Enterprise Networking, Security, and Automation v7.0 – ENSAv7 Practice Final Exam Answers

1. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?

  • FIFO
  • FCFS
  • LLQ
  • CBWFQ

2. Which QoS technique retains excess packets in a separate queue for later transmission?

  • marking
  • classifying
  • shaping
  • queuing

3. What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy?

  • policing
  • traffic marking
  • weighted random early detection (WRED)
  • tail drop
  • traffic shaping

4. What is a characteristic of the distribution layer in the three layer hierarchical model?

  • provides access to the rest of the network through switching, routing, and network access policies
  • distributes access to end users
  • represents the network edge
  • acts as the backbone for the network, aggregating and distributing network traffic throughout the campus

Explanation: One of the functions of the distribution layer is aggregating large-scale wiring closet networks. Providing access to end users is a function of the access layer, which is the network edge. Acting as a backbone is a function of the core layer.

5. Which two methods help to prevent the disruption of network services? (Choose two.)

  • using VLANs to segment network traffic
  • changing the routing protocols at regular intervals
  • installing duplicate equipment to provide failover services
  • using redundant connections to provide alternate physical paths
  • removing switches which cause loops

Explanation: Using duplicate equipment and using redundant paths are two methods to help prevent network disruptions. The use of VLANs would not affect network availability. Changing the routing protocol could actually reduce availability during convergence. Loops, which are created by the provision of redundant paths, are managed by protocols without removing devices.

6. Which technology provides laptops the ability to function on a cellular network?

  • mobile hotspot
  • Bluetooth
  • infrared
  • 802.11 Wi-Fi

7. Which two types of devices are specific to WAN environments and are not found on a LAN? (Choose two.)

  • access layer switch
  • broadband modem
  • core switch
  • CSU/DSU
  • distribution layer router

8. Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.)

  • cost of the link
  • amount of traffic
  • distance between sites
  • reliability
  • security needs
  • type of traffic

9. Which type of NAT maps a single inside local address to a single inside global address?

  • port address translation
  • overloading
  • static
  • dynamic

10. Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?

  • Interface Fa0/0 should be configured with the command no ip nat inside.
  • Interface S0/0/0 should be configured with the command ip nat outside.
  • R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11.
  • R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11.

Explanation: In order for NAT translations to work properly, both an inside and outside interface must be configured for NAT translation on the router.

11. Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1?

  • 192.168.0.1
  • 192.168.0.10
  • 209.165.201.1
  • 209.165.200.225

Explanation: In static NAT a single inside local address, in this case 192.168.0.10, will be mapped to a single inside global address, in this case 209.165.200.225. Internet hosts will send packets to PC1 and use as a destination address the inside global address 209.165.200.225.

12. A network administrator is troubleshooting the dynamic NAT that is configured on router R2. Which command can the administrator use to see the total number of active NAT translations and the number of addresses that are allocated from the NAT pool?

  • R2# show ip nat statistics
  • R2# show ip nat translations
  • R2# show running-config
  • R2# clear ip nat translation

13. What is correct in relation to NAT for IPv6?

  • Dual stack is an example of implementation of NAT for IPv6.
  • NAT64 has been deprecated by IETF in favor of NAT-PT.
  • It is a temporary mechanism to assist in the migration from IPv4 to IPv6.
  • It is used to convert private IPv6 addresses to public IPv6 addresses.​

Explanation: Refer to curriculum topic: 9.2.5
NAT for IPv6 is a temporary measure to aid in the move from IPv4 to IPv6. NAT64 is replacing NAT-PT. Dual stack is a method for running IPv4 and IPv6 on the same network.

14. Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

  • Filter unwanted traffic before it travels onto a low-bandwidth link.
  • Place standard ACLs close to the destination IP address of the traffic.
  • Place standard ACLs close to the source IP address of the traffic.
  • Place extended ACLs close to the destination IP address of the traffic.
  • Place extended ACLs close to the source IP address of the traffic.
  • For every inbound ACL placed on an interface, there should be a matching outbound ACL.

