CCNA practice 8
42. A router has three routes to the same network: one route from a RIP with a metric of 4, another from OSPF with a metric of 3053092, and another from EIGRP with a metric of 4039043. Which of the three routes will be used for the routing decision? A. EIGRP B. OSPF C. RIP D. All of the above
Enhanced Interior Gateway Routing Protocol (EIGRP) has the lowest administrative distance (AD) of the three protocols. Therefore, regardless of the metric, the lowest AD will always be chosen. All of the other options are incorrect.
98. You just finished creating a script that will interface with Cisco DNA Center via the REST-based API. When you run the script, you receive a 400 status code. What is wrong? A. Nothing, it is okay. B. Forbidden request. C. Bad request. D. Internal server error.
A 400 status code from the REST-based service means that it is a bad request. The data being sent to the REST-based service could be wrong or wrongly formatted. A 200 status code is used to signify that everything is okay and nothing is wrong. A forbidden request will return a 403 status code. On rare occasions, you may receive a 500 status code; this signifies that there is an internal server error.
100. Which statement best describes how the JSON file format starts and ends? A. A JSON file starts with double quotes and ends with double quotes. B. A JSON file starts with single quotes and ends with single quotes. C. A JSON file starts with square brackets and ends with square brackets. D. A JSON file starts with curly brackets and ends with curly brackets.
A JavaScript Object Notation (JSON) file starts with curly brackets and ends with curly brackets, also called braces. Inside of the curly brackets, the keys and values are encapsulated in double quotes. Single quotes are not used for formatting purposes with JSON. Square brackets can signify that more than one key-value pair exists for a specific item.
Which device will create broadcast domains and raise effective bandwidth? A. Firewall B. Hub C. Router D. Switch
A router will stop broadcasts by default. If you add a router to a flat network, which is a single broadcast domain, you effectively raise bandwidth by reducing the number of broadcasts. A firewall is a network device that can protect a network from malicious traffic and/or restrict access. A hub is nothing more than a multiport repeater and does not create broadcast domains. A switch is a layer 2 device that creates micro-segmentation.
82. What is a consideration that can restrict GRE tunnel creation? A. The tunnel interface number B. ACLs on the firewall C. Speed of the tunnel D. Number of hops between the source and destination
ACLs are a major consideration since they are neither TCP nor UDP; they are a layer 3 protocol of their own. The ACL required for the tunnel creation is permit gre {source} {destination}, which would be for a named access list. The tunnel interface number is only locally significant to the router. The adjoining router will never know the tunnel interface number. Speed of the tunnel is not a consideration that can restrict tunnel creation. Generic Routing Encapsulation (GRE) is expressly used to reduce the number of hops between the source and destination. When employed, it allows the remote network to look like it is 1 hop away, so the number of hops between the source and destination is not a consideration that can restrict tunnel creation.
63. Which statement is true of routers in the same area in regard to OSPF? A. All routers in the same area have the same neighbor table. B. All routers in the same area have the same hello/dead timers. C. All routers in the same area have the same topology table. D. All routers in the same area have the same process IDs.
An area defines a topology inside of the OSPF hierarchy. Since each router in an area calculates its own costs, they all contain the same topological database, or LSDB. It is not true that all the routers in the same area have the same neighbor table. All routers in the same area do not need to share the same hello/dead timers; only their adjacent routers must be configured with matching hello/dead timers. All routers do not need the same process ID, since this is a local value to define the process OSPF is running on the local router.
76. In a basic VLAN hopping attack, which switch feature do attackers take advantage of? A. An open Telnet connection B. Automatic encapsulation negotiation C. Forwarding of broadcasts D. The default automatic trunking configuration
An attacker will take advantage of the automatic trunking configuration of Dynamic Trunking Protocol (DTP). This will allow the attacker to create a trunk with the switch and tag packets so that they can hop onto different VLANs. An open Telnet connection can be eavesdropped on since it is in clear text. Automatic encapsulation negotiation is not a valid term used with switching; therefore, it is an invalid answer. Forwarding of broadcasts is not really an exploit; it is a function of switching. Routers will stop the forwarding of broadcasts.
When SLAAC is performed on an IPv6 host, which process happens first? A. A Router Solicitation message is sent from the client. B. A Router Advertisement message is sent from the router. C. A link-local address is auto-configured on the client. D. DAD is performed on the IPv6 address.
Before a host can communicate via an RS packet, it first needs a valid IP address. The first address is a link-local address so that it can send an RS packet and receive an RA packet. The client performs Duplicate Address Detection (DAD) on the link-local address. Then a Router Solicitation (RS) message is sent from the client. A Router Advertisement (RA) message is sent from the router to the client with the network ID. The host portion is then configured and DAD is checked again to make sure that the host does not have a duplicate IP address.
52. Which packet forwarding method is the fastest and does not directly use the central processing unit (CPU)? A. Cisco Express Forwarding (CEF) B. Process switching C. Fast switching D. Expedited forwarding
Cisco Express Forwarding (CEF) allows the CPU to initially populate a sort of route cache called the forwarding information base (FIB). Any packets entering the router can be checked against the FIB and routed without the help of the CPU. Process switching and fast switching both use the processor directly to make routing decisions. Expedited forwarding is not a packet routing technique; it is a quality of service (QoS) method and therefore an invalid answer.
85. You need to make a modification to a rule in a standard conventional access list. How can you achieve this? A. Enter the ACL editor and change the entry. B. Remove the entire ACL and add it back with the modification. C. Remove the line number and add the new line number back with the modification. D. Remove the entry with the no command and add it back.
Conventional access lists don't give you the ability to edit a single entry. The entire ACL must be removed and re-added with the correct entry. An alternative to conventional access lists is named access lists. A named access list is referenced by line numbers, which allows for removal and addition of single entries. Unfortunately, the Cisco IOS does not provide an ACL editor for conventional access lists. You can remove the line number and add a new line number back when you use named access lists. However, this functionality is not available for conventional access lists. Conventional access lists can be completely negated with the no command, but you cannot negate a single entry.
What device connects the remote office DSL modem to the telco's PSTN and the Internet? A. DSL access multiplier B. DSL concentrator C. 5ESS switch D. Digital cross-connect system
DSL access multipliers, or DSLAMs, share the local loop with analog phone traffic to intercept communications from the DSL modem. DSLAMs provide the switching of data to the Internet. A DSL concentrator is normally installed at a housing complex or hotel and allows for individual DSL lines to be created. The 5ESS switching system is used for switching plain old telephone system (POTS) calls. A digital cross-connect system is used to connect circuits between the local loop and the provider.
73. Which measurement describes the time a packet takes from source to destination? A. Bandwidth B. Delay C. Jitter D. Loss
Delay is the time it takes for a packet to travel from source to destination, which is a description of one-way delay. Round-trip delay is the time it takes for the packet to travel from source to destination (one-way delay) plus the time it takes for the destination computer to send the packet back to the originating node to form a round trip. Bandwidth is the measured maximum of throughput for a connection. Jitter is the difference between the delay of packets. Loss is the measurement of packets lost in the transfer of data.
69. Which protocol and port number does DNS use for direct queries? A. UDP/53 B. TCP/53 C. UDP/55 D. UDP/68
Domain Name Services (DNS) direct queries are performed over the UDP protocol to port 53. The queries do not require the TCP setup and teardown because the queries are simple request and reply messages, so UDP is used for direct queries. TCP port 53 is used for DNS zone transfers between DNS servers. UDP port 55 is not used for any popular protocols. UDP port 68 is used with the Dynamic Host Configuration Protocol (DHCP).
