CCNA 4, Final Exam - C
Pagpalain nawa part 3
Questions and Answers
- 1.
What is a primary difference between a company LAN and the WAN services that it uses?
- A.
The company must subscribe to an external WAN service provider.
- B.
The company has direct control over its WAN links but not over its LAN.
- C.
Each LAN has a specified demarcation point to clearly separate access layer and distribution layer equipment.
- D.
The LAN may use a number of different network access layer standards whereas the WAN will use only one standard.
Correct Answer
A. The company must subscribe to an external WAN service provider.Explanation
The primary difference between a company LAN and the WAN services it uses is that the company must subscribe to an external WAN service provider. This means that the company does not have direct control over its WAN links, as it relies on a third-party provider for the WAN services. In contrast, the company has direct control over its LAN, which allows it to manage and configure the local network infrastructure according to its specific needs.Rate this question:
-
- 2.
Which circumstance would result in an enterprise deciding to implement a corporate WAN?
- A.
When its employees become distributed across many branch locations
- B.
When the network will span multiple buildings
- C.
When the number of employees exceeds the capacity of the LAN
- D.
When the enterprise decides to secure its corporate LAN
Correct Answer
A. When its employees become distributed across many branch locationsExplanation
An enterprise would decide to implement a corporate WAN when its employees become distributed across many branch locations. This is because a WAN (Wide Area Network) allows for the connection of multiple local area networks (LANs) over a large geographical area. By implementing a corporate WAN, the enterprise can ensure that all branch locations are connected and can communicate with each other effectively. This enables seamless collaboration and data sharing between employees in different locations, improving overall productivity and efficiency.Rate this question:
-
- 3.
To which two layers of the OSI model do WAN technologies provide services? (Choose two.)
- A.
network layer
- B.
Session layer
- C.
Physical layer
- D.
Transport layer
- E.
Data link layer
- F.
Presentation layer
Correct Answer(s)
C. pHysical layer
E. Data link layerExplanation
WAN technologies provide services at the physical layer and data link layer of the OSI model. The physical layer is responsible for the transmission and reception of raw bit streams over a physical medium, while the data link layer is responsible for the reliable transfer of data between two nodes connected by a physical layer. WAN technologies, such as DSL, Ethernet, and Frame Relay, operate at these two layers to establish and maintain connections over wide area networks.Rate this question:
-
- 4.
Which two technologies are private WAN technologies? (Choose two.)
- A.
Cable
- B.
Frame Relay
- C.
DSL
- D.
ATM
- E.
Cellular
Correct Answer(s)
B. Frame Relay
D. ATMExplanation
Frame Relay and ATM are both private WAN technologies. Frame Relay is a packet-switching technology that allows multiple virtual circuits to be established over a single physical connection. It is often used for connecting remote offices or branch locations to a central network. ATM (Asynchronous Transfer Mode) is a cell-switching technology that uses fixed-size cells to transmit data. It is commonly used in high-speed networks and can support various types of traffic, including voice, video, and data. Both Frame Relay and ATM provide secure and reliable connectivity for private wide area networks.Rate this question:
-
- 5.
Which WAN technology can switch any type of payload based on labels?
- A.
PSTN
- B.
DSL
- C.
MPLS
- D.
T1/E1
Correct Answer
C. MPLSExplanation
MPLS (Multiprotocol Label Switching) is a WAN technology that can switch any type of payload based on labels. It uses labels to direct traffic along predetermined paths, allowing for efficient and fast routing of data packets across a network. MPLS is commonly used by service providers to deliver high-performance, reliable, and secure connections for businesses. It provides flexibility in handling different types of traffic, making it an ideal choice for organizations with diverse network requirements.Rate this question:
-
- 6.
What technology can be used to create a private WAN via satellite communications?
- A.
VSAT
- B.
VPN
- C.
3G/4G cellular
- D.
Dialup
- E.
WiMAX
Correct Answer
A. VSATExplanation
VSAT stands for Very Small Aperture Terminal, which is a technology that can be used to create a private WAN (Wide Area Network) via satellite communications. VSAT systems use small satellite dishes to transmit and receive data, allowing for private and secure communication over long distances. This technology is commonly used in remote areas where traditional wired networks are not available or practical. VPN (Virtual Private Network) is a different technology that provides secure communication over public networks, but it does not specifically rely on satellite communications.Rate this question:
-
- 7.
Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?
- A.
ISDN
- B.
DSL
- C.
Dialup
- D.