Explanation: Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Placing a standard ACL close to the source may have the effect of filtering all traffic, and limiting services to other hosts. Filtering unwanted traffic before it enters low-bandwidth links preserves bandwidth and supports network functionality. Decisions on placing ACLs inbound or outbound are dependent on the requirements to be met.

15. Refer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.)

  • inbound
  • R2 S0/0/1
  • R1 Gi0/1.12
  • outbound
  • R1 S0/0/0
  • R2 Gi0/1.20

Explanation: A standard access list is commonly placed as close to the destination network as possible because access control expressions in a standard ACL do not include information about the destination network.

The destination in this example is printer VLAN 12 which has router R1 Gigabit subinterface 0/1/.12 as its gateway. A sample standard ACL that only allows printing from data VLAN 10 (192.168.10.0/24), for example, and no other VLAN would be as follows:

R1(config)# access-list 1 permit 192.168.10.0 0.0.0.255
R1(config)# access-list 1 deny any
R1(config)# interface gigabitethernet 0/1.12
R1(config-if)# ip access-group 1 out

16. If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

  • 4
  • 6
  • 8
  • 12
  • 16

Explanation: In calculating how many ACLs can be configured, use the rule of “three Ps”: one ACL per protocol, per direction, per interface. In this case, 2 interfaces x 2 protocols x 2 directions yields 8 possible ACLs.

17. Which type of Hypervisor is implemented when a user with a laptop running the Mac OS installs a Windows virtual OS instance?

  • virtual machine
  • bare metal
  • type 2
  • type 1

Explanation: Type 2 hypervisors, also know as hosted hypervisors, are installed on top of an existing operating system, such as Mac OS, Windows, or Linux.

18. Which two layers of the OSI model are associated with SDN network control plane functions that make forwarding decisions? (Choose two.)​

  • Layer 1
  • Layer 2
  • Layer 3
  • Layer 4
  • Layer 5

Explanation: The SDN control plane uses the Layer 2 ARP table and the Layer 3 routing table to make decisions about forwarding traffic.

19. What defines a two-tier spine-leaf topology?

  • The APIC controller manipulates the data path directly.
  • The Cisco APICs and all other devices in the network physically attach to leaf switches.
  • The spine tier can be implemented with Cisco Nexus 9500 switches connected to each other and to the leaf switches.
  • Everything is two hops from everything else.

20. Which SNMP message type informs the network management system (NMS) immediately of certain specified events?

  • SET request
  • Trap
  • GET request
  • GET response

21. Which number represents the most severe level of syslog logging?

  • 0
  • 1
  • 6
  • 7

Explanation: Syslog levels are numbered 0 through 7, with 0 being the most severe and 7 being the least severe.

22. Which command will backup the configuration that is stored in NVRAM to a TFTP server?

  • copy running-config tftp
  • copy tftp running-config
  • copy startup-config tftp
  • copy tftp startup-config

23. Which statement describes a feature of site-to-site VPNs?

  • The VPN connection is not statically defined.
  • VPN client software is installed on each host.
  • Internal hosts send normal, unencapsulated packets.
  • Individual hosts can enable and disable the VPN connection.

24. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

  • client-based SSL
  • site-to-site using an ACL
  • clientless SSL
  • site-to-site using a preshared key

Explanation: When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.

25. Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

  • clientless SSL VPN
  • client-based IPsec VPN
  • IPsec VPN
  • IPsec Virtual Tunnel Interface VPN
  • GRE over IPsec VPN

Explanation: Enterprise managed VPNs can be deployed in two configurations:

  • Remote Access VPN – This VPN is created dynamically when required to establish a secure connection between a client and a VPN server. Remote access VPNs include client-based IPsec VPNs and clientless SSL VPNs.
  • Site-to-site VPN – This VPN is created when interconnecting devices are preconfigured with information to establish a secure tunnel. VPN traffic is encrypted only between the interconnecting devices, and internal hosts have no knowledge that a VPN is used. Site-to-site VPNs include IPsec, GRE over IPsec, Cisco Dynamic Multipoint (DMVPN), and IPsec Virtual Tunnel Interface (VTI) VPNs.

26. Which two statements describe remote access VPNs? (Choose two.)

  • A leased line is required to implement remote access VPNs.
  • Remote access VPNs are used to connect entire networks, such as a branch office to headquarters.
  • End users are not aware that VPNs exists.
  • Client software is usually required to be able to access the network.
  • Remote access VPNs support the needs of telecommuters and mobile users.

27. Which two statements describe remote access VPNs? (Choose two.)

  • Remote access VPNs are used to connect entire networks, such as a branch office to headquarters.
  • End users are not aware that VPNs exists.
  • A leased line is required to implement remote access VPNs.
  • Client software is usually required to be able to access the network.
  • Remote access VPNs support the needs of telecommuters and mobile users.

28. Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?

  • Router R4 will become the DR and router R1 will become the BDR.
  • Router R2 will become the DR and router R3 will become the BDR.
  • Router R1 will become the DR and router R2 will become the BDR.
  • Router R4 will become the DR and router R3 will become the BDR.

Explanation: OSPF elections of a DR are based on the following in order of precedence:

  • highest pritority from 1 -255 (0 = never a DR)
  • highest router ID
  • highest IP address of a loopback or active interface in the absence of a manually configured router ID. Loopback IP addresses take higher precedence than other interfaces.

In this case routers R4 and R1 have the highest router priority. Between the two, R3 has the higher router ID. Therefore, R4 will become the DR and R1 will become the BDR.

29. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers as shown. The routers are unable to form a neighbor adjacency. What should be done to fix the problem?

  • Change the IP address on S0/0 of router R2 to 192.168.20.2.
  • Remove the FastEthernet0/0 passive interface configuration on router R1.
  • Add the command network 192.168.20.1 0.0.0.0 area 0 on router R1.
  • Add the command network 192.168.30.0 0.0.0.255 area 0 on router R1.

30. What are the two purposes of an OSPF router ID? (Choose two.)

  • to enable the SPF algorithm to determine the lowest cost path to remote networks
  • to facilitate the establishment of network convergence
  • to uniquely identify the router within the OSPF domain
  • to facilitate router participation in the election of the designated router
  • to facilitate the transition of the OSPF neighbor state to Full

Explanation: OSPF router ID does not contribute to SPF algorithm calculations, nor does it facilitate the transition of the OSPF neighbor state to Full. Although the router ID is contained within OSPF messages when router adjacencies are being established, it has no bearing on the actual convergence process.

31. Which command will a network engineer issue to verify the configured hello and dead timer intervals on a point-to-point WAN link between two routers that are running OSPFv2?

  • show ipv6 ospf interface serial 0/0/0
  • show ip ospf neighbor
  • show ip ospf interface fastethernet 0/1
  • show ip ospf interface serial 0/0/0

Explanation: The show ip ospf interface serial 0/0/0 command will display the configured hello and dead timer intervals on a point-to-point serial WAN link between two OSPFv2 routers. The show ipv6 ospf interface serial 0/0/0 command will display the configured hello and dead timer intervals on a point-to-point serial link between two OSPFv3 routers. The show ip ospf interface fastethernet 0/1 command will display the configured hello and dead timer intervals on a multiaccess link between two (or more) OSPFv2 routers. The show ip ospf neighbor command will display the dead interval elapsed time since the last hello message was received, but does not show the configured value of the timer.

