Lưu ý: Free CCNA dump chỉ dành cho mục đích học tập và làm quen với bài thi. Nội dung của Free CCNA Dump không được cập nhật mới nhất nên không đảm bảo Pass Exam. Liên hệ ITexamViet để Pass Exam Nhanh Nhất.
Mục lục
MULTIPLE CHOICE
QUESTION 1
Refer to the exhibit.
The ntp server 192.168.0.3 command has been configured on Router1 to make it an NTP client of router 2. Which command must be configured on Router2 so that it operates in server-only mode and relies only on its internal clock?
A. Router2(config)#ntp passive
B. Router2(config)#ntp master 4
C. Router2(config)#ntp server 172.17.0.1
D. Router2(config)#ntp server 192.168.0.2
Correct Answer: B
QUESTION 2
How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap?
A. It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points
B. It allows the administrator to assign channels on a per-device or per-interface basis.
C. It segregates devices from different manufacturers onto different channels.
D. It analyzes client load and background noise and dynamically assigns a channel.
Correct Answer: A
QUESTION 3
Refer to the exhibit. An engineer is configuring the New York router to reach the Lo1 interface of the Atlanta router using interface S0/0/0 as the primary path. Which two commands must be configured on the New York router so that it can reach
the Lo1 interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two)
A. ipv6 route 2000::1/128 2012::1
B. ipv6 route 2000::1/128 2012::1 5
C. ipv6 route 2000::1/128 2012::2
D. ipv6 route 2000::1/128 2023::2 5
E. ipv6 route 2000::1/128 2023::3 5
Correct Answer: AE
QUESTION 4
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?
A. sniffer
B. mesh
C. flex connect
D. local
Correct Answer: C
QUESTION 5
Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access?
A. HTTP
B. HTTPS
C. TACACS+
D. RADIUS
Correct Answer: B
QUESTION 6
Refer to the exhibit. An engineer deploys a topology in which R1 obtains its IP configuration from DHCP. If the switch and DHCP server configurations are complete and correct. Which two sets of commands must be configured on R1 and R2
to complete the task? (Choose two)
A. R1 (config)# interface fa0/0
R1 (config-if)# ip helper-address 198.51.100.100
B. R2(config)# interface gi0/0
R2(config-if)# ip helper-address 198.51.100.100
C. R1 (config)# interface fa0/0
R1 (config-if)# ip address dhcp
R1 (config-if)# no shutdown
D. R2(config)# interface gi0/0
R2(config-if)# ip address dhcp
E. R1 (config)# interface fa0/0
R1 (config-if)# ip helper-address 192.0.2.2
Correct Answer: BC
QUESTION 7
Why does a switch flood a frame to all ports?
A. The destination MAC address of the frame is unknown
B. The source MAC address of the frame is unknown
C. The source and destination MAC addresses of the frame are the same
D. The frame has zero destination MAC addresses
Correct Answer: A
QUESTION 8
Which QoS tool can you use to optimize voice traffic on a network that is primarily intended for data traffic?
A. WRED
B. FIFO
C. PQ
D. WFQ
Correct Answer: C
QUESTION 9
What is the expected outcome when an EUI-64 address is generated?
A. The seventh bit of the original MAC address of the interface is inverted
B. The interface ID is configured as a random 64-bit value
C. The characters FE80 are inserted at the beginning of the MAC address of the interface
D. The MAC address of the interface is used as the interface ID without modification
Correct Answer: A
QUESTION 10
An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses 192.168.3.1, 192.168.3.2, 192.168.3.3. Which configuration should be used?
A.
B.
C.
D.
Correct Answer: A
QUESTION 11
Which IPv6 address type provides communication between subnets and cannot route on the Internet?
A. global unicast
B. unique local
C. link-local
D. multicast
Correct Answer: B
QUESTION 12
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)A. management interface settings
B. QoS settings
C. ip address of one or more access points
D. SSID
E. Profile name
Correct Answer: DE
QUESTION 13
When a site-to-site VPN is used, which protocol is responsible for the transport of user data?
A. IKEv2
B. IKEv1
C. IPsec
D. MD5
Correct Answer: C
QUESTION 14
Which configuration is needed to generate an RSA key for SSH on a router?
A. Configure the version of SSH
B. Configure VTY access
C. Create a user with a password
D. Assign a DNS domain name
Correct Answer: D
QUESTION 15
Which protocol requires authentication to transfer a backup configuration file from a router to a remote server?
A. TFTP
B. FTP
C. DTP
D. SMTP
Correct Answer: B
QUESTION 16
Which two must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)
A. The switch must be running a k9 (crypto) IOS image
B. The ip domain-name command must be configured on the switch
C. IP routing must be enabled on the switch
D. A console password must be configured on the switch
E. Telnet must be disabled on the switch
Correct Answer: AB
QUESTION 17
Which action is taken by a switch port enabled for PoE power classification override?
A. When a powered device begins drawing power from a PoE switch port a syslog message is generated
B. As power usage on a PoE switch port is checked data flow to the connected device is temporarily paused
C. If a switch determines that a device is using less than the minimum configured power it assumes the device has failed and disconnects
D. Should a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled
Correct Answer: D
QUESTION 18
Which two protocols must be disabled to increase security for management connections to a Wireless LAN Controller? (Choose two)
A. Telnet
B. SSH
C. HTTP
D. HTTPS
E. TFTP
Correct Answer: AC
QUESTION 19
Which CRUD operation modifies an existing table or view?
A. read
B. replace
C. create
D. update
Correct Answer: D
QUESTION 20
What are two benefits of using the PortFast feature? (Choose two)
A. Enabled interfaces are automatically placed in listening state
B. Enabled interfaces wait 50 seconds before they move to the forwarding state
C. Enabled interfaces never generate topology change notifications.
D. Enabled interfaces that move to the learning state generate switch topology change notifications
E. Enabled interfaces come up and move to the forwarding state immediately
Correct Answer: CE
QUESTION 21
What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two)
A. when the sending device waits 15 seconds before sending the frame again
B. when the cable length limits are exceeded
C. when one side of the connection is configured for half-duplex
D. when Carrier Sense Multiple Access/Collision Detection is used
E. when a collision occurs after the 32nd byte of a frame has been transmitted
Correct Answer: BC
QUESTION 22
Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?
A. passive
B. mode on
C. auto
D. active
Correct Answer: D
QUESTION 23
Refer to the exhibit. How does SW2 interact with other switches in this VTP domain?
A. It processes VTP updates from any VTP clients on the network on its access ports
B. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports
C. It forwards only the VTP advertisements that it receives on its trunk ports
D. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports
Correct Answer: C
QUESTION 24
Refer to the exhibit. An engineer must add a subnet for a new office that will add 20 users to the network. Which IPv4 network and subnet mask combination does the engineer assign to minimize wasting addresses?
A. 10.10.225.48 255.255.255.240
B. 10.10.225.32 255.255.255.240
C. 10.10.225.48 255.255.255.224
D. 10.10.225.32 255.255.255.224
Correct Answer: D
QUESTION 25
A packet is destined for 10.10.1.22. Which static route does the router choose to forward the packet?
A. ip route 10.10.1.0 255.255.255.240 10.10.255.1
B. ip route 10.10.1.16 255.255.255.252 10.10.255.1
C. ip route 10.10.1.20 255.255.255.252 10.10.255.1
D. ip route 10.10.1.20 255.255.255.254 10.10.255.1
Correct Answer: C
QUESTION 26
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?
A. route with the lowest cost
B. route with the next hop that has the highest IP
C. route with the shortest prefix length
D. route with the lowest administrative distance
Correct Answer: D
QUESTION 27
A device detects two stations transmitting frames at the same time. This condition occurs after the first 64 bytes of the frame is received interface counter increments? Which interface counter increasement?
A. collision
B. runt
C. CRC
D. late collision
Correct Answer: D
QUESTION 28
An engineer configures interface Gi1/0 on the company PE router to connect to an ISP. Neighbor discovery is disabled.
Which action is necessary to complete the configuration if the ISP uses third-party network devices?
A. Enable LLDP globally
B. Disable autonegotiation
C. Disable Cisco Discovery Protocol on the interface
D. Enable LLDP-MED on the ISP device
Correct Answer: A
QUESTION 29
Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond?
A. It ignores the new static route until the existing OSPF default route is removed
B. It immediately replaces the existing OSPF route in the routing table with the newly configured static route
C. It starts load-balancing traffic between the two default routes
D. It starts sending traffic without a specific matching entry in the routing table to GigabitEthernet0/1
Correct Answer: A
QUESTION 30
A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped?
A. Device(Config)#lldp run
B. Device(Config)#cdp run
C. Device(Config-if)#cdp enable
D. Device(Config)#flow-sampler-map topology
Correct Answer: A
QUESTION 31
A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, which type of OSPF network does this interface belong to?
A. point-to-multipoint
B. point-to-point
C. broadcast
D. nonbroadcast
Correct Answer: C
QUESTION 32
Refer to the exhibit. Which route does R1 select for traffic that is destined to 192.168.16.2?
A. 192.168.16.0/21
B. 192.168.16.0/24
C. 192.168 26.0/26
D. 192.168.16.0/27
Correct Answer: D
QUESTION 33
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two)
A. ASCII
B. base64
C. binary
D. decimal
E. hexadecimal
Correct Answer: AE
QUESTION 34
Which security program element involves installing badge readers on data-center doors to allow workers to enter and exit based on their job roles?
A. physical access control
B. biometrics
C. role-based access control
D. multifactor authentication
Correct Answer: A
QUESTION 35
Which plane is centralized by an SDN controller?
A. data plane
B. management plane
C. control plane
D. services planeCorrect Answer: C
QUESTION 36
An organization secures its network with multi-factor authentication using an authenticator app on employee smartphones. How is the application secured in the case of a user’s smartphone being lost or stolen?
A. The application requires an administrator password to reactivated after a configured interval.
B. The application verifies that the user is in a specific location before it provides the second factor.
C. The application requires the user to enter a PIN before it provides the second factor.
D. The application challenges a user by requiring an administrator password to reactivate when the smartphone is rebooted.
Correct Answer: C
QUESTION 37
Refer to the exhibit. Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?
A. The frame is processed in VLAN 5
B. The frame is processed in VLAN 11
C. The frame is processed in VLAN 1
D. The frame is dropped
Correct Answer: A
QUESTION 38
Refer to the exhibit.Which two commands were used to create port channel 10? (Choose two)
A. interface range g0/0-1
channel-group 10 mode active
B. interface range g0/0-1
channel-group 10 mode desirable
C. interface range g0/0-1
channel-group 10 mode passive
D. interface range g0/0-1
channel-group 10 mode auto
E. interface range g0/0-1
channel-group 10 mode on
Correct Answer: AC
QUESTION 39
Which two events occur automatically when a device is added to Cisco DNA Center? (Choose two)
A. The device is assigned to the Global site.
B. The device is placed into the Unmanaged state.
C. The device is placed into the Provisioned state.
D. The device is placed into the Managed state.
E. The device is assigned to the Local site.
Correct Answer: AD
QUESTION 40
Which protocol does an access point use to draw power from a connected switch?
A. Internet Group Management Protocol
B. Cisco Discovery Protocol
C. Adaptive Wireless Path Protocol
D. Neighbor Discovery Protocol
Correct Answer: B
QUESTION 41
Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router.
Which access-list entry accomplishes this task?
A. access-list 101 permit tcp 10.1.10.0 0.0.0.255 172.16.10.0 0.0.0.255 eq ssh
B. access-list 101 permit tcp 10.11.0.0 0.0.0.255 172.16.10.0 0.0.0.255 eq scp
C. access-list 101 permit tcp 10.11.0.0 0.0.0.255 172.16.10.0 0.0.0.255 eq telnet
D. access-list 101 permit tcp 10.1.10.0 0.0.0.255 172.16.10.0 0.0.0.255 eq https
Correct Answer: A
QUESTION 42
Refer to the exhibit. What is the metric of the route to the 192.168.10.33/28 subnet?
A. 84
B. 110
C. 128
D. 192
E. 193
Correct Answer: E
QUESTION 43
Refer to the exhibit.
Which two prefixes are included in this routing table entry? (Choose two)
A. 192.168.1.17
B. 192.168.1.61
C. 192.168.1.64
D. 192.168.1.127
E. 192.168.1.254
Correct Answer: AB
QUESTION 44
Where is the interface between the control plane and data plane within the software-defined architecture?
A. application layer and the management layer
B. application layer and the infrastructure layer
C. control layer and the application layer
D. control layer and the infrastructure layer
Correct Answer: D
QUESTION 45
Which statement correctly compares traditional networks and controller-based networks?
A. Only traditional networks offer a centralized control plane
B. Only traditional networks natively support centralized management
C. Traditional and controller-based networks abstract policies from device configurations
D. Only controller-based networks decouple the control plane and the data plane
Correct Answer: D
QUESTION 46
Refer to the exhibit.
An administrator configures four switches for local authentication using passwords that are stored in a cryptographic hash. The four switches must also support SSH access for administrators to manage the network
infrastructure. Which switch is configured correctly to meet these requirements?A. SW1
B. SW2
C. SW3
D. SW4
Correct Answer: C
QUESTION 47
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?
A. TKIP encryption
B. AES encryption
C. Scrambled encryption key
D. SAE encryption
Correct Answer: D
QUESTION 48
Refer to the exhibit.
An engineer must configure GigabitEthernet1/1 to accommodate voice and data traffic. Which configuration accomplishes this task?
A.
B.
C.
D.
Correct Answer: C
QUESTION 49
An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link. Which command should be used?
A. switchport trunk allowed vlan 10
B. switchport trunk native vlan 10
C. switchport mode trunk
D. switchport trunk encapsulation dot1q
Correct Answer: B
QUESTION 50
When deploying syslog, which severity level logs informational message?
A. 0
B. 2
C. 4
D. 6
Correct Answer: D
QUESTION 51
Refer to the exhibit.
An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to enable privilege mode via Telnet using
local username and password?
A. R1(config)#username admin
R1(config-if)#line vty 0 4
R1(config-line)#password p@ss1234
B. R1(config)#username admin
R1(config-if)#line vty 0 4
R1(config-line)#password p@ss1234
R1(config-line)#transport input telnet
C. R1(config)#username admin secret p@ss1234
R1(config-if)#line vty 0 4R1(config-line)#login local
R1(config)#enable secret p@ss1234
D. R1(config)#username admin privilege 15 secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local
Correct Answer: D
QUESTION 52
An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?
A. Exchange
B. 2-way
C. Full
D. Init
Correct Answer: C
QUESTION 53
What are two benefits of network automation? (Choose two)
A. reduced operational costs
B. reduced hardware footprint
C. faster changes with more reliable results
D. fewer network failures
E. increased network security
Correct Answer: AC
QUESTION 54
A wireless administrator has configured a WLAN; however, the clients need access to a less congested 5-GHz network for their voice quality. What action must be taken to meet the requirement?
A. enable AAA override
B. enable RX-SOP
C. enable DTIM
D. enable Band Select
Correct Answer: D
QUESTION 55
Refer to the exhibit.
The default-information originate command is configured under the R1 OSPF configuration. After testing, workstations on VLAN 20 at Site B cannot reach a DNS server on the Internet.
Which action corrects the configuration issue?
A. Add the default-information originate command on R2
B. Add the always keyword to the default-information originate command on R1
C. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1
D. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2
Correct Answer: C
QUESTION 56
Refer to the exhibit.
Router R1 Fa0/0 cannot ping router R3 Fa0/1. Which action must be taken in router R1 to help resolve the configuration issue?A. set the default network as 20.20.20.0/24
B. set the default gateway as 20.20.20.2
C. configure a static route with Fa0/1 as the egress interface to reach the 20.20.20.0/24 network
D. configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 network
Correct Answer: D
QUESTION 57
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?
A. cost
B. administrative distance
C. metric
D. as-path
Correct Answer: C
QUESTION 58
When a client and server are not on the same physical network, which device is used to forward requests and replies between client and server for DHCP?
A. DHCP relay agent
B. DHCP server
C. DHCPDISCOVER
D. DHCPOFFER
Correct Answer: A
QUESTION 59
Refer to the exhibit.
An administrator is tasked with configuring a voice VLAN. What is the expected outcome when a Cisco phone is connected to the GigabitEthernet 3/1/4 port on a switch?
A. The phone and a workstation that is connected to the phone do not have VLAN connectivity.
B. The phone sends and receives data in VLAN 50, but a workstation connected to the phone sends and receives data in VLAN 1.
C. The phone sends and receives data in VLAN 50, but a workstation connected to the phone has no VLAN connected.
D. The phone and a workstation that is connected to the phone send and receive data in VLAN 50.
Correct Answer: B
QUESTION 60
Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table?
A. 20
B. 90
C. 110
D. 115
Correct Answer: B
QUESTION 61
A network administrator enabled port security on a switch interface connected to a printer. What is the next configuration action in order to allow the port to learn the MAC address of the printer and insert it into the table automatically?
A. implement auto MAC address learning
B. implement static MAC addressing.
C. enable sticky MAC addressing
D. enable dynamic MAC address learning
Correct Answer: C
QUESTION 62
When OSPF learns multiple paths to a network, how does it select a route?
A. It multiple the active K value by 256 to calculate the route with the lowest metric.
B. For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth.
C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.
D. It counts the number of hops between the source router and the destination to determine the router with the lowest metric
Correct Answer: C
QUESTION 63
When the active router in an HSRP group fails, what router assumes the role and forwards packets?
A. listening
B. backup
C. forwarding
D. standby
Correct Answer: D
QUESTION 64
When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum number of characters that is required in ASCII format?
A. 6
B. 8
C. 12
D. 18
Correct Answer: B
QUESTION 65
Refer to the exhibit.
A packet is being sent across router R1 to host 172.16.0.14. What is the destination route for the packet?
A. 209.165.200.254 via Serial0/0/1
B. 209.165.200.254 via Serial0/0/0
C. 209.165.200.246 via Serial0/1/0
D. 209.165.200.250 via Serial0/0/0Correct Answer: C
QUESTION 66
How will Link Aggregation be implemented on a Cisco Wireless LAN Controller?
A. To pass client traffic two or more ports must be configured
B. The EtherChannel must be configured in “mode active”
C. When enabled the WLC bandwidth drops to 500 Mbps
D. One functional physical port is needed to pass client traffic
Correct Answer: D
QUESTION 67
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface?
A. configure a stateful DHCPv6 server on the network
B. enable SLAAC on an interface
C. disable the EUI-64 bit process
D. explicitly assign a link-local address
Correct Answer: B
QUESTION 68
Refer to the exhibit. After the configuration is applied, the two routers fail to establish an OSPF neighbor relationship. What is the reason for the problem?
A. The OSPF router IDs are mismatched
B. Router2 is using the default hello timer
C. The network statement on Router1 is misconfigured
D. The OSPF process IDs are mismatched
Correct Answer: B
QUESTION 69
While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two)
A. The packets fail to match any permit statement
B. A matching permit statement is too high in the access list
C. A matching permit statement is too broadly defined
D. The ACL is empty
E. A matching deny statement is too high in the access list
Correct Answer: BC
QUESTION 70
Which two outcomes are predictable behaviors for HSRP? (Choose two)
A. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
B. The two routers negotiate one router as the active router and the other as the standby router
C. Each router has a different IP address both routers act as the default gateway on the LAN, and traffic is load balanced between them
D. The two routers synchronize configurations to provide consistent packet forwarding
E. The two routed share the same IP address, and default gateway traffic is load-balanced between them
Correct Answer: AB
QUESTION 71
Refer to the exhibit.
The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one
another? (Choose two)
A. Configure the ipv6 route 2012::/126 2023::1 command on the Washington router
B. Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router
C. Configure the ipv6 route 2012::/126 s0/0/0 command on the Atlanta router
D. Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router
E. Configure the ipv6 route 2012::/126 2023:2 command on the Washington router
Correct Answer: DE
QUESTION 72
What is the primary function of a Layer 3 device?
A. to analyze traffic and drop unauthorized traffic from the Internet
B. to transmit wireless traffic between hosts
C. forward traffic within the same broadcast domain
D. to pass traffic between different networks
Correct Answer: D
QUESTION 73
Refer to the exhibit.
With which metric was the route to host 172.16.0.202 learned?
A. 0
B. 110
C. 38443
D. 3184439
Correct Answer: C
QUESTION 74
Refer to the exhibit.
What is the effect of this configuration? ip arp inspection vlan 2
A. The switch port interface trust state becomes untrusted
B. The switch port remains administratively down until the interface is connected to another switch
C. Dynamic ARP inspection is disabled because the ARP ACL is missing
D. The switch port remains down until it is configured to trust or untrust incoming packets
Correct Answer: A
QUESTION 75
R1 has learned route 192.168.12.0/24 via IS-IS, OSPF, RIP and Internal EIGRP. Under normal operating conditions, which routing protocol is installed in the routing table?
A. IS-IS
B. RIPC. Internal EIGRP
D. OSPF
Correct Answer: C
QUESTION 76
An engineer needs to configure LLDP to send the port description time length value (TLV). What command sequence must be implemented?
A. switch#lldp port-description
B. switch(config)#lldp port-description
C. switch(config-line)#lldp port-description
D. switch(config-if)#lldp port-description
Correct Answer: B
QUESTION 77
Which condition must be met before an NMS handles an SNMP trap from an agent?
A. The NMS must be configured on the same router as the SNMP agent
B. The NMS must receive a trap and an inform message from the SNMP agent within a configured interval
C. The NMS software must be loaded with the MIB associated with the trap
D. The NMS must receive the same trap from two different SNMP agents to verify that it is reliable
Correct Answer: C
QUESTION 78
Refer to the exhibit.
The “show ip ospf interface” command has been executed on R1. How is OSPF configured?
A. The interface is not participating in OSPF
B. A point-to-point network type is configured
C. The default Hello and Dead timers are in use
D. There are six OSPF neighbors on this interface
Correct Answer: C
QUESTION 79
Which action does the router take as it forwards a packet through the network?
A. The router replaces the source and destination labels with the sending router interface label as a source and the next hop router label as a destination
B. The router encapsulates the source and destination IP addresses with the sending router IP address as the source and the neighbor IP address as the destination
C. The router encapsulates the original packet and then includes a tag that identifies the source router MAC address and transmit transparently to the destination
D. The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination
Correct Answer: D
QUESTION 80
What is the benefit of configuring PortFast on an interface?
A. After the cable is connected, the interface uses the fastest speed setting available for that cable type
B. The frames entering the interface are marked with higher priority and then processed faster by a switch
C. After the cable is connected, the interface is available faster to send and receive user data
D. Real-time voice and video frames entering the interface are processed faster
Correct Answer: C
QUESTION 81
Refer to the exhibit.
What action establishes the OSPF neighbor relationship without forming an adjacency?
A. modify priority
B. modify process ID
C. modify hello interval
D. modify network type
Correct Answer: C
QUESTION 82
Which IPv6 address block sends packets to a group address rather than a single address?
A. 2000::/3
B. FC00::/7
C. FE80::/10
D. FF00::/8
Correct Answer: D
QUESTION 83
What is a characteristic of spine-and-leaf architecture?
A. Each device is separated by the same number of hops
B. It provides variable latency
C. It provides greater predictability on STP blocked ports
D. Each link between leaf switches allows for higher bandwidth
Correct Answer: A
QUESTION 84
Refer to the exhibit.
An engineer configured the New York router with static routes that point to the Atlanta and Washington sites. Which command must be configured on the Atlanta and Washington routers so that both sites are able to reach
the loopback2 interface on the New York router?
A. ip route 0.0.0.0.0.0.0.0 Serial 0/0/0
B. ipv6 route 0/0 Serial 0/0/0
C. ipv6 route ::/0 Serial 0/0/0
D. ipv6 route ::/0 Serial 0/0/1
E. ipv6 route ::/0 2000::2
Correct Answer: C
QUESTION 85
An office has 8 floors with approximately 30-40 users per floor. What command must be configured on the router Switched Virtual Interface to use address space efficiently?
A. ip address 192.168.0.0 255.255.0.0
B. ip address 192.168.0.0 255.255.254.0
C. ip address 192.168.0.0 255.255.255.224
D. ip address 192.168.0.0 255.255.255.128
Correct Answer: C
QUESTION 86
An engineer must configure an OSPF neighbor relationship between router R1 and R3. The authentication configuration has been configured and the connecting interfaces are in the same 192.168.1.0/30 subnet. What are the next two steps to
complete the configuration? (Choose two)
A. configure the hello and dead timers to match on both sides
B. configure the same process ID for the router OSPF process
C. configure the same router ID on both routing processes
D. configure the interfaces as OSPF active on both sides
E. configure both interfaces with the same area ID
Correct Answer: DE
QUESTION 87
Which JSON data type is an unordered set of attribute-value pairs?
A. array
B. string
C. object
D. Boolean
Correct Answer: C
QUESTION 88
In which situation is private IPv4 addressing appropriate for a new subnet on the network of an organization?
A. There is limited unique address space, and traffic on the new subnet will stay local within the organization.
B. The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.
C. Traffic on the subnet must traverse a site-to-site VPN to an outside organization.
D. The ISP requires the new subnet to be advertised to the internet for web services.
Correct Answer: A
QUESTION 89
Refer to the exhibit.
A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have been partially configured with VLANs 10, 11, 12 and 13. What is the next step in the
configuration?
A. Add PC A to the same subnet as the File Server allowing for intra-VLAN communication
B. Add PC A to VLAN 10 and the File Server to VLAN 11 for VLAN segmentation
C. Add a router on a stick between Switch A and Switch B allowing for inter-VLAN routing
D. Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation
Correct Answer: D
QUESTION 90
What is the primary difference between AAA authentication and authorization?
A. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database
B. Authentication identifies a user who is attempting to access a system, and authorization validates the users passwordC. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform
D. Authentication controls the system processes a user can access and authorization logs 9ie activities the user initiates
Correct Answer: C
QUESTION 91
Which function is performed by DHCP snooping?
