CCNA – New Questions Part 13

Question 1: Refer to the exhibit.

A new VLAN and switch are added to the network. A remote engineer configures OldSwitch and must ensure
that the configuration meets these requirements:
* accommodates current configured VLANs
* expands the range to include VLAN 20
* allows for IEEE standard support for virtual LANs
Which configuration on the NewSwitch side of the link meets
these requirements?
A. no switchport trunk encapsulation isl
switchport trunk encapsulation dot1q
switchport trunk allowed vlan add 20
B. switchport nonnegotiate no
switchport trunk allowed vlan 5,10
switchport trunk allowed vlan 5,10,15,20
B. no switchport mode trunk
switchport trunk encapsulation isl
switchport mode access vlan 20
D. switchport mode dynamic
channel-group 1 mode active
switchport trunk allowed vlan 5,10,15,20
Answer: A

Question 2: Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Multicast
+ sends packets to a group address rather than a single address
+ has a unicast source sent to a group
Anycast
+ is used exclusively by a non-host device
+ is routed to the nearest interface that has
the address
Question 3: Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Answer:
Global Unicast Address
+ enables aggregation of routing prefixes
+ is routable and reachable via the Internet
Multicast
+ provides one-to-many communications
+ has a unicast source sent to a group

Question 4: How does frame switching function on a switch?

A. forwards frames to a neighbor port using CDP
B. modifies frames that contain a known source VLAN
C. inspects and drops frames from unknown destinations
D. forwards known destinations to the destination port
Answer: D
Question 5: What is used as a solution for protecting an individual network endpoint from attack?
A. Router
B. Wireless controller
C. Antivirus software
D. Cisco DNA Center
Answer: C

Question 6: Refer to Exhibit.

An engineer is building a new Layer 2 LACP EtherChannel between SW1 and SW2. and they executed the
given show commands to verify the work. Which additional task must be performed so that the switches
successfully bundle the second member in the LACP port- channel?
A. Configure the switchport trunk allowed vlan 300 command on SW1 port-channel 1
B. Configure the switchport trunk allowed vlan 300 command on interface Fa0/2 on SW1
C. Configure the switchport trunk allowed vlan add 300 command on interface Fa0/2 on SW2
D. Configure the switchport trunk allowed vlan add 300 command on SW1 port-channel 1
Answer: D
Question 7: Which two HTTP methods are suitable for actions performed by REST-based APIs? (Choose two)
A. REMOVE
B. REDIRECT
C. POST
D. GET
E. POP
Answer: C D
Question 8: What provides connection redundancy increased bandwidth and load sharing between a wireless
LAN controller and a Layer 2 switch?
A. VLAN trunking
B. tunneling
C. first hop redundancy
D. link aggregation
Answer: D
Question 9: Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Global Unicast Address
+ provides for one-to-one communication
+ is publicly routable in the same way as IPv4 addresses
Unique Local
+ allows sites to be combined without address conflicts
+ is a counterpart of private IPv4
addresses
Question 10: When the LAG configuration is updated on a Cisco WLC, which additional task must be
performed when changes are complete?
A. Flush all MAC addresses from the WLC
B. Re-associate the WLC with the access point.
C. Re-enable the WLC interfaces
D. Reboot the WLC
Answer: D
Question 11: Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and
automatically when edge devices or access circuits fail?
A. SLB
B. FHRP
C. VRRP
D. HSRP
Answer: D

Question 12: Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Global Unicast Address
+ is publicly routable in the same way as IPv4 addresses
+ provides for one-to-one communication
Link-Local Address
+ serves as the next-hop addresses
+ required on all IPv6
devices
Question 13: What is an enhancement implemented in WPA3?
A. employs PKI and RADIUS to identify access points
B. applies 802.1x authentication and AES-128 encryption
C. uses TKIP and per-packet keying
D. defends against deauthentication and disassociation attacks
Answer: D
Question 14: What is a link-local all-nodes IPv6 multicast address?
A. ff02:0:0:0:0:0:0:1
B. 2004:31c:73d9:683e:255::
C. fffe:034:0dd:45d6:789e::
D. fe80:4433:034:0dd::2
Answer: A
Question 15: Refer to the exhibit.
Which format matches the Modified EUI-64 IPv6 interface address for the network 2001:db8::/64?
A. 2001:db8::5000:0004:5678:0090/64
B. 2001:db8:4425:5400:77ff:fe07:/64
C. 2001:db8::5000:00ff:fe04:0000/64
D. 2001:db8::5200:00ff:fe04:0000/64
Answer: D
Question 16: What are two disadvantages of a full-mesh topology? (Choose two)
A. It needs a high MTU between sites.
B. It has a high implementation cost.
C. It must have point-to-point communication.
D. It requires complex configuration.
E. It works only with BGP between sites.
Answer: B D

Question 17: Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Global Unicast Address
+ provides for one-to-one communication
+ is routable and reachable via the Internet
Link-Local Address
+ confined to a single link
+ serves as the next-hop addresses

Question 18: How does MAC learning function on a switch?

A. broadcasts frames to all ports without queueing
B. adds unknown source MAC addresses to the address table
C. sends a retransmission request when a new frame is received
D. sends frames with unknown destinations to a multicast group
Answer: B
Question 19: What is the purpose of classifying network traffic in QoS?
A. services traffic according to its class
B. identifies the type of traffic that will receive a particular treatment
C. writes the class identifier of a packet to a dedicated field in the packet header
D. configures traffic-matching rules on network devices
Answer: B
Question 20: What is a benefit of using private IPv4 addressing?
A. Multiple companies can use the same addresses without conflicts.
B. Direct connectivity is provided to internal hosts from outside an enterprise network.
C. Communication to the internet is reachable without the use of NAT.
D. All external hosts are provided with secure communication to the Internet.
Answer: A

Question 21: What is the advantage of separating the control plane from the data plane within an SDN network?
A. decreases overall network complexity
B. limits data queries to the control plane
C. reduces cost
D. offloads the creation of virtual machines to the data plane
Answer: A
Question 22: Drag and drop the use cases for device-management technologies from the left onto the
corresponding.
Answer:
Cisco DNA Center
+ overlay and underlay configuration
+ routed access deployment
+ VXLAN and LISP configuration
Traditional
+ STP deployment
+ VLAN and HSRP configuration
+ configuration via console

Question 23: Why is a first-hop redundancy protocol implemented?

A. to protect against default gateway failures
B. to prevent loops in a network
C. to enable multiple switches to operate as a single unit
D. to provide load-sharing for a multilink segment
Answer: A
Question 24: Which WPA mode uses PSK authentication?
A. Local
B. Client
C. Enterprise
D. Personal
Answer: D
Question 25: Drag and drop the AAA features from the left onto the corresponding AAA security services on
the right. Not all options are used.

Answer:
Accounting
+ It records the amount of time for which a user accesses the network on a remote server
+ It uses TACACS+ to log the configuration commands entered by a network administrator
Authorization
+ It enables the device to allow user- or group-based access
+ It restricts the CLI commands that a user is able to perform
Question 26: What is a function of the core and distribution layers in a collapsed-core architecture?
A. The router must use IPv4 and IPv6 addresses at Layer 3.
B. The core and distribution layers are deployed on two different devices to enable failover.
C. The router can support HSRP for Layer 2 redundancy in an IPv6 network.
D. The router operates on a single device or a redundant pair.
Answer: D
Question 27: Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.

Answer:
Global unicast: 3ffe:e54d:620:a87a::f00d
Link-Local unicast: fe80::a00:23ff:feeb:89aa
Multicast: ff05::1:3
Unique Local: fd6d:c83b:5cef:b6b2::1

Question 28: Refer to the exhibit.

Which switch becomes the root bridge?

A. SW 1
Bridge Priority – 32768
mac-address 0fd7:9e:13:ab:82
B. SW 4
Bridge Priority – 40960
mac-address 05:d8:33:09:8f:89
C. SW3
Bridge Priority – 32768
mac-address 01:1c:6c:66:b7:70
D. SW2
Bridge Priority – 40960
mac-address 04:44:97:51:63:17
Answer: C
Question 29: Refer to the exhibit.
A newly configured PC fails to connect to the internet using TCP port 80 to www.cisco.com. Which setting
must be modified for the connection to work?
A. Subnet Mask
B. DNS Servers
C. Default Gateway
D. DHCP Server
Answer: C
Question 30: Refer to the exhibit.

All interfaces are configured with duplex auto and ip ospf network broadcast. Which configuration allows
routers R14 and R86 to form an OSPFv2 adjacency and act as a central point for exchanging OSPF information
between routers?

Option A Option B
R14# R14#
interface FastEthernet0/0 interface Loopback0 ip ospf 10 area
ip address 10.73.65.65 255.255.255.252 0
ip ospf priority 0 ip mtu 1500
interface FastEthernet0/0
router ospf 10 ip address 10.73.65.65 255.255.255.252
router-id 10.10.1.14 ip ospf priority 255 ip ospf 10 area 0
network 10.10.1.14 0.0.0.0 area 0 ip mtu 1500
network 10.73.65.64 0.0.0.3 area 0
router ospf 10
R86# router-id 10.10.1.14
interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252 R86#
ip mtu 1500 interface Loopback0 ip ospf 10 area
0
router ospf 10
router-id 10.10.1.86 interface FastEthernet0/0
network 10.10.1.86 0.0.0.0 area 0 ip address 10.73.65.66 255.255.255.252
network 10.73.65.64 0.0.0.3 area 0 ip ospf 10 area 0
ip mtu 1500
router ospf 10
router-id 10.10.1.86
Option C Option D

R14# R14#
interface FastEthernet0/0 interface Loopback0 ip ospf 10 area 0
ip address 10.73.65.65 255.255.255.252
ip ospf priority 255 ip mtu 1500 interface FastEthernet0/0
ip address 10.73.65.65 255.255.255.252
router ospf 10 ip ospf 10 area 0
router-id 10.10.1.14 ip mtu 1500
network 10.10.1.14 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0 router ospf 10
router-id 10.10.1.14
R86# network 10.10.1.14 0.0.0.0 area 0
interface FastEthernet0/0 network 10.73.65.64 0.0.0.3 area 0
ip address 10.73.65.66 255.255.255.252
ip mtu 1400 R86#
interface FastEthernet0/0
router ospf 10 ip address 10.73.65.66 255.255.255.252
router-id 10.10.1.86 ip mtu 1400
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0 router ospf 10
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0

A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Question 31: Drag and drop the characteristic from the left onto the cable type on the right.

Answer:
multimode fiber:
+ uses multiple wavelengths of light
+ has increased attenuation over long distances
single-mode fiber:
+ has a core diameter of 9 microns
+ uses a single wavelength of light

Question 32: An engineer must configure a core router with a floating static default route to the backup router at
10.200.0.2. Which command meets the requirements?
A. ip route 0.0.0.0 0.0.0.0 10.200.0.2 floating
B. ip route 0.0.0.0 0.0.0.0 10.200.0.2
C. ip route 0.0.0.0 0.0.0.0 10.200.0.2 10
D. ip route 0.0.0.0 0.0.0.0 10.200.0.2 1
Answer: C
Question 33: Which interface is used to send traffic to the destination network?
D 10.87.161.30/27 [90/10331] via G0/17
D 10.87.161.30/27 [90/44594] via G0/8
O 10.87.161.30/27 [110/7820] via G0/24
O 10.87 161.30/27 [110/7879] via G0/1

A. G0/1
B. G0/8
C. G0/24
D. G0/17
Answer: D

Question 34: Refer to the exhibit.

R1# show ip route

Codes: C - connected, S — static, I — IGRP, R —
RIP, M — mobile, B - BGP D - EIGRP, EX - EIGRP
external, O - OSPF, XA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2 E1 - OSPF
external type 1, E2 - OSPF external type
2, E — EGP
i - IS-IS, LI - IS-IS level-1, L2 — IS-IS level-2, * —
candidate default U - per-user static route, o -
ODR
Gateway of last resort is not set
C 172.16.0.0/16 is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 4
subnets, 2 masks
O 172.16.1.3/32 [110/100] via
10.0.1.100, 00:39:08, Serial0
O 172.16.1.9/32 [110/5] via 172.16.1.50,
00:43:01, Gigabit Ethernet 0/0 D 172.16.1.4/30
[90/7445] via 172.16.9.5, 00:39:08, Gigabit
Ethernet 0/0
[90/7445] via 172.16.4.4, 00:39:08, Gigabit Ethernet 0/4

How does router R1 handle traffic to the 172.16.1.4 /30 subnet?

A. It sends all traffic over the path via 172.16.4.4
B. It sends all traffic over the path via 10.0.1 100
C. It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup
D. It load-balances traffic over 172.16.9.5 and 172.16.4.4
Answer: D

Question 35: Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Answer:
Anycast
+ is assigned to multiple devices on the same network simultaneously
+ is routed to the nearest interface that has the address
Multicast
+ cannot be used as a source address
Question 36: What is a characteristic of an SSID in wireless networks?
A. uses policies to prevent unauthorized users
B. identifies an access point on a WLAN
C. prompts a user for a login ID
D. associates a name to a WLAN
Answer: D
Question 37: What is represented by the word “port” within this JSON schema?

1 [
2 {"IDS": "IPS_pittsburgh", "port":"te8/30"},
3 {"router": "R20", "port":"ge9/23"},
4 {"firewall": "FW42", "port":"fe3/24"},
5 ]
A. value
B. array
C. key
D. object
Answer: C
Question 38: Drag and drop the IPv6 address from the left onto the type on the right.

Answer:
+ Global Unicast: 2000:1092 :a1e8:827d:527c:3ce7:9816:1
+ Link-Local Unicast: fe80:cc72:4b9e:445c:8179:0420:5988:7
+ Multicast: ff00:ec6c:dbb1:3e8b:6d46:bd27:a236:12
+ Unique Local: fc00:9860:653f:5146:8cb2:a27c:cb6f:3
Question 39: Drag and drop the characteristic from the left onto the cable type on the right.
Answer:
copper:
+ contains a conductor, bedding, and sheathing
+ is typically used in small office applications
single mode fiber:
+ is ideal over longer distances with little loss of integrity
+ uses a single wavelength of light

Question 40 What is represented by the word “ge3/36” within this JSON schema?
1[
2 {"VPN concentrator": "VPN36", "interface":"ge3/36"},
3 {"load balancer": "LB33", "interface":"te7/10"},
4 {"switch": "SW31", "interface":"fe2/25"},
5 ]
A. value
B. array
C. key
D. object
Answer: A
Question 41 Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Answer:
Unique Local
+ is unable to route on the internet
+ allows sites to be combined without address conflicts
Multicast
+ has a unicast source sent to a group
+ sends packets to a group address rather than a single
address Question 42
What is a characteristic of encryption in wireless networks?
A. uses policies to prevent unauthorized users
B. prevents the interception of data as it transits a network
C. provides increased protection against spyware
D. converts electrical current to radio waves
Answer: B
Question 43: What is a characteristic of private IPv4 addressing?
A. complies with PCI regulations
B. is used on internal hosts that stream data solely to external resources
C. provides an added level of protection against internet threats
D. enables secure connectivity over the internet
Answer: C
Question 44: Which interface is used to send traffic to the destination network?

