Question 1 - 65

Soal Dumps 1 - 65

TOPICS

1. Network Fundamentals

2. Network Access

3. IP Connectivity

4. IP Services

5. Security Fundamentals

6. Automation and Programmability

7. Not categorized

QUESTION 1

What are two benefits of network automation? (Choose two)

A. reduced operational costs

B. reduced hardware footprint

C. faster changes with more reliable results

D. fewer network failures

E. increased network security

Correct Answer: AC

Section: 6. Automation and Programmability

QUESTION 2

Which command enables a router to become a DHCP client?

A. ip address dhcp

B. ip helper-address

C. ip dhcp pool

D. ip dhcp client

Correct Answer: A

Section: 4. IP Services

Explanation/Reference:

If we want to get an IP address from the DHCP server on a Cisco device, we can use the command "ip address dhcp".

Note: The command "ip helper-address" enables a router to become a DHCP Relay Agent.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4/dhcp-12-4-book/config-dhcp-client.html

QUESTION 3

Which design element is a best practice when deploying an 802.11b wireless infrastructure?

A. disabling TPC so that access points can negotiate signal levels with their attached wireless devices

B. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller

C. allocating nonoverlapping channels to access points that are in close physical proximity to one another

D. configuring access points to provide clients with a maximum of 5 Mbps

Correct Answer: C

Section: 2. Network Access

QUESTION 4

When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)

A. 2000::/3

B. 2002::5

C. FC00::/7

D. FF02::1

E. FF02::2

Correct Answer: DE

Section: 1. Network Fundamentals

Explanation/Reference:

When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and solicited-node (FF02::1:FFxx:xxxx) multicast groups. 

The all-node group is used to communicate with all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer address resolution. Routers also join a third multicast group, the all-routers group (FF02::2).

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-3s/ipv6-xe-36s-book/ip6-multicast.html

QUESTION 5

Which option about JSON is true?

A. uses predefined tags or angle brackets (<>) to delimit markup text

B. used to describe structured data that includes arrays

C. used for storing information

D. similar to HTML, it is more verbose than XML

Correct Answer: B

Section: Not categorized

Explanation/Reference:

JSON data is written as name/value pairs.

A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value:

“name”:”Mark”

JSON can use arrays. Array values must be of type string, number, object, array, boolean or null..

For example:

{“name”:”John”,

“age”:30,

“cars”:[ “Ford”, “BMW”, “Fiat” ]}

QUESTION 6

Which IPv6 address type provides communication between subnets and cannot route on the Internet?

A. global unicast

B. unique local

C. link-local

D. multicast

Correct Answer: B

Section: 1. Network Fundamentals

Explanation/Reference:

A IPv6 Unique Local Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.

Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private IP addresses in IPv4 but now they are deprecated.

Link-local addresses only used for communications within the local subnet. It is usually created dynamically using a link-local prefix of FE80::/10

and a 64-bit interface identifier (based on 48-bit MAC address). 

QUESTION 7

Which command prevents passwords from being stored in the configuration as plaintext on a router or switch?

A. enable secret

B. service password-encryption

C. username Cisco password encrypt

D. enable password

Correct Answer: B

Section: 5. Security Fundamentals

  

QUESTION 8

What are two southbound APIs? (Choose two)

A. OpenFlow

B. NETCONF

C. Thrift

D. CORBA

E. DSC 

Correct Answer: AB

Section: 6. Automation and Programmability

 

Explanation/Reference:

OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should interact with the forwarding plane to make adjustments to the network, so it can better adapt to changing business requirements.

The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install, manipulate and delete configuration to network devices.

Other southbound APIs are:

+ onePK: a Cisco proprietary SBI to inspect or modify the network element configuration without hardware upgrades.

+ OpFlex: an open-standard, distributed control system. It send "summary policy" to network elements.

QUESTION 9

Which set of action satisfy the requirement for multi-factor authentication?

A. The user swipes a key fob, then clicks through an email link.

B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device.

C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen.

D. The user enters a user name and password and then re-enters the credentials on a second screen.

Correct Answer: B

Section: 5. Security Fundamentals

 

Explanation/Reference:

This is an example of how two-factor authentication (2FA) works:

1. The user logs in to the website or service with their username and password.

2. The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor.

3. The authentication server sends a unique code to the user's second-factor method (such as a smartphone app).

4. The user confirms their identity by providing the additional authentication for their second-factor method.

QUESTION 10

Which two capacities of Cisco DNA Center make it more extensible? (Choose two)

A. adapters that support all families of Cisco IOS software

B. SDKs that support interaction with third-party network equipment

C. customized versions for small, medium, and large enterprises

D. REST APIs that allow for external applications to interact natively with Cisco DNA Center

E. modular design that is upgradable as needed

Correct Answer: BD

Section: 6. Automation and Programmability

 

Explanation/Reference:

Cisco DNA Center offers 360-degree extensibility through four distinct types of platform capabilities:

+ Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the network and to reap network analytics and insights for IT and business innovation.

+ Process adapters, built on integration APIs, allow integration with other IT and network systems to streamline IT operations and processes.

+ Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent intent-based infrastructure across the entire IT environment.

+ SDKs allow management to be extended to third-party vendor's network devices to offer support for diverse environments.

QUESTION 11

An email user has been lured into clicking a link in an email sent by their company’s security organization. The webpage that opens reports that it was safe but the link could have contained malicious code. Which type of security program is in place?

A. Physical access control

B. Social engineering attack

C. brute force attack

D. user awareness

Correct Answer: D

Section: 5. Security Fundamentals

 

Explanation/Reference:

This is a training program which simulates an attack, not a real attack (as it says “The webpage that opens reports that it was safe”) so we believed it should be called a “user awareness” program.

Therefore the best answer here should be “user awareness”. This is the definition of 

“User awareness” from CCNA 200- 301 Offical Cert Guide Book: 

“User awareness: All users should be made aware of the need for data confidentiality to protect corporate information, as well as their own credentials and personal information. 

They should also be made aware of potential threats, schemes to mislead, and proper procedures to report security incidents. ” Note: Physical access control means infrastructure locations, such as network closets and data centers, should remain securely locked

QUESTION 12

Which type of wireless encryption is used for WPA2 in pre-shared key mode?

A. TKIP with RC4

B. RC4

C. AES-128

D. AES-256

Correct Answer: D

Section: 5. Security Fundamentals

Explanation/Reference:

We can see in this picture we have to type 64 hexadecimal characters (256 bit) for the WPA2 passphrase so we can deduce the encryption is AES-256, not AES-128.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/67134-wpa2-config.html

QUESTION 13

Which two must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)

A. The switch must be running a k9 (crypto) IOS image.

B. The ip domain-name command must be configured on the switch.

C. IP routing must be enabled on the switch.

D. A console password must be configured on the switch.

E. Telnet must be disabled on the switch.

Correct Answer: AB

Section: 2. Network Access

 

Explanation/Reference:

Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

QUESTION 14

Which type of address is the public IP address of a NAT device?

A. outside global

B. outsdwde local

C. inside global

D. insride local

E. outside public

F. inside public

Correct Answer: C

Section: Not categorized

 

Explanation/Reference:

NAT use four types of addresses:

* Inside local address - The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider.

This address is likely to be an RFC 1918 private address.

* Inside global address - A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.

* Outside local address - The IP address of an outside host as it is known to the hosts on the inside network.

* Outside global address - The IP address assigned to a host on the outside network. The owner of the host assigns this address.

QUESTION 15

Refer to the exhibit. Which prefix does Router 1 use for traffic to Host A?

A. 10.10.10.0/28

B. 10.10.13.0/25

C. 10.10.13.144/28

D. 10.10.13.208/29

Correct Answer: D

Section: 1. Network Fundamentals

  

Explanation/Reference:

Host A address fall within the address range. However, if more than one route to the same subnet exist (router will use the longest stick match, which match more specific route to the subnet). If there are route 10.10.13.192/26 and 10.10.13.208/29, the router will forward the packet to /29 rather than /28.

QUESTION 16

How does HSRP provide first hop redundancy?

A. It load-balances traffic by assigning the same metric value to more than one route to the same destination m the IP routing table.

B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.

C. It forwards multiple packets to the same destination over different routed links n the data path.

D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN.

Correct Answer: D

Section: 3. IP Connectivity

 

Explanation/Reference:

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-16/fhp-xe-16-book/fhp-hsrp-mgo.html

QUESTION 17

In Which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?

A. A spine switch and a leaf switch can be added with redundant connections between them.

B. A spine switch can be added with at least 40 GB uplinks.

C. A leaf switch can be added with a single connection to a core spine switch.

D. A leaf switch can be added with connections to every spine switch.

Correct Answer: D

Section: 1. Network Fundamentals

 

Explanation/Reference:

Spine-leaf architecture is typically deployed as two layers: spines (such as an aggregation layer), and leaves (such as an access layer). Spineleaf topologies provide high-bandwidth, low-latency, nonblocking server-to-server connectivity.

Leaf (aggregation) switches are what provide devices access to the fabric (the network of spine and leaf switches) and are typically deployed at the top of the rack. Generally, devices connect to the leaf switches.

Devices can include servers, Layer 4-7 services (firewalls and load balancers), and WAN or Internet routers. Leaf switches do not connect to other leaf switches. In spine-and-leaf architecture, every leaf should connect to every spine in a full mesh.

Spine (aggregation) switches are used to connect to all leaf switches and are typically deployed at the end or middle of the row. Spine switches

do not connect to other spine switches.

QUESTION 18

Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)

A. It drops lower-priority packets before it drops higher-priority packets.

B. It can identify different flows with a high level of granularity.

C. It guarantees the delivery of high-priority packets.

D. It can mitigate congestion by preventing the queue from filling up.

E. It supports protocol discovery. 

Correct Answer: AD

Section: 4. IP Services

 

Explanation/Reference:

Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur:

1. The average queue size is calculated.

2. If the average is less than the minimum queue threshold, the arriving packet is queued.

3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic.

4. If the average queue size is greater than the maximum threshold, the packet is dropped. WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used

fully at all times.

WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than

packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered (-> answer A is correct).

QUESTION 19

A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?

A. CDP

B. SNMP

C. SMTP

D. ARP

Correct Answer: B

Section: 4. IP Services

Explanation/Reference:

SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.

The SNMP framework has three parts:

+ An SNMP manager

+ An SNMP agent

+ A Management Information Base (MIB)

The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects.

With SNMP, the network administrator can send commands to multiple routers to do the backup.

QUESTION 20

Refer to the exhibit. What is the effect of this configuration?

A. The switch port interface trust state becomes untrusted.

B. The switch port remains administratively down until the interface is connected to another switch.

C. Dynamic ARP inspection is disabled because the ARP ACL is missing.

D. The switch port remains down until it is configured to trust or untrust incoming packets.

Correct Answer: A

Section: 5. Security Fundamentals

Explanation/Reference:

Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.

QUESTION 21

A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two)

A. runts

B. giants

C. frame

D. CRC

E. input errors

Correct Answer: DE

Section: 1. Network Fundamentals

 

Explanation/Reference:

Whenever the physical transmission has problems, the receiving device might receive a frame whose bits have changed values. These frames do not pass the error detection logic as implemented in the FCS field in the Ethernet trailer. The receiving device discards the frame and counts it as some kind of input error.

Cisco switches list this error as a CRC error. Cyclic redundancy check (CRC) is a term related to how the FCS math detects an error.

The “input errors” includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts.

The output below show the interface counters with the “show interface s0/0/0” command:

QUESTION 22

How do TCP and UDP differ in the way that they establish a connection between two endpoints?

A. TCP uses synchronization packets, and UDP uses acknowledgment packets.

B. UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK and ACK bits.

C. UDP provides reliable message transfer and TCP is a connectionless protocol.

D. TCP uses the three-way handshake and UDP does not guarantee message delivery.

Correct Answer: D

Section: 1. Network Fundamentals

 

QUESTION 23

When OSPF learns multiple paths to a network, how does it select a route?

A. It multiple the active K value by 256 to calculate the route with the lowest metric.

B. For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth.

C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.

D. It count the number of hops between the source router and the destination to determine the router with the lowest metric.

Correct Answer: C

Section: 3. IP Connectivity

 

QUESTION 24

Refer to the exhibit. Which password must an engineer use to enter the enable mode?

A. adminadmin123

B. default

C. testing1234

D. cisco123

Correct Answer: C

Section: 2. Network Access

 

Explanation/Reference:

If neither the enable password command nor the enable secret command is configured, and if there is a line password configured for the console, the console line password serves as the enable password for all VTY sessions -> The "enable secret" will be used first if available, then "enable password" and line password.

Reference:

https://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/configuration/guide/cpt93_configuration/cpt93_configuration_chapter_0100

QUESTION 25

Which configuration is needed to generate an RSA key for SSH on a router?

A. Configure the version of SSH.

B. Configure VTY access.

C. Create a user with a password.

D. Assign a DNS domain name.

Correct Answer: D

Section: 5. Security Fundamentals

 

Explanation/Reference:

In order to generate an RSA key for SSH, we need to configure the hostname and a DNS domain name on the router (a username and password is also required). Therefore in fact both answer C and answer D are correct.

QUESTION 26

Which output displays a JSON data representation?

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: C

Section: 6. Automation and Programmability

 

Explanation/Reference:

JSON data is written as name/value pairs

A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value:

“name”:”Mark”

JSON can use arrays. Array values must be of type string, number, object, array, boolean or null.

For example:

{

“name”:”John”,

“age”:30,

“cars”:[ “Ford”, “BMW”, “Fiat” ]

}

JSON can have empty object like “taskId”:{}

QUESTION 27

What is the primary different between AAA authentication and authorization?

A. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.

B. Authentication identifies a user who is attempting to access a system, and authorization validates the users password.

C. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.

D. Authentication controls the system processes a user can access and authorization logs the activities the user initiates.

Correct Answer: C

Section: 5. Security Fundamentals

Explanation/Reference:

AAA stands for Authentication, Authorization and Accounting.

+ Authentication: Specify who you are (usually via login username & password)

+ Authorization: Specify what actions you can do, what resource you can access

+ Accounting: Monitor what you do, how long you do it (can be used for billing and auditing)  An example of AAA is shown below:

+ Authentication: "I am a normal user. My username/password is user_tom/learnforever"

+ Authorization: "user_tom can access LearnCCNA server via HTTP and FTP"

+ Accounting: "user_tom accessed LearnCCNA server for 2 hours". This user only uses "show" commands.

QUESTION 28

A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone?

A. It allows the traffic to pass through unchanged.

B. It drops the traffic.

C. It tags the traffic with the default VLAN.

D. It tags the traffic with the native VLAN.

Correct Answer: A

Section: 2. Network Access

Explanation/Reference:

Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged, regardless of the trust state of the access port on the phone.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/vlan/configuration_guide/ b_vlan_152ex_2960-x_cg/b_vlan_152ex_2960-x_cg_chapter_0110.pdf

QUESTION 29

An engineer must configure a /30 subnet between two routers. Which usable IP address and subnet mask combination meets this criteria?

A. interface e0/0

     description to HQ-A370:98968

     ip address 10.2.1.3 255.255.255.252

B. interface e0/0

     description to HQ-A370:98968

     ip address 192.168.1.1 255.255.255.248

C. interface e0/0

     description to HQ-A370:98968

     ip address 172.16.1.4 255.255.255.248

D. interface e0/0

     description to HQ-A370:98968

     ip address 209.165.201.2 255.255.255.252

Correct Answer: D

Section: 1. Network Fundamentals

Explanation/Reference:

A /30 subnet means subnet mask of 255.255.255.252. But 10.2.1.3 255.255.255.252 is a broadcast IP address; only 209.165.201.2/30 is the usable IP address.

QUESTION 30

What is a benefit of using a Cisco Wireless LAN Controller?

A. Central AP management requires more complex configurations.

B. Unique SSIDs cannot use the same authentication method.

C. It supports autonomous and lightweight APs.

D. It eliminates the need to configure each access point individually.

Correct Answer: D

Section: 1. Network Fundamentals

 

QUESTION 31

What are two characteristics of a controller-based network? (Choose two)

A. The administrator can make configuration updates from the CLI.

B. It uses northbound and southbound APIs to communicate between architectural layers.

C. It moves the control plane to a central point.

D. It decentralizes the control plane, which allows each device to make its own forwarding decisions.

E. It uses Telnet to report system issues.

Correct Answer: BC

Section: 6. Automation and Programmability

QUESTION 32

Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?

A. dual algorithm

B. metric

C. administrative distance

D. hop count

Correct Answer: C

Section: 3. IP Connectivity

 

Explanation/Reference:

Administrative distance is the feature used by routers to select the best path when there are two or more different routes to the same destination from different routing protocols. Administrative distance defines the reliability of a routing protocol.

QUESTION 33

Refer to Exhibit. How does SW2 interact with other switches in this VTP domain?

A. It processes VTP updates from any VTP clients on the network on its access ports.

B. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports

C. It forwards only the VTP advertisements that it receives on its trunk ports.

D. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports.

Correct Answer: C

Section: 2. Network Access

Explanation/Reference:

The VTP mode of SW2 is transparent so it only forwards the VTP updates it receives to its trunk links without processing them.

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

QUESTION 34

Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?

A. sniffer

B. mesh

C. flexconnect

D. local

Correct Answer: C

Section: 2. Network Access

Explanation/Reference:

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config guide/b_cg85/flexconnect.html

QUESTION 35

Which two encoding methods are supported by REST APIs? (Choose two)

A. YAML

B. JSON

C. EBCDIC

D. SGML

E. XML

Correct Answer: BE

Section: 6. Automation and Programmability

Explanation/Reference:

The Application Policy Infrastructure Controller (APIC) REST API is a programmatic interface that uses REST architecture. The API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_x/rest_api_config/ b_Cisco_N1KV_VMware_REST_API_Config_5x/b_Cisco_N1KV_VMware_REST_API_Config_5x_chapter_010.pdf

QUESTION 36

What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two)

A. when the sending device waits 15 seconds before sending the frame again

B. when the cable length limits are exceeded

C. when one side of the connection is configured for half-duplex

D. when Carner Sense Multiple Access/Collision Detection is used

E. when a collision occurs after the 32nd byte of a frame has been transmitted

Correct Answer: BC

Section: 1. Network Fundamentals

Explanation/Reference:

A late collision is defined as any collision that occurs after the first 512 bits (or 64th byte) of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, noncompliant number of hubs in the network, or a bad NIC.

Late collisions should never occur in a properly designed Ethernet network. They usually occur when Ethernet cables are too long or when there

are too many repeaters in the network.

QUESTION 37

Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table?

A. 20

B. 90

C. 110

D. 115

Correct Answer: B

Section: 3. IP Connectivity

Explanation/Reference:

The Administrative distance (AD) of EIGRP is 90 while the AD of OSPF is 110 so EIGRP route will be chosen to install into the routing table.

QUESTION 38

What is the primary effect of the spanning-tree portfast command?

A. It enables BPDU messages

B. It minimizes spanning-tree convergence time

C. It immediately puts the port into the forwarding state when the switch is reloaded

D. It immediately enables the port in the listening state

Correct Answer: B

Section: 2. Network Access

Explanation/Reference:

https://itexamanswers.net/ccna-200-301-dumps-full-questions-exam-study-guide-free.html#comment-49349

QUESTION 39

What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received?

A. The Layer 2 switch drops the received frame.

B. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN.

C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning.

D. The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address table.

Correct Answer: B

Section: 1. Network Fundamentals

 

Explanation/Reference:

If the destination MAC address is not in the CAM table (unknown destination MAC address), the switch sends the frame out all other ports that

are in the same VLAN as the received frame. This is called flooding. It does not flood the frame out the same port on which the frame was

received.

QUESTION 40

Refer to the exhibit. What is the effect of this configuration?

A. All ARP packets are dropped by the switch.

B. Egress traffic is passed only if the destination is a DHCP server.

C. All ingress and egress traffic is dropped because the interface is untrusted.

D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings.

Correct Answer: D

Section: 5. Security Fundamentals

 

Explanation/Reference:

Dynamic ARP inspection is an ingress security feature; it does not perform any egress checking.

QUESTION 41

Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP?

A. 10.4.4.4

B. 10.4.4.5

C. 172.23.103.10

D. 172.23.104.4

Correct Answer: D

Section: 4. IP Services

QUESTION 42

Refer to the exhibit. Which route does R1 select for traffic that is destined to 192 168.16.2?

A. 192.168.16.0/21

B. 192.168.16.0/24

C. 192.168 26.0/26

D. 192.168.16.0/27

Correct Answer: D

Section: 3. IP Connectivity

 

Explanation/Reference:

The destination IP addresses match all four entries in the routing table but the 192.168.16.0/27 has the longest prefix so it will be chosen. This is called the "longest prefix match" rule.

QUESTION 43

Which IPv6 address block sends packets to a group address rather than a single address?

A. 2000::/3

B. FC00::/7

C. FE80::/10

D. FF00::/8

Correct Answer: D

Section: 1. Network Fundamentals

Explanation/Reference:

FF00::/8 is used for IPv6 multicast and this is the IPv6 type of address the question wants to ask.

FE80::/10 range is used for link-local addresses. Link-local addresses only used for communications within the local subnetwork (automatic address configuration, neighbor discovery, router discovery, and by many routing protocols). It is only valid on the current subnet.

It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier (based on 48-bit MAC address).

QUESTION 44

Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)

A. management interface settings

B. QoS settings

C. Ip address of one or more access points

D. SSID

E. Profile name

Correct Answer: DE

Section: 2. Network Access

QUESTION 45

Which two actions influence the EIGRP route selection process? (Choose two)

A. The router calculates the reported distance by multiplying the delay on the exiting Interface by 256.

B. The router calculates the best backup path to the destination route and assigns it as the feasible successor.

C. The router calculates the feasible distance of all paths to the destination route.

D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link.

E. The router must use the advertised distance as the metric for any given route.

Correct Answer: BC

Section: 3. IP Connectivity

 

Explanation/Reference:

The reported distance (or advertised distance) is the cost from the neighbor to the destination. It is calculated from the router advertising the route to the network. For example in the topology below, suppose router A & B are exchanging their routing tables for the first time. Router B

says "Hey, the best metric (cost) from me to IOWA is 50 and the metric from you to IOWA is 90" and advertises it to router A.

Router A considers the first metric (50) as the Advertised distance. The second metric (90), which is from NEVADA to IOWA (through IDAHO), is called the Feasible distance

The reported distance is calculated in the same way of calculating the metric. By default (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0), the metric is calculated as follows:

-> Answer A is not correct.

Feasible successor is the backup route. To be a feasible successor, the route must have an Advertised distance (AD) less than the Feasible distance (FD) of the current successor route -> Answer B is correct.

Feasible distance (FD): The sum of the AD plus the cost between the local router and the next- hop router. The router must calculate the FD of all paths to choose the best path to put into the routing table.

Note: Although the new CCNA exam does not have EIGRP topic but you should learn the basic knowledge of this routing protocol.

QUESTION 46

Refer to Exhibit. Which action do the switches take on the trunk link?

A. The trunk does not form and the ports go into an err-disabled status.

B. The trunk forms but the mismatched native VLANs are merged into a single broadcast domain.

C. The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link.

D. The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state.

Correct Answer: B

Section: 2. Network Access

 

Explanation/Reference:

The trunk still forms with mismatched native VLANs and the traffic can actually flow between mismatched switches. But it is absolutely necessary that the native VLANs on both ends of a trunk link match; otherwise a native VLAN mismatch occurs, causing the two VLANs to

effectively merge.

For example with the above configuration, SW1 would send untagged frames for VLAN 999. SW2 receives them but would think they are for VLAN 99 so we can say these two VLANs are merged.

QUESTION 47

Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?

A. lldp timer

B. lldo holdtimt

C. lldp reinit

D. lldp tlv-select

Correct Answer: C

Section: 2. Network Access

Explanation/Reference:

+ lldp holdtime seconds: Specify the amount of time a receiving device should hold the information from your device before discarding it

+ lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface

+ lldp timer rate: Set the sending frequency of LLDP updates in seconds

 

QUESTION 48

An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?

A. Exchange

B. 2-way

C. Full

D. Init

Correct Answer: C

Section: 3. IP Connectivity

 

QUESTION 49

Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is OSPF configured?

A. The interface is not participating in OSPF.

B. A point-to-point network type is configured.

C. The default Hello and Dead timers are in use.

D. There are six OSPF neighbors on this interface.

Correct Answer: C

Section: 3. IP Connectivity

 

Explanation/Reference:

Explanation:

From the output we can see there are Designated Router & Backup Designated Router for this OSPF domain so this is a broadcast network (point-to-point and point-to multipoint networks do not elect DR & BDR) -> Answer B is not correct.

By default, the timers on a broadcast network (Ethernet, point-to-point and point-to-multipoint) are 10 seconds hello and 40 seconds dead

(therefore answer C is correct). The timers on a non- broadcast network are 30 seconds hello 120 seconds dead.

From the line “Neighbor Count is 3”, we learn there are four OSPF routers in this OSPF domain -> Answer D is not correct.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13689-17.html

QUESTION 50

An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request?

(Choose two)

A. Configure the ports in an EtherChannel.

B. Administratively shut down the ports.

C. Configure the port type as access and place in VLAN 99.

D. Configure the ports as trunk ports.

E. Enable the Cisco Discovery Protocol.

Correct Answer: BC

Section: 5. Security Fundamentals

QUESTION 51

Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?

A. Bronze

B. Platinum

C. Silver

D. Gold

Correct Answer: B

Section: 2. Network Access

Explanation/Reference:

Cisco Unified Wireless Network solution WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/

b_cg74_CONSOLIDATED_chapter_01010111.html

QUESTION 52

Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1. The new circuit uses eBGP and teams the route to VLAN25 from the BGP path.

Whats the expected behavior for the traffic flow for route 10.10.13.0/25?

A. Traffic to 10.10.13.0.25 is load balanced out of multiple interfaces.

B. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.

C. Traffic to 10.10.13.0/25 is asymmeteical.

D. Route 10.10.13.0/25 learned via the Gi0/0 interface remains in the routing table.

Correct Answer: D

Section: 3. IP Connectivity

QUESTION 53

Which statement identifies the functionality of virtual machines?

A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor.

B. The hypervisor can virtualize physical components including CPU, memory, and storage.

C. Each hypervisor can support a single virtual machine and a single software switch.

D. The hypervisor communicates on Layer 3 without the need for additional resources.

Correct Answer: B

Section: 1. Network Fundamentals

QUESTION 54

Refer to the exhibit. Which type of route does R1 use to reach host 10.10.13.10/32?

A. floating static route

B. host route

C. default route

D. network route

Correct Answer: D

Section: 1. Network Fundamentals

 

Explanation/Reference:

From the output, we see R1 will use the entry "O 10.10.13.0/25 [110/4576] via 10.10.10.1, ..." to reach host 10.10.13.10. This is a network route. Note: "B* 0.0.0.0/0 ..." is a default route.

QUESTION 55

Refer to the exhibit. Which configuration when applied to switch A accomplishes this task?

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: B

Section: 5. Security Fundamentals

 

QUESTION 56

Two switches are connected and using Cisco Dynamic Trunking Protocol SW1 is set to Dynamic Desirable. What is the result of this configuration?

A. The link is in a down state.

B. The link is in an error disables state

C. The link is becomes an access port.

D. The link becomes a trunk port.

Correct Answer: D

Section: 2. Network Access

QUESTION 57

Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

A. CPU ACL

B. TACACS

C. Flex ACL

D. RADIUS

Correct Answer: A

Section: 5. Security Fundamentals

Explanation/Reference:

Whenever you want to control which devices can talk to the main CPU, a CPU ACL is used.

Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting or generated by the CPU.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html

QUESTION 58

A user configured OSPF in a single area between two routers A serial interface connecting R1 and R2 is running encapsulation PPP, by default, which OSPF network type is seen on this interface when the user types show ip ospf interface on R1 or R2?

A. port-to-multipoint

B. broadcast

C. point-to-point

D. nonbroadcast

Correct Answer: C

Section: 3. IP Connectivity

Explanation/Reference:

The default OSPF network type for HDLC and PPP on Serial link is point-to-point (while the default OSPF network type for Ethernet link is Broadcast).