32. Refer to the exhibit. What is the OSPF cost to reach the router A LAN 172.16.1.0/24 from B?

  • 782
  • 74
  • 128
  • 65

Explanation: The formula used to calculate the OSPF cost is as follows:

Cost = reference bandwidth / interface bandwidth

The default reference bandwidth is 10^8 (100,000,000); therefore, the formula is

Cost = 100,000,000 bps / interface bandwidth in bps

Thus the cost to reach the A LAN 172.16.1.0/24 from B is as follows:
Serial link (1544 Kbps) from B to A cost => 100,000,000 / 1,544,000 = 64
Gigabit Ethernet link on A cost => 100,000,000 / 1,000,000,000 = 1
Total cost to reach 172.16.1.0/24 = 64 + 1 = 65

33. Refer to the exhibit. Which data format is used to represent the data for network automation applications?

  • YAML
  • JSON
  • XML
  • HTML

34. A user is reading a book from the website https://www.books-info.com/author1a/book2.html#page100 . Which part of the web link is called a fragment?

  • /author1a
  • https://
  • /book2.html
  • #page100

35. Refer to the exhibit. Why are routers R1 and R2 not able to establish an OSPF adjacency?

  • The serial interfaces are not in the same area.
  • The process numbers are not the same in both routers.
  • A backbone router cannot establish an adjacency with an ABR router.
  • The router ID values are not the same in both routers.

Explanation: On router R1, the network 192.168.10.0/30 is defined in the wrong area (area 1). It has to be defined in area 0 in order to establish adjacency with router R2, which has the network 192.168.10.0/30 defined in area 0.

36. A network technician has used the access-llst 1 permit 172.16.0.0 0.0.0.255 command to configure NAT on an edge router to translate only four networks, 172.16.0.0 /24, 172.16.1.0 /24, 172.16.2.0 /24, and 172.16.3.0 /24. After receiving complaints about limited access to the Internet, issuing the show ip nat translations command reveals that some networks are missing from the output. Which change will resolve the problem?

  • The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.1.255 .
  • The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.3.255
  • The access list should be replaced with access-list 1 permit 172.16.0.0 0.0.0.255
  • The access list should be replaced with access-list 1 permit 172.16.0.0 255.255.255.0.

37. Which type of tool would an administrator use to capture packets that are going to and from a particular device?

  • baselining tool
  • protocol analyzer
  • knowledge base
  • NMS tool

38. A user reports that the workstation cannot connect to a networked printer in the office in order to print a report created with word processing software. Which troubleshooting action by the helpdesk technician would follow the divide-and-conquer approach?

  • Ask the user to launch the web browser.
  • Ask the user to unplug and reattach the network cable.
  • Ask the user to issue the ipconfig command.
  • Ask the user to save the working document.

39. Match the OSPF state with the order in which it occurs. (Not all options are used.)


40. When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers?

  • every 5 minutes
  • every 10 minutes
  • every 30 minutes
  • every 60 minutes

41. Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB?

  • database description
  • link-state acknowledgment
  • link-state update
  • link-state request

42. Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?

  • building the topology table
  • executing the SPF algorithm
  • selecting the router ID
  • declaring a neighbor to be inaccessible

43. Refer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure?

  • The established keyword is not specified.
  • The sequence of the ACEs is incorrect.
  • The port number for the traffic has not been identified with the eq keyword.
  • The permit statement specifies an incorrect wildcard mask.

Explanation: When verifying an ACL, the statements are always listed in a sequential order. Even though there is an explicit permit for the traffic that is sourced from network 172.31.1.0 /24, it is being denied due to the previously implemented ACE of CiscoVille(config)# access-list 9 deny 172.31.0.0 0.0.255.255. The sequence of the ACEs must be modified to permit the specific traffic that is sourced from network 172.31.1.0 /24 and then to deny 172.31.0.0 /16.

44. A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command?

  • to secure administrative access to the router
  • to secure management traffic into the router
  • to display all restricted traffic
  • to remove all ACLs from the router

45. Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered?