D 10.214.247.237/28 [90/2170] via G0/12

D 10.214.247.237/28 [90/46985] via G0/19
O 10.214.247.237/28 [110/665] via G0/9
O 10.214.247.237/28 [110/3399] via G0/1

A. G0/12
B. G0/1
C. G0/9
D. G0/19
Answer: A
Question 45: Which interface is used to send traffic to the destination network?
O 10.139.120.253/29 [110/9443] via G0/20
O 10.139.120.253/29 [110/29560] via G0/16
R 10.139.120.253/29 [120/12] via G0/11
R 10.139120 253/29 [120/6] via G0/9

A. G0/11
B. G0/20
C. G0/9
D. G0/16
Answer: B

Question 46: Drag and drop the characteristic from the left onto the cable type on the right.

Answer:
multimode fiber:
+ becomes distorted at longer lengths
+ is typically used for internal datacenter connectivity
single mode fiber:
+ has minimal light reflection as it travels down the core
+ uses a single wavelength
of light Question 47
What is a characteristic of an SSID in wireless networks?
A. broadcasts a beacon signal to announce its presence by default
B. uses policies to prevent unauthorized users
C. converts electrical current to radio waves
D. prompts a user for a login ID
Answer: A

Question 48: Refer to the exhibit.

The P2P Blocking Action option is disabled on the WLC. The security team has a new requirement for each
client to retain their assigned IP addressing as the clients move between locations in the campus network.
Which action completes this configuration?
A. Set the P2P Blocking Action option to Forward-UpStream.
B. Enable the Static IP Tunneling option.
C. Check the DHCP Addr. Assignment check box.
D. Disable the Coverage Hole Detection option.
Answer: B
Question 49: Drag and drop the characteristics of transport layer protocols from the left onto the corresponding
protocols on the right.
Answer:
TCP
+ guarantees packet delivery
+ uses a 32-bit sequence number
+ provides support for retransmission of lost packets
UDP
+ ideal for voice traffic
+ offers minimal overhead within a packet
+ requires less computer resources
Question 50: What is a reason why a company would choose to use network automation in an enterprise?
A. Provide data services faster.
B. Enable network segmentation.
C. Mitigate spanning-tree loop avoidance.
D. Implement granular QoS.
Answer: A

Question 51: Refer to the exhibit.

router# show ip route

...
D 172.16.32.0/26
[90/25789217] via 10.0.0.1 R
172.16.32.0/24 [120/4] via
10.0.0.2
O 172.16.32.0/19 [110/229840] via 10.0.0.3
C 172.16.32.32/32 is directly connected, Loopback0
C 172.16.32.4/30 is directly connected, GigabitEthernet0/0

A packet sourced from 172.16.32.254 is destined for 172.16.32.8. What is the subnet mask of the preferred
destination route?
A. 255.255.224.0
B. 255.255.255.0
C. 255.255.255.192
D. 255.255.255.252
Answer: C
Question 52: Which WLC interface provides out-of-band management in the Cisco Unified Wireless Network
Architecture?
A. dynamic
B. AP-Manager
C. virtual
D. service
port
Answer: D

Question 53: Refer to the exhibit.

The IPv6 address for the LAN segment on router R1 must be configured using the EUI-64 format. When
configured which ipv6 address is produced by the router?
A. 2001:db8:1006:1968:4564:877F:FE99:1
B. 2001:db8:1006:1968:1119:BEFF:FE67:1
C. 2001:db8:1006:1968:1130:ABFF:FECC:1
D. 2001:db8:1006:1968:12D8:BAFE:FF01:1
Answer: B
Question 54: Which IPsec encryption mode is appropriate when the destination of a packet differs from the
security termination point?
A. tunnel
B. main
C. aggressive
D. transport
Answer: A
Question 55: Why is UDP more suitable than TCP for applications that require low latency, such as VoIP?
A. UDP reliably guarantees delivery of all packets, and TCP drops packets under heavy load.
B. TCP uses congestion control for efficient packet delivery, and UDP uses flow control mechanisms for the
delivery of packets.
C. UDP uses sequencing data for packets to arrive in order, and TCP offers the capability to receive packets in
random order.
D. TCP sends an acknowledgment for every packet that is received, and UDP operates without
acknowledgments.
Answer: D

Question 56: Refer to the exhibit.

Router# show interface FastEthernet0/0

FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 0017.59b2.7fb2 (bia
0017.59b2.7fb2) Internet address is 10.0.0.2/30 MTU 1500 bytes,
BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload
1/255, rxload 1/255
Encapsulation ARPA, loopback
not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:04,
output hang sever Last clearing of
"show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output
drops: 1 Queueing strategy: fifo Output queue: 0/40
(size/max)
5 minute input rate 516000 bits/sec, 45 packets/sec
5 minute output rate 516000 bits/sec, 46 packets/sec
13282 packets input, 20075670 bytes
Received 25 broadcasts, 0 runts, 0 giants, 0 throttles
383 input errors, 383 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
13438 packets output, 20084258 bytes, 0 underruns
0 output errors, 831 collision, 5 interface resets
11 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Users at a branch office are experiencing application performance issues, poor VoIP audio quality, and slow
downloads. What is the cause of the issues?
A. QoS queuing
B. interface configuration
C. broadcast storm
D. overutilization
Answer: B
Question 57: Refer to the exhibit.

0ldR#show ip ospf interface

GigabitEthernet0/0/0 is up, line
protocol is up Internet address is
192.168.1.2/24, Area 0
Process ID 1, Router ID 192.168.1.1, Network Type BROADCAST, Cost: 1 Transmit
Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.1.1,
Interface address 192.168.1.1
Backup Designated Router (ID) 192.168.1.1,
Interface address 192.168.1.1 Timer intervals
configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:01
Index 1/1, flood queue length 0
Neighbor Count is 1, Adjacent neighbor count is 2
R2#show ip ospf interface
GigabitEthernet0/0/0 is up, line
protocol is up Internet address is
192.168.1.1/24, Area 0
Process ID 1, Router ID 192.168.1.1, Network
Type BROADCAST, Cost: 1 Transmit Delay is 1
sec, State DROTHER, Priority 1
Designated Router (ID) 192.168.1.1, Interface address 192.168.1.2
Backup Designated Router (ID) 192.168.1.1,
Interface address 192.168.1.2 Timer intervals
configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:02
Index 2/2, flood queue length 0
Neighbor Count is 1, Adjacent neighbor count is 2
Router OldR is replacing another router on the network with the intention of having OldR and R2 exchange
routes. After the engineer applied the initial OSPF configuration, the routes were still missing on both
devices. Which command sequence must be issued before the clear IP ospf process command is entered to
enable the neighbor relationship?
A. OldR(config)#router ospf 1
OldR(config-router)#no router-id 192.168.1.1
B. OldR(config)#interface g0/0/0
OldR(config-if)#ip ospf dead-interval 15
C. OldR(config)#interface g0/0/0
OldR(config-if)#ip ospf hello-interval 15
D. OldR(config)#router ospf 1
OldR(config-router)# network 192.168.1.0 255.255.255.0 area 2
Answer: A
Question 58: Refer to the exhibit.

Router-Y#show ip route

Codes: L - local, C - connected, S - static, R - RIP,

M - mobile, B - BGP D - EIGRP, EX - EIGRP
external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2 E1 - OSPF
external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U -
per-user static route o - ODR, P - periodic
downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override, p
- overrides from PfR Gateway of last resort is not
set
10.0.0.0/8 is variably subnetted
B 10.0.0.0/8 [1/0] via 10.224.1.2
B 10.27.150.224/27 [20/0] via
10.224.1.3, 1w6d S 10.128.0.0/9
[1/0] via 10.224.1.3
B 10.224.0.0/11 [20/0] via 10.224.1.5, 5d18h
B 10.224.0.0/15 [20/0] via 10.224.1.4, 5d18h
C 10.223.0.0/24 is directly connected,
GigabitEthernet0/1 C 10.224.0.0/24 is
directly connected, GigabitEthernet0/0 B
10.226.34.0/24 [20/0] via 10.224.1.5,
5d18h

PC A is communicating with another device at IP address 10.225.34.225. Through which router does router Y
route the traffic?
A. router A
B. router B
C. router C
D. router D
Answer: C
Question 59: An engineer needs to configure an access point to forward all client traffic through a wireless
controller. Which mode must be enabled to accomplish this task?
A. local
B. monitor
C. autonomous
D. rogue detector
Answer: A
Question 60: What is the root port in STP?
A. It is the port with the highest priority toward the root bridge.
B. It is the port that is elected only when the root bridge has precisely one port on a single LAN segment.
C. It is the port on a switch with the lowest cost to reach the root bridge.
D. It is the port on the root switch that leads to the designated port on another switch.
Answer: C

Question 61: An Ethernet frame arrived at switch interface G0/1, but the destination MAC address is missing
from the MAC address table. How does the switch process the frame?
A. It sends an ARP request to attempt to locate the destination.
B. It updates the destination to FFFF.FFFF.FFFF.
C. It drops the frame and notifies the sending host.
D. It floods the frame out of the remaining switch interfaces.
Answer: D

Question 62: In which circumstance would a network architect decide to implement a global unicast subnet
instead of a unique local unicast subnet?
A. when the subnet must be available only within an organization
B. when the subnet does not need to be routable
C. when the addresses on the subnet must be equivalent to private IPv4 addresses
D. when the subnet must be routable over the internet
Answer: D

Question 63: Which Windows command is used instead of the route print command to display the contents of
the IP routing table?
A. netstat-n
B. ipconfig
C. ifconfig
D. netstat-r
Answer: D

Question 64: What differentiates the Cisco OfficeExtend AP mode from FlexConnect AP mode?
A. FlexConnect allows a personal SSID to be configured on the AP, and personal SSIDs are not supported with
OfficeExtend.
B. OfficeExtend does not support DTLS tunneling of traffic to the WLC, and FlexConnect tunnels traffic to the
WLC with DTLS.
C. OfficeExtend tunnels all traffic through the WLC, and FlexConnect terminates client traffic at the AP switch
port.
D. FlexConnect must be deployed behind a router that NATs the client traffic, and OfficeExtend uses public IP
sources.
Answer: C
Question 65: Which type of IPv4 address must be assigned to a server to protect it from external access and
allow only internal users access while restricting internet access?
A. global unicast
B. public
C. private
D. multicast
Answer: C

Question 66: Which function generally performed by a traditional network device is replaced by a software-
defined controller?
A. encryption and decryption for VPN link processing
B. building route tables and updating the forwarding table
C. changing the source or destination address during NAT operations
D. encapsulation and decapsulation of packets in a data-link frame
Answer: B

Question 67: Refer to the exhibit.

Drag and drop the learned prefixes from the left onto the preferred route methods from which they were learned
on the right.
Answer:
+ static: 207.165.200.244/30
+ EIGRP: 192.168.2.0/24
+ OSPF: 192.168.1.0/24
+ RIP: 172.16.2.0/24
Question 68: What describes the functionality of southbound APIs?
A. They use HTTP messages to communicate.
B. They enable communication between the controller and the network device.
C. They convey information from the controller to the SDN applications.
D. They communicate with the management plane.
Answer: B
Question 69: What are two purposes of HSRP? (Choose two)
A. It groups two or more routers to operate as one virtual router.
B. It improves network availability by providing redundant gateways.
C. It passes configuration information to hosts in a TCP/IP network.
D. It helps hosts on the network to reach remote subnets without a default gateway.
E. It provides a mechanism for diskless clients to autoconfigure their IP parameters during boot.
Answer: A B

Question 70: A network engineer must configure an access list on a new Cisco IOS router. The access list must
deny HTTP traffic to network 10.125.128.32/27 from the 192.168.240.0/20 network, but it must allow the
192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which configuration must the engineer
apply?

Option A

ip access-list extended deny_outbound

10 deny tcp 10.125.128.32 255.255.255.224 192.168.240.0
255.255.240.0 eq 443
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32
255.255.255.224 eq 443
30 permit ip 192.168.240.0 255.255.240.0 10.0.0.0
255.0.0.0

Option B

ip access-list extended deny_outbound

10 permit ip 192.168.240.0 255.255.240.0 10.0.0.0
255.0.0.0
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32
255.255.255.224 eq 443
30 permit ip any any

Option C

ip access-list extended deny_outbound

10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32
0.0.0.31 eq 80
20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0
0.255.255.255
30 deny ip any any log

Option D
ip access-list extended deny_outbound
10 deny tcp 192.168.240.0 0.0.15.255 any eq 80
20 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32
0.0.0.31 eq 80
30 permit ip 192.168.240.0 0.0.15.255 10.0.0.0
0.255.255.255

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Question 71: A DHCP pool has been created with the name NOCC. The pool is using 192.168.20.0/24 and must
use the next to last usable IP address as the default gateway for the DHCP clients. What is the next step in the
process?
A. default-router 192.168.20.253
B. network 192.168.20.254 255.255.255.0 secondary
C. ip default-gateway 0.0.0.0 0.0.0.0 192.168.20.253
D. next-server 192.168.20.254
Answer: A

Question 72: What is the role of SNMP in the network?

A. to monitor network devices and functions using a TCP underlay that operates on the presentation layer
B. to collect data directly from network devices using an SSL underlay that operates on the transport layer
C. to monitor and manage network devices using a UDP underlay that operates on the application layer
D. to collect telemetry and critical information from network devices using an SSH underlay that operates on the
network layer
Answer: C
Question 73: Refer to the exhibit.

1[
2 {"switch": "3750", "port": e2},
3 {"router": "2951", "port": e20},
4 {"switch": "3750", "port": e23}
5]
What is represented beginning with line 1 and ending with line 5?
A. object
B. key
C. value
D. array
Answer: D

Question 74: What is the difference between an IPv6 link-local address and a unique local address?
A. The scope of an IPv6 link-local address is limited to a directly attached interface, but an IPv6 unique local
address is used throughout a company site or network
B. The scope of an IPv6 link-local address is limited to a loopback address, and an IPv6 unique local
address is limited to a directly attached interface.
C. The scope of an IPv6 link-local address is global, but the scope of an IPv6 unique local address is limited to a
loopback address
D. The scope of an IPv6 link-local address can be used throughout a company site or network, but an IPv6
unique local address is limited to a loopback address.
Answer: A
Question 75: What are two reasons to implement DHCP in a network? (Choose two)
A. manually control and configure IP addresses on network devices
B. reduce administration time in managing IP address ranges for clients
C. control the length of time an IP address is used by a network device
D. dynamic control over the best path to reach an IP address
E. access a website by name instead of by IP address
Answer: B C
Question 76: What does traffic shaping do?
A. It modifies the QoS attributes of a packet
B. It sets QoS attributes within a packet
C. It queues excess traffic
D. It organizes traffic into classes
Answer: C
Question 77: What is a difference between an IPv6 multicast address and an IPv6 anycast address?
A. An IPv6 multicast address uses the prefix 2002:/15 and forwards to one destination, and an IPv6 anycast
address uses the prefix ff00::/8 and forwards to any destination in a group
B. IPv6 multicast addresses are used to transition from IPv4 to IPv6, and IPv6 anycast addresses are used
for address aggregation in an IPv6-only environment
C. An IPv6 multicast address is assigned to numerous interfaces within a subnet, but an IPv6 anycast
address is used for a predefined group of nodes in an all-IPv6 routers group
D. A packet sent to an IPv6 multicast address is delivered to one or more destinations at once, but a packet
sent to an IPv6 anycast address is routed to the closest interface with that address
Answer: D

Question 78: Which enhancements were implemented as part of WPA3?

A. TKIP encryption improving WEP and per-packet keying
B. forward secrecy and SAE in personal mode for secure initial key exchange
C. 802.1x authentication and AES-128 encryption
D. AES-64 in personal mode and AES-128 in enterprise mode
Answer: B
Question 79: How is a configuration change made to a wireless AP in lightweight mode?
A. SSH connection to the management IP of the AP
B. HTTPS connection directly to the out-of-band address of the AP
C. CAPWAP/LWAPP connection via the parent WLC
D. EoIP connection via the parent WLC
Answer: C
Question 80: Which Rapid PVST+ feature should be configured on a switch port to immediately send traffic to
a connected server as soon as it is active?
A. loop guard
B. BPDU guard
C. uplinkfast
D. portfast
Answer: D
Question 81: How is noise defined in Wi-Fi?
A. signals from other Wi-Fi networks that interfere with the local signal
B. measured difference between the desired Wi-Fi signal and an interfering Wi-Fi signal
C. ratio of signal-to-noise rating supplied by the wireless device
D. any interference that is not Wi-Fi traffic that degrades the desired signal
Answer: D
Question 82: Refer to the exhibit.

Which set of commands must be applied to the two switches to configure an LACP Layer 2 EtherChannel?

Option A Option B
SW1(config)#interface range f0/13 -14 SW1(config)#interface range f0/13 -14
SW1(config-if-range)#channel-group 1 mode SW1(config-if-range)#channel-group 1 mode on
desirable SW2(config)#interface range f0/13 -14 SW2(config)#interface range f0/13 -14
SW2(config-if-range)#channel-group 1 mode SW2(config-if-range)#channel-group 1 mode passive
passive

Option C Option D
SW1(config)#interface range f0/13 -14 SW1(config)#interface range f0/13 -14
SW1(config-if-range)#channel-group 1 mode active SW1(config-if-range)#channel-group 1 mode auto
SW2(config)#interface range f0/13 -14 SW2(config)#interface range f0/13 -14
SW2(config-if-range)#channel-group 1 mode SW2(config-if-range)#channel-group 1 mode passive
passive

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C

Question 83: An administrator is configuring a Cisco Catalyst switch so that it will accept management
connections only from hosts in the 203.0.113.0/24 network. Other traffic passing through the switch must transit
without interruption. Which two configurations must the engineer apply to the router? (Choose two)
A. ip access-list extended Management
permit tcp any range 22 23 203.0.113.0 0.0.0.255
B. line vty 0 15
access-class Management in
C. ip access-list standard
Management permit 203.0.113.0 255.255.255.0
D. interface range vlan 1 – 4094
ip access-group Management out
E. ip access-list standard
Management permit 203.0.113.0 0.0.0.255
Answer: B E
Question 84: Which interface on the WLC is limited to one when LAG is in use?
A. AP-manager
B. virtual
C. trunk
D. service
Answer: A
Question 85: Refer to the exhibit.
Connections must be blocked from PC2 to the file server while still allowing PC2 to connect to other network
hosts and devices. Which configuration must be used to complete the task?

Option A Option B
R1(config)#access-list 1 permit 192.168.2.10 R2(config)#access-list 1 deny 192.168.2.10
R1(config)#access-list 1 deny any R2(config)#access-list 1 permit any
R1(config)#interface g0/1 R2(config)#interface g0/1
R1(config-if)#ip access-group 1 out R2(config-if)#ip access-group 1 out

Option C Option D
R2(config)#access-list 1 permit 192.168.2.10 R1(config)#access-list 1 deny 192.168.2.10
R2(config)#access-list 1 deny 192.168.2.0 0.0.0.255 R1(config)#access-list 1 permit 192.168.2.0
R2(config)#interface g0/1 0.0.0.255 R1(config)#interface g0/0
R2(config)#ip access-group 1 in R1(config-if)#ip access-group 1 in

A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Question 86: Which protocol does a REST API use to communicate?
A. HTTP
B. STP
C. SNMP
D. SSH
Answer: A

Question 87: What is a function of a firewall on an enterprise network?