Which flags are used during the three-way-handshake process for TCP? A. FIN and ACK B. SYN and ACK C. SYN and FIN D. SYN and RDY
During the three-way-handshake, Computer A sends a SYN flag along with its receiving window size and initial sequence number. Then Computer B sends a SYN flag and ACK flag along with its receiving window and acknowledgment of the sequence number. Finally, Computer A sends an ACK flag, which acknowledges the synchronization of Computer B's receiving window. Communication begins and is considered to be in an established state. All of the other options are incorrect.
In the following exhibit, what is field C used for? 7 byte preamble / SFD / Field A / Field B/ Field C/ Field D/ Field E A. The destination MAC address B. The next upper-layer protocol to send the information to C. The beginning of data, also called the start frame delimiter D. The cyclical redundancy checksum value
Field C in the exhibit is the type field. The type field is used to define the upper-layer protocol the data belongs to. The destination MAC address in field A of the exhibit is used for forward filter decisions. The 7-byte preamble and start frame delimiter (SFD) of the frame in the exhibit are used to synchronize timing of the data. The frame checking sequence (FCS) is a cyclical redundancy checksum (CRC) value that can be seen in field E of the exhibit.
If you had limited cable access for the distribution switches, which topology would you need to plan for? A. Star topology B. Full mesh topology C. Partial mesh topology D. Hybrid topology
Generally, office buildings do not have direct runs to each switch closet from the other closets. Although a full mesh is desirable, sometimes only a partial mesh is achievable. Traditional Ethernet-based networks function in a star topology, starting with a switch and connecting each client as a point on the star. A full mesh topology is often found between the core and distribution layers of the Cisco three-tier design model. A hybrid topology is found in many networks today because one topology does not fit all needs throughout the network.
In IPv6, the solicited-node multicast message is used for what? A. Discovery of the gateway B. Discovery of the network ID C. Resolution of the MAC address for an IPv6 address D. Capability discovery of neighboring devices
In IPv6, the solicited-node multicast message is used for resolution of the MAC address for an IPv6 address. The first 104 bits of the 128-bit IPv6 address is ff02::1:ff, and the last 24 bits comprise the last 24 bits of the IPv6 address that needs to be resolved. The solicited-node multicast message is also used for Duplicate Address Detection (DAD). All of the other options are incorrect.
83. Which WAN protocol does not support multicast packets? A. GRE B. IPsec C. PPP D. MPLS
Internet Protocol Security (IPsec) does not support multicast packets. If you require both, you can set up a Generic Routing Encapsulation (GRE) tunnel for the multicast and broadcast traffic, then encrypt only the data over IPsec. However, by itself IPsec does not support multicast or broadcast traffic. The Point-to-Point Protocol (PPP) does not support multicast packets. Multiprotocol Label Switching (MPLS) does not natively support multicast packets.
64. Which OSPF packets contain link-state and routing information? A. Hello packets B. LSA packets C. LSAck packets D. Dead packets
Link-State Advertisement (LSA) packets communicate the topology of the local router with other routers in the OSPF area. The information contained in the LSA packet is a summary of links the local router's topology consists of. Hello packets are used to notify adjacent routers that the link is still valid. The Link State Acknowledgment (LSAck) packets verify that an LSA has been received. Dead packets are not a real type of packet because when a link goes down, there will be an absence of hello packets, tripping the dead time.
35. Which AP mode requires all traffic to be centrally switched at the WLC? A. Monitor mode B. Local mode C. FlexConnect mode D. Central mode
Local mode is a centralized switching mode in which all traffic is first sent to the wireless LAN controller (WLC) to be centrally switched to its intended destination. Monitor mode can be used for analysis of the radio spectrum. FlexConnect mode is a switching mode on the wireless access point (WAP) in which traffic is switched directly to the intended destination. Central mode is not a valid mode, and therefore, it is an invalid answer.
78. Which of the following is a recommended physical security method? A. Locking doors B. Installing antivirus software C. Enabling firewalls D. Applying directory-level permissions
Locking doors is a recommended physical security method. Installing antivirus software is a form of digital protection. Firewalls are considered logical security. Directory-level permissions are considered a form of logical security.
36. Which AP mode supports location-based services but will not serve clients? A. FlexConnect mode B. Monitor mode C. Local mode D. Locate mode
Monitor mode will help support location-based services when used with a wireless LAN controller (WLC), but it will not serve client requests. FlexConnect mode is a switching mode on the wireless access point (WAP) in which traffic is switched directly to the intended destination. Local mode is a centralized switching mode in which all traffic is first sent to the wireless LAN controller to be centrally switched to its intended destination. Locate mode is not a valid mode, and therefore, it is an invalid answer.
80. You have a router that you configured with a password, but you have forgotten the password. You have a copy of a recent configuration, and the password line reads as password 7 06074352EFF6. How can you access the router? A. You must call the Cisco Technical Assistance Center to reverse the password. B. You need to enter the password 06074352EFF6. C. Log into another router and type decrypt-password 06074352EFF6 in privileged exec mode. D. Perform a password recovery on the router.
Once the password has been forgotten, a password recovery must be performed on the router. Although you have the encrypted password, it cannot be reversed, since the configuration now contains a one-way hash of the password. A one-way hash is a form of symmetrical encryption of the password; only the same combination of letters and numbers will produce the same hash. The Cisco Technical Assistance Center (TAC) cannot reverse the password. The hash cannot be used as the password; only the password can be used, and it is then checked against the hash. There is also no command in the operating system such as decrypt-password 06074352EFF6 to decrypt the password.
Which cloud service is likely to be used for software development? A. SaaS B. IaaS C. PaaS D. DRaaS
Platform as a Service (PaaS) is commonly used by software developers. It provides a development platform that the software developer can use to create applications. An example of this is a web server with PHP and MySQL, which is hosted in the cloud. Software as a Service (SAAS) is a software product similar to email or social networking software in which you use the software provided as a service. Infrastructure as a Service (IaaS) allows you to rent infrastructure such as virtual machines (VMs), virtual networks, or even DNS, just to name a few. Disaster Recovery as a Service (DRaaS) is another popular service; you can rent storage and compute power to facilitate a disaster recovery site.
77. Which security mitigation technique can be used to stop a MAC address flooding attack? A. ACLs B. NAT C. Port security D. VLAN access control lists (VACLs)
Port security can prevent MAC address flooding attacks by restricting the number of MAC addresses associated to an interface. This will prevent the Content Addressable Memory (CAM) from being overrun by bogus entries. Access control lists (ACLs) will allow you to control layer 3 and layer 4 network traffic but are not used to prevent MAC address flooding attacks. Network Address Translation (NAT) is also not used to prevent MAC address flooding attacks. VLAN access control lists (VACLs) can be used to control layer 2, 3, and 4 traffic, but they are not used to prevent MAC address flooding attacks.