  • ACL 10 is removed from both the running configuration and the interface Fa0/1.
  • ACL 10 is removed from the running configuration.
  • ACL 10 is disabled on Fa0/1.
  • ACL 10 will be disabled and removed after R1 restarts.

Explanation: The R1(config)# no access-list <access-list number> command removes the ACL from the running-config immediately. However, to disable an ACL on an interface, the command R1(config-if)# no ip access-group should be entered.

46. An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?

  • R1(config-if)# ip access-group 1 out
  • R1(config-if)# ip access-group 1 in
  • R1(config-line)# access-class 1 in
  • R1(config-line)# access-class 1 out

47. Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server.

Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)

  • R1(config)# interface s0/0/0
    R1(config-if)# ip access-group 105 outR2(config)# interface gi0/0
    R2(config-if)# ip access-group 105 in
  • access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
    access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
    access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
    access-list 105 deny ip any host 10.0.54.5
    access-list 105 permit ip any any*
  • access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
    access-list 105 permit tcp any host 10.0.54.5 eq www
    access-list 105 permit ip any any
  • R1(config)# interface gi0/0
    R1(config-if)# ip access-group 105 out
  • access-list 105 permit tcp host 10.0.54.5 any eq www
    access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
    access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

Explanation: The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server.

48. What is a feature of an IPS?

  • It has no impact on latency.
  • It is deployed in offline mode.
  • It is primarily focused on identifying possible incidents.
  • It can stop malicious packets.

49. Which type of security threat can be described as software that attaches itself to another program to execute a specific unwanted function?

  • denial of service Trojan horse
  • proxy Trojan horse
  • worm
  • virus

50. What is the significant characteristic of worm malware?

  • Once installed on a host system, a worm does not replicate itself.
  • A worm must be triggered by an event on the host system.
  • A worm can execute independently of the host system.
  • Worm malware disguises itself as legitimate software.

51. What is the best description of Trojan horse malware?

  • It is software that causes annoying but not fatal computer problems.
  • It appears as useful software but hides malicious code.
  • It is the most easily detected form of malware.
  • It is malware that can only be distributed over the Internet.

52. What is the function of ASICs in a multilayer switch?

  • They aggregate multiple physical switch ports into a single logical port.
  • They provide power to devices such as IP phones and wireless access points through Ethernet ports.
  • They prevent Layer 2 loops by disabling redundant links between switches.
  • They streamline forwarding of IP packets in a multilayer switch by bypassing the CPU.

53. What is the port density of a switch?

  • the combined bandwidth of all ports on a switch
  • the number of available ports on a switch
  • the throughput of a port
  • the bandwidth of a port

54. What is a difference between the functions of Cloud computing and virtualization?

  • Cloud computing provides services on web-based access whereas virtualization provides services on data access through virtualized Internet connections.
  • Cloud computing separates the application from the hardware whereas virtualization separates the OS from the underlying hardware.
  • Cloud computing requires hypervisor technology whereas virtualization is a fault tolerance technology.
  • Cloud computing utilizes data center technology whereas virtualization is not used in data centers.

Explanation: Cloud computing separates the application from the hardware. Virtualization separates the OS from the underlying hardware. Virtualization is a typical component within cloud computing. Virtualization is also widely used in data centers. Although the implementation of virtualization facilitates an easy server fault tolerance setup, it is not a fault tolerance technology by design. The Internet connection from a data center or service provider needs redundant physical WAN connections to ISPs.

55. Why would a network administrator use the config-register 0x2102 command on a Cisco network device?

  • to monitor and manage network performance, find and solve network problems, and plan for network growth
  • to back up the running configuration onto a USB drive
  • to learn device names, IOS versions, and the number and type of interfaces of connected devices
  • to ensure that the device loads the startup configuration file during startup

56. When JSON data format is being used, what characters are used to hold objects?

  • double quotations ” “
  • double brackets [ ]
  • double braces { }
  • double colons : :

Related Articles

guest
3 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments