Check answers here:
CCNP ENCOR v8 Certification Practice Exam Answers
Quiz-summary
0 of 97 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
Information
CCNP ENCOR v8 Certification Practice Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 97 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- Answered
- Review
-
Question 1 of 97
1. Question
1 pointsWhich two statements are true about NTP servers in an enterprise network? (Choose two.)Correct
Incorrect
Hint
Network Time Protocol (NTP) is used to synchronize the time across all devices on the network to make sure accurate timestamping on devices for managing, securing and troubleshooting. NTP networks use a hierarchical system of time sources. Each level in this hierarchical system is called a stratum. The stratum 1 devices are directly connected to the authoritative time sources. -
Question 2 of 97
2. Question
1 pointsThe command ntp server 10.1.1.1 is issued on a router. What impact does this command have?Correct
Incorrect
Hint
The ntp server ip-address global configuration command configures the NTP server for IOS devices. -
Question 3 of 97
3. Question
1 pointsA network engineer has to decide between a Layer 2 Access Layer (STP-based) and a Layer 3 Access Layer (Routed access) campus design option. Which statement must be considered for a decision to be made?Correct
Incorrect
Hint
The Routed access design has a number of advantages over the STP-based design: No FHRP required – no need for FHRP protocols such as HSRP and VRRP. No STP required – since there are no L2 links to block, this design removes the need for STP. Easier troubleshooting – It offers common end-to-end troubleshooting tools (such as ping and traceroute). The Routed access is an excellent design for many environments, but it has the same limitation as the STP-based design, in which it does not support spanning VLANs across multiple access switches. Additionally, it might not be the most cost-effective solution because access layer switches with Layer 3 routing capability might cost more than Layer 2 switches do. -
Question 4 of 97
4. Question
1 pointsWhich three functions are performed at the distribution layer of the hierarchical network model? (Choose three.)Correct
Incorrect
Hint
The primary function of the distribution layer is to aggregate access layer switches in a given building or campus. The distribution layer provides a boundary between the Layer 2 domain of the access layer and the Layer 3 domain of the core. On the Layer 2 side, it creates a boundary for Spanning Tree Protocol (STP), limiting propagation of Layer 2 faults. On the Layer 3 side, it provides a logical point to summarize IP routing information when it enters the core Layer. The summarization reduces IP route tables for easier troubleshooting and reduces protocol overhead for faster recovery from failures. -
Question 5 of 97
5. Question
1 pointsWhich SD-Access feature uses telemetry to enable proactive prediction of network-related and security-related risks.Correct
Incorrect
Hint
Through the use of telemetry, the network assurance and analytics feature of SD-Access improves the performance of the network through proactive prediction of network-related and security-related risks. -
Question 6 of 97
6. Question
1 pointsWhich function is provided by the Cisco SD-Access Architecture management layer?Correct
Incorrect
Hint
The management layer of the Cisco SD-Access Architecture abstracts all the complexities and dependencies of the other layers and provides the user with GUI tools and workflows to manage and operate the Cisco DNA network. -
Question 7 of 97
7. Question
1 pointsWhich SD-WAN solution architecture component authenticates the vSmart controllers and SD-WAN routers and facilitates their ability to join the network?Correct
Incorrect
Hint
The Cisco SD-WAN solution has four main components: The vManage Network Management System (NMS) is the single pane of glass for managing the SD-WAN solution. The vSmart controller acts as the brains of the solution. The SD-WAN routers serve vEdge and cEdge routers. The vBond orchestrator authenticates and orchestrates connectivity between SD-WAN routers and vSmart controllers. -
Question 8 of 97
8. Question
1 pointsWhat two factors are used to achieve end-to-end QoS in the DiffServ model? (Choose two.)Correct
Incorrect
Hint
In order to deliver end-to-end QoS, DiffServ architecture has two major components, packet marking using the IPv4 ToS byte and PHBs. The Differentiated Services (DS) field uses 6 bits to classify packets. DSCP uses the leftmost six bits from the ToS byte in the IPv4 header to specify class of service for each IP packet to form the DiffServ (DS) field. With 6 bits, DSCP has up to 64 DSCP values (0 to 63) that are assigned to various classes of traffic. These selective values are called per-hop behaviors (PHB) and determine how packets are treated at each hop along the path from the source to the destination. -
Question 9 of 97
9. Question
1 pointsWhat QoS category level is recommended as the best to be configured on a Cisco WLC for VoIP traffic?Correct
Incorrect
Hint
VoIP traffic is extremely sensitive to delay, and the QoS category to be set for this type of traffic on a Cisco WLC is platinum. -
Question 10 of 97
10. Question
1 pointsWhat are the two main components of Cisco Express Forwarding (CEF)? (Choose two.)Correct
Incorrect
Hint
The forwarding information base (FIB) and adjacency tables are the main components of CEF. The FIB is similar to a routing table, but neither the routing table, nor the ARP table, nor the MAC-address table is part of CEF. -
