[PART 6] CCNA 200-125 Dumps Questions and Answers Latest (VCE + PDF)

Rate this post

351. How Eigrp for ipv6 configuration done? ( choose two)

  • uses process number
  • neighbor configured directly
  • configured driectly on interface*
  • configured globally interface
  • have shutdown feature*

352. Which command can you enter to display the operational status of the network ports on a router?

  • show interface switchport
  • show ip interface brief*
  • show running-config interface fastethernet 0/1
  • show interface status

353. Which two statements about VTP are true? (Choose two.)

  • All switches must be configured with the same VTP domain name*
  • All switches must be configured to perform trunk negotiation.
  • All switches must be configured with a unique VTP domain name
  • The VTP server must have the highest revision number in the domain*
  • All switches must use the same VTP version.

354. Refer to the exhibit. On R1 which routing protocol is in use on the route to

  • RIP
  • OSPF
  • IGRP
  • EIGRP*

355. Which two options are the best reasons to use an IPV4 private IP space?(choose two)

  • to enable intra-enterprise communication*
  • to implement NAT
  • to connect applications
  • to conserve global address space*
  • to manage routing overhead

356. Which statement about recovering a password on a Cisco router is true?

  • The default reset password is cisco
  • It requires a secure SSl/VPN connection
  • A factory resset is required if you forget the password
  • It requires physical access to the router*
Show (Hide) Explanation/Reference
Other choices are surely incorrect so only “physical access” answer is the correct one. In order to recover a password on a Cisco router, the first thing you have to do is either switch off or shut down the router. For more information about this process, please read http://www.cisco.com/c/en/us/support/docs/routers/2800-series-integrated-services-routers/112033-c2900-password-recovery-00.html

357. If three devices are plugged into one port on a switch and two devices are plugged into a different port,
how many collision domains are on the switch?

  • 2*
  • 4
  • 5
  • 6

358. What are three components that comprise the SNMP framework? (Choose three)

  • MIB*
  • manager*
  • supervisor
  • agent*
  • set
  • AES

359. which command is used to enable CHAP authentication whit PAP as the fallback method on a serial

  • (config-if)#authentication ppp chap fallback ppp
  • (config-if)#authentication ppp chap pap
  • (config-if)#ppp authentication chap pap*
  • (config-if)#ppp authentication chap fallback ppp
Show (Hide) Explanation/Reference
The command “ppp authentication chap pap” command indicates the CHAP authentication is used first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then CHAP) you can use the “ppp authentication pap chap” command.

360. What is the effect of using the service password-encryption command?

  • only passwords configured after the command has been entered will be encrypted.
  • Only the enable password will be encrypted.
  • Only the enable secret password will be encrypted
  • It will encrypt the secret password and remove the enable secret password from the configuration.
  • It will encrypt all current and future passwords.*

361. Refer to the exhibit A frame on vlan 1on switch s1 is sent to switch s2 when the frame is received on vlan 2,what causes this behavior?

  • trunk mode mismatches
  • vlans that do not correspond to a unique IP subnet
  • native vlan mismatches*
  • allowing only vlan 2 on the destination

362.  Refer to the exhibit.Assuming that the entire network topology is shown, what is the operational status of the interfaces of R2 as indicated by the command output shown?

  • One interface has a problem.
  • Two interfaces have problems.
  • The interfaces are functioning correctly.*
  • The operational status of the interfaces cannot be determined from the output shown.

363. Why will a switch never learn a broadcast address?

  • Broadcast frames are never sent to swiches.
  • Broadcast addresses use an incorrect format for the switching table.
  • A broadcast address will never be the source address of a frame.*
  • Broadcasts only use network layer addressing.
  • A broadcast frame is never forwarded by a switch.

364. What can you change to select switch as root bridge?

  • make lower priority*
  • make higher priority
  • make lower path cost
  • make higher path cost

365. Refer to exhibit. What Administrative distance has route to ?

  • 1
  • 90*
  • 110
  • 120

366. Which statement about IPv6 link-local addresses is true ?

  • They must be configured on all IPv6 interface*
  • They must be globally unique
  • They must be manually configured
  • They are advertised globally on the network
Show (Hide) Explanation/Reference
Link-local addresses refer only to a particular physical link and are used for addressing on a single link for purposes such as automatic address configuration and neighbor discovery protocol. Link-local addresses can be used to reach the neighboring nodes attached to the same link. The nodes do not need a globally unique address to communicate. Routers will not forward datagram using link-local addresses. All IPv6 enabled interfaces have a link-local unicast address.

A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format). Link-local addresses can also be manually configured in the FE80::/10 format using the “ipv6 address link-local” command.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113328-ipv6-lla.html

In summary, if you do not configure a link-local on an IPv6 enabled interface, it will automatically use the FE80::/10 and the interface identifier in the modified EUI-64 format to form a link-local address.

367. Which configuration can be used with PAT to allow multiple inside address to be translated to a single
outside address ?

  • Dynamic Routing
  • DNS
  • Preempt
  • overload*

368. Which two types of information are held in the MAC address table? (Choose two)

  • MAC address*
  • soure IP address
  • destination IP address
  • Protocols
  • Port numbers*
Show (Hide) Explanation/Reference
We can check the MAC address table with the command “show mac address-table”:

As we can see here, the “MAC address” field is the source MAC address and the “Ports” field are the ports of the switch from which the frames (with corresponding source MAC address) were received.

369. Which command can you enter to create a NAT pool of 6 addresses?

  • Router(config)#ip nat pool test prefix-length 24*
  • Router(config)#ip nat pool test prefix-length 16
  • Router(config)#ip nat pool test prefix-length 8
  • Router(config)#ip nat pool test prefix-length 8
Show (Hide) Explanation/Reference
The syntax to create a NAT pool is:

Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }

Therefore answer A is surely correct. Answer B is not correct as it creates many addresses (from 12.69 to 12.255 then to 13.74).

Answer C and D are not correct as we cannot use prefix-length of 8 (/8) for a class B subnet.

370. Which header field is new on IPv6?

  • Version
  • Hop Limit
  • Flow Label*
  • Traffic Class
Show (Hide) Explanation/Reference
Only three connection types are commonly known and used in Internet Protocol version four (IPv4) networks: unicast, multicast and broadcast. A fourth connection type, Anycast, was unknown until IPv6 made it a standard connection type. Anycast is not standardized in IPv4 but can be emulated. IPv4 Anycast addressing is a good solution to provide localization for services and servers in order to obtain robustness, redundancy and resiliency.

The basic idea of Anycast is very simple: multiple servers, which share the same IP address, host the same service. The routing infrastructure sends IP packets to the nearest server (according to the metric of the routing protocol used). The major benefits of employing Anycast in IPv4 are improved latency times, server load balancing, and improved security.

Reference: http://citeseerx.ist.psu.edu/viewdoc/download?doi=

371. Which value is used to determine the active router in an HSRP default configuration?

  • Router loopback address
  • Router IP address*
  • Router priority
  • Router tracking number

372. Which three are valid modes for a switch port used as a VLAN trunk? (choose three)

  • Desirable*
  • Auto*
  • On*
  • Blocking
  • Transparent
  • Forwarding

373. Which value must you configure on a device before EIGRP for IPv6 can start running?

  • public IP address
  • loopback interface
  • router ID*
  • process ID

374. Which type of attack can be mitigated by configuring the default native VLAN to be unused?

  • CAM table overflow
  • switch spoofing
  • VLAN hopping*
  • MAC spoofing

375. Which option describes a difference between EIGRP for IPv4 and IPv6?

  • Only EIGRP for IPv6 advertises all connected networks.
  • Only EIGRP for IPv6 requires a router ID to be configured under the routing process*
  • As numbers are configure in EIGRP but not in EIGRPv3.
  • Only EIGRP for IPv6 is enabled in the global configuration mode.
Show (Hide) Explanation/Reference
To configure EIGRP for IPv6 we must explicitly specify a router ID before it can start running. For example:

ipv6 router eigrp 1 
eigrp router-id 
no shutdown

EIGRPv3 also uses the AS number (for example: ipv6 eigrp 1 under interface mode).Notice that EIGRP for IPv6 router-id must be an IPv4 address. EIGRP for IPv4 can automatically pick-up an IPv4 to use as its EIGRP router-id with this rule:

+ The highest IP address assigned to a loopback interface is selected as the router ID.

+ If there are not any loopback addresses configured, the highest IP address assigned to any other active interface is chosen as the router ID

376. Which option describes the purpose of traffic policing?

  • It prioritizes routing protocol traffic.
  • It remarks traffic that is below the CIR
  • It drops traffic that exceeds the CIR.*
  • It queues and then transmits traffic that exceeds the CIR.
Show (Hide) Explanation/Reference
The following diagram illustrates the key difference between traffic policing and traffic shaping. Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

Note: Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the routing device.

377. Which process is associated with spanning-tree convergence?

  • determining the path cost
  • electing designated ports*
  • learning the sender bridge ID
  • assigning the port ID
Show (Hide) Explanation/Reference
SPT must performs three steps to provide a loop-free network topology:

1. Elects one root bridge
2. Select one root port per nonroot bridge
3. Select one designated port on each network segment -> Answer B is correct.

378. what is a difference between TACACS+ and RADIUS in AAA?

  • Only TACACS+ allows for separate authentication.*
  • Only RADIUS encrypts the entire access-request packet.
  • Only RADIUS uses TCP
  • Only TACACS+ couples authentication and authorization.
Show (Hide) Explanation/Reference
TACACS+ is an AAA protocol developed by Cisco. TACACS+ separates the authentication, authorization, and accounting steps. This architecture allows for separate authentication solutions while still using TACACS+ for authorization and accounting. For example, it is possible to use the Kerberos Protocol for authentication and TACACS+ for authorization and accounting. After an AAA client passes authentication through a Kerberos server, the AAA client requests authorization information from a TACACS+ server without the necessity to re-authenticate the AAA client by using the TACACS+ authentication mechanism.

Authentication and authorization are not separated in a RADIUS transaction. When the authentication request is sent to a AAA server, the AAA client expects to have the authorization result sent back in reply.

Reference: http://www.cisco.com/c/dam/en/us/products/collateral/security/secure-access-control-server-windows/prod_white_paper0900aecd80737943.pdf

379. Which option is a benefit of switch stacking?

  • It provides redundancy with no impact on resource usage
  • It simplifies adding and removing hosts.
  • It supports better performance of high-needs applications.
  • It provides higher port density with better resource usage.*
Show (Hide) Explanation/Reference
Switch stacking technology allows the network engineer to make that stack of physical switches act like one switch. The stacking cables together make a ring between the switches. That is, the switches connect in series, with the last switch connecting again to the first.

Answer B is not correct as switch stacking is about connecting switches together so that they act as one switch, not about adding and removing hosts.

Answer C is not correct because switch stacking has nothing to do with performance of high-needs applications.

Surely switch stacking provides redundancy as stacking creates a ring of connection with two opposite paths. Whenever a frame is ready for transmission onto the path, a calculation is made to see which path has the most available bandwidth. The entire frame is then copied onto this half of the path.

With switch stacking, STP, CDP and VTP would run on one switch, not multiple switches. Also there would be one MAC address table, and it would reference all ports on all physical switches so we may say switch stacking has better resource usage. Also if we consider all stacking switches as one logical switch then surely the port density is increase very much. Therefore answer D is the most suitable one.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

380. Which port state is introduced by Rapid-PVST?

  • learning
  • listening
  • discarding*
  • forwarding
Show (Hide) Explanation/Reference
PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states (discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning, forwarding and disabled). So discarding is a new port state in PVST+.

381. What are the possible trunking modes for a switch port? (Choose three.)

  • transparent
  • auto*
  • on*
  • desirable*
  • client
  • forwarding

382. Refer to the exhibit. When running OSPF, What would cause router A not to form an adjacency with router B?

  • The loopback addresses are on different subnets.
  • The value of the dead timers on the router are different.*
  • Route summarization is enabled on both routers.
  • The process indentifier on router A is different than the process identifier on router B.
Show (Hide) Explanation/Reference
To form an adjacency (become neighbor), router A & B must have the same Hello interval, Dead interval and AREA number.

383. What command instructs the device to timestamp Syslog debug messages in milliseconds?

  • service timestamps log datetime localtime
  • service timestamps debug datetime msec*
  • service timestamps debug datetime localtime
  • service timestamps log datetime msec
Show (Hide) Explanation/Reference
The “service timestamps debug” command configures the system to apply a time stamp to debugging messages. The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second. With the additional keyword msec, the system includes milliseconds in the time stamp, in the format HH:DD:MM:SS.mmm, where .mmm is milliseconds

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fundamentals/command/reference/cf_book/cf_r1.html#wp1030116)

384. Refer to the exhibit. What set of commands was configured on interface Fa0/3 to produce the given the output?

  • A. interface FastEthernet 0/3
    Channel-group 1 mode desirable
    Switchport trunk encapsulation dot1q
    Switchport mode trunk
  • interface FastEthernet 0/3
    Channel-group 2 mode passive
    Switchport trunk encapsulation dot1q
    Switchport mode trunk*
  • interface FastEthernet 0/3
    Channel-group 2 mode on
    Switchport trunk encapsulation dot1q
    Switchport mode trunk
  • interface FastEthernet 0/3
    Channel-group 2 mode active
    Switchport trunk encapsulation dot1q
    Switchport mode trunk

385. While troubleshooting a connection problem on a computer,you determined that the computer can ping a specific web server but it cannot connect to TCP port 80 on that server.Which reason for the problem is most likely ture?

  • A VLAN number is incorrect
  • An ARP table entry is missing
  • A route is missing
  • An ACL is blocking the TCP port*

386. When troubleshooting Ethernet connectivity issues,how can you verify that an IP address is known to a router?

  • Check whether the IP address is in the routing table
  • Check whether an ACL is blocking the IP address
  • Check whether the IP address is in the CAM table
  • Check whether the IP address is in the ARP table*
Show (Hide) Explanation/Reference
If the IP address exists in the routing table then we can say the local router knew the way to reach that destination. But this question wants to ask if the destination has communicated to the local router or not (“an IP address is known to a router”). Maybe it is a tricky question.

387. Refer to the exhibit.After you apply the given configuration to R1, you determine that it is failing to advertise the network .Which action most likely to correct the problem.

  • Enable passive interface
  • Enable RIPv2*
  • Enable manual summarization
  • Enable autosummarization.
Show (Hide) Explanation/Reference
The difference between RIPv1 and RIPv2 is RIPv1 is a classful protocol (no support for VLSM or CIDR) while RIPv2 is a classless protocol (which supports VLSM and CIDR). Therefore in this question if we forget to enable RIPv2 then the router will use RIPv1 and it only advertise major network to other routers. By enabling RIPv2 (via the “version 2” command) the router will advertise two subnets &

388. Which two steps must you perform on each device that is configured for IPv4 routing before you implement OSPFv3?(Choose two)

  • configure an autonomous system number
  • configure a loopback interface
  • configure a router ID
  • Enable IPv6 on an interface*
  • Enable IPv6 unicast routing*
Show (Hide) Explanation/Reference
Before you enable OSPF for IPv6 on an interface, you must perform the following:

+ Complete the OSPF network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.
+ Enable IPv6 unicast routing.
+ Enable IPv6 on the interface.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/112100-ospfv3-config-guide.html

Note: If we have already had an active interface, we don’t need to configure the router ID for OSPFv3 anymore because the device will automatically choose that IPv4 address for its router ID).

389. Which option is the main function of congestion management?

  • discarding excess traffic
  • queuing traffic based on priority*
  • classifying traffic
  • providing long-term storage of buffered data

390. Which command must you enter to enable OSPFV2 in an IPV4 network?

  • ip ospf hello-interval seconds
  • router ospfv2 process-id
  • router ospf value
  • router ospf process-id*

391. Refer to the exhibit.If RTR01 is configured as shown,which three addresses will be received by other routers that are running EIGRP on the  network?(choose three)


392. Which type of secure MAC address must be configured manually?

  • dynamic
  • bia
  • static*
  • sticky

393. Which two options are fields in an Ethernet frame?(choose two)

  • frame check sequence*
  • header
  • source IP address
  • destination IP address
  • type*
Show (Hide) Explanation/Reference
At the end of each frame there is a Frame Check Sequence (FCS) field. FCS can be analyzed to determine if errors have occurred. FCS uses cyclic redundancy check (CRC) algorithm to detect errors in the transmitted frames. Before sending data, the sending host generates a CRC based on the header and data of that frame. When this frame arrives, the receiving host uses the same algorithm to generate its own CRC and compare them. If they do not match then a CRC error will occur.

The “Type/Length” field is used to indicate the “Type”of the payload (Layer 3 protocol) which is indicated as a Hexadecimal value.

Note: Ethernet II uses “Type” while the old Ethernet version use “Length”

394. Where does a switch maintain DHCP snooping information ?

  • in the MAC address table
  • in the CAM table
  • in the DHCP binding database*
  • in the VLAN database

395. To enable router on a router subinterface,which two steps must you perform?(choose two)

  • Configure full duplex and speed
  • configure the subinterface with an IP address*
  • Configure an IP route to the VLAN destination network
  • Configure a default to route traffic between subinterface
  • Configure encapsulation dot1q*

396. Which command can you enter on a switch to determine the current SNMP security model?

  • show snmp group*
  • show snmp pending
  • snmp-server contact
  • show snmp engineID
Show (Hide) Explanation/Reference
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level  determine the security mechanism applied when the SNMP message is processed.

The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each group. Below is an example of this command.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_9snmp.html

397. Which statement about spanning-tree root-bridge election is true?

  • It is always performed automatically
  • Each VLAN must have its own root bridge*
  • Each VLAN must use the same root bridge
  • Each root bridge must reside on the same root switch
Show (Hide) Explanation/Reference
Answer A is not correct as we can choose which switch to become root bridge by configuring bridge priority. The switch with lowest bridge priority (value) would become the root bridge.

For answer B, this paragraph from Cisco confirms it is the correct answer:

“When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.”

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html

The meaning of answer C is not clear but maybe it means “every VLAN must use the same root bridge” which is not correct as Sw1 can be the root bridge for VLANs 1, 3, 5 but Sw2 can be the root bridge for VLAN 2, 4, 6…

From the quote above we can say answer D is not correct.

398. Which two statements about IPv6 address 2002:ab10:beef::/48 are true?(choose two)

  • The embedded IPv4 address can be globally routed.*
  • It is used for an ISATAP tunnel
  • The embedded IPv4 address is an RFC 1918 address
  • The MAC address 20:02:b0:10:be:ef is embedded into the IPv6 address
  • It is used for a 6to4 tunnel*
Show (Hide) Explanation/Reference
Any IPv6 address that begins with the 2002::/16 prefix is known as a 6to4 address. A 6to4 gateway adds its IPv4 address to this 2002::/16, creating a unique /48 prefix (because an IPv4 consists of 32 bits).

For example: In the IPv6 address 2002:ab10:beef::/48, “ab10:beef” is equivalent to (convert “ab” in hexadecimal to “171” in decimal; “10” in hexadecimal to “16” in decimal…). Therefore the corresponding IPv4 address can be globally routed.

399. Which step in the router boot process searches for an IOS image to load into the router?

  • bootstrap*
  • POST
  • mini-IOS
  • ROMMON mode
Show (Hide) Explanation/Reference
The following details the router boot process:

1. The router is powered on.

2. The router first runs Power-On Self Test (POST)

3. The bootstrap checks the Configuration Register value to specify where to load the IOS. By default (the default value of Configuration Register is 2102, in hexadecimal), the router first looks for “boot system” commands in startup-config file. If it finds these commands, it will run boot system commands in order they appear in startup-config to locate the IOS. If not, the IOS image is loaded from Flash . If the IOS is not found in Flash, the bootstrap can try to load the IOS from TFTP server or from ROM (mini-IOS).

4. After the IOS is found, it is loaded into RAM.

5. The IOS attempts to load the configuration file (startup-config) from NVRAM to RAM. If the startup-config is not found in NVRAM, the IOS attempts to load a configuration file from TFTP. If no TFTP server responds, the router enters Setup Mode (Initial Configuration Mode).

For more information about booting process please read our Cisco Router Boot Sequence tutorial.

400. Which three of these statements regarding 802.1Q trunking are correct? (Choose three.)

  • 802.1Q native VLAN frames are untagged by default.*
  • 802.1Q trunking ports can also be secure ports.
  • 802.1Q trunks can use 10 Mb/s Ethernet interfaces.*
  • 802.1Q trunks require full-duplex, point-to-point connectivity.
  • 802.1Q trunks should have native VLANs that are the same at both ends.*

401. Which three statements about DWDM are true? (Choose three)

  • It allows a single strand of fiber to support bidirectional communications*
  • It is used for long-distance and submarine cable systems*
  • It can multiplex up to 256 channels on a single fiber
  • It supports both the SDH and SONET standards*
  • Each channel can carry up to a 1-Gbps signal
  • It supports simplex communications over multiple strands of fiber
Show (Hide) Explanation/Reference
A newer fiber-optic media development for long-range communications is called dense wavelength-division multiplexing (DWDM). DWDM multiplies the amount of bandwidth that a single strand of fiber can support.

DWDM circuits are used in all modern submarine communications cable systems and other long-haul circuits.

Specifically, DWDM:

Enables bidirectional communications over one strand of fiber -> Answer A is correct
+ Assigns incoming optical signals to specific wavelengths of light (i.e., frequencies)
+ Each channel is capable of carrying a 10-Gbps multiplexed signal -> Answer E is not correct
+ Can multiplex more than 80 different channels of data (i.e., wavelengths) onto a single fiber -> Answer C is not correct
+ Can amplify these wavelengths to boost the signal strength
Supports SONET and SDH standards

Reference: http://www.ciscopress.com/articles/article.asp?p=2202411&seqNum=6

402. If two OSPF neighbors have formed complete adjacency and are exchanging link-state advertisements, which state have they reached?

  • Exstart
  • 2-Way
  • FULL*
  • Exchange

403. Which tunneling mechanism embeds an IPv4 address within an IPv6 address?

  • Teredo
  • 6to4*
  • 4to6
  • GRE

404. Which of the following statements describe the network shown in the graphic? (Choose two.)

  • There are two broadcast domains in the network.*
  • There are four broadcast domains in the network.
  • There are six broadcast domains in the network.
  • There are four collision domains in the network.
  • There are five collision domains in the network.
  • There are seven collision domains in the network.*
Show (Hide) Explanation/Reference
Only router can break up broadcast domains so in the exhibit there are 2 broadcast domains: from e0 interface to the left is a broadcast domain and from e1 interface to the right is another broadcast domain -> A is correct.

Both router and switch can break up collision domains so there is only 1 collision domain on the left of the router (because hub doesn’t break up collision domain) and there are 6 collision domains on the right of the router (1 collision domain from e1 interface to the switch + 5 collision domains for 5 PCs in Production) -> F is correct.

405. Which one of these is a valid HSRP Virtual Mac Address?

  • 0000.0C07.AC15*
  • 0000.5E00.01A3
  • 0007.B400.AE01
  • 0007.5E00.B301
Show (Hide) Explanation/Reference
With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP.

+ With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group. Therefore C is correct.
+ With HSRP version 2, the virtual MAC address is 0000.0C9F.Fxxx, in which xxx is the HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.

(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

406. assuming the default switch configuration which vlan range can be added modified and removed on a cisco switch?

  • 2 through 1001*
  • 1 through 1001
  • 1 through 1002
  • 2 through 1005

407. Refer to the exhibit.Which two statements are true of the interfaces on switch1?(choose two)

  • A hub is connected directly to FastEthernet0/5*
  • FastEthernet0/1 is configured as a trunk link.*
  • FastEthernet0/5 has statically assigned mac address
  • Interface FastEthernet0/2 has been disable.
  • Multiple devices are connected directly to FastEthernet0/1.
  • FastEthernet0/1 is connected to a host with multiple network interface cards.
Show (Hide) Explanation/Reference
From the “show mac address-table” output, we see FastEthernet0/1 can receive traffic from multiple VLANs -> it is configured as a trunk. Also from the “show cdp neighbors” output, we see Fa0/1 of this switch is connecting to Switch2 so it is configured as a trunk.

There are two MAC addresses learned from FastEthernet0/5 while FastEthernet0/5 is not configured as trunk (only Fa0/2 & Fa0/3 are configured as trunk links) -> a hub is used on this port.

408. Refer to the exhibit. How should the FastEthernet0/1 port on the 2950 model switches that are shown in the exhibit be configured to allow connectivity between all devices?

  • The ports only need to be connected by a crossover cable.
  • SwitchX(config)# interface FastEthernet 0/1
    SwitchX(config-if)# switchport mode trunk
  • SwitchX(config)# interface FastEthernet 0/1
    SwitchX(config-if)# switchport mode access
    SwitchX(config-if)# switchport access vlan 1
  • SwitchX(config)# interface FastEthernet 0/1
    SwitchX(config-if)# switchport mode trunk
    SwitchX(config-if)# switchport trunk vlan 1
    SwitchX(config-if)# switchport trunk vlan 10
    SwitchX(config-if)# switchport trunk vlan 20

409. Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)

  • SNMPv3 enhanced SNMPv2 security features*
  • SNMPv3 added the Inform protocol message to SNMP.
  • SNMPv2 added the Inform protocol message to SNMP*
  • SNMPv3 added the GetBulk protocol messages to SNMP
  • SNMPv2 added the GetBulk protocol message to SNMP.*
  • SNMPv2 added the GetNext protocol message to SNMP.
Show (Hide) Explanation/Reference
SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is also possible for nonauthorized users to eavesdrop on management information as it passes from managed systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Proposed Standards in January 1998. -> A is correct.

(Reference: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-3/snmpv3.html)

The two additional messages are added in SNMP2 (compared to SNMPv1)

GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.

InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.

Note: These two messages are carried over SNMPv3.

410. which command do use we to see SNMP version

  • show snmp pending*
  • show snmp engineID
  • snmp-server something
  • http://bbs.hh010.com
Show (Hide) Explanation/Reference
The “show snmp pending” command displays the current set of pending SNMP requests. It also displays the SNMP version used.

Router# show snmp pending
req id: 47, dest:, V2C community: public, Expires in 5 secs
req id: 49, dest:, V2C community: public, Expires in 6 secs
req id: 51, dest:, V2C community: public, Expires in 6 secs
req id: 53, dest:, V2C community: public, Expires in 8 secs


The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, as the IP address of the remote engine (copy of SNMP) and 162 as the port from which the remote device is connected to the local device:

Router# show snmp engineID
Local SNMP engineID: 00000009020000000C025808
Remote Engine ID           IP-addr          Port
123456789ABCDEF000000000     162

411. Which protocol does ipv6 use to discover other ipv6 nodes on the same segment?

  • CLNS
  • TCPv6
  • NHRP
  • NDP
  • ARP*

412. What is the most efficient subnet mask for a point to point ipv6 connection?

  • /127*
  • /128
  • /64
  • /48
  • /32
Show (Hide) Explanation/Reference
On inter-router point-to-point links, it is useful, for security and other reasons, to use 127-bit IPv6 prefixes. Such a practice parallels the use of 31-bit prefixes in IPv4.

Reference: https://tools.ietf.org/html/rfc6164

413. What are three features of the IPV6 protocol?(choose three)

  • complicated header
  • plug-and-play*
  • no broadcasts*
  • checksums
  • optional IPsec
  • autoconfiguration*

414. Why do large OSPF networks use a hierarchical design?(choose three)

  • to confine network instability to single areas of the network.*
  • to reduce the complexity of router configuration
  • to speed up convergence*
  • to lower costs by replacing routers with distribution layer switches
  • to decrease latency by increasing bandwidth
  • to reduce routing overhead*
Show (Hide) Explanation/Reference
Hierarchical design of OSPF (basically means that you can separate the larger internetwork into smaller internetworks called areas) helps us create a network with all features listed above (decrease routing overhead, speed up convergence, confine network instability to single areas of the network).

415. Where does routing occur within the DoD TCP/IP reference model?

  • A. application
  • B. internet*
  • C. network
  • D. transport
Show (Hide) Explanation/Reference
The picture below shows the comparison between TCP/IP model & OSI model. Notice that the Internet Layer of TCP/IP is equivalent to the Network Layer which is responsible for routing decision.

416. If Computer A is sending traffic to computer B, which option is the source ip address when a packet leaves R1 on interface F0/1?

  • IP address of the R2 interface F0/1
  • Ip address of computer B
  • Ip address of R1 interface F0/1
  • Ip address of Computer A*
Show (Hide) Explanation/Reference
In all the way on the path, the source and destination IP addresses never change, only the source and destination MAC address are changed on each segment.

417. Which feature can you use to restrict SNMP queries to a specific OID tree?

  • server group
  • a community
  • a view record*
  • an access group
Show (Hide) Explanation/Reference
You can assign views to community strings to limit which MIB objects an SNMP manager can access. The syntax to create a view record is shown below:

Router(config)# snmp-server view view-name oid-tree {included | excluded}

Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.html

418. Refer to the exhibit:

after you apply the give configurations to R1 and R2 you notice that OSPFv3 fails to start Which reason for the problem is most likely true ?

  • The area numbers on R1 and R2 are mismatched*
  • The IPv6 network addresses on R1 and R2 are mismatched
  • The autonomous system numbers on R1 and R2 are mismatched
  • The router ids on R1 and R2 are mismatched

419. Afer you apply the given configuration to a router, the DHCP clients behind the device cannot
communicate with hosts outside of their subnet.
Which action is most likely to correct the problem?

ip dhcp pool test 
 domain name cisco.com
  • Configure the dns server on the same subnet as the clients
  • Activate the dhcp pool
  • Correct the subnet mask
  • configure the default gateway*
Show (Hide) Explanation/Reference
In the DHCP pool we need to configure a default gateway (via the “default-route …” command) for the DHCP clients to communicate with outside subnets.

420. which command can you enter in a network switch configuration so that learned mac addresses are saved in configuration as they connect?

  • Switch(config-if)#Switch port-security
  • Switch(config-if)#Switch port-security Mac-address stcky*
  • Switch(config-if)#Switch port-security maximum 10
  • Switch(config-if)#Switch mode access
Show (Hide) Explanation/Reference
The full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.

Download PDF File below:

Related Articles

Leave a Reply

Photo and Image Files
Audio and Video Files
Other File Types

Send this to a friend