CCNA BOSS BATTLE
which of the following is an HSRP Virtual Mac Address? 0000.5e00.010b 01:00:0c:cc:cc:cc 01:80:c2:00:00:03 0000.0c07.ac0a
0000.0c07.ac0a
What are the two format options for PSKs?
ASCll and Hex
What is a function of Opportunistic Wireless Encryption in an environment? A. provide authentication B. offer compression C. protect traffic on open networks D. increase security by using a WEP connection
C. protect traffic on open networks Explanation The purpose of OWE based authentication is avoid open unsecured wireless connectivity between the AP's and clients. The OWE uses the Diffie-Hellman algorithms based Cryptography to setup the wireless encryption.
Which QoS profile should be used for VOIP over wireless?
Gold (video) Platinum (VOIP) Silver/ Best Effort Bronze/Background
Can a connection be made with OSPF if the mtu is different?
NO
Northbound API uses _______ Southbound API uses _______
North REST South Open Flow and NETCONF
Where should access lists be placed? Standard IP access list should be placed close to _______ Extended IP access lists should be placed close to the _______
Standard IP access list should be placed close to destination. Extended IP access lists should be placed close to the source.
Which interface type enables an application running on a client to send data over an IP network to a server? A. northbound interface B. southbound interface C. Representational State Transfer application programming interface D. application programming interface
d. application programming interface
802.11 goes with what and has what three types of frames
goes with wifi and management, data frame, and control frame management - beacon - probe - authentication - association control -
How do you change the transmission frequency for LLDP? lldp holdtime lldp reinit lldp tlv-select lldp timer
lldp timer
What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two) A. when the sending device waits 15 seconds before sending the frame again B. when the cable length limits are exceeded C. when one side of the connection is configured for half-duplex D. when Carrier Sense Multiple Access/Collision Detection is used E. when a collision occurs after the 32nd byte of a frame has been transmitted
when the cable length limits are exceeded . when one side of the connection is configured for half-duplex Explanation A late collision is defined as any collision that occurs after the first 512 bits (or 64th byte) of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC. Late collisions should never occur in a properly designed Ethernet network. They usually occur when Ethernet cables are too long or when there are too many repeaters in the network.
Which MAC address is recognized as a VRRP virtual address? A. 0000.5E00.010a B. 0005.3711.0975 C. 0000.0C07.AC99 D. 0007.C070.AB01
0000.5E00.010a
Which signal frequency appears 60 times per minute? A. 1 GHz signal B. 60 Hz signal C. 1 Hz signal D. 60 GHz signal
1 Hz signal
What is the maximum bandwidth of a T1 point-to-point connection? A. 2.048 Mbps B. 34.368 Mbps C. 1.544 Mbps D. 43.7 Mbps in
1.544 Mbps T1: 1.544 Mbps + 10BaseT: 10 Mbps + 100BaseT (often referred to as FastEthernet): 100Mbps
With REST API, which standard HTTP header tells a server which media type is expected by the client? A. Accept: application/json B. Accept-Encoding: gzip, deflate C. Content-Type: application/json; charset=utf-8 D. Accept-Patch: text/example; charset=utf-8
A. Accept: application/json
What is the advantage of separating the control plane from the data plane within an SDN network? A. decreases overall network complexity B. limits data queries to the control plane C. reduces cost D. offloads the creation of virtual machines to the data plane
A. decreases overall network complexity Explanation Software Defined Networking (SDN) has redefined the way data center networks are deployed and function. The ability to separate the control plane and data plane has lead to simpler design and easy management.
C. switch(config)#lldp port-description D. switch(config-line)#lldp port-description
An engineer needs to configure LLDP to send the port description time length value (TLV). What command sequence must be implemented? A. switch(config-if)#lldp port-descriptionwrong B. switch#lldp port-description C. switch(config)#lldp port-description Explanation Use the switch(config)#lldp port-description option to specify the port description TLV messages.
R1#show run! router ospf 1 auto-cost reference-bandwidth 100000 !interface GigabitEthernet0/0 bandwidth 10000000 !interface GigabitEthernet0/1 bandwidth 100000000 !interface GigabitEthernet0/2 ip ospf cost 100 !interface GigabitEthernet0/3 ip ospf cost 1000 Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to direct traffic, an engineer verified that each of the four Gigabit interfaces has the same route to 10.10.0.0/16. Which interface will R1 choose to send traffic to reach the route? A. GigabitEthernet0/2 B. GigabitEthernet0/1 C. GigabitEthernet0/0 D. GigabitEthernet0/3
B. GigabitEthernet0/1 Explanation The reference bandwidth in terms of Mbits per second so "auto-cost reference-bandwidth 100000" means 100Gbps or 1011bps. The "bandwidth" under interface mode is configured in in kilobits. Therefore: + Interface G0/0 (bandwidth 1010 bps): Cost = 1011 / 1010 = 10+ Interface G0/1 (bandwidth 1011 bps): Cost = 1011 / 1011 = 1+ Interface G0/2″ Cost = 100+ Interface G0/3″ Cost = 1000 -> R1 will choose the lowest cost path which is interface G0/1
How does the dynamically-learned MAC address feature function? A. It requires a minimum number of secure MAC addresses to be filled dynamically B. The CAM table is empty until ingress traffic arrives at each port C. The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses D. Switches dynamically learn MAC addresses of each connected CAM table
B. The CAM table is empty until ingress traffic arrives at each port Explanation The MAC addresses in the CAM table are the source MAC addresses only. Therefore it only learns MAC address from ingress traffic
Which two QoS tools are used to guarantee minimum bandwidth to certain traffic? (Choose two) A. FIFO B. WFQ C. CBWFQ D. RSVP E. LLC
B. WFQ C.. CBWFQ First-in, first-out (FIFO): FIFO entails no concept of priority or classes of traffic. With FIFO, transmission of packets out the interface occurs in the order the packets arrive, which means no QoS Weighted fair queueing (WFQ): offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. In standard WFQ, packets are classified into flows according to one of four criteria: the source Internet Protocol address (IP address), the destination IP address, the source Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port, or the destination TCP or UDP port. Class-based weighted fair queueing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, access control lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class. Once a class has been defined according to its match criteria, you can assign it characteristics. To characterize a class, you assign it bandwidth, weight, and maximum packet limit. The bandwidth assigned to a class is the guaranteed bandwidth delivered to the class during congestion. The Resource Reservation Protocol (RSVP) protocol allows applications to reserve bandwidth for their data flows. It is used by a host, on the behalf of an application data flow, to request a
What is a role of wireless controllers in an enterprise network? A. provide secure user logins to devices on the network B. centralize the management of access points in an enterprise network C. support standalone or controller-based architectures D. serve as the first line of defense in an enterprise network
B. centralize the management of access points in an enterprise network
When using Rapid PVST+, which command guarantees the switch is always the root bridge for VLAN 200? A. spanning-tree vlan 200 root primary B. spanning-tree vlan 200 priority 0 C. spanning-tree vlan 200 priority 614440 D. spanning-tree vlan 200 priority 38572422
B. spanning-tree vlan 200 priority 0
what is a BPDU Guard and should it be accepted?
BPDUs should never be received because receipt of a BPDU indicates that another bridge or switch is connected to the port, potentially causing a spanning tree loop. When it is enabled, BPDU Guard puts the port in an errdisabled (error-disabled) state upon receipt of a BPDU. This effectively shuts down the port. The BPDU Guard feature provides a secure response to invalid configurations because you must manually put the interface back into servic
Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being automatically logged out? A. config serial timeout 9600 B. config sessions timeout 0 C. config serial timeout 0 D. config sessions maxsessions 0 
C. config serial timeout 0 Explanation The CLI automatically logs you out without saving any changes after 5 minutes of inactivity. You can set the automatic logout from 0 (never log out) to 160 minutes using the config serial timeout command. To prevent SSH or Telnet sessions from timing out, run the config sessions timeout 0 command. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_011.html This question asks about the serial session so the first command is the correct answer
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router? A. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 10 in ! ip access-list standard 10 permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22 B. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 110 in ! ip access-list standard 110 permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1 C. line vty 0 15 access-class 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22 D. line vty 0 15 access-group 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22
C. line vty 0 15 access-class 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22 Explanation When applying access-list to line vty we must use "access-class", not "access-group". Subnet 10.139.58.0/28 converts to wildcard mask is 10.139.58.0 0.0.0.15. And we have to use port 22 as the destination port.
Which action must be taken to ensure that router A is elected as the DR for OSPF area 0? A. Configure router B and router C as OSPF neighbors of router A. B. Configure the router A interfaces with the highest OSPF priority value within the area. C. Configure router A with a fixed OSPF router ID. D. Configure the OSPF priority on router A with the lowest value between the three routers
Configure the router A interfaces with the highest OSPF priority value within the area. C. Configure router A with a fixed OSPF router ID. D. Configure the OSPF priority on router A with the lowest value between the three routers Explanation The router with the highest OSPF priority on a segment will become the DR for that segment
show ip route | begin gateway what letter is for EIGRP C - connected L - Local O - OSPF - EIGRP
D
Which two primary drivers support the need for network automation? (Choose two) A. Reducing hardware footprint B. Eliminating training needs C. Increasing reliance on self-diagnostic and self-healing D. Providing a single entry point for resource provisioning E. Policy-derived provisioning of resources
D. Providing a single entry point for resource provisioning E. Policy-derived provisioning of resources
An engineer must configure R1 for a new user account. The account must meet these requirements:* It must be configured in the local database.* The username is engineer2* It must use the strongest password configurable. Which command must the engineer configure on the router? A. R1(config)# username engineer2 privilege 1 password 7 test2021 B. R1(config)# username engineer2 secret 5 password $1$bUu$kZbBS1Pyh4QzwXyZ C. R1(config)# username engineer2 secret 4 $1Sb1Ju$kZbBSlFyh4QxwXyZwrong D. R1(config)# username engineer2 algorithm-type scrypt secret test2021
D. R1(config)# username engineer2 algorithm-type scrypt secret test2021correct Explanation Secret type 4 was determined to have a flaw and was removed in later versions of iOS. Type 4 Passwords should never be used!Secret type 5 uses MD5 which is not secured. Secret type 9 - Scrypt and PBKDF2 (which can be used with "algorithm-type sha256", but it is just a small part of a much larger crypto algorithm) are much slower to compute and take longer to brute force. Currently it is the strongest password configurable in Cisco devices.
Which device controls the forwarding of authentication requests for users when connecting to the network using a lightweight access point? A. wireless access point B. wireless LAN controller C. TACACS server D. RADIOUS Server
D. Radious Server
What is a function of the core and distribution layers in a collapsed-core architecture? A. The router can support HSRP for Layer 2 redundancy in an IPv6 network. B. The core and distribution layers are deployed on two different devices to enable failover. C. The router must use IPv4 and IPv6 addresses at Layer 3. D. The router operates on a single device or a redundant pair.
D. The router operates on a single device or a redundant pair.correct Explanation A "collapsed core" is when the distribution layer and core layer functions are implemented by a single device. Reference: https://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=4 But in reality, we often use redundant pair to increase reliability.
What is the function of a hub-and-spoke WAN topology? A. provides direct connections between subscribers B. supports Layer 2 VPNs C. supports application optimization D. allows access restrictions to be implemented between subscriber sites
D. allows access restrictions to be implemented between subscriber sites
What role does a hypervisor provide for each virtual machine in server virtualization? A. software-as-a-service B. infrastructure-as-a-service C. services as a hardware controller D. control and distribution of physical resources
D. control and distribution of physical resources Explanation Each virtual machine has its own set of virtual hardware (RAM, CPU, NIC) upon which an operating system and fully configured applications are loaded. The operating system sees a consistent, normalized set of hardware regardless of the actual physical hardware components
A company is configuring a failover plan and must implement the default routes in such a way that a floating static route will assume traffic forwarding when the primary link goes down. Which primary route configuration must be used? A. ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked B. ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernet1/0 C. ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating D. ip route 0.0.0.0 0.0.0.0 192.168.0.2
D. ip route 0.0.0.0 0.0.0.0 192.168.0.2
Question 17 An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network. Which feature must be enabled and configured to prevent connection issues with the printer? A. static IP tunneling B. client exclusion C. DHCP address assignment D. passive client
D. passive client Explanation Passive clients are wireless devices, such as scales and printers that are configured with a static IP address. These clients do not transmit any IP information such as IP address, subnet mask, and gateway information when they associate with an access point. As a result, when passive clients are used, the controller never knows the IP address unless they use the DHCP. Since the wireless controller does not have any IP related information about passive clients, it cannot respond to any ARP requests. The current behavior does not allow the transfer of ARP requests to passive clients. Any application that tries to access a passive client will fail. The passive client feature enables the ARP requests and responses to be exchanged between wired and wireless clients. This feature when enabled, allows the controller to pass ARP requests from wired to wireless clients until the desired wireless client gets to the RUN state
Question 8 Which PoE mode enables powered-device detection and guarantees power when the device is detected? A. active B. dynamic C. auto D. static
D. static Explanation static—Enables powered-device detection. Pre-allocate (reserve) power for a port before the switch discovers the powered device. The switch reserves power for this port even when no device is connected and guarantees that power will be provided upon device detection. Note: "auto" - Enables powered-device detection; if enough power is available, allocates power to the PoE port after device detection (default setting)." The answer "auto" is not correct as "auto" only allocates power "if enough power is available".
Which port type does a lightweight AP use to connect to the wired network when configured in FlexConnect mode with local switching and VLAN tagging? A. LAG B. EtherChannel C. access D. trunk
D. trunk Explanation Local Switched: Locally-switched WLAN's (the SSID you are connected to) will map their wireless user traffic to a VLAN via 802.1Q trunking to a local switch adjacent to the access point.
Which IPv6 address block sends packets to a group address rather than a single address? 2000::/3 FE80::/10 FC00::/7 FF00::/8
FF00::/8
Which AP mode still supports clients after a CAPWAP tunnel fails? CAPWAP- Control And Provisioning of Wireless Access Protocol that enables a WLC to manange a collection of wirelless termination points.
FlexConnect
1 provides for one-to-one communication 2 allows sites to be combined without address conflicts 3 is a counterpart of private IPv4 addresses 4 is publicly routable in the same way as IPv4 addresses Global Unicast Address _________ __________ Unique Local ______ ________ (match the number to the space)
Global Unicast Address+ provides for one-to-one communication+ is publicly routable in the same way as IPv4 addresses Unique Local+ allows sites to be combined without address conflicts+ is a counterpart of private IPv4 addresses
Which action is taken by a switch port enabled for PoE power classification override? A. When a powered device begins drawing power from a PoE switch port a syslog message is generated B. As power usage on a PoE switch port is checked data flow to the connected device is temporarily paused C. If a switch determines that a device is using less than the minimum configured power it assumes the device has failed and disconnects D. If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled
If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled Answer: D Explanation PoE monitoring and policing compares the power consumption on ports with the administrative maximum value (either a configured maximum value or the port's default value). If the power consumption on a monitored port exceeds the administrative maximum value, the following actions occur: + A syslog message is issued. + The monitored port is shut down and error-disabled. + The allocated power is freed
How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap? A. It allows the administrator to assign channels on a per-device or per-interface basis. B. It segregates devices from different manufacturers onto different channels. C. It analyzes client load and background noise and dynamically assigns a channel. D. It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points
It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points
What is a benefit of VRRP? A. It provides the default gateway redundancy on a LAN using two or more routers. B. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision. C. It allows neighbors to share routing table information between each other. D. It provides traffic load balancing to destinations that are more than two hops from the source
It provides the default gateway redundancy on a LAN using two or more routers.
Which cable type must be used to interconnect one switch using 1000 BASE-SX GBIC modules and another switch using 1000 BASE-SX SFP modules? A. SC to ST B. LC to LC C. LC to SC D. SC to SC
LC to SC GBIC and SFP are both hot-swappable input/output devices that plug into a physical port or a slot. GBIC is commonly used with Gigabit Ethernet and Fibre Channel. But its applications are not limited to these two types. There is also Fast Ethernet (FE) GBIC, BIDI GBIC, CWDM GBIC, DWDM GBIC, etc. Generally, GBIC is with the SC connector. SFP came into existence later than GBIC. SFP transceivers are designed to support SONET (Synchronous Optical Network), Gigabit Ethernet, Fibre Channel, and other communications standards. It is usually with LC connector. SFP is also known as mini-GBIC because it has the same functionality as GBIC but in a smaller form factor.
Which mode allows access points to be managed by Cisco Wireless LAN controllers? mobility express lightweight bridge autonomous
Lightweight
what are the speeds for T1: + 10BaseT: + 100BaseT (often referred to as FastEthernet):
T1: 1.544 Mbps + 10BaseT: 10 Mbps + 100BaseT (often referred to as FastEthernet): 100Mbps
TCP - - - - UDP: - - - - DNS SMTP SMNP HTTP RTP Telnet
TCP: + SMTP + HTTP + Telnet UDP: + DNS + SNMP + RTP
Which condition must be met before an NMS handles an SNMP trap from an agent? A. The NMS must receive the same trap from two different SNMP agents to verify that it is reliable B. The NMS must receive a trap and an inform message from the SNMP agent within a configured interval C. The NMS software must be loaded with the MIB associated with the trap D. The NMS must be configured on the same router as the SNMP agent
The NMS software must be loaded with the MIB associated with the trap
Refer to the exhibit. What is the result if Gig1/11 receives an STP BPDU? switch(config)#interface gigabitEthernet 1/11 switch(config-if)#switchport mode access switch(config-if)#spanning-tree portfast switch(config-if)#spanning-tree bpduguard enable A. The port goes into error-disable state B. The port transitions to the root port C. The port transitions to STP blocking D. The port immediately transitions to STP forwarding
The port goes into error-disable state Explanation BPDU Guard feature allows STP to shut an access port in the event of receiving a BPDU and put that port into err-disabled state
What is the same for both copper and fiber interfaces when using SFP modules? A. They support an inline optical attenuator to enhance signal strength B. They accommodate single-mode and multi-mode in a single module C. They offer reliable bandwidth up to 100 Mbps in half duplex mode D. They provide minimal interruption to services by being hot-swappable
They provide minimal interruption to services by being hot-swappable
QOS traffic handling
Traffic classification—Uses certain match criteria to assign packets with the same characteristics to a class. Based on classes, you can provide differentiated services. Traffic policing—Polices flows entering or leaving a device, and imposes penalties on traffic flows that exceed the pre-set threshold to prevent aggressive use of network resources. You can apply traffic policing to both incoming and outgoing traffic of a port. Traffic shaping—Proactively adapts the output rate of traffic to the network resources available on the downstream device to eliminate packet drops. Traffic shaping usually applies to the outgoing traffic of a port. Congestion management—Provides a resource scheduling policy to determine the packet forwarding sequence when congestion occurs. Congestion management usually applies to the outgoing traffic of a port. Congestion avoidance—Monitors the network resource usage, and is usually applied to the outgoing traffic of a port. When congestion worsens, congestion avoidance reduces the queue length by dropping packets.
Which type of hypervisor operates without an underlying OS to host virtual machines? A. Type 3 B. Type 2 C. Type 12 D. Type 1
Type 1 There are two types of hypervisors: type 1 and type 2 hypervisor. In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server. Then instances of an operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware resources. Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware vSphere/ESXi, Oracle VM Server, KVM and Microsoft Hyper-V. In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. A big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on Windows).
Which two server types support domain name to IP address resolution? (Choose two) A. authoritative B. resolver C. file transfer D. ESX host E. web
Which two server types support domain name to IP address resolution? (Choose two) A. authoritativecorrect B. resolvercorrect All DNS servers fall into one of four categories: Recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers.
Does an Access Point connect with an ethernet and do they use Ethernet standards
YES
Convert 12-di-c2-00-01 to EUI-64 format of the 2001:db8:d955:1008::/64 network. A. 2001:db8:d955:1008:10D8:BAFF:FEC2:1 B. 2001:db8:d955:1008:12D8:BAFE:FF01:1 C. 2001:db8:d955:1008:1030:ABFF:FECC:1 D. 2001:db8:d955:1008:4635:278F:FE95:1
a. A. 2001:db8:d955:1008:10D8:BAFF:FEC2:1 The EUI-64 format must have "FF:FE" in the middle of the MAC address of E0/1 interface of R2 and "C2:1" (means "C2:0001") at the end -> Only answer '2001:db8:d955:1008:10D8:BAFF:FEC2:1' is correct.
What is an advantage of Cisco DNA Center versus traditional campus device management? A. It supports numerous extensibility options including cross-domain adapters and third-party SDKs B. It is designed primarily to provide network assurance C. It supports high availability for management functions when operating in cluster mode D. It enables easy autodiscovery of network elements m a brownfield deployment
a. it supports numerous extensibility options including cross domain adapters and third party SDK
allows for packet captures of wireless traffic allows the access point to communicate with the WLC over a WAN link receive only mode which acts as a dedicated sensor for RFID and IDS preferred for connecting access points in a mesh environment transmits normally on one channel and monitors other channels for noise and interference rmonitor for rogue APs, does not handle data at all MATCH THE TERM WITH THE DEF monitor mode bridge mode Flexconnect mode local mode rogue detector mode sniffer mode
allows for packet captures of wireless traffic: sniffer mode+ allows the access point to communicate with the WLC over a WAN link: Flexconnect mode+ receive only mode which acts as a dedicated sensor for RFID and IDS: monitor mode+ preferred for connecting access points in a mesh environment: bridge mode+ transmits normally on one channel and monitors other channels for noise and interference: local mode+ monitor for rogue APs, does not handle data at all: rogue detector mode
Which security method is used to prevent man-in-the-middle attack? A. authentication B. anti-replay C. accounting D. authorization
