CCNAv7 Flashcards
(161 cards)
1
Q
Which design feature will limit the size of a failure domain in an enterprise network?
the purchase of enterprise equipment that is designed for large traffic volume
the installation of redundant power supplies
the use of a collapsed core design
the use of the building switch block approach
A
the use of the building switch block approach
2
Q
Which two things should a network administrator modify on a router to perform password recovery? (Choose two.)
the system image file the NVRAM file system the configuration register value the startup configuration file system ROM
A
the configuration register value
the startup configuration file
3
Q
What type of network uses one common infrastructure to carry voice, data, and video signals?
borderless
converged
managed
switched
A
converged
4
Q
What are three advantages of using private IP addresses and NAT? (Choose three.)
hides private LAN addressing from outside devices that are connected to the Internet
permits LAN expansion without additional public IP addresses
reduces CPU usage on customer routers
creates multiple public IP addresses
improves the performance of the router that is connected to the Internet
conserves registered public IP addresses
A
hides private LAN addressing from outside devices that are connected to the Internet
permits LAN expansion without additional public IP addresses
conserves registered public IP addresses
5
Q
Which two scenarios are examples of remote access VPNs? (Choose two.)
All users at a large branch office can access company resources through a single VPN connection.
A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
A
A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
6
Q
What are three benefits of cloud computing? (Choose three.)
It utilizes end-user clients to do a substantial amount of data preprocessing and storage.
It uses open-source software for distributed processing of large datasets.
It streamlines the IT operations of an organization by subscribing only to needed services.
It enables access to organizational data anywhere and at any time.
It turns raw data into meaningful information by discovering patterns and relationships.
It eliminates or reduces the need for onsite IT equipment, maintenance, and management.
A
It streamlines the IT operations of an organization by subscribing only to needed services.
It enables access to organizational data anywhere and at any time.
It eliminates or reduces the need for onsite IT equipment, maintenance, and management.
7
Q
What is a characteristic of a single-area OSPF network?
All routers share a common forwarding database.
All routers have the same neighbor table.
All routers are in the backbone area.
All routers have the same routing table.
A
All routers are in the backbone area.
8
Q
What is a WAN?
a network infrastructure that spans a limited physical area such as a city
a network infrastructure that provides access to other networks over a large geographic area
a network infrastructure that provides access in a small geographic area
a network infrastructure designed to provide data storage, retrieval, and replication
A
a network infrastructure that provides access to other networks over a large geographic area
9
Q
A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?
data center
virtualization
dedicated servers
software defined networking
A
data center
10
Q
Which type of OSPF packet is used by a router to discover neighbor routers and establish neighbor adjacency?
link-state update
hello
database description
link-state request
A
hello
11
Q
Which two statements are characteristics of a virus? (Choose two.)
A virus has an enabling vulnerability, a propagation mechanism, and a payload.
A virus can be dormant and then activate at a specific time or date.
A virus provides the attacker with sensitive data, such as passwords.
A virus replicates itself by independently exploiting vulnerabilities in networks.
A virus typically requires end-user activation.
A
A virus typically requires end-user activation.
A virus can be dormant and then activate at a specific time or date.
12
Q
Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?
ISDN
DSL
cable
dialup
A
DSL
13
Q
A customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?
packet-switched network
Ethernet WAN
circuit-switched network
MPLS
A
Ethernet WAN
14
Q
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use debuggers?
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
to obtain specially designed operating systems preloaded with tools optimized for hacking
to detect any evidence of a hack or malware in a computer or network
A
to reverse engineer binary files when writing exploits and when analyzing malware
15
Q
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?
R1#
Standard IP access list 2
10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (1 match)
Two devices connected to the router have IP addresses of 192.168.10. x .
Two devices were able to use SSH or Telnet to gain access to the router.
Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
A
Two devices were able to use SSH or Telnet to gain access to the router.
16
Q
What command would be used as part of configuring NAT or PAT to clear dynamic entries before the timeout has expired?
clear ip dhcp
clear ip nat translation
clear access-list counters
clear ip pat statistics
A
clear ip nat translation
17
Q
What are two characteristics of video traffic? (Choose two.)
Video traffic consumes less network resources than voice traffic consumes.
Video traffic latency should not exceed 400 ms.
Video traffic is more resilient to loss than voice traffic is.
Video traffic requires a minimum of 30 kbs of bandwidth.
Video traffic is unpredictable and inconsistent.
A
Video traffic latency should not exceed 400 ms.
Video traffic is unpredictable and inconsistent
18
Q
In setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?
UPnP
MAC filtering
NAT
QoS
A
NAT
19
Q
A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?
online collaboration
BYOD
virtualization
maintaining communication integrity
A
virtualization
20
Q
Which two IPsec protocols are used to provide data integrity?
MD5 DH AES SHA RSA
A
MD5
SHA
21
Q
If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?
The Cisco AnyConnect client is installed by default on most major operating systems.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
The host initiates a clientless connection to a TFTP server to download the client.
The host initiates a clientless connection to an FTP server to download the client.
A
The host initiates a clientless VPN connection using a compliant web browser to download the client.
22
Q
A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)
leased line cable digital subscriber line Ethernet WAN municipal Wi-Fi
A
leased line
Ethernet WAN
23
Q
Which type of QoS marking is applied to Ethernet frames? IP precedence DSCP ToS CoS
A
CoS
24
Q
Which is a characteristic of a Type 2 hypervisor?
does not require management console software
has direct access to server hardware resources
best suited for enterprise environments
installs directly on hardware
A
does not require management console software
25
What are the two types of VPN connections? (Choose two.)
```
PPPoE
Frame Relay
site-to-site
remote access
leased line
```
site-to-site
| remote access
26
. What functionality does mGRE provide to the DMVPN technology?
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
It provides secure transport of private information over public networks, such as the Internet.
It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
27
What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?
the FIB
the routing table
the ARP table
the DSP
the ARP table
28
. What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?
show running-config
show ip nat statistics
show ip cache
show version
show ip nat statistics
29
What is a purpose of establishing a network baseline?
It provides a statistical average for network performance.
It creates a point of reference for future network evaluations.
It manages the performance of network devices.
It checks the security configuration of network devices
It creates a point of reference for future network evaluations.
30
Which statement describes a characteristic of standard IPv4 ACLs?
They filter traffic based on source IP addresses only.
They can be created with a number but not with a name.
They are configured in the interface configuration mode.
They can be configured to filter traffic based on both source IP addresses and source ports.
They filter traffic based on source IP addresses only.
31
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?
to capture and analyze packets within traditional Ethernet LANs or WLANs
to probe and test the robustness of a firewall by using specially created forged packets
to make repeated guesses in order to crack a password
to make repeated guesses in order to crack a password
32
What are two syntax rules for writing a JSON array? (Choose two.)
Each value in the array is separated by a comma.
The array can include only one value type.
A space must separate each value in the array.
A semicolon separates the key and list of values.
Values are enclosed in square brackets.
Each value in the array is separated by a comma.
| Each value in the array is separated by a comma.
33
What is a characteristic of a Trojan horse as it relates to network security?
An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
Malware is contained in a seemingly legitimate executable program.
Extreme quantities of data are sent to a particular network device interface.
Too much information is destined for a particular memory block, causing additional memory areas to be affected
Malware is contained in a seemingly legitimate executable program.
34
An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?
TCP SYN flood
DNS tunneling
DHCP spoofing
ARP cache poisoning
DHCP spoofing
35
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
data integrity
non-repudiation
origin authentication
data confidentiality
origin authentication
36
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to detect any evidence of a hack or malware in a computer or network
to probe and test the robustness of a firewall by using specially created forged packets
to capture and analyze packets within traditional Ethernet LANs or WLANs
to capture and analyze packets within traditional Ethernet LANs or WLANs
37
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?
0. 0.15.255
0. 0.3.255
0. 0.7.255
0. 0.1.255
0.0.3.255
38
Match the HTTP method with the RESTful operation.
POST –>> Create
GET –>> Read
PUT/PATCH –>> Update/Replace?Modify
Delete –>> Delete
39
What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?
to activate the OSPF neighboring process
to influence the DR/BDR election process
to provide a backdoor for connectivity during the convergence process
to streamline and speed up the convergence process
to influence the DR/BDR election process
40
1. An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .
If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied?
permitted
41
What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?
The spine and leaf switches are always linked through core switches.
The spine switches attach to the leaf switches and attach to each other for redundancy.
The leaf switches always attach to the spines and they are interlinked through a trunk line.
The leaf switches always attach to the spines, but they never attach to each other.
The leaf switches always attach to the spines, but they never attach to each other.
42
Which two scenarios would result in a duplex mismatch? (Choose two.)
connecting a device with autonegotiation to another that is manually set to full-duplex
starting and stopping a router interface during a normal operation
connecting a device with an interface running at 100 Mbps to another with an interface running at 1000 Mbps
configuring dynamic routing incorrectly
manually setting the two connected devices to different duplex modes
connecting a device with autonegotiation to another that is manually set to full-duplex
manually setting the two connected devices to different duplex modes
43
A network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting?
authenticates a packet by a string match of the username or community string
authenticates a packet by using either the HMAC with MD5 method or the SHA method
authenticates a packet by using either the HMAC MD5 or 3.HMAC SHA algorithms and encrypts the packet with either the DES, 3DES or AES algorithms
authenticates a packet by using the SHA algorithm only
authenticates a packet by using either the HMAC with MD5 method or the SHA method
44
What are two types of attacks used on DNS open resolvers? (Choose two.)
```
amplification and reflection
resource utilization
fast flux
ARP poisoning
cushioning
```
amplification and reflection
| resource utilization
45
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .
If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?
denied
46
Which type of resources are required for a Type 1 hypervisor?
a dedicated VLAN
a management console
a host operating system
a management console
47
In JSON, what is held within square brackets [ ]?
nested values
key/value pairs
an object
an array
an array
48
What are three components used in the query portion of a typical RESTful API request? (Choose three.)
```
resources
protocol
API server
format
key
parameters
```
format
key
parameters
49
A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?
top-down
bottom-up
divide-and-conquer
substitution
divide-and-conquer
50
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
MD5
AES
IPsec
ESP
IPsec
51
Which statement describes a characteristic of Cisco Catalyst 2960 switches?
They are best used as distribution layer switches.
New Cisco Catalyst 2960-C switches support PoE pass-through.
They are modular switches.
They do not support an active switched virtual interface (SVI) with IOS versions prior to 15.x.
New Cisco Catalyst 2960-C switches support PoE pass-through.
52
. Which component of the ACI architecture translates application policies into network programming?
the hypervisor
the Application Policy Infrastructure Controller
the Nexus 9000 switch
the Application Network Profile endpoints
the Application Policy Infrastructure Controller
53
Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)
```
device type
cable specification
interface identifier
OS/IOS version
connection type
cable type and identifier
```
interface identifier
| connection type
54
What are two benefits of using SNMP traps? (Choose two.)
They eliminate the need for some periodic polling requests.
They reduce the load on network and agent resources.
They limit access for management systems only.
They can provide statistics on TCP/IP packets that flow through Cisco devices.
They can passively listen for exported NetFlow datagrams.
They eliminate the need for some periodic polling requests.
| They reduce the load on network and agent resources.
55
Which statement accurately describes a characteristic of IPsec?
IPsec works at the application layer and protects all application data.
IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
IPsec works at the transport layer and protects data at the network layer.
IPsec is a framework of open standards that relies on existing algorithms.
IPsec is a framework of open standards that relies on existing algorithms.
56
In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)
```
connect users to the network
provide a high-speed network backbone
connect remote networks
provide Power over Ethernet to devices
provide data traffic security
```
connect remote networks
| provide data traffic security
57
Which two statements describe the use of asymmetric algorithms? (Choose two.)
Public and private keys may be used interchangeably.
If a public key is used to encrypt the data, a public key must be used to decrypt the data.
If a private key is used to encrypt the data, a public key must be used to decrypt the data.
If a public key is used to encrypt the data, a private key must be used to decrypt the data.
If a private key is used to encrypt the data, a private key must be used to decrypt the data.
If a private key is used to encrypt the data, a public key must be used to decrypt the data.
If a public key is used to encrypt the data, a private key must be used to decrypt the data.
58
What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)
```
reduced costs
decreased number of critical points of failure
increased flexibility
increased bandwidth availability
increased network management options
```
reduced costs
| increased flexibility
59
What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
to scan for accessibility
to retrieve and modify data
to gather information about the network and devices
to prevent other users from accessing the system
to escalate access privileges
to scan for accessibility
| to gather information about the network and devices
60
A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?
botnet
spyware
virus
rootkit
botnet
61
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .
If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?
denied
62
What QoS step must occur before packets can be marked?
classifying
shaping
queuing
policing
classifying
63
What is the main function of a hypervisor?
It is used to create and manage multiple VM instances on a host machine.
It is a device that filters and checks security credentials.
It is a device that synchronizes a group of sensors.
It is software used to coordinate and prepare data for analysis.
It is used by ISPs to monitor cloud computing resources.
It is used to create and manage multiple VM instances on a host machine.
64
A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?
Frame Relay
Ethernet WAN
VSAT
ISDN
Ethernet WAN
65
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .
If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied?
denied
66
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
```
12
4
8
16
6
```
8
67
. Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
a less-structured approach based on an educated guess
an approach comparing working and nonworking components to spot significant differences
a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
a less-structured approach based on an educated guess
68
Why is QoS an important issue in a converged network that combines voice, video, and data communications?
Data communications must be given the first priority.
Voice and video communications are more sensitive to latency.
Legacy equipment is unable to transmit voice and video without QoS.
Data communications are sensitive to jitter
Voice and video communications are more sensitive to latency
69
Which statement describes a VPN?
VPNs use logical connections to create public networks through the Internet.
VPNs use open source virtualization software to create the tunnel through the Internet.
VPNs use dedicated physical connections to transfer data between remote users.
VPNs use virtual connections to create a private network through a public network.
VPNs use virtual connections to create a private network through a public network
70
In which OSPF state is the DR/BDR election conducted?
ExStart
Init
Two-Way
Exchange
Two-Way
71
Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
```
Cisco Secure Mobility Clientless SSL VPN
Frame Relay
remote access VPN using IPsec
Cisco AnyConnect Secure Mobility Client with SSL
site-to-site VPN
```
site-to-site VPN
72
What is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?
loading
established
full
two-way
full
73
Which type of server would be used to keep a historical record of messages from monitored network devices?
```
DNS
print
DHCP
syslog
authentication
```
syslog
74
. When QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)
```
packet addressing
delay
jitter
packet routing
link speed
```
delay
| jitter
75
In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?
```
Determine ownership.
Determine the symptoms.
Narrow the scope.
Document the symptoms.
Gather information.
```
Narrow the scope.
76
What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?
CDP
SNMP
NTP
LLDP
CDP
77
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?
0. 0.0.127
0. 0.0.31
0. 0.3.255
0. 0.0.63
0.0.3.255
78
Which type of OSPFv2 packet is used to forward OSPF link change information?
link-state acknowledgment
link-state update
hello
database description
link-state update
79
What protocol synchronizes with a private master clock or with a publicly available server on the internet?
MPLS
CBWFQ
TFTP
NTP
NTP
80
Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?
dynamic multipoint VPN
SSL VPN
IPsec virtual tunnel interface
GRE over IPsec
GRE over IPsec
81
An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16, and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0 network to neighbors?
router(config-router)# network 10.1.0.0 0.0.255.255 area 0
router(config-router)# network 10.1.0.0 0.0.15.255 area 0
router(config-router)# network 10.1.0.0 255.255.255.0 area 0
router(config-router)# network 10.1.0.0 0.0.0.0 area 0
router(config-router)# network 10.1.0.0 0.0.255.255 area 0
82
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?
0. 0.7.255
0. 0.1.255
0. 0.3.255
0. 0.15.255
0.0.1.255
83
How does virtualization help with disaster recovery within a data center?
improvement of business practices
supply of consistent air flow
support of live migration
guarantee of power
support of live migration
84
How does virtualization help with disaster recovery within a data center?
```
Hardware does not have to be identical.
Hardware at the recovery site does not have to be identical to production equipment.
Power is always provided.
Less energy is consumed.
Server provisioning is faster.
```
Hardware does not have to be identical.
| (Other case) Hardware at the recovery site does not have to be identical to production equipment.
85
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
86
Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?
executing the SPF algorithm
building the topology table
selecting the router ID
declaring a neighbor to be inaccessible
building the topology table
87
What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?
SYSLOG
TFTP
CBWFQ
SNMP
SNMP
88
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?
0. 0.0.63
0. 0.0.255
0. 0.0.31
0. 0.0.15
0.0.0.255
89
When will an OSPF-enabled router transition from the Down state to the Init state?
when an OSPF-enabled interface becomes active
as soon as the router starts
when the router receives a hello packet from a neighbor router
as soon as the DR/BDR election process is complete
when the router receives a hello packet from a neighbor router
90
What type of traffic is described as having a high volume of data per packet?
data
video
voice
video
91
What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?
LLDP
NTP
TFTP
SNMP
LLDP
92
Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?
building the topology table
selecting the router ID
declaring a neighbor to be inaccessible
executing the SPF algorithm
executing the SPF algorithm
93
Which type of VPN connects using the Transport Layer Security (TLS) feature?
SSL VPN
IPsec virtual tunnel interface
GRE over IPsec
dynamic multipoint VPN
SSL VPN
94
Which group of APIs are used by an SDN controller to communicate with various applications?
eastbound APIs
westbound APIs
northbound APIs
southbound APIs
northbound APIs
95
A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?
Cisco ACI
software defined networking
Type-1 hypervisor
APIC-EM
Type-1 hypervisor
96
What command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated?
ip nat inside source list 24 interface serial 0/1/0 overload
ip nat inside source list 14 pool POOL-STAT overload
access-list 10 permit 172.19.89.0 0.0.0.255
ip nat inside source list ACCTNG pool POOL-STAT
access-list 10 permit 172.19.89.0 0.0.0.255
97
Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting, what service or technology would support requirement?
-Cloud services
Data center
APIC-EM
Cisco ACI
Cloud services
98
Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)
```
Layer 3 MPLS VPN
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
clientless SSL VPN
client-based IPsec VPN
```
IPsec VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
99
In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)
It can be viewed by using the show ip ospf database command.
A neighbor table is created based on the LSDB.
It contains a list of only the best routes to a particular network.
It contains a list of all neighbor routers to which a router has established bidirectional communication.
All routers within an area have an identical link-state database.
It can be viewed by using the show ip ospf database command.
| All routers within an area have an identical link-state database.
100
In an OSPF network which OSPF structure is used to create the neighbor table on a router?
adjacency database
link-state database
routing table
forwarding database
adjacency database
101
What protocol is used in a system that consists of three elements--a manager, agents, and an information database?
MPLS
SYSLOG
SNMP
TFTP
SNMP
102
What type of traffic is described as not resilient to loss?
data
video
voice
video
103
Which type of API would be used to allow authorized salespeople of an organization access to internal sales data from their mobile devices?
open
partner
public
private
private
104
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet .
If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170, and a protocol of 23 is received on the interface, is the packet permitted or denied?
denied
105
What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?
NTP
LLDP
SNMP
MPLS
LLDP
106
Which type of VPN uses a hub-and-spoke configuration to establish a full mesh topology?
MPLS VPN
GRE over IPsec
IPsec virtual tunnel interface
dynamic multipoint VPN
dynamic multipoint VPN
107
What is a characteristic of the REST API?
evolved into what became SOAP
used for exchanging XML structured information over HTTP or SMTP
considered slow, complex, and rigid
most widely used API for web services
most widely used API for web services
108
. A student, doing a summer semester of study overseas, has taken hundreds of pictures on a smartphone and wants to back them up in case of loss. What service or technology would support this requirement?
Cisco ACI
cloud services
software defined networking
dedicated servers
cloud services
109
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
Filter unwanted traffic before it travels onto a low-bandwidth link.
Place standard ACLs close to the destination IP address of the traffic.
Place standard ACLs close to the source IP address of the traffic.
Place extended ACLs close to the destination IP address of the traffic.
Place extended ACLs close to the source IP address of the traffic.
For every inbound ACL placed on an interface, there should be a matching outbound ACL.
Filter unwanted traffic before it travels onto a low-bandwidth link.
Place standard ACLs close to the destination IP address of the traffic.
Place extended ACLs close to the source IP address of the traffic.
110
What command would be used as part of configuring NAT or PAT to display all static translations that have been configured?
show ip nat translations
show ip pat translations
show ip cache
show running-config
show ip nat translations
111
A network administrator modified an OSPF-enabled router to have a hello timer setting of 20 seconds. What is the new dead interval time setting by default?
40 seconds
60 seconds
80 seconds
100 seconds
80 seconds
112
Which type of VPN is the preferred choice for support and ease of deployment for remote access?
SSL VPN
GRE over IPsec
dynamic multipoint VPN
IPsec virtual tunnel interface
SSL VPN
113
What type of traffic is described as predictable and smooth?
video
data
voice
voice
114
Which queuing mechanism has no provision for prioritizing or buffering but simply forwards packets in the order they arrive?
FIFO
LLQ
CBWFQ
WFQ
FIFO
115
A network administrator is troubleshooting an OSPF problem that involves neighbor adjacency. What should the administrator do?
Make sure that the router priority is unique on each router.
Make sure that the DR/BDR election is complete.
Make sure that the router ID is included in the hello packet.
Make sure that the hello and dead interval timers are the same on all routers.
Make sure that the hello and dead interval timers are the same on all routers.
116
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 100 permit tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq www .
If a packet with a source address of 192.168.10.244, a destination address of 172.17.200.56, and a protocol of 80 is received on the interface, is the packet permitted or denied?
permitted
117
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner?
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to detect any evidence of a hack or malware in a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
to probe network devices, servers, and hosts for open TCP or UDP ports
to probe network devices, servers, and hosts for open TCP or UDP ports
118
What command would be used as part of configuring NAT or PAT to display any dynamic PAT translations that have been created by traffic?
show ip pat translations
show ip cache
show running-config
show ip nat translations
show ip nat translations
119
An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.16.91.0 255.255.255.192. What wildcard mask would the administrator use in the OSPF network statement?
0. 0.31.255
0. 0.0.63
0. 0.15.255
0. 0.7.255
0.0.0.63
120
What type of traffic is described as requiring latency to be no more than 400 milliseconds (ms)?
video
data
voice
video
121
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)
Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
Router(config)# access-list 95 permit any
Router(config)# access-list 95 host 172.16.0.0
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Router(config)# access-list 95 172.16.0.0 255.255.255.255
Router(config)# access-list 95 deny any
Router(config)# access-list 95 permit any
| Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
122
What protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers?
TFTP
SYSLOG
NTP
MPLS
NTP
123
What type of traffic is described as tending to be unpredictable, inconsistent, and bursty?
video
voice
data
video
124
What type of traffic is described as consisting of traffic that requires a higher priority if interactive?
voice
data
video
data
125
Which type of VPN provides a flexible option to connect a central site with branch sites?
IPsec virtual tunnel interface
MPLS VPN
dynamic multipoint VPN
GRE over IPsec
dynamic multipoint VPN
126
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use fuzzers?
to discover security vulnerabilities of a computer
to detect any evidence of a hack or malware in a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to discover security vulnerabilities of a computer
127
Two OSPF-enabled routers are connected over a point-to-point link. During the ExStart state, which router will be chosen as the first one to send DBD packets?
the router with the highest router ID
the router with the lowest IP address on the connecting interface
the router with the highest IP address on the connecting interface
the router with the lowest router ID
the router with the highest router ID
128
Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces?
exchanging link-state advertisements
electing the designated router
injecting the default route
establishing neighbor adjacencies
establishing neighbor adjacencies
129
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use forensic tools?
to obtain specially designed operating systems preloaded with tools optimized for hacking
to detect any evidence of a hack or malware in a computer or network
to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
to detect any evidence of a hack or malware in a computer or network
130
ABCTech is investigating the use of automation for some of its products. In order to control and test these products, the programmers require Windows, Linux, and MAC OS on their computers. What service or technology would support this requirement?
dedicated servers
software defined networking
virtualization
Cisco ACI
virtualization
131
A network engineer has noted that some expected network route entries are not displayed in the routing table. Which two commands will provide additional information about the state of router adjacencies, timer intervals, and the area ID? (Choose two.)
```
show ip protocols
show ip ospf neighbor
show running-configuration
show ip ospf interface
show ip route ospf
```
show ip ospf neighbor
| show ip ospf interface
132
Which type of VPN involves the forwarding of traffic over the backbone through the use of labels distributed among core routers?
MPLS VPN
GRE over IPsec
IPsec virtual tunnel interface
dynamic multipoint VPN
MPLS VPN
133
Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec?
SSL VPN
dynamic multipoint VPN
GRE over IPsec
IPsec virtual tunnel interface
GRE over IPsec
134
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use hacking operation systems?
to detect any evidence of a hack or malware in a computer or network
to obtain specially designed operating systems preloaded with tools optimized for hacking
to encode data, using algorithm schemes, to prevent unauthorized access to the encrypted data
to reverse engineer binary files when writing exploits and when analyzing malware
to obtain specially designed operating systems preloaded with tools optimized for hacking
135
What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network?
ip pat inside
access-list 10 permit 172.19.89.0 0.0.0.255
ip nat inside
ip nat outside
ip nat outside
136
To avoid purchasing new hardware, a company wants to take advantage of idle system resources and consolidate the number of servers while allowing for multiple operating systems on a single hardware platform. What service or technology would support this requirement?
data center
cloud services
virtualization
dedicated servers
virtualization
137
Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?
MPLS VPN
IPsec virtual tunnel interface
dynamic multipoint VPN
GRE over IPsec
IPsec virtual tunnel interface
138
Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link?
building the topology table
selecting the router ID
exchanging link-state advertisements
injecting the default routeWhat type of traffic is described as using either TCP or UDP depending on the need for error recovery?
video
voice
data
exchanging link-state advertisements
139
What type of traffic is described as using either TCP or UDP depending on the need for error recovery?
video
voice
data
data
140
What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation?
ip nat inside source static 172.19.89.13 198.133.219.65
ip nat inside source list 24 interface serial 0/1/0 overload
ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240
ip nat outside
ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240
141
What is the name of the layer in the Cisco borderless switched network design that is considered to be the backbone used for high-speed connectivity and fault isolation?
```
data link
access
core
network
network access
```
core
142
An ACL is applied inbound on router interface. The ACL consists of a single entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.47 any eq ftp
If a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2, and a protocol of 21 is received on the interface, is the packet permitted or denied?
permitted
143
What type of traffic is described as consisting of traffic that gets a lower priority if it is not mission-critical?
video
data
voice
data
144
Which OSPF table is identical on all converged routers within the same OSPF area?
routing
neighbor
adjacency
topology
topology
145
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www .
If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27, and a protocol of 80 is received on the interface, is the packet permitted or denied?
permitted
146
What protocol allows the manager to poll agents to access information from the agent MIB?
CBWFQ
SYSLOG
TFTP
SNMP
SNMP
147
What type of traffic is described as being able to tolerate a certain amount of latency, jitter, and loss without any noticeable effects?
voice
video
data
voice
148
What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy?
```
policing
traffic marking
weighted random early detection (WRED)
traffic shaping
tail drop
```
traffic marking
149
Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.)
```
cost of the link
amount of traffic
distance between sites
reliability
security needs
type of traffic
```
amount of traffic
security needs
type of traffic
150
What command would be used as part of configuring NAT or PAT to link the inside local addresses to the pool of addresses available for PAT translation?
ip nat inside source list ACCTNG pool POOL-STAT
ip nat translation timeout 36000
ip nat inside source list 14 pool POOL-STAT overload
ip nat inside source static 172.19.89.13 198.133.219.65
ip nat inside source list 14 pool POOL-STAT overload
151
What protocol is a vendor-neutral Layer 2 discovery protocol that must be configured separately to transmit and receive information packets?
SNMP
MPLS
LLDP
NTP
LLDP
152
An ACL is applied inbound on a router interface. The ACL consists of a single entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .
If a packet with a source address of 172.18.20.55, a destination address of 172.18.20.3, and a protocol of 21 is received on the interface, is the packet permitted or denied?
denied
153
A technician is working on a Layer 2 switch and notices that a %CDP-4-DUPLEX_MISMATCH message keeps appearing for port G0/5. What command should the technician issue on the switch to start the troubleshooting process?
show cdp neighbors
show ip interface brief
show interface g0/5
show cdp
show interface g0/5
154
Which virtual resource would be installed on a network server to provide direct access to hardware resources?
VMware Fusion
a management console
a dedicated VLAN
a Type 1 hypervisor
a Type 1 hypervisor
155
Which OSPF database is identical on all converged routers within the same OSPF area?
neighbor
forwarding
link-state
adjacency
link-state
156
What are two features to consider when creating a named ACL? (Choose two.)
Use alphanumeric characters if needed.
Use special characters, such as ! or * to show the importance of the ACL.
Modify the ACL using a text editor.
Be descriptive when creating the ACL name.
Use a space for ease of reading to separate the name from the description
Use alphanumeric characters if needed.
| Be descriptive when creating the ACL name
157
What type of traffic is described as requiring at least 384 Kbps of bandwidth?
voice
data
video
video
158
Which step in the link-state routing process is described by a router inserting best paths into the routing table?
declaring a neighbor to be inaccessible
executing the SPF algorithm
load balancing equal-cost paths
choosing the best route
choosing the best route
159
Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting. What service or technology would support this requirement?
data center
virtualization
cloud services
dedicated servers
cloud services
160
Which QoS technique smooths packet output rate?
```
policing
shaping
weighted random early detection
Integrated Services (IntServ)
marking
```
shaping
161
A network technician is configuring SNMPv3 and has set a security level of SNMPv3 authPriv. What is a feature of using this level?
authenticates a packet by using the SHA algorithm only
authenticates a packet by a string match of the username or community string
authenticates a packet by using either the HMAC with MD5 method or the SHA method
authenticates a packet by using either the HMAC MD5 or HMAC SHA algorithms and a username
authenticates a packet by using either the HMAC with MD5 method or the SHA method