Question 11 of 97
11. Question
1 pointsWhat is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?Correct
Incorrect
Hint
CEF uses the FIB and adjacency table to make fast forwarding decisions without control plane processing. The adjacency table is pre-populated by the ARP table and the FIB is pre-populated by the routing table. -
Question 12 of 97
12. Question
1 pointsWhich technology is part of the Cisco ENFV and provides centralized and consistent network policies across enterprise branch offices?Correct
Incorrect
Hint
Cisco DNA Center is a main component of the Cisco NFV solution that provides centralized consistent policies across enterprise branch offices. -
Question 13 of 97
13. Question
1 pointsWhat is an I/O technology that allows multiple VNFs to share the same pNIC?Correct
Incorrect
Hint
SR-IOV is an enhancement to PCI passthrough that allows multiple VNFs to share the same pNIC. -
Question 14 of 97
14. Question
1 pointsWhich two are functions of LISP? (Choose two.)Correct
Incorrect
Hint
Locator/Identifier Separation Protocol (LISP) is used by Internet providers, data centers, branch networks, and campus networks to address routing scalability problems and provide an overlay tunneling technology. LIST separates IP addresses into endpoint identifiers (EID) and routing locators (RLOCs) so endpoints can roam from site to site with only the RLOC changing. An egress tunnel router (ETR), ingress tunnel router (ITR), proxy ETR, proxy ITR, or xTR, a device that is both an ETR and an ITR, are used to connect LISP and non-LISP sites in a variety of ways. -
Question 15 of 97
15. Question
1 pointsMatch the VNF role with its description. (Not all options are used.)Correct
Incorrect
Hint
- Virtual Network Function (VNF) is a software version of a network function that runs on the hypervisor as a VM.
- Virtualized Infrastructure Manager (VIM) is responsible for controlling NFVI hardware resources and virtualized resources.
- Element Managers (EMs) are responsible for the functional management of the VMs.
- NFV orchestrator is responsible for creating, maintaining and tearing down VNF services.
- Business Support System (BSS) works in tandem with OSS (platform typically operated by service providers) to improve overall customer experience.
-
Question 16 of 97
16. Question
1 pointsWhich vitualization component allows communication between VMs within a virtual server?Correct
Incorrect
Hint
In a virtualized server the vSwitch is connected to external networks through physical NICs (pNICs) and to VMs through virtual NICs (vNICs). -
Question 17 of 97
17. Question
1 pointsA teacher is explaining the concept of virtual switch (vSwitch) to students in a classroom. What explanation accurately describe a vSwitch?Correct
Incorrect
Hint
A virtual switch (vSwitch) is a software-based Layer 2 switch that operates like a physical Ethernet switch. A vSwitch enables VMs to communicate with each other within a virtualized server and with external physical networks through the physical network interface cards (pNICs.) Multiple vSwitches can be created under a virtualized server, but network traffic cannot flow directly from one vSwitch to another vSwitch within the same host, and the vSwitches cannot share the same pNIC. -
Question 18 of 97
18. Question
1 pointsWhat are two characteristics of virtual routing that are different from traditional routing? (Choose two.)Correct
Incorrect
Hint
Virtual routing and forwarding (VRF) is a Layer 3 technology used to create separate virtual routers on a physical router. Each VRF instance has associated router interface(s) or subinterface(s), routing table, and forwarding table. Overlapping and even duplicate IP addresses can be used when using VRF because VRF creates segmentation between the interfaces, IP addresses, and routing tables. -
Question 19 of 97
19. Question
1 pointsWhat is a key difference between a virtual machine and a virtualized container?Correct
Incorrect
Hint
A virtual machine (VM) is a software emulation of a physical server with an operating system. A container is an isolated environment where containerized applications run. Containers all share the same OS while remaining isolated from each other. They all use virtualized memory managed by the hypervisor. Because a container does not have a guest OS, it relies on the host operating system to provide underlying services. It typically takes a few seconds to start. -
Question 20 of 97
20. Question
1 pointsA network engineer wants to increase the overall efficiency and cost-effectiveness of a server by maximizing the use of available resources through virtualization. The engineer is considering VMs or containers. What is the difference between these two types of virtualization?Correct
Incorrect
Hint
Each VM on a server has an dedicated OS and all containers on a server share the host OS while remaining isolated from each other. A VM contains a guest OS. Containers do not contain one, so they are lightweight (small in size). When a VM starts, the guest OS needs to load first, and once it is operational, the application in the VM can then start and run. This whole process may take minutes. When a container starts, it leverages the kernel of the host OS, which is already running, and it typically takes a few seconds to start. -
Question 21 of 97
21. Question
1 pointsRefer to the exhibit. A network administrator is verifying the bridge ID and the status of this switch in the STP election. Which statement is correct based on the command output?Correct
Incorrect
Hint
The priority value 24576 is a predefined value that is implemented by the command spanning-tree vlan 10 root primary . This command configures Switch_2 to become the root switch. A root switch will have all forwarding interfaces and no root ports. -
Question 22 of 97
22. Question
1 pointsWhich three describe characteristics of a virtual machine? (Choose three.)Correct
Incorrect
Hint
A virtual machine is a software emulation of a physical server including a CPU, memory, network interface, and operating system. The hypervisor is virtualization software that performs hardware abstraction. It allows multiple VMs to run concurrently in the virtual environment. -
Question 23 of 97
23. Question
1 pointsWhat is a characteristic of the PortFast feature?Correct
Incorrect
Hint
One of the major benefits of the STP PortFast feature is that the access ports bypass the earlier 802.1D STP states (learning and listening) and forward traffic immediately. PortFast can be enabled on trunk links, but only with ports that are connecting to a single host, such as a server with only one NIC that is running a hypervisor with VMs on different VLANs. -
Question 24 of 97
24. Question
1 pointsWhich three spanning tree protocols are industry standards? (Choose three.)Correct
Incorrect
Hint
STP is the 802.1D standard. RSTP is the 802.1W standard. MSTP is the 802.1S standard. MST, PVST+, and Rapid PVST+ are Cisco proprietary. -
Question 25 of 97
25. Question
1 pointsRefer to the exhibit. A network administrator issues the show spanning-tree mst configuration command to verify the MST configuration. How many VLANs are assigned to IST?Correct
Incorrect
Hint
By default, all VLANs are assigned to IST before VLANs are assigned to other instances. In the configuration shown, IST contains all VLANs except for the 32 VLANs assigned to instances 1 and 2, which is 4062 VLANs. -
Question 26 of 97
26. Question
1 pointsRefer to the exhibit. A network administrator is verifying the MST configuration on the switch SW2 with the command:SW2# show spanning-tree mst interface gigabitEthernet 1/0/1
Which three conclusions can be drawn based on the output? (Choose three.)Correct
Incorrect
Hint
Based on the output, three conclusions can be drawn: The interface gigbitEthernet 1/0/1 port is not an Edge port. It is inside the region. The cost value on the interface gigbitEthernet 1/0/1 port is adjusted to 20 from 20000 for instance 0. The priority value on the interface gigbitEthernet 1/0/1 port is adjusted to 64 from 128 for instance 2. -
Question 27 of 97
27. Question
1 pointsWhat are two drawbacks to turning spanning tree off and having multiple paths through the Layer 2 switch network? (Choose two.)Correct
Incorrect
Hint
Spanning tree should never be disabled. Without it, the MAC address table becomes unstable, broadcast storms can render network clients and the switches unusable, and multiple copies of unicast frames can be delivered to the end devices. -
Question 28 of 97
28. Question
1 pointsNetwork users complain that the network is running very slowly. Upon investigation, a network technician discovers 100% link utilization on all the network devices. Also, numerous syslog messages are being generated that note continuous MAC address relearning. What is the most likely cause of the problem?Correct
Incorrect
Hint
High CPU consumption and low free memory space are common symptoms of a Layer 2 forwarding loop. In Layer 2 forwarding loops, besides constantly consuming switch bandwidth, the CPU spikes as well. As the packet is received on a different interface, the switch must move the MAC address from one interface to the next. The network throughput is impacted drastically, users will probably notice a slow-down on their network applications, and the switches might crash because of an exhausted CPU and low memory resources. -
Question 29 of 97
29. Question
1 pointsRefer to the exhibit. SW1 is the root bridge and SW2 is the backup root bridge. An administrator wants to prevent SW4 and SW5 from ever becoming root bridges, but still allow SW2 to maintain connectivity to SW1 via SW3 if the link connecting SW1 to SW2 fails. On which two ports in this topology should the administrator configure root guard to accomplish this? (Choose two.)Correct
Incorrect
Hint
Root guard is an STP feature that is enabled on a port-by-port basis. It prevents a configured port from becoming a root port. Root guard prevents a downstream switch from becoming a root bridge in a topology. Root guard is placed on designated ports toward other switches that should never become root bridges. In order to prevent SW4 and SW5 from becoming root bridges, root guard has to be placed on SW2 Gi0/4 port toward SW4 and on SW3 Gi0/5 port toward SW5. -
Question 30 of 97
30. Question
1 pointsRefer to the exhibit. A network administrator has connected two switches together using EtherChannel technology. If STP is running, what will be the end result?Correct
Incorrect
Hint
Cisco switches support two protocols for negotiating a channel between two switches: LACP and PAgP. PAgP is Cisco-proprietary. In the topology shown, the switches are connected to each other using redundant links. By default, STP is enabled on switch devices. STP will block redundant links to prevent loops. -
Question 31 of 97
31. Question
1 pointsA new switch is to be added to an existing network in a remote office. The network administrator does not want the technicians in the remote office to be able to add new VLANs to the switch, but the switch should receive VLAN updates from the VTP domain. Which two steps must be performed to configure VTP on the new switch to meet these conditions? (Choose two.)Correct
Incorrect
Hint
Before the switch is put in the correct VTP domain and in client mode, the switch must be connected to any other switch in the VTP domain through a trunk in order to receive/transmit VTP information. -
Question 32 of 97
32. Question
1 pointsAn OSPF router is forming an adjacency with a neighbor and sends the neighbor an OSPF DBD packet describing the contents of its link-state database. During which OSPF neighbor state does the router send the packet?Correct
Incorrect
Hint
In the exchange OSPF neighbor state, two routers exchange link states using DBD packets that summarize their link-state databases. -
Question 33 of 97
33. Question
1 pointsWhich IPv6 address is used by OSPFv3 DR and BDR routers for sending link-state updates?Correct
Incorrect
Hint
OSPFv3 DR/BDR routers send link-state updates and link acknowledgments to the AllSPFRouter IPv6 multicast address of FF02::5. -
Question 34 of 97
34. Question
1 pointsA network administrator is configuring the MST instance priority with the command spanning-tree mst 0 prioritypriority. Which two numbers can be used for the priority argument? (Choose two.)Correct
Incorrect
Hint
In MST operation, the instance priority is a value between 0 and 61,440, in increments of 4096. -
Question 35 of 97
35. Question
1 pointsA network administrator is configuring MST on switch SW1 with the commands:SW1(config)# spanning-tree mode mst SW1(config)# spanning-tree mst 12 root primary
What is the effect after the command is entered?Correct
Incorrect
Hint
In MST configuration, an MST instance priority can be defined in one of two methods: spanning-tree mst instance-number priority priority , where the priority is a value between 0 and 61,440, in increments of 4096 spanning-tree mst instance-number root { primary | secondary }[ diameter diameter ], where the primary keyword sets the priority to 24,576, and the secondary keyword sets the priority to 28,672 -
Question 36 of 97
36. Question
1 pointsRefer to the exhibit. A network administrator in autonomous system 65100 has set up a dual-homed BGP connection with an ISP. The administrator would like to ensure that all traffic from the ISP enters the autonomous system through the router R1. Which BGP attribute can the administrator configure on routers R1 and R2 to accomplish this?Correct
Incorrect
Hint
The multiple-exit discriminator (MED) is a nontransitive BGP attribute for best-path determination. MED uses a 32-bit value (0 to 4,294,967,295) called a metric. The purpose of MED is to influence traffic flows inbound from a different AS. A lower MED is preferred over a higher MED. -
Question 37 of 97
37. Question
1 pointsA technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel?Correct
Incorrect
Hint
Channels 1, 6, and 11 are selected because they are 5 channels apart. thus minimizing the interference with adjacent channels. A channel frequency can interfere with channels on either side of the main frequency. All wireless devices need to be used on nonadjacent channels. -
Question 38 of 97
38. Question
1 pointsRefer to the exhibit. The network administrator configures both switches as displayed. However, host C is unable to ping host D and host E is unable to ping host F. What action should the administrator take to enable this communication?Correct
Incorrect
Hint
If one trunk port is in auto DTP negotiation mode, a trunk will be formed if the adjacent switch port is placed in trunk or dynamic desirable mode. -
Question 39 of 97
39. Question
1 pointsWhat is a function of IGMP snooping?Correct
Incorrect
Hint
IGMP snooping reduces multicast flooding on a LAN segment by learning and maintaining multicast group memberships at the Layer 2 level. -
Question 40 of 97
40. Question
1 pointsWhich OSPF packet type contains a summary of the link state database and is sent by an OSPF router as it forms an adjacency with a neighboring OSPF router?Correct
Incorrect
Hint
After hello packets are exchanged, an OSPF router sends a database description packet summarizing its link-state database to its neighbors. -
Question 41 of 97
41. Question
1 pointsAn administrator is configuring a pre-shared key for a WLAN environment. The administrator wants to protect the WLAN against any man-in-the-middle attacks occurring during the four-way handshake between the client and the AP. Which WPA3-Personal method will provide the best security?Correct
Incorrect
Hint
WPA3-Personal uses the Simultaneous Authentication of Equals (SAE) method to strengthen the key exchange between the clients and AP. -
Question 42 of 97
42. Question
1 pointsWhich OSPF network type includes the DR/BDR field in OSPF Hello packets and uses a 10 seconds hello and 40 seconds dead interval timer?Correct
Incorrect
Hint
The broadcast network type is the default for OSPF Ethernet links and includes the DR/BDR field in hellp packets and uses a 10 seconds hello and 40 seconds dead interval. -
Question 43 of 97
43. Question
1 pointsWhat are two advantages of using multiple OSPF areas? (Choose two.)Correct
Incorrect
Hint
There are several key advantages to using multiarea vs single area OSPF:- Shortest path first (SPF) tree calculations are contained within an area when a link flaps.
- The LSDB is more manageable.
- Summarization of route information can occur.
-
Question 44 of 97
44. Question
1 pointsWhich LSA type is sent by an OSPF DR to advertise attached multiaccess network segments?Correct
Incorrect
Hint
An OSPF DR advertises attached multiaccess network segments with the type 2 network LSA. -
Question 45 of 97
45. Question
1 pointsWhat are two characteristics of OSPF type 3 LSAs? (Choose two.)Correct
Incorrect
Hint
Type 3 LSAs are originated by ABRs to advertise networks learned from other areas. -
Question 46 of 97
46. Question
1 pointsA company is deploying a wireless network using lightweight APs. What is an advantage of Layer 2 roaming compared with Layer 3 roaming when wireless clients roam around the campus?Correct
Incorrect
Hint
Both Layer 2 and Layer 3 roams are intercontroller roaming. In intercontroller roaming, a client roams from one AP to another AP that is bound to a different WLC. If both APs are configured with the same VLAN and IP address subnet, the client has made a Layer 2 intercontroller roam and it stays on the same VLAN and subnet. The process of Layer 2 roaming is faster than Layer 3 roaming (usually less than 20 ms). Both Layer 2 roaming and Layer 3 roaming allow the client to keep the same IP address. -
Question 47 of 97
47. Question
1 pointsHow is ERSPAN used for troubleshooting?Correct
Incorrect
Hint
Catalyst switches provide the Switched Port Analyzer (SPAN), which makes it possible to capture packets by using the following techniques:- Local Switched Port Analyzer. Local network traffic is captured on a switch and a copy of it is sent to a local port attached to a traffic analyzer.
- Remote Switched Port Analyzer (RSPAN). Network traffic is captured on a remote switch and a copy of it is sent to the local switch through Layer 2 (switching) toward a local port attached to a traffic analyzer.
- Encapsulated Remote Switched Port Analyzer (ERSPAN). Network traffic is captured on a remote device and it is sent to the local system through Layer 3 (routing) toward a local port attached to a traffic analyzer.
-
Question 48 of 97
48. Question
1 pointsRefer to the exhibit. Which zone-member security command keyword will complete the ZBFW configuration when applied to the GigabitEthernet 0/2 interface?Correct
Incorrect
Hint
To complete the ZBFW configuration the zone-member security OUTSIDE command must be issued to GigabitEthernet 0/2. -
Question 49 of 97
49. Question
1 pointsWhat is a limitation of PACLs?Correct
Incorrect
Hint
PACLs have some limitations and restrictions. PACLs do not support filtering of outbound traffic on an interface, and they do not support ACLs to filter IPv6 traffic. -
Question 50 of 97
50. Question
1 pointsMatch the Cisco SAFE security concepts with the description. (Not all options are used.)Correct
Incorrect
-
Question 51 of 97
51. Question
1 pointsAn organization is deploying a network access security policy for end point devices to access the campus network. The IT department has configured multiple network access control mechanisms, such as 802.1x, WebAuth, and MAB. WebAuth and MAB are configured as fallbacks to 802.1x. What is the authentication process when an employee brings a laptop and connects to a switch on the network?Correct
Incorrect
Hint
When an organization deploys network access control, MAB and WebAuth can be used as a fallback authentication mechanism for 802.1x. If both MAB and WebAuth are configured as fallbacks for 802.1x, when 802.1x times out, a switch first attempts to authenticate through MAB, and if it fails, the switch attempts to authenticate with WebAuth. -
Question 52 of 97
52. Question
1 pointsRefer to the exhibit. BGP sessions are established between all routers. RTC receives route updates for network 209.165.200.224/27 from autonomous system 300 with the weight attribute set to 3000. RTB also learns about network 209.165.200.224/27 from autonomous system 200 with a weight of 2000. Which router will be used by RTA as a next hop to reach this network?Correct
Incorrect
Hint
The BGP best-path algorithm uses attributes for the best-path selection. The top 5 attributes, ranked in order of consideration, are the following:- 1. Weight.
- 2. Local preference.
- 3. Local originated (network statement, redistribution, or aggregation).
- 4. AIGP.
- 5. Shortest AS_Path.
-
Question 53 of 97
53. Question
1 pointsA company plans to deploy the Postman application as a tool to manage network devices. Which two security related best practices should be considered? (Choose two.)Correct
Incorrect
Hint
RESTful APIs are software interfaces into an application or a controller. For security considerations, access to APIs should require authentication such that an API is considered just like any other device to which a user needs to authenticate to gain access to utilize the APIs. A developer who is authenticated has access to making changes using the API, changes that can affect that application. It is best practice to use a dedicated development instance of the application to test change codes to avoid accidental impact to a production environment. -
Question 54 of 97
54. Question
1 pointsWhich tool can be used to identify wireless RF signal strength and interference?Correct
Incorrect
Hint
Spectrum analyzers are designed to detect and measure RF energy that is present in those frequency ranges at 2.4 GHz and 5 GHz. A spectrum analyzer takes RF radio information, whether it is from wireless access points or other equipment using the free ISM band, and puts it into a visible display format. -
Question 55 of 97
55. Question
1 pointsWhen JSON data format is being used, what characters are used to hold objects?Correct
Incorrect
Hint
A JavaScript Object Notation (JSON) object is a key-value data format that is typically rendered in curly braces { }. -
Question 56 of 97
56. Question
1 pointsWhat is a characteristic of PIM dense mode?Correct
Incorrect
Hint
Because Pim dense mode uses more bandwidth during its periodic flood and prune behavior, it is not recommended for production environments. -
Question 57 of 97
57. Question
1 pointsWhich automation tool is agentless and uses playbooks to deploy configuration changes or retrieve information from hosts within a network?Correct
Incorrect
Hint
Ansible is an agentless automation tool that uses playbooks to deploy configuration changes or retrieve information from hosts. The Ansible playbook is a structured set of instructions used to enforce configuration and deployment steps or to retrieve information from hosts. -
Question 58 of 97
58. Question