You are running several web servers in a cloud with a server load balancer. As demand increases, you add web servers. According to the NIST standard of cloud computing, which feature can you use to increase your compute capability for demand? A. Resource pooling B. Measured services C. Broad network access D. Rapid elasticity
Rapid elasticity is the ability to add and remove compute capability in the cloud. As demand increases, compute power can be increased by adding more CPUs or servers. As demand for compute power decreases, CPUs or servers can be removed. Resource pooling is the concept that all of the physical hosts the provider has are pooled together to provide a customer with resources. Measured services is the concept that the provider can determine the amount of computing, network, or storage a customer has used so that they can be billed or a report can be created. Broad network access is the concept that the resources can be accessed from anywhere on the Internet.
43. Why can a route have a destination of an interface rather than an IP address? A. Serial interfaces are point-to-point connections. B. The router on the other side of an interface routes all traffic discovered. C. Routing tables cause the destination address to change. D. All of the above.
Serial interfaces are point-to-point connections. Any traffic directed down the interface will automatically appear on the adjacent router. Routers will not process traffic normally unless Proxy ARP is configured for the interface. All of the other options are incorrect.
88. Which authentication method will allow an authenticated user to access only certain commands on a router or switch? A. TACACS+ B. AAA C. RADIUS D. 802.1X
TACACS+ will allow for authentication of users, and it also provides a method of restricting users to specific commands. This allows for much more granular control of lower-level administrators. Authentication, authorization, and accounting (AAA) servers, also known as Remote Authentication Dial-In User Service (RADIUS) servers, are generally configured to enable access for routers or switches. The 802.1X protocol is not used to authenticate users for management access in routers or switches. The 802.1X protocol is used to control access to layer 2 switched ports.
In which zone should an email server be located? A. Inside zone B. Outside zone C. DNS zone D. DMZ
Since the email server needs access to the Internet to send and receive mail, it should be placed in the demilitarized zone (DMZ). This will also allow access to internal clients in the inside zone. The inside zone is the private, or internal, network. The outside zone contains access for the public Internet, also called the perimeter or external network. A DNS zone is a database that serves resource records for an FQDN and has nothing to do with firewalls.
What is the process of stateful DHCPv6 for IPv6? A. Discover, Offer, Request, Acknowledge B. Solicit, Advertise, Request, Reply C. Neighbor Solicitation, Neighbor Advertisement D. Router Solicitation, Router Advertisement
Stateful DHCPv6 uses a process similar to DORA for IPv4. However, IPv6 uses multicast in lieu of broadcasts via the DHCPv6 Solicit multicast address. The Discover, Offer, Request, and Acknowledge (DORA) process only happens with IPv4 via broadcasts. Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages are used with the Neighbor Discovery Protocol (NDP). Router Solicitation (RS) and Router Advertisement (RA) messages are used with Stateless Autoconfiguration (SLAAC).
67. Which type of NAT is used for one-to-one mapping between local and global addresses? A. Dynamic NAT B. Static NAT C. NAT Overloading D. Symmetric NAT
Static Network Address Translation (NAT) is a one-to-one mapping between a local (private) and global (public) IP address. This is used for servers, such as web servers and email servers, so that they are Internet reachable. Dynamic NAT creates a dynamic association between local and global addresses for a specific period of time. NAT Overloading, also known as Port Address Translation (PAT), creates a dynamic mapping to a pool of IP addresses or an individual IP address using the source and destination ports of the packet. Symmetric NAT is NAT Overloading where the source port and destination port are mapped to the same matching global source port and destination port.
Which devices create collision domains, raising effective bandwidth? A. Firewalls B. Hubs C. Routers D. Switches
Switches create collision domains by isolating the possibility of a collision to the segment it is transmitting to or receiving frames from. This in turn raises effective bandwidth for the rest of the segments. A firewall is a network device that can protect a network from malicious traffic and/or restrict access. A hub is nothing more than a multiport repeater and does not create broadcast domains. A router is a network device that routes layer 3 packets.
81. Which port must be open to the RADIUS or AAA server for authentication from the authenticator? A. UDP/49 B. UDP/1821 C. UDP/1812 D. UDP/1813
The AAA server listens for requests on UDP port 1812 for authentication of credentials. UDP port 49 is not correct and is not associated with a popular protocol. UDP port 1821 is not correct and is also not associated with a popular protocol. UDP port 1813 is used for AAA servers listening for accounting information.
46. You perform a ping to a host on the network. However, the first packet is dropped. Why did the first packet drop? A. The local router dropped the first packet. B. The routing table was updating. C. The ARP request timed out the ping packet. D. The remote router dropped the first packet.
The ARP request took time for the ARP reply, and during this time, the ICMP timeout threshold was exceeded. This is common on a router, and the following pings should not time out unless the ARP entry is cleared after its TTL expires. The local router will not drop the first packet, mainly because routers don't normally drop traffic unless instructed to do so. Although the route table could be updating at that moment, it is not probable because this behavior can be replicated. The remote router, like the local router, will not normally drop packets unless instructed to do so.
When purchasing a Metro Ethernet connection, which option is generally tied to the monthly recurring cost of the connection? A. IP addresses used to support the service B. Routing protocols used to support the service C. The committed information rate on the EVC D. The use of QoS
The CIR, or committed information rate, is the sustainable speed which the customer can communicate on the Ethernet virtual circuit. This CIR is directly tied to the price of the Monthly Recurring Charge (MRC), since the service provider must dedicate this bandwidth for the customer agreement. The IP addresses and routing protocols used are agreed upon by the connecting parties and are not part of the Metro Ethernet connection. The use of Quality of Service (QoS) is agreed upon by the connecting parties as well.
99. Which programming language is used for creating a Chef recipe to apply configuration management? A. Ruby B. Python C. PowerShell D. YAML
The Chef configuration management utility uses Ruby as its reference language. Python is used by Ansible as its reference language. PowerShell is used by Microsoft's Desired State Configuration (DSC) as its reference language. YAML is not a reference language; it's a mechanism to transfer data and store data in a structured manner.
93. Which tool allows you to manage all of your Cisco device licensing needs through a single user interface? A. Cisco SMARTnet B. Cisco License Manager C. Cisco Network Assistant D. Cisco Prime Infrastructure
The Cisco License Manager (CLM) can be installed on Windows, Solaris, or Linux. It allows for discovery of Cisco devices and inventory of Cisco device licenses and connects to Cisco for access to current and new licenses purchased. The CLM allows for management of the software activation process through its user interface.
57. Which key sequence will cause a break during a network command such as ping or traceroute? A. Ctrl+C B. Ctrl+4 C. Ctrl+Shift+6 D. Ctrl+Shift+1
The Ctrl+Shift+6 key sequence will cause a break during a network command such as ping or traceroute. The key sequence of Ctrl+C is incorrect. The key sequence of Ctrl+4 is incorrect. The key sequence of Ctrl+Shift+1 is incorrect.
71. Which command will configure all event logs to be sent to a syslog server? A. Router(config)#logging server 192.168.1.6 B. Router(config)#logging 192.168.1.6 C. Router(config)#logging host 192.168.1.6 D. Router(config)#syslog server 192.168.1.6
The command logging host 192.168.1.6 will configure all logs to be sent to the syslog server 192.168.1.6. The command logging server 192.168.1.6 is incorrect. The command logging 192.168.1.6 is incorrect. The command syslog server 192.168.1.6 is incorrect.
96. You need to configure some default servers for DNS, AAA, and NTP for device provisioning. Which section in Cisco DNA Center will allow you to configure these defaults? A. Design B. Discovery C. Provision D. Platform
The Design section allows you to create a hierarchical design of the network with a graphical map. In addition, the Design section also allows you to specify the default servers that will be applied after discovery. The Discovery tool is not a major section of Cisco DNA Center, and it is not used to specify server defaults. The Provision section allows you to view and edit the discovered inventory of network devices. The Policy section allows you to create policies based upon applications, traffic, and IP-based access control lists (ACLs), just to name a few. The Platform section allows you to perform upgrades and search the API catalog.
74. Which layer 3 protocol is used for marking packets with QoS? A. DSCP B. 802.1Q C. CoS D. QoE
The Differentiated Services Code Point (DSCP) is a 6-bit value in the Type of Service (ToS) field of the IP header. The DSCP value defines the importance of packets at layer 3. 802.1Q is a layer 2 trunking protocol that accommodates CoS markings. Class of Service (CoS) is a 3-bit field in an 802.1Q Ethernet frame. QoE is not a valid term used with Ethernet and therefore is an invalid answer.
Which classification of IP address does 225.34.5.4 belong to? A. Class A B. Class B C. Class C D. Class D
The IP address 225.34.5.4 is a multicast IP address. Multicast IP addresses are defined as Class D addresses in the range 224.0.0.1 to 239.255.255.254. Class A defines any address with the first octet of 0 to 127. Class B defines any address with the first octet of 128 to 191. Class C defines any address with the first octet of 192 to 223.
Which sub-protocol inside of the PPP suite is responsible for tagging layer 3 protocols so that multiple protocols can be used over a PPP connection? A. MPLS B. NCP C. LCP D. PCP
The Network Control Protocol (NCP) works at layer 3 tagging the network protocols from end to end when PPP is used. This gives PPP the ability to offer multiprotocol transport. Multiprotocol Label Switching (MPLS) is a routing technique in which the labels on the packets are tagged and packet switched throughout the provider's network. The Link Control Protocol (LCP) is responsible for connection setup, authentication, and header compression, among other things. PCP is not a protocol commonly used, and therefore, it is an invalid answer.
68. Which protocol helps synchronize time for routers and switches? A. SNMP B. NTP C. Syslog D. ICMP
The Network Time Protocol (NTP) is used to synchronize time for routers and switches. Simple Network Management Protocol (SNMP) is used to transmit and collect counters on network devices. Syslog is used to transmit and collect messages from network devices. Internet Control Message Protocol (ICMP) is used by many diagnostic tools such as ping and traceroute to communicate round trip time and reachability.
95. Which is commonly used with the northbound interface of an SDN controller? A. CLOS B. OpenFlow C. Python D. NETCONF
The Python programming language is commonly used with the Northbound interface (NBI) of a software-defined network (SDN) controller. The term CLOS describes Spine/ Leaf network switching. The OpenFlow and NETCONF protocols are commonly used with the Southbound interface (SBI) of an SDN controller for the programming of SDN devices.
92. Which is a popular scripting language used to automate changes that also allows for easy readability of the script? A. C++ B. Python C. C# D. JSON
The Python scripting language has been adopted as the most popular language to automate changes in a network. This is mainly due to its support by major providers and easy syntax. Administrators can easily focus on the task at hand and not the nuances of the language. C++ and C# are much more involved because they are considered programming languages and not scripting languages. JavaScript Object Notation (JSON) is not a programming or scripting language; it's a data storage/transfer method used with programming and scripting languages.
97. Which REST-based HTTP verb is used to update or replace data via the API? A. POST B. GET C. UPDATE D. PUT
The REST-based HTTP verb PUT is used to update or replace data via the API. The POST verb is used to create data. The GET verb is used to read data. The UPDATE verb does not exist within the CREATE, READ, UPDATE, DELETE (CRUD) framework; therefore, it is an invalid answer.
39. Which copy method will encrypt the IOS over the network during an upgrade? A. HTTP B. TFTP C. FTP D. SCP
The Secure Copy Protocol (SCP) will encrypt the IOS over the network during an upgrade from the client computer. The HyperText Transfer Protocol (HTTP) is an unencrypted protocol normally used to transfer web pages across the Internet. The Trivial File Transfer Protocol (TFTP) is an unencrypted protocol for transferring files without any security. TFTP is often used to copy configuration or upgrade firmware on network devices. The File Transfer Protocol (FTP) is a legacy protocol used to transfer files between hosts. FTP operates in clear text and provides no encryption for the file transfers.
38. Which protocol will encrypt the entire packet from the switch or router to the AAA server? A. 802.1X B. IPsec C. RADIUS D. TACACS+
The TACACS+ protocol will encrypt the entire packet from the switch or router to the AAA server. This is performed with the use of a pre-shared key (PSK) that is configured on both the TACACS+ device and the AAA server. 802.1X will not encrypt the entire packet from the switch or router to the AAA server. IPsec is an open standard for encryption of packets, but it is not commonly used to encrypt the transmission of a switch or router to an AAA server. A Remote Authentication Dial-In User Service (RADIUS) server is an AAA server, and therefore, it is an invalid answer.
72. Which command will configure a router to use DHCP for IP address assignment? A. RouterA(config)#ip address dhcp B. RouterA(config-if)#ip address auto C. RouterA(config-if)#ip address dhcp D. RouterA(config)#ip address auto
The command ip address dhcp will configure the router to use DHCP for IP address assignment. This command needs to be issued on the interface in which you want the IP address to be configured, similar to static IP address assignment. The command ip address dhcp is incorrect, when it is configured in the global configuration prompt. The command ip address auto is incorrect, regardless of which prompt it is configured in.
25. Which protocol assists in synchronizing a VLAN database across multiple Cisco switches? A. NTP B. IGMP C. ISL D. VTP
The VLAN Trunking Protocol (VTP) assists in synchronizing a VLAN database across all Cisco switches participating in VTP. You must initially configure the VTP domain on the switch that will hold the master database. Then all other switches must be configured as clients and the VTP domain must be configured as well. The Network Time Protocol (NTP) synchronizes time on the switch or router with a known precision source. The Internet Group Management Protocol (IGMP) is used to facilitate multicast snooping on switches by allowing join and leave requests for the multicast group. The Inter-Switch Link (ISL) protocol is a Cisco proprietary protocol for VLAN trunking.
94. Which is a protocol found on the overlay of an SDN? A. VXLAN B. OSPF C. OpenFlow D. JSON
The Virtual Extensible LAN (VXLAN) protocol is commonly found on the overlay of a software-defined network (SDN). It allows for the transport of layer 2 frames over a layer 3 network. The Open Shortest Path First (OSPF) protocol is a layer 3 networking protocol commonly found on the underlay of SDN. OpenFlow is a protocol that is used for the programming of network devices from the Southbound interface (SBI) of the SDN controller. JavaScript Object Notation (JSON) is a data-interchange format used with many different SDN controllers.
44. Which command will configure a static route with an administrative distance higher than RIP? A. Router(config)#ip route 192.168.2.0 255.255.255.0 192.168.4.1 110 B. Router(config)#ip route 192.168.2.0 255.255.255.0 192.168.4.1 130 C. Router(config)#ip route 110 192.168.2.0 255.255.255.0 192.168.4.1 D. Router(config)#ip route 130 192.168.2.0 255.255.255.0 192.168.4.1
The administrative distance (AD) can be added to the end of the route statement. Since RIP has an administrative distance of 120, 130 will be chosen if the RIP route is not present. The command ip route 192.168.2.0 255.255.255.0 192.168.4.1 110 is incorrect. The command ip route 110 192.168.2.0 255.255.255.0 192.168.4.1 is incorrect. The command ip route 130 192.168.2.0 255.255.255.0 192.168.4.1 is incorrect.
