Refer to the exhibit. Which type of route does R1 use to reach host 10.10.13.10/32? default route network route host route floating static route.
Refer to the exhibit. Which prefix does Router1 use for traffic to Host A? 10.10.10.0/28 10.10.13.0/25 10.10.13.144/28 10.10.13.208/29.
Drag and drop the descriptions of file-transfer protocols from the left onto the correct protocols on the right.
Select and Place: Provides reliability when loading an IOS image upon boot up Does not require user authetication Uses port 69 Uses port 20 and 21 Uses TCP UsesUDP.
A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two.) input errors frame giants CRC runts.
Drag and drop the IPv4 network subnets from the left onto the correct usable host ranges on the right.
Select and Place: 172.28.228.144/18 172.28.228.144/21 172.28.228.144/23 172.28.228.144/25 172.28.228.144/29.
How do TCP and UDP differ in the way that they establish a connection between two endpoints? TCP uses the three-way handshake, and UDP does not guarantee message delivery. TCP uses synchronization packets, and UDP uses acknowledgement packets. UDP provides reliable message transfer, and TCP is a connectionless protocol. UDP uses SYN, SYN ACK, and FIN bits in the frame header while TCP uses SYN, SYN ACK, and ACK bits.
Which 802.11 frame type is association response? management protected frame action control.
In which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required? A spine switch and a leaf switch can be added with redundant connections between them. A spine switch can be added with at least 40 GB uplinks. A leaf switch can be added with connections to every spine switch. A leaf switch can be added with a single connection to a core spine switch.
Which statement identifies the functionality of virtual machines? The hypervisor communicates on Layer 3 without the need for additional resources Each hypervisor can support a single virtual machine and a single software switch. The hypervisor can virtual physical components including CPU, memory, and storage Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor.
Which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC address of an interface? ipv6 address dhcp ipv6 address 2001:DB8:5:112::/64 eui-64 ipv6 address autoconfig ipv6 address 2001:DB8:5:112::2/64 link-local.
When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two.) 2000::/3 2002::5 FC00::/7 FF02::1 FF02::2.
Refer to the exhibit. Drag and drop the networking parameters from the left onto the correct values on the right.
Select and Place Default Gateway Host IP Address NIC MAC Address NIC Vendor OUI Subnet Mask.
What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received? The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address table. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN. The Layer 2 switch drops the received frame.
An engineer must configure a /30 subnet between two routes. Which usable IP address and subnet mask combination meets this criteria? interface e0/0 description to XX-AXXX:XXXXX ip address 10.2.1.3 255.255.255.252
interface e0/0 description to XX-AXXX:XXXXX ip address 192.168.1.1 255.255.255.248 interface e0/0 description to XX-AXXX:XXXXX ip address 172.16.1.4 255.255.255.248 interface e0/0 description to XX-AXXX:XXXXX ip address 209.165.201.2 225.255.255.252.
Which network allows devices to communicate without the need to access the Internet? 172.9.0.0/16
172.28.0.0/16 192.0.0.0/8 209.165.201.0/24.
Refer to the exhibit. Which statement explains the configuration error message that is received?
It belongs to a private IP address range. The router does not support /28 mask. It is a network IP address. It is a broadcast IP address.
Which IPv6 address type communication between subnets and cannot route on the Internet? link-local
unique local multicast global unicast.
Which IPv6 address block sends packets to a group address rather than a single address? 2000::/3
FC00::/7 FE80::/10 FF00::/8.
What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two.) when Carrier Sense Multiple Access/Collision Detection is used when one side of the connection is configured for half-duplex when the sending device waits 15 seconds before sending the frame again when a collision occurs after the 32nd byte of a frame has been transmitted when the cable length limits are exceeded.
What is a benefit of using a Cisco Wireless LAN Controller? It eliminates the need to configure each access point individually. Central AP management requires more complex configurations. Unique SSIDs cannot use the same authentication method. It supports autonomous and lightweight APs.
Which action is taken by switch port enabled for PoE power classification override? If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled. When a powered device begins drawing power from a PoE switch port, a syslog message is generated. As power usage on a PoE switch port is checked, data flow to the connected device is temporarily paused. If a switch determines that a device is using less than the minimum configured power, it assumes the device has failed and disconnects it.
Which statement about Link Aggregation when implementing on a Cisco Wireless LAN Controller is true? The EtherChannel must be configured in "mode active". When enabled, the WLC bandwidth drops to 500 Mbps. To pass client traffic, two or more ports must be configured. One functional physical port is needed to pass client traffic.
Which two conditions must be met before SSH can operate normally on a Cisco IOS switch? (Choose two.) IP routing must be enabled on the switch. A console password must be configured on the switch. Telnet must be disabled on the switch. The switch must be running a k9 (crypto) IOS image. The ip domain-name command must be configured on the switch.
Refer to the exhibit. Which password must an engineer use to enter the enable mode? adminadmin123 cisco123 default testing1234.
Refer to the exhibit. Which action do the switches take on the trunk link? The trunk does not form, and the ports go into an err-disabled status. The trunk forms, but the mismatched native VLANs are merged into a single broadcast domain. The trunk forms, but VLAN 99 and VLAN 999 are in a shutdown state. The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link.
What is the primary effect of the spanning-tree portfast command? It immediately enables the port in the listening state. It immediately puts the port into the forwarding state when the switch is reloaded. It enables BPDU messages. It minimizes spanning-tree convergence time.
Which result occurs when PortFast is enabled on an interface that is connected to another switch? Root port choice and spanning tree recalculation are accelerated when a switch link goes down. After spanning tree converges, PortFast shuts down any port that receives BPDUs. VTP is allowed to propagate VLAN configuration information from switch to switch automatically. Spanning tree may fail to detect a switching loop in the network that causes broadcast storms.
Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment? Platinum Bronze Gold Silver.
Refer to the exhibit. After the switch configuration, the ping test fails between PC A and PC B. Based on the output for switch 1, which error must be corrected? The PCs are in the incorrect VLAN. All VLANs are not enabled on the trunk Access mode is configured on the switch ports. There is a native VLAN mismatch.
Drag and drop the WLAN components from the left onto the correct description on the right.
Select and Place: Access Point Virtual Interface Dynamic interface service port wireless Lan Controller.
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller? local mesh flexconnect sniffer.
Refer to the exhibit. Which command provides this output? show ip route show cdp neighbor show ip interface show interface.
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol? active on auto desirable.
Which mode allows access points to be managed by Cisco Wireless LAN Controllers? bridge lightweight mobility express autonomous.
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two.) QoS settings IP address of one or more access points SSID profile name management interface settings.
Which command is used to specify the delay time in seconds for LLDP to initialize on any interface? lldp timer lldp tlv-select lldp reinit lldp holdtime.
Refer to the exhibit. How does SW2 interact with other switches in this VTP domain? It transmits and processes VTP updates from any VTP clients on the network on its trunk ports. It processes VTP updates from any VTP clients on the network on its access ports. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports. It forwards only the VTP advertisements that it receives on its trunk ports.
Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured? mode on active passive auto.
Two switches are connected and using Cisco Dynamic Trunking Protocol. SW1 is set to Dynamic Auto and SW2 is set to Dynamic Desirable. What is the result of this configuration? The link becomes an access port. The link is in an error disabled state. The link is in a down state. The link becomes a trunk port.
A Cisco IP phone receives untagged data traffic from an attached PC. Which action is taken by the phone? It drops the traffic. It allows the traffic to pass through unchanged. It tags the traffic with the native VLAN. It tags the traffic with the default VLAN.
Which design element is a best practice when deploying an 802.11b wireless infrastructure? allocating nonoverlapping channels to access points that are in close physical proximity to one another disabling TCP so that access points can negotiate signal levels with their attached wireless devices configuring access points to provide clients with a maximum of 5 Mbps setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller.
Refer to the exhibit. What does router R1 use as its OSPF router-ID? 10.10.1.10 10.10.10.20 172.16.15.10 192.168.0.1.
When OSPF learns multiple paths to a network, how does it select a route? For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth. It counts the number of hops between the source router and the destination to determine the route with the lowest metric. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the exiting interface to calculate the route with the lowest cost. It multiples the active K values by 256 to calculate the route with the lowest metric.
When a floating static route is configured, which action ensures that the backup route is used when the primary route fails? The administrative distance must be higher on the primary route so that the backup route becomes secondary. The default-information originate command must be configured for the route to be installed into the routing table. The floating static route must have a lower administrative distance that the primary route so it is used as a backup. The floating static route must have a higher administrative distance that the primary route so it is used as a backup.
Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is OSPF configured? A point-to-point network type is configured. The interface is not participating in OSPF. The default Hello and Dead timers are in use. There are six OSPF neighbors on this interface.
A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, which type of OSPF network does this interface belong to? point-to-multipoint point-to-point broadcast nonbroadcast.
Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols? dual algorithm metric administrative distance hop count.
Router A learns the same route from two different neighbors; one of the neighbor routers is an OSPF neighbor, and the other is an EIGRP neighbor.
What is the administrative distance of the route that will be installed in the routing table? 20 90 110 115.
Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router 1. The new circuit uses eBGP and learns the route to VLAN25 from the BGP path.
What is the expected behavior for the traffic flow for route 10.10.13.0/25? Traffic to 10.10.13.0/25 is load balanced out of multiple interfaces. Traffic to 10.10.13.0/25 is asymmetrical. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1. Route 10.10.13.0/25 learned via the Gi0/0 interface remains in the routing table.
Which two actions influence the EIGRP route selection process? (Choose two.) The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link. The router calculates the feasible distance of all paths to the destination route. The router must use the advertised distance as the metric for any given route The router calculates the best backup path to the destination route and assigns it as the feasible successor. The router calculates the reported distance by multiplying the delay on the exiting interface by 256.
Refer to the exhibit. If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A? It sends packets out of interface Fa0/1 only. It sends packets out of interface Fa0/2 only. It load-balances traffic out of Fa0/1 and Fa0/2. It cannot send packets to 10.10.13.128/25.
Which two outcomes are predictable behaviors for HSRP? (Choose two.) The two routers negotiate one router as the active router and the other as the standby router. The two routers share the same interface IP address, and default gateway traffic is load-balanced between them. The two routers synchronize configurations to provide consistent packet forwarding. Each router has a different IP address, both routers act as the default gateway on the LAN, and traffic is load-balanced between them. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.
Refer to the exhibit. An engineer is configuring the New York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path.
Which two commands must be configured on the New York router so that it can reach the Lo1 interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two.) Ipv6 route 2000::1/128 2012::1 Ipv6 route 2000::1/128 2012::1 5 Ipv6 route 2000::1/128 2012::2 Ipv6 route 2000::1/128 2023::2 5 Ipv6 route 2000::1/128 2023::3 5.
How does HSRP provide first hop redundancy? It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN. It forwards multiple packets to the same destination over different routed links in the data path. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table.
A network engineer is configuring an OSPFv2 neighbor adjacency. Drag and drop the parameters from the left onto their required categories on the right. No all parameters are used.
Select and Place: Area ID IP Address netmask OSPF Process ID Router ID timers.
R1 has learned route 192.168.12.0/24 via IS-IS, OSPF, RIP, and Internal EIGRP. Under normal operating conditions, which routing protocol is installed in the routing table? IS-IS Internal EIGRP RIP OSPF.
Refer to the exhibit. The default-information originate command is configured under the R1 OSPF configuration. After testing, workstations on VLAN 20 at Site
B cannot reach a DNS server on the Internet.
Which action corrects the configuration issue? Add the default-information originate command on R2. Add the always keyword to the default-information originate command on R1. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2.
Refer to the exhibit. With which metric was the route to host 172.16.0.202 learned? 0 110 38443 3184439.
A user configured OSPF in a single area between two routers. A serial interface connecting R1 and R2 is running encapsulation PPP. By default, which OSPF network type is seen on this interface when the user types show ip ospf interface on R1 or R2? nonbroadcast point-to-point point-to-multipoint broadcast.
Which MAC address is recognized as a VRRP virtual address? 0000.5E00.010a 0005.3709.8968 0000.0C07.AC99 0007.C070.AB01.
Refer to the exhibit. The New York router is configured with static routes pointing to the Atlanta and Washington sites.
Which two tasks must be performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another? (Choose two.) Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router. Configure the ipv6 route 2012::/126 2023::2 command on the Washington router. Configure the ipv6 route 2012::/126 2023::1 command on the Washington router. Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router. Configure the ipv6 route 2012::/126 s0/0/0 command on the Atlanta router.
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path? as-path administrative distance metric cost.
An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode? Init 2-way Exchange Full.
Refer to the exhibit. Which route does R1 select for traffic that is destined to 192.168.16.2? 192.168.16.0/21 192.168.16.0/24 192.168.26.0/26 192.168.16.0/27.
Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond? It starts sending traffic without a specific matching entry in the routing table to GigabitEthernet0/1. It immediately replaces the existing OSPF route in the routing table with the newly configured static route. It starts load-balancing traffic between the two default routes. It ignores the new static route until the existing OSPF default route is removed.
Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two.) It supports protocol discovery. It guarantees the delivery of high-priority packets. It can identify different flows with a high level of granularity. It can mitigate congestion by preventing the queue from filling up. It drops lower-priority packets before it drops higher-priority packets.
Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP after the NAT has taken place? 10.4.4.4 10.4.4.5 172.23.103.10 172.23.104.4.
If a notice-level message is sent to a syslog server, which event has occurred? A network device has restarted. A debug operation is running. A routing instance has flapped. An ARP inspection has failed.
DRAG DROP -
Drag and drop the functions from the left onto the correct network components on the right.
Select and Place: Resolves web URL to ip addresses assigns a default gateway to a client holds the tcp/ip settings to be distributed to the clients stores a list of ip addresses mapped to names assigns ip addresses to enable clients.
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two.) Enable NTP authentication. Verify the time zone. Specify the IP address of the NTP server. Set the NTP server private key. Disable NTP broadcasts.
DRAG DROP -
Drag and drop the network protocols from the left onto the correct transport services on the right.
Select and Place: FTP SMTP SNMP SSH TFTP VOIP.
A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB? ARP SNMP SMTP CDP.
Which command enables a router to become a DHCP client? ip address dhcp ip dhcp client ip helper-address ip dhcp pool.
Refer to the exhibit. What is the effect of this configuration? The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings. All ARP packets are dropped by the switch. Egress traffic is passed only if the destination is a DHCP server. All ingress and egress traffic is dropped because the interface is untrusted.
When a site-to-site VPN is used, which protocol is responsible for the transport of user data? IPsec IKEv1 MD5 IKEv2.
Which type of wireless encryption is used for WPA2 in preshared key mode? AES-128 TKIP with RC4 AES-256 RC4.
DRAG DROP -
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.
Select and Place: Configure BPDU guard Configure Dynamic ARP inspection Configure root guard Configure VACL.
Which command prevents passwords from being stored in the configuration as plain text on a router or switch? enable secret enable password service password-epncryption username cisco password encrypt.
Refer to the exhibit. What is the effect of this configuration? The switch port remains administratively down until the interface is connected to another switch. Dynamic ARP Inspection is disabled because the ARP ACL is missing. The switch port interface trust state becomes untrusted. The switch port remains down until it is configured to trust or untrust incoming packets.
What is the primary difference between AAA authentication and authorization? Authentication identifies and verifies a user who is attempting to access a system, and authorization controls that tasks the user can perform. Authentication controls the system processes a user can access, and authorization logs the activities the user initiates. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database. Authentication identifies a user who is attempting to access a system, and authorization validates the user's password.
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two.) decimal ASCII hexadecimal binary base64.
DRAG DROP -
Drag and drop AAA functions from the left onto the correct AAA services on the right.
Select and Place: controls the actions that a user can perform provides analytical infromation for the network adiministrator records user activities restricts the services that are available to a user verifies the password associated whit a user identifies the user.
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two.) Configure the ports as trunk ports. Enable the Cisco Discovery Protocol. Configure the port type as access and place in VLAN 99. Administratively shut down the ports. Configure the ports in an EtherChannel.
An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was safe, but the link could have contained malicious code.
Which type of security program is in place? user awareness brute force attack physical access control social engineering attack.
DRAG DROP -
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.
Select and Place: web policy passthrough wpa+wpa2 802.1x.
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks? TACACS CPU ACL Flex ACL RADIUS.
Which set of actions satisfy the requirement for multifactor authentication? The user enters a user name and password, and then re-enters the credentials on a second screen. The user swipes a key fob, then clicks through an email link. The user enter a user name and password, and then clicks a notification in an authentication app on a mobile device. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen.
Which configuration is needed to generate an RSA key for SSH on a router? Configure VTY access. Configure the version of SSH. Assign a DNS domain name. Create a user with a password.
Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended.
Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.) Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic. Add a "permit ip any any" statement to the beginning of ACL 101 for allowed traffic. The ACL must be moved to the Gi0/1 interface outbound on R2. The source and destination IPs must be swapped in ACL 101. The ACL must be configured the Gi0/2 interface inbound on R1.
An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement? WEP AES RC4 TKIP.
Which statement correctly compares traditional networks and controller-based networks? Only controller-based networks decouple the control plane and the data plane. Traditional and controller-based networks abstract policies from device configurations. Only traditional networks natively support centralized management. Only traditional networks offer a centralized control plane.
What are two benefits of network automation? (Choose two.) reduced hardware footprint reduced operational costs faster changes with more reliable results fewer network failures increased network security.
Which two encoding methods are supported by REST APIs? (Choose two.)
A. SGML
B. YAML
C. XML
D. JSON
E. EBCDIC SGML YAML XML JSON EBCDIC.
What are two characteristics of a controller-based network? (Choose two.) It uses Telnet to report system issues. The administrator can make configuration updates from the CLI. It uses northbound and southbound APIs to communicate between architectural layers. It decentralizes the control plane, which allows each device to make its own forwarding decisions. It moves the control plane to a central point.
DRAG DROP -
Drag and drop the descriptions from the left onto the correct configuration-management technologies on the right.
Select and Place: fundamental configuration elements are stored in a manifest uses tcp port 10002 for configuration push jobs uses ruby for fundamental configuration elements uses ssh for remote device communication uses tcp 8140 for communication uses yamal for fundamental configuration elements.
Which two capabilities of Cisco DNA Center make it more extensible? (Choose two.) REST APIs that allow for external applications to interact natively with Cisco DNA Center adapters that support all families of Cisco IOS Software SDKs that support interaction with third-party network equipment modular design that is upgradable as needed customized versions for small, medium, and large enterprises.
What are two southbound APIs? (Choose two.) Thrift DSC CORBA NETCONF OpenFlow.
What makes Cisco DNA Center different from traditional network management applications and their management of networks? Its modular design allows someone to implement different versions to meet the specific needs of an organization. It only supports auto-discovery of network elements in a greenfield deployment. It does not support high availability of management functions when operating in cluster mode. It abstracts policy from the actual device configuration.
Which API is used in controller-based architectures to interact with edge devices? southbound overlay northbound underlay.
An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine? platform-as-a-service network-as-a-service software-as-a-service infrastructure-as-a-service.
All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring? Configure port-security to limit the number of mac-addresses allowed on each port Upgrade the switch to one that can handle 20,000 entries Configure private-vlans to prevent hosts from communicating with one another Enable storm-control to limit the traffic rate Configure a VACL to block all IP traffic except traffic to and from that subnet.
Which two keying mechanisms are available within MACsec? (Choose two. IKE GDOI SAP MKA Diffie-Hellman.
Which two features are supported on the Cisco Adaptive Security Virtual Appliance? (Choose two.) high availability EtherChannel site-to-site VPN PAK-based licensing multiple contexts clustering.
Which type of authentication and encryption does SNMPv3 use at the authPriv security level? username authentication with MD5 or SHA encryption MD5 or SHA authentication with DES encryption username authentication with DES encryption DES authentication with MD5 or SHA encryption.
Which identity store option allows you to modify the directory services that run on TCP/IP? Lightweight Directory Access Protocol RSA SecurID server RADIUS Active Directory.
Question #6Topic 2
Which statement about system time and NTP server configuration with Cisco ISE is true? the system time and NTP server settings can be configured centrally on the Cisco ISE. The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured individually on each ISE node. NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured individually on each ISE node. The system time and NTP server settings must be configured individually on each ISE node.
Which option is required for inline security group tag propagation? Cisco Secure Access Control System hardware support Security Group Tag Exchange Protocol (SXP) v4 Cisco Identity Services Engine.
Which protocol sends authentication and accounting in different requests? RADIUS TACACS+ EAP-Chaining PEAP EAP-TLS.
Your company network security policy requires that all network traffic be tunneled to the corporate office. End users must be able to access local LAN resources when they connect to the corporate network. Which two configurations do you implement in Cisco AnyConnect? (Choose two.) split-exclude tunneling local LAN access static routes Client Bypass Protocol tunnel all.
What advantage does elliptic curve cryptography have over RSA cryptography? ECC compresses the enciphered data ECC has wider industry adoption ECC utilizes symmetric encryption for greater performance ECC provides greater security with a smaller key size.
Which description of the Layer 4 traffic Monitor on a Cisco WSA is true? monitors suspicious traffic across all the TCP/UDP ports decrypts SSL traffic to monitor for malicious content prevents data exfiltration by searching all the network traffic for specified sensitive information blocks traffic from URL categories that are known to contain malicious content.
Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall? sw-module module sfr recover boot sw-module module sfr reload hw-module module 1 reload hw-module module 1 recover boot.
Which deployment model on a Cisco ASA Firepower module in multiple-context mode allows you to evaluate the contents of the traffic without affecting the network? inline mode passive monitor-only mode inline tap monitor-only mode passive tap monitor-only mode.
Which API uses HTTP messages to transfer data to applications residing on different hosts? OpenStack REST OpenFlow OpFlex.
Which configuration register value can you set on a Cisco device so that it ignores the NVRAM when it boots? 0x2124 0x2120 0x2142 0x2102.
Which two characteristics are representative of a link-state routing protocol? (Choose two.) provides common view of entire topology exchanges routing tables for its own routes with neighbor calculates feasible path utilizes event-triggered updates utilizes frequent periodic updates.
Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.) SNMPv3 enhanced SNMPv2 security features SNMPv3 added the Inform protocol message to SNMP. SNMPv2 added the Inform protocol message to SNMP SNMPv3 added the GetBulk protocol messages to SNMP SNMPv2 added the GetBulk protocol message to SNMP. SNMPv2 added the GetNext protocol message to SNMP.
Which technology could be used on top of an MPLS VPN to add confidentiality? IPsec AES SSL 3DES.
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption? authPriv authNoPriv NoauthPriv noAuthNoPriv.
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for business purposes.
Which action can you take to retain the blacklist while allowing users to access the approved sites? Create a whitelist and manually add the approved addresses Edit the dynamic blacklist to remove the approved addresses Disable the dynamic blacklist and deny the specific address on a whitelist while permitting the others Disable the dynamic blacklist and create a static blacklist in its place.
What tab contains access point configuration in the WCS? Controller > Access Points Configure > Access Points General > Configure > Access Points System > Configure > Access Points.
A network engineer in the GUI of WCS version 7 wants to add an access point to a map. Where can this command be found within the drop-down menu? Monitor > Maps Reports > Maps Monitor > Network Summary Configure > Maps.
You are configuring SNMPv1/v2c on a WLC. What should you do for improved security? Remove the default SNMPv1 community. Remove the default SNMPv1 and SNMPv2 communities. Remove the default SNMPv2 community. Remove the default SNMPv3 users.
A customer needs wireless access points on a different VLAN from the controller to join via broadcast.
Which two commands are required on the Layer 3 switch? (Choose two.) ip forward-protocol tcp 5246 ip helper-address <WLC-Multicast-Address> ip helper-address <WLC-Virtual-Address> ip forward-protocol udp 5246 ip helper-address <WLC-Management-Address>.
An engineer has been asked to upgrade the code on a WLC that is running Cisco AireOS 8.0. Which two protocols can be used to download the code file to the controller? (Choose two.) SNMPv2c FTP SNMPv3 SFTP HTTPS.
What occurs to frames during the process of frame flooding? Frames are sent to all ports, including those that are assigned to other VLANs. Frames are sent to every port on the switch that has a matching entry in MAC address table. Frames are sent to every port on the switch in the same VLAN except from the originating port. Frames are sent to every port on the switch in the same VLAN.
Which function does the range of private IPv4 addresses perform? allows multiple companies to each use the same addresses without conflicts provides a direct connection for hosts from outside of the enterprise network ensures that NAT is not required to reach the Internet with private range addressing enables secure communications to the Internet for all external hosts.
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface? explicitly assign a link-local address disable the EUI-64 bit process enable SLAAC on an interface configure a stateful DHCPv6 server on the network.
Several new coverage cells are required to improve the Wi-Fi network of an organization. Which two standard designs are recommended? (Choose two.) 5GHz provides increased network capacity with up to 23 nonoverlapping channels. 5GHz channel selection requires an autonomous access point. Cells that overlap one another are configured to use nonoverlapping channels. Adjacent cells with overlapping channels use a repeater access point. For maximum throughput, the WLC is configured to dynamically set adjacent access points to the channel.
How do TCP and UDP differ in the way they provide reliability for delivery of packets? TCP does not guarantee delivery or error checking to ensure that there is no corruption of data, UDP provides message acknowledgement and retransmits data if lost. TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking. TCP is a connectionless protocol that does not provide reliable delivery of data; UDP is a connection-oriented protocol that uses sequencing to provide reliable delivery. TCP uses windowing to deliver packets reliably; UDP provides reliable message transfer between hosts by establishing a three-way handshake.
What are two differences between optical-fiber cabling and copper cabling? (Choose two.) A BNC connector is used for fiber connections The glass core component is encased in a cladding The data can pass through the cladding Light is transmitted through the core of the fiber Fiber connects to physical interfaces using RJ-45 connections.
How does CAPWAP communicate between an access point in local mode and a WLC? The access point must not be connected to the wired network, as it would create a loop The access point must be connected to the same switch as the WLC The access point must directly connect to the WLC using a copper cable The access point has the ability to link to any switch in the network, assuming connectivity to the WLC.
Which IPv6 address block forwards packets to a multicast address rather than a unicast address? 2000::/3 FC00::/7 FE80::/10 FF00::/12.
What is the difference regarding reliability and communication type between TCP and UDP? TCP is reliable and is a connectionless protocol; UDP is not reliable and is a connection-oriented protocol. TCP is not reliable and is a connectionless protocol; UDP is reliable and is a connection-oriented protocol. TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a connectionless protocol. TCP is reliable and is a connection-oriented protocol; UDP is not reliable and is a connectionless protocol.
What are two descriptions of three-tier network topologies? (Choose two.) The distribution layer runs Layer 2 and Layer 3 technologies The network core is designed to maintain continuous connectivity when devices fail The access layer manages routing between devices in different domains The core layer maintains wired connections for each host The core and distribution layers perform the same functions.
Which type of ipv6 address is publicly routable in the same way as ipv4 public addresses? multicast unique local link-local global unicast.
What is the expected outcome when an EUI-64 address is generated? The interface ID is configured as a random 64-bit value The characters FE80 are inserted at the beginning of the MAC address of the interface The seventh bit of the original MAC address of the interface is inverted The MAC address of the interface is used as the interface ID without modification.
A corporate office uses four floors in a building.
✑ Floor 1 has 24 users.
✑ Floor 2 has 29 users.
✑ Floor 3 has 28 users.
✑ Floor 4 has 22 users.
Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration? 192.168.0.0/24 as summary and 192.168.0.0/28 for each floor 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor.
What is a characteristic of spine-and-leaf architecture? Each link between leaf switches allows for higher bandwidth. It provides greater predictability on STP blocked ports. It provides variable latency. Each device is separated by the same number of hops.
Which two command sequences must be configured on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? (Choose two.) interface GigabitEthernet0/0/1 channel-group 10 mode auto interface GigabitEthernet0/0/1 channel-group 10 mode on interface port-channel 10 no switchport ip address 172.16.0.1 255.255.255.0 interface GigabitEthernet0/0/1 channel-group 10 mode active interface port-channel 10 switchport switchport mode trunk.
A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped? Device(config)#lldp run Device(config)#cdp run Device(config-if)#cdp enable Device(config)#flow-sampler-map topology.
How do AAA operations compare regarding user identification, user services, and access control? Authorization provides access control, and authentication tracks user services Authentication identifies users, and accounting tracks user services Accounting tracks user services, and authentication provides access control Authorization identifies users, and authentication provides access control.
What is difference between RADIUS and TACACS+? RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands. TACACS+ separates authentication and authorization, and RADIUS merges them. TACACS+ encrypts only password information, and RADIUS encrypts the entire payload. RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication.
What is a difference between local AP mode and FlexConnect AP mode? Local AP mode creates two CAPWAP tunnels per AP to the WLC Local AP mode causes the AP to behave as if it were an autonomous AP FlexConnect AP mode fails to function if the AP loses connectivity with the WLC FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured.
By default, how does EIGRP determine the metric of a route for the routing table? It uses the bandwidth and delay values of the path to calculate the route metric. It uses a default metric of 10 for all routes that are learned by the router. It counts the number of hops between the receiving and destination routers and uses that value as the metric. It uses a reference bandwidth and the actual bandwidth of the connected link to calculate the route metric.
Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task? R1#Config t R1(config)#ip routing R1(config)#ip route default-route 192.168.1.1 R1#Config t R1(config)#ip routing R1(config)#ip route 192.168.1.1 0.0.0.0 0.0.0.0 R1#Config t R1(config)#ip routing R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 R1#Config t R1(config)#ip routing R1(config)#ip default-gateway 192.168.1.1.
A packet is destined for 10.10.1.22. Which static route does the router choose to forward the packet? ip route 10.10.1.0 255.255.255.240 10.10.255.1 ip route 10.10.1.20 255.255.255.252 10.10.255.1 ip route 10.10.1.16 255.255.255.252 10.10.255.1 ip route 10.10.1.20 255.255.255.254 10.10.255.1.
What are two reasons for an engineer to configure a floating static route? (Choose two.) to enable fallback static routing when the dynamic routing protocol fails to route traffic differently based on the source IP of the packet to automatically route traffic on a secondary path when the primary path goes down to support load balancing via static routing to control the return path of traffic that is sent from the router.
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed? route with the next hop that has the highest IP route with the lowest cost route with the lowest administrative distance route with the shortest prefix length.
Which two minimum parameters must be configured on an active interface to enable OSPFV2 to operate? (Choose two.) OSPF process ID OSPF MD5 authentication key OSPF stub flag IPv6 address OSPF area.
Which function does an SNMP agent perform? It sends information about MIB variables in response to requests from the NMS It manages routing between Layer 3 devices in a network It coordinates user authentication between a network device and a TACACS+ or RADIUS server It requests information from remote network nodes about catastrophic system events.
What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two.) The DHCP server assigns IP addresses without requiring the client to renew them. The DHCP server leases client IP addresses dynamically. The DHCP client can request up to four DNS server addresses. The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses. The DHCP client maintains a pool of IP addresses it can assign.
Which command must be entered when a device is configured as an NTP server? ntp peer ntp master ntp authenticate ntp server.
What event has occurred if a router sends a notice level message to a syslog server? A certificate has expired An interface line has changed status A TCP connection has been torn down An ICMP connection has been built.
While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two.) The ACL is empty A matching permit statement is too broadly defined The packets fail to match any permit statement A matching deny statement is too high in the access list A matching permit statement is too high in the access list.
The service password-encryption command is entered on a router. What is the effect of this configuration? restricts unauthorized users from viewing clear-text passwords in the running configuration prevents network administrators from configuring clear-text passwords protects the VLAN database from unauthorized PC connections on the switch encrypts the password exchange when a VPN tunnel is established.
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network? SAE encryption TKIP encryption scrambled encryption key AES encryption.
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment? Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.
Which purpose does a northbound API serve in a controller-based networking architecture? facilitates communication between the controller and the applications reports device errors to a controller generates statistics for network hardware and traffic communicates between the controller and the physical network hardware.
What benefit does controller-based networking provide versus traditional networking? allows configuration and monitoring of the network from one centralized point provides an added layer of security to protect from DDoS attacks combines control and data plane functionality on a single device to minimize latency moves from a two-tier to a three-tier network architecture to provide maximum redundancy.
What is an advantage of Cisco DNA Center versus traditional campus device management? It is designed primarily to provide network assurance. It supports numerous extensibility options, including cross-domain adapters and third-party SDKs. It supports high availability for management functions when operating in cluster mode. It enables easy autodiscovery of network elements in a brownfield deployment.
What are two fundamentals of virtualization? (Choose two.) It allows logical network devices to move traffic between virtual machines and the rest of the physical network. It allows multiple operating systems and applications to run independently on one physical server. It allows a physical router to directly connect NICs from each virtual machine into the network. It requires that some servers, virtual machines, and network gear reside on the Internet. The environment must be configured with one hypervisor that serves solely as a network manager to monitor SNMP traffic.
How does Cisco DNA Center gather data from the network? Devices use the call-home protocol to periodically send data to the controller Devices establish an IPsec tunnel to exchange data with the controller The Cisco CLI Analyzer tool gathers data from each licensed network device and streams it to the controller Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller.
|