1 pointsA network administrator is configuring the MST instance priority with the command spanning-tree mst 0 priority priority . Which two numbers can be used for the priority argument? (Choose two.)Correct
Incorrect
Hint
In MST operation, the instance priority is a value between 0 and 61,440, in increments of 4096. -
Question 59 of 97
59. Question
1 pointsWhat is a requirement to configure a trunking EtherChannel between two switches?Correct
Incorrect
Hint
To enable a trunking EtherChannel successfully, the range of VLANs allowed on all the interfaces must match; otherwise, the EtherChannel cannot be formed. The interfaces involved in an EtherChannel do not have to be physically contiguous, or on the same module. Because the EtherChannel is a trunking one, participating interfaces are configured as trunk mode, not access mode. -
Question 60 of 97
60. Question
1 pointsWhich three packet types are exchanged between EIGRP neighbors? (Choose three.)Correct
Incorrect
Hint
There are five EIGRP packet types exchanged between EIGRP routers:- Hello
- Request
- Update
- Query
- Reply
-
Question 61 of 97
61. Question
1 pointsRefer to the exhibit. Which two statements describe the results of entering these commands? (Choose two.)Correct
Incorrect
Hint
System messages of levels 0 (emergencies) through 4 (warnings) are sent to the syslog server at 192.168.10.10. -
Question 62 of 97
62. Question
1 pointsRefer to the exhibit. The total number of packet flows is not consistent with what is expected by the network administrator. The results show only half of the flows that are typically captured for the interface. Pings between the router and the collector are successful. What is the reason for the unexpected results?Correct
Incorrect
Hint
NetFlow flows are unidirectional. One user connection exists as two flows. The flow in each direction must be captured. This is done by using both the ip flow ingress and ip flow egress command on the interface. -
Question 63 of 97
63. Question
1 pointsRefer to the exhibit. Based on the output generated by the show monitor session 1 command, how will SPAN operate on the switch?Correct
Incorrect
Hint
The show monitor session command is used to verify how SPAN is configured (what ports are involved in the traffic mirroring). -
Question 64 of 97
64. Question
1 pointsWhich two statements describe items to be considered in configuring NetFlow? (Choose two.)Correct
Incorrect
Hint
NetFlow consumes additional memory to accommodate the data stored in cache. The collector must have adequate RAM and hard disk space to support NetFlow. Two individual flows exist for each user connection. All devices are not required to support NetFlow. Data can be collected from devices that do support it. -
Question 65 of 97
65. Question
1 pointsWhich three statements describe SPAN and RSPAN? (Choose three.)Correct
Incorrect
Hint
The Switched Port Analyzer (SPAN) feature on Cisco switches is a type of port mirroring that sends copies of the frame entering a source port (or VLAN), out another port on the same switch. Typically the destination port is attached with a packet sniffer or IPS device. Remote SPAN (RSPAN) allows source and destination ports to be in different switches. -
Question 66 of 97
66. Question
1 pointsRefer to the exhibit. A network administrator is configuring BGP on the router RT1. Which command set will allow RT1 to establish a neighbor relationship with RT2?Correct
Incorrect
Hint
The basic BGP configuration steps include the following: Initialize the BGP routing process with the global command router bgp as-number . Identify the IP address and autonomous system number associated with a BGP neighbor by the BGP router configuration command neighbor ip-address remote-as as-number . Identify the specific network prefixes to be installed into the BGP table with the network statements. -
Question 67 of 97
67. Question
1 pointsA large shopping mall is planning to deploy a wireless network for customers. The network will use a lightweight AP topology. The network designers are considering the roaming by wireless clients. Which statement describes a difference between Layer 2 roaming and Layer 3 roaming?Correct
Incorrect
Hint
Both Layer 2 and Layer 3 roams are intercontroller roaming. In intercontroller roaming, a client roams from one AP to another AP that is bound to a different WLC. An AP communicates to the bounding WLC through a CAPWAP tunnel. If the two APs involved in an intercontroller roaming are configured with the same VLAN and IP subnet, Layer 2 roaming occurs. If they are configured with different VLANs and IP subnets, a Layer 3 roaming occurs. -
Question 68 of 97
68. Question
1 pointsWhich two types of probes can be configured to monitor traffic by IP SLA within a network environment? (Choose two.)Correct
Incorrect
Hint
IP SLA is a tool that allows for the continuous monitoring of various aspects of the network. Different types of probes can be configured to monitor traffic within a network environment:- Delay
- Jitter (directional)
- Packet loss (directional)
- Packet sequencing (packet ordering)
- Path (per hop)
- Connectivity (directional)
- Server or website download time
- Voice quality scores
-
Question 69 of 97
69. Question
1 pointsWhat is the function of the Diffie-Hellman algorithm within the IPsec framework?Correct
Incorrect
Hint
The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel. -
Question 70 of 97
70. Question
1 pointsRefer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?Correct
Incorrect
Hint
The IP address that is assigned to the tunnel interface on the local router is 172.16.1.1 with a prefix mask of /30. The only other address, 172.16.1.2, would be the destination tunnel interface IP address. Although 209.165.200.226 is listed as a destination address in the output, this is the address of the physical interface at the destination, not the tunnel interface. -
Question 71 of 97
71. Question
1 pointsWhat is the purpose of the generic routing encapsulation tunneling protocol?Correct
Incorrect
Hint
The GRE tunneling protocol is Cisco proprietary and does not include any flow-control mechanisms by default. GRE does not support encryption and is used to manage the transportation of IP multicast and multiprotocol traffic. -
Question 72 of 97
72. Question
1 pointsWhich three services are critical functions of the IPsec service? (Choose three.)Correct
Incorrect
Hint
The acronym CIA provides three critical functions of the IPsec service: confidentiality, integrity, and authentication. Speed, accounting, and authorization are possible factors within the IPsec service but are not critical. -
Question 73 of 97
73. Question