84. Which command will configure an access list that will deny Telnet access from the 192.168.2.0/24 network and allow all other traffic? A. Router(config)#access-list 101 deny tcp 192.168.2.0 0.0.0.255 any eq 23 Router(config)#access-list 101 permit ip any any B. Router(config)#access-list 101 deny 192.168.2.0 0.0.0.255 eq 23 Router(config)#access-list 101 permit ip any any C. Router(config)#access-list 101 block tcp 192.168.2.0 0.0.0.255 any eq 23 Router(config)#access-list 101 permit ip any any D. Router(config)#access-list 101 deny 192.168.2.0 0.0.0.255 any eq 23 Router(config)#access-list 101 permit any any
The command access-list 101 deny tcp 192.168.2.0 0.0.0.255 any eq 23 will deny TCP traffic from 192.168.2.0/24 to any address with a destination of 23 (Telnet). The command access-list 101 permit ip any any will permit all other traffic. The commands access-list 101 deny 192.168.2.0 0.0.0.255 eq 23 and access-list 101 permit ip any any are incorrect; the deny statement is incorrectly formatted. The commands access-list 101 block tcp 192.168.2.0 0.0.0.255 any eq 23 and access-list 101 permit ip any any are incorrect; the block argument is not a valid argument. The commands access-list 101 deny 192.168.2.0 0.0.0.255 any eq 23 and access-list 101 permit any any are incorrect; the permit any any command does not specify a protocol and therefore is incorrect.
31. You are configuring a channel group for two interfaces. You configure the command channel-group 1 mode passive. What must be configured on the other switch to use LACP? A. The other switch must be configured with channel-group 1 mode active. B. The other switch must be configured with channel-group 1 mode desirable. C. The other switch must be configured with channel-group 1 mode on. D. The other switch must be configured with channel-group 1 mode auto.
The command channel-group 1 mode passive configures the port to be placed in a passive negotiating state. The other switch must be placed into an active negotiating state for LACP to become the control protocol for the channel group. If the other switch is configured with desirable mode, there will be a mismatch and the interface will enter an err-disabled state. If the other switch is configured with on mode, then it will not form an EtherChannel link. If the other switch is configured with auto mode, there will be a mismatch and the interface will enter an err-disabled state.
59. Which command can you use to verify that a ping packet is exiting the interface you expect it to exit, which in this example is Gi0/1 with an IP address of 192.168.3.5? A. Router#ping 192.168.3.5 Gi 0/1 B. Router#ping Gi 0/1 192.168.3.5 C. Router#debug ip packet D. Router#debug ip ping
The command debug ip packet will turn on debugging for IP packets. The output will display the exit interface that the traffic is taking, to include the source and destination IP addresses. This command should be used with caution because it could create high CPU utilization on the router. It is recommended to be used with an ACL. The command ping 192.168.3.5 Gi 0/1 is incorrect. The command ping Gi 0/1 192.168.3.5 is incorrect. The command debug ip ping is incorrect.
Which command will configure PPP on a serial interface? A. Router(config-if)#encapsulation ppp B. Router(config-if)#protocol ppp C. Router(config-if)#ppp enable D. Router(config-if)#ppp protocol
The command encapsulation ppp configures the serial interface with the Point to Point Protocol (PPP). PPP is an encapsulation protocol. The command protocol ppp is incorrect. The command ppp enable is incorrect. The command ppp protocol is incorrect.
23. Which command will allow you to configure interfaces Gi1/1 to Gi1/12? A. Switch(config)#interface gigabitethernet range 1/1 - 12 B. Switch(config)#interface range gigabitethernet 1/1 - 12 C. Switch(config)#interface range gigabitethernet 1/1 1/12 D. Switch(config)#interface range gigabitethernet range 1/1,12
The command interface range gigabitethernet 1/1 - 12 will allow you to configure the interfaces Gigabit Ethernet 1/1 to 1/12. The command interface gigabitethernet range 1/1 - 12 is incorrect. The command interface range gigabitethernet 1/1 1/12 is incorrect. The command interface range gigabitethernet range 1/1,12 is incorrect.
79. You are connected to the console of a switch. As you are configuring the switch, console logging is disrupting your commands and making it hard to configure the switch properly. Which command will allow the console message to still appear but not disrupt what you are typing? A. Switch#no logging inline B. Switch(config)#logging synchronous C. Switch(config-line)#logging synchronous D. Switch#logging synchronous
The command logging synchronous will configure console logging messages to synchronize with what is being typed so they will not disrupt the user's input. The command must be configured for the line that it will be applied to. The command no logging inline is incorrect. The command logging synchronous is incorrect when configured from a global configuration prompt. The command logging synchronous is incorrect when configured from a privileged exec prompt.
47. You are configuring RIP for a network and you need to advertise the network. Which command will advertise the route for 203.244.234.0/24? A. Router(config-router)#network 203.244.234.0 B. Router(config-router)#network 203.244.234.0 255.255.255.0 C. Router(config-router)#network 203.244.234.0 0.0.0.255 D. Router(config-router)#network 203.244.234.0/24
The command network 203.244.234.0 will advertise the 203.244.234.0 network. When you're configuring RIP, only the network address needs to be configured with the network command. The command network 203.244.234.0 255.255.255.0 is incorrect. The command network 203.244.234.0 0.0.0.255 is incorrect. The command network 203.244.234.0/24 is incorrect.
28. Your network is connected in a star topology. You are assessing a network upgrade. Which command will help you determine the version of IOS on the switches and routers in your network with the least amount of effort? A. Switch#show version B. Switch#show running-config C. Switch#show cdp neighbors detail D. Switch#show lldp neighbors
The command show cdp neighbors detail will display all connected switches along with their IP addresses, hostnames, and IOS version. If this command is used from the central switch, you can quickly assess which switches need to be upgraded. The command show version is incorrect. The command show running-config is incorrect. The command show lldp neighbors is incorrect.
86. Which command is used to view the DHCP snooping database? A. Switch#show dhcp binding B. Switch#show ip dhcp binding C. Switch#show ip dhcp snooping database D. Switch#show ip dhcp snooping binding
The command show ip dhcp snooping binding will display the DHCP snooping database. This database will have entries for the MAC address, IP address, lease time, VLAN, and interface. The command show dhcp binding is incorrect. The command show ip dhcp binding is incorrect. The command show ip dhcp snooping database is incorrect.
24. You have VLAN 10 and VLAN 11 configured on a trunk switchport as allowed. What will happen if you enter the command switchport trunk allowed vlan 12 on the trunk interface? A. VLAN 12 will be added to the existing allowed VLAN list. B. VLANs 1 through 12 will be added to the allowed VLAN list. C. The native VLAN will be switched to VLAN 12. D. Only VLAN 12 will be on the allowed VLAN list.
The command switchport trunk allowed vlan 12 will remove all other VLANs and only VLAN 12 will be allowed on the trunk interface. The proper command to add an additional VLAN would be switchport trunk allowed vlan add 12. This command will add a VLAN to the already established list. All of the other options are incorrect.
You need to see all of the MAC addresses associated with a single interface. Which command would you use? A. Switch>show mac address-table interfaces fast 0/1 B. Switch>show address-table interfaces fast 0/1 C. Switch#show mac interfaces fast 0/1 D. Switch#show address-table fast 0/1
The command to see all of the MAC addresses on a single interface is show mac address-table interfaces fast 0/1. This command can be entered in either privileged exec mode or user exec mode. The command show address-table interfaces fast 0/1 is incorrect. The command show mac interfaces fast 0/1 is incorrect. The command show address-table fast 0/1 is incorrect.
Which command would you use to reset the MAC address table for learned MAC addresses in a switch? A. Switch#reset mac address-table B. Switch#clear mac-address-table dynamic C. Switch#clear mac-address-table D. Switch#clear mac table
The command used to reset the MAC address table is clear mac-address-table dynamic. The command reset mac address-table is incorrect. The command clear mac-address-table is incorrect. The command clear mac table is incorrect.
75. You have enabled the SCP server on a switch, but when you try to log in it returns "access denied." Which command must you configure to allow access to the SCP server if your username was scpadmin and your password was Sybex? A. Switch(config)#ip scp user scpadmin password Sybex B. Switch(config)#username scpadmin password Sybex C. Switch(config)#username scpadmin privilege-level 15 password Sybex D. Switch(config)#ip scp user scpadmin privilege-level 15 password Sybex
The command username scpadmin privilege-level 15 password Sybex must be configured. This command will configure a user named scpadmin with a privilege level of 15 (enable access) and a password of Sybex. The command ip scp user scpadminpassword Sybex is incorrect. The command username scpadmin password Sybex is incorrect. The command ip scp user scpadmin privilege-level 15 password Sybex is incorrect.
87. Refer to the following exhibit. What will happen when a computer with a different MAC address connects to the interface? A. The computer will not be allowed to communicate, but the port will remain up. B. The computer will be allowed to communicate. C. The computer will not be allowed to communicate and the port will enter an err-disabled state. D. The computer will be allowed to communicate and the access will be logged.
The computer will not be allowed to communicate, and the port will enter an errdisabled state. The defaults for port security allow for only one MAC address, and the default violation is shutdown. The violation of shutdown will shut the port down and place it into an err-disabled state, which will require administrative intervention. Port security cannot be configured in a fashion where it only provides logging and does not restrict the violating MAC address (host).
--- Type : local session Description : - Source ports : RX only : None TX only : None Both : Fa0/1 Source VLANs : RX only : None TX only : None Both : 2 Source Rspan Vlan : None Destination Ports : Fa0/2 Encapsulation : Native Ingress : Disabled Filter Vlans : None Dest RSpan Vlan : None A. The source interface is Fa0/1 with a destination interface of Fa0/2. B. The source interface is Fa0/2 with a destination interface of Fa0/1. C. The source interface is Fa0/1 with a destination interface of Fa0/2 via VLAN 2. D. The source interface is Fa0/1 and VLAN 2 with a destination interface of Fa0/2.
The details of the output show that monitor session 1 is configured to capture interface Fa0/1 and VLAN 2 in both directions. The destination interface is Fa 0/2. All of the other options are incorrect.
27. You are examining the output of the command show cdp neighbors detail. One of the devices has the capability of S and R. What does this mean? A. The device has source route bridge capability. B. The device has switch capability. C. The device has router capability. D. The device has switch and router capability.
The device has the capability of both a switch and a router. It is most likely a switch that is performing SVI routing or has routing enabled. If the capability showed a B, the device would have source route bridge capabilities. If either S or R showed as a capability by itself, it would mean the device had switch capability or route capability, respectively.
50. In the following exhibit, why do the first and third ARP entries have a dash for their age? Switch #show ip arp Protocol Address Age(min) Hardware addr Type interface Internet 172.16.10.1 - oodo.565d.05ac ARPA Ethernet1 Internet 172.16.10.2 6 oo30.9492.ee55 ARPA Ethernet1 Internet 172.16.20.1 - oodo.565d.05ad ARPA Ethernet0 A. The entries are static ARP entries. B. The entries have just been added to the ARP table. C. The entries belong to the physical interfaces of the router. D. The entries have less than 1 minute before they expire.
The entries with the dash in the Age column represent the physical interfaces of the router. If the entries were configured statically, their type would reflect a status of static. Entries that have just been added to the ARP table will have an initial timer set. All entries in the ARP table will be displayed with their remaining time in seconds. Therefore, any entry with less than a minute left before it expires will be under 60 seconds.
55. You want to ping a router on your network from interface Serial 0/0 and not the path in the routing table. How can you achieve this? A. This cannot be done; packets cannot disregard the routing table. B. Enter the interface from the global configuration mode, and ping the remote router. C. Enter extended ping, and specify the exit interface. D. Configure a temporary route for the router exit interface.
The extended ping command allows you to specify a number of parameters such as repeat count, datagram size, and source address or exit interface. There are several other parameters that can be adjusted. You use the extended ping command through the privileged exec prompt and not the global configuration mode. Configuring a temporary route for the router exit interface will affect all traffic on the router.
The following exhibit is an Ethernet frame. What is field A in the exhibit? 7 byte preamble / SFD / Field A / Field B/ Field C/ Field D/ Field E Source MAC address B. Destination MAC address C. Type Field D. Frame Checking Sequence (FCS)
The first field after the preamble and start frame delimiter (SFD) is the destination MAC address. The destination MAC address is always first because switches need to make forwarding decisions upon reading the destination MAC address. The source MAC address is in field B in the exhibit. The type field is in field C in the exhibit, and the frame checking sequence (FCS) is in field E in the exhibit.
45. What is the purpose of the RIPv2 holddown timer? A. Holddown timers allow for time between when a route becomes invalid and it is flushed from the routing table. B. Holddown timers allow for time between when a route has become unreachable and when it can be updated again. C. Holddown timers define the time when a route becomes invalid. D. Holddown timers define the time when a valid route is present in the routing table.
The holddown timer's job is to allow the network to stabilize after a route had become unreachable via an update. This limits the potential problems related to a flapping port and allows RIPv2 to converge route updates in the entire network. The default holddown timer is set to 180 seconds. The flush timer defines the time between when the route becomes invalid and it is flushed or deleted from the route table. The default flush timer is set to 240 seconds. The invalid timer defines when a route is declared invalid. The default invalid timer is set to 180 seconds. The update timer is the timer that defines how often multicasts are sent with the complete route table. When the update is multicast to all listening neighbors, the route table will be populated with the new entries. The default update timer is set to 30 seconds.
70. Which version of SNMP supports the Inform SNMP message? A. SNMP version 1 B. SNMP version v2 C. SNMP version 2c D. SNMP version 3
The introduction of SNMP version 2c added the Inform and Get-bulk messages for SNMP. SNMP version 1 was the first release of SNMP, and it did not support Inform and Get-bulk messages. SNMP version 2 was promptly replaced with SNMP version 2c; therefore, it is an invalid answer. SNMP version 3 introduced many new features such as security and encryption, to name a few.
32. When you connect a device to a switch, the device takes a minute before it is reachable via its IP address. What should be configured to fix this issue so that you can get immediate access to the device? A. Turn off auto-negotiation on the interface. B. Configure PortFast mode for spanning tree. C. Configure BPDU Guard mode for spanning tree. D. Turn off port security.