Cable
Correct Answer
B. DSLExplanation
DSL, or Digital Subscriber Line, is the correct answer because it utilizes copper telephone lines to provide internet access. DSL technology allows for the transmission of digital data over traditional telephone lines, enabling high-speed internet connections. In this scenario, the subscribers' connections are multiplexed into a single T3 link connection, which is a high-speed digital transmission line capable of transmitting data at a rate of 44.736 Mbps. Therefore, DSL is the most suitable public WAN access technology for this situation.Rate this question:
-
- 8.
A corporation is searching for an easy and low cost solution to provide teleworkers with a secure connection to headquarters. Which solution should be selected?
- A.
dial-up connection
- B.
leased line connection
- C.
site-to-site VPN over the Internet
- D.
Remote access VPN over the Internet
Correct Answer
D. Remote access VPN over the InternetExplanation
A remote access VPN over the Internet would be the most suitable solution for the corporation's needs. This option allows teleworkers to securely connect to the headquarters using the Internet. It is easy to set up and cost-effective, making it a convenient choice for the corporation. Dial-up connection would not provide the required level of security, while a leased line connection would be expensive. Site-to-site VPN over the Internet is designed for connecting multiple offices, not individual teleworkers.Rate this question:
-
- 9.
How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?
- A.
2
- B.
12
- C.
24
- D.
28
Correct Answer
C. 24Explanation
A DS1 line has a data rate of 1.544 Mb/s. Each DS0 channel has a data rate of 64 kb/s. To calculate the number of DS0 channels required to produce a DS1 line, we divide the data rate of the DS1 line by the data rate of a DS0 channel: 1.544 Mb/s / 64 kb/s = 24. Therefore, 24 DS0 channels are required to produce a 1.544 Mb/s DS1 line.Rate this question:
-
- 10.
Refer to the exhibit. Communication between two peers has failed. Based on the output that is shown, what is the most likely cause?
- A.
Interface reset
- B.
unplugged cable
- C.
Improper cable type
- D.
PPP issue
Correct Answer
D. PPP issueExplanation
Based on the given output, the most likely cause for the communication failure is a PPP issue. The output shows that the LCP negotiation failed, which is a key component of the PPP protocol used for establishing and configuring a point-to-point connection. This suggests that there is an issue with the PPP configuration or authentication, leading to the communication failure between the two peers.Rate this question:
-
- 11.
Refer to the exhibit. Which type of Layer 2 encapsulation used for connection D requires Cisco routers?
- A.
Ethernet
- B.
PPPoE
- C.
HDLC
- D.
PPP
Correct Answer
C. HDLCExplanation
HDLC (High-Level Data Link Control) is a Layer 2 encapsulation protocol used for connection D that requires Cisco routers. HDLC is a synchronous protocol that provides a reliable and efficient way to encapsulate data over point-to-point links. It is commonly used in Cisco environments for serial connections and provides features such as error detection and flow control. Ethernet, PPPoE, and PPP are also Layer 2 encapsulation protocols, but in this case, HDLC is specifically mentioned as the required encapsulation for connection D.Rate this question:
-
- 12.
Which three statements are true about PPP? (Choose three.)
- A.
PPP can use synchronous and asynchronous circuits.
- B.
PPP can only be used between two Cisco devices.
- C.
PPP carries packets from several network layer protocols in LCPs.
- D.
PPP uses LCPs to establish, configure, and test the data-link connection.
- E.
PPP uses LCPs to agree on format options such as authentication, compression, and error detection.
Correct Answer(s)
A. PPP can use synchronous and asynchronous circuits.
D. PPP uses LCPs to establish, configure, and test the data-link connection.
E. PPP uses LCPs to agree on format options such as authentication, compression, and error detection.Explanation
PPP can use both synchronous and asynchronous circuits, allowing it to support a wide range of network connections. It is not limited to being used only between Cisco devices, as it is a standardized protocol that can be implemented by various vendors. PPP carries packets from multiple network layer protocols by encapsulating them within LCPs. LCPs are also used by PPP to establish, configure, and test the data-link connection. Additionally, LCPs are used to negotiate and agree upon various format options such as authentication, compression, and error detection.Rate this question:
-
- 13.
A network administrator is configuring a PPP link with the commands:R1(config-if)# encapsulation ppp R1(config-if)# ppp quality 70What is the effect of these commands?
- A.
The PPP link will be closed down if the link quality drops below 70 percent.
- B.
The NCP will send a message to the sending device if the link usage reaches 70 percent.
- C.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.
- D.
The PPP link will not be established if more than 30 percent of options cannot be accepted.
Correct Answer
A. The PPP link will be closed down if the link quality drops below 70 percent.Explanation
The "ppp quality 70" command is used to set a threshold for the link quality in a PPP link. If the link quality drops below 70 percent, the PPP link will be closed down. This means that if the link becomes unreliable or the quality of the connection deteriorates, the PPP link will be terminated to prevent further communication over a degraded link.Rate this question:
-
- 14.
A network administrator is evaluating authentication protocols for a PPP link. Which three factors might lead to the selection of CHAP over PAP as the authentication protocol? (Choose three.)
- A.
establishes identities with a two-way handshake
- B.
Uses a three-way authentication periodically during the session to reconfirm identities
- C.
Control by the remote host of the frequency and timing of login events
- D.
Transmits login information in encrypted format
- E.
Uses an unpredictable variable challenge value to prevent playback attacks
- F.
Makes authorized network administrator intervention a requirement to establish each session
Correct Answer(s)
B. Uses a three-way authentication periodically during the session to reconfirm identities
D. Transmits login information in encrypted format
E. Uses an unpredictable variable challenge value to prevent playback attacksExplanation
The three factors that might lead to the selection of CHAP over PAP as the authentication protocol are:
1) CHAP uses a three-way authentication periodically during the session to reconfirm identities, providing an extra layer of security compared to PAP which only authenticates once at the beginning of the session.
2) CHAP transmits login information in encrypted format, ensuring that the information is protected from unauthorized access.
3) CHAP uses an unpredictable variable challenge value to prevent playback attacks, making it more secure against potential attacks compared to PAP.Rate this question:
-
- 15.
Which cellular or mobile wireless standard is considered a fourth generation technology?
- A.
LTE
- B.
GSM
- C.
CDMA
- D.
UMTS
Correct Answer
A. LTEExplanation
LTE, which stands for Long-Term Evolution, is considered a fourth-generation cellular or mobile wireless standard. It is designed to provide faster data transfer speeds, lower latency, and increased capacity compared to previous generations. LTE technology is widely used in modern smartphones and networks worldwide, offering improved performance and enhanced user experience for mobile communication and internet access.Rate this question:
-
- 16.
A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?
- A.
Satellite
- B.
DSL
- C.
WiMax
- D.
Cable
Correct Answer
D. CableExplanation
Cable would be the appropriate broadband solution for the company because it is typically less expensive compared to satellite and WiMax. Additionally, cable internet can provide high download speeds, including at least 10 Mb/s, which meets the company's requirement. DSL could also be a suitable option, but it may not offer the same level of speed and reliability as cable.Rate this question:
-
- 17.
Which technology can ISPs use to periodically challenge broadband customers over DSL networks with PPPoE?
- A.
PAP
- B.
CHAP
- C.
HDLC
- D.
Frame Relay
Correct Answer
B. CHAPExplanation
ISPs can use CHAP (Challenge Handshake Authentication Protocol) to periodically challenge broadband customers over DSL networks with PPPoE. CHAP is a protocol used for authentication in PPP (Point-to-Point Protocol) connections. It provides a more secure method of authentication by periodically sending a challenge to the client, which the client must respond to with the correct password. This helps to ensure that only authorized users are able to access the network. PAP (Password Authentication Protocol) is another authentication protocol used in PPP connections, but it does not provide the same level of security as CHAP. HDLC (High-Level Data Link Control) and Frame Relay are not authentication protocols and are not used for challenging broadband customers.Rate this question:
-
- 18.
What are the three core components of the Cisco ACI architecture? (Choose three.)
- A.
Application Network Profile
- B.
Application Policy Infrastructure Controller
- C.
Cisco Nexus Switches
- D.
Microsoft hypervisor
- E.
Cisco Information Server
- F.
Virtual Security Gateway
Correct Answer(s)
A. Application Network Profile
B. Application Policy Infrastructure Controller
C. Cisco Nexus SwitchesExplanation
The three core components of the Cisco ACI architecture are the Application Network Profile, the Application Policy Infrastructure Controller, and the Cisco Nexus Switches. The Application Network Profile is responsible for defining the requirements of an application, including its connectivity and security policies. The Application Policy Infrastructure Controller is the central management point for the ACI fabric, providing policy-based automation and orchestration. The Cisco Nexus Switches form the physical infrastructure of the ACI fabric, providing high-performance network connectivity and programmability. These three components work together to enable the deployment and management of applications in the ACI architecture.Rate this question:
-
- 19.
Which statement describes a feature of site-to-site VPNs?
- A.