A. rate-limits certain traffic
B. listens to multicast traffic for packet forwarding
C. provides DDoS mitigation
D. propagates VLAN information between switches
Correct Answer: A
QUESTION 92
What are two characteristics of a controller-based network? (Choose two)
A. The administrator can make configuration updates from the CLI
B. It uses northbound and southbound APIs to communicate between architectural layers
C. It moves the control plane to a central point
D. It decentralizes the control plane, which allows each device to make its own forwarding decisions
E. It uses Telnet to report system issues.
Correct Answer: BC
QUESTION 93
Where does a switch maintain DHCP snooping information?
A. in the CAM table
B. in the VLAN database
C. in the DHCP binding database
D. in the MAC address table
Correct Answer: C
QUESTION 94
What benefit does controller-based networking provide versus traditional networking?
A. moves from a two-tier to a three-tier network architecture to provide maximum redundancy
B. provides an added layer of security to protect from DDoS attacks
C. allows configuration and monitoring of the network from one centralized port
D. combines control and data plane functionality on a single device to minimize latency
Correct Answer: C
QUESTION 95
Refer to the exhibit.
An engineer is configuring an EtherChannel using LAP between Switches 1 and 2. Which configuration must be applied so that only Switch 1 sends LACP initiation packets?
A. Switch1(config-if)#channel-group 1 mode active
Switch2(config-if)#channel-group 1 mode passive
B. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode passive
C. Switch1(config-if)#channel-group 1 mode passive
Switch2(config-if)#channel-group 1 mode active
D. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#/channel-group 1 mode active
Correct Answer: A
QUESTION 96
Which communication interaction takes place when a southbound API is used?
A. between the SDN controller and PCs on the network
B. between the SDN controller and switches and routers on the network
C. between the SDN controller and services and applications on the network
D. between network applications and switches and routers on the network
Correct Answer: B
QUESTION 97
Which type of IPv6 address is publicly routable in the same way as IPv4 public addresses?
A. multicast
B. unique local
C. link-local
D. global unicast
Correct Answer: D
QUESTION 98
A user configured OSPF in a single area between two routers. A serial interface connecting R1 and R2 is running encapsulation PPP. By default which OSPF network type is seen on this interface when the user types show ip ospf interface
on R1 or R2?
A. point-to-multipoint
B. broadcast
C. point-to-point
D. non-broadcast
Correct Answer: C
QUESTION 99
Refer to the exhibit.
If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
A. 192.168.12.2
B. 192.168.13.3
C. 192.168.14.4
D. 192.168.15.5
Correct Answer: C
QUESTION 100
Which technology must be implemented to configure network device monitoring with the highest security?
A. SNMPv3
B. IP SLA
C. NetFlow
D. syslog
Correct Answer: A
QUESTION 101
What is a difference between RADIUS and TACACS+?A. RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication
B. TACACS+ encrypts only password information and RADIUS encrypts the entire payload
C. TACACS+ separates authentication and authorization, and RADIUS merges them
D. RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands
Correct Answer: C
QUESTION 102
How do AAA operations compare regarding user identification, user services and access control?
A. Authorization provides access control and authentication tracks user services
B. Authentication identifies users and accounting tracks user services
C. Accounting tracks user services, and authentication provides access control
D. Authorization identifies users and authentication provides access control
Correct Answer: B
QUESTION 103
Which 802.11 frame type is association response?
A. management
B. protected frame
C. control
D. action
Correct Answer: A
QUESTION 104
Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol?
A. bridge
B. route
C. autonomous
D. lightweight
Correct Answer: D
QUESTION 105
Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration when applied to switch A accomplishes this
task?
A. config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
int vlan 100
ip access-group wwwblock in
B. config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
permit ip any any
int vlan 20
ip access-group wwwblock in
C. config t
ip access-list extended wwwblock
permit ip any any
deny tcp any host 10.30.0.100 eq 80int vlan 30
ip access-group wwwblock in
D. config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
int vlan 20
ip access-group wwwblock in
Correct Answer: B
QUESTION 106
Refer to the exhibit. A packet is being sent across router R1 to host 172.16.3.14. To which destination does the router send the packet?
A. 207.165.200.246 via Serial0/1/0
B. 207.165.200.254 via Serial0/0/0
C. 207.165.200.254 via Serial0/0/1
D. 207.165.200.250 via Serial0/0/0
Correct Answer: C
QUESTION 107
What is a syslog facility?
A. host that is configured for the system to send log messages
B. password that authenticates a Network Management System to receive log messages
C. group of log messages associated with the configured severity level
D. set of values that represent the processes that can generate a log message
Correct Answer: C
QUESTION 108
How does CAPWAP communicate between an access point in local mode and a WLC?
A. The access point must directly connect to the WLC using a copper cable
B. The access point must not be connected to the wired network, as it would create a loop
C. The access point must be connected to the same switch as the WLC
D. The access point has the ability to link to any switch in the network, assuming connectivity to the WLCCorrect Answer: D
QUESTION 109
What is the path for traffic sent from one user workstation to another workstation on a separate switch in a three-layer architecture model?
A. access core distribution access
B. access distribution distribution access
C. access core access
D. access -distribution core distribution access
Correct Answer: D
QUESTION 110
What is the function of a server?
A. It transmits packets between hosts in the same broadcast domain
B. It provides shared applications to end users
C. It routes traffic between Layer 3 devices
D. It creates security zones between trusted and untrusted networks
Correct Answer: B
QUESTION 111
Which command should you enter to configure a device as an NTP server?
A. ntp server
B. ntp peer
C. ntp authenticate
D. ntp master
Correct Answer: D
QUESTION 112
What role does a hypervisor provide for each virtual machine in server virtualization?
A. control and distribution of physical resources
B. software-as-a-service
C. services as a hardware controller
D. infrastructure-as-a-service
Correct Answer: A
QUESTION 113
What are two characteristics of a public cloud implementation? (Choose two)
A. It is owned and maintained by one party, but it is shared among multiple organizations
B. It enables an organization to fully customize how it deploys network resources
C. It provides services that are accessed over the Internet
D. It is a data center on the public Internet that maintains cloud services for only one company
E. It supports network resources from a centralized third-party provider and privately-owned virtual resources
Correct Answer: AC
QUESTION 114
Refer to the exhibit. The entire Marketing-SW1 MAC address table is shown here
What does the switch do when PC-4 sends a frame to PC-1?
A. It maps the Layer 2 MAC address to the Layer 3 IP address and forwards the frame.
B. It floods the frame out of all ports except on the port where PC-1 is connected.
C. It inserts the source MAC address and port into the table and forwards the frame to PC-1.
D. It performs a lookup in the MAC address table and discards the frame due to a missing entry
Correct Answer: C
QUESTION 115
Refer to the exhibit. Router R2 is configured with multiple routes to reach network 10 1.1 0/24 from router R1. What protocol is chosen by router R2 to reach the destination network 10.1 1 0/24?
A. OSPF
B. static
C. EIGRP
D. eBGP
Correct Answer: B
QUESTION 116
Which command must you enter to configure a DHCP relay?
A. ip helper-address
B. ip address dhcp
C. ip dhcp relay
D. ip dhcp pool
Correct Answer: A
QUESTION 117
What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closet? (Choose two)
A. shut down unused ports
B. enable the PortFast feature on ports
C. implement port-based authentication
D. configure ports to a fixed speed
E. configure static ARP entries
Correct Answer: AC
QUESTION 118
Refer to the exhibit.
An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11. PC-1 and PC-2 must be placed in the Data VLAN, and Phone-1 must be placed in the Voice VLAN. Which configuration meets these requirements?
A.
B.
C.
D.
Correct Answer: D
QUESTION 119
Refer to the exhibit. Which configuration issue is preventing the OSPF neighbor relationship from being established between the two routers?
A. R2 is using the passive-interface default command
B. R1 has an incorrect network command for interface Gi1/0
C. R2 should have its network command in area 1
D. R1 interface Gi1/0 has a larger MTU size
Correct Answer: D
QUESTION 120
Which technology can prevent client devices from arbitrarily connecting to the network without state remediation?
A. MAC Authentication Bypass
B. IP Source Guard
C. 802.1x
D. 802.11nCorrect Answer: C
QUESTION 121
The SW1 interface g0/1 is in the down/down state. Which two configurations are valid reasons for the interface condition? (Choose two)
A. There is a duplex mismatch
B. There is a speed mismatch
C. There is a protocol mismatch
D. The interface is shut down
E. The interface is error-disabled
Correct Answer: BE
QUESTION 122
An engineer requires a scratch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured?
