverse engineer binary files when writing exploits and when analyzing malware

- to detect any evidence of a hack or malware in a computer or network

169. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use fuzzers? - to discover security vulnerabilities of a computer - to detect any evidence of a hack or malware in a computer or network - to reverse engineer binary files when writing exploits and when analyzing malware - to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

- to discover security vulnerabilities of a computer

179. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use hacking operation systems? - to detect any evidence of a hack or malware in a computer or network - to obtain specially designed operating systems preloaded with tools optimized for hacking - to encode data, using algorithm schemes, to prevent unauthorized access to the encrypted data - to reverse engineer binary files when writing exploits and when analyzing malware

- to obtain specially designed operating system preloading with tools optimized for hacking

154. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner? - to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network - to detect any evidence of a hack or malware in a computer or network - to reverse engineer binary files when writing exploits and when analyzing malware - to probe network devices, servers, and hosts for open TCP or UDP ports

- to probe network devices, servers, and hosts for open TCP or UDP ports.

190. Which OSPF table is identical on all converged routers within the same OSPF area? - routing - neighbor - adjacency - topology

- topology

157. What type of traffic is described as requiring latency to be no more than 400 milliseconds (ms)? - video - data - voice

- video

165. What type of traffic is described as tending to be unpredictable, inconsistent, and bursty? - video - voice - data

- video

207. What type of traffic is described as requiring at least 384 Kbps of bandwidth? - voice - data - video

- video

181. To avoid purchasing new hardware, a company wants to take advantage of idle system resources and consolidate the number of servers while allowing for multiple operating systems on a single hardware platform. What service or technology would support this requirement? - data center - cloud services - virtualization - dedicated servers

- virtualization

194. What type of traffic is described as being able to tolerate a certain amount of latency, jitter, and loss without any noticeable effects? - voice - video - data

- voice

156. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.16.91.0 255.255.255.192. What wildcard mask would the administrator use in the OSPF network statement? - 0.0.31.255 - 0.0.0.63 - 0.0.15.255 - 0.0.7.255

0.0.0.63

158. Refer to the exhibit. Which two configurations would be used to create and apply a standard access list on R1, so that only the 10.0.70.0/25 network devices are allowed to access the internal database server? (Choose two.) A. R1(config)# interface GigabitEthernet0/0 R1(config-if)# ip access-group 5 out B. R1(config)# access-list 5 permit 10.0.54.0 0.0.1.255 C. R1(config)# interface Serial0/0/0 R1(config-if)# ip access-group 5 in D. R1(config)# access-list 5 permit 10.0.70.0 0.0.0.127 E. R1(config)# access-list 5 permit any

A. R1(config)# interface GigabitEthernet0/0 R1(config-if)# ip access-group 5 out D. R1(config)# access-list 5 permit 10.0.70.0 0.0.0.127