0% found this document useful (0 votes)

5 views74 pages

New 1

Uploaded by

Chuong Nguyen

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views74 pages

New 1

Uploaded by

Chuong Nguyen

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 74

Question 18

What is the maximum bandwidth of a T1 point-to-point connection?

A. 1.544 Mbps
B. 2.048 Mbps
C. 34.368 Mbps
D. 43.7 Mbps

Answer: A

Explanation

The speeds of these links are shown as below:

+ T1: 1.544 Mbps

+ 10BaseT: 10 Mbps
+ 100BaseT (often referred to as FastEthernet): 100Mbps

Question 11

What is a similarity between OM3 and OM4 fiber optic cable?

A. Both have a 50 micron core diameter

B. Both have a 9 micron core diameter
C. Both have a 62.5 micron core diameter
D. Both have a 100 micron core diameter

Answer: A

Explanation

At present, there are four kinds of c: OM1, OM2, OM3 and OM4. The letters “OM” stand for optical
multi-mode. OM3 and OM4 fibers will support upcoming 40 and 100 Gb/s speeds. OM2, OM3, OM4
and OM5 have 50 micron core diameter.

Question 18
Refer to the exhibit.

SiteA#show interface TenGigabitEthernet0/1/0

reliability 166/255, txload 1/255, rxload 1/255

Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 265746000 bits/sec, 24343 packets/sec
5 minute output rate 123245000 bits/sec, 12453 packets/sec

SiteB#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is 0000.0c00.750c (bia 0000.0c00.750c)
Description: Connection to SiteA
Internet address is 10.10.10.2/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 123245000 bits/sec, 15343 packets/sec
5 minute output rate 265746000 bits/sec, 12453 packets/sec

Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA
report intermittent connectivity issues with applications hosted at SiteB. What is the cause of the
intermittent connectivity issue?

A. Interface errors are incrementing

B. An incorrect SFP media type was used at SiteA
C. High usage is causing high latency
D. The sites were connected with the wrong cable type

Answer: A

Explanation

The txload and rxload on both sites are 1/255 so the interfaces are not busy in transmitting and
receiving traffic. But the reliability on SiteA is only 166/255 which indicates input and output errors
increase. Reliability is calculated by this formula: reliability = number of packets / number of total
frames.

Question 38

What is the difference in data transmission delivery and reliability between TCP and UDP?

A. UDP sets up a connection between both devices before transmitting data. TCP uses the three-
way handshake to transmit data with a reliable connection.
B. TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to
ensure applications receive the data on the remote end.
C. UDP is used for multicast and broadcast communication. TCP is used for unicast communication
and transmits data at a higher rate with error checking.
D. TCP requires the connection to be established before transmitting data. UDP transmits data at a
higher rate without ensuring packet delivery.
Answer: D

Question 39

What are network endpoints?

A. a threat to the network if they are compromised

B. support inter-VLAN connectivity
C. act as routers to connect a user to the service prowler network
D. enforce policies for campus-wide traffic going to the internet

Answer: A

Explanation

A network endpoint is any device that is physically an end point on a network. Laptops, desktops,
mobile phones, tablets, servers, and virtual environments can all be considered endpoints.
Network endpoints may be a threat to our networks if they are compromised.

Question 51

What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two)

A. Both support runs of up to 100 meters.

B. Both support runs of up to 55 meters.
C. Both operate at a frequency of 500 MHz.
D. Both support speeds of at least 1 Gigabit.
E. Both support speeds up to 10 Gigabit.

Answer: A D

Question 2

What is a similarly between 1000BASE-LX and 1000BASE-T standards?

A. Both use the same data-link header and trailer formats

B. Both cable types support LP connectors
C. Both cable types support RJ-45 connectors
D. Both support up to 550 meters between nodes

Answer: A

Explanation

1000BASE-T standard only supports up to 100 meters while 1000BASE-LX is a standard which
uses a 1,270–1,355 nm laser for longer wavelength. It has a distance capability of up to 5
kilometers over a Single-mode fiber -> Answer D is not correct.

1000BASE-LX is an optical fiber Gigabit Ethernet standard so it does not support RJ-45 connectors
directly -> Answer C is not correct.

1000BASE-LX only support LC connectors so answer B is not correct.

Question 22

Drag and drop the lightweight access point operation modes from the left onto the descriptions on
the right.
Answer:

+ allows for packet captures of wireless traffic: sniffer mode

+ allows the access point to communicate with the WLC over a WAN link: Flexconnect mode
+ receive only mode which acts as a dedicated sensor for RFID and IDS: monitor mode
+ preferred for connecting access points in a mesh environment: bridge mode
+ transmits normally on one channel and monitors other channels for noise and interference: local
mode
+ monitor for rogue APs, does not handle data at all: rogue detector mode

Explanation

You can have the WLCs across the WAN from the APs. LWAPP/CAPWAP works over a WAN when
the LAPs are configured in Remote Edge AP (REAP) or Hybrid Remote Edge AP(H-REAP)
mode. Either of these modes allows the control of an AP by a remote controller that is connected
via a WAN link. Traffic is bridged onto the LAN link locally, which avoids the need to unnecessarily
send local traffic over the WAN link.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-
software/118833-wlc-design-ftrs-faq.html

Note: FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP).

When you configure the Bridge mode, the AP by default reboots as a Mesh AP (MAP) and tries to
register to the WLC via the radio backhaul or the wired backhaul.

Reference: CCIE Wireless v3 Study Guide

Local mode (default mode): measures noise floor and interference, and scans for intrusion
detection (IDS) events every 180 seconds on unused channels

Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel
to a remote machine where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review
the packets and diagnose issues.

Monitor mode: does not transmit or serve clients at all. It acts like a dedicated sensor for
location-based services (LBS), rogue AP detection, and Checks Intrusion Detection System (IDS).
In this mode, AP will not broadcast an SSID so clients are unable to connect to it.

Rogue detector mode: monitor for rogue APs. It does not handle data at all.

Question 23

Refer to the exhibit.

Between which zones do wireless users expect to experience intermittent connectivity?

A. between zones 1 and 2

B. between zones 2 and 5
C. between zones 3 and 4
D. between zones 3 and 6

Answer: C

Explanation

The 2.4 GHz band is subdivided into multiple channels each allotted 22 MHz bandwidth and
separated from the next channel by 5 MHz.
-> A best practice for 802.11b/g/n WLANs requiring multiple APs is to use non-overlapping
channels such as 1, 6, and 11.

If you use channels that overlap, RF interference can occur.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-
connectivity.html
If other Wi-Fi sources such as neighboring wireless access points are using the same wireless
channel, this may cause intermittent connectivity issues.

Reference: https://arris.secure.force.com/consumers/articles/General_FAQs/SBG8300-
Troubleshooting-Intermittent-Wi-Fi-Connections/?l=en_US&fs=RelatedArticle

In this question, both Zone 3 & Zone 4 use Channel 11 so interference can occur.

=========================== New Questions (added on 19th-Sep-2021)

===========================

Question 24

Which device permits or denies network traffic based on a set of rules?

A. access point
B. switch
C. wireless controller
D. firewall

Answer: D

Question 25

Drag the descriptions of device management from the left onto the types of device management
on the right.

Answer:

Cisco DNA Center Device Management:

+ uses machine learning to identify and resolve issues
+ networking functions are implemented primarily on dedicated devices
+ collects statistics and telemetry data from multiple network devices and provides a single view
of network health and issues

Traditional Device Management:

+ requires manual troubleshooting
+ requires configuration on a device-by-device basis
+ uses an inventory function to store device details in the database
=========================== New Questions (added on 5th-Feb-2022)
===========================

Question 26

What is a function of a Layer 3 switch?

A. move frames between endpoints limited to IP addresses

B. transmit broadcast traffic when operating in Layer 3 mode exclusively
C. forward Ethernet frames between VLANs using only MAC addresses
D. flood broadcast traffic within a VLAN

Answer: A

Question 27

An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on

the serial0/0 interface of the HQ router and wants to compress it for easier configuration. Which
command must be issued on the router interface?

A. ipv6 address 2001:db8::700:3:400F:572B

B. ipv6 address 2001:db8:0::700:3:4F:572B
C. ipv6 address 2001:Odb8::7:3:4F:572B
D. ipv6 address 2001::db8:0000::700:3:400F:572B

Answer: A

Question 28

What is an appropriate use for private IPv4 addressing?

A. on the public-facing interface of a firewall

B. to allow hosts inside to communicate in both directions with hosts outside the organization
C. on internal hosts that stream data solely to external resources
D. on hosts that communicates only with other internal hosts

Answer: D

Question 29

Which 802.11 frame type is indicated by a probe response after a client sends a probe request?

A. action
B. management
C. control
D. data

Answer: B

Explanation

There are three main types of 802.11 frames: the Data Frame, the Management Frame and the
Control Frame. Association Response belongs to Management Frame. Association response is sent
in response to an association request.

Question 30

What is recommended for the wireless infrastructure design of an organization?

A. group access points together to increase throughput on a given channel

B. configure the first three access points are configured to use channels 1, 6, and 11
C. include a least two access points on nonoverlapping channels to support load balancing
D. assign physically adjacent access points to the same Wi-Fi channel
Answer: B

Explanation

If you use channels that overlap, RF interference can occur.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-
connectivity.html

Question 31

Refer to the exhibit.

For security reasons, automatic neighbor discovery must be disabled on the R5 Gi0/1 interface.

These tasks must be completed:

* Disable all neighbor discovery methods on R5 interface Gi0/1.
* Permit neighbor discovery on R5 interface Gi0/2.
* Verify there are no dynamically learned neighbors on R5 interface Gi0/1.
* Display the IP address of R6’s interface Gi0/2.

Which configuration must be used?

Option A Option B

R5(config)#int Gi0/1 R5(config)#int Gi0/1

R5(config-if)#no cdp enable R5(config-if)#no cdp run
R5(config-if)#exit R5(config-if)#exit
R5(config)#lldp run R5(config)#lldp run
R5(config)#no cdp run R5(config)#cdp enable
R5#sh cdp neighbor detail R5#sh cdp neighbor
R5#sh lldp neighbor R5#sh lldp neighbor

Option C Option D

R5(config)#Gi0/1 R5(config)#int Gi0/1

R5(config-if)#no cdp enable R5(config-if)#no cdp enable
R5(config-if)#exit R5(config-if)#exit
R5(config)#no lldp run R5(config)#no lldp run
R5(config)#cdp run R5(config)#cdp run
R5#sh cdp neighbor detail R5#sh cdp neighbor
R5#sh lldp neighbor R5#sh lldp neighbor

A. Option A
B. Option B
C. Option C
D. Option D

Answer: C

Explanation

Although CDP is a Layer 2 protocol but we can check the neighbor IP address with the “show cdp
neighbor detail” command.

One of the task in this question is “display the IP address of R6’s interface Gi0/2” so we must use
“show cdp neighbor detail” command -> Only Option A and Option C are correct.

If we want to disable LLDP on an interface we can use two commands under interface mode:
no lldp transmit: Disallows sending LLDP packets on the interface.
no lldp receive: Disallows receiving LLDP packets on the interface.