QUESTION 59

Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?

A. passive

B. mode on

C. auto

D. active

Correct Answer: D

Section: 2. Network Access

Explanation/Reference:

From the neighbor status, we notice the “Flags” are SP. “P” here means the neighbor is in Passive mode. In order to create an Etherchannel interface, the (local) SW1 ports should be in Active mode.

Moreover, the “Port State” in the exhibit is “0x3c” (which equals to “00111100 in binary format).

Bit 3 is “1” which means the ports are synchronizing -> the ports are working so the local ports should be in Active mode.

QUESTION 60

A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF by default, which type of OSPF network does this interface belong to?

A. point-to-multipoint

B. point-to-point

C. broadcast

D. nonbroadcast

Correct Answer: C

Section: 3. IP Connectivity

Explanation/Reference:

The Broadcast network type is the default for an OSPF enabled ethernet interface (while Point-toPoint is the default OSPF network type for Serial interface with HDLC and PPP encapsulation).

Reference: https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch08s15.html

QUESTION 61

An organization has decided to start using cloud-provided services.

Which cloud service allows the organization to install its own operating system on a virtual machine?

A. platform-as-a-service

B. software-as-a-service

C. network-as-a-service

D. infrastructure-as-a-service

Correct Answer: D

Section: 6. Automation and Programmability

Explanation/Reference:

Below are the 3 cloud supporting services cloud providers provide to customer:

+ SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a thirdparty vendor and whose interface is accessed on the clients' side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins.

+ PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective. With this technology, enterprise operations, or a thirdparty provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS software itself. Developers, however, manage the applications.

+ IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing. In general, IaaS provides hardware so that an organization can install their own operating system.

QUESTION 62

Which mode allows access points to be managed by Cisco Wireless LAN Controllers?

A. autonomous

B. lightweight

C. bridge

D. mobility express

Correct Answer: B

Section: 2. Network Access

 

Explanation/Reference:

A Lightweight Access Point (LAP) is an AP that is designed to be connected to a wireless LAN (WLAN) controller (WLC). APs are “lightweight,” which means that they cannot act independently of a wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are “zero touch” deployed, and individual configuration of APs is not necessary.

QUESTION 63

Which command automatically generates an IPv6 address from a specified IPvô prefix and MAC address of an interface?

A. ipv6 address dhcp

B. ipv6 address 2001:DB8:5:112::/64 eui-64

C. ipv6 address autoconfig

D. ipv6 address 2001:DB8:5:112::2/64 link-local

Correct Answer: C

Section: 1. Network Fundamentals

Explanation/Reference:

The “ipv6 address autoconfig” command causes the device to perform IPv6 stateless address autoconfiguration to discover prefixes on the link and then to add the EUI-64 based addresses to the

interface.

Addresses are configured depending on the prefixes received in Router Advertisement (RA)

messages.

The device will listen for RA messages which are transmitted periodically from the router (DHCP Server).

This RA message allows a host to create a global IPv6 address from:

+ Its interface identifier (EUI-64 address)

+ Link Prefix (obtained via RA)

Note: Global address is the combination of Link Prefix and EUI-64 address

QUESTION 64

Refer to Exhibit. An engineer is configuring the NEW York router to reach the Lot interface of the Atlanta router using interface Se0/0/0 as the primary path 

Which two commands must be configured on the New York router so that it can reach the Lo1 interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two)

A. ipv6 router 2000::1/128 2012::1

B. ipv6 router 2000::1/128 2012:1 5

C. ipv6 router 2000::1/128 2012::2

D. ipv6 router 2000::1/128 2023:2 5

E. ipv6 router 2000::1/128 2023::3 5

Correct Answer: AE

Section: 3. IP Connectivity

Explanation/Reference:

Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1. Floating static route has a manually configured administrative distance greater than that of the primary route and therefore would not be in the routing table until the primary route fails.

QUESTION 65

Refer to the exhibit. Which command provides this output?

A. show ip route

B. show ip interface

C. show interface

D. show cdp neighbor

Correct Answer: D

Section: 2. Network Access