The long delay for the device to become active on the interface is the wait time for convergence of Spanning Tree Protocol (STP). If the interface will only connect a device to the port, then the port should be configured with spanning-tree PortFast mode. This will skip the blocking mode during convergence of STP. Turning off auto-negotiation on the interface will not do anything other than statically set the speed and duplex. Configuring BPDU Guard mode for spanning tree is a good idea, but it will not speed up convergence of STP. Turning off port security will not speed up convergence of the STP protocol.
91. Which is the most important aspect to understand when automating changes across an enterprise? A. How to automate the change B. The effect of the change C. The topology of the network D. The connections between the devices
The most important aspect to understand when automating a change across an enterprise is the effect of the changes being automated. Although the way the change is to be automated is important, the effects outweigh the method of the change. The topology of the devices and the connection between them are not that important to the automated change unless the topology and connections are being changed through the automation.
53. You see a number of IPv6 packets on your network with a destination address of ff02::a. What can be concluded about what is running on your network? A. Routing Information Protocol Next Generation (RIPng) is running on the network. B. Open Shortest Path First version 3 (OSPFv3) is running on the network. C. Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 is running on the network. D. Stateless Address Autoconfiguration (SLAAC) is running on the network.
The multicast address of ff02::a is the multicast address for IPv6 EIGRP updates. Updates for routers participating in IPv6 EIGRP will be multicast to the IPv6 address of ff02::a. Routing Information Protocol Next Generation (RIPng) uses a multicast address of ff06::9. Open Shortest Path First version 3 (OSPFv3) uses multicast addresses of ff05::5 and ff05::6. Stateless Autoconfiguration (SLAAC) uses the link-local address that starts with fe80.
62. You want to perform a traceroute with more than three ICMP packets using an extended traceroute. Which attribute will you change to allow for multiple ICMP packets? A. Probe count B. Numeric display C. Maximum time to live D. Packet type
The probe count attribute must be changed to allow multiple packets to be sent to each hop. The default is three packets. Numeric display defaults to both numbers and symbols for the output. The maximum time to live (TTL) is used to set the number of hops before a ping request is considered unrouteable. Packet type is not an option for an extended traceroute; therefore, this is an invalid answer.
Which network is part of the summary route of 172.16.32.0/21? A. 172.16.64.0/24 B. 172.16.48.0/24 C. 172.16.40.0/24 D. 172.16.38.0/24
The summary route of 172.16.32.0/21 contains 172.16.38.0/24 as a valid network route. The /21 CIDR mask defines networks in multiples of 8 in the third octet of the network address. Therefore, the next summary network address is 172.16.40.0/21. All of the other options are incorrect.
60. Which is a correct statement about the following exhibit? Tracing the route to 192.168.3.1 1 192.168.10.2 10 msec 1 msec 0 msec 2 192.168.10.6 2 msec 2 msec 3 msec 3 * * * 4 192.168.20.3 2 msec 3 msec 3 msec RouterA# A. The third hop is down. B. The third hop is not responding to ICMP requests. C. The traceroute never completed. D. The third hop is unavailable and packets have been rerouted.
The third hop (router) is not responding to ICMP echo requests. The traceroute completes since the fourth hop responded and the user did not need to perform a break on the command. Therefore, it can be concluded that the third hop is not down. The traceroute completes after 4 hops; only the third hop is not responding with ICMP replies. The exhibit does not show evidence that packets have been rerouted. 61. Which additional feature is available when using an extended ping? A. Larger datagram size B. Larger repeat counts C. Changing the timeout D. Source interface or IP address ^ An extended ping allows for the source interface or IP address to be specified. You can access the extended ping by entering the command ping without an IP address and then following the prompt till it asks if you want extended commands. Datagram size, repeat counts, and timeout can be set when using the normal ping command options.
56. You perform a traceroute to a destination network and receive back several lines of output. On the end of each line are three parameters such as 1 192.168.1.1 20 msec 34 msec 67 msec. What do they mean? A. They are the three response times of each ICMP request. B. They are the minimum, maximum, and average of the ICMP query. C. They are the minimum, average, and maximum of the ICMP query. D. They are the maximum, average, and minimum of the ICMP query.
The three times are the minimum response time, average response time, and maximum response time of the ICMP echo and reply. All other options are incorrect.
26. In the following exhibit, interface Gi 1/1 on both switches is configured as a trunk, between the switches. Which statement is correct about the following exhibit? SwitchA# show interfaces status Port Nmae Status Vlan Duplex Speed Type Gi1/1 Switch B Trunk Full auto 10/100/1000-TX Gi1/2 Computer A 23 auto auto 10/100/1000-TX Gi1/3 Computer B 23 auto auto 10/100/1000-TX Gi1/4 Computer C 23 a-full a-10 10/100/1000-TX [output cut] SwitchB# show interfaces status Port Nmae Status Vlan Duplex Speed Type Gi1/1 Switch A Trunk a-full auto 10/100/1000-TX Gi1/2 Computer D 41 auto auto 10/100/1000-TX Gi1/3 Computer E 41 auto auto 10/100/1000-TX Gi1/4 Computer F 41 a-full a-10 10/100/1000-TX [output cut] A. The interface Gi1/1, which is connecting the switches, has a wiring fault. B. The interface Gi1/1 is operating nominally. C. The interface Gi1/1, which is connecting the switches, has the wrong duplex configured. D. The two switches have a VLAN mismatch.
The two switches have a duplex mismatch. The duplex mismatch is a direct result of statically configuring only one side of the link to full-duplex. Switch A is not participating in port negotiation. Both sides must be configured statically the same or set to auto. There is no evidence of a wiring fault from the exhibit. There is also no evidence that interface Gi1/1 is operating nominally from the exhibit. The two switches could not have a VLAN mismatch because they are both configured as trunk links.
51. Which field in the IP header is used to prevent a packet from endlessly routing? A. Checksum B. Flags C. TTL D. Header length
Time to live (TTL) is a field in the IP header that prevents packets from endlessly routing in networks. Each time a packet is routed, the router's responsibility is to decrement the TTL by one. When the TTL reaches zero, the packet is considered unrouteable and dropped. The checksum field is used to check for a damaged packet in transit. The flags field in the IP packet is to signal if the packet has been fragmented. The header length field defines the length of the header of the IP packet.
22. When VLANs are configured in global configuration mode, where are the VLANs stored by default? A. In the running configuration or RAM B. In the startup configuration or NVRAM C. In the vlan.dat on the flash D. In the vlan.dat on the NVRAM
Under normal circumstances, when VLANs are configured, they are stored in a file separate from the startup or running-configuration. The VLAN database is stored in a file called vlan.dat on the flash. When decommissioning a switch, if you were to erase the configuration of a switch, you would also need to delete the vlan.dat. VLANs are configured in the running configuration when the switch is in VTP transparent mode. The VLAN configuration can then be stored for survivability of reboots in the startup configuration by writing the running configuration to the startup configuration. The vlan.dat file is not stored on the NVRAM; it is always stored on the flash.
34. You have BPDU Guard configured on an interface. You receive a call that the interface is down. You perform a show interface gi 0/1 only to find that the port is in an err-disabled state. What caused the err-disabled state? A. A neighboring switch recalculated its STP. B. The endpoint device connected to the interface sent a BPDU. C. The endpoint device was disconnected for a long period of time. D. The interface is transitioning between an up and down state rapidly, called interface flapping.