The VPN connection is not statically defined.
- B.
VPN client software is installed on each host.
- C.
Internal hosts send normal, unencapsulated packets.
- D.
Individual hosts can enable and disable the VPN connection.
Correct Answer
C. Internal hosts send normal, unencapsulated packets.Explanation
Site-to-site VPNs allow multiple networks to securely communicate with each other over the internet. Unlike remote access VPNs where client software is installed on each host, site-to-site VPNs typically use dedicated devices or routers to establish the VPN connection. In site-to-site VPNs, internal hosts send normal, unencapsulated packets, meaning that the packets are not modified or encapsulated before being transmitted over the VPN tunnel. This allows the internal hosts to communicate with each other as if they were on the same local network.Rate this question:
-
- 20.
What are three features of a GRE tunnel? (Choose three.)
- A.
Creates nonsecure tunnels between remote sites
- B.
Transports multiple Layer 3 protocols
- C.
Creates additional packet overhead
- D.
Uses RSA signatures to authenticate peeers
- E.
Provides encryption to keep VPN traffic confidential
- F.
Supports hosts as GRE tunnel endpoints by installing Cisco VPN client software
Correct Answer(s)
A. Creates nonsecure tunnels between remote sites
B. Transports multiple Layer 3 protocols
C. Creates additional packet overheadExplanation
The three features of a GRE tunnel are:
1. It creates nonsecure tunnels between remote sites, allowing for the transmission of data between these sites over an insecure network.
2. It transports multiple Layer 3 protocols, enabling different protocols to be encapsulated and transmitted over the GRE tunnel.
3. It creates additional packet overhead, as the original packet is encapsulated within a GRE header, resulting in an increase in packet size.Rate this question:
-
- 21.
Refer to the exhibit. What two commands are needed to complete the GRE tunnel configuration on router R1? (Choose two.)
- A.
R1(config-if)# tunnel source 209.165.202.129
- B.
R1(config-if)# tunnel source 172.16.2.1
- C.
R1(config-if)# tunnel destination 206.165.202.130
- D.
R1(config-if)# tunnel destination 172.16.2.2
- E.
R1(config-if)# tunnel source 209.165.202.130
- F.
R1(config-if)# tunnel destination 206.165.202.129
Correct Answer(s)
A. R1(config-if)# tunnel source 209.165.202.129
C. R1(config-if)# tunnel destination 206.165.202.130Explanation
The correct answer is R1(config-if)# tunnel source 209.165.202.129 and R1(config-if)# tunnel destination 206.165.202.130. These two commands are needed to configure the source and destination IP addresses for the GRE tunnel on router R1. The "tunnel source" command specifies the source IP address for the tunnel, and the "tunnel destination" command specifies the destination IP address for the tunnel. In this case, the source IP address is 209.165.202.129 and the destination IP address is 206.165.202.130.Rate this question:
-
- 22.
What does BGP use to exchange routing updates with neighbors?
- A.
TCP connections
- B.
Area numbers
- C.
Group identification numbers
- D.
Hellos
Correct Answer
A. TCP connectionsExplanation
BGP (Border Gateway Protocol) uses TCP connections to exchange routing updates with neighbors. TCP (Transmission Control Protocol) ensures reliable and ordered delivery of data packets between devices. BGP uses TCP to establish a connection between routers and exchange routing information, including updates about network reachability and path selection. This allows routers to maintain an up-to-date and accurate view of the network topology, facilitating efficient and effective routing decisions.Rate this question:
-
- 23.
Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
- A.
Access-list 105 permit ip host 10.0.70.23 host 10.0.54.5access-list 105 permit tcp any host 10.0.54.5 eq wwwaccess-list 105 permit ip any any
- B.
Access-list 105 permit tcp host 10.0.54.5 any eq wwwaccess-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
- C.
Access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq wwwaccess-list 105 deny ip any host 10.0.54.5access-list 105 permit ip any any
- D.
R2(config)# interface gi0/0R2(config-if)# ip access-group 105 in
- E.
R1(config)# interface gi0/0R1(config-if)# ip access-group 105 out
- F.
R1(config)# interface s0/0/0R1(config-if)# ip access-group 105 out
Correct Answer(s)
C. Access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq wwwaccess-list 105 deny ip any host 10.0.54.5access-list 105 permit ip any any
E. R1(config)# interface gi0/0R1(config-if)# ip access-group 105 outExplanation
The correct answer is access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20, access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21, access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www, access-list 105 deny ip any host 10.0.54.5, access-list 105 permit ip any any. This ACL allows TCP traffic from the IP address 10.0.70.23 to the FTP server on ports 20 and 21, and allows TCP traffic from any IP address within the 10.x.x.x range to the web server on port 80. It also denies any IP traffic from any source to the FTP server, and allows any other IP traffic. The ACL is applied outbound on interface gi0/0 of router R1.Rate this question:
-
- 24.
Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new statement to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
- A.
Manually add the new deny statement with a sequence number of 5.
- B.
Manually add the new deny statement with a sequence number of 15.
- C.
Create a second access list denying the host and apply it to the same interface.
- D.
Add a deny any any statement to access-list 1.
Correct Answer
A. Manually add the new deny statement with a sequence number of 5.Explanation
The administrator can manually add the new deny statement with a sequence number of 5 to the existing ACL. By adding a new statement with a lower sequence number, it will be processed before the existing permit statement for the 172.16.0.0 network. This will effectively block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network.Rate this question:
-
- 25.
Refer to the exhibit. What can be determined from this output?
- A.
The ACL is missing the deny ip any any ACE.
- B.
Because there are no matches for line 10, the ACL is not working.
- C.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
- D.
The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.
Correct Answer
D. The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.Explanation
The output shows that there are no matches for line 10, which means that the router has not received any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.Rate this question:
-
- 26.
What is the only type of ACL available for IPv6?
- A.
Named standard
- B.
Named extended
- C.
Numbered standard
- D.
Numbered extended
Correct Answer
B. Named extendedExplanation
The correct answer is "named extended." In IPv6, the only type of Access Control List (ACL) available is the named extended ACL. This type of ACL allows for more granular control over network traffic by specifying source and destination IP addresses, ports, and protocols. It provides a higher level of flexibility and security compared to other types of ACLs.Rate this question:
-
- 27.
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
- A.
Permit tcp any host 2001:DB8:10:10::100 eq 25
- B.
Permit tcp host 2001:DB8:10:10::100 any eq 25
- C.
Permit tcp any host 2001:DB8:10:10::100 eq 23
- D.
Permit tcp host 2001:DB8:10:10::100 any eq 23
Correct Answer
A. Permit tcp any host 2001:DB8:10:10::100 eq 25Explanation
The correct answer is "permit tcp any host 2001:DB8:10:10::100 eq 25". This entry allows TCP traffic from any host to the specified IPv6 address with a destination port of 25, which is the port commonly used for SMTP (Simple Mail Transfer Protocol) traffic.Rate this question:
-
- 28.
Refer to the exhibit. Considering how packets are processed on a router that is configured with ACLs, what is the correct order of the statements?
- A.
C-B-A-D
- B.
A-B-C-D
- C.
C-B-D-A
- D.
B-A-D-C
- E.
D-A-C-B
Correct Answer
C. C-B-D-AExplanation
The correct order of the statements for how packets are processed on a router configured with ACLs is C-B-D-A. First, the router checks if the packet matches any deny statements in the ACL (C). If there is a match, the packet is dropped. If there is no match, the router then checks if the packet matches any permit statements in the ACL (B). If there is a match, the packet is allowed to proceed. If there is no match, the router moves to the next step which is the default deny statement (D). If the packet does not match any permit statements and there is no default deny statement, the packet is dropped. Finally, if the packet passes all the previous steps, it is forwarded to the destination (A).Rate this question:
-
- 29.
Which two hypervisors are suitable to support virtual machines in a data center? (Choose two.)
- A.
Virtual PC
- B.
VMware Fusion
- C.
VMware ESX/ESXi
- D.
Oracle VM VirtualBox
- E.
Microsoft Hyper-V 2012
Correct Answer(s)
C. VMware ESX/ESXi
E. Microsoft Hyper-V 2012Explanation
The correct answer is VMware ESX/ESXi and Microsoft Hyper-V 2012. These two hypervisors are suitable for supporting virtual machines in a data center. VMware ESX/ESXi is a popular choice for virtualization in enterprise environments, offering robust features and scalability. Microsoft Hyper-V 2012 is also widely used and provides a comprehensive virtualization platform for Windows-based systems. Both hypervisors offer the necessary capabilities and management tools to effectively run and manage virtual machines in a data center setting.Rate this question:
-
- 30.
How can DHCP spoofing attacks be mitigated?
- A.
By disabling DTP negotiations on nontrunking ports
- B.
By implementing DHCP snooping on trusted ports
- C.
By implementing port security
- D.
By the application of the ip verify source command to untrusted ports​
Correct Answer
B. By implementing DHCP snooping on trusted portsExplanation
DHCP spoofing attacks can be mitigated by implementing DHCP snooping on trusted ports. DHCP snooping is a security feature that helps prevent unauthorized DHCP servers from providing false IP addresses to clients. By enabling DHCP snooping on trusted ports, the switch can monitor and verify the legitimacy of DHCP messages. It maintains a binding table of trusted DHCP servers and their associated IP addresses, ensuring that only valid DHCP responses are forwarded to clients. This helps to prevent attackers from spoofing DHCP servers and distributing malicious IP addresses.Rate this question:
-
- 31.
What is a secure configuration option for remote access to a network device?
- A.
Configure SSH.
- B.
Configure Telnet.
- C.
Configure 802.1x.
- D.
Configure an ACL and apply it to the VTY lines.
Correct Answer
A. Configure SSH.Explanation
Configuring SSH (Secure Shell) is a secure configuration option for remote access to a network device. SSH provides encrypted communication between the client and the server, ensuring confidentiality and integrity of data transmitted over the network. It also provides authentication mechanisms, such as public-key cryptography, to ensure that only authorized users can access the network device remotely. In contrast, Telnet is an insecure remote access protocol that transmits data in clear text, making it susceptible to eavesdropping and unauthorized access. Configuring 802.1x is a network access control mechanism, not specifically related to remote access configuration. Configuring an ACL (Access Control List) and applying it to the VTY (Virtual Terminal) lines can provide additional security measures by filtering incoming connections, but SSH is still the recommended secure configuration option for remote access.Rate this question:
-
- 32.
What action can a network administrator take to help mitigate the threat of VLAN attacks?
- A.
Disable VTP.
- B.
Configure all switch ports to be members of VLAN 1.
- C.
Disable automatic trunking negotiation.
- D.
Enable PortFast on all switch ports.
Correct Answer
C. Disable automatic trunking negotiation.Explanation
Disabling automatic trunking negotiation can help mitigate the threat of VLAN attacks because it prevents unauthorized switches from automatically establishing trunk links with the network. Trunk links are used to carry traffic for multiple VLANs, and if an attacker gains access to a trunk link, they can potentially access and manipulate traffic from multiple VLANs. By disabling automatic trunking negotiation, the network administrator can ensure that trunk links are only established with authorized switches, reducing the risk of VLAN attacks.Rate this question:
-
- 33.
What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
- A.
VTP
- B.
LLDP
- C.
HSRP
- D.
RADIUS
- E.
TACACS
Correct Answer(s)
D. RADIUS
E. TACACSExplanation
RADIUS and TACACS are the two protocols supported on Cisco devices for AAA (Authentication, Authorization, and Accounting) communications. RADIUS (Remote Authentication Dial-In User Service) is a widely used protocol that provides centralized authentication, authorization, and accounting for remote access users. TACACS (Terminal Access Controller Access-Control System) is an older but still commonly used protocol that separates the authentication, authorization, and accounting functions into separate servers. Both protocols are used to authenticate and authorize users accessing network resources and provide accounting information for auditing and billing purposes.Rate this question:
-
- 34.
Which SNMP message type informs the network management system (NMS) immediately of certain specified events?
- A.
GET request
- B.
SET request
- C.
GET response
- D.
Trap
Correct Answer
D. TrapExplanation
A Trap is an SNMP message type that informs the network management system (NMS) immediately of certain specified events. When an event occurs, such as a device failure or a threshold being exceeded, the device sends a Trap message to the NMS to notify it of the event. This allows the NMS to quickly respond and take appropriate actions to address the event. Traps are an important feature of SNMP for proactive network monitoring and management.Rate this question:
-
- 35.
Refer to the exhibit. A SNMP manager is using the community string of snmpenable and is configured with the IP address 172.16.10.1. The SNMP manager is unable to read configuration variables on the R1 SNMP agent. What could be the problem?​
- A.
The SNMP agent is not configured for read-only access.
- B.
The community of snmpenable2 is incorrectly configured on the SNMP agent
- C.
The ACL is not permitting access by the SNMP manager.
- D.
The incorrect community string is configured on the SNMP manager.
Correct Answer
C. The ACL is not permitting access by the SNMP manager.Explanation
The SNMP manager is unable to read configuration variables on the R1 SNMP agent because the ACL is not permitting access by the SNMP manager. This means that the SNMP manager's IP address is not allowed to access the SNMP agent due to the access control list configuration.Rate this question:
-
- 36.
Refer to the exhibit. Which SNMP authentication password must be used by the member of the ADMIN group that is configured on router R1?
- A.
Cisco54321
- B.
Cisco98765
- C.
Cisco123456
- D.
Cisco654321
Correct Answer
C. Cisco123456Explanation
The SNMP authentication password that must be used by the member of the ADMIN group configured on router R1 is "cisco123456". This can be determined by examining the given options and selecting the one that matches the password requirement for the ADMIN group on the router.Rate this question:
-
- 37.
A network administrator has noticed an unusual amount of traffic being received on a switch port that is connected to a college classroom computer. Which tool would the administrator use to make the suspicious traffic available for analysis at the college data center?
- A.
RSPAN
- B.
TACACS+
- C.
802.1X
- D.
DHCP snooping
- E.
SNMP
Correct Answer
A. RSPANExplanation
The network administrator would use RSPAN (Remote Switched Port Analyzer) to make the suspicious traffic available for analysis at the college data center. RSPAN allows the administrator to monitor traffic from one or more ports on a remote switch and send it to a designated port on another switch for analysis. This way, the suspicious traffic can be captured and analyzed at the data center without disrupting the normal operation of the classroom computer.Rate this question:
-
- 38.
What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?
- A.
802.1X
- B.
SNMP
- C.
SPAN
- D.
Syslog
Correct Answer
C. SPANExplanation
SPAN stands for Switched Port Analyzer. It is a network monitoring tool that copies the traffic flowing through one switch port and sends it to another switch port for analysis. This allows network administrators to monitor and analyze network traffic without interrupting the normal flow of data. SPAN is commonly used for troubleshooting network issues, monitoring network performance, and capturing network packets for analysis.Rate this question:
-
- 39.
Voice packets are being received in a continuous stream by an IP phone, but because of network congestion the delay between each packet varies and is causing broken conversations. What term describes the cause of this condition?
- A.
Buffering
- B.
Latency
- C.
Queuing
- D.
Jitter
Correct Answer
D. JitterExplanation
Jitter is the term that describes the cause of the broken conversations in this scenario. Jitter refers to the variation in delay between the arrival of voice packets due to network congestion. This variation in delay disrupts the continuous stream of packets, resulting in broken conversations.Rate this question:
-
- 40.
What mechanism compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream?
- A.
Digital signal processor
- B.
Playout delay buffer
- C.
Voice codec
- D.
WFQ
Correct Answer
B. Playout delay bufferExplanation
A playout delay buffer compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream. Jitter refers to the variation in the arrival time of packets, which can disrupt the smooth playback of audio. By buffering the packets and delaying their playback, the playout delay buffer ensures a consistent and continuous stream of audio, compensating for the variations in packet arrival time and minimizing the impact of jitter on the audio quality.Rate this question:
-
- 41.
Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?
- A.
CBWFQ
- B.
FIFO
- C.
LLQ
- D.
FCFS
Correct Answer
C. LLQExplanation
LLQ stands for Low Latency Queueing, which is a QoS mechanism that allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent. It prioritizes certain types of traffic over others, ensuring that time-sensitive data is transmitted with minimal delay. This mechanism is commonly used in networks where real-time applications, like VoIP or video conferencing, require immediate and uninterrupted transmission.Rate this question:
-
- 42.
Which type of network traffic cannot be managed using congestion avoidance tools?
- A.
UDP
- B.
TCP
- C.
IP
- D.
ICMP
Correct Answer
A. UDPExplanation
UDP (User Datagram Protocol) is a connectionless protocol that does not provide any congestion control mechanism. Unlike TCP (Transmission Control Protocol), which employs congestion avoidance tools like windowing and slow-start algorithm, UDP does not have any built-in congestion control mechanisms. Therefore, network traffic using UDP cannot be managed effectively using congestion avoidance tools.Rate this question:
-
- 43.
Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?
- A.
Traffic shaping
- B.
Weighted random early detection
- C.
Classification and marking
- D.
Traffic policing
Correct Answer
A. Traffic shapingExplanation
The correct answer is traffic shaping. Traffic shaping is a congestion avoidance technique used to control the rate at which traffic is sent out of an interface. It regulates the flow of traffic by buffering packets and controlling the transmission rate. This helps to prevent congestion by smoothing out the traffic flow and ensuring that it adheres to a specified rate.Rate this question:
-
- 44.
What is the function of a QoS trust boundary?
- A.
A trust boundary identifies the location where traffic cannot be remarked.
- B.
A trust boundary identifies which devices trust the marking on packets that enter a network.
- C.
