CCNA Sem 3 Set 2 Of 6

55. What are two types of attacks used on DNS open resolvers? (Choose two.) -amplification and reflection -resource utilization -fast flux -ARP poisoning -cushioning

amplification and reflection resource utilization

74. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq DNS . If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?

denied

63. Which component of the ACI architecture translates application policies into network programming? -the hypervisor​ -the Application Policy Infrastructure Controller -the Nexus 9000 switch -the Application Network Profile endpoints

the Application Policy Infrastructure Controller

61. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? -MD5 -AES -IPsec -ESP

IPsec

78. What is the main function of a hypervisor? -It is used to create and manage multiple VM instances on a host machine. -It is a device that filters and checks security credentials. -It is a device that synchronizes a group of sensors. -It is software used to coordinate and prepare data for analysis. -It is used by ISPs to monitor cloud computing resources.

It is used to create and manage multiple VM instances on a host machine.

66. What are two benefits of using SNMP traps? (Choose two.) -They eliminate the need for some periodic polling requests. -They reduce the load on network and agent resources. -They limit access for management systems only. -They can provide statistics on TCP/IP packets that flow through Cisco devices. -They can passively listen for exported NetFlow datagrams

They eliminate the need for some periodic polling requests. They reduce the load on network and agent resources.

80. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used? -traffic shaping -weighted random early detection -classification and marking -traffic policing

traffic policing

47. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement? -0.0.15.255 -0.0.3.255 -0.0.7.255 -0.0.1.255

0.0.3.255

49. Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East?​ -782 -74 -128 -65

65

42. What are two syntax rules for writing a JSON array? (Choose two.) -Each value in the array is separated by a comma. -The array can include only one value type. -A space must separate each value in the array. -A semicolon separates the key and list of values. -Values are enclosed in square brackets.

Each value in the array is separated by a comma. Values are enclosed in square brackets.

79. A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended? -Frame Relay -Ethernet WAN -VSAT -ISDN

Ethernet WAN

67. Which statement accurately describes a characteristic of IPsec? -IPsec works at the application layer and protects all application data. -IPsec is a framework of standards developed by Cisco that relies on OSI algorithms. -IPsec is a framework of proprietary standards that depend on Cisco specific algorithms. -IPsec works at the transport layer and protects data at the network layer. -IPsec is a framework of open standards that relies on existing algorithms.

IPsec is a framework of open standards that relies on existing algorithms.

69. Which two statements describe the use of asymmetric algorithms? (Choose two.) -Public and private keys may be used interchangeably. -If a public key is used to encrypt the data, a public key must be used to decrypt the data. -If a private key is used to encrypt the data, a public key must be used to decrypt the data. -If a public key is used to encrypt the data, a private key must be used to decrypt the data. -If a private key is used to encrypt the data, a private key must be used to decrypt the data.

If a private key is used to encrypt the data, a public key must be used to decrypt the data. If a public key is used to encrypt the data, a private key must be used to decrypt the data.

43. What is a characteristic of a Trojan horse as it relates to network security? -An electronic dictionary is used to obtain a password to be used to infiltrate a key network device. -Malware is contained in a seemingly legitimate executable program. -Extreme quantities of data are sent to a particular network device interface. -Too much information is destined for a particular memory block, causing additional memory areas to be affecte

Malware is contained in a seemingly legitimate executable program.

62. Which statement describes a characteristic of Cisco Catalyst 2960 switches? -They are best used as distribution layer switches. -New Cisco Catalyst 2960-C switches support PoE pass-through. -They are modular switches. -They do not support an active switched virtual interface (SVI) with IOS versions prior to 15.x.

New Cisco Catalyst 2960-C switches support PoE pass-through.

48. Match the HTTP method with the RESTful operation.

POST ->> Create GET ->> Read PUT/PATCH ->> Update/Replace?Modify Delete ->> Delete

65. Refer to the exhibit. A PC at address 10.1.1.45 is unable to access the Internet. What is the most likely cause of the problem? -The NAT pool has been exhausted. -The wrong netmask was used on the NAT pool. -Access-list 1 has not been configured properly. -The inside and outside interfaces have been configured backwards.

The NAT pool has been exhausted.