1 pointsWhich three functions are provided by the syslog logging service? (Choose three.)Correct
Incorrect
Hint
Syslog operations include gathering information, selecting which type of information to capture, and directing the captured information to a storage location. The logging service stores messages in a logging buffer that is time-limited, and cannot retain the information when a router is rebooted. Syslog does not authenticate or encrypt messages. -
Question 74 of 97
74. Question
1 pointsWhat are two operational characteristics of the ZBFW default zone? (Choose two.)Correct
Incorrect
Hint
The default zone is a system-level zone. If an interface is not configured as part of another security zone, it is placed in the default zone automatically. -
Question 75 of 97
75. Question
1 pointsWhich password type uses a Cisco proprietary Vigenere cypher encryption algorithm and is considered easy to crack?Correct
Incorrect
Hint
Type 7 passwords are considered insecure. They are encrypted with a weak Vigenere cypher that is easily deciphered in seconds. -
Question 76 of 97
76. Question
1 pointsWhich threat protection capability is provided by Cisco ESA?Correct
Incorrect
Hint
Email is a top attack vector for security breaches. Cisco ESA includes many threat protection capabilities for email such as spam protection, forged email detection, and Cisco advanced phishing protection. -
Question 77 of 97
77. Question
1 pointsWhich industry standard provides for port-based network access control?Correct
Incorrect
Hint
802.1x is an industry standard for providing port-based network access control. It provides a mechanism to authenticate devices onto local-area networks and WLANs. -
Question 78 of 97
78. Question
1 pointsRefer to the exhibit. A network administrator configures AAA authentication on R1. When the administrator tests the configuration by telneting to R1 and no ACS servers can be contacted, which password should the administrator use in order to login successfully?Correct
Incorrect
Hint
The authentication for Telnet connections is defined by AAA method list AUTHEN. The AUTHEN list defines that the first authentication method is through an ACS server using the RADIUS protocol (or RADIUS server). If the RADIUS server cannot be contacted, the second authentication method is to use the local user database. In this scenario, the local user database is used with a username of ADMIN and a password of Pa$$w0rD. -
Question 79 of 97
79. Question
1 pointsWhat is the one major difference between local AAA authentication and using the login local command when configuring device access authentication?Correct
Incorrect
Hint
Local AAA authentication works very similar to the login local command, except that it allows you to specify backup authentication methods as well. Both methods require that local usernames and passwords be manually configured on the router. -
Question 80 of 97
80. Question
1 pointsRefer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.)Correct
Incorrect
Hint
The extended access list in the exhibit is permitting SSH (TCP port 22) traffic that is sourced from the 192.168.1.0/24 network and traveling to the 192.168.2.0/24 network. The packets meeting this criteria are logged to the local logging buffer (the default), a syslog server, or both depending on how the router is configured for syslog settings. All other traffic is denied because of the implicit deny at the end of every ACL. -
Question 81 of 97
81. Question
1 pointsConsider the configured access list.R1# show access-lists extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (15 matches)
What are two characteristics of this access list? (Choose two.)Correct
Incorrect
Hint
The access list stops Telnet traffic from the 10.1.1.2 device to the 10.1.1.1 device. It also stops Telnet traffic from 10.1.2.2 device to 10.1.2.1. All other TCP/IP-based transmissions are allowed. The access list is working because there have been 15 matches on the last ACE. -
Question 82 of 97
82. Question
1 pointsRefer to the exhibit. An extended access list has been created to prevent human resource users from gaining access to the accounting server. All other network traffic is to be permitted. When following the ACL configuration guidelines, on which router, interface, and direction should the access list be applied?Correct
Incorrect
Hint
The ACL configuration guidelines recommend placing extended access control lists as close to the source of network traffic as possible and placing standard access control lists as close to the destination of network traffic as possible. -
Question 83 of 97
83. Question
1 pointsRefer to the exhibit. Which data format is used to represent the data for network automation applications?Correct
Incorrect
Hint
The common data formats that are used in many applications including network automation and programmability are as follows: JavaScript Object Notation (JSON) – In JSON, the data known as an object is one or more key/value pairs enclosed in braces { }. Keys must be strings within double quotation marks ” “. Keys and values are separated by a colon. eXtensible Markup Language (XML) – In XML, the data is enclosed within a related set of tags data. YAML Ain’t Markup Language (YAML) – In YAML, the data known as an object is one or more key value pairs. Key value pairs are separated by a colon without the use of quotation marks. YAML uses indentation to define its structure, without the use of brackets or commas. -
Question 84 of 97
84. Question
1 pointsWhich Python function is used for console output?Correct
Incorrect
Hint
The print command is used for console output. The command for is used for repetition logic , from is used for module importing, and return is a function definition. -
Question 85 of 97
85. Question
1 pointsWhat are two characteristics of the Python programming language? (Choose two.)Correct
Incorrect
Hint
A compiled computer language is a computer language that compiles its programs into a set of machine-language instructions, whereas an interpreted programming language allows for an interpretation of the instructions directly without first compiling them into machine language. -
Question 86 of 97
86. Question
1 pointsWhat term is used to describe the files that contain Python definitions and statements?Correct
Incorrect
Hint
A module is a file containing Python definitions and statements. -
Question 87 of 97
87. Question
1 pointsWhich characteristic is common to both Chef and Puppet?Correct
Incorrect
Hint
Chef and Puppet have several similarities, to include:- Both have free open source versions available.