A. switchport mode trunk
B. switchport mode dynamic desirable
C. switchport mode dynamic auto
D. switchport nonegotiate
Correct Answer: B
QUESTION 123
What are two benefits of FHRPs? (Choose two)
A. They prevent loops in the Layer 2 network.
B. They allow encrypted traffic.
C. They are able to bundle multiple ports to increase bandwidth
D. They enable automatic failover of the default gateway.
E. They allow multiple devices to serve as a single virtual gateway for clients in the network
Correct Answer: DE
QUESTION 124
Refer to exhibit.Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while allowing devices on VLAN 100 to use their own IP addresses?
A.
B.
C.
D.
Correct Answer: A
QUESTION 125
An engineer must establish a trunk link between two switches. The neighboring switch is set to trunk or desirable mode. What action should be taken?
A. configure switchport nonegotiate
B. configure switchport mode dynamic desirable
C. configure switchport mode dynamic auto
D. configure switchport trunk dynamic desirable
Correct Answer: B
QUESTION 126
Which two primary drivers support the need for network automation? (Choose two)
A. Increasing reliance on self-diagnostic and self-healing
B. Eliminating training needs
C. Policy-derived provisioning of resources
D. Reducing hardware footprint
E. Providing a ship entry point for resource provisioning
Correct Answer: CE
QUESTION 127
What prevents a workstation from receiving a DHCP address?
A. DTP
B. STP
C. VTP
D. 802.10
Correct Answer: B
QUESTION 128
Refer to the exhibit.
Which route type does the routing protocol Code D represent in the output?
A. internal BGP route
B. /24 route of a locally configured IP
C. statically assigned route
D. route learned through EIGRP
Correct Answer: D
QUESTION 129
What makes Cisco DNA Center different from traditional network management applications and their management of networks?
A. It only supports auto-discovery of network elements in a green field deployment.
B. It modular design allows someone to implement different versions to meet the specific needs of an organization
C. It abstracts policy from the actual device configuration
D. It does not support high availability of management functions when operating in cluster mode
Correct Answer: C
QUESTION 130
Refer to the exhibit. Which prefix does Router 1 use for traffic to Host A?
A. 10.10.10.0/28
B. 10.10.13.0/25
C. 10.10.13.144/28
D. 10.10.13.208/29
Correct Answer: D
QUESTION 131
Refer to the exhibit. An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts. A Telnet attempt from PC-2 gives this message: “% Connection refused by remote host.” Without allowing
Telnet access from PC-1; which action must be taken to permit the traffic?
A. Add the access-list 10 permit any command to the configuration.
B. Remove the access-class 10 in command from line vty 0 4
C. Add the ip access-group 10 out command to interface g0/0.
D. Remove the password command from line vty 0 4
Correct Answer: B
QUESTION 132
A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the connection?
A. 802.1q trunks
B. Cisco vPC
C. LLDP
D. LACP
Correct Answer: D
QUESTION 133
Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?
A. Ansible
B. Python
C. Puppet
D. Chef
Correct Answer: A
QUESTION 134
With REST API, which standard HTTP header tells a server which media type is expected by the client?
A. Accept-Encoding: gzip, deflate
B. Accept-Patch: text/example; charset=utf-8
C. Content-Type: application/json; charset=utf-8
D. Accept: application/json
Correct Answer: D
QUESTION 135
What are two reasons for an engineer to configure a floating static route? (Choose two)
A. to automatically route traffic on a secondary path when the primary path goes down
B. to route traffic differently based on the source IP of the packet
C. to enable fallback static routing when the dynamic routing protocol fails
D. to support load balancing via static routing
E. to control the return path of traffic that is sent from the router
Correct Answer: AC
QUESTION 136
Which two actions influence the EIGRP route selection process? (Choose two)
A. The router calculates the reported distance by multiplying the delay on the exiting interface by
B. The router calculates the best backup path to the destination route and assigns it as the feasible successor
C. The router calculates the feasible distance of all paths to the destination route
D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link
E. The router must use the advertised distance as the metric for any given route
Correct Answer: BC
QUESTION 137
What are two differences between optical-fiber cabling and copper cabling? (Choose two)
A. Light is transmitted through the core of the fiber
B. A BNC connector is used for fiber connections
C. The glass core component is encased in a cladding
D. Fiber connects to physical interfaces using RJ-45 connections
E. The data can pass through the cladding
Correct Answer: AC
QUESTION 138
Which network plane is centralized and manages routing decisions?
A. policy plane
B. control plane
C. management plane
D. data plane
Correct Answer: B
QUESTION 139
If a switch port receives a new frame while it is actively transmitting a previous frame, how does it process the frames?
A. The previous frame is delivered, the new frame is dropped, and a retransmission request is sent.
B. The new frame is delivered first, the previous frame is dropped, and a retransmission request is sent.
C. The two frames are processed and delivered at the same time.
D. The new frame is placed in a queue for transmission after the previous frame.
Correct Answer: D
QUESTION 140
A Cisco IP phone receives untagged data traffic from an attached PC. Which action is taken by the phone?
A. It allows the traffic to pass through unchanged
B. It drops the traffic
C. It tags the traffic with the default VLAN
D. It tags the traffic with the native VLAN
Correct Answer: A
QUESTION 141
Using direct sequence spread spectrum, which three 2.4-GHz channels are used to limit collisions?
A. 1,5,10
B. 1,2,3
C. 1,6,11
D. 5,6,7
Correct Answer: C
QUESTION 142
Which type of traffic is sent with pure IPsec?
A. broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites
B. multicast traffic from a server at one site to hosts at another location
C. spanning-tree updates between switches that are at two different sites
D. unicast messages from a host at a remote site to a server at headquarters
Correct Answer: D
QUESTION 143
An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement?
A. WEP
B. RC4
C. AES
D. TKIP
Correct Answer: C
QUESTION 144
Which port type supports the spanning-tree portfast command without additional configuration?
A. access ports
B. Layer 3 main interfaces
C. Layer 3 subinterfaces
D. trunk ports
Correct Answer: A
QUESTION 145
Refer to the exhibit.
Which command configures a floating static route to provide a backup to the primary link?
A. ip route 0.0.0.0 0.0.0.0 209.165.202.131
B. ip route 209.165.201.0 255.255.255.224 209.165.202.130
C. ip route 0.0.0.0 0.0.0.0 209.165.200.224
D. ip route 209.165.200.224 255.255.255.224 209.165.202.129 254
Correct Answer: D
QUESTION 146
Which set of action satisfy the requirement for multifactor authentication?
A. The user swipes a key fob, then clicks through an email link
B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile deviceC. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
D. The user enters a user name and password and then re-enters the credentials on a second screen
Correct Answer: B
QUESTION 147
The service password-encryption command is entered on a router. What is the effect of this configuration?
A. restricts unauthorized users from viewing clear-text passwords in the running configuration
B. prevents network administrators from configuring clear-text passwords
C. protects the VLAN database from unauthorized PC connections on the switch
D. encrypts the password exchange when a VPN tunnel is established
Correct Answer: A
QUESTION 148
Refer to exhibit. Which action do the switches take on the trunk link?
A. The trunk does not form and the ports go into an err-disabled status
B. The trunk forms but the mismatched native VLANs are merged into a single broadcast domain
C. The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link
D. The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state
Correct Answer: B
QUESTION 149
Refer to the exhibit. Which route type is configured to reach the internet?
A. host route
B. default route
C. floating static route
D. network route
Correct Answer: B
QUESTION 150
What is a function of TFTP in network operations?
A. transfers a configuration files from a server to a router on a congested link
B. transfers IOS images from a server to a router for firmware upgrades
C. transfers a backup configuration file from a server to a switch using a username and password
D. transfers files between file systems on a router
Correct Answer: B
QUESTION 151
Which two QoS tools can provide congestion management? (Choose two)A. CBWFQ
B. FRTS
C. CAR
D. PQ
E. PBR
Correct Answer: AD
QUESTION 152
What is a characteristic of private IPv4 addressing?
A. used without tracking or registration
B. issued by IANA in conjunction with an autonomous system number
C. traverse the Internet when an outbound ACL is applied
D. composed of up to 65,536 available addresses
Correct Answer: A
QUESTION 153
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?
A. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management
B. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management
C. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options
D. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management
Correct Answer: A
QUESTION 154
A corporate office uses four floors in a building
* Floor 1 has 24 users
* Floor 2 has 29 users
* Floor 3 has 28 users
* Floor 4 has 22 users
Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?
A. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor
B. 192.168.0.0/24 as summary and 192.168.0.0/28 for each floor
C. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor
D. 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor
Correct Answer: D
QUESTION 155
Refer to the exhibit. What is the effect of this configuration?A. All ARP packets are dropped by the switch
B. Egress traffic is passed only if the destination is a DHCP server.
C. All ingress and egress traffic is dropped because the interface is untrusted
D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings
Correct Answer: D
QUESTION 156
How does QoS optimize voice traffic?
A. reducing bandwidth usage
B. by reducing packet loss
C. by differentiating voice and video traffic
D. by increasing jitter
Correct Answer: C
QUESTION 157
Which API is used in controller-based architectures to interact with edge devices?
A. overlay
B. northbound
C. underlay
D. southbound
Correct Answer: D
QUESTION 158
How are VLAN hopping attacks mitigated?
A. manually implement trunk ports and disable DTP
B. configure extended VLANs
C. activate all ports and place in the default VLAN
D. enable dynamic ARP inspection
Correct Answer: A
QUESTION 159
A network analyst is tasked with configuring the date and time on a router using EXEC mode.The date must be set to January 1,2020 and the time must be set to 12:00 am.what command should be used?
A. clock summer-time date
B. clock set
C. clock timezone
D. clock summer-time recurring
Correct Answer: B
QUESTION 160
What is the function of a controller in controller-based networking?
A. It is a pair of core routers that maintain all routing decisions for a campus
B. It centralizes the data plane for the network
C. It is the card on a core router that maintains all routing decisions for a campus
D. It serves as the centralized management point of an SDN architecture
Correct Answer: D
QUESTION 161
What is the difference between local AP mode and FlexConnet AP mode?
A. Local AP mode creates two CAPWAP tunnels per AP to the WLC
B. FlexConnect AP mode fails to function if me AP loses connectivity with the WLC
C. FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured
D. Local AP mode causes the AP to behave as if it were an autonomous AP
Correct Answer: A
QUESTION 162
Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task?
A. R1#config t
R1(config)#ip routing
R1(config)#ip route default-route 192.168.1.1
B. R1#config t
R1(config)#ip routing
R1(config)#ip route 192.168.1.1 0.0.0.0 0.0.0.0
C. R1#config t
R1(config)#ip routing
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
D. R1#config t
R1(config)#ip routing
R1(config)#ip default-gateway 192.168.1.1
Correct Answer: C
QUESTION 163
A network administrator must enable DHCP services between two sites. What must be configured for the router to pass DHCPDISCOVER messages on to the server?
A. a DHCP Relay Agent
B. DHCP Binding
C. a DHCP Pool
D. DHCP Snooping
Correct Answer: A
QUESTION 164
Refer to the exhibit. What does router R1 use as its OSPF router-ID?
A. 10.10.1.10
B. 10.10.10.20
C. 172.16.15.10
D. 192.168.0.1
Correct Answer: C
QUESTION 165
Which two capacities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two)A. adapters that support all families of Cisco IOS software
B. SDKs that support interaction with third-party network equipment
C. customized versions for small, medium, and large enterprises
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center
E. modular design that is upgradable as needed
Correct Answer: BD
QUESTION 166
What is the same for both copper and fiber interfaces when using SFP modules?
A. They support an inline optical attenuator to enhance signal strength
B. They accommodate single-mode and multi-mode in a single module
C. They offer reliable bandwidth up to 100 Mbps in half duplex mode
D. They provide minimal interruption to services by being hot-swappable
Correct Answer: D
QUESTION 167
Which command on a port enters the forwarding state immediately when a PC is connected to it?
A. switch(config)#spanning-tree portfast default
B. switch(config)#spanning-tree portfast bpduguard default
C. switch(config-if)#spanning-tree portfast trunk
D. switch(config-if)#no spanning-tree portfast
Correct Answer: C
QUESTION 168
Refer to the exhibit. How does router R1 handle traffic to 192.168.12.16?
A. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address
B. It selects the EIGRP route because it has the lowest administrative distance
C. It selects the OSPF route because it has the lowest cost
D. It selects the RIP route because it has the longest prefix inclusive of the destination address
Correct Answer: D
QUESTION 169
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. switchport port-security violation access
B. switchport port-security violation restrict
C. switchport port-security violation protect
D. switchport port-security violation shutdown
Correct Answer: B
QUESTION 170
Refer to the exhibit. Router R2 is configured with multiple routes to reach network 10 1.1.0/24 from router R1. What protocol is chosen by router R2 to reach the destination network 10.1.1.0/24?
A. OSPF
B. static
C. EIGRP
D. eBGP
Correct Answer: B
QUESTION 171
Refer to the exhibit. Router R2 is configured with multiple routes to reach network 10 1.1.0/24 from router R1. What protocol is chosen by router R2 to reach the destination network 10.1.1.0/24?A. OSPF
B. static
C. EIGRP
D. eBGP
Correct Answer: B
QUESTION 172
An engineer must configure interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken?
A. configure IEEE 802.1p
B. configure IEEE 802.1q
C. configure ISL
D. configure DSCP
Correct Answer: B
QUESTION 173
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?
A. on
B. auto
C. active
D. desirable
Correct Answer: A
QUESTION 174
Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1. The new circuit uses eBGP and learns the route to VLAN25 from the BGP path.
What is the expected behavior for the traffic flow for route 10.10.13.0/25?
A. Traffic to 10.10.13.0.25 is load balanced out of multiple interfaces
B. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1
C. Traffic to 10.10.13.0/25 is symmetrical
D. Route 10.10.13.0/25 learned via the Gi0/0 interface remains in the routing table
Correct Answer: B
QUESTION 175
What is the benefit of VRRP?
A. It provides traffic load balancing to destinations that are more than two hops from the source.B. It provides the default gateway redundancy on a LAN using two or more routers.
C. It allows neighbors to share routing table information between each other.
D. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.
Correct Answer: B
QUESTION 176
Refer to the exhibit. What configuration on R1 denies SSH access from PC-1 to any R1 interface and allows all other traffic?
A. access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
interface GigabitEthernet0/0
ip access-group 100 in
B. access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
C. line vty 0 15
access-class 100 in
access-list 100 deny tcp host 172.16.1.33 any eq 23
access-list 100 permit ip any any
interface GigabitEthernet0/0
ip access-group 100 in
D. access-list 100 deny tcp host 172.16.1.33 any eq 23
access-list 100 permit ip any any
line vty 0 15
access-class 100 in
Correct Answer: A
QUESTION 177
Which WAN topology provides a combination of simplicity quality, and availability?
A. partial mesh
B. full mesh
C. point-to-point
D. hub-and-spoke
Correct Answer: C
QUESTION 178
Refer to the exhibit. Which path is used by the router for Internet traffic?
A. 209.165.200.0/27
B. 10.10.10.0/28
C. 0.0.0.0/0
D. 10.10.13.0/24
Correct Answer: C
QUESTION 179
Which HTTP status code is returned after a successful REST API request?
A. 200
B. 301
C. 404
D. 500
Correct Answer: A
QUESTION 180
Which design element is a best practice when deploying an 802.11b wireless infrastructure?
A. disabling TPC so that access points can negotiate signal levels with their attached wireless devices.
B. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller
C. allocating non overlapping channels to access points that are in close physical proximity to one another
D. configuring access points to provide clients with a maximum of 5 Mbps
Correct Answer: C
QUESTION 181
Refer to the exhibit. If OSPF is running on this network, how does Router 2 handle traffic from Site B to 10.10.13.128/25 at Site A?
A. It sends packets out of interface Fa0/2 only
B. It sends packets out of interface Fa0/1 only
C. It is unreachable and discards the traffic
D. It load-balances traffic out of Fa0/1 and Fa0/2
Correct Answer: C
QUESTION 182Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended. Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two)
A. Add a “permit ip any any” statement to the beginning of ACL 101 for allowed traffic
B. Add a “permit ip any any” statement at the end of ACL 101 for allowed traffic
C. The source and destination IPs must be swapped in ACL 101
D. The ACL must be configured the Gi0/2 interface inbound on R1
E. The ACL must be moved to the Gi0/1 interface outbound on R2
Correct Answer: BC
QUESTION 183
Refer to the exhibit. Router R4 is dynamically learning the path to the server. If R4 is connected to R1 via OSPF Area 20, to R2 via R2 BGP, and to R3 via EIGRP 777, which path is installed in the routing table of R4?
A. the path through R2, because the EBGP administrative distance is 20
B. the path through R2, because the IBGP administrative distance is 200
C. the path through R1, because the OSPF administrative distance is 110
D. the path through R3, because the EIGRP administrative distance is lower than OSPF and BGP
Correct Answer: A
QUESTION 184
By default, how does EIGRP determine the metric of a route for the routing table?
A. It uses the bandwidth and delay values of the path to calculate the route metric
B. It uses a default metric of 10 for all routes that are learned by the router
C. It uses a reference Bandwidth and the actual bandwidth of the connected link to calculate the route metric
D. It counts the number of hops between the receiving and destination routers and uses that value as the metric
Correct Answer: A
QUESTION 185
Why was the RFC 1918 address space defined?
A. preserve public IPv6 address space
B. support the NAT protocol
C. reduce instances of overlapping IP addresses
D. conserve public IPv4 addressing
Correct Answer: D
QUESTION 186
A network administrator is asked to configure VLANs 2, 3 and 4 for a new implementation. Some ports must be assigned to the new VLANs with unused remaining. Which action should be taken for the unused ports?