52. What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?​ -The spine and leaf switches are always linked through core switches. -The spine switches attach to the leaf switches and attach to each other for redundancy. -The leaf switches always attach to the spines and they are interlinked through a trunk line. -The leaf switches always attach to the spines, but they never attach to each other.

The leaf switches always attach to the spines, but they never attach to each other.

57. Which type of resources are required for a Type 1 hypervisor? -a dedicated VLAN -a management console -a host operating system

a management console

58. In JSON, what is held within square brackets [ ]? -nested values -key/value pairs -an object -an array

an array

73. A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers? -botnet -spyware -virus -rootkit

botnet

68. In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.) -connect users to the network -provide a high-speed network backbone -connect remote networks -provide Power over Ethernet to devices -provide data traffic security

connect remote networks provide data traffic security

56. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet . If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied? Case 2: access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.0.15 eq telnet . If a packet with a source address of 192.168.100.219, a destination address of 64.100.40.10, and a protocol of 54 is received on the interface, is the packet permitted or denied?

denied Case 2: denied

60. A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician? -top-down -bottom-up -divide-and-conquer -substitution

divide-and-conquer

59. What are three components used in the query portion of a typical RESTful API request? (Choose three.) -resources -protocol -API server -format -key -parameters

format key parameters

45. A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed? -data integrity -non-repudiation -origin authentication -data confidentiality

origin authentication

51. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq FTP . If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied?

permitted

71. What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.) -reduced costs -decreased number of critical points of failure -increased flexibility -increased bandwidth availability -increased network management options

reduced costs increased flexibility

46. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers? -to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network -to detect any evidence of a hack or malware in a computer or network -to probe and test the robustness of a firewall by using specially created forged packets -to capture and analyze packets within traditional Ethernet LANs or WLANs

to capture and analyze packets within traditional Ethernet LANs or WLANs

50. What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use? -to activate the OSPF neighboring process -to influence the DR/BDR election process -to provide a backdoor for connectivity during the convergence process -to streamline and speed up the convergence process

to influence the DR/BDR election process

41. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa? -to capture and analyze packets within traditional Ethernet LANs or WLANs -to probe and test the robustness of a firewall by using specially created forged packets -to make repeated guesses in order to crack a password

to make repeated guesses in order to crack a password

72. What are two purposes of launching a reconnaissance attack on a network? (Choose two.) -to scan for accessibility -to retrieve and modify data -to gather information about the network and devices -to prevent other users from accessing the system -to escalate access privileges

to scan accessibility to gather information about the network devices

44. An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this? -TCP SYN flood -DNS tunneling -DHCP spoofing -ARP cache poisoning

DHCP spoofing

70. Refer to the exhibit. A network administrator has deployed QoS and has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. Where should initial marking occur to establish the trust boundary? -Trust Boundary 4 -Trust Boundary 3 -Trust Boundary 1 -Trust Boundary 2

Trust Boundary 1

54. A network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting? -authenticates a packet by a string match of the username or community string -authenticates a packet by using either the HMAC with MD5 method or the SHA method -authenticates a packet by using either the HMAC MD5 or 3.HMAC SHA -algorithms and encrypts the packet with either the DES, 3DES or AES algorithms -authenticates a packet by using the SHA algorithm only

authenticates a packet by using either the HMAC with MD5 method or the SHA method

77. What QoS step must occur before packets can be marked? -classifying -shaping -queuing -policing

classifying

53. Which two scenarios would result in a duplex mismatch? (Choose two.) -connecting a device with autonegotiation to another that is manually set to full-duplex -starting and stopping a router interface during a normal operation -connecting a device with an interface running at 100 Mbps to another with an interface running at 1000 Mbps -configuring dynamic routing incorrectly -manually setting the two connected devices to different duplex modes

connecting a device with autonegotiation to another that is manually set to full-duplex manually setting the two connected devices to different duplex modes

75. Refer to the exhibit. From which location did this router load the IOS? -flash memory -NVRAM? -RAM -ROM -a TFTP server?

flash memory

64. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.) -device type -cable specification -interface identifier -OS/IOS version -connection type -cable type and identifier

interface identifier connection type

76. Refer to the exhibit. Which data format is used to represent the data for network automation applications? -XML -YAML -HTML -JSON

JSON