CCNA 4 V6.0 Final Exam Answers 100% Option C
.
- 1.
What is a primary difference between a company LAN and the WAN services that it uses?
- A.
The company must subscribe to an external WAN service provider.
- B.
The company has direct control over its WAN links but not over its LAN.
- C.
Each LAN has a specified demarcation point to clearly separate access layer and distribution layer equipment.
- D.
The LAN may use a number of different network access layer standards whereas the WAN will use only one standard.
Correct Answer
A. The company must subscribe to an external WAN service provider.Explanation
The primary difference between a company LAN and the WAN services it uses is that the company must subscribe to an external WAN service provider. This means that the company does not have direct control over its WAN links, unlike its LAN. The LAN may use different network access layer standards, but the WAN will typically use only one standard. Additionally, each LAN has a demarcation point to separate access layer and distribution layer equipment.Rate this question:
-
- 2.
Which circumstance would result in an enterprise deciding to implement a corporate WAN?
- A.
When its employees become distributed across many branch locations
- B.
When the network will span multiple buildings
- C.
When the number of employees exceeds the capacity of the LAN
- D.
When the enterprise decides to secure its corporate LAN
Correct Answer
A. When its employees become distributed across many branch locationsExplanation
When an enterprise's employees become distributed across many branch locations, it becomes necessary to implement a corporate WAN (Wide Area Network). A WAN allows for the connection and communication between these geographically dispersed locations, ensuring that employees can access the necessary resources and collaborate effectively. This is the most suitable circumstance for implementing a corporate WAN as it addresses the need for connectivity and integration across multiple branch locations.Rate this question:
-
- 3.
To which two layers of the OSI model do WAN technologies provide services? (Choose two.)
- A.
Network layer
- B.
Session layer
- C.
Physical layer
- D.
Transport layer
- E.
Data link layer
- F.
Presentation layer
Correct Answer(s)
C. pHysical layer
E. Data link layerExplanation
WAN technologies provide services at the physical layer and the data link layer of the OSI model. The physical layer is responsible for the transmission and reception of raw bit streams over a physical medium, while the data link layer is responsible for the reliable transfer of data between two nodes on a network. WAN technologies, such as DSL and T1 lines, operate at these layers to establish and maintain connections between geographically separated networks.Rate this question:
-
- 4.
Which two technologies are private WAN technologies? (Choose two.)
- A.
Cable
- B.
Frame Relay
- C.
DSL
- D.
ATM
- E.
Cellular
Correct Answer(s)
B. Frame Relay
D. ATMExplanation
Frame Relay and ATM are both private WAN technologies. Frame Relay is a packet-switching technology that allows multiple virtual circuits to be established over a single physical connection. It is commonly used for connecting LANs in different locations. ATM (Asynchronous Transfer Mode) is a cell-switching technology that uses fixed-size cells to transmit data. It is often used for high-speed networking and can support a wide range of traffic types, including voice, video, and data. Both technologies provide secure and reliable connections for transmitting data over wide area networks.Rate this question:
-
- 5.
Which WAN technology can switch any type of payload based on labels?
- A.
PSTN
- B.
DSL
- C.
MPLS
- D.
T1/E1
Correct Answer
C. MPLSExplanation
MPLS (Multiprotocol Label Switching) is a WAN technology that can switch any type of payload based on labels. MPLS uses labels to direct and prioritize network traffic, allowing for efficient and flexible routing of data packets across a network. It is commonly used by service providers to deliver quality of service (QoS) and traffic engineering capabilities to their customers. Unlike other options listed, such as PSTN (Public Switched Telephone Network), DSL (Digital Subscriber Line), and T1/E1 (digital transmission technologies), MPLS is specifically designed for label-based switching and routing.Rate this question:
-
- 6.
What technology can be used to create a private WAN via satellite communications?
- A.
VPN
- B.
3G/4G cellular
- C.
Dialup
- D.
VSAT
- E.
WiMAX
Correct Answer
D. VSATExplanation
VSAT stands for Very Small Aperture Terminal and is a technology that can be used to create a private WAN (Wide Area Network) via satellite communications. VSAT technology uses satellite dishes and modems to establish a communication link between remote locations and a central hub. This allows for the transmission of data, voice, and video over long distances, making it an ideal solution for creating a private WAN network. VPN, 3G/4G cellular, dialup, and WiMAX are not specifically designed for satellite communications and may not provide the same level of reliability and coverage as VSAT.Rate this question:
-
- 7.
Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?
- A.
ISDN
- B.
DSL
- C.
Dialup
- D.
Cable
Correct Answer
B. DSLExplanation
DSL, or Digital Subscriber Line, is a public WAN access technology that utilizes copper telephone lines to provide access to subscribers. It allows for high-speed internet access by transmitting digital data over the existing telephone lines. In this particular scenario, the subscribers are multiplexed into a single T3 link connection, which is a high-speed connection capable of transmitting data at a rate of 44.736 Mbps. DSL is a more advanced and efficient technology compared to dial-up or ISDN, making it the correct answer in this case.Rate this question:
-
- 8.
A corporation is searching for an easy and low cost solution to provide teleworkers with a secure connection to headquarters. Which solution should be selected?
- A.
Dial-up connection
- B.
Leased line connection
- C.
Site-to-site VPN over the Internet
- D.
Remote access VPN over the Internet
Correct Answer
D. Remote access VPN over the InternetExplanation
A remote access VPN over the Internet would be the best solution for the corporation to provide teleworkers with a secure connection to headquarters. This solution allows teleworkers to securely connect to the corporate network from any location using the Internet. It is easy to set up and cost-effective as it eliminates the need for dedicated leased lines or dial-up connections. Additionally, it provides a secure tunnel for data transmission, ensuