Unformatted Attachment Preview
CCNA 3 v7.0 Final Exam Answers Full –
Enterprise Networking, Security, and
Automation
1. Which design feature will limit the size of a failure domain in an
enterprise network?
▪ the purchase of enterprise equipment that is designed for large traffic
volume
▪ the installation of redundant power supplies
▪ the use of a collapsed core design
▪ the use of the building switch block approach
2. Which two things should a network administrator modify on a
router to perform password recovery? (Choose two.)
▪ the system image file
▪ the NVRAM file system
▪ the configuration register value
▪ the startup configuration file
▪ system ROM
3. What type of network uses one common infrastructure to carry
voice, data, and video signals?
▪ borderless
▪ converged
▪ managed
▪ switched
4. What are three advantages of using private IP addresses and NAT?
(Choose three.)
▪ hides private LAN addressing from outside devices that are
connected to the Internet
▪ permits LAN expansion without additional public IP addresses
▪ reduces CPU usage on customer routers
▪ creates multiple public IP addresses
▪ improves the performance of the router that is connected to the Internet
▪ conserves registered public IP addresses
Page 1 of 78
5. Which two scenarios are examples of remote access VPNs?
(Choose two.)
▪ All users at a large branch office can access company resources through
a single VPN connection.
▪ A small branch office with three employees has a Cisco ASA th ...
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq wwwaccess-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any access-list 105 permit ip host 10.0.70.23 host 10.0.54.5access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any R1(config)# interface gi0/0 access-list 105 permit tcp host 10.0.54.5 any eq wwwaccess-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 Explanation: The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server. 28. Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?
Explanation: Because standard access lists only filter on the source IP address, they are commonly placed closest to the destination network. In this example, the source packets will be coming from the R2 G0/0 network. The destination is the R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1 interface. 29. Which is a characteristic of a Type 2 hypervisor?
30. What are the two types of VPN connections? (Choose two.)
Explanation: PPPoE, leased lines, and Frame Relay are types of WAN technology, not types of VPN connections. 31. Refer to the exhibit. What three conclusions can be drawn from the displayed output? (Choose three.)
32. Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?
Explanation: The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched. 33. What functionality does mGRE provide to the DMVPN technology?
Explanation: DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub. 34. What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?
35. What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?
36. What is a purpose of establishing a network baseline?
Explanation: A baseline is used to establish normal network or system performance. It can be used to compare with future network or system performances in order to detect abnormal situations. 37. Match the type of WAN device or service to the description. (Not all options are used.) CPE —> devices and inside wiring that are located on the enterprise edge and connect to a carrier linkDCE —> devices that provide an interface for customers to connect to within the WAN cloudDTE —> customer devices that pass the data from a customer network for transmission over the WAN local loop —> a physical connection from the customer to the service provider POP 38. Which statement describes a characteristic of standard IPv4 ACLs?
39. Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?
Explanation: R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would enable the router to check for all interesting traffic and if it matches ACL 1 it would be translated by use of the addresses in NAT-POOL2. 40. Refer to the exhibit. What method can be used to enable an OSPF router to advertise a default route to neighboring OSPF routers?
41. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?
42. What are two syntax rules for writing a JSON array? (Choose two.)
43. What is a characteristic of a Trojan horse as it relates to network security?
Explanation: A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable. 44. An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?
Explanation: In DHCP spoofing attacks, an attacker configures a fake DHCP server on the network to issue DHCP addresses to clients with the aim of forcing the clients to use a false default gateway, and other false services. DHCP snooping is a Cisco switch feature that can mitigate DHCP attacks. MAC address starvation and MAC address snooping are not recognized security attacks. MAC address spoofing is a network security threat. 45. A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
Explanation: Secure communications consists of four elements:Data confidentiality – guarantees that only authorized users can read the messageData integrity – guarantees that the message was not alteredOrigin authentication – guarantees that the message is not a forgery and does actually come from whom it states Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent 46. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?
47. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?
48. Match the HTTP method with the RESTful operation. POST –>> CreateGET –>> ReadPUT/PATCH –>> Update/Replace?Modify Delete –>> Delete 49. Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East? 50. What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?
51. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied? 52. What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?
53. Which two scenarios would result in a duplex mismatch? (Choose two.)
54. A network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting?
Explanation: For enabling SNMPv3 one of three security levels can be configured:1) noAuth2) auth3) priv The security level configured determines which security algorithms are performed on SNMP packets. The auth security level uses either HMAC with MD5 or SHA. 55. What are two types of attacks used on DNS open resolvers? (Choose two.)
Explanation: Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sitesDNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources 56. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied? Case 2: access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.0.15 eq telnet .If a packet with a source address of 192.168.100.219, a destination address of 64.100.40.10, and a protocol of 54 is received on the interface, is the packet permitted or denied? 57. Which type of resources are required for a Type 1 hypervisor?
58. In JSON, what is held within square brackets [ ]?
59. What are three components used in the query portion of a typical RESTful API request? (Choose three.)
60. A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?
61. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? 62. Which statement describes a characteristic of Cisco Catalyst 2960 switches?
63. Which component of the ACI architecture translates application policies into network programming?
64. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)
65. Refer to the exhibit. A PC at address 10.1.1.45 is unable to access the Internet. What is the most likely cause of the problem?
Explanation: The output of show ip nat statistics shows that there are 2 total addresses and that 2 addresses have been allocated (100%). This indicates that the NAT pool is out of global addresses to give new clients. Based on the show ip nat translations, PCs at 10.1.1.33 and 10.1.1.123 have used the two available addresses to send ICMP messages to a host on the outside network. 66. What are two benefits of using SNMP traps? (Choose two.)
67. Which statement accurately describes a characteristic of IPsec?
Explanation: IPsec can secure a path between two network devices. IPsec can provide the following security functions:Confidentiality – IPsec ensures confidentiality by using encryption.Integrity – IPsec ensures that data arrives unchanged at the destination using a hash algorithm, such as MD5 or SHA.Authentication – IPsec uses Internet Key Exchange (IKE) to authenticate users and devices that can carry out communication independently. IKE uses several types of authentication, including username and password, one-time password, biometrics, pre-shared keys (PSKs), and digital certificates. Secure key exchange- IPsec uses the Diffie-Hellman (DH) algorithm to provide a public key exchange method for two peers to establish a shared secret key. 68. In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)
69. Which two statements describe the use of asymmetric algorithms? (Choose two.)
Explanation: Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but the complementary matched key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key encrypts the data, the corresponding public key decrypts the data. 70. Refer to the exhibit. A network administrator has deployed QoS and has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. Where should initial marking occur to establish the trust boundary?
Explanation: Traffic should be classified and marked as close to its source as possible. The trust boundary identifies at which device marked traffic should be trusted. Traffic marked on VoIP phones would be considered trusted as it moves into the enterprise network. 71. What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)
72. What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
73. A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?
74. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied? 75. Refer to the exhibit. From which location did this router load the IOS?
76. Refer to the exhibit. Which data format is used to represent the data for network automation applications? Explanation: The common data formats that are used in many applications including network automation and programmability are as follows:
77. What QoS step must occur before packets can be marked?
78. What is the main function of a hypervisor?
79. A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?
80. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?
Explanation: Traffic shaping buffers excess packets in a queue and then forwards the traffic over increments of time, which creates a smoothed packet output rate. Traffic policing drops traffic when the amount of traffic reaches a configured maximum rate, which creates an output rate that appears as a saw-tooth with crests and troughs. 81. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8, and a protocol of 53 is received on the interface, is the packet permitted or denied? 82. Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?
83. If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it? 84. Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below. Router(config)# ip access-list extended 101 Router(config-ext-nacl)# no 20 Router(config-ext-nacl)# 5 permit tcp any any eq 22 Router(config-ext-nacl)# 20 deny udp any anyWhich two conclusions can be drawn from this new configuration? (Choose two.)
Explanation: After the editing, the final configuration is as follows: So, only SSH packets and ICMP packets will be permitted. 85. Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
86. Refer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation?
87. Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?
Explanation: The output of debug ip nat shows each packet that is translated by the router. The “s” is the source IP address of the packet and the “d” is the destination. The address after the arrow (“->”) shows the translated address. In this case, the translated address is on the 209.165.201.0 subnet but the ISP facing interface is in the 209.165.200.224/27 subnet. The ISP may drop the incoming packets, or might be unable to route the return packets back to the host because the address is in an unknown subnet. 88. Why is QoS an important issue in a converged network that combines voice, video, and data communications?
89. Which statement describes a VPN?
90. In which OSPF state is the DR/BDR election conducted?
91. Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
Explanation: The site-to-site VPN is an extension of a classic WAN network that provides a static interconnection of entire networks. Frame Relay would be a better choice than leased lines, but would be more expensive than implementing site-to-site VPNs. The other options refer to remote access VPNs which are better suited for connecting users to the corporate network versus interconnecting two or more networks. 92. What is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?
93. Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?
Explanation: OSPF elections of a DR are based on the following in order of precedence:
In this case routers R3 and R1 have the highest router priority. Between the two, R3 has the higher router ID. Therefore, R3 will become the DR and R1 will become the BDR. 94. Which type of server would be used to keep a historical record of messages from monitored network devices?
95. When QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)
Explanation: Delay is the latency between a sending and receiving device. Jitter is the variation in the delay of the received packets. Both delay and jitter need to be controlled in order to support real-time voice and video traffic. 96. In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?
97. What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces? 98. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?
99. Refer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5: access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5 access-list 100 permit ip any anyWhere should the administrator place this ACL for the most efficient use of network resources?
100. Which type of OSPFv2 packet is used to forward OSPF link change information?
101. What protocol synchronizes with a private master clock or with a publicly available server on the internet? 102. Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?
103. An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16, and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0 network to neighbors?
104. Refer to the exhibit. Which sequence of commands should be used to configure router A for OSPF? router ospf 1 router ospf 1 router ospf 1network 192.168.10.64 255.255.255.192 network 192.168.10.192 255.255.255.252 router ospf 1 105. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?
106. How does virtualization help with disaster recovery within a data center?
Explanation: Live migration allows moving of one virtual server to another virtual server that could be in a different location that is some distance from the original data center.
Explanation: Improved disaster recovery – Virtualization offers advanced business continuity solutions. It provides hardware abstraction capability so that the recovery site no longer needs to have hardware that is identical to the hardware in the production environment. Most enterprise server virtualization platforms also have software that can help test and automate the failover before a disaster does happen. 107. How does virtualization help with disaster recovery within a data center?
Explanation: Disaster recovery is how a company goes about accessing applications, data, and the hardware that might be affected during a disaster. Virtualization provides hardware independence which means the disaster recovery site does not have to have the exact equipment as the equipment in production. Server provisioning is relevant when a server is built for the first time. Although data centers do have backup generators, the entire data center is designed for disaster recovery. One particular data center could never guarantee that the data center itself would never be without power. 108. Refer to the exhibit. Which devices exist in the failure domain when switch S3 loses power?
A failure domain is the area of a network that is impacted when a critical device such as switch S3 has a failure or experiences problems. 109. Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 deny tcp host 192.168.10.0 any eq 23 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 For an extended ACL to meet these requirements the following need to be included in the access control entries:identification number in the range 100-199 or 2000-2699permit or deny parameterprotocolsource address and wildcarddestination address and wildcard port number or name 110. Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?
111. Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?
112. What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation? 113. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?
114. When will an OSPF-enabled router transition from the Down state to the Init state?
115. What type of traffic is described as having a high volume of data per packet? 116. What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices? 117. Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?
118. Refer to the exhibit. Which conclusion can be drawn from this OSPF multiaccess network?
On OSPF multiaccess networks, a DR is elected to be the collection and distribution point for LSAs sent and received. A BDR is also elected in case the DR fails. All other non-DR or BDR routers become DROTHER. Instead of flooding LSAs to all routers in the network, DROTHERs only send their LSAs to the DR and BDR using the multicast address 224.0.0.6. If there is no DR/BDR election, the number of required adjacencies is n(n-1)/2 = > 4(4-1)/2 = 6. With the election, this number is reduced to 3. 119. Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?
Explanation: Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible. Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure. 120. Which type of VPN connects using the Transport Layer Security (TLS) feature?
121. Which group of APIs are used by an SDN controller to communicate with various applications?
122. A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?
123. What command would be used as part of configuring NAT or PAT to identify inside local addresses that are to be translated?
124. Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting, what service or technology would support requirement?
125. Refer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the command copy usbflash0:/R1-config running-config on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem?
126. Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)
127. Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation?
128. In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)
129. In an OSPF network which OSPF structure is used to create the neighbor table on a router?
130. What protocol is used in a system that consists of three elements–a manager, agents, and an information database? 131. What type of traffic is described as not resilient to loss? Explanation: Video traffic tends to be unpredictable, inconsistent, and bursty compared to voice traffic. Compared to voice, video is less resilient to loss and has a higher volume of data per packet. 132. Refer to the exhibit. Router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity?
133. Which type of API would be used to allow authorized salespeople of an organization access to internal sales data from their mobile devices? 134. Refer to the exhibit. Which data format is used to represent the data for network automation applications? 135. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 101 permit udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet .If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170, and a protocol of 23 is received on the interface, is the packet permitted or denied? 136. Refer to the exhibit. If no router ID was manually configured, what would router R1 use as its OSPF router ID?
137. What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices? 138. Which type of VPN uses a hub-and-spoke configuration to establish a full mesh topology?
139. What is a characteristic of the REST API?
140. Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?
141. A student, doing a summer semester of study overseas, has taken hundreds of pictures on a smartphone and wants to back them up in case of loss. What service or technology would support this requirement?
142. Consider the following access list that allows IP phone configuration file transfers from a particular host to a TFTP server: R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000 R1(config)# access-list 105 deny ip any any R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 outWhich method would allow the network administrator to modify the ACL and include FTP transfers from any source IP address? R1(config)# interface gi0/0R1(config-if)# no ip access-group 105 outR1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20 R1(config)# interface gi0/0R1(config-if)# no ip access-group 105 outR1(config)# no access-list 105R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21R1(config)# access-list 105 deny ip any anyR1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21 R1(config)# access-list 105 deny ip any any 143. Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
Explanation: Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Placing a standard ACL close to the source may have the effect of filtering all traffic, and limiting services to other hosts. Filtering unwanted traffic before it enters low-bandwidth links preserves bandwidth and supports network functionality. Decisions on placing ACLs inbound or outbound are dependent on the requirements to be met. 144. Match the term to the web link http://www.buycarsfromus.com/2020models/ford/suv.html#Escape component. (Not all options are used.) buycarsfromus.com/2020models/ford/suv.html#Escape —-> URN http://www.buycarsfromus.com/2020models/ford/suv.html —-> URL http://www.buycarsfromus.com/2020models/ford/suv.html#Escape —-> URI #Escape —- Fragment 145. What command would be used as part of configuring NAT or PAT to display all static translations that have been configured?
146. A network administrator modified an OSPF-enabled router to have a hello timer setting of 20 seconds. What is the new dead interval time setting by default?
147. Which type of VPN is the preferred choice for support and ease of deployment for remote access?
148. What type of traffic is described as predictable and smooth? 149. Which queuing mechanism has no provision for prioritizing or buffering but simply forwards packets in the order they arrive? 150. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers. The routers are unable to form a neighbor adjacency. What should be done to fix the problem on router R2?
151. A network administrator is troubleshooting an OSPF problem that involves neighbor adjacency. What should the administrator do?
152. Refer to the exhibit. Internet privileges for an employee have been revoked because of abuse but the employee still needs access to company resources. What is the best ACL type and placement to use in this situation?
Explanation: – Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible. 153. An ACL is applied inbound on a router interface. The ACL consists of a single entry: access-list 100 permit tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq www .If a packet with a source address of 192.168.10.244, a destination address of 172.17.200.56, and a protocol of 80 is received on the interface, is the packet permitted or denied? 154. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner?
155. What command would be used as part of configuring NAT or PAT to display any dynamic PAT translations that have been created by traffic?
156. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.16.91.0 255.255.255.192. What wildcard mask would the administrator use in the OSPF network statement?
157. What type of traffic is described as requiring latency to be no more than 400 milliseconds (ms)? 158. Refer to the exhibit. Which two configurations would be used to create and apply a standard access list on R1, so that only the 10.0.70.0/25 network devices are allowed to access the internal database server? (Choose two.) A. B. C.R1(config)# interface Serial0/0/0 R1(config-if)# ip access-group 5 in D. E. 159. A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)
Explanation: To deny traffic from the 172.16.0.0/16 network, the access-list 95 deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic, the access-list 95 permit any statement is added. 160. Refer to the exhibit. The company has decided that no traffic initiating from any other existing or future network can be transmitted to the Research and Development network. Furthermore, no traffic that originates from the Research and Development network can be transmitted to any other existing or future networks in the company. The network administrator has decided that extended ACLs are better suited for these requirements. Based on the information given, what will the network administrator do?
161. What protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers? 162. Refer to the exhibit. If no router ID was manually configured, what would router Branch1 use as its OSPF router ID?
Explanation: In OSPFv2, a Cisco router uses a three-tier method to derive its router ID. The first choice is the manually configured router ID with the router-id command. If the router ID is not manually configured, the router will choose the highest IPv4 address of the configured loopback interfaces. Finally if no loopback interfaces are configured, the router chooses the highest active IPv4 address of its physical interfaces. 163. Match the HTTP method with the RESTful operation. 164. Refer to the exhibit. A web designer calls to report that the web server web-s1.cisco.com is not reachable through a web browser. The technician uses command line utilities to verify the problem and to begin the troubleshooting process. Which two things can be determined about the problem? (Choose two.)
Explanation: The successful result of the ping to the IP address indicates that the network is operational and the web server is online. However, the fact that the ping to the domain name of the server fails indicates there is a DNS issue, namely that the host cannot resolve the domain name to its associated IP address. 165. What type of traffic is described as tending to be unpredictable, inconsistent, and bursty? 166. Match the functions to the corresponding layers. (Not all options are used.) 167. What type of traffic is described as consisting of traffic that requires a higher priority if interactive? 168. Which type of VPN provides a flexible option to connect a central site with branch sites?
169. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use fuzzers?
170. Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface, but not the G0/0 interface. When following the best practices, in what location should the standard ACL be applied?
171. Two OSPF-enabled routers are connected over a point-to-point link. During the ExStart state, which router will be chosen as the first one to send DBD packets?
Explain:In the ExStart state, the two routers decide which router will send the DBD packets first. The router with the higher router ID will be the first router to send DBD packets during the Exchange state 172. Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces?
173. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use forensic tools?
174. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers but PC1 is unable to connect to PC2. What is the most likely problem?
Explanation: If a LAN network is not advertised using OSPFv2, a remote network will not be reachable. The output displays a successful neighbor adjacency between router R1 and R2 on the interface S0/0 of both routers. 175. ABCTech is investigating the use of automation for some of its products. In order to control and test these products, the programmers require Windows, Linux, and MAC OS on their computers. What service or technology would support this requirement?
176. A network engineer has noted that some expected network route entries are not displayed in the routing table. Which two commands will provide additional information about the state of router adjacencies, timer intervals, and the area ID? (Choose two.)
Explanation: The show ip ospf interface command will display routing table information that is already known. The show running-configuration and show ip protocols commands will display aspects of the OSPF configuration on the router but will not display adjacency state details or timer interval details. 177. Which type of VPN involves the forwarding of traffic over the backbone through the use of labels distributed among core routers?
178. Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec?
179. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use hacking operation systems?
180. What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network?
181. To avoid purchasing new hardware, a company wants to take advantage of idle system resources and consolidate the number of servers while allowing for multiple operating systems on a single hardware platform. What service or technology would support this requirement?
Explain: Server virtualization takes advantage of idle resources and consolidates the number of required servers. This also allows for multiple operating systems to exist on a single hardware platform. 182. Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?
183. Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link?
184. What type of traffic is described as using either TCP or UDP depending on the need for error recovery? 185. Refer to the exhibit. The company CEO demands that one ACL be created to permit email traffic to the internet and deny FTP access. What is the best ACL type and placement to use in this situation?
186. What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation?
187. What is the name of the layer in the Cisco borderless switched network design that is considered to be the backbone used for high-speed connectivity and fault isolation?
Explanation: The three layers of the Cisco borderless switch network design are access, distribution, and core. The access layer switches are the ones used to connect end devices to the network. The distribution layer switches accept connections from access layer switches and provides switching, routing, and access policy functions. The core layer is called the backbone and core switches commonly have high-speed redundant connections. 188. An ACL is applied inbound on router interface. The ACL consists of a single entry: access-list 210 permit tcp 172.18.20.0 0.0.0.47 any eq ftpIf a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2, and a protocol of 21 is received on the interface, is the packet permitted or denied? 189. What type of traffic is described as consisting of traffic that gets a lower priority if it is not mission-critical? 190. Which OSPF table is identical on all converged routers within the same OSPF area?
191. An ACL is applied inbound on a router interface. The ACL consists of a single entry: If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27, and a protocol of 80 is received on the interface, is the packet permitted or denied? 192. What protocol allows the manager to poll agents to access information from the agent MIB? 193. Match each component of a WAN connection to its description. (Not all options are used.) Case 2: 194. What type of traffic is described as being able to tolerate a certain amount of latency, jitter, and loss without any noticeable effects? 195. What term describes adding a value to the packet header, as close to the source as possible, so that the packet matches a defined policy?
196. Which three traffic-related factors would influence selecting a particular WAN link type? (Choose three.)
Explanation: The traffic-related factors that influence selecting a particular WAN link type include the type of traffic, amount of traffic, quality requirements, and security requirements. Quality requirements include ensuring that traffic that cannot tolerate delay gets priority treatment as well as important business transactional traffic.
198. What protocol is a vendor-neutral Layer 2 discovery protocol that must be configured separately to transmit and receive information packets? 199. An ACL is applied inbound on a router interface. The ACL consists of a single entry: If a packet with a source address of 172.18.20.55, a destination address of 172.18.20.3, and a protocol of 21 is received on the interface, is the packet permitted or denied? 200. Refer to the exhibit. Corporate policy demands that access to the server network be restricted to internal employees only. What is the best ACL type and placement to use in this situation?
201. A technician is working on a Layer 2 switch and notices that a %CDP-4-DUPLEX_MISMATCH message keeps appearing for port G0/5. What command should the technician issue on the switch to start the troubleshooting process?
202. Which virtual resource would be installed on a network server to provide direct access to hardware resources?
Explanation: Type 1 hypervisors, the hypervisor is installed directly on the server or networking hardware. Then, instances of an OS are installed on the hypervisor, as shown in the figure. Type 1 hypervisors have direct access to the hardware resources. Therefore, they are more efficient than hosted architectures. Type 1 hypervisors improve scalability, performance, and robustness. 203. Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. When following the best practices, in what location should the standard ACL be applied?
204. Which OSPF database is identical on all converged routers within the same OSPF area?
Explanation: Regardless of which OSPF area a router resides in, the adjacency database, routing table, and forwarding database are unique for each router. The link-state database lists information about all other routers within an area and is identical across all OSPF routers participating in that area. 205. What are two features to consider when creating a named ACL? (Choose two.)
Explanation: The following summarizes the rules to follow for named ACLs:
206. Match the RESTful API method to CRUD function. 207. What type of traffic is described as requiring at least 384 Kbps of bandwidth? 208. Which step in the link-state routing process is described by a router inserting best paths into the routing table?
209. Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting. What service or technology would support this requirement?
210. Which QoS technique smooths packet output rate?
211. Refer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation?
Explanation: Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible. Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure. 212. A network technician is configuring SNMPv3 and has set a security level of SNMPv3 authPriv. What is a feature of using this level?
|