A trust boundary only allows traffic to enter if it has previously been marked.
- D.
A trust boundary only allows traffic from trusted endpoints to enter the network.
Correct Answer
B. A trust boundary identifies which devices trust the marking on packets that enter a network.Explanation
A QoS trust boundary is a mechanism that determines which devices within a network trust the marking on packets that enter the network. This means that only devices within the trust boundary will consider the markings on the packets for QoS purposes, while devices outside the trust boundary may ignore or override the markings. This helps ensure that QoS policies are applied consistently within the network and that traffic is appropriately prioritized based on its markings.Rate this question:
-
- 45.
Which type of QoS marking is applied to Ethernet frames?
- A.
CoS
- B.
ToS
- C.
DSCP
- D.
IP precedence
Correct Answer
A. CoSExplanation
CoS, or Class of Service, is the type of QoS marking that is applied to Ethernet frames. CoS is used to prioritize network traffic and ensure that certain packets receive preferential treatment over others. It is commonly used in Ethernet networks to differentiate between different types of traffic and allocate appropriate resources accordingly. CoS marking allows for the implementation of quality of service policies, such as prioritizing voice or video traffic over data traffic, to ensure optimal network performance.Rate this question:
-
- 46.
Which pillar of the Cisco IoT System allows data to be analyzed and managed at the location where it is generated?
- A.
Data analytics
- B.
Fog computing
- C.
Network connectivity
- D.
Application enhancement platform
Correct Answer
B. Fog computingExplanation
Fog computing is the pillar of the Cisco IoT System that allows data to be analyzed and managed at the location where it is generated. Fog computing enables data processing and analytics to be performed closer to the edge devices, reducing latency and bandwidth usage. This allows for real-time decision making and faster response times. By bringing computation and storage capabilities closer to the data source, fog computing enables efficient and effective data management in IoT systems.Rate this question:
-
- 47.
A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?
- A.
Conduct a performance test and compare with the baseline that was established previously.
- B.
Determine performance on the intranet by monitoring load times of company web pages from remote sites.
- C.
Interview departmental administrative assistants to determine if web pages are loading more quickly.
- D.
Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.
Correct Answer
A. Conduct a performance test and compare with the baseline that was established previously.Explanation
The best way for the network administrator to determine how the change has affected performance and availability on the company intranet is to conduct a performance test and compare it with the baseline that was established previously. By conducting a performance test, the administrator can measure metrics such as response time, throughput, and error rates to assess the impact of the change. Comparing these results with the baseline will provide a clear indication of any changes in performance and availability.Rate this question:
-
- 48.
In which stage of the troubleshooting process would ownership be researched and documented?
- A.
Gather symptoms.
- B.
Implement corrective action.
- C.
Isolate the problem.
- D.
Update the user and document the problem.
Correct Answer
A. Gather symptoms.Explanation
In the stage of gathering symptoms during the troubleshooting process, ownership would be researched and documented. This is because, in order to effectively troubleshoot a problem, it is important to identify who is responsible for the issue and document their involvement. By researching and documenting ownership, it becomes easier to track the problem, assign responsibilities, and communicate with the appropriate individuals throughout the troubleshooting process.Rate this question:
-
- 49.
Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
- A.
A less-structured approach based on an educated guess
- B.
An approach comparing working and nonworking components to spot significant differences
- C.
A structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
- D.
an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
Correct Answer
A. A less-structured approach based on an educated guessExplanation
A seasoned network administrator, with their experience and knowledge, can rely on their intuition and expertise to make educated guesses about the cause of a problem. They may have encountered similar issues in the past and can draw from that experience to troubleshoot effectively. This approach allows for more flexibility and creativity in problem-solving, as they can quickly narrow down potential causes without following a strict structure. In contrast, a less-experienced network administrator may benefit from a more structured approach that systematically analyzes different components and layers to identify the problem.Rate this question:
-
- 50.
A router has been configured to use simulated network traffic in order to monitor the network performance between the router and a distant network device. Which command would display the results of this analysis?
- A.
Show ip route
- B.
Show ip protocols
- C.
Show ip sla statistics
- D.
Show monitor
Correct Answer
C. Show ip sla statisticsExplanation
The command "show ip sla statistics" would display the results of the analysis using simulated network traffic. This command is specifically used to view the statistics and results of IP Service Level Agreement (SLA) operations, which are used to measure network performance and reliability. By using this command, the router will provide information on the performance metrics collected during the analysis, such as round-trip time, packet loss, and jitter.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Dec 06, 2017Quiz Created by
Gaaabriel
Back to top