A. configure port in the native VLAN
B. configure ports in a black hole VLAN
C. configure in a nondefault native VLAND. configure ports as access ports
Correct Answer: B
QUESTION 187
What are two fundamentals of virtualization? (Choose two)
A. The environment must be configured with one hypervisor that serves solely as a network manager to monitor SNMP traffic
B. It allows logical network devices to move traffic between virtual machines and the rest of the physical network
C. It allows multiple operating systems and applications to run independently on one physical server
D. It allows a physical router to directly connect NICs from each virtual machine into the network
E. It requires that some servers, virtual machines and network gear reside on the Internet
Correct Answer: BC
QUESTION 188
In which two ways does a password manager reduce the chance of a hacker stealing a user’s password? (Choose two)
A. It automatically provides a second authentication factor that is unknown to the original user
B. It uses an internal firewall to protect the password repository from unauthorized access
C. It protects against keystroke logging on a compromised device or web site
D. It stores the password repository on the local workstation with built-in antivirus and anti-malware functionality
E. It encourages users to create stronger passwords
Correct Answer: CE
QUESTION 189
What mechanism carries multicast traffic between remote sites and supports encryption?
A. ISATAP
B. GRE over IPsec
C. IPsec over ISATAP
D. GRE
Correct Answer: B
QUESTION 190
What event has occurred if a router sends a notice level message to a syslog server?
A. A TCP connection has been torn down
B. An ICMP connection has been built
C. An interface line has changed status
D. A certificate has expired
Correct Answer: C
QUESTION 191
Refer to the exhibit. The entire MAC address table for SW1 is shown here:
What does SW1 do when Br-4 sends a frame to Br-2?
A. It inserts the source MAC address and port into the forwarding table and forwards the frame to Br-2.
B. It performs a lookup in the MAC address table for Br-4 and discards the frame due to a missing entry.
C. It maps the Layer 2 MAC address for Fa0/3 to the Layer 3 IP address and forwards the frame.
D. It floods the frame out of all ports except on the port where Br-2 is connected.
Correct Answer: A
QUESTION 192
What is the role of a firewall in an enterprise network?
A. determines which packets are allowed to cross from unsecured to secured networks
B. processes unauthorized packets and allows passage to less secure segments of the network
C. forwards packets based on stateless packet inspection
D. explicitly denies all packets from entering an administrative domain
Correct Answer: A
QUESTION 193
How does HSRP provide first-hop redundancy?
A. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN
C. It forwards multiple packets to the same destination over different routed links and data path
D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
Correct Answer: D
QUESTION 194
Refer to the exhibit. What is the next hop address for traffic that is destined to host 10.0.1.5?
A. Loopback 0
B. 10.0.1.4
C. 10.0.1.50
D. 10.0.1.3
Correct Answer: C
QUESTION 195
Which function is performed by the collapsed core layer in a two-tier architecture?
A. applying security policies
B. marking interesting traffic for data policies
C. enforcing routing policies
D. attaching users to the edge of the network
Correct Answer: C
QUESTION 196
Which output displays a JSON data representation?
A. {
“response”,{
“taskId”,{};
“url”,”string”
};
“version”, “string”
}
B. {
“response”:{
“taskId”,{};
“url”,”string”
};
“version”; “string”
}
C. {
“response”- {
“taskId”- {};
“url”-“string”
},
“version”-“string”
}D. {
“response”:{
“taskId”:{},
“url”:”string”
},
“version”: “string”
}
Correct Answer: D
QUESTION 197
Which device permits or denies network traffic based on a set of rules?
A. access point
B. wireless controller
C. firewall
D. switch
Correct Answer: C
QUESTION 198
Refer to the exhibit.
Which type of configuration is represented in the output?
A. Puppet
B. JSON
C. Chef
D. Ansible
Correct Answer: A
QUESTION 199
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?
A. CPU ACL
B. TACACS
C. Flex ACL
D. RADIUS
Correct Answer: A
QUESTION 200
Which switch technology establishes a network connection immediately when it is plugged in?
A. UplinkFast
B. PortFast
C. BPDU guard
D. BackboneFast
Correct Answer: B
QUESTION 201
Refer to the exhibit.
Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?
A. Interface errors are incrementing
B. An incorrect SFP media type was used at SiteA
C. High usage is causing high latency
D. The sites were connected with the wrong cable type
Correct Answer: A
QUESTION 202
When a switch receives a frame for a known destination MAC address, how is the frame handed?
A. flooded to all ports except the one from which it originated
B. broadcast to all ports
C. forwarded to the first available port
D. sent to the port identified for the known MAC address
Correct Answer: D
QUESTION 203
What is the purpose of using First Hop Redundancy Protocol in a specific subnet?
A. forwards multicast hello messages between routersB. sends the default route to the hosts on a network
C. filter traffic based on destination IP addressing
D. ensures a loop-free physical topology
Correct Answer: A
QUESTION 204
What is a characteristic of cloud-based network topology?
A. physical workstations are configured to share resources
B. services are provided by a public, private, or hybrid deployment
C. onsite network services are provided with physical Layer 2 and Layer 3 components
D. wireless connections provide the sole access method to services
Correct Answer: B
QUESTION 205
Refer to the exhibit. What is the result if Gig1/11 receives an STP BPDU?
A. The port transitions to STP blocking
B. The port transitions to the root port
C. The port immediately transitions to STP forwarding
D. The port goes into error-disable state
Correct Answer: D
QUESTION 206
What is a function of a remote access VPN?
A. used cryptographic tunneling to protect the privacy of data for multiple users simultaneously
B. allows the users to access company internal network resources through a secure tunnel
C. used exclusively when a user is connected to a company’s internal network
D. establishes a secure tunnel between two branch sites
Correct Answer: B
QUESTION 207
Which network action occurs within the data plane?
A. compare the destination IP address to the IP routing table
B. make a configuration change from an incoming NETCONF RPC
C. run routing protocols (OSPF, EIGRP, RIP, BGP)D. reply to an incoming ICMP echo request
Correct Answer: A
QUESTION 208
On workstations running Microsoft Windows, which protocol provides the default gateway for the device?
A. STP
B. DNS
C. SNMP
D. DHCP
Correct Answer: D
QUESTION 209
Which set of action satisfy the requirement for multifactor authentication?
A. The user swipes a key fob, then clicks through an email link
B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device
C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
D. The user enters a user name and password and then re-enters the credentials on a second screen
Correct Answer: B
QUESTION 210
What is the maximum bandwidth of a T1 point-to-point connection?
A. 1.544 Mbps
B. 2.048 Mbps
C. 34.368 Mbps
D. 43.7 Mbps
Correct Answer: A
QUESTION 211
Which goal is achieved by the implementation of private IPv4 addressing on a network?
A. provides a reduction in size of the forwarding table on network routers
B. provides an added level of protection against Internet exposure
C. allows communication across the Internet to other private networks
D. allows servers and workstations to communicate across public network boundaries
Correct Answer: B
QUESTION 212
Which virtual MAC address is used by VRRP group 1?
A. 0000.5E00.0101
B. 0050.0c05.ad81
C. 0007.c061.bc01
D. 0500.4.0768.5371
Correct Answer: A
QUESTION 213
Refer to the exhibit.When PC-A sends traffic to PC-B, which network component is in charge of receiving the packet from PC-A verifying the IP addresses, and forwarding the packet to PC-B?
A. Layer 2 switch
B. firewall
C. Load balancer
D. Router
Correct Answer: D
QUESTION 214
Refer to the exhibit. If the network environment is operating normally, which type of device must be connected to interface FastEthernet 0/1?
A. DHCP client
B. access point
C. router
D. PC
Correct Answer: C
QUESTION 215
What does physical access control regulate?
A. access to specific networks based on business function
B. access to servers to prevent malicious activity
C. access to computer networks and file systems
D. access to networking equipment and facilities
Correct Answer: D
QUESTION 216
How do TCP and UDP differ in the way they guarantee packet delivery?A. TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.
B. TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks and UDP uses retransmissions only.
C. TCP uses checksum, parity checks, and retransmissions, and UDP uses acknowledgements only.
D. TCP uses retransmissions, acknowledgement and parity checks and UDP uses cyclic redundancy checks only.
Correct Answer: A
QUESTION 217
What is the difference in data transmission delivery and reliability between TCP and UDP?
A. UDP sets up a connection between both devices before transmitting data. TCP uses the three-way handshake to transmit data with a reliable connection.
B. TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to ensure applications receive the data on the remote end.
C. UDP is used for multicast and broadcast communication. TCP is used for unicast communication and transmits data at a higher rate with error checking.
D. TCP requires the connection to be established before transmitting data. UDP transmits data at a higher rate without ensuring packet delivery.
Correct Answer: D
QUESTION 218
Which result occurs when PortFast is enabled on an interface that is connected to another switch?
A. Spanning tree may fail to detect a switching loop in the network that causes broadcast storms
B. VTP is allowed to propagate VLAN configuration information from switch to switch automatically.
C. Root port choice and spanning tree recalculation are accelerated when a switch link goes down
D. After spanning tree converges PortFast shuts down any port that receives BPDUs.
Correct Answer: A
QUESTION 219
Which two encoding methods are supported by REST APIs? (Choose two)
A. YAML
B. JSON
C. EBCDIC
D. SGML
E. XML
Correct Answer: BE
QUESTION 220
Refer to the exhibit. To which device does Router1 send packets that are destined to host 10.10.13.165?
A. Router2
B. Router3
C. Router4
D. Router5
Correct Answer: B
QUESTION 221
In software-defined architecture, which place handles switching for traffic through a Cisco router?
A. Data
B. Control
C. Management
D. Application
Correct Answer: A
QUESTION 222
Which IPv6 address block forwards packets to a multicast address rather than a unicast address?
A. 2000::/3
B. FC00::/7
C. FE80::/10
D. FF00::/12
Correct Answer: D
QUESTION 223
Which 802.11 frame type is indicated by a probe response after a client sends a probe request?
A. management
B. control
C. action
D. data
Correct Answer: A
QUESTION 224
How does the dynamically-learned MAC address feature function?
A. It requires a minimum number of secure MAC addresses to be filled dynamically
B. Switches dynamically learn MAC addresses of each connecting CAM table
C. The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses
D. The CAM table is empty until ingress traffic arrives at each port
Correct Answer: D
QUESTION 225
Which statement identifies the functionality of virtual machines?
A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor
B. The hypervisor can virtualize physical components including CPU, memory, and storage
C. Each hypervisor can support a single virtual machine and a single software switch
D. The hypervisor communicates on Layer 3 without the need for additional resources
Correct Answer: B
QUESTION 226
Which access layer threat-mitigation technique provides security based on identity?
A. using a non-default native VLANB. Dynamic ARP Inspection
C. DHCP snooping
D. 802.1x
Correct Answer: D
QUESTION 227
What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two)
A. Both support runs of up to 100 meters.
B. Both support runs of up to 55 meters.
C. Both operate at a frequency of 500 MHz.
D. Both support speeds of at least 1 Gigabit.
E. Both support speeds up to 10 Gigabit.
Correct Answer: AD
QUESTION 228
Refer to the exhibit. How does router R1 handle traffic to 192.168.10.16?
A. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address
B. It selects the RIP route because it has the longest prefix inclusive of the destination address
C. It selects the OSPF route because it has the lowest cost
D. It selects the EIGRP route because it has the lowest administrative distance
Correct Answer: B
QUESTION 229
What is the effect when loopback interfaces and the configured router ID are absent during the SPF Process configuration?
A. No router ID is set, and the OSPF protocol does not run
B. The lowest IP address is incremented by 1 and selected as the router ID
C. The highest up/up physical interface IP address is selected as the router ID
D. The router ID 0.0.0.0 is selected and placed in the OSPF process
Correct Answer: C
QUESTION 230
Refer to the exhibit. The loopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host routes must be configured on the NEW York router? (Choose two)
A. ipv6 route 2000::1/128 2012::1
B. ipv6 route 2000::3/128 2023::3
C. ipv6 route 2000::3/128 s0/0/0
D. ipv6 route 2000::1/128 2012::2
E. ipv6 route 2000::1/128 s0/0/1
Correct Answer: AB
QUESTION 231
Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two)
A. task
B. cookbook
C. recipe
D. model
E. playbook
Correct Answer: AE
QUESTION 232
What are two benefits of controller-based networking compared to traditional networking? (Choose two)
A. controller-based increases network bandwidth usage, while traditional lightens the load on the network.
B. controller-based reduces network configuration complexity, while traditional increases the potential for errors
C. controller-based inflates software costs, while traditional decreases individual licensing costs
D. controller-based allows for fewer network failure, while traditional increases failure rates
E. controller-based provides centralization of key IT functions. While traditional requires distributes management function
Correct Answer: BE
QUESTION 233
Refer to the exhibit.A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
A. access-list 2699 permit udp 10.20.1.0 0.0.0.255
B. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
C. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
Correct Answer: D
QUESTION 234
Which two command sequences must you configure on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? (Choose two)
A. interface GigabitEthernet0/0/1
channel-group 10 mode active
B. interface GigabitEthernet0/0/1
channel-group 10 mode auto
C. interface GigabitEthernet0/0/1
channel-group 10 mode on
D. interface port-channel 10
no switchport
ip address 172.16.0.1 255.255.255.0
E. interface port-channel 10
switchport
switchport mode trunk
Correct Answer: AD
QUESTION 235
Which level of severity must be set to get informational syslogs?
A. alert
B. critical
C. notice
D. debug
Correct Answer: D
QUESTION 236
Refer to the exhibit.A network engineer must configured communication between PC A and the File Server. To prevent interruption for any other communications, which command must be configured?
A. Switch trunk allowed vlan 12
B. Switchport trunk allowed vlan none
C. Switchport trunk allowed vlan add 13
D. Switchport trunk allowed vlan remove 10-11
Correct Answer: C
QUESTION 237
In QoS, which prioritization method is appropriate for interactive voice and video?
A. expedited forwarding
B. traffic policing
C. round-robin scheduling
D. low-latency queuing
Correct Answer: D
QUESTION 238
What is the advantage of Cisco DNA Center versus traditional campus device management?
A. It supports numerous extensibility options including cross-domain adapters and third-party SDKs
B. It supports high availability for management functions when operating in cluster mode
C. It enables easy autodiscovery of network elements m a brownfield deployment
D. It is designed primarily to provide network assurance
Correct Answer: A
QUESTION 239
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two)
A. Enable NTP authentication
B. Verify the time zone
C. Disable NTP broadcasts
D. Specify the IP address of the NTP server
E. Set the NTP server private key
Correct Answer: AD
QUESTION 240
Which implementation provides the strongest encryption combination for the wireless environment?
A. WPA2 + AES
B. WPA + AES
C. WEP
D. WPA + TKIP
Correct Answer: A
QUESTION 241
Refer to the exhibit.
An access list is required to permit traffic from any host on interface G0/0 and deny traffic from interface Gi0/1. Which access list must be applied?
A.
B.
C.
D.
Correct Answer: A
QUESTION 242
An implementer is preparing hardware for virtualization to create virtual machines on a host. What is needed to provide communication between hardware and virtual machines?
A. straight cable
B. router
C. hypervisor
D. switch
Correct Answer: C
QUESTION 243
What is a network appliance that checks the state of a packet to determine whether the packet is legitimate?
A. firewall
B. LAN controller
C. load balancer
D. Layer 2 switch
Correct Answer: A
QUESTION 244
When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI, which format is supported?
A. decimal
B. ASCII
C. base64
D. unicode
Correct Answer: B
DRAG AND DROP
QUESTION 1
Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the right.
Select and Place:
Correct Answer:
QUESTION 2
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right
Select and Place:
Correct Answer:
QUESTION 3
Drag and drop the descriptions from the left onto the configuration-management technologies on the right
Select and Place:
Correct Answer:
QUESTION 4
Refer to the exhibit. An engineer is tasked with verifying network configuration parameters on a client workstation to report back to the team lead. Drag and drop the node identifiers from the left onto the network parameters on the right.
Select and Place:
Correct Answer:
QUESTION 5
Drag and drop the descriptions of device management from the left onto the types of device management on the right.
Select and Place:
Correct Answer:
QUESTION 6
Drag and drop the descriptions of IP protocol transmissions from the left onto the IP traffic types on the right.
Select and Place:
Correct Answer:
QUESTION 7
Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right.
Select and Place:
Correct Answer:
QUESTION 8
Drag and drop the AAA terms from the left onto the descriptions on the night
Select and Place:
Correct Answer:
QUESTION 9
Drag and drop the SNMP components from the left onto the descriptions on the right
Select and Place:
Correct Answer:
QUESTION 10
Drag and drop the application protocols from the left onto the transport protocols that it uses on the right
Select and Place:
Correct Answer:
QUESTION 11
Drag and drop the characteristics of networking from the left onto the networking types on the right.
Select and Place:
Correct Answer:
QUESTION 12
Refer to the exhibit. Drag and drop the networking parameters from the left onto the correct values on the right
Select and Place:
Correct Answer:
QUESTION 13
Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right
Select and Place:
Correct Answer:
QUESTION 14
Drag and drop the DNS lookup components from the left onto the functions on the right.
Select and Place:
Correct Answer:
QUESTION 15
Drag and drop the descriptions of device management from the left onto the management types on the right.
Select and Place:
Correct Answer: