Check answers here:
CCNA 3 v7 FINAL Exam Answers
Quiz-summary
0 of 212 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
Information
CCNA 3 v7.0 Final Exam Answers – Test online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 212 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- Answered
- Review
-
Question 1 of 212
1. Question
1 pointsWhich design feature will limit the size of a failure domain in an enterprise network?Correct
Incorrect
-
Question 2 of 212
2. Question
1 pointsWhich two things should a network administrator modify on a router to perform password recovery? (Choose two.)Correct
Incorrect
-
Question 3 of 212
3. Question
1 pointsWhat type of network uses one common infrastructure to carry voice, data, and video signals?Correct
Incorrect
-
Question 4 of 212
4. Question
1 pointsWhat are three advantages of using private IP addresses and NAT? (Choose three.)Correct
Incorrect
-
Question 5 of 212
5. Question
1 pointsWhich two scenarios are examples of remote access VPNs? (Choose two.)Correct
Incorrect
-
Question 6 of 212
6. Question
1 pointsWhat are three benefits of cloud computing? (Choose three.)Correct
Incorrect
-
Question 7 of 212
7. Question
1 pointsWhat is a characteristic of a single-area OSPF network?Correct
Incorrect
-
Question 8 of 212
8. Question
1 pointsWhat is a WAN?Correct
Incorrect
-
Question 9 of 212
9. Question
1 pointsA network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?Correct
Incorrect
-
Question 10 of 212
10. Question
1 pointsWhich type of OSPF packet is used by a router to discover neighbor routers and establish neighbor adjacency?Correct
Incorrect
-
Question 11 of 212
11. Question
1 pointsWhich two statements are characteristics of a virus? (Choose two.)Correct
Incorrect
Hint
The type of end user interaction required to launch a virus is typically opening an application, opening a web page, or powering on the computer. Once activated, a virus may infect other files located on the computer or other computers on the same network. -
Question 12 of 212
12. Question
1 pointsWhich public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?Correct
Incorrect
-
Question 13 of 212
13. Question
1 pointsA customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?Correct
Incorrect
-
Question 14 of 212
14. Question
1 pointsA company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use debuggers?Correct
Incorrect
-
Question 15 of 212
15. Question
1 pointsConsider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?R1# Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match)
Correct
Incorrect
Hint
The access-class command is used only on VTY ports. VTY ports support Telnet and/or SSH traffic. The match permit ACE is how many attempts were allowed using the VTY ports. The match deny ACE shows that a device from a network other than 192.168.10.0 was not allowed to access the router through the VTY ports. -
Question 16 of 212
16. Question
1 pointsWhat command would be used as part of configuring NAT or PAT to clear dynamic entries before the timeout has expired?Correct
Incorrect
-
Question 17 of 212
17. Question
1 pointsWhat are two characteristics of video traffic? (Choose two.)Correct
Incorrect
-
Question 18 of 212
18. Question
1 pointsRefer to the exhibit. A technician is configuring R2 for static NAT to allow the client to access the web server. What is a possible reason that the client PC cannot access the web server?Correct
Incorrect
Hint
Interface S0/0/0 should be identified as the outside NAT interface. The command to do this would be R2(config-if)# ip nat outside. -
Question 19 of 212
19. Question
1 pointsIn setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?Correct
Incorrect
Hint
Network Address Translation (NAT) is the process used to convert private addresses to internet-routable addresses that allow office devices to access the internet. -
Question 20 of 212
20. Question
1 pointsA data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?Correct
Incorrect
-
Question 21 of 212
21. Question
1 pointsRefer to the exhibit. Which address or addresses represent the inside global address?Correct
Incorrect
-
Question 22 of 212
22. Question
1 pointsWhich two IPsec protocols are used to provide data integrity?Correct
Incorrect
Hint
The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity) are MD5 and SHA. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm used for key exchange. RSA is an algorithm used for authentication. -
Question 23 of 212
23. Question
1 pointsIf an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?Correct
Incorrect
Hint
If an outside host does not have the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connection via a compliant web browser, and then download and install the AnyConnect client on the remote host. -
Question 24 of 212
24. Question
1 pointsA company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)Correct
Incorrect
Hint
An organization can connect to a WAN through basic two options:- Private WAN infrastructure – such as dedicated point-to-point leased lines, PSTN, ISDN, Ethernet WAN, ATM, or Frame Relay
- Public WAN infrastructure – such as digital subscriber line (DSL), cable, satellite access, municipal Wi-Fi, WiMAX, or wireless cellular including 3G/4G
-
Question 25 of 212
25. Question
1 pointsWhich type of QoS marking is applied to Ethernet frames?Correct
Incorrect
-
Question 26 of 212
26. Question
1 pointsRefer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.)Correct
Incorrect
Hint
With the show NTP associations command, the IP address of the NTP master is given. -
Question 27 of 212
27. Question
1 pointsRefer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)Correct
Incorrect
Hint
The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server. -
Question 28 of 212
28. Question
1 pointsRefer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?Correct
Incorrect
Hint
Because standard access lists only filter on the source IP address, they are commonly placed closest to the destination network. In this example, the source packets will be coming from the R2 G0/0 network. The destination is the R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1 interface. -
Question 29 of 212
29. Question
1 pointsWhich is a characteristic of a Type 2 hypervisor?Correct
Incorrect
-
Question 30 of 212
30. Question
1 pointsWhat are the two types of VPN connections? (Choose two.)Correct
Incorrect
Hint
PPPoE, leased lines, and Frame Relay are types of WAN technology, not types of VPN connections. -
Question 31 of 212
31. Question
1 pointsRefer to the exhibit. What three conclusions can be drawn from the displayed output? (Choose three.)Correct
Incorrect
-
Question 32 of 212
32. Question
1 pointsRefer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?Correct
Incorrect
Hint
The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched. -
Question 33 of 212
33. Question
1 pointsWhat functionality does mGRE provide to the DMVPN technology?Correct
Incorrect
Hint
DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub. -
Question 34 of 212
34. Question
1 pointsWhat is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?Correct
Incorrect
-
Question 35 of 212
35. Question
1 pointsWhat command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?Correct
Incorrect
-
Question 36 of 212
36. Question
1 pointsWhat is a purpose of establishing a network baseline?Correct
Incorrect
Hint
A baseline is used to establish normal network or system performance. It can be used to compare with future network or system performances in order to detect abnormal situations. -
Question 37 of 212
37. Question
1 pointsMatch the type of WAN device or service to the description. (Not all options are used.)Correct
Incorrect
-
Question 38 of 212
38. Question
1 pointsWhich statement describes a characteristic of standard IPv4 ACLs?Correct
Incorrect
-
Question 39 of 212
39. Question
1 pointsRefer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?Correct
Incorrect
Hint
R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would enable the router to check for all interesting traffic and if it matches ACL 1 it would be translated by use of the addresses in NAT-POOL2. -
Question 40 of 212
40. Question
1 pointsRefer to the exhibit. What method can be used to enable an OSPF router to advertise a default route to neighboring OSPF routers?Correct
Incorrect
-
Question 41 of 212
41. Question
1 pointsA company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?Correct
Incorrect
-
Question 42 of 212
42. Question
1 pointsWhat are two syntax rules for writing a JSON array? (Choose two.)Correct
Incorrect
-
Question 43 of 212
43. Question
1 pointsWhat is a characteristic of a Trojan horse as it relates to network security?Correct
Incorrect
Hint
A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable. -
Question 44 of 212
44. Question
1 pointsAn attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?Correct
Incorrect
Hint
In DHCP spoofing attacks, an attacker configures a fake DHCP server on the network to issue DHCP addresses to clients with the aim of forcing the clients to use a false default gateway, and other false services. DHCP snooping is a Cisco switch feature that can mitigate DHCP attacks. MAC address starvation and MAC address snooping are not recognized security attacks. MAC address spoofing is a network security threat. -
Question 45 of 212
45. Question
1 pointsA company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?Correct
Incorrect
Hint
Secure communications consists of four elements: Data confidentiality – guarantees that only authorized users can read the message Data integrity – guarantees that the message was not altered Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent -
Question 46 of 212
46. Question
1 pointsA company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?Correct
Incorrect
-
Question 47 of 212
47. Question
1 pointsAn administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?Correct
Incorrect
-
Question 48 of 212
48. Question
1 pointsMatch the HTTP method with the RESTful operation.Correct
Incorrect
-
Question 49 of 212
49. Question
1 pointsRefer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East?Correct
Incorrect
-
Question 50 of 212
50. Question
1 pointsWhat is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?Correct
Incorrect
Hint
The OSPF priority can be set to a number between 0 and 255. The higher the number set, the more likely the router becomes the DR. A priority 0 stops a router from participating in the election process and the router does not become a DR or a BDR. -
Question 51 of 212
51. Question
1 pointsAn ACL is applied inbound on a router interface. The ACL consists of a single entry:access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .
If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied?Correct
Incorrect
-
Question 52 of 212
52. Question
1 pointsWhat is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?Correct
Incorrect
-
Question 53 of 212
53. Question
1 pointsWhich two scenarios would result in a duplex mismatch? (Choose two.)Correct
Incorrect
-
Question 54 of 212
54. Question
1 pointsA network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting?Correct
Incorrect
Hint
For enabling SNMPv3 one of three security levels can be configured: 1) noAuth 2) auth 3) priv The security level configured determines which security algorithms are performed on SNMP packets. The auth security level uses either HMAC with MD5 or SHA. -
Question 55 of 212
55. Question
1 pointsWhat are two types of attacks used on DNS open resolvers? (Choose two.)Correct
Incorrect
Hint
Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sites DNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources -
Question 56 of 212
56. Question
1 pointsAn ACL is applied inbound on a router interface. The ACL consists of a single entry:access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .
If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?Correct
Incorrect
-
Question 57 of 212
57. Question
1 pointsWhich type of resources are required for a Type 1 hypervisor?Correct
Incorrect
-
Question 58 of 212
58. Question
1 pointsIn JSON, what is held within square brackets [ ]?Correct
Incorrect
-
Question 59 of 212
59. Question
1 pointsWhat are three components used in the query portion of a typical RESTful API request? (Choose three.)Correct
Incorrect
-
Question 60 of 212
60. Question
1 pointsA user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?Correct
Incorrect
-
Question 61 of 212
61. Question
1 pointsWhich protocol provides authentication, integrity, and confidentiality services and is a type of VPN?Correct
Incorrect
-
Question 62 of 212
62. Question
1 pointsWhich statement describes a characteristic of Cisco Catalyst 2960 switches?Correct
Incorrect
-
Question 63 of 212
63. Question
1 pointsWhich component of the ACI architecture translates application policies into network programming?Correct
Incorrect
-
Question 64 of 212
64. Question
1 pointsWhich two pieces of information should be included in a logical topology diagram of a network? (Choose two.)Correct
Incorrect
Hint
The interface identifier and connection type should be included in a logical topology diagram because they indicate which interface is connected to other devices in the network with a specific type such as LAN, WAN, point-to-point, etc. The OS/IOS version, device type, cable type and identifier, and cable specification are typically included in a physical topology diagram. -
Question 65 of 212
65. Question
1 pointsRefer to the exhibit. A PC at address 10.1.1.45 is unable to access the Internet. What is the most likely cause of the problem?Correct
Incorrect
Hint
The output of show ip nat statistics shows that there are 2 total addresses and that 2 addresses have been allocated (100%). This indicates that the NAT pool is out of global addresses to give new clients. Based on the show ip nat translations, PCs at 10.1.1.33 and 10.1.1.123 have used the two available addresses to send ICMP messages to a host on the outside network. -
Question 66 of 212
66. Question
1 pointsWhat are two benefits of using SNMP traps? (Choose two.)Correct
Incorrect
-
Question 67 of 212
67. Question
1 pointsWhich statement accurately describes a characteristic of IPsec?Correct
Incorrect
Hint
IPsec can secure a path between two network devices. IPsec can provide the following security functions: Confidentiality – IPsec ensures confidentiality by using encryption. Integrity – IPsec ensures that data arrives unchanged at the destination using a hash algorithm, such as MD5 or SHA. Authentication – IPsec uses Internet Key Exchange (IKE) to authenticate users and devices that can carry out communication independently. IKE uses several types of authentication, including username and password, one-time password, biometrics, pre-shared keys (PSKs), and digital certificates. Secure key exchange- IPsec uses the Diffie-Hellman (DH) algorithm to provide a public key exchange method for two peers to establish a shared secret key. -
Question 68 of 212
68. Question
1 pointsIn a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)Correct
Incorrect
-
Question 69 of 212
69. Question
1 pointsWhich two statements describe the use of asymmetric algorithms? (Choose two.)Correct
Incorrect
Hint
Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but the complementary matched key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key encrypts the data, the corresponding public key decrypts the data. -
Question 70 of 212
70. Question
1 pointsRefer to the exhibit. A network administrator has deployed QoS and has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. Where should initial marking occur to establish the trust boundary?Correct
Incorrect
Hint
Traffic should be classified and marked as close to its source as possible. The trust boundary identifies at which device marked traffic should be trusted. Traffic marked on VoIP phones would be considered trusted as it moves into the enterprise network. -
Question 71 of 212
71. Question
1 pointsWhat are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)Correct
Incorrect
-
Question 72 of 212
72. Question
1 pointsWhat are two purposes of launching a reconnaissance attack on a network? (Choose two.)Correct
Incorrect
-
Question 73 of 212
73. Question
1 pointsA group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?Correct
Incorrect
-
Question 74 of 212
74. Question
1 pointsAn ACL is applied inbound on a router interface. The ACL consists of a single entry:access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .
If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?Correct
Incorrect
-
Question 75 of 212
75. Question
1 pointsRefer to the exhibit. From which location did this router load the IOS?Correct
Incorrect
-
Question 76 of 212
76. Question
1 pointsRefer to the exhibit. Which data format is used to represent the data for network automation applications?Correct
Incorrect
Hint
The common data formats that are used in many applications including network automation and programmability are as follows:- JavaScript Object Notation (JSON) – In JSON, the data known as an object is one or more key/value pairs enclosed in braces { }. Keys must be strings within double quotation marks ” “. Keys and values are separated by a colon.
- eXtensible Markup Language (XML) – In XML, the data is enclosed within a related set of tags <tag>data</tag>.
- YAML Ain’t Markup Language (YAML) – In YAML, the data known as an object is one or more key value pairs. Key value pairs are separated by a colon without the use of quotation marks. YAML uses indentation to define its structure, without the use of brackets or commas.
-
Question 77 of 212
77. Question
1 pointsWhat QoS step must occur before packets can be marked?Correct
Incorrect
-
Question 78 of 212
78. Question
1 pointsWhat is the main function of a hypervisor?Correct
Incorrect
-
Question 79 of 212
79. Question
1 pointsA company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?Correct
Incorrect
-
Question 80 of 212
80. Question
1 pointsRefer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?Correct
Incorrect
Hint
Traffic shaping buffers excess packets in a queue and then forwards the traffic over increments of time, which creates a smoothed packet output rate. Traffic policing drops traffic when the amount of traffic reaches a configured maximum rate, which creates an output rate that appears as a saw-tooth with crests and troughs. -
Question 81 of 212
81. Question
1 pointsAn ACL is applied inbound on a router interface. The ACL consists of a single entry:access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .
If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied?Correct
Incorrect
-
Question 82 of 212
82. Question
1 pointsRefer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?Correct
Incorrect
-
Question 83 of 212
83. Question
1 pointsIf a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?Correct
Incorrect
-
Question 84 of 212
84. Question
1 pointsRefer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below.Router(config)# ip access-list extended 101 Router(config-ext-nacl)# no 20 Router(config-ext-nacl)# 5 permit tcp any any eq 22 Router(config-ext-nacl)# 20 deny udp any any
Which two conclusions can be drawn from this new configuration? (Choose two.)Correct
Incorrect
Hint
After the editing, the final configuration is as follows: Router# show access-lists Extended IP access list 101 5 permit tcp any any eq ssh 10 deny tcp any any 20 deny udp any any 30 permit icmp any any So, only SSH packets and ICMP packets will be permitted. -
Question 85 of 212
85. Question
1 pointsWhich troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?Correct
Incorrect
-
Question 86 of 212
86. Question
1 pointsRefer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 87 of 212
87. Question
1 pointsRefer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?Correct
Incorrect
Hint
The output of debug ip nat shows each packet that is translated by the router. The “s” is the source IP address of the packet and the “d” is the destination. The address after the arrow (“->”) shows the translated address. In this case, the translated address is on the 209.165.201.0 subnet but the ISP facing interface is in the 209.165.200.224/27 subnet. The ISP may drop the incoming packets, or might be unable to route the return packets back to the host because the address is in an unknown subnet. -
Question 88 of 212
88. Question
1 pointsWhy is QoS an important issue in a converged network that combines voice, video, and data communications?Correct
Incorrect
-
Question 89 of 212
89. Question
1 pointsWhich statement describes a VPN?Correct
Incorrect
Hint
A VPN is a private network that is created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices. -
Question 90 of 212
90. Question
1 pointsIn which OSPF state is the DR/BDR election conducted?Correct
Incorrect
-
Question 91 of 212
91. Question
1 pointsTwo corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?Correct
Incorrect
Hint
The site-to-site VPN is an extension of a classic WAN network that provides a static interconnection of entire networks. Frame Relay would be a better choice than leased lines, but would be more expensive than implementing site-to-site VPNs. The other options refer to remote access VPNs which are better suited for connecting users to the corporate network versus interconnecting two or more networks. -
Question 92 of 212
92. Question
1 pointsWhat is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?Correct
Incorrect
-
Question 93 of 212
93. Question
1 pointsRefer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?Correct
Incorrect
Hint
OSPF elections of a DR are based on the following in order of precedence:- highest pritority from 1 -255 (0 = never a DR)
- highest router ID
- highest IP address of a loopback or active interface in the absence of a manually configured router ID. Loopback IP addresses take higher precedence than other interfaces.
-
Question 94 of 212
94. Question
1 pointsWhich type of server would be used to keep a historical record of messages from monitored network devices?Correct
Incorrect
-
Question 95 of 212
95. Question
1 pointsWhen QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)Correct
Incorrect
Hint
Delay is the latency between a sending and receiving device. Jitter is the variation in the delay of the received packets. Both delay and jitter need to be controlled in order to support real-time voice and video traffic. -
Question 96 of 212
96. Question
1 pointsIn which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?Correct
Incorrect
-
Question 97 of 212
97. Question
1 pointsWhat protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?Correct
Incorrect
-
Question 98 of 212
98. Question
1 pointsAn administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?Correct
Incorrect
-
Question 99 of 212
99. Question
1 pointsRefer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5 access-list 100 permit ip any any
Where should the administrator place this ACL for the most efficient use of network resources?
Correct
Incorrect
-
Question 100 of 212
100. Question
1 pointsWhich type of OSPFv2 packet is used to forward OSPF link change information?Correct
Incorrect
-
Question 101 of 212
101. Question
1 pointsWhat protocol synchronizes with a private master clock or with a publicly available server on the internet?Correct
Incorrect
-
Question 102 of 212
102. Question
1 pointsWhich type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?Correct
Incorrect
-
Question 103 of 212
103. Question
1 pointsAn OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16, and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0 network to neighbors?Correct
Incorrect
-
Question 104 of 212
104. Question
1 pointsRefer to the exhibit. Which sequence of commands should be used to configure router A for OSPF?Correct
Incorrect
-
Question 105 of 212
105. Question
1 pointsAn administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?Correct
Incorrect
-
Question 106 of 212
106. Question
1 pointsHow does virtualization help with disaster recovery within a data center?Correct
Incorrect
Hint
Live migration allows moving of one virtual server to another virtual server that could be in a different location that is some distance from the original data center. -
Question 107 of 212
107. Question
1 pointsRefer to the exhibit. If no router ID was manually configured, what would router R1 use as its OSPF router ID?Correct
Incorrect
-
Question 108 of 212
108. Question
1 pointsRefer to the exhibit. Which devices exist in the failure domain when switch S3 loses power?Correct
Incorrect
Hint
A failure domain is the area of a network that is impacted when a critical device such as switch S3 has a failure or experiences problems. -
Question 109 of 212
109. Question
1 pointsWhich set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?Correct
Incorrect
Hint
For an extended ACL to meet these requirements the following need to be included in the access control entries: identification number in the range 100-199 or 2000-2699 permit or deny parameter protocol source address and wildcard destination address and wildcard port number or name -
Question 110 of 212
110. Question
1 pointsRefer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?Correct
Incorrect
-
Question 111 of 212
111. Question
1 pointsWhich step in the link-state routing process is described by a router building a link-state database based on received LSAs?Correct
Incorrect
-
Question 112 of 212
112. Question
1 pointsWhat protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?Correct
Incorrect
-
Question 113 of 212
113. Question
1 pointsAn administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?Correct
Incorrect
-
Question 114 of 212
114. Question
1 pointsWhen will an OSPF-enabled router transition from the Down state to the Init state?Correct
Incorrect
Hint
When OSPFv2 is enabled, the enabled Gigabit Ethernet 0/0 interface transitions from the Down state to the Init state. R1 starts sending Hello packets out all OSPF-enabled interfaces to discover OSPF neighbors to develop adjacencies with. -
Question 115 of 212
115. Question
1 pointsWhat type of traffic is described as having a high volume of data per packet?Correct
Incorrect
-
Question 116 of 212
116. Question
1 pointsWhat protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?Correct
Incorrect
-
Question 117 of 212
117. Question
1 pointsWhich step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?Correct
Incorrect
-
Question 118 of 212
118. Question
1 pointsRefer to the exhibit. Which conclusion can be drawn from this OSPF multiaccess network?Correct
Incorrect
Hint
On OSPF multiaccess networks, a DR is elected to be the collection and distribution point for LSAs sent and received. A BDR is also elected in case the DR fails. All other non-DR or BDR routers become DROTHER. Instead of flooding LSAs to all routers in the network, DROTHERs only send their LSAs to the DR and BDR using the multicast address 224.0.0.6. If there is no DR/BDR election, the number of required adjacencies is n(n-1)/2 = > 4(4-1)/2 = 6. With the election, this number is reduced to 3. -
Question 119 of 212
119. Question
1 pointsRefer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?Correct
Incorrect
Hint
Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible. Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure. -
Question 120 of 212
120. Question
1 pointsWhich type of VPN connects using the Transport Layer Security (TLS) feature?Correct
Incorrect
-
Question 121 of 212
121. Question
1 pointsWhich group of APIs are used by an SDN controller to communicate with various applications?Correct
Incorrect
-
Question 122 of 212
122. Question
1 pointsA company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?Correct
Incorrect
-
Question 123 of 212
123. Question
1 pointsWhat command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated?Correct
Incorrect
-
Question 124 of 212
124. Question
1 pointsAnycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting, what service or technology would support requirement?Correct
Incorrect
-
Question 125 of 212
125. Question
1 pointsRefer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the commandcopy usbflash0:/R1-config running-config
on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem?Correct
Incorrect
-
Question 126 of 212
126. Question
1 pointsWhich three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)Correct
Incorrect
-
Question 127 of 212
127. Question
1 pointsRefer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 128 of 212
128. Question
1 pointsIn an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)Correct
Incorrect
-
Question 129 of 212
129. Question
1 pointsIn an OSPF network which OSPF structure is used to create the neighbor table on a router?Correct
Incorrect
-
Question 130 of 212
130. Question
1 pointsWhat protocol is used in a system that consists ofthree elements--a manager
, agents, and an information database?Correct
Incorrect
-
Question 131 of 212
131. Question
1 pointsWhat type of traffic is described as not resilient to loss?Correct
Incorrect
Hint
Video traffic tends to be unpredictable, inconsistent, and bursty compared to voice traffic. Compared to voice, video is less resilient to loss and has a higher volume of data per packet. -
Question 132 of 212
132. Question
1 pointsRefer to the exhibit. Router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity?Correct
Incorrect
-
Question 133 of 212
133. Question
1 pointsWhich type of API would be used to allow authorized salespeople of an organization access to internal sales data from their mobile devices?Correct
Incorrect
-
Question 134 of 212
134. Question
1 pointsRefer to the exhibit. Which data format is used to represent the data for network automation applications?Correct
Incorrect
-
Question 135 of 212
135. Question
1 pointsAn ACL is applied inbound on a router interface. The ACL consists of a single entry:access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet .
If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170, and a protocol of 23 is received on the interface, is the packet permitted or denied?Correct
Incorrect
-
Question 136 of 212
136. Question
1 pointsHow does virtualization help with disaster recovery within a data center?Correct
Incorrect
Hint
Disaster recovery is how a company goes about accessing applications, data, and the hardware that might be affected during a disaster. Virtualization provides hardware independence which means the disaster recovery site does not have to have the exact equipment as the equipment in production. Server provisioning is relevant when a server is built for the first time. Although data centers do have backup generators, the entire data center is designed for disaster recovery. One particular data center could never guarantee that the data center itself would never be without power. -
Question 137 of 212
137. Question
1 pointsWhat protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?Correct
Incorrect
-
Question 138 of 212
138. Question
1 pointsWhich type of VPN uses a hub-and-spoke configuration to establish a full mesh topology?Correct
Incorrect
-
Question 139 of 212
139. Question
1 pointsWhat is a characteristic of the REST API?Correct
Incorrect