[PART 4] CCNA 200-125 Dumps Questions and Answers Latest (VCE + PDF)

Rate this post

211.  which IP configuration does the CIDR notation refer?

Show (Hide) Explanation/Reference
“/25” means 1111 1111.1111 1111.1000 0000 in binary or in decimal.

212.  CIDR notation ( ) / notation?

  • 30*
  • 31
  • 32
  • 33

213.  Which two of these statements regarding RSTP are correct? (Choose two)

  • RSTP cannot operate with PVST+.
  • RSTP defines new port roles.*
  • RSTP defines no new port states.
  • RSTP is a proprietary implementation of IEEE 802.1D STP.
  • RSTP is compatible with the original IEEE 802.1D STP.*

214.  What is known as ―one-to-nearest addressing in IPv6?

  • global unicast
  • anycast*
  • multicast
  • unspecified address

215.  When a device learns multiple routes to a specific network, it installs the route with :

  • Longest bit Match (highest subnet Mask)
  • lowest AD*
  • lowest metric
  • equal load balancing
Show (Hide) Explanation/Reference
Making a forwarding decision actually consists of three sets of processes: the routing protocols, the routing table, and the actual process which makes a forwarding decision and switches packets. The longest prefix match always wins among the routes actually installed in the routing table, while the routing protocol with the lowest administrative distance always wins when installing routes into the routing table.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8651-21.html

216.  Requirement to configure DHCP binding ( 2 options)

  • DHCP pool
  • ip address*
  • Hardware address*
  • other option
Show (Hide) Explanation/Reference
An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hoststhat are found in the DHCP database.

All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:

ip dhcp pool SERVER
client-identifier 01aa.bbcc.0003.00

Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html

In fact the “DHCP pool” option is also correct but two above choices are better.

217.  how to see dhcp conflict?

  • show ip dhcp pool
  • show dhcp database
  • show ip dhcp conflict*
  • Other Option.
Show (Hide) Explanation/Reference

218.  What type of MAC address is aged automatically by the switch?

  • Dynamic*
  • Static
  • Auto
  • one more option
Show (Hide) Explanation/Reference
To switch frames between LAN ports efficiently, the switch maintains an address table. When the switch receives a frame, it associates the media access control (MAC) address of the sending network device with the LAN port on which it was received.

The switch dynamically builds the address table by using the MAC source address of the frames received. When the switch receives a frame for a MAC destination address not listed in its address table, it floods the frame to all LAN ports of the same VLAN except the port that received the frame. When the destination station replies, the switch adds its relevant MAC source address and port ID to the address table. The switch then forwards subsequent frames to a single LAN port without flooding all LAN ports.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/MACAddress.html

When the switch dynamically builds the MAC address table, it also specifies the time before an entry ages out and is discarded from the MAC address table. The default is 300 seconds.

219.  Which major component of the network virtualization architecture isolate users according to policy?

  • policy enforcement
  • network access control*
  • network services virtualization
  • path isolation
Show (Hide) Explanation/Reference
Network virtualization architecture has three main components:

Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users are segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorized to access the network and then places them into the appropriate logical partition.

+ Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.

+ Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11-531522.pdf

220.  Which two statements about firewalls are true?

  • They can be used with an intrusion prevention system.*
  • They can limit unauthorized user access to protect data.*
  • Each wireless access point requires its own firewall.
  • They must be placed only at locations where the private network connects to the internet.
  • They can prevent attacks from the internet only.

221.  Which two statements about data VLANs on access ports are true? ( Choose two)

  • They can be configured as trunk ports.
  • Two or more VLANs can be configured on the interface.
  • 802.1Q encapsulation must be configured on the interface.
  • Exactly one VLAN can be configured on the interface.*
  • They can be configured as host ports.*

222.  Where does the configuration reside when a helper address is configured to support DHCP?

  • on the switch trunk interface.
  • on the router closest to the client.*
  • on the router closest to the server.
  • on every router along the path.

223.  Which command can you enter to configure an IPV6 floating static route?

  • Router(config)# ipv6 route static resolve default
  • Router(config)# ipv6 route::/0 serail0/1
  • Router(config)# ipv6 route FE80:0202::/32 serail 0/1 201*
  • Router(config)# ipv6 route FE80:0202::/32 serail 0/1 1
Show (Hide) Explanation/Reference
Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1 -> Answer C is correct as it has the AD of 201.

224.  How does NAT overloading provide one-to-many address translation?

  • It uses a pool of addresses
  • It converts IPV4 addresses to unused IPv6 Addresses
  • assigns a unique TCP/UDP port to each session*
  • It uses virtual MAC Address and Virtual IP Addresses
Show (Hide) Explanation/Reference
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

225.  Which three options are types of Layer 2 network attack? (Choose three)

  • Spoofing attacks*
  • Vlan Hopping*
  • botnet attacks
  • DDOS attacks
  • ARP Attacks*
  • Brute force attacks
Show (Hide) Explanation/Reference

(DHCP) Spoofing attack is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

VLAN Hopping: By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures. VLAN hopping can be accomplished by switch spoofing or double tagging.

1) Switch spoofing:

The attacker can connect an unauthorized Cisco switch to a Company switch port. The unauthorized switch can send DTP frames and form a trunk with the Company Switch. If the attacker can establish a trunk link to the Company switch, it receives traffic to all VLANs through the trunk because all VLANs are allowed on a trunk by default.

(Instead of using a Cisco Switch, the attacker can use a software to create and send DTP frames).

2) Double-Tagging:

In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20).

When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer.

Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker.

ARP attack (like ARP poisoning/spoofing) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP which is at Layer 2.

226.  What does split-horizon do?

  • Prevent routing loop in distance vector protocol*
  • Prevent switching loop in distance vector protocol
  • Prevent switching loop in link-state protocol
  • Prevent routing loop in link-state protocol
Show (Hide) Explanation/Reference
The split-horizon rule states that “a router never sends information about a route back in same direction which is original information came”. This rule is used in distance vector protocol (like RIP or EIGRP) to prevent Layer 3 routing loop.

227.  Refer to the exhibit. 

After you apply the given configuration to R1, you notice that it failed to enable OSPF Which action can you take to correct the problem?

  • Configure a loopback interface on R1
  • Enable IPv6 unicast routing on R1.*
  • Configure an IPv4 address on interface FO/0.
  • Configure an autonomous system number on OSPF.
Show (Hide) Explanation/Reference


Prerequisites for IPv6 Routing: OSPFv3
Complete the OSPFv3 network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.
Enable IPv6 unicast routing.
Enable IPv6 on the interface.

228.  How many broadcast domains are shown in the graphic assuming only the default VLAN is confgured on the switches?

  • one*
  • two
  • six
  • twelve
Show (Hide) Explanation/Reference
Only router can break up broadcast domains but in this exhibit no router is used so there is only 1 broadcast domain.

For your information, there are 7 collision domains in this exhibit (6 collision domains between hubs & switches + 1 collision between the two switches). 

229.  Which three statements correcctly describe Network Device A? (Choose three.)

  • With a network wide mask of, each interface does not require an IP address.
  • With a network wide mask of, each interface does require an IP address on a unique IP subnet.*
  • With a network wide mask of, must be a Layer 2 device for the PCs to communicate with each other.
  • With a network wide mask of, must be a Layer 3 device for the PCs to communicate with each other.*
  • With a network wide mask of, each interface does not require an IP address.*
Show (Hide) Explanation/Reference
The principle here is if the subnet mask makes two IP addresses and in the same subnet then the Network device A does not need to have IP addresses on its interfaces (and we don’t need a Layer 3 device here).

A quick way to find out the correct answers is notice that all 255.255.255.x subnet masks will separate these two IP addresses into two separate subnets so we need a Layer 3 device here and each interface must require an IP address on a unique IP subnet -> A, C are not correct while B, D are correct.

With subnet mask, the increment here is 2 in the third octet -> the first subnet is from to, in which two above IP addresses belong to -> each interface of Network device A does not require an IP address -> E is correct.

230.  At the end of an RSTP election process, which access layer switch port will assume the discarding role?

  • Switch3, port fa0/1
  • Switch3, port fa0/12
  • Switch4, port fa0/11*
  • Switch4, port fa0/2
  • Switch3, port Gi0/1
  • Switch3, port Gi0/2
Show (Hide) Explanation/Reference
In this question, we only care about the Access Layer switches (Switch3 & 4). Switch 3 has a lower bridge
ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3
will be in forwarding state. The alternative port will surely belong to Switch4.
Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how
does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A
BPDU is superior to another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have
the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only
parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this
case the port priorities are equal because they use the default value, so Switch4 will compare port index
values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will
select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11
of Switch4 will be blocked (discarding role). 

231.  Why is flash memory erased prior to upgrading the IOS image from the TFTP server?

  • The router cannot verify that the Cisco IOS image currently in flash is valid.
  • Flash memory on Cisco routers can contain only a single IOS image.
  • Erasing current flash content is requested during the copy dialog.*
  • In order for the router to use the new image as the default, it must be the only IOS image in flash.
Show (Hide) Explanation/Reference
During the copy process, the router asked “Erasing flash before copying? [confirm]” and the administrator confirmed (by pressing Enter) so the flash was deleted.

Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:

%Error copying tftp:// c1600-k8sy-mz.l23-16a.bin (Not enough space on device)

232.  The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)

  • Configure the gateway on Host A as
  • Configure the gateway on Host B as*
  • Configure the IP address of Host A as
  • Configure the IP address of Host B as*
  • Configure the masks on both hosts to be
  • Configure the masks on both hosts to be

233.  Which utility can you use to identify the cause of a traffic-flow blockage between the two devices in a network?

  • ACL path analysis tool in APIC-EM*
  • I WAN application
  • ACL analysis tool in APIC-EM
  • APIC-EM automation scheduler
Show (Hide) Explanation/Reference
The ACL Path Analysis tool in APIC-EM can help to identify where the traffic was blocked in the transmission.

Icon means “there are ACLs that permit the traffic applied on the interface”.

Icon  means “traffic may or may not be blocked. For example, if your traffic matches a deny access control entry (ACE), traffic is denied. However, if your traffic matches any other ACEs, it is permitted. You can get this type of results if you leave out the protocol, source port, or destination port when defining a path trace”.

Icon  means “there is an ACL on the device or interface that is blocking the traffic on the path”.

Icon  means “there are no ACLs applied on the interface”.

Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/path_trace/user-guide/b_Cisco_Path_Trace_User_Guide_1_5_0_x/b_Cisco_Path_Trace_User_Guide_1_5_0_x_chapter_0111.html

234.   Which IEEE mechanism is responsible for the authentication of devices when they attempt to connect to a local network?

  • 802.1x*
  • 802.11
  • 802.2x
  • 802.3x
Show (Hide) Explanation/Reference
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN

235.   When a router is unable to find a known route in the routing table, how does it handle the packet?

  • It discards the packet*
  • It sends the packet over the route with the best metric
  • It sends the packet to the next hop address
  • It sends the packet to the gateway of last resort
Show (Hide) Explanation/Reference
In fact this question is not clear. If we understand that “router is unable to find a known route in the routing table” and there is no default route in the routing table then the router will surely discard the packet -> A is correct. But we are not sure if there is a default route or not so let learn more about gateway of last resort.

A Gateway of Last Resort is a route used by the router when no other known route exists to send the IP packet. For CCNA level, when ip routing feature is enabled, a gateway of last resort is usually created by:
+ The “ip default-network” command (but dynamic routing protocols have different behaviors). But in general, the “ip default-network” cannot set the gateway of last resort without a known route in the routing table.
+ Creating a static route to network is another way to set the gateway of last resort on a router. This is the reason why this question is not clear as it does not tell us if a default route exists or not.

Maybe in this question a default route does not exist. Otherwise the author would notice and indicate it in the question.

For more information about Gateway of Last Resort, please read: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

236.   If router R1 knows a static route to a destination network and then learns about the same destination network through a dynamic routing protocol, how does R1 respond?

  • It refuses to advertise the dynamic route to other neighbors
  • It sends a withdrawal signal to the neighboring router
  • It disables the routing protocol
  • It prefers the static route*
Show (Hide) Explanation/Reference
By default the administrative distance of a static route is 1, meaning it will be preferred over all dynamic routing protocols. If you want to have the dynamic routing protocol used and have the static route be used only as a backup, you need to increase the AD of the static route so that it is higher than the dynamic routing protocol.

237.   Which two statements about floating static routes are true? (Choose two)

  • They are routes to the exact /32 destination address
  • They are used when a route to the destination network is missing
  • They have a higher administrative distance than the default static route administrative distance*
  • They are used as back-up routes when the primary route goes down*
  • They are dynamic routes that are learned from a server
Show (Hide) Explanation/Reference
Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1. Floating static route has a manually configured administrative distance greater than that of the primary route and therefore would not be in the routing table until the primary route fails.

238.   Refer to the exhibit. If R1 receives a packet destined to, to which IP address does it send the packet?

Show (Hide) Explanation/Reference
It can’t find the address so it will be directed to the Gate of last resort

239.  What is the danger of the permit any entry in a NAT access list?

  • It can lead to overloaded resources on the router.*
  • It can cause too many addresses to be assigned to the same interface.
  • It can disable the overload command.
  • It prevents the correct translation of IP addresses on the inside network.
Show (Hide) Explanation/Reference
Using permit any can result in NAT consuming too many router resources, which can cause network problems. You should only limit the NAT access list to a specific range of IP addresses.

240.   How does a DHCP server dynamically assign IP addresses to hosts?

  • Addresses are permanently assigned so that the host uses the same address at all times.
  • Addresses are assigned for a fixed period of time.
  • Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.*
  • Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
Show (Hide) Explanation/Reference
The DHCP lifecycle consists of the following:
Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.

241.  Refer to the exhibit. What two results would occur if the hub were to be replaced with a switch that is configured with one Ethernet VLAN? (Choose two.)

  • The number of collision domains would remain the same.
  • The number of collision domains would decrease.
  • The number of collision domains would increase.*
  • The number of broadcast domains would remain the same.*
  • The number of broadcast domains would decrease.
  • The number of broadcast domains would increase.

242.  Refer to the exhibit, you determine that Computer A cannot ping Computer

Which reason for the problem is most likely true?

  • The Subnet mask for Computer A is incorrect.*
  • The default gateway address for Computer A is incorrect.
  • The subnet mask for computer B is incorrect.
  • The default gateway address for computer B is incorrect.
Show (Hide) Explanation/Reference = /27

243.   Which effect of the passive-interface command on R1 is true?

  • It prevents interface Fa0/0 from sending updates.*
  • Interface Fa 0/0 operates in RIPv1 mode.
  • It removes the network from all updates on all interfaces on R1.
  • It removes the network from all updates on all interfaces on R1.
Show (Hide) Explanation/Reference
With most routing protocols, the passive-interface command restricts outgoing advertisements only.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.

244.  Which three encapsulation layers in the OSI model are combined into the TCP/IP application layer? (Choose three)

  • Session*
  • transport
  • presentation*
  • application*
  • data-link
  • network
Show (Hide) Explanation/Reference

245.   When is the most appropriate time to escalate an issue that you troubleshooting?

  • A. When you lack the proper to resolve the issue*
  • B. When a more urgent issue that requires your intervention is detected
  • C. When you have gathered all information about an issue
  • D. When you have been unable to resolve the issue after 30 min
Show (Hide) Explanation/Reference
From this paragraph:

Step 2Resolve or escalate: Problem isolation should eventually uncover the root cause of the problem – that is, the cause which, if fixed, will resolve the problem. In short, resolving the problem means finding the root cause of the problem and fixing that problem. Of course, what do you do if you cannot find the root cause, or fix (resolve) that root cause once found? Escalate the problem. Most companies have a defined escalation process, with different levels of technical support and management support depending on whether the next step requires more technical expertise or management decision making.

Reference: ICND1 100-105 Official Cert Guide

Also from this link: http://www.ciscopress.com/articles/article.asp?p=1578504&seqNum=2

“After you have clearly defined the problem, you have one more step to take before starting the actual troubleshooting process. You must determine whether this problem is your responsibility or if it needs to be escalated to another department or person. For example, assume the reported problem is this: “When user Y tries to access the corporate directory on the company intranet, she gets a message that says permission is denied. She can access all other intranet pages.” You are a network engineer, and you do not have access to the servers. A separate department in your company manages the intranet servers. Therefore, you must know what to do when this type of problem is reported to you as a network problem. You must know whether to start troubleshooting or to escalate it to the server department. It is important that you know which type of problems is your responsibility to act on, what minimal actions you need to take before you escalate a problem, and how you escalate a problem.”

So we can say answer A is the most suitable choice.

246.   Which two command can you enter to display the current time sources statistics on devices? (Choose TWO)

  • Show ntp associations.*
  • Show clock details.
  • Show clock.
  • Show time.
  • Show ntp status.*
Show (Hide) Explanation/Reference
Maybe the “current time sources” here mention about the status of the clock source. In the below output, the “show ntp associations” command reveals the IP address of the clock source (which is, the stratum (st) of this reference clock…

R1#show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~    9   509    64  200    32.2   15.44  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from

R1#show ntp status
Clock is synchronized, stratum 10, reference is
nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18
reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013)
clock offset is 15.4356 msec, root delay is 52.17 msec
root dispersion is 67.61 msec, peer dispersion is 28.12 msec

For more information about these two commands, please read at: http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html

In fact this question is unclear, but other answers are surely not correct.

247.   When you enable PortFast on a switch port, the port immediately transitions to which state?

  • Blocking
  • Forwarding*
  • Learning
  • Listening
Show (Hide) Explanation/Reference
PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

248.  Which path does a router choose when it receives a packet with multiple possible paths to the destination
over different routing protocols?

  • the path with both the lowest administrative distance and the highest metric
  • the path with the lowest administrative distance*
  • the path with the lowest metric
  • the path with both the lowest administrative distance and lowest metric

249.  Which command is used to know the duplex speed of serial link?

  • show line
  • show interface*
  • show protocol
  • show run
Show (Hide) Explanation/Reference
Nowadays all serial links are full-duplex (as serial interfaces have separate Rx & Tx pins) so maybe this question wants to ask about how to check the speed of the serial link. The “show interface” command gives us information about this. An example of this command is shown below:

In this output the speed of S0/0 interface is 1544 Kbits.

250.  What command is used to configure a switch as authoritative NTP server?

  • switch(config)#ntp master 3*
  • switch(config)#ntp peer
  • switch(config)#ntp server
  • switch(config)#ntp source

251.  Which address class includes network

  • Class C
  • Class B*
  • Class D
  • Class A
Show (Hide) Explanation/Reference
This is a tricky question if you don’t have a close look on the network. The first octet is 191, not 192 so it belongs to class B, not class C.

252.  On which type of port can switches interconnect for multi-VLAN communication?

  • interface port
  • access port
  • switch port
  • trunk port*

253.  Refer to the exhibit. If R1 sends traffic to the traffic is sent through which interface?

  • FastEthernet0/1*
  • FastEthernet0/0
  • FastEthernet1/0
  • FastEthernet1/1
Show (Hide) Explanation/Reference belongs to subnet (range from to so the router will use FastEthernet0/1 as the exit interface.

254.  Which IPV6 function serves the same purpose as ARP entry verification on an IPv4 network?

  • interface ip address verification
  • MAC address table verification
  • neighbor discovery verification*
  • Routing table entry verification
Show (Hide) Explanation/Reference
Neighbor Discovery Protocol is an umbrella that defines these mechanisms:

+ Subsitute of ARP – Since ARP has been removed in IPv6, IPv6 follows a newer way to find the link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses

Reference: https://supportforums.cisco.com/document/77521/ipv6-neighbor-discovery-protocol-ndp

255.  Which HSRP feature was new in HSRPv2?

  • VLAN group numbers that are greater than 255*
  • Virtual MAC addresses
  • tracking
  • preemption
Show (Hide) Explanation/Reference
Both HSRP version 1 & version 2 support preempt command -> Answer D is not correct.

In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> A is correct.

256.  Refer to exhibit. Which command can you enter to verify link speed and duplex setting on the interface?

R1(config)#interface gigabitEthernet0/1 
R1(config-if)#ip address 
R1(config-if)#speed 100 
R1(config-if)#duplex full
  • router#show ip protocols
  • router#show startup-config
  • router#show line
  • router#show interface gig 0/1*
Show (Hide) Explanation/Reference
The “show interfaces …” command gives us information about speed and duplex mode of the interface. In the output below, the link speed is 100Mbps and it is working in Full-duplex mode.

257.  Which two statements about unique local IPv6 addresses are true?

  • They are identical to IPv4 private addresses.*
  • They are defined by RFC 1884
  • They use the prefix FEC0::/10
  • They use the prefix FC00::/7*
  • They can be routed on the IPv6 global internet.
  1. Show (Hide) Explanation/Reference
    A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private IP addresses in IPv4 but now they are deprecated.

258.  Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable auto mode?

  • trunk
  • access
  • dynamic desirable
  • dynamic auto*
Show (Hide) Explanation/Reference
The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco for the purpose of negotiating trunking on a link between two switches, and for negotiating the type of trunking encapsulation to be used.

In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form.

In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches -> This is the best answer in this question.

Reference: http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8

259.  When you troubleshoot an IPv4 connectivity issue on a router, which three router configuration checks you
must perform?

  • Verify that the router interface IP address is correct.*
  • Verify that the DNS is configured correctly.
  • Verify that the router and the host use the same subnet mask.*
  • Verify that the router firmware is up-to-date.
  • Verify that a default route is configured.
  • Verify that the route appears in the Routing table*

260.  Configuration of which option is required on a Cisco switch for the Cisco IP phone to work?

  • PortFast on the interface
  • the interface as an access port to allow the voice VLAN ID*
  • a voice VLAN ID in interface and global configuration mode
  • Cisco Discovery Protocol in global configuration mode
Show (Hide) Explanation/Reference
When you connect an IP phone to a switch using a trunk link, it can cause high CPU utilization in the switches. As all the VLANs for a particular interface are trunked to the phone, it increases the number of STP instances the switch has to manage. This increases the CPU utilization. Trunking also causes unnecessary broadcast / multicast / unknown unicast traffic to hit the phone link.

In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary VLANs.

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full configuration is shown below:

Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 10 
Switch(config-if)#switchport voice vlan 20

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4500-series-switches/69632-configuring-cat-ip-phone.html

261.  Which method does a connected trunk port use to tag VLAN traffic?

  • IEEE 802 1w
  • IEEE 802 1D
  • IEEE 802 1Q*
  • IEEE 802 1p
Show (Hide) Explanation/Reference
IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. When a frame enters the VLAN-aware portion of the network (a trunk link, for example), a VLAN ID tag is added to represent the VLAN membership of that frame. The picture below shows how VLAN tag is added and removed while going through the network.

262.  Which RFC was created to alleviate the depletion of IPv4 public addresses?

  • RFC 4193
  • RFC 1519
  • RFC 1518 *
  • RFC 1918
Show (Hide) Explanation/Reference
The RFC 1518 is Classless Interdomain Routing (CIDR), which is created to save the IPv4 addresses because we can now assign IP addresses classless. Therefore, instead of assigning the whole block of a class B or C address, now smaller blocks of a class can be assigned. For example, instead of assigning a whole block of, a smaller block, like or, can be assigned.

The RFC 1918 is Address Allocation for Private Internets, which reserves IP addresses for private and internal use. These addresses can be used for networks that do not need to connect to the Internet.

Therefore the RFC 1918 is the best choice to “alleviate the depletion of IPv4 public addresses”.

263.  What is the default lease time for a DHCP binding?

  • 24 hours*
  • 12 hours
  • 48 hours
  • 36 hours
Show (Hide) Explanation/Reference
By default, each IP address assigned by a DHCP Server comes with a one- day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode:

264.  Which NAT type is used to translate a single inside address to a single outside address?

  • dynamic NAT
  • NAT overload
  • PAT
  • static NAT*
Show (Hide) Explanation/Reference
There are two types of NAT translation: dynamic and static.

Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network

Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.

In this question we only want to translate a single inside address to a single outside address so static NAT should be used.

265.  Which network topology allows all traffic to flow through a central hub?

  • bus
  • star*
  • mesh
  • ring
Show (Hide) Explanation/Reference
Star topology is the most popular topology for the network which allows all traffic to flow through a central device.

266.  Which statement about a router on a stick is true?

  • Its date plane router traffic for a single VI AN over two or more switches.
  • It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs on the same subnet
  • It requires the native VLAN to be disabled.
  • It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs.*
Show (Hide) Explanation/Reference

267.  By default, how many MAC addresses are permitted to be learned on a switch port with port security enabled?

  • 8
  • 2
  • 1*
  • 0
Show (Hide) Explanation/Reference
By default, port security limits the MAC address that can connect to a switch port to one. If the maximum number of MAC addresses is reached, when another MAC address attempting to access the port a security violation occurs.

268.  Which device allows users to connect to the network using a single or double radio?

  • access point*
  • switch
  • wireless controller
  • firewall
Show (Hide) Explanation/Reference
Many Cisco access points offer single or double (dual) radio (2.4 and 5.0 GHz).

Note: The wireless controller automates wireless configuration and management functions. It does not connect directly to users.

269.  When enabled, which feature prevents routing protocols from sending hello messages on an interface?

  • virtual links
  • passive-interface*
  • directed neighbors
  • OSPF areas
Show (Hide) Explanation/Reference
You can use the passive-interface command in order to control the advertisement of routing information.
The command enables the suppression of routing updates over some interfaces while it allows updates to
be exchanged normally over other interfaces. With most routing protocols, the passive-interface command
restricts outgoing advertisements only.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.
This document demonstrates that use of the passive-interface command in EIGRP suppresses the
exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This
stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This
document also discusses the configuration required in order to allow the suppression of outgoing routing
updates, while it also allows incoming routing updates to be learned normally from the neighbor

270.  Refer to the exhibit. Which statement describes the effect of this configuration?

  • The VLAN 10 VTP configuration is displayed
  • VLAN 10 spanning-tree output is displayed
  • The VLAN 10 configuration is saved when the router exits VLAN configuration mode*
  • VLAN 10 is added to the VLAN database

Show (Hide) Explanation/Reference
With the configuration above, when we type “do show vlan” we would not see VLAN 10 in the VLAN database because it has not been created yet. VLAN 10 is only created when we exits VLAN configuration mode (with “exit” command).
Which method does a connected trun

271.  Which route source code represents the routing protocol with a default administrative distance of 90 in the routing table?

  • S
  • E
  • D*
  • R
  • O
Show (Hide) Explanation/Reference
Default Administrative distance of EIGRP protocol is 90 then answer is C.

272.  Which statement about native VLAN traffic is true?

  • Cisco Discovery Protocol traffic travels on the native VLAN by default*
  • Traffic on the native VLAN is tagged with 1 by default
  • Control plane traffic is blocked on the native VLAN.
  • The native VLAN is typically disabled for security reasons

273.  Which statement about unicast frame forwarding on a switch is true?

  • The TCAM table stores destination MAC addresses
  • If the destination MAC address is unknown, the frame is flooded to every port that is configured in the same VLAN except on the port that it was received on.*
  • The CAM table is used to determine whether traffic is permitted or denied on a switch
  • The source address is used to determine the switch port to which a frame is forwarded

274.  Which component of the routing table ranks routing protocols according to their preferences?

  • administrative distance*
  • next hop
  • metric
  • routing protocol code
Show (Hide) Explanation/Reference
Administrative distance – This is the measure of trustworthiness of the source of the route. If a router learns about a destination from more than one routing protocol, administrative distance is compared and the preference is given to the routes with lower administrative distance. In other words, it is the believability of the source of the route

275.  Which switch would STP choose to become the root bridge in the selection process?

  • 32768: 11-22-33-44-55-66*
  • 32768: 22-33-44-55-66-77
  • 32769: 11-22-33-44-55-65
  • 32769: 22-33-44-55-66-78

276.  Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two.)

  • All of the routers need to be configured for backbone Area 1.
  • R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3
  • A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being established.
  • The hello and dead interval timers are not set to the same values on R1 and R3.*
  • EIGRP is also configured on these routers with a lower administrative distance.
  • R1 and R3 are configured in different areas.*
Show (Hide) Explanation/Reference
A is not correct because the backbone area of OSPF is always Area 0.
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses multicast address to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.

D and F are correct because these entries must match on neighboring routers:

– Hello and dead intervals
– Area ID (Area 0 in this case)
– Authentication password
– Stub area flag

277.  For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)

  • to uniquely identify devices at Layer 2*
  • to allow communication with devices on a different network
  • to differentiate a Layer 2 frame from a Layer 3 packet
  • to establish a priority system to determine which device gets to transmit first
  • to allow communication between different devices on the same network*
  • to allow detection of a remote device when its physical address is unknown
Show (Hide) Explanation/Reference
Physical addresses or MAC addresses are used to identify devices at layer 2 -> A is correct.

MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct.

Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical address -> C is not correct.

On Ethernet, each frame has the same priority to transmit by default -> D is not correct.

All devices need a physical address to identify itself. If not, they can not communicate -> F is not correct. 

278. 2 authentication type of MLPPP 

  • PEAP
  • LEAP
  • PAP*
  • CHAP*
Show (Hide) Explanation/Reference
The Multilink PPP feature provides load balancing functionality over multiple WAN links while providing multivendor interoperability and support for packet fragmentation, proper sequencing, and load calculation on both inbound and outbound traffic.

Multilink PPP combines multiple physical links into a logical bundle called a Multilink PPP bundle. A Multilink PPP bundle is a single, virtual interface that connects to the peer system. Having a single interface (Multilink PPP bundle interface) provides a single point to apply hierarchical queueing, shaping, and policing to traffic flows. Individual links in a bundle do not perform any hierarchical queueing. None of the links have any knowledge about the traffic on parallel links.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_mlp/configuration/xe-3s/wan-mlp-xe-3s-book/wan_cfg_mlppp_conn_xe.html

MLPPP supports two authentication protocols: Password Authentication protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP)

279.  What is the effect of the overload keyword in a static NAT translation configuration?

  • It enables port address translation.*
  • It enables the use of a secondary pool of IP addresses when the first pool is depleted
  • It enables the inside interface to receive traffic.
  • It enables the outside interface to forward traffic.
Show (Hide) Explanation/Reference

280.  What are the requirements for running VTP (choose two)

  • VTP domain names must be different
  • VTP domain names must be the same*
  • VTP server must have the highest revision numbers
  • All devices need to have the same VTP version*
Show (Hide) Explanation/Reference
VTP server usually has the same revision number with other switches (when they are synchronized) so answer C is not correct. To run VTP, the VTP domain names and VTP version must be matched among the devices running VTP.

Download PDF File below:

Related Articles

Leave a Reply

Photo and Image Files
Audio and Video Files
Other File Types

Send this to a friend