anti-replay anti-replay protocol provides Internet Protocol (IP) packet-level security by making it impossible for a hacker to intercept message packets and insert changed packets into the data stream between a source computer and a destination computer. How does the anti-replay protocol work? The answer to preventing replay attacks is encrypting messages and including a key. IPsec provides anti-replay protection against attackers who could potentially intercept, duplicate or resend encrypted packets. The mechanism uses a unidirectional security association to establish a secure connection between the source and destination nodes in the network and check whether a received message is a replayed message. It works by assigning a monotonically increasing sequence number to each encrypted packet and then keeping track of the sequence numbers as packets arrive at the destination
Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access circuits fail? A. FHRP B. HSRP C. SLB D. VRRP
b. HSRP
Which function generally performed by a traditional network device is replaced by a software-defined controller? A. encryption and decryption for VPN link processing B. building route tables and updating the forwarding table C. encapsulation and decapsulation of packets in a data-link framewrong D. changing the source or destination address during NAT operations
b. building route tables and updating the forwarding table
How does Cisco DNA Center gather data from the network? A. The Cisco CU Analyzer tool gathers data from each licensed network device and streams it to the controllerwrong B. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller C. Devices establish an iPsec tunnel to exchange data with the controller D. Devices use the call-home protocol to periodically send data to the controller
b. network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
Which access layer threat-mitigation technique provides security based on identity? A. DHCP snooping B. using a non-default native VLAN C. 802.1x D. Dynamic ARP Inspection
c. 802.1x 802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
Which QoS feature drops traffic that exceeds the committed access rate? A. FIFO B. shaping C. policing D. weighted fair queuing
c. policing policing: is used to control the rate of traffic flowing across an interface. During a bandwidth exceed, the excess traffic is generally dropped or remarked.
Which IPv6 address type provides communication between subnets and cannot route on the internet? a. multicast b. global unicast c. unique local d. link-local
c. unique local
Which plane is centralized by an SDN controller? A. control plane B. management planewrong C. services plane D. data plane
control plane
Question 4 Which network plane is centralized and manages routing decisions? A. management plane B. data plane C. policy plane D. control plane
control plane What is the data plane? In a network, the data plane is sometimes known as the user plane, forwarding plane, carrier plane, data path or bearer plane. It refers to all the processes that are responsible for forwarding packets from one interface to another -- source to destination -- based on the control plane's logic. Thus, the data plane depends on the control plane to function. The primary function of the data plane is to carry the network's user traffic, or data packets, and transit the packets while applying some action to them. These actions are always applied on the basis of rules that are programmed into routing tables. What is the management plane? The management plane, which carries administrative traffic, is considered a subset of the control plane. It is a logical entity where network devices such as switches, routers, web interfaces, command-line interfaces (CLI) and shells are configured and monitored. In this plane, the traffic used to access, manage and monitor the network elements is defined, along with all the network's provisioning, maintenance and monitoring functions. The management plane runs on the same processor as the control plane. It always includes receive packets that are generated and consumed by the management processes running on the router
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface? A. disable the EUI-64 bit process B. configure a stateful DHCPv6 server on the network C. explicitly assign a link-local address D. enable SLAAC on an interface
d. enable SLAAC on an interface
https://drive.google.com/file/d/1hZT_AT8yUzv9cjDXfa4be6gbCht-TxB5/view?usp=sharing Wireless LAN access must be set up to force all clients from the NA WLAN to authenticate against the local database. The WLAN is configured for local EAP authentication. The time that users access the network must not be limited. Which action completes this configuration? A. Check the Guest User Role check box B. Set the Lifetime (seconds) value to 0wrong C. Clear the Lifetime (seconds) value D. Uncheck the Guest User check box
d. uncheck the guest user check box The users created in the "Local Net Users" are stored in the local database. With the "Guest User" check box enabled, we have to set the time for that user. The "Lifetime" is the amount of time that the guest user account is to remain active. The valid range is 60 to 2,592,000 seconds (30 days) inclusive, and the default setting is 86,400 seconds. If we don't want to limit the time for that user, uncheck the "Guest User" check box.
Pagp modes LAGP modes LAG mode (for WLC)
desirable pagp auto pagp passive lagp activelagp on LAG WLC
Which port state is unique to rapid spanning tree? blocking learning discarding forwarding
discarding
What is a requirement for nonoverlapping WI-FI channels? A. discontinuous frequency ranges B. different transmission speeds C. unique SSIDs D. different security settings
discontinuous frequency ranges Each channel on the 2.4 GHz spectrum is 20 MHz wide. The channel centers are separated by 5 MHz, and the entire spectrum is only 100 MHz wide. This means the 11 channels have to squeeze into the 100 MHz available, and in the end, overlap. Channels 1, 6, and 11, however, are far enough from each other on the 2.4GHz band that they have sufficient space between their channel centers and do not overlap.
Syslog SNMP Levels 0 1 2 3 4 5 6 7 Every Awesome Cisco Employee Will Need Icecream Daily
emergencies 0 alerts 1 critical 2 errors 3 warnings 4 notification 5 informational 6 debugging 7
Which unified access point mode continues to serve wireless clients after losing connectivity to the cisco wireless LAN controller? a. mesh b. sniffer c. flex connect d. local
flex connect
Aside from discarding, which two states does the switch port transition through while using RSTP (802.1w)? (Choose two) A. learning B. listening C. forwarding D. blocking E. speaking
forwarding and speaking wrong Explanation There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D blocking, and listening states are merged into the 802.1w discarding state. * Discarding - the port does not forward frames, process received frames, or learn MAC addresses - but it does listen for BPDUs (like the STP blocking state) * Learning - receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP). * Forwarding - receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP). STP State (802.1d) RSTP State (802.1w) Blocking Discarding Listening Discarding Learning Learning Forwarding Forwarding Although the learning state is also used in RSTP but it only takes place for a short time as compared to STP. RSTP converges with all ports either in forwarding state or discarding state
An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine? network as a service software as a service infrastructure as a service platform as a service
infrastructure-as-a-service
What does a switch use to build its MAC address table? A. egress traffic B. DTP C. VTPwrong D. ingress traffic
ingress traffic
which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC address of an interface? a. ipv6 address 2001:068:5:112:2/64 link-local b. ipv6 address autoconfig c. ipv6 address dhcp d. ipv6 address 2001:068:5:112::64 eui-64
ipv6 address autoconfig
What is a benefit of using Cisco Wireless LAN controller? a. central AP management requires more complex configurations b. it eloiminates the need to configure each access point individually c. unique SSID's cannot use the same authentication. d. It supports autonomous and lightweight APs
it eliminates the need to configure each access point individually
How does router R1 handle traffic to 192.168.10.16? R1# show ip route D 192.168.10.0/24 [90/2679326] via 192.168.1.1 R 192.168.10.0/27 [120/3] via 192.168.1.2 O 192.168.10.0/28 [110/2] via 192.168.1.3 i L1 192.168.10.0/13 [115/30] via 192.168.1.4 A. It selects the RIP route because it has the longest prefix: inclusive of the destination address B. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address C. It selects the EIGRP route because it has the lowest administrative distance D. It selects the OSPF route because it has the lowest cost
it selects the RIP route because it has the longest prefix: inclusive of the destination address Note: The "O 192.168.10.0/28" route ranges from 192.168.10.0 to 192.168.10.15 only so it does not include destination 192.168.10.16 so OSPF route is not the correct answer.
Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol? A. lightweight B. route C. autonomous D. bridge 
lightweight Explanation Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight + Autonomous: self-sufficient and standalone. Used for small wireless networks. + Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other via a logical pair of CAPWAP tunnels
Which access point mode relies on a centralized controller tor management, roaming, and SSID configuration? A. bridge mode B. lightweight mode C. autonomous mode D. repeater mode
lightweight mode the term lightweight refers to the fact that these devices cannot work independently. A Cisco lightweight AP (LAP) has to join a Wireless LAN controller TO FUNCTION!!!!!
which two spanning-tree states are bypassed on an interface running portfast? (Choose two) a. disabled b. listening c. learning d. forwarding e. blocking
listening learning Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state immediately or upon a linkup event, thus bypassing the listening and learning states.
What is the function of the controller in a software defined network? A. fragmenting and reassembling packets B. multicast replication at the hardware level C. forwarding packetswrong D. making routing decisions
making routing decisions
what 802.11 frame type is association response?
management
What is desirable for large 802.11n networks? a. overlapping channels b. single channel c. nonoverlapping channels
nonoverlapping channels
What is a feature of TFTP? A. provides secure data transfer B. relies on the well-known TCP port 20 to transmit data C. uses two separate connections for control and data traffic D. offers anonymous user login ability
offers anonymous user login ability TFTP is a simple protocol for transferring files, implemented on top of the UDP/IP protocols using well-known port number 69 -> Answer 'provides secure data transfer' and answer 'relies on the well-known TCP port 20 to transmit data' are not correct. TFTP has no session control -> Answer 'uses two separate connections for control and data traffic' is not correct.
Which type of security program is violated when a group of employees enters a building using the ID badge of only one person? A.physical access control B.user Which type of security program is violated when a group of employees enters a building using the ID badge of only one person C.network authorization D.intrusion detection
physical access control
What is a characteristic of encryption in wireless networks? A. converts electrical current to radio waves B. prevents the interception of data as it transits a network C. provides increased protection against spyware D. uses policies to prevent unauthorized users
prevents the interception of data as it transits a network Data encryption protects the vulnerable wireless link between client devices and access points by encrypting all data in the transmission.
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two) a. QoS settings b. ip address of one or more access points. c. profile name d. SSID d. management interface settings
profile name SSID
Wireless LAN Controller
provides centralized management and security makes forwarding decisions when in LWAPP mode Lightweight (LWAPP) Mode: Centrally managed by a Wireless LAN Controller (WLC). LWAPP was invented in 2001 as a mean for an AP and a controller to exchange control and data, by a company called Airespace. When Cisco acquired Airespace in 2005, they sponsored an effort to standardized this protocol. LWAPP was offered as a basis to a something IETF already working on called Control and Provisioning of Access Points (CAPWAP). After about 2 years of re-crafting, the slightly modified and improved, CAPWAP protocol came out, intended as being an RCC, therefore available to anyone. Cisco integrated CAPWAP into their solution.
What does a router do when configured with the default DNS lookup settings, and a URL is entered on the CLI? A. prompts the user to specify the desired IP address B. sends a broadcast message in an attempt to resolve the URL C. continuously attempts to resolve the URL until the command is cancelled D. initiates a ping request to the URL
sends a broadcast message in an attempt to resolve the URL Explanation With default DNS lookup settings, the router will sends broadcast message to resolve an URL R1#test Translating 'test'...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address In the output above we typed an unrecognized command "test". The router entered the DNS resolution process which lasted about a minute
cdp default send and hold timers? also, how do you disable cdp globally and on an interface?
sent cdp packets every 60 seconds a holdtime value of 180 seconds (config)# no cdp run (config-if)# no cdp enable
show snmp group: + show snmp community: + show snmp chassis: + show snmp engineID: + show snmp host: displays the SNMP security model in use displays the SNMP access string displays the SNMP server serial number displays the IP address of the remote SNMP device displays information about the SNMP recipient
show snmp group: displays the SNMP security model in use + show snmp community: displays the SNMP access string + show snmp chassis: displays the SNMP server serial number + show snmp engineID: displays the IP address of the remote SNMP device + show snmp host: displays information about the SNMP recipient
Which command implies the use of SNMPv3? A. snmp-server host B. snmp-server community C. snmp-server user D. snmp-server enable traps
snmp-server user Only SNMPv3 requires to add a SNMP user to a group to work. Note: "community" string is the password which is used in SNMPv1 & v2. "snmp-server host" command can be used by both SNMPv2 & v3.
How does CAPWAP communicate between an access point in local mode and a WLC? A. The access point has the ability to link to any switch in the network, assuming connectivity to the WLC B. The access point must not be connected to the wired network, as it would create a loop C. The access point must directly connect to the WLC using a copper cable D. The access point must be connected to the same switch as the WLC
the access point has the ability to link to any switch in the network, assuming connectivity to the WLC
What is a requirement when configuring or removing LAG on a WLC? A. C. The management interface must be reassigned if LAG is disabled. Multiple untagged interfaces on the same port must be supported. B. The incoming and outgoing ports for traffic flow must be specified if LAG is enabled. C. Multiple untagged interfaces on the same port must be supported. D. The controller must be rebooted after enabling or reconfiguring LAG. E. The management interface must be reassigned if LAG is disabled. Explanation
the controller must be rebooted after enabling or reconfiguring LAG Explanation When you enable LAG or make any changes to the LAG configuration, you must immediately reboot the controller.
What is the primary function of a Layer 3 device? A. to analyze traffic and drop unauthorized traffic from the Internet B. to transmit wireless traffic between hosts C. forward traffic within the same broadcast domain D. to pass traffic between different network
to pass traffic between different networks
Why is a first-hop redundancy protocol implemented? A. to prevent loops in a network B. to protect against default gateway failures C. to provide load-sharing for a multilink segment D. to enable multiple switches to operate as a single unit
to protect against default gateway failures
Question 9 What is a function of TFTP in network operations? A. transfers a configuration files from a server to a router on a congested link B. transfers IOS images from a server to a router for firmware upgrades C. transfers a backup configuration file from a server to a switch using a username and password D. transfers files between file systems on a router
transfers IOS images from a server to a router for firmware upgrades 