When BPDU Guard is configured on a port, it guards the port from creating a loop. It also guards STP so that the STP calculation of redundant links is not affected by the device connected to the interface. If a BPDU is seen on the interface, the interface will immediately enter into an err-disabled state. The most likely cause was that another switch was plugged into the interface. If a neighboring switch recalculates its Spanning Tree Protocol (STP), it will not affect this switch. If a device is disconnected for a long period of time, the port will not enter into an err-disabled state. Although an interface that is flapping should enter into an err-disabled state, it is not common for this to happen from a flapping port.
37. You have configured a LAG consisting of two links for your wireless LAN controller (WLC). What will happen if one of the links fails? A. Both links will enter into an err-disabled mode. B. The traffic on the failed link will be migrated to the active link. C. Both links will enter into an administratively disabled mode. D. Only half of the traffic will be sent over the active link.
When a link in a Link Aggregation (LAG) fails, the remaining traffic will be migrated over to the active link. No packet loss should be noticed, except for the initial failover. The links will not enter an err-disabled mode or be administratively disabled; this can only happen if there is a mismatch of protocols or the interfaces are shut down manually. All traffic is migrated to the active link, so no degradation should be seen on the active interface unless it is at peak capacity.
33. You enter the show spanning-tree vlan 100 command on a switch. The output shows that all ports on the switch are in designated mode. What can be determined from this? A. This switch is connected to a root bridge. B. This switch is the root bridge. C. This switch is not participating in STP. D. This switch is a backup root bridge.
When all of the ports on a switch are in designated mode, it means that the switch is the root bridge for the Spanning Tree Protocol (STP). If the switch was connected to a root bridge, you would see the ports as being root ports. The switch is obviously participating in STP because it is displaying a status for the STP port state. The switch is already the root bridge, and it cannot be a backup root bridge as well.
90. When configuring a WLAN with WPA2 PSK using the GUI of a wireless LAN controller, which parameter policy should be configured for the highest security? A. 802.1X B. WPA2 Policy-AES C. WPA Policy D. PSK
When configuring WPA2 PSK using the GUI of a wireless LAN controller (WLC), you should select the WPA2 Policy-AES for the WPA+WPA2 Parameter policy. This policy will ensure the highest level of security for the WLAN. 802.1X and PSK are authentication key management options and therefore not valid answers. The WPA Policy uses the RC4 encryption algorithm, and thus, it is weaker than the AES encryption protocol.
65. What option should be configured along with interface tracking that will allow the original router to regain its active status once a failed link is repaired? A. Interface tracking resets B. Failback option C. Preempt option D. Priority tracking
When interface tracking is turned on and a link that is being tracked fails, the priority of the active router is lowered and an election is forced. This will make the standby router become the active router. However, if the link is repaired, the priority will recover to its normal value, but the current active router will remain the active router. Preemption allows for the value to instantly reelect the original router as the active router. Interface tracking resets, failback options, and priority tracking are not valid options for interface tracking; therefore, these are invalid answers. 66. Which is a disadvantage of using NAT? A. Creates switching path delays B. Introduces security weaknesses C. Requires address renumbering D. Increases bandwidth utilization ^ Network Address Translation (NAT) creates packet switching path delay. This is because each address traveling through the NAT process requires lookup time for the translation. NAT does not introduce security weaknesses; it can actually be used to strengthen security, since private IP addresses are masqueraded behind a public IP address. NAT is often used so that address renumbering is not required when two networks are merged together with identical IP addressing. NAT does not increase bandwidth utilization at all.
29. You have just configured the adjacent side of an EtherChannel from the console and receive the message in the following exhibit. What is the problem? %PM-4-ERR_DISABLE: channel-misconfig error detected on Gig0/1, putting Gig0/1 in err-disable state %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel 1, changed state to down %PM-4-ERR_DISABLE: channel-misconfig error detected on Gig0/2, putting Gig0/2 in err-disable state %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Tnterface GigabitEthernet0/2, changed state to down A. One of the switches is configured with on mode and the other with desirable mode. B. One of the switches is configured with auto mode and the other with desirable mode. C. One of the switches is configured with active mode and the other with active mode. D. One of the switches is configured with passive mode and the other with passive mode.
When one side is configured with on mode, it uses no control protocol. If a control protocol is sensed from the adjacent switch, the port will enter err-disabled mode to protect it from a loop. If one switch was configured with the auto mode and the other switch was configured with desirable mode, a Port Aggregation Protocol (PAgP) EtherChannel link would be formed. If both switches were configured with active mode, then a Link Aggregation Control Protocol (LACP) EtherChannel would be formed. When both switches are configured with passive mode, then LACP would not form an EtherChannel.
40. When you configure a WLAN, what is the default QoS configured for the WLAN? A. Gold B. Silver C. Bronze D. Platinum
When you configure a WLAN and use the default QoS settings, the effective QoS is silver. Gold is used for video application on a wireless network. Bronze is the lowest level of traffic for unimportant traffic. Platinum is the highest level of traffic, and it is usually reserved for voice traffic over wireless.
30. You have configured the command channel-group 1 mode active on a range of interfaces that will participate in an EtherChannel. Which pseudo interface is created for overall management of the EtherChannel? A. ether-channel 1 B. port-group 1 C. port-channel 1 D. channel-group 1
When you configure the channel-group 1 mode active command on the first interface, a pseudo interface is created called port-channel 1. All statistics and configuration should be referenced by this interface. All of the other options are incorrect.
54. You ping from a router to another router and receive back !!!!!. What does this mean? A. All packets have been dropped. B. All packets are successfully acknowledged. C. There is congestion in the path. D. The packets were received, but after the ICMP timeout.
When you see an exclamation mark, it means that the packets were successfully acknowledged on the other side and an ICMP response was received. If you see five periods returned, it means that the packets have never made it back to the router. Congestion in the path will not be visible with the ping command. If the packets are received on the far router but ICMP times out, periods will be displayed.
49. Which command must be enabled on a switch to enable routing between switched virtual interfaces for VLAN routing? A. Switch(config)#ip route svi B. Switch(config)#feature svi routing C. Switch(config)#svi routing D. Switch(config)#ip routing
When you want to turn on the layer 3 functionality of a switch, you must configure the command ip routing in global configuration. This is required when you want to create Switched Virtual Interfaces (SVIs) for VLANs and want to route on the switch between the VLANs. This method of routing is much more efficient, since the traffic is routed in the ASICs on the switch. The command ip route svi is incorrect. The command feature svi routing is incorrect. The command svi routing is incorrect.
89. You need to implement a wireless authentication system that provides encryption and authentication of user accounts. Which technology would you deploy? A. WPA2-PSK B. WPA2-EAP C. WPA2-LEAP D. WPA3-PSK
Wi-Fi Protected Access 2 - Lightweight Extensible Authentication Protocol (WPA2- LEAP) is a Cisco proprietary protocol that allows for user accounts to be authenticated via a RADIUS server to Active Directory (AD). WPA2-LEAP will provide both encryption and user authentication. Wi-Fi Protected Access 2 - Pre-Shared Key (WPA2-PSK) and WPA3-PSK will not provide user authentication, since they use a pre-shared key (PSK). Wi-Fi Protected Access 2 - Extensible Authentication Protocol (WPA2-EAP) uses certificates to authenticate the computer account connecting to the wireless network.