- Both have paid enterprise versions available.
- Both manage code that needs to be updated and stored.
- Both manage devices or nodes to be configured.
- Both leverage a pull model.
- Both function as a client/server model.
-
Question 88 of 97
88. Question
1 pointsQuestion as presented: Match the automation tool to the architecture components.Correct
Incorrect
-
Question 89 of 97
89. Question
1 pointsWhich data format is expected by Cisco DNA Center for all incoming data from the REST API?Correct
Incorrect
Hint
The Cisco DNA Center controller expects all incoming data from the REST API to be in JSON format. -
Question 90 of 97
90. Question
1 pointsWhich three orchestration tools require agent software on client machines to be managed? (Choose three.)Correct
Incorrect
Hint
There are several available agent based configuration and automation tools, including Puppet, Chef, and SaltStack. Ansible, Puppet Bolt, and EEM are agentless tools. -
Question 91 of 97
91. Question
1 pointsWhich three are components of puppet modules? (Choose three.)Correct
Incorrect
Hint
Puppet is a configuration management and automation tool that uses modules to support the configuration of most devices that can be configured manually. Puppet modules contain three components: Manifests, templates, and files. -
Question 92 of 97
92. Question
1 pointsWhat are the key difference between a type 1 hypervisor and a type 2 hypervisor?Correct
Incorrect
-
Question 93 of 97
93. Question
1 pointsA network administrator issues the show bgp ipv4 unicast summary command to verify BGP session after basic BGP configuration is completed. Which three pieces of information are found in the BGP session summary? (Chose three.)Correct
Incorrect
-
Question 94 of 97
94. Question
1 pointsA network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on switch. However, BPDU guard is not activated on all access ports. What is the couse of the issue?Correct
Incorrect
Hint
BPDU guard can be enabled globally on all PortFast-enabled ports by using the spanning-tree portfast bpduguard default global configuration command. If PortFast is not configured, then BPDU guard is not activated. -
Question 95 of 97
95. Question
1 pointsWhat is the key difference between a type 1 hypervisor and a type 2 hypervisor?Correct
Incorrect
Hint
There are two types of hypervisors:- Type 1 – This type of hypervisor runs directly on the system hardware.
- Type 2 – This type of hypervisor requires a host OS to run.
-
Question 96 of 97
96. Question
1 pointsA network administrator issues the show bgp ipv4 unicast summary command to verify the BGP session after basic BGP configuration is completed. Which three pieces of information are found in the BGP session summary? (Choose three.)Correct
Incorrect
Hint
The BGP session summary report includes information as follows:- Neighbor – the IP address of the BGP peer
- V – the BGP version spoken by the BGP peer
- AS – the autonomous system number of the BGP peer
- MsgRcvd – the count of messages received from the BGP peer
- MsgSent – the count of messages sent to the BGP peer
- TblVer – the last version of the BGP database sent to the peer
- InQ – the number of messages queued to be processed by the peer
- OutQ – the number of messages queued to be sent to the peer
- Up/Down – the length of time the BGP session is established or the current status if the session is not in an established state
- State/PfxRcd – the current state of the BGP peer or the number of prefixes received from the peer
-
Question 97 of 97
97. Question
1 pointsRefer to the exhibit. A network administrator issues the show bgp ipv4 unicast | begin Network command to check the routes in the BGP table. What does the symbol ? at the end of a route indicate?Correct
Incorrect
Hint
The origin is a well-known mandatory BGP path attribute used in the BGP best-path algorithm. A value of i represents an IGP, e indicates EGP, and ? indicates a route that was redistributed into BGP.