A. It acts as the intermediary device between the enterprise and its ISP
B. It serves as a default gateway to hosts on the internet
C. It processes traffic based on stateless inspection
D. It allows and denies ingress and egress traffic
Answer: D
Question 88: Which encryption mode is used when a packet is sent from a site-to-site VPN connection where
the source and destination IP address portion of a packet is unencrypted?
A. PPTP
B. Secure Shell
C. Transport
D. PPPoE
Answer: C
Question 89: Refer to the exhibit.

An engineer just installed network 10.120.10.0/24. Which configuration must be applied to the R14 router to
add the new network to its OSPF routing table?
A. router ospf 100
network 10.120.10.0 0.0.0.255 area 0
B. router ospf 100 area 0
network 10.120.10.0 0.0.0.255
C. router ospf 120
network 10.120.10.0 255.255.255.0 area 0
ip route 10.120.10.0 255.255.255.0 fa0/1
D. router ospf 100
network 10.120.10.0 255.255.255.0 area 0
Answer: A
Question 90: Which key function is provided by the data plane?
A. making routing decisions
B. exchanging routing table data
C. forwarding traffic to the next hop
D. originating packets
Answer: C
Question 91: Refer to the exhibit.
 An engineer configures interface fa0/1 on SW1 and SW2 to pass traffic from two different VLANs. For security
reasons, company policy requires the native VLAN to be set to a nondefault value. Which configuration meets
this requirement?

Option B
Option A
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode dynamic Switch(config-if)#switchport trunk encapsulation
Switch(config-if}#switchport access vlan 100,105 dot1q Switch(config-if)#switchport access vlan
Switch(config-if)#switchport trunk native vlan 1 100.105 Switch(config-if)#switchport trunk native vlan
3

Option C Option D
Switch(config-if)#switchport mode trunk Switch(config-if)#switchport mode trunk
Switch(config-if)# switch port trunk encapsulation isl Switch(config-if)#switchport trunk encapsulation
Switch(config-if)#switchport trunk allowed vlan 100,105 dot1q
Switch(config-if)#s witch port trunk native vlan 1 Switch(config-if)#switchport trunk allowed vlan
100,105 Switch(config if)#switchport trunk native vlan
3

A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Question 92: Which fact must the engineer consider when implementing syslog on a new network?
A. Syslog defines the software or hardware component that triggered the message
B. By default, all message levels are sent to the syslog server
C. The logging level defines the severity of a particular message
D. There are 16 different logging levels (0-15)
Answer: C
Question 93: Which cable type must be used when connecting a router and switch together using these criteria?
– Pins 1 and 2 are receivers and pins 3 and 6 are transmitters
– Auto detection MDI-X is unavailable
–

A. crossover
B. rollover
C. console
D. straight-through
Answer: D
Question 94: Refer to the exhibit.
An administrator is configuring a new WLAN for a wireless network that has these requirements
– Dual-band clients that connect to the WLAN must be directed to the 5-GHz spectrum
– Wireless clients on this WLAN must be able to apply VLAN settings on the
returned RADIUS attributes Which two actions meet these requirements? (Choose
two)
A. Enable the Client Band Select option.
B. Enable the Coverage Hole Detection option
C. Enable the Allow AAA Override option
D. Set the MFP Client Protection option to Required
E. Enable the Aironet IE option
Answer: A C
Question 95: What is a similarity between global and unique local IPv6 addresses?
A. They are part of the multicast IPv6 group type
B. They are routable on the global internet
C. They are allocated by the same organization
D. They use the same process for subnetting
Answer: D
Question 96: What is the purpose of the service-set identifier?
A. It identifies a wireless network for a mobile device to connect
B. It identifies the wired network to which a network device is connected
C. It identifies the wireless network to which an application must connect
D. It identifies the wired network to which a user device is connected
Answer: A

Question 97: In what way does a network supervisor reduce maintenance costs while maintaining network
integrity on a traditionally managed network?

A. They install an automated network-monitoring system to provide early warning of network issues
B. They employ additional network administrators to proactively manage the network
C. They use automation to centralize network-management tasks
D. They automate change-management processes that verify issue resolution
Answer: C
Question 98: How does a network administrator securely manage an AP in lightweight mode?
A. using the WLC GUI via HTTPS
B. using the CLI via an out-of-band connection
C. using the CLI via a virtual interface with SSH
D. using the AP GUI via an in-band SSH connection
Answer: A

Question 99: Which protocol is implemented when an organization must verify network performance,
troubleshoot issues and use an agent to communicate between monitoring tools and end devices?
A. FTP
B. NTP
C. NFS
D. SNMP
Answer: D

Question 100: What is the difference between AAA authentication and authorization?
A. Authentication controls the system processes a user accesses, and authorization logs the activities the user
initiates.
B. Authentication identifies a user who is attempting to access a system, and authorization validates the user s
password
C. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls
the tasks the user performs
D. Authentication verifies a username and password, and authorization handles the communication between
the authentication agent and the user database
Answer: C
Question 101: Which syslog message logging level displays interface line protocol up/down events?
A. informational
B. alerts
C. debugging
D. notifications
Answer: D
Question 102: Which standard is required when more than one distribution system port and only one IP address
are configured for a Cisco WLC?
A. 802.3ad
B. 802.1q
C. 802.1d
D. 802.1af
Answer: A