What is a recommended approach to avoid co-channel congestion while installing

access points that use the 2.4 GHz frequency?

A. different overlapping channels

B. one nonoverlapping channel

C. different nonoverlapping channels

D. one overlapping channel

Correct Answer: C

Which command on a port enters the forwarding state immediately when a PC is

connected to it?

A. switch(config-if)#no spanning-tree portfast

B. switch(config-if)#spanning-tree portfast trunk

C. switch(config)#spanning-tree portfast default

D. switch(config)#spanning-tree portfast bpduguard default

Correct Answer: B

When a site-to-site VPN is used, which protocol is responsible for the transport of user
data?

A. IKEv2

B. IKEv1

C. IPsec

D. MD5

Correct Answer: C
Which statement identifies the functionality of virtual machines?

A. Virtualized servers run most efficiently when they are physically connected to a switch
that is separate from the hypervisor

B. The hypervisor communicates on Layer 3 without the need for additional resources

C. The hypervisor can virtualize physical components including CPU. memory, and
storage

D. Each hypervisor can support a single virtual machine and a single software switch

Correct Answer: C

Which design element is a best practice when deploying an 802.11b wireless

infrastructure?

A. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller

B. allocating nonoverlapping channels to access points that are in close physical proximity
to one another

C. configuring access points to provide clients with a maximum of 5 Mbps

D. disabling TPC so that access points can negotiate signal levels with their attached
wireless devices.

Correct Answer: B

An engineer must configure the IPv6 address

2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router
and wants to compress it for easier configuration. Which command must be issued on
the router interface?

A. ipv6 address 2001:db8:0::700:3:4F:572B

B. ipv6 address 2001:db8::700:3:400F:572B

C. ipv6 address 2001:Odb8::7:3:4F:572B

D. ipv6 address 2001::db8:0000::700:3:400F:572B

Correct Answer: B
What benefit does controller-based networking provide versus traditional networking?

A. combines control and data plane functionality on a single device to minimize latency

B. moves from a two-tier to a three-tier network architecture to provide maximum

redundancy

C. provides an added layer of security to protect from DDoS attacks

D. allows configuration and monitoring of the network from one centralized port

Correct Answer: D

Which configuration management mechanism uses TCP port 22 by default when

communicating with managed nodes?

A. Python

B. Ansible

C. Chef

D. Puppet

Correct Answer: B

Which type of address is the public IP address of a NAT device?

A. outside global

B. outsdwde local

C. inside global

D. insride local

E. outside public

F. inside public
Correct Answer: C
By default, how Does EIGRP determine the metric of a route for the routing table?

A. it uses the bandwidth and delay values of the path to calculate the route metric

B. it counts the number of hops between the receiving and destination routers and uses
that value as the metric

C. it uses a default metric of 10 for all routes that are learned by the router

D. it uses a reference Bandwidth and the actual bandwidth of the connected link to
calculate the route metric

Correct Answer: A

Refer to the exhibit.

Shortly after SiteA was connected to SiteB over a new single-mode fiber path users at
SiteA report intermittent connectivity issues with applications hosted at SiteB What is
the cause of the intermittent connectivity issue?

A. Interface errors are incrementing

B. High usage is causing high latency

C. An incorrect SFP media type was used at SiteA

D. The sites were connected with the wrong cable type

Correct Answer: B
An engineer requires a scratch interface to actively attempt to establish a trunk link with
a neighbor switch. What command must be configured?

A. switchport mode dynamic auto

B. switchport mode trunk

C. switchport mode dynamic desirable

D. switchport nonegotiate

Correct Answer: A

Where does the configuration reside when a helper address Is configured lo support
DHCP?

A. on the switch trunk interface

B. on the router closest to the client

C. on the router closest to the server

D. on every router along the path

Correct Answer: B

Refer to Exhibit.

An engineer is configuring the NEW York router to reach the Lo1 interface of the Atlanta
router using interface Se0/0/0 as the primary path. Which two commands must be
configured on the New York router so that it can reach the Lo1 interface of the Atlanta
router via Washington when the link between New York and Atlanta goes down?
(Choose two)

A. ipv6 router 2000::1/128 2012::1

B. ipv6 router 2000::1/128 2012::1 5

C. ipv6 router 2000::1/128 2012::2

D. ipv6 router 2000::1/128 2023::2 5

E. ipv6 router 2000::1/128 2023::3 5

Correct Answer: A,E

Refer to the exhibit.

A router reserved these five routes from different routing information sources.
Which two routes does the router install in its routing table? (Choose two)

A. RIP route 10.0.0.0/30

B. OSPF route 10.0.0.0/16

C. OSPF route 10.0.0.0/30

D. EIGRP route 10.0.0.1/32

E. iBGP route 10.0.0.0/30

Correct Answer: C,D
Refer to the exhibit.

An engineer booted a new switch and applied this configuration via the console port.
Which additional configuration must be applied to allow administrators to authenticate
directly to enable privilege mode via Telnet using a local username and password?

A. Option B

B. Option A

C. Option C

D. Option D

Correct Answer: B

A. a workstation that requests a domain name associated with its IP address

B. a host that is configured to request an IP address automatically

C. a rooter that statically assigns IP addresses to hosts

D. a server that dynamically assigns IP addresses to hosts

Correct Answer: B

What is the primary effect of the spanning-tree portfast command?

A. It immediately puts the port into the forwarding state when the switch is reloaded

B. It immediately enables the port in the listening state

C. It minimizes spanning-tree convergence time

D. it enables BPDU messages

Correct Answer: C
Refer to the exhibit.

If the network environment is operating normally, which type of device must be

connected to interface FastEthernet 0/1?

A. PC

B. DHCP client

C. router

D. access point

Correct Answer: C

Which result occurs when PortFast is enabled on an interface that is connected to

another switch?

A. Spanning tree may fail to detect a switching loop in the network that causes broadcast
storms

B. VTP is allowed to propagate VLAN configuration information from switch to switch

automatically.
 C. Root port choice and spanning tree recalculation are accelerated when a switch link
goes down

D. After spanning tree converges PortFast shuts down any port that receives BPDUs.

Correct Answer: A

What is a function of a remote access VPN?

A. allows the users to access company internal network resources through a secure tunnel

B. establishes a secure tunnel between two branch sites

C. used cryptographic tunneling to protect the privacy of data for multiple users
simultaneously

D. used exclusively when a user is connected to a company's internal network

Correct Answer: A

Which command prevents passwords from being stored in the configuration as plain
text on a router or switch?

A. enable password

B. enable secret

C. username Cisco password encrypt

D. service password-encryption

Correct Answer: D
Refer to the exhibit.

The network administrator wants VLAN 67 traffic to be untagged between Switch 1 and
Switch 2 while all other VLANs are to remain tagged.
Which command accomplishes this task?

A. switchport private-vlan association host 67

B. switchport trunk native vlan 67

C. switchport access vlan 67

D. switchport trunk allowed vlan 67

Correct Answer: B
Drag the descriptions of device management from the left onto the types of device
management on the right.

Cisco DNA Center Device Management

3. Monitor the cloud for software update
5. Uses CLI templates to apply a consistent configuration to multiple devices at an
individual location
6. Uses NetFlow to analyse potential security threats throughout the network and take
appropriate action on that traffic Traditional device management
2. Manages device configuration on a per-device basis
4. Security is managed near the perimeter of the network with firewalls, VPNs, and IPS
Implements changes via an SSH terminal
Correct Answer:
Refer to the exhibit.

Which outcome is expected when PC_A sends data to PC_B?

A. The destination MAC address is replaced with ffff.ffff.ffff.

B. The source MAC address is changed.

C. The source and destination MAC addresses remain the same.

D. The switch rewrites the source and destination MAC addresses with its own.

Correct Answer: C

What is a difference between RADIUS and TACACS+?

A. TACACS+ encrypts only password information and RADIUS encrypts the entire
payload

B. TACACS+ separates authentication and authorization, and RADIUS merges them

C. RADIUS logs all commands that are entered by the administrator, but TACACS+ logs
only start, stop, and interim commands

D. RADIUS is most appropriate for dial authentication, but TACACS+ can be used for
multiple types of authentication

Correct Answer: B
Which two must be met before SSH can operate normally on a Cisco IOS switch?
(Choose two)

A. IP routing must be enabled on the switch

B. The switch must be running a k9 (crypto) IOS image

C. A console password must be configured on the switch

D. The Ip domain-name command must be configured on the switch

E. Telnet must be disabled on the switch

Correct Answer: B,D

When implementing a router as a DHCP server, which two features must be

configured'? (Choose two)

A. relay agent information

B. address pool

C. database agent

D. manual bindings

E. smart-relay

Correct Answer: B,D

Drag and drop the threat-mitigation techniques from the left onto the types of threat or
attack they mitigate on the right.
Correct Answer:

Which technology allows for multiple operating systems to be run on a single host
computer?

A. server visualization

B. virtual routing and forwarding

C. network port ID visualization

D. virtual device contexts

Correct Answer: A
Drag drop the descriptions from the left onto the correct configuration-management
technologies on the right.
The focus of Ansible is to be streamlined and fast, and to require no node agent
installation.
Thus, Ansible performs all functions over SSH. Ansible is built on Python, in contrast to
the Ruby foundation of Puppet and Chef.
TCP port 10002 is the command port. It may be configured in the Chef Push Jobs
configuration file .
This port allows Chef Push Jobs clients to communicate with the Chef Push Jobs
server.
Puppet is an open-source configuration management solution, which is built with Ruby
and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB)
templates to create custom Puppet language files, offering a declarative-paradigm
programming approach.
A Puppet piece of code is called a manifest, and is a file with .pp extension.
Correct Answer:
Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1.
Which configuration accomplishes this task?

A. Option B

B. Option A

C. Option C

D. Option D

Correct Answer: C
An organization secures its network with multi-factor authentication using an
authenticator app on employee smartphone. How is the application secured in the case
of a user's smartphone being lost or stolen?

A. The application verifies that the user is in a specific location before it provides the
second factor.

B. The application challenges a user by requiring an administrator password to reactivate

when the smartphone is rebooted.

C. The application requires the user to enter a PIN before it provides the second factor.

D. The application requires an administrator password to reactivate after a configured

Interval.

Correct Answer: C

Refer to the exhibit. After the configuration is applied, the two routers fail to establish an
OSPF neighbor relationship. what is the reason for the problem?

A. The OSPF router IDs are mismatched.

B. Router2 is using the default hello timer.

C. The OSPF process IDs are mismatched.

D. The network statement on Router1 is misconfigured.

Correct Answer: B

What is a benefit of VRRP?

A. It provides traffic load balancing to destinations that are more than two hops from the
source.

B. It provides the default gateway redundancy on a LAN using two or more routers.

C. It allows neighbors to share routing table information between each other.

D. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then
makes the final forwarding decision.
Correct Answer: B

Drag and drop the descriptions of file-transfer protocols from the left onto the correct
protocols on the right.

Correct Answer:

What is a network appliance that checks the state of a packet to determine whether the
packet is legitimate?

A. load balancer

B. LAN controller

C. Layer 2 switch

D. firewall
Correct Answer: D
An administrator must secure the WLC from receiving spoofed association requests.
Which steps must be taken to configure the WLC to restrict the requests and force the
user to wait 10 ms to retry an association request?

A. Enable Security Association Teardown Protection and set the SA Query timeout to 10

B. Enable 802.1x Layer 2 security and set me Comeback timer to 10

C. Enable the Protected Management Frame service and set the Comeback timer to 10

D. Enable MAC filtering and set the SA Query timeout to 10

Correct Answer: B

If a notice-level messaging is sent to a syslog server, which event has occurred?

A. A network device has restarted

B. An ARP inspection has failed

C. A routing instance has flapped

D. A debug operation is running

Correct Answer: C
Drag and drop to the characteristics of networking from the left onto the correct
networking types on the right.

Correct Answer:
Two switches are connected and using Cisco Dynamic Trunking Protocol SW1 is set to
Dynamic Desirable What is the result of this configuration?

A. The link is in an error disables state

B. The link is in a down state.

C. The link is becomes an access port.

D. The link becomes a trunk port.

Correct Answer: D

Which protocol prompts the Wireless LAN Controller to generate its own local web
administration SSL certificate for GUI access?

A. HTTPS

B. TACACS+

C. HTTP

D. RADIUS

Correct Answer: A
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the
correct security mechanism categories on the right.
Correct Answer:

What is a characteristic of private IPv4 addressing?

A. traverse the Internet when an outbound ACL is applied

B. used without tracking or registration

C. composed of up to 65.536 available addresses

D. issued by IANA in conjunction with an autonomous system number

Correct Answer: B

What is a role of access points in an enterprise network?

A. support secure user logins to devices or the network

B. serve as a first line of defense in an enterprise network

C. connect wireless devices to a wired network

D. integrate with SNMP in preventing DDoS attacks

Correct Answer: C
Drag and drop the WLAN components from the left onto the correct descriptions on the
right.

Correct Answer:

Refer to the exhibit.

Which two commands were used to create port channel 10? (Choose two )

A. Option A

B. Option E

C. Option D

D. Option C

E. Option B

Correct Answer: A,D

What are two fundamentals of virtualization? (choose two)

A. It allows logical network devices to move traffic between virtual machines and the rest
of the physical network

B. The environment must be configured with one hypervisor that serves solely as a
network manager to monitor SNMP traffic

C. It requires that some servers, virtual machines and network gear reside on the Internet

D. It allows a physical router to directly connect NICs from each virtual machine into the
network
 E. It allows multiple operating systems and applications to run independently on one
physical server.

Correct Answer: A,E
Refer to the exhibit.

A network engineer must block access for all computers on VLAN 20 to the web server
via HTTP All other computers must be able to access the web server Which
configuration when applied to switch A accomplishes this task?

A. Option C

B. Option B

C. Option D

D. Option A

Correct Answer: B
How do TCP and UDP differ in the way they guarantee packet delivery?

A. TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks
and UDP uses retransmissions only.

B. TCP uses checksum, parity checks, and retransmissions, and UDP uses
acknowledgements only.

C. TCP uses retransmissions, acknowledgement and parity checks and UDP uses cyclic
redundancy checks only.

D. TCP uses checksum, acknowledgement, and retransmissions, and UDP uses

checksums only.

Correct Answer: D

What are two differences between optical-fiber cabling and copper cabling? (Choose
two)

A. The data can pass through the cladding

B. Fiber connects to physical interfaces using Rj-45 connections

C. Light is transmitted through the core of the fiber

D. A BNC connector is used for fiber connections

E. The glass core component is encased in a cladding

Correct Answer: C,E
Refer to the exhibit.

The default-information originate command is configured under the R1 OSPF

configuration After testing workstations on VLAN 20 at Site B cannot reach a DNS
server on the Internet Which action corrects the configuration issue?

A. Add the always keyword to the default-information originate command on R1

B. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1

C. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2

D. Add the default-information originate command onR2

Correct Answer: B

Which 802.11 frame type is association response?

A. protected frame

B. control

C. management

D. action

Correct Answer: C
Which two WAN architecture options help a business scalability and reliability for the
network? (Choose two)

A. asychronous routing

B. single-homed branches

C. static routing

D. dynamic routing

E. dual-homed branches

Correct Answer: A,E
Which WAN topology provides a combination of simplicity quality, and availability?

A. partial mesh

B. point-to-point

C. hub-and-spoke

D. full mesh

Correct Answer: D

An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz
channels. What must be configured to allow clients to preferentially use 5GH2 access
points?

A. OEAP Split Tunnel

B. Client Band Select

C. Re- Anchor Roamed Clients

D. 11ac MU-MIMO

Correct Answer: B

Which CRUD operation corresponds to the HTTP GET method?

A. read

B. update

C. create

D. delete

Correct Answer: A
A network administrator needs to aggregate 4 ports into a single logical link which must
negotiate layer 2 connectivity to ports on another switch What must be configured when
using active mode on both sides of the connection?
 A. 802.1q trunks

B. LACP

C. LLDP

D. Cisco vPC

Correct Answer: B

An engineer must configure a/30 subnet between two routers. Which usable IP address
and subnet mask combination meets this criteria?

A. Option D

B. Option C

C. Option B

D. Option A

Correct Answer: D
Refer to the exhibit.

An engineer configured NAT translations and has verified that the configuration is
correct.
Which IP address is the source IP?

A. 172.23.104.4

B. 10.4.4.5

C. 172.23.103.10

D. 10.4.4.4

Correct Answer: A
A frame that enters a switch fails the Frame Check Sequence. Which two interface
counters are incremented? (Choose two)

A. runts

B. giants

C. frame

D. CRC

E. input errors

Correct Answer: D,E

Which protocol does an IPv4 host use to obtain a dynamically assigned IP address?

A. ARP

B. DHCP

C. CDP

D. DNS

Correct Answer: B
A corporate office uses four floors in a building
* Floor 1 has 24 users
* Floor 2 has 29 users
* Floor 3 has 28 users
* Floor 4 has 22 users
Which subnet summarizes and gives the most efficient distribution of IP addresses for
the router configuration?

A. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

B. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

C. l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor

D. 192.168.0.0.24 as summary and 192.168.0.0/28 for each floor

Correct Answer: C
Refer to the exhibit.

To which device does Router1 send packets that are destined to host 10.10.13.165?

A. Router4

B. Router2

C. Router3

D. Router5

Correct Answer: C
In which situation is private IPv4 addressing appropriate for a new subnet on the
network of an organization?

A. The network has multiple endpoint listeners, and it is desired to limit the number of
broadcasts.

B. The ISP requires the new subnet to be advertised to the internet for web services.
 C. There is limited unique address space, and traffic on the new subnet will stay local
within the organization.

Correct Answer: C

What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two)

A. The DHCP server leases client IP addresses dynamically.

B. The DHCP server assigns IP addresses without requiring the client to renew them

C. The DHCP client can request up to four DNS server addresses

D. The DHCP client maintains a pool of IP addresses it can assign.

E. The DHCP server offers the ability to exclude specific IP addresses from a pool of IP
addresses

Correct Answer: A,E

Which two actions are performed by the Weighted Random Early Detection mechanism?
(Choose two)

A. It drops lower-priority packets before it drops higher-priority packets

B. It can identify different flows with a high level of granularity

C. It guarantees the delivery of high-priority packets

D. It can mitigate congestion by preventing the queue from filling up

E. it supports protocol discovery

Correct Answer: A,D

What is the primary different between AAA authentication and authorization?

A. Authentication verifies a username and password, and authorization handles the

communication between the authentication agent and the user database.
 B. Authentication identifies a user who is attempting to access a system, and authorization
validates the users password

C. Authentication identifies and verifies a user who is attempting to access a system, and
authorization controls the tasks the user can perform.

D. Authentication controls the system processes a user can access and authorization logs
the activities the user initiates

Correct Answer: C
What is a practice that protects a network from VLAN hopping attacks?

A. Change native VLAN to an unused VLAN ID

B. Implement port security on internet-facing VLANs

C. Configure an ACL to prevent traffic from changing VLANs

D. Enable dynamic ARP inspection

Correct Answer: A

Which IPv6 address block sends packets to a group address rather than a single
address?

A. 2000::/3

B. FC00::/7

C. FE80::/10

D. FF00::/8

Correct Answer: D

which IPv6 address block forwards packets to a multicast address rather than a unicast
address?

A. FE80::/10
 B. 2000::/3

C. FF00::/12

D. FC00::/7

Correct Answer: C

Refer to the exhibit. An engineer must add a subnet for a new office that will add 20
users to the network. Which IPv4 network and subnet mask combination does the
engineer assign to minimize wasting addresses?

A. 10.10.225.32 255.255.255.224

B. 10.10.225.48 255.255.255.240

C. 10.10.225.32 255.255.255.240

Correct Answer: A
Which unified access point mode continues to serve wireless clients after losing
connectivity to the Cisco Wireless LAN Controller?

A. mesh

B. sniffer

C. flexconnect

D. local

Correct Answer: C
A network administrator enabled port security on a switch interface connected to a
printer. What is the next configuration action in order to allow the port to learn the MAC
address of the printer and insert it into the table automatically?

A. enable sticky MAC addressing

B. implement auto MAC address learning

C. enable dynamic MAC address learning

 D. implement static MAC addressing.

Correct Answer: A
Refer to the exhibit.

A network engineer must configured communication between PC A and the File Server.
To prevent interruption for any other communications, which command must be
configured?

A. Switchport trunk allowed vlan none

B. Switchport trunk allowed vlan remove 10-11

C. Switch trunk allowed vlan 12

D. Switchport trunk allowed vlan add 13

Correct Answer: D
Refer to the exhibit.

An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11 PC-1 and
PC-2 must be placed in the Data VLAN and Phone-1 must be placed in the Voice VLAN
Which configuration meets these requirements?

A. Option D

B. Option A

C. Option B

D. Option C

Correct Answer: D
When configuring IPv6 on an interface, which two IPv6 multicast groups are joined?
(Choose two)

A. 2000::/3

B. 2002::5

C. FC00::/7

D. FF02::1

E. FF02::2

Correct Answer: D,E

Refer to Exhibit.

Which configuration must be applied to the router that configures PAT to translate all
addresses in VLAN 200 while allowing devices on VLAN 100 to use their own IP
addresses?

A. Option C

B. Option B

C. Option D

D. Option A

Correct Answer: C
Which technology must be implemented to configure network device monitoring with
the highest security?

A. IP SLA

B. NetFlow

C. SNMPv3

D. syslog

Correct Answer: B
How do AAA operations compare regarding user identification, user services and
access control?

A. Authorization identifies users and authentication provides access control

B. Authentication identifies users and accounting tracks user services

C. Accounting tracks user services, and authentication provides access control

D. Authorization provides access control and authentication tracks user services

Correct Answer: B
Refer to the exhibit.

Router R1 Fa0/0 cannot ping router R3 Fa0/1.

Which action must be taken in router R1 to help resolve the configuration issue?

A. set the default network as 20.20.20.0/24

B. configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24
network

C. set the default gateway as 20.20.20.2

D. configure a static route with Fa0/1 as the egress interface to reach the 20.20.20.0/24
network

Correct Answer: B
What are two reasons that cause late collisions to increment on an Ethernet interface?
(Choose two)

A. when the sending device waits 15 seconds before sending the frame again

B. when the cable length limits are exceeded

C. when one side of the connection is configured for half-duplex

D. when Carrier Sense Multiple Access/Collision Detection is used

E. when a collision occurs after the 32nd byte of a frame has been transmitted

Correct Answer: B,C
Refer to the exhibit.

What is the effect of this configuration?

A. All ARP packets are dropped by the switch

B. Egress traffic is passed only if the destination is a DHCP server.

C. All ingress and egress traffic is dropped because the interface is untrusted

D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings.

Correct Answer: D
Router A learns the same route from two different neighbors, one of the neighbor
routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the
administrative distance of the route that will be installed in the routing table?

A. 20

B. 90

C. 110

D. 115
Correct Answer: B
Refer to the exhibit.

What is the effect of this configuration?

A. The switch port interface trust state becomes untrusted

B. The switch port remains administratively down until the interface is connected to
another switch

C. Dynamic ARP inspection is disabled because the ARP ACL is missing

D. The switch port remains down until it is configured to trust or untrust incoming packets

Correct Answer: A
Refer to the exhibit.

A network administrator assumes a task to complete the connectivity between PC A and

the File Server. Switch A and Switch B have been partially configured with VLAN 10, 11,
12, and 13. What is the next step in the configuration?
 A. Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation

B. Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing.

C. Add PC A to VLAN 10 and the File Server to VLAN 11 fa VLAN segmentation

D. Add PC A to the same subnet as the Fie Server allowing for intra-VLAN communication.

Correct Answer: A
Refer to the exhibit.

If OSPF Is running on this network, how does Router2 handle traffic from Site B to
10.10.13.128/25 at Site A?

A. It is unreachable and discards the traffic.

B. It sends packets out of interface FaO/2.

C. It load-balances traffic out of Fa0/1 and Fa0/2.

D. It sends packets out of interface Fa0/1.

Correct Answer: A
Refer to the exhibit.

If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1
120 command how does the router respond?

A. It ignores the new static route until the existing OSPF default route is removed

B. It immediately replaces the existing OSPF route in the routing table with the newly
configured static route

C. It starts load-balancing traffic between the two default routes

D. It starts sending traffic without a specific matching entry in the routing table to
GigabitEthernetO/1

Correct Answer: A

The service password-encryption command is entered on a router. What is the effect of

this configuration?

A. encrypts the password exchange when a VPN tunnel is established

B. protects the VLAN database from unauthorized PC connections on the switch

C. restricts unauthorized users from viewing clear-text passwords in the running

configuration

D. prevents network administrators from configuring clear-text passwords

Correct Answer: C
When using Rapid PVST+, which command guarantees the switch is always the root
bridge for VLAN 200?

A. spanning -tree vlan 200 priority 0

 B. spanning -tree vlan 200 priority 38572422

C. spanning -tree vlan 200 root primary

D. spanning -tree vlan 200 priority 614440

Correct Answer: A
Refer to the exhibit.

What is the result if Gig1/11 receives an STP BPDU?

A. The port immediately transitions to STP forwarding.

B. The port transitions to STP blocking

C. The port transitions to the root port

D. The port goes into error-disable state

Correct Answer: D
Refer to the exhibit.

Which route type does the routing protocol Code D represent in the output?

A. statically assigned route

B. internal BGP route

C. route learned through EIGRP

D. /24 route of a locally configured IP

Correct Answer: C
Which type of security program is violated when a group of employees enters a building
using the ID badge of only one person?

A. user awareness

B. physical access control

C. intrusion detection

D. network authorization

Correct Answer: B
What facilitates a Telnet connection between devices by entering the device name?

A. SNMP

B. syslog

C. DNS lookup

D. NTP

Correct Answer: C
Refer to the exhibit.

Which switch becomes the root of the spanning tree for VLAN 110?

A. Switch 2

B. Switch 1

C. Switch 3

D. Switch 4

Correct Answer: A
Which API is used in controller-based architectures to interact with edge devices?

A. northbound
 B. southbound

C. overlay

D. underlay

Correct Answer: B
What is the effect when loopback interfaces and the configured router ID are absent
during the OSPF Process configuration?

A. The lowest IP address is incremented by 1 and selected as the router ID.

B. The router ID 0.0.0.0 is selected and placed in the OSPF process.

C. The highest up/up physical interface IP address is selected as the router ID.

D. No router ID is set, and the OSPF protocol does not run.

Correct Answer: C
An email user has been lured into clicking a link in an email sent by their company's
security organization. The webpage that opens reports that it was safe but the link could
have contained malicious code. Which type of security program is in place?

A. Physical access control

B. Social engineering attack

C. brute force attack

D. user awareness

Correct Answer: D
Refer to the exhibit.

An engineer is required to verify that the network parameters are valid for the users
wireless LAN connectivity on a /24 subnet. Drag and drop the values from the left onto
the network parameters on the right. Not all values are used.

Correct Answer:
Which MAC address is recognized as a VRRP virtual address?

A. 0000.5E00.010a

B. 0005.3711.0975

C. 0000.0C07.AC99

D. 0007.C070/AB01

Correct Answer: A
Refer to the exhibit.

Which route does R1 select for traffic that is destined to 192 168.16.2?

A. 192.168.16.0/21

B. 192.168.16.0/24

C. 192.168 26.0/26
 D. 192.168.16.0/27

Correct Answer: D
How does HSRP provide first hop redundancy?

A. It load-balances traffic by assigning the same metric value to more than one route to the
same destination m the IP routing table.

B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces
configured with the same VLAN.

C. It forwards multiple packets to the same destination over different routed links n the
data path

D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as
the default gateway for hosts on a LAN

Correct Answer: D
How do servers connect to the network in a virtual environment?

A. a software switch on a hypervisor that is physically connected to the network

B. a cable connected to a physical switch on the network

C. a virtual switch that links to an access point that is physically connected to the network

D. wireless to an access point that is physically connected to the network

Correct Answer: A
Refer to the exhibit.

An administrator must turn off the Cisco Discovery Protocol on the port configured with
address last usable address in the 10.0.0.0/30 subnet. Which command set meets the
requirement?

A. interface gi0/1
no cdp enable

B. interface gi0/0
no cdp run

C. interface gi0/0
no cdp advertise-v2

D. interface gi0/1
clear cdp table

Correct Answer: B
Which statement correctly compares traditional networks and controller-based
networks?

A. Only traditional networks offer a centralized control plane

B. Only traditional networks natively support centralized management

C. Traditional and controller-based networks abstract policies from device configurations

D. Only controller-based networks decouple the control plane and the data plane
Correct Answer: D

What is a DHCP client?

A. a server that dynamically assigns IP addresses to hosts.

B. a router that statically assigns IP addresses to hosts.

C. a workstation that requests a domain name associated with its IP address

D. a host that is configured to request an IP address automatically

Correct Answer: D
Which device performs stateful inspection of traffic?

A. firewall

B. switch

C. wireless controller

D. access point

Correct Answer: A
What is a function of Wireless LAN Controller?

A. register with a single access point that controls traffic between wired and wireless
endpoints.

B. use SSIDs to distinguish between wireless clients.

C. send LWAPP packets to access points.

D. monitor activity on wireless and wired LANs

Correct Answer: C
Which two actions influence the EIGRP route selection process? (Choose two)

A. The router calculates the reported distance by multiplying the delay on the exiting
Interface by 256.

B. The router calculates the best backup path to the destination route and assigns it as the
feasible successor.

C. The router calculates the feasible distance of all paths to the destination route

D. The advertised distance is calculated by a downstream neighbor to inform the local

router of the bandwidth on the link

E. The router must use the advertised distance as the metric for any given route

Correct Answer: B,C
Refer to the exhibit.

Which type of configuration is represented in the output?

A. Puppet

B. Ansible

C. JSON

D. Chef

Correct Answer: A
Which resource is able to be shared among virtual machines deployed on the same
physical server?

A. operating system

B. VM configuration file

C. applications

D. disk

Correct Answer: B
What uses HTTP messages to transfer data to applications residing on different hosts?

A. OpenFlow

B. REST

C. OpFlex

D. OpenStack

Correct Answer: B
what occurs to frames during the process of frame flooding?

A. Frames are sent to every port on the switch in the same VLAN.

B. Frames are sent to every port on the switch in the same VLAN except from the
originating port

C. Frames are sent to every port on the switch that has a matching entry in the MAC
address table.

D. Frames are sent to all ports, including those that are assigned to other VLANs.

Correct Answer: B

An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of

three addresses 192.168.30.1, 192.168.3.2, 192.168.3.3 Which configuration should be
used?
 A. Option B

B. Option C

C. Option A

D. Option D

Correct Answer: B
A network engineer must back up 20 network router configurations globally within a
customer environment. Which protocol allows the engineer to perform this function
using the Cisco IOS MIB?

A. CDP

B. SNMP

C. SMTP

D. ARP

Correct Answer: B
in Which way does a spine and-leaf architecture allow for scalability in a network when
additional access ports are required?

A. A spine switch and a leaf switch can be added with redundant connections between
them

B. A spine switch can be added with at least 40 GB uplinks

C. A leaf switch can be added with a single connection to a core spine switch.

D. A leaf switch can be added with connections to every spine switch

Correct Answer: D
Drag the IPv6 DNS record types from the left onto the description on the right.

https://ns1.com/resources/dns-types-records-servers-and-queries#:~:text=Address
%20Mapping%20record%20(A%20Record,a%20hostname%20to%20another
%20hostname.
Correct Answer:

A wireless administrator has configured a WLAN; however, the clients need access to a
less congested 5-GHz network for their voice quality. What action must be taken to meet
the requirement?

A. enable RX-SOP

B. enable AAA override

C. enable DTIM

D. enable Band Select

Correct Answer: D
What are two reasons for an engineer to configure a floating state route? (Choose two)

A. to control the return path of traffic that is sent from the router

B. to enable fallback static routing when the dynamic routing protocol fails

C. to route traffic differently based on the source IP of the packet

D. to automatically route traffic on a secondary path when the primary path goes down

E. to support load balancing via static routing

Correct Answer: B,D
Which type of attack can be mitigated by dynamic ARP inspection?

A. malware

B. man-in-the-middle

C. DDoS

D. worm

Correct Answer: B
In which two ways does a password manager reduce the chance of a hacker stealing a
users password? (Choose two.)

A. It encourages users to create stronger passwords.

B. It automatically provides a second authentication factor that is unknown to the original
user.

C. It protects against keystroke logging on a compromised device or web site.

D. It uses an internal firewall to protect the password repository from unauthorized access.

E. It stores the password repository on the local workstation with built-in antivirus and anti-
malware functionality

Correct Answer: A,C
Which network allows devices to communicate without the need to access the Internet?
 A. 1729.0.0/16

B. 172.28.0.0/16

C. 192.0.0.0/8

D. 209.165.201.0/24

Correct Answer: B
What are two functions of a Layer 2 switch? (Choose two)

A. acts as a central point for association and authentication servers

B. moves packets between different VLANs

C. makes forwarding decisions based on the MAC address of a packet

D. moves packets within a VLAN

E. selects the best route between networks on a WAN

Correct Answer: A,C