But these two commands are not used in this question so we have to disable LLDP globally (with
command “no lldp run”) so that only CDP is enabled on R5 interface Gi0/2 -> Only Option C is
correct.

Question 32

Which type of API allows SDN controllers to dynamically make changes to the network?

A. northbound API
B. southbound API
C. SOAP API
D. REST API

Answer: B

Question 33

What is a DNS lookup operation?

A. serves requests over destination port 53

B. DNS server pings the destination to verify that it is available
C. DNS server forwards the client to an alternate IP address when the primary IP is down
D. responds to a request for IP address to domain name resolution to the DNS server

Answer: A

Explanation

An example of DNS is described below:

When you attempt to go to a domain name such as 9tut.com, your browser will instruct your
computer to do a DNS lookup on that domain name. This DNS lookup will query a DNS resolver
(for example Google at 8.8.8.8). Once the resolver responds, the computer will usually choose the
first IP in the response and use that for the connection.

The most frequently used port for DNS is UDP 53 but as time progresses, DNS will reply on TCP
Port 53 more heavily.

Question 34

Refer to the exhibit.

An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all
other hosts. A Telnet attempt from PC-2 gives this message:”% Connection refused by remote
host”.

Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?

A. Add the access-list 10 permit any command to the configuration

B. Remove the access-class 10 in command from line vty 0 4.
C. Add the ip access-group 10 out command to interface g0/0.
D. Remove the password command from line vty 0 4.

Answer: A

Question 35

Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the
right.
Answer:

TCP:
+ SMTP
+ HTTP
+ Telnet

UDP:
+ DNS
+ SNMP
+ RTP

Question 36

Refer to the exhibit.

The DHCP server and clients are connected to the same switch. What is the next step to complete
the DHCP configuration to allow clients on VLAN 1 to receive addresses from the DHCP server?

A. Configure the ip dhcp snooping trust command on the interface that is connected to the
DHCP server
B. Configure the ip dhcp relay information option command on the interface that is connected
to the DHCP server
C. Configure the ip dhcp relay information option command on the interface that is connected
to the DHCP client
D. Configure the ip dhcp snooping trust command on the interface that is connected to the
DHCP client

Answer: A

Explanation

We see from the output of the “show ip dhcp snooping statistics detail” command the packets
“received on untrusted ports = 32” so maybe the interface connected to DHCP Server is configured
untrusted port. Therefore we have to configure the “ip dhcp snooping trust” command on this
interface.

Question 37

Which two components comprise part of a PKI? (Choose two)

A. RSA token
B. clear-text password that authenticates connections
C. one of more CRLs
D. preshared key that authenticates connections
E. CA that grants certificates

Answer: C E

Explanation

PKI (or Public Key Infrastructure) is the framework of encryption and cybersecurity that protects
communications between the server (your website) and the client (the users). Think about all the
information, people, and services that your team communicates and works with. PKI is essential in
building a trusted and secure business environment by being able to verify and exchange data
between various servers and users.
The components of a PKI include:
+ public key
+ private key
+ Certificate Authority (CA)
+ Certificate Store
+ Certificate Revocation List (CRL)
+ Hardware Security Module

Certificate Authority (CA)

The CA generally handles all aspects of the certificate management for a PKI, including the phases
of certificate lifecycle management.
A CA issues certificates to be used to confirm that the subject imprinted on the certificate is the
owner of the public key. In a PKI system, the client generates a public-private key pair. The public
key and information to be imprinted on the certificate are sent to the CA. The CA then creates a
digital certificate consisting of the user’s public key and certificate attributes. The certificate is
signed by the CA with its private key.

Certificate Revocation List (CRL)

A CRL is a list of certificates that have been revoked by the CA that issued them before they were
set to expire. This is a helpful security feature if a device is stolen that contains a certificate. A
RADIUS server only rejects a connection request from a device if the device’s certificate serial
number is contained in the CRL. The Certificate Authority is the one that maintains this list, and
the RADIUS server periodically downloads this list by sending a query to the CA. There are two
types of CRLs: A Delta CRL and a Base CRL.

Reference: https://www.securew2.com/blog/public-key-infrastructure-explained

Question 38

A network administrator is setting up a new IPv6 network using the 64-bit address
2001:0EB8:00C1:2200:0001:0000:0000:0331/64. To simplify the configuration, the administrator
has decided to compress the address. Which IP address must the administrator configure?

A. ipv6 address 2001:EB8:C1:2200:1:0000:331/64

B. ipv6 address 21:EB8:C1:2200:1::331/64
C. ipv6 address 2001:EB8:C1:22:1::331/64
D. ipv6 address 2001:EB8:C1:2200:1::331/64

Answer: D

Question 39

Refer to the exhibit.

Which command must be issued to enable a floating static default route on router A?

A. ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

B. ip route 0.0.0.0 0.0.0.0 192.168.1.2
C. ip route 0.0.0.0 0.0.0.0 192.168.1.2 10
D. ip default-gateway 192.168.2.1

Answer: C

Question 40

Refer to the exhibit.

Router R1 currently is configured to use R3 as the primary route to the Internet, and the route
uses the default administrative distance settings. A network engineer must configure R1 so that it
uses R2 as a backup, but only if R3 goes down. Which command must the engineer configure on
R1 so that it correctly uses R2 as a backup route, without changing the administrative distance
configuration on the link to R3?

A. ip route 0.0.0.0 0.0.0.0 g0/1 6

B. ip route 0.0.0.0 0.0.0.0 g0/1 1
C. ip route 0.0.0.0 0.0.0.0 209.165.201.5 10
D. ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

Answer: A

Explanation

R1 uses R3 as the primary route to the Internet so it may use either of these commands:

R1(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.5

OR
R1(config)#ip route 0.0.0.0 0.0.0.0 g0/2

The administrative distance (AD) of the first command is 1 while that of the second command is 0.
Therefore we have to choose a higher AD for our backup route. And the exit interface of the
backup route is g0/1 or the next-hop is 209.165.200.230.

Question 41

Refer to the exhibit.

An engineer is updating the R1 configuration to connect a new server to the management network.
The PCs on the management network must be blocked from pinging the default gateway of the
new server. Which command must be configured on R1 to complete the task?

A. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.15

B. R1(config)#ip route 172.16.2.2 255.255.255.255 gi0/0
C. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.5
D. R1(config)#ip route 172.16.2.2 255.255.255.248 gi0/1

Answer: B

Explanation

By only configuring static route to the host New Server, we also don’t allow PC1 & PC2 ping to R2
Gi0/0 (default gateway of New Server).

Question 42

Refer to the exhibit.

Which plan must be implemented to ensure optimal QoS marking practices on this network?

A. As traffic enters from the access layer on SW1 and SW2, trust all traffic markings
B. Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2
C. As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer
D. Remark traffic as it traverses R1 and trust all markings at the access layer
Answer: B

Explanation

“Classify, mark, and police as close to the traffic-sources as possible.” -> Answer C is not correct.

Reference: https://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper090
0aecd80295aa1.pdf

As a rule, it is not recommended to trust markings set by end users leveraging PCs or other
endpoint devices. End users can intentionally or unintentionally abuse QoS policies that trust
markings of end devices. If users and unclassified applications take advantage of the configured
QoS policy as a result of trusting end devices, this can result in easily starving priority queues with
nonpriority traffic, ruining quality of service for real-time applications.

Reference: https://www.ciscopress.com/articles/article.asp?p=2756478&seqNum=2

-> Answer A and answer D are not correct.

Question 43

Drag and drop the Rapid PVST+ forwarding state actions from the left to the right. Not all actions
are used.
Answer:

BPDUs received are forwarded to the system module

Frames received from the attached segment are processed
Switched frames received from other ports are advanced
The port in the forwarding state responds to network management messages

Explanation

Forwarding State
A LAN port in the forwarding state forwards frames. The LAN port enters the forwarding state from
the learning state. A LAN port in the forwarding state performs as follows:
Forwards frames received from the attached segment.
Forwards frames switched from another port for forwarding.
Incorporates the end station location information into its address database.
Receives BPDUs and directs them to the system module.
Processes BPDUs received from the system module.
Receives and responds to network management messages.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/50
3_n1_1/Cisco_n5k_layer2_config_gd_rel_503_N1_1_chapter9.html

The statement “BPDUs received from the system module are processed and transmitted” is not
correct as Rapid PVST+ does not “transmit”, only PVST does.
Question 44

Refer to the exhibit.

interface FastEthernet0/10
description WAN_INTERFACE
ip address 10.0.1.2 255.255.255.252
ip access-group 100 in
!
interface FastEthernet0/1
description LAN INTERFACE
ip address 10.148.2.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
access-list 100 permit tcp 10.149.3.0 0.0.0.255 host 10.0.1.2
eq 22
access-list 100 permit tcp any any eq 80
access-list 100 permit tcp any any eq 443
access-list 100 deny ip any any log

Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on
router R4?

A. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

B. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

C. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

D. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

Answer: D
Question 45

Refer to the exhibit.

Which configuration allows routers R14 and R16 to form an OSPFv2 adjacency while acting as a
central point for exchanging OSPF information between routers?

Option A Option B

R14# R14#
interface FastEthernet0/0 interface FastEthernet0/0
ip address 10.73.65.65 ip address 10.73.65.65
255.255.255.252 256.255.255.252
ip ospf network broadcast ip ospf network broadcast
ip ospf priority 0 ip ospf priority 255
ip mtu 1400 ip mtu 1500

router ospf 10 router ospf 10

router-id 10.10.1.14 router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0 network 10.10.1.14 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0 network 10.73.65.64 0.0.0.3 area 0

R86# R86#
interface Loopback0 interface FastEthernet0/0
ip address 10.10.1.86 ip address 10.73.65.66
266.255.255.255 256.255.255.252
ip ospf network broadcast
interface FastEthernet0/0 ip mtu 1500
ip address 10.73.65.66
255.255.255.252 router ospf 10
ip ospf network broadcast router-id 10.10.1.86
ip mtu 1500 network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0
router ospf 10
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0

Option C Option D

R14# R14#
interface Loopback0 interface FastEthernet0/0
ip ospf 10 area 0 ip address 10.73.65.65
255.255.255.252
interface FastEthernet0/0 ip ospf network broadcast
ip address 10.73.65.65 ip ospf priority 255
255.255.255.252 ip mtu 1500
ip ospf network broadcast
ip ospf 10 area 0 router ospf 10
ip mtu 1500 router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0
router ospf 10 network 10.73.65.64 0.0.0.3 area 0
ip ospf priority 255
router-id 10.10.1.14 R86#
interface FastEthernet0/0
R86# ip address 10.73.65.66
interface Loopback0 255.255.255.252
ip ospf 10 area 0 ip ospf network broadcast
ip mtu 1400
interface FastEthernet0/0
ip address 10.73.65.66 router ospf 10
255.255.255.252 router-id 10.10.1.86
ip ospf network broadcast network 10.10.1.86 0.0.0.0 area 0
ip ospf 10 area 0 network 10.73.65.64 0.0.0.3 area 0
ip mtu 1500

router ospf 10
router-id 10.10.1.86

A. Option A
B. Option B
C. Option C
D. Option D

Answer: B

Explanation

In Option A and Option D, the MTUs of two Fa0/0 interfaces are mismatched so they cannot form
OSPF adjacency -> Option A and Option D are not correct.

DR and BDR serve as the central point for exchanging OSPF routing information so we must
configure Fa0/0 interfaces in broadcast mode. In Option B, R14 Fa0/0 interface is configured with
OSPF priority 255 so surely it would become DR -> This is the best answer.

Note: An OSPF priority of 0 does not prevent the router from establishing OSPF adjacencies.

Question 46

Which wireless security protocol relies on Perfect Forward Secrecy?

A. WPA
B. WPA3
C. WPA2
D. WEP

Answer: B

Explanation
WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol designed to encrypt data
using a frequent and automatic encryption type called Perfect Forward Secrecy. It’s more secure
than its predecessor, WPA2, but it hasn’t been widely adopted yet. Not all hardware supports
WPA3 automatically, and using this protocol often requires costly upgrades.

Reference: https://www.avast.com/c-wep-vs-wpa-or-wpa2

Question 47

Refer to the exhibit.

A network engineer must provide configured IP addressing details to investigate a firewall rule
issue. Which subnet and mask identify what is configured on the en0 interface?

A. 10.8.0.0/16
B. 10.8.64.0/18
C. 10.8.128.0/19
D. 10.8.138.0/24

Answer: C

Explanation

netmask 0xffffe000 means 255.255.224.0 or /19 (convert from hex to decimal) -> Answer C is
correct. We also notice the broadcast address is 10.8.159.255.

Question 48

A network engineer must configure two new subnets using the address block 10.70.128.0/19 to
meet these requirements:
* The first subnet must support 24 hosts.
* The second subnet must support 472 hosts
* Both subnets must use the longest subnet mask possible from the address block

Which two configurations must be used to configure the new subnets and meet a requirement to
use the first available address in each subnet for the router interfaces? (Choose two)

A. interface vlan 4722

ip address 10.70.133.17 255.255.255.192

B. interface vlan 3002

ip address 10.70.147.17 255.255.255.224

C. interface vlan 1148

ip address 10.70.148.1 255.255.254.0

D. interface vlan 1234

ip address 10.70.159.1 255.255.254.0
E. interface vlan 155
ip address 10.70.155.65 255.255.255.224

Answer: C E

Explanation

In order to support 24 (<25) hosts we need 5 bits 0 in the subnet mask so the last octet of the
subnet mask must be 1110 0000 -> 255.255.255.224. In the answer above there are two IP
address with subnet mask 255.255.255.224. They are:
+ 10.70.147.17 255.255.255.224: This IP address belongs to subnet 10.70.147.0/27 but
10.70.147.17 is not the first available address in this subnet (the first available address in this
subnet is 10.70.147.1)
+ 10.70.155.65 255.255.255.224: This IP address belongs to subnet 10.70.155.64/27 and
10.70.155.65 is the first available address in this subnet -> Answer E is correct.

In order to support 472 (<512 = 29) hosts we need 9 bits 0 in the subnet mask -> 255.255.254.0.
In the answer above there are two IP address with subnet mask 255.255.254.0. They are:
+ 10.70.148.1 255.255.254.0: This IP address belongs to subnet 10.70.148.0/23 and it is the first
available IP address in this subnet
+ 10.70.159.1 255.255.254.0: This IP address belongs to subnet 10.70.158.0/23. It is not the
first available IP address in this subnet (the first available IP address is 10.70.158.1).

-> Answer C is correct.

Question 49

Refer to the exhibit.

An administrator must connect SW_1 and the printer to the network. SW_2 requires DTP to be
used for the connection to SW_1. The printer is configured as an access port with VLAN 5. Which
set of commands completes the connectivity?

A. switchport mode trunk

switchport trunk pruning vlan add 5
B. switchport mode dynamic desirable
switchport trunk allowed vlan add 5
C. switchport mode dynamic auto
switchport private-vlan association host 5
D. switchport mode dynamic auto
switchport trunk encapsulation negotiate
Answer: B

Question 50

Refer to the exhibit.

Traffic sourced from the loopback0 interface is trying to connect via ssh to the host at 10.0.1.15.
What is the next hop to the destination address?

A. 192.168.0.7
B. 192.168.0.4
C. 192.168.0.40
D. 192.168.3.5

Answer: A

Explanation

10.0.1.0/28 is always preferred over 10.0.1.0/24 because of longest prefix match. 10.0.0.15
belongs to 10.0.1.0/28 subnet so the next hop is 192.168.0.7 (learned via EIGRP).

Question 51
Refer to the exhibit.

SiteA#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is aabb.cc00.0100 (bia aabb.cc00.0100)
Description: Connection to SiteB
Internet address is 10.10.10.1/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-SR
5 minute input rate 264797000 bits/sec, 26672 packets/sec
5 minute output rate 122464000 bits/sec, 15724 packets/sec

SiteB#show interface TenGigabitEthernet0/1/0

A. An incorrect type of transceiver has been inserted into a device on the link.
B. The wrong cable type was used to make the connection.
C. Heavy usage is causing high latency.
D. Physical network errors are being transmitted between the two sites.

Answer: A

Explanation

SR stands for Short Reach, and LR stands for Long Reach. SR supports 400metres while LR
supports 10 kilometers. In this question, SiteA is using SFP-SR so it is not suitable for 7KM
distance.

Question 52

Refer to the exhibit.

Which action must be taken to ensure that router A is elected as the DR for OSPF area 0?

A. Configure the OSPF priority on router A with the lowest value between the three routers
B. Configure the router A interfaces with the highest OSPF priority value within the area.
C. Configure router A with a fixed OSPF router ID.
D. Configure router B and router C as OSPF neighbors of router A.

Answer: B

Explanation

The router with the highest OSPF priority on a segment will become the DR for that segment

Question 53

Refer to the exhibit.

Host A sent a data frame destined for host D.

What does the switch do when ft receives the frame from host A?
A. It shuts down the port Fa0/1 and places it in err-disable mode.
B. It experiences a broadcast storm,
C. It floods the frame out of all ports except port Fa0/1.
D. It drops the frame from the switch CAM table.
Answer: C

Explanation

When the switch receives a frame for a MAC destination address not listed in its address table, it
floods the frame to all LAN ports of the same VLAN except the port that received the frame.

In this question, switch has not learned about host D yet so it floods the frame to all LAN ports of
the same VLAN except Fa0/1 which it received frame from host A.

Question 54

Refer to the exhibit.

An engineer has started to configure replacement switch SW1. To verify part of the configuration,
the engineer issued the commands as shown and noticed that the entry for PC2 is missing. Which
change must be applied to SW1 so that PC1 and PC2 communicate normally?

A. SW1(config)#interface fa0/2
SW1(config-if)#no switchport access vlan 2
SW1(config-if}#no switchport trunk allowed vlan 3
SW1 (config-if)#switchport trunk allowed vlan 2

B. SW1(config)#interface fa0/1
SW1(config-if}#no switchport access vlan 2
SW1(config-if)#switchport trunk native vlan 2
SW1(config-if)#switchport trunk allowed vlan 3

C. SW1(config-if)#interface fa0/2
SW1(config-if)#no switchport mode trunk
SW1(config-if)#no switchport trunk allowed vlan 3
SW1(config-if)#switchport mode access

D. SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport access vlan 3
SW1(config-if)#switchport trunk allowed vlan 2

Answer: C

Question 55

Refer to the exhibit.

Which two commands must be configured on router R1 to enable the router to accept secure
remote-access connections? (Choose two)

A. transport input telnet

B. username cisco password 0 cisco
C. login console
D. ip ssh pubkey-chain
E. crypto key generate rsa

Answer: D E

Explanation

Configuring the Cisco SSH Server to Perform RSA-Based User Authentication

SUMMARY STEPS
1. enable
2. configure terminal
3. hostname name
4. ip domain-name name
5. crypto key generate rsa
6. ip ssh pubkey-chain
7. username username
8. key-string
9. key-hash key-type key-name
10. end

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-
e/sec-usr-ssh-15-e-book/sec-secure-shell-v2.html

Question 56

Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two)

A. forwarding
B. blocking
C. disabled
D. learning
E. listening

Answer: D E

Explanation

Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state
immediately or upon a linkup event, thus bypassing the listening and learning states.

Question 57

What is a requirement when configuring or removing LAG on a WLC?

A. The incoming and outgoing ports for traffic flow must be specified if LAG is enabled.
B. The controller must be rebooted after enabling or reconfiguring LAG.
C. The management interface must be reassigned if LAG is disabled.
D. Multiple untagged interfaces on the same port must be supported.

Answer: B

Explanation

When you enable LAG or make any changes to the LAG configuration, you must immediately
reboot the controller.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0
10100001.html

Question 58

What is a requirement for nonoverlapping WI-FI channels?

A. different security settings

B. different transmission speeds
C. discontinuous frequency ranges
D. unique SSIDs

Answer: C

Explanation

Each channel on the 2.4 GHz spectrum is 20 MHz wide. The channel centers are separated by 5
MHz, and the entire spectrum is only 100 MHz wide. This means the 11 channels have to squeeze
into the 100 MHz available, and in the end, overlap. Channels 1, 6, and 11, however, are far
enough from each other on the 2.4GHz band that they have sufficient space between their channel
centers and do not overlap.

Question 59

An engineer must configure R1 for a new user account. The account must meet these
requirements:
* It must be configured in the local database.
* The username is engineer2
* It must use the strongest password configurable.

Which command must the engineer configure on the router?

A. R1(config)# username engineer2 algorithm-type scrypt secret test2021

B. R1(config)# username engineer2 secret 5 password $1$bUu$kZbBS1Pyh4QzwXyZ
C. R1(config)# username engineer2 privilege 1 password 7 test2021
D. R1(config)# username engineer2 secret 4 $1Sb1Ju$kZbBSlFyh4QxwXyZ
Answer: A

Explanation

Secret type 4 was determined to have a flaw and was removed in later versions of iOS. Type 4
Passwords should never be used!
Secret type 5 uses MD5 which is not secured.

Secret type 9 – Scrypt and PBKDF2 (which can be used with “algorithm-type sha256”, but it is just
a small part of a much larger crypto algorithm) are much slower to compute and take longer to
brute force. Currently it is the strongest password configurable in Cisco devices.

Question 60

Refer to the exhibit.

Which configuration enables an EtherChannel to form dynamically between SW1 and SW2 by using
an industry-standard protocol, and to support full IP connectivity between all PCs?

Option A Option B

SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport switchport
switchport mode trunk switchport mode trunk
channel-group 1 mode on channel-group 1 mode auto
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode auto channel-group 1 mode
active
SW2#
interface Gi0/1 SW2#
switchport interface gi0/1
switchport mode trunk switchport
channel-group 1 mode auto switchport mode access
! channel-group 1 mode
interface Gi0/2 desirable
switchport !
switchport mode trunk interface Gi0/2
channel-group 1 mode on switchport
interface port-channel 1 switchport mode access
switchport channel-group 1 mode
switchport mode trunk desirable
Option C Option D

SW1# —missing config—

interface Gi0/1
switchport
switchport mode trunk
channel-group 1 mode
active
!
interface Gi0/2
switchport
switchport mode trunk
channel-group 1 mode
active

SW2#
interface Gi0/1
switchport
switchport mode trunk
channel-group 1 mode
passive
!
interface Gi0/2
switchport
switchport mode trunk
channel-group 1 mode
passive

A. Option A
B. Option B
C. Option C
D. Option D

Answer: C

Explanation

LACP is the IEEE Standard (IEEE 802.3ad) and is the most common dynamic ether-channel
protocol, whereas PAgP is a Cisco proprietary protocol.

Question 61

Drag and drop the descriptions or AAA services from the left onto the corresponding services on
the right.
Answer:

Accounting
+ records user commands
+ logs session statistics

Authentication
+ secures access to routers
+ validates user credentials

Authorization
+ limits the user’s access permissions
+ allows the user to change to enable mode

Question 62

Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.
Answer:

TCP
+ used to reliably share files between devices
+ requires the client and the server to establish a connection before sending the packet

UDP
+ transmitted based on data contained in the packet without the need for a data channel
+ appropriate for streaming operations with minimal latency

Question 63

What is the function of the controller in a software-defined network?

A. forwarding packets
B. making routing decisions
C. multicast replication at the hardware level
D. fragmenting and reassembling packets

Answer: B

Question 64

Refer to the exhibit.

An IP subnet must be configured on each router that provides enough addresses for the number of
assigned hosts and anticipates no more than 10% growth for new hosts. Which configuration script
must be used?

Option A Option B

R7# R7#
configure terminal configure terminal
interface Fa1/0 interface Fa1/0
ip address 10.1.56.1 255.255.240.0 ip address 10.1.56.1 255.255.248.0
no shutdown no shutdown

R8# R8#
configure terminal configure terminal
interface Fa0/0 interface Fa0/0
ip address 10.9.32.1 255.255.224.0 ip address 10.9.32.1 255.255.254.0
no shutdown no shutdown
R9#
configure terminal R9#
interface Fa1/1 configure terminal
ip address 10.23.96.1 255.255.192.0 interface Fa1/1
no shutdown ip address 10.23.96.1 255.255.248.0
no shutdown

Option C Option D

R7# R7#
configure terminal configure terminal
interface Fa1/0 interface Fa1/0
ip address 10.1.56.1 255.255.252.0 ip address 10.1.56.1 255.255.192.0
no shutdown no shutdown
R8#
R8# configure terminal
configure terminal interface Fa0/0
interface Fa0/0 ip address 10.9.32.1 255.255.224.0
ip address 10.9.32.1 255.255.255.0 no shutdown
no shutdown R9#
R9# configure terminal
configure terminal interface Fa1/1
interface Fa1/1 ip address 10.23.96.1 255.255.128.0
ip address 10.23.96.1 255.255.240.0 no shutdown
no shutdown

A. Option A
B. Option B
C. Option C
D. Option D

Answer: C

Explanation

R7 Fa1/0: 923 hosts + 10% * 923 = 1015 < 1024 = 210 hosts. The best subnet mask is /22 =
255.255.252.0
R8 Fa0/0: 225 hosts + 10% * 225 = 247 < 256 = 28 hosts. The best subnet mask is /24 =
255.255.255.0
R9 Fa1/1: 3641 hosts + 10% * 3641 = 4005 < 4096 = 212 hosts. The best subnet mask is /20 =
255.255.240.0

-> Option C is correct.

In fact we don’t have to calculate subnet for R9 Fa1/1 because only Option C is suitable for R7 &
R8 interfaces.

Question 65

Refer to the exhibit.

Which network prefix was learned via EIGRP?

A. 172.16.0.0/16
B. 207.165.200.0/24
C. 192.168.2.0/24
D. 192.168.1.0/24

Answer: C

Explanation

Prefixes learned via EIGRP is started with letter “D”.

Question 66

Refer to the exhibit.

An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed
these show commands to verify the work. Which additional task allows the two switches to
establish an LACP port channel?

A. Change the channel-group mode on SW1 to desirable.

B. Change the channel-group mode on SW1 to active or passive.
C. Change the channel-group mode on SW2 to auto.
D. Configure the interface port-channel 1 command on both switches.

Answer: B

Question 67

Refer to the exhibit.

A network engineer must update the configuration on Switch2 so that it sends LLDP packets every
minute and the information sent via LLDP is refreshed every 3 minutes. Which configuration must
the engineer apply?

A. Switch2(config)#lldp timer 60
Switch2(config)# lldp tlv-select 180
B. Switch2(config)#lldp timer 60
Switch2(config)#lldp holdtime 180
C. Switch2(config)#lldp timer 1
Switch2(config)#lldp tlv-select 3
D. Switch2(config)#lldp timer 1
Switch2(config)#lldp holdtime 3

Answer: B

Explanation

+ lldp holdtime seconds: Specify the amount of time a receiving device should hold the
information from your device before discarding it
+ lldp timer rate: Set the sending frequency of LLDP updates in seconds
+ lldp tlv-select command. This will specify the LLDP TLVs to send or receive.

Question 68

Refer to the exhibit.

R1#show run
!
router ospf 1
auto-cost reference-bandwidth
100000
!
interface GigabitEthernet0/0
bandwidth 10000000
!
interface GigabitEthernet0/1
bandwidth 100000000
!
interface GigabitEthernet0/2
ip ospf cost 100
!
interface GigabitEthernet0/3
ip ospf cost 1000

Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it
will use to direct traffic, an engineer verified that each of the four Gigabit interfaces has the same
route to 10.10.0.0/16. Which interface will R1 choose to send traffic to reach the route?

A. GigabitEthernet0/0
B. GigabitEthernet0/1
C. GigabitEthernet0/2
D. GigabitEthernet0/3

Answer: B

Explanation

The reference bandwidth in terms of Mbits per second so “auto-cost reference-bandwidth 100000”
means 100Gbps or 1011bps. The “bandwidth” under interface mode is configured in in kilobits.
Therefore:

+ Interface G0/0 (bandwidth 1010 bps): Cost = 1011 / 1010 = 10

+ Interface G0/1 (bandwidth 1011 bps): Cost = 1011 / 1011 = 1
+ Interface G0/2″ Cost = 100
+ Interface G0/3″ Cost = 1000

-> R1 will choose the lowest cost path which is interface G0/1

Question 69
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain
name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the
destination router?

A. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 10 in
!
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22

B. line vty 0 15
access-class 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22

C. line vty 0 15
access-group 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22

D. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in
!
ip access-list standard 110
permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1

Answer: B

Explanation

When applying access-list to line vty we must use “access-class”, not “access-group”. Subnet
10.139.58.0/28 converts to wildcard mask is 10.139.58.0 0.0.0.15. And we have to use port 22 as
the destination port.

Question 70

Which protocol is used for secure remote CLI access?

A. HTTP
B. Telnet
C. SSH
D. HTTPS

Answer: C

Question 71

What is a characteristic or private IPv4 addressing?

A. composed of up to 65,536 available addresses

B. issued by IANA in conjunction with an autonomous system number
C. used without tracking or registration
D. traverse the Internet when an outbound ACL is applied

Answer: C

Question 72

What provides centralized control of authentication and roaming in an enterprise network?

A. a LAN switch
B. a firewall
C. a lightweight access point
D. a wireless LAN controller

Answer: D

Question 73

A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a
routable locally-unique unicast address that is blocked from being advertised to the internet.
Which configuration must the engineer apply?

A. interface vlan 2000

ipv6 address ff00:0000:aaaa::1234:2343/64
B. interlace vlan 2000
ipv6 address fd00::1234:2343/64
C. interface vlan 2000
ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64
D. interface vlan 2000
ipv6 address fe80:0000:aaaa::1234:2343/64

Answer: C

Explanation

A unique local address (ULA) is an Internet Protocol version 6 (IPv6) address in the address
range fc00::/7. Its purpose in IPv6 is analogous to IPv4 private network addressing. Unique local
addresses may be used freely, without centralized registration, inside a single site or organization
or spanning a limited number of sites or organizations. They are routable only within the scope of
such private networks, but not in the global IPv6 Internet.

Question 74

Refer to the exhibit.

How should the configuration be updated to allow PC1 and PC2 access to the Internet?

A. Modify the configured number of the second access list

B. Remove the overload keyword from the ip nat inside source command
C. Add either the ip nat {inside|outside} command under both interfaces
D. Change the ip nat inside source command to use interface GtgabitEthernet0/0

Answer: C

Question 75

OSPF must be configured between routers R1 and R2. Which OSPF configuration must be applied
to router R1 to avoid a DR/BDR election?

A. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.160.1.1 255.255.255.252
ip ospf network broadcast

B. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.255.255.252
ip ospf cost 0

C. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
hello interval 15
interface e1/1
ip address 192.168.1.1 255.255.255.252
D. router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.55.255.252
ip ospf network point-to-point

Answer: D

Question 76

Refer to the exhibit.

All VLANs are present in the VLAN database. Which command sequence must be applied to
complete the configuration?

A. interface FastEthernet0/1
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15
B. interface FastEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,15
C. interface FastEthernet0/1
switchport trunk allowed vlan add 10
vlan 10
private-vlan isolated
D. interface FastEthernet0/1
switchport mode access
switchport voice vlan 10

Answer: D

Explanation

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can
configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full
configuration is shown below:
Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 15
Switch(config-if)#switchport voice vlan 10

Question 77

A Cisco engineer is configuring a factory-default router with these three passwords:

* The user EXEC password for console access is p4ssw0rd1.
* The user EXEC password for Telnet access is s3cr3t2.
* The password for privileged EXEC mode is priv4t3p4ss.
Which command sequence must the engineer configure?

Option A Option B

enable secret priv4t3p4ss enable secret privilege 15

! priv4t3p4ss
line con 0 !
password p4ssw0rd1 line con 0
login password p4ssw0rdi
! login
line vty 0 15 !
password s3cr3t2 line vty 0 15
login password s3cr3t2
login

Option C Option D

enable secret priv413p4ss enable secret priv4t3p4ss

! !
line con 0 line con 0
password login p4ssw0rd1 password p4ssw0rd1
! !
line vty 0 15 line vty 0 15
password login s3cr3t2 password s3cr3t2
login

A. Option A
B. Option B
C. Option C
D. Option D

Answer: A

Explanation

There is no “enable secret privilege 15 …” command.

If we enter the “enable secret privilege 15 priv4t3p4ss” command then the text “privilege 15
priv4t3p4ss” will be used as password. In both console and vty line we should use the “login”
command to enable password checking.

Question 78
Refer to the exhibit.

EIGRP 10.10.10.0/24[90/1441] via F0/10

EIGRP 10.10.10.0/24[90/144] via F0/11
EIGRP 10.10.10.0/24[90/1441] via F0/12
OSPF 10.10.10.0/24[110/20] via F0/13
OSPF 10.10.10.0/24[110/30] via F0/14

Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route
is present within the routing table. Which interface is used to forward traffic with a destination IP
of 10.10.10.24?

A. F0/10
B. F0/11
C. F0/12
D. F0/13

Answer: B

Question 79

What is the purpose of the ip address dhcp command?

A. to configure an interface as a DHCP server

B. to configure an interface as a DHCP relay
C. to configure an interface as a DHCP helper
D. to configure an interface as a DHCP client

Answer: D

Explanation

Use the ip address dhcp command to obtain IP address information for the configured interface.

Question 80

What is a function of an endpoint on a network?

A. allows users to record data and transmit to a file server

B. connects server and client devices to a network
C. provides wireless services to users in a building
D. forwards traffic between VLANs on a network

Answer: B

Question 81

Drag and drop the statements about networking from the left onto the corresponding networking
types on the right.
Answer:

Traditional Networking
+ New devices are configured using the physical infrastructure
+ This type requires a distributed control plane

Controller-Based Networking
+ This type provisions resources from a centralized location
+ This type allows better control over how networks work and how networks are configured
+ This type enables networks to integrate with applications through APIs.

Question 82

A network engineer is installing an IPv6-only capable device. The client has requested that the
device IP address be reachable only from the internal network. Which type of IPv6 address must
the engineer assign?

A. unique local address

B. link-local address
C. IPv4-compatibie IPv6 address
D. aggregatable global address

Answer: A

============================== New Questions (added on 21st-Feb-2022)

==============================

Question 83

Refer to the exhibit.

Switch#show etherchannel summary

[output omitted]

Group Port-channel Protocol Ports

-------+--------------+---------+---------------------
10 Po10(SU) LACP Gi0/0(P) Gi0/1(P)
20 Po20(SU) LACP Gi0/2(P) Gi0/3(P)

Which two commands when used together create port channel 10? (Choose two)
A. int range g0/0-1
channel-group 10 mode active
B. int range g0/0-1
channel-group 10 mode desirable
C. int range g0/0-1
channel-group 10 mode passive
D. int range g0/0-1
channel-group 10 mode auto
E. int range g0/0-1
channel-group 10 mode on

Answer: A C

Question 84

Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on
the same network at the same time?

A. global unicast address

B. anycast address
C. multicast address
D. link-local address

Answer: B

Explanation

The anycast address is very similar to the multicast address, but packets will be delivered to only
one random host, instead of the entire group. Anycast address don’t have a specific range, as they
are exactly the same as regular unicast addresses. This means that a hosts has no way to
distinguish a unicast from an anycast address when it sends a packet.

Question 85

Which field within the access-request packet is encrypted by RADIUS?

A. authorized services
B. authenticator
C. username
D. password

Answer: D

Explanation

RADIUS encrypts only the password in the access-request packet, from the client to the server.
The remainder of the packet is unencrypted. Other information, such as username, authorized
services, and accounting, can be captured by a third party.

Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-
user-service-radius/13838-10.html

Question 86

Refer to the exhibit.

Which two configurations must the engineer apply on this network so that R1 becomes the DR?
(Choose two)

A. R1(config)#interface fastethernet0/0
R1(config-if)#ip ospf priority 200
B. R1(config)#router ospf 1
R1(config-router)#router-id 192.168.100.1
C. R3(config)#interface fastethernet0/0
R3(config-if)#ip ospf priority 0
D. R1(config)#interface fastethernet0/0
R1(config-if)#ip ospf priority 0
E. R3(config)#interface fastethernet0/0
R3(config-if)#ip ospf priority 200

Answer: A C

Question 87

Refer to the exhibit.

The router has been configured with a supernet to accommodate the requirement for 380 users on
a subnet. The requirement already considers 30% future growth. Which configuration verifies the
IP subnet on router R4?

A. Subnet: 10.7.54.0
Subnet mask: 255.255.254.0
Broadcast address: 10.7.54.255
Usable IP address range: 10.7.54.1 – 10.7.55.254

B. Subnet: 10.7.54.0
Subnet mask: 255.255.254.0
Broadcast address: 10.7.55.255
Usable IP address range: 10.7.54.1 – 10.7.55.254

C. Subnet: 10.7.54.0
Subnet mask: 255.255.128.0
Broadcast address: 10.7.55.255
Usable IP address range: 10.7.54.1 – 10.7.55.254

D. Subnet: 10.7.54.0
Subnet mask: 255.255.255.0
Broadcast address: 10.7.54.255
Usable IP address range: 10.7.54.1 – 10.7.55.254

Answer: B

Explanation

380 users in a subnet < 512 = 29. Therefore we need 9 bits 0 in the subnet mask ->
255.255.254.0. The increment is 2 (in the third octet) so the broadcast address is 10.7.55.255.

Question 88

What is a function of a Next-Generation IPS?

A. makes forwarding decisions based on learned MAC addresses

B. serves as a controller within a controller-based network
C. integrates with a RADIUS server to enforce Layer 2 device authentication rules
D. correlates user activity with network events

Answer: D

Question 89

What is the difference between IPv6 unicast and anycast addressing?

A. An individual IPv6 unicast address is supported on a single interface on one node but an IPv6
anycast address is assigned to a group of interfaces on multiple nodes.
B. IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6
anycast nodes require no special configuration
C. IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6
unicast nodes require no special configuration
D. Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on
multiple nodes

Answer: A

Question 90

Refer to the exhibit.

Which two commands must be added to update the configuration of router R1 so that it accepts
only encrypted connections? (Choose two)
A. username CNAC secret R!41!4319115@
B. crypto key generate rsa 1024
C. ip ssh version 2
D. line vty 0 4
E. transport input ssh

Answer: B E

Question 91

Which action is taken by the data plane within a network device?

A. looks up an egress interface in the forwarding information base

B. constructs a routing table based on a routing protocol
C. provides CLI access to the network device
D. forwards traffic to the next hop

Answer: D

Question 92

R1 as an NTP server must have:

* NTP authentication enabled
* NTP packets sourced from Interface loopback 0
* NTP stratum 2
* NTP packets only permitted to client IP 209.165.200.225

How should R1 be configured?

Option A Option B

ntp authenticate ntp authenticate

ntp authentication-key 2 sha1 CISCO123 ntp authentication-key 2 md5 CISCO123
ntp source Loopback0 ntp source Loopback0
ntp access-group server-only 10 ntp access-group server-only 10
ntp master 2 ntp stratum 2
! !
access-list 10 permit udp host access-list 10 permit udp host
209.165.200.225 any eq 123 209.165.200.225 any eq 123

Option C Option D

ntp authenticate ntp authenticate

ntp authentication-key 2 md5 CISCO123 ntp authentication-key 2 md5 CISCO123
ntp interface Loopback0 ntp source Loopback0
ntp access-group server-only 10 ntp access-group server-only 10
ntp stratum 2 ntp master 2
! !
access-list 10 permit 209.165.200.225 access-list 10 permit 209.165.200.225

A. Option A
B. Option B
C. Option C
D. Option D

Answer: D

Explanation

To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum]
command -> Only Option A and Option D are correct.
ACL 10 is a standard ACL so we cannot configure protocol (UDP in this case) for the ACL. We can
only configure source IP address -> Option D is correct.

Question 93

Refer to the exhibit.

Which route must be configured on R1 so that OSPF routing is used when OSPF is up. But the
server is still reachable when OSPF goes down?

A. ip route 10.1.1.10 255.255.255.255 172.16.2.2 100

B. ip route 10.1.1.0 255.255.255.0 gi0/1 125
C. ip route 10.1.1.0 255.255.255.0 172.16.2.2 100
D. ip route 10.1.1.10 255.255.255.255 gi0/0 125

Answer: D

Question 94

How does Rapid PVST+ create a fast loop-free network topology?

A. It requires multiple links between core switches

B. It maps multiple VLANs into the same spanning-tree instance
C. It generates one spanning-tree instance for each VLAN
D. It uses multiple active paths between end stations

Answer: C

Question 95

Which WLC management connection type is vulnerable to man-in-the-middle attacks?

A. SSH
B. HTTPS
C. Telnet
D. console

Answer: C

Explanation

As you know, telnet is insecure. By default, telnet is disabled on Cisco WLCs. So, if you want to
use telnet, you must enable it.

Question 96

Refer to the exhibit.

Which command configures OSPF on the point-to-point link between routers R1 and R2?

A. network 10.0.0.0 0.0.0.255 area 0

B. neighbor 10.1.2.0 cost 180
C. ip ospf priority 100
D. router-id 10.0.0.15

Answer: A

Question 97

Which characteristic differentiates the concept of authentication from authorization and

accounting?

A. user-activity logging
B. service limitations
C. consumption-based billing
D. identity verification

Answer: A

Question 98

Refer to the exhibit.

(Câu này thiếu hình)

Traffic that is flowing over interface TenGigabitEthernet0/0 experiences slow transfer speeds. What
is the reason for the issue?

A. heavy traffic congestion

B. a duplex incompatibility
C. a speed conflict
D. queuing drops

Answer: C

Question 99
Refer to the exhibit.

Traffic that is flowing over interface TenGigabitEthernet0/0 experiences slow transfer speeds. What
is the reason for the issue?

A. heavy traffic congestion

B. queuing drops
C. a speed conflict
D. a duplex incompatibility

Answer: D

Explanation

We see the collisions are very high compared to the packets output. The is usually the result of
duplex mismatch (one is half-duplex, one end is full-duplex for example)

Question 100

Which type of network attack overwhelms the target server by sending multiple packets to a port
until the half-open TCP resources of the target are exhausted?

A. SYN flood
B. reflection
C. teardrop
D. amplification
Answer: A

Explanation

A SYN flood (half-open attack) is a type of denial-of-service (DDoS) attack which aims to make a
server unavailable to legitimate traffic by consuming all available server resources. By repeatedly
sending initial connection request (SYN) packets, the attacker is able to overwhelm all available
ports on a targeted server machine, causing the targeted device to respond to legitimate traffic
sluggishly or not at all.

Question 101

Which interface mode must be configured to connect the lightweight APs in a centralized
architecture?

A. WLAN dynamic
B. management
C. trunk
D. access

Answer: D

Question 102

Which two network actions occur within the data plane? (Choose two)

A. Add or remove an 802.1Q trunking header.

B. Make a configuration change from an incoming NETCONF RPC.
C. Run routing protocols.
D. Reply to an incoming ICMP echo request.
E. Match the destination MAC address to the MAC address table.

Answer: A E

Explanation

For perspective, the following list details some of the more common actions that a networking
device does that fit into the data plane:
+ De-encapsulating and re-encapsulating a packet in a data-link frame (routers, Layer 3 switches)
+ Adding or removing an 802.1Q trunking header (routers and switches)
+ Matching an Ethernet frame’s destination Media Access Control (MAC) address to the
MAC address table (Layer 2 switches)
+ Matching an IP packet’s destination IP address to the IP routing table (routers, Layer 3 switches)
+ Encrypting the data and adding a new IP header (for virtual private network [VPN] processing)
+ Changing the source or destination IP address (for Network Address Translation [NAT]
processing)
+ Discarding a message due to a filter (access control lists [ACLs], port security)

Reference: https://www.ciscopress.com/articles/article.asp?p=2995354&seqNum=2

Question 103

Refer to the exhibit.

A#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
172.1.1.1 1 EXCHANGE/- 00:00:36 172.16.32.1 Serial0.1

An engineer assumes a configuration task from a peer. Router A must establish an OSPF neighbor
relationship with neighbor 172.1.1.1. The output displays the status of the adjacency after 2
hours. What is the next step in the configuration process for the routers to establish an adjacency?
A. Set the router B OSPF ID to the same value as its IP address
B. Set the router B OSPF ID to a nonhost address
C. Configure a point-to-point link between router A and router B
D. Configure router A to use the same MTU size as router B

Answer: D

Explanation

The problem occurs most frequently when attempting to run OSPF between a Cisco router and
another vendor’s router. The problem occurs when the maximum transmission unit (MTU) settings
for neighboring router interfaces don’t match.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13684-
12.html

Question 104

Refer to the exhibit.

CPE#show ip route
192.168.1.0/24 is variably subnetted, 3 subnets, 3 masks
B 192.168.1.0/24 [20/1] via 192.168.12.2, 00:00:06
R 192.168.1.128/25 [120/5] via 192.168.13.3, 00:02:22, Ethernet0/1
O 192.168.1.192/26 [110/11] via 192.168.14.4, 00:02:22, Ethernet0/2
D 192.168.1.224/27 [90/1024640] via 192.168.15.5, 00:01:33, Ethernet0/3

All traffic enters the CPE router from interface Serial0/3 with an IP address of 192.168.50.1. Web
traffic from the WAN is destined for a LAN network where servers are load-balanced. An IP packet
with a destination address of the HTTP virtual IP of 192.168.1.250 must be forwarded. Which
routing table entry does the router use?

A. 192.168.1.0/24 via 192.168.12.2

B. 192.168.1.128/25 via 192.168.13.3
C. 192.168.1.192/26 via 192.168.14.4
D. 192.168.1.224/27 via 192.168.15.5

Answer: D

Question 105

Refer to the exhibit.

The link between PC1 and the switch is up, but it is performing poorly. Which interface condition is
causing the performance problem?

A. There is a duplex mismatch on the interface

B. There is an issue with the fiber on the switch interface
C. There is a speed mismatch on the interface
D. There is an interface type mismatch

Answer: A

Question 106

What provides centralized control of authentication and roaming in an enterprise network?

A. a lightweight access point

B. a firewall
C. a wireless LAN controller
D. a LAN switch

Answer: C

Question 107

Refer to the exhibit.

An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the
router fa0/1 interface for the router to assign a unique 64-bit IPv6 address to itself?

A. ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

B. ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64
C. ipv6 address 2001:DB8:0:1:FFFF:C601:420F:7/64
D. ipv6 address 2001:DB8:0:1:FE80:C601:420F:7/64
Answer: B

Question 108

Refer to the exhibit.

An engineer is configuring a new router on the network and applied this configuration. Which
additional configuration allows the PC to obtain its IP address from a DHCP server?

A. Configure the ip dhcp relay information command under interface Gi0/1

B. Configure the ip dhcp smart-relay command globally on the router
C. Configure the ip helper-address 172.16.2.2 command under interface Gi0/0
D. Configure the ip address dhcp command under interface Gi0/0

Answer: C

Question 109

Refer to the exhibit.

A static route must be configured on R14 to forward traffic for the 172.21.34.0/25 network that
resides on R86. Which command must be used to fulfill the request?

A. ip route 172.21.34.0 255.255.255.192 10.73.65.65

B. ip route 172.21.34.0 255.255.255.0 10.73.65.65
C. ip route 172.21.34.0 255.255.128.0 10.73.65.64
D. ip route 172.21.34.0 255.255.255.128 10.73.65.66

Answer: D

Question 110

What is a function of Opportunistic Wireless Encryption in an environment?

A. offer compression
B. increase security by using a WEP connection
C. provide authentication
D. protect traffic on open networks
Answer: D

Explanation

Opportunistic Wireless Encryption (OWE) is an extension to IEEE 802.11 that provides encryption
of the wireless medium. The purpose of OWE based authentication is avoid open unsecured
wireless connectivity between the AP’s and clients. The OWE uses the Diffie-Hellman algorithms
based Cryptography to setup the wireless encryption.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-12/config-
guide/b_wl_16_12_cg/wpa3.html

Question 111

Refer to the exhibit.

A company is configuring a failover plan and must implement the default routes in such a way that
a floating static route will assume traffic forwarding when the primary link goes down. Which
primary route configuration must be used?

A. ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernet1/0

B. ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked
C. ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating
D. ip route 0.0.0.0 0.0.0.0 192.168.0.2

Answer: D

Question 112

Which action implements physical access control as part of the security program of an
organization?

A. setting up IP cameras to monitor key infrastructure

B. backing up syslogs at a remote location
C. configuring enable passwords on network devices
D. configuring a password for the console port

Answer: D

Question 113

Refer to the exhibit.

An engineer is asked to insert the new VLAN into the existing trunk without modifying anything
previously configured Which command accomplishes this task?

A. switchport trunk allowed vlan 100-104

B. switchport trunk allowed vlan all
C. switchport trunk allowed vlan add 104
D. switchport trunk allowed vlan 104

Answer: C

Question 114

Refer to the exhibit.

What is a reason for poor performance on the network interface?

A. The interface is receiving excessive broadcast traffic.

B. The cable connection between the two devices is faulty.
C. The interface is operating at a different speed than the connected device.
D. The bandwidth setting of the interface is misconfigured

Answer: C

Question 115

Refer to the exhibit.

Routers R1 and R3 have the default configuration. The router R2 priority is set to 99. Which
commands on R3 configure it as the DR in the 10.0.4.0/24 network?

A. R3(config)#interface Gig0/1
R3(config-if)#ip ospf priority 100
B. R3(config)#interface Gig0/0
R3(config-if)#ip ospf priority 100
C. R3(config)#interface Gig0/0
R3(config-if)#ip ospf priority 1
D. R3(config)#interface Gig0/1
R3(config-if)#ip ospf priority 0

Answer: A

Question 116

Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?

A. shaping
B. marking
C. policing
D. classification

Answer: B

Question 117

Refer to the exhibit.

Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2,03:32:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2,02:26:53
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:46:03
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
O 10.10.13.0/25 [110/2] via 10.10.10.1,00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.5,00:00:12, GigabitEthernet0/1
O 10.10.13.144/28 [110/2] via 10.10.10.9,00:01:57, GigabitEthernet0/2
O 10.10.13.160/29 [110/2] via 10.10.10.5,00:00:12, GigabitEthernet0/1
O 10.10.13.208/29 [110/2] via 10.10.10.13,00:01:57, GigabitEthernet0/3
S* 0.0.0.0/0 [1/0] via 10.10.11.2

Which next-hop IP address does Router1 use for packets destined to host 10.10.13.158?

A. 10.10.10.5
B. 10.10.11.2
C. 10.10.12.2
D. 10.10.10.9

Answer: D

Explanation

10.10.13.158 belongs to prefix 10.10.13.144/28 so the next-hop 10.10.10.9 will be chosen to

forward packet for this destination.

Question 118

What is one reason to implement LAG on a Cisco WLC?

A. to increase security and encrypt management frames

B. to provide link redundancy and load balancing
C. to allow for stateful and link-state failover
D. to enable connected switch ports to failover and use different VLANs

Answer: B
Question 119

Refer to the exhibit.

Web traffic is coming in from the WAN interface. Which route takes precedence when the router is
processing traffic destined for the LAN network at 10.0.10.0/24?

A. via next-hop 10.0.1.5

B. via next-hop 10.0.1.4
C. via next-hop 10.0.1.50
D. via next-hop 10.0.1.100

Answer: A

Question 120

Which PoE mode enables powered-device detection and guarantees power when the device is
detected?

A. dynamic
B. static
C. active
D. auto

Answer: D

Explanation

auto – Enables powered-device detection; if enough power is available, automatically allocates

power to the PoE port after device detection (default setting).

Reference: https://www.thinlabs.com/faq/configure-cisco-switch-for-powering-poe-client

Question 121

A Cisco engineer must configure a single switch interface to meet these requirements
* accept untagged frames and place them in VLAN 20
* accept tagged frames in VLAN 30 when CDP detects a Cisco IP phone

Which command set must the engineer apply?

A. switchport mode access

switchport access vlan 20
switchport voice vlan 30
B. switchport mode trunk
switchport access vlan 20
switchport voice vlan 30

C. switchport mode dynamic auto

switchport trunk native vlan 20
switchport trunk allowed vlan 30
switchport voice vlan 30

D. switchport mode dynamic desirable

switchport access vlan 20
switchport trunk allowed vlan 30
switchport voice vlan 30

Answer: C

Question 122

Refer to the exhibit.

Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?

A. Router(config)#hostname R15
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config-line)#line vty 0 15
R15(config-line)# transport input ssh
R15(config)#ip ssh source-interface Fa0/0
R15(config)#ip ssh stricthostkeycheck

B. Router(config)#ip domain-name cisco.com

Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2
Router(config-line)#line vty 0 15
Router(config-line)# transport input all
Router(config)#ip ssh logging events
C. Router(config)#hostname R15
R15(config)#ip domain-name cisco.com
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config)#ip ssh version 2
R15(config-line)#line vty 0 15
R15(config-line)# transport input ssh

D. Router(config)#crypto key generate rsa general-keys modulus 1024

Router(config)#ip ssh version 2
Router(config-line)#line vty 0 15
Router(config-line)# transport input ssh
Router(config)#ip ssh logging events
R15(config)#ip ssh stricthostkeycheck

Answer: C

Explanation

Steps to configure SSH:

1. Configure the router hostname using command “hostname”.
2. Configure the domain name using command “ip domain-name”.
3. Generate public and private keys using command “crypto key generate rsa”.
4. Create a user in the local database using command “username…secret”.
5. Allow only SSH access on VTY lines using command “transport input ssh”.

Reference: https://ipwithease.com/how-to-configure-ssh-version-2-on-cisco-router/

Question 123

Refer to the exhibit.

Users need to connect to the wireless network with IEEE 802.11r-compatible devices. The
connection must be maintained as users travel between floors or to other areas in the building.
What must be the configuration of the connection?
A. Select the WPA Policy option with the CCKM option
B. Disable AES encryption
C. Enable Fast Transition and select the FT 802.1x option
D. Enable Fast Transition and select the FT PSK option

Answer: C

Explanation

802.11r, which is the IEEE standard for fast roaming, introduces a new concept of roaming where
the initial handshake with the new AP is done even before the client roams to the target AP, which
is called Fast Transition (FT). The initial handshake allows the client and APs to do the Pairwise
Transient Key (PTK) calculation in advance. These PTK keys are applied to the client and AP after
the client does the reassociation request or response exchange with new target AP.

FT works with both preshared key (PSK) and 802.1X authentication methods. If you check the FT
PSK check box, from the PSK Format drop-down list, choose ASCII or Hex and enter the key value
-> This question does not mention about “enter the key value” so maybe answer C is the best
choice.

Reference: https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/80211r-
ft/b-80211r-dg.html

Question 124

Refer to the exhibit.

An engineer is configuring an EtherChannel using LACP between Switches 1 and 2. Which

configuration must be applied so that only Switch 1 sends LACP initiation packets?

A. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode passive
B. Switch1(config-if)#channel-group 1 mode passive
Switch2(config-if)#channel-group 1 mode active
C. Switch1(config-if)#channel-group 1 mode active
Switch2(config-if)#channel-group 1 mode passive
D. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode active

Answer: C

Question 125

Refer to the exhibit.

SW1 = 24596
0018.184e.3c00
SW2 = 28692
004a.14e5.4077
SW3 = 32788
0022.55cf.dd00
SW4 = 64000
0041.454d.407f

Which switch becomes the root of a spanning tree for VLAN 20 if all links are of equal speed?

A. SW1
B. SW2
C. SW3
D. SW4

Answer: A

Question 126

Refer to the exhibit.

Router1(config)#interface GigabitEthernet0/0
Router1(config-if)#ip address 209.165.200.225 255.255.255.224
Router1(config-if)#ip nat outside
Router1(config)#interface GigabitEthernet0/1
Router1(config-if)#ip nat inside
Router1(config)#interface GigabitEthernet
Router1(config-if)#encapsulation dot1Q 100
Router1(config-if)#ip address 10.10.10.1 255.255.255.0
Router1(config)#interface GigabitEthernet0/1.200
Router1(config-if)#encapsulation dot1Q 200
Router1(config-if)#ip address 10.10.20.1 255.255.255.0
Router1(config)#ip access-list standard NAT_INSIDE_RANGES
Router1(config-std-nacl)#permit 10.10.10.0 0.0.0.255
Router1(config)#ip nat inside source list NAT_INSIDE_RANGES interface GigabitEthernet0/0
overload
Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator
take to establish connectivity to the Internet for users in VLAN 200?

A. Define a NAT pool on the router.

B. Update the NAT INSIDF RANGFS ACL
C. Configure the ip nat outside command on another interface for VLAN 200
D. Configure static NAT translations for VLAN 200

Answer: B

Explanation

We need to add the “permit 10.10.20.0 0.0.0.255” command to the ACL.

Question 127

Which protocol uses the SSL?

A. HTTP
B. HTTPS
C. SSH
D. Telnet

Answer: B

Question 128

Drag and drop the facts about wireless architectures from the left onto the types of access point
on the right. Not all options are used.

Answer:

Autonomous Access Point

+ requires a management IP address
+ accessible for management via Telnet, SSH, or a web GUI

Cloud-Based Access Point

+ configured and managed by a WLC
+ supports automatic deployment

Explanation

An autonomous AP is a self-contained device with both wired and wireless hardware so that it
can bridge to the wired VLAN infrastructure wireless clients that belong to SSIDs. Each
autonomous AP must be configured with a management IP address so that it can be
remotely accessed using Telnet, SSH, or a web interface. Each AP must be individually managed
and maintained unless you use a management platform such as Cisco DNA Center.

Cloud-based AP management is an alternative to purchasing a management platform. The AP

management function is pushed into the Internet cloud. For example, Cisco Meraki is a cloud-
based AP management service that allows you to automatically deploy Cisco Meraki APs.

Reference: https://www.ciscopress.com/articles/article.asp?p=2999384&seqNum=5

From the above paragraph, we can see autonomous AP is not managed by a WLC.

Question 129

Which value is the unique identifier that an access point uses to establish and maintain wireless
connectivity to wireless network devices?

A. VLANID
B. SSID
C. RFID
D. WLANID

Answer: B

Explanation

The SSID is a unique identifier that wireless networking devices use to establish and maintain
wireless connectivity. Multiple access points on a network or subnetwork can use the same SSIDs.
SSIDs are case sensitive and can contain up to 32 alphanumeric characters.

Question 130

A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer
has already configured the host name on the router. Which additional command must the engineer
configure before entering the command to generate the RSA key?

A. password password
B. crypto key generate rsa modulus 1024
C. ip domain-name domain
D. ip ssh authentication-retries 2

Answer: B

Question 131

Refer to the exhibit.

Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A
on Gi0/1 must be configured for the appropriate VLANs to establish connectivity between the PCs.
Which command set fulfills the requirement?
A. SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport access vlan 50
SwitchA(config-if)#switchport voice vlan 51

B. SwitchA(config-if)#switchport mode access

SwitchA(config-if)#switchport access vlan 50
SwitchA(config-if)#switchport voice vlan untagged

C. SwitchA(config-if)#switchport mode trunk

SwitchA(config-if)#switchport trunk allowed vlan add 50, 51
SwitchA(config-if)#switchport voice vlan dot1p

D. SwitchA(config-if)#switchport mode trunk

SwitchA(config-if)#switchport trunk allowed vlan 50, 51
SwitchA(config-if)#switchport qos trust cos

Answer: A

Question 132

Which QoS traffic handling technique retains excess packets in a queue and reschedules these
packets for later transmission when the configured maximum bandwidth has been surpassed?

A. traffic shaping
B. traffic policing
C. weighted random early detection
D. traffic prioritization

Answer: A

Explanation

+ Shaping: retains excess packets in a queue and then schedules the excess for later
transmission over increments of time. When traffic reaches the maximum configured rate,
additional packets are queued instead of being dropped to proceed later. Traffic shaping is
applicable only on outbound interfaces as buffering and queuing happens only on outbound
interfaces. Shaping is configured in bits per second.

Question 133

Refer to the exhibit.

R1 learns all routes via OSPF. Which command configures a backup static route on R1 to reach the
192.168.20.0/24 network via R3?

A. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

B. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90
C. R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2
D. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

Answer: A
Question 134

Which Layer 2 switch function encapsulates packets for different VLANs so that the packets
traverse the same port and maintain traffic separation between the VLANs?

A. VLAN numbering
B. VLAN DSCP
C. VLAN tagging
D. VLAN marking

Answer: C

Explanation

VLAN tagging is a method through which more than one VLAN is handled on a port. VLAN tagging
is used to tell which packet belongs to which VLAN on the other side. To make recognition easier, a
packet is tagged with a VLAN tag in the Ethernet frame.

Question 135

What is an expected outcome when network management automation is deployed?

A. A distributed management plane must be used.

B. Software upgrades are performed from a central controller
C. Complexity increases when new device configurations are added
D. Custom applications are needed to configure network devices

Answer: B

Question 54

Refer to the exhibit.

The primary route across Gi0/0 is configured on both routers. A secondary route must be
configured to establish connectivity between the workstation networks. Which command set must
be configured to complete this task?

A. R1
ip route 172.16.2.0 255.255.255.240 172.16.0.2 113
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.1 114

B. R1
ip route 172.16.2.0 255.255.255.240 172.16.0.5 89

R2
ip route 172.16.1.0 255.255.255.0 172.16.0.6 89

C. R1
ip route 172.16.2.0 255.255.255.248 172.16.0.5 110

R2
ip route 172.16.1.0 255.255.255.0 172.16.0.6 110

D. R1
ip route 172.16.2.0 255.255.255.224 172.16.0.6 111

R2
ip route 172.16.1.0 255.255.255.0 172.16.0.5 112

Answer: D

==================================== New Questions (added on 4th-

Mar-2022) =============================

Question 55

Refer to the exhibit.

Which action must be taken so that neighboring devices rapidly discover switch Cat9300?

A. Enable portfast on the ports that connect to neighboring devices

B. Configure the cdp holdtime 10 command on switch Cat9300
C. Configure the cdp timer 10 command on the neighbors of switch Cat9300
D. Configure the cdp timer 10 command on switch Cat9300

Answer: D

Explanation

The “cdp timer seconds” command sets the transmission frequency of CDP updates in seconds so
we should reduce it so that CDP updates are sent more often.

Question 56

Refer to the exhibit.

SW2 is replaced due to a hardware failure. A network engineer starts to configure SW2 by copying
the Fa0/1 interface configuration from SW1. Which command must be configured on the Fa0/1
interface of SW2 to enable PC1 to connect to PC2?

A. switchport mode trunk

B. switchport trunk native vlan 10
C. switchport trunk allowed remove 10
D. switchport mode access

Answer: A

============================== New Questions (added on 11th-Mar-

2022) ==============================

Question 57

How do UTP and STP cables compare?

A. STP cables are cheaper to produre and easier to install and UTP cables are more expensive and
harder to install.
B. UTP cables are less prone to crosstalk and interference and STP cables are more prone to
crosstalk and interference.
C. UTP cables provide faster and more reliable data transfer rates and STP cables are slower and
less reliable.
D. STP cables are shielded and protect against electromagnetic interference and UTP lacks the
same protection against electromagnetic interference.

Answer: D

Explanation
UTP (Unshielded twisted pair) and STP (Shielded twisted pair) are the types of twisted pair cables
which act as a transmission medium and imparts reliable connectivity of electronic equipment.
Although the design and manufacture are different but both serve the same purpose.
The basic difference between UTP and STP is UTP (Unshielded twisted pair) is a cable with wires
that are twisted together to reduce noise and crosstalk. On the contrary, STP (Shielded twisted
pair) is a twisted pair cable confined in foil or mesh shield that guards the cable against
electromagnetic interference.

Question 58

Drag and drop the statements about device management from the left onto the corresponding
device-management types on the right.
Answer:

Cisco DNA Center Device Management:

+ It provides a single interface for network security and analytics
+ It supports CLI templates to apply a consistent configuration to multiple devices
+ It uses NetFlow to analyze potential security threats and take appropriate action on that traffic

Traditional Device Management:

+ It uses multiple tools and applications to analyze and troubleshoot different types of data
+ It manages device configurations on a per-device basis
+ Security is managed near the perimeter of the network with firewalls, VPNs, and IPS

========================== New Questions (added on 15th-Mar-2022)

==========================

Question 59

Which port type does a lightweight AP use to connect to the wired network when configured in
FlexConnect mode with local switching and VLAN tagging?

A. EtherChannel
B. access
C. LAG
D. trunk

Answer: D

Explanation

Local Switched: Locally-switched WLAN’s (the SSID you are connected to) will map their wireless
user traffic to a VLAN via 802.1Q trunking to a local switch adjacent to the access point.

Reference: https://wlanlessonslearned.wordpress.com/tag/flexconnect/

Question 60

An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network.
Which feature must be enabled and configured to prevent connection issues with the printer?
A. passive client
B. static IP tunneling
C. DHCP address assignment
D. client exclusion

Answer: B

Explanation

At times you may want to configure static IP addresses for wireless clients. When these wireless
clients move about in a network, they could try associating with other controllers. If the clients try
to associate with a controller that does not support the same subnet as static IP, the clients fail to
connect to the network. With WLC 7.0.116.0 you can enable dynamic tunneling of clients with
static IP addresses.

Reference: https://mrncciew.com/2013/03/25/static-ip-clients-mobility/

Question 61

An engineer is configuring router R1 with an IPv6 static route for prefix

2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1 The route must be
reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?

A. R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1

B. R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
C. R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
D. R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0

Answer: A

Question 62

Refer to the exhibit. What must be configured to enable 802.11w on the WLAN?
A. Set PMF to Required
B. Enable MAC Filtering
C. Enable WPA Policy
D. Set Fast Transition to Enabled

Answer: A

Explanation

Configuring 802.11w (GUI)

Procedure
Step 1 Choose WLANs > WLAN ID to open the WLANs > Edit page.
Step 2 In the Security tab, choose the Layer 2 security tab.
Step 3 From the Layer 2 Security drop-down list, choose WPA+WPA2.
The 802.11w IGTK Key is derived using the 4-way handshake, which means that it can only be
used on WLANs that are configured for WPA2 security at Layer 2.
Note: WPA2 is mandatory and encryption type must be AES. TKIP is not valid.
Step 4 Choose the PMF state from the drop-down list
The following options are available:
Disabled—Disables 802.11w MFP protection on a WLAN
Optional—To be used if the client supports 802.11w.
Required—Ensures that the clients that do not support 802.11w cannot associate with the WLAN.

Reference: https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/
wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_01001100.html.xml

Note: When you create a MAC address filter on WLCs, users are granted or denied access to the
WLAN network based on the MAC address of the client they use

Fast Transition is 802.11r, not 802.11w.

Therefore “Set PMF to Required” is the best choice.

Question 63

Drag and drop the IPv6 address details from the left onto the corresponding types on the right.

Answer:

Anycast:
+ used exclusively by a non-host device
+ assigned to more than one interface

Multicast:
+ derived from the FF00::/8 address range
+ provides one-to-many communications

Unicast:
+ includes link-local and loopback addresses
+ identifies an interface on an IPv6 device

Explanation

An anycast address must be assigned to a router not a host and cannot be used as a source
address.

Which Action Is Taken by A Switch Port Enabled For Poe Power Classification Override?
No ratings yet
Which Action Is Taken by A Switch Port Enabled For Poe Power Classification Override?
16 pages
CCNA Exam Prep: New Questions 8
No ratings yet
CCNA Exam Prep: New Questions 8
11 pages
CCNA3 Final Exam Answer v5.03 2016
No ratings yet
CCNA3 Final Exam Answer v5.03 2016
18 pages
Networks CIS 370 Quiz
No ratings yet
Networks CIS 370 Quiz
14 pages
CN Question January 2025
No ratings yet
CN Question January 2025
7 pages
CCNA Sample Questions
No ratings yet
CCNA Sample Questions
13 pages
CCNA Basics for Networking Students
100% (1)
CCNA Basics for Networking Students
90 pages
Part 5
No ratings yet
Part 5
12 pages
Network Technologies MCQ Quiz
No ratings yet
Network Technologies MCQ Quiz
27 pages
Chapter 10: Planning and Cabling Networks
No ratings yet
Chapter 10: Planning and Cabling Networks
8 pages
Class:-BE Sub:-Wsns: MCQ Question Bank
No ratings yet
Class:-BE Sub:-Wsns: MCQ Question Bank
13 pages
Question 3 (1 Point)
No ratings yet
Question 3 (1 Point)
27 pages
CCNA Questions July 2020
No ratings yet
CCNA Questions July 2020
96 pages
Ccna1 Final 2
No ratings yet
Ccna1 Final 2
11 pages
Communication Networks Quiz
No ratings yet
Communication Networks Quiz
2 pages
SET A Final
No ratings yet
SET A Final
5 pages
Cisco Actualtests 100-101 v2014-09-20 by CODY 122q
No ratings yet
Cisco Actualtests 100-101 v2014-09-20 by CODY 122q
44 pages
CCNA 200-301 Demo Questions
No ratings yet
CCNA 200-301 Demo Questions
60 pages
CCNA Exam Preparation Question (Nov-2022 Update1)
No ratings yet
CCNA Exam Preparation Question (Nov-2022 Update1)
113 pages
Take Assessment - Practice Final - CCNA 1 Networking Basics (Version 3.1)
No ratings yet
Take Assessment - Practice Final - CCNA 1 Networking Basics (Version 3.1)
10 pages
New Kill4exam 100-105 PDF - Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0)
No ratings yet
New Kill4exam 100-105 PDF - Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0)
11 pages
Revision Sheet
No ratings yet
Revision Sheet
20 pages
CCNP CCIE 350 401 ENCOR MyExam15112021-11
No ratings yet
CCNP CCIE 350 401 ENCOR MyExam15112021-11
10 pages
CMU CS 252 - Test Banks For Student On Tap Đã G P
No ratings yet
CMU CS 252 - Test Banks For Student On Tap Đã G P
26 pages
Computer Networks Exam Guide
No ratings yet
Computer Networks Exam Guide
4 pages
CCNA 1 ITN Examen Final Español
No ratings yet
CCNA 1 ITN Examen Final Español
53 pages
Data Communication and Computer Networks
0% (3)
Data Communication and Computer Networks
15 pages
CCNA Exam Prep: Key Questions
No ratings yet
CCNA Exam Prep: Key Questions
218 pages
CCNA - Basic Questions
No ratings yet
CCNA - Basic Questions
223 pages
Which Network Topology Has The LEAST Physical Connections Per Host
No ratings yet
Which Network Topology Has The LEAST Physical Connections Per Host
5 pages
Engineering Exam: Switching & Traffic
No ratings yet
Engineering Exam: Switching & Traffic
3 pages
(CourseBoat - Com) Cisco CCNA 200-301 PassFast Cisco Certified Network Associate (CCNA 200-301 2
No ratings yet
(CourseBoat - Com) Cisco CCNA 200-301 PassFast Cisco Certified Network Associate (CCNA 200-301 2
413 pages
Computer Networks
No ratings yet
Computer Networks
161 pages
300-420 Exam - P7
No ratings yet
300-420 Exam - P7
5 pages
CompTIA CertifyMe N10-004 v2011-01-12 by Elvik
100% (1)
CompTIA CertifyMe N10-004 v2011-01-12 by Elvik
173 pages
200-301 Exam - Free Actual Q&As, Page 1 - ExamTopics801-900
No ratings yet
200-301 Exam - Free Actual Q&As, Page 1 - ExamTopics801-900
52 pages
Perfect
No ratings yet
Perfect
51 pages
CCNA Basics for Networking Students
No ratings yet
CCNA Basics for Networking Students
11 pages
Worksheet 21. CCNA Exercises
No ratings yet
Worksheet 21. CCNA Exercises
8 pages
Computer Network Beu - Solution - 2022
No ratings yet
Computer Network Beu - Solution - 2022
19 pages
Networking Basics for CCNA Students
No ratings yet
Networking Basics for CCNA Students
5 pages
Final F2018 Solution
No ratings yet
Final F2018 Solution
10 pages
CMU-CS 252 - On Tap
No ratings yet
CMU-CS 252 - On Tap
18 pages
CN MCQ
No ratings yet
CN MCQ
23 pages
ENetwork Chapter 10
No ratings yet
ENetwork Chapter 10
16 pages
Networking and Security Exam Questions
No ratings yet
Networking and Security Exam Questions
222 pages
اسئلة
No ratings yet
اسئلة
42 pages
CCNAquestions Jun 2017 Bora
No ratings yet
CCNAquestions Jun 2017 Bora
152 pages
Mod 2
No ratings yet
Mod 2
48 pages
Networking Basics for IT Students
No ratings yet
Networking Basics for IT Students
11 pages
Ccna 1
No ratings yet
Ccna 1
16 pages
Quiz 1
0% (1)
Quiz 1
19 pages
CS610 Solved Grand Quiz Spring 2021
No ratings yet
CS610 Solved Grand Quiz Spring 2021
27 pages
CCNA 2 Chapter 1 Quiz Guide
No ratings yet
CCNA 2 Chapter 1 Quiz Guide
3 pages
CSE366 Sheets Solution
No ratings yet
CSE366 Sheets Solution
30 pages
Cisco: Question & Answers
100% (1)
Cisco: Question & Answers
56 pages
Final Cyber Security Lab Manual Practical 1 To Practical 10
60% (5)
Final Cyber Security Lab Manual Practical 1 To Practical 10
94 pages
PPS Exp
No ratings yet
PPS Exp
13 pages
TV Model Inventory List
100% (2)
TV Model Inventory List
25 pages
OcNOS Hardware Compatibility
No ratings yet
OcNOS Hardware Compatibility
10 pages
DSMS 8GP2F
No ratings yet
DSMS 8GP2F
6 pages
WIFI
100% (2)
WIFI
24 pages
Worksheet No 5 - Data Packet and Packet Switching
No ratings yet
Worksheet No 5 - Data Packet and Packet Switching
2 pages
Section 8: Inter-RAT Handover: Single Radio Voice Call Continuity (SRVCC)
100% (2)
Section 8: Inter-RAT Handover: Single Radio Voice Call Continuity (SRVCC)
19 pages
Unit 4 - Computer Networks - WWW - Rgpvnotes.in
No ratings yet
Unit 4 - Computer Networks - WWW - Rgpvnotes.in
22 pages
Mobile TCP Optimization Techniques
No ratings yet
Mobile TCP Optimization Techniques
18 pages
Arctic Modbus Gateway
No ratings yet
Arctic Modbus Gateway
2 pages
Transmission Control Protocol: TCP/IP Protocol Suite
No ratings yet
Transmission Control Protocol: TCP/IP Protocol Suite
31 pages
Mod. 3.3 Indirect TCP, Snooping TCP, Mobile TCP
No ratings yet
Mod. 3.3 Indirect TCP, Snooping TCP, Mobile TCP
18 pages
Dell Broadcom Npar White Paper
No ratings yet
Dell Broadcom Npar White Paper
6 pages
AK Series 8-Channel NVR Specs
No ratings yet
AK Series 8-Channel NVR Specs
4 pages
IP Packet Format PDF
No ratings yet
IP Packet Format PDF
1 page
BW1254 Hardware Introduction: General Overview
No ratings yet
BW1254 Hardware Introduction: General Overview
4 pages
CS306 Computer Networks
No ratings yet
CS306 Computer Networks
2 pages
Module 1-6
No ratings yet
Module 1-6
29 pages
COM.0 Type 6 Evaluation Baseboard: Rev. C.0
No ratings yet
COM.0 Type 6 Evaluation Baseboard: Rev. C.0
25 pages
Idirect Evolution X1 Spec Sheet 102017
No ratings yet
Idirect Evolution X1 Spec Sheet 102017
1 page
Aruba 2930F Switch Series Guide
No ratings yet
Aruba 2930F Switch Series Guide
19 pages
SSRF
No ratings yet
SSRF
9 pages
CN Lab Codes
No ratings yet
CN Lab Codes
7 pages
Advanced Socket Management Guide
No ratings yet
Advanced Socket Management Guide
55 pages
Options With Highlight Colours Are Correct Answer: - This Contains A Telnet Request
No ratings yet
Options With Highlight Colours Are Correct Answer: - This Contains A Telnet Request
4 pages
B1698
No ratings yet
B1698
23 pages
OSPF Configuration Lab Guide
No ratings yet
OSPF Configuration Lab Guide
21 pages
Konfigurasi Routing Jaringan
No ratings yet
Konfigurasi Routing Jaringan
13 pages
Networked Option Pods Operating Instructions September 2024 v1.6
No ratings yet
Networked Option Pods Operating Instructions September 2024 v1.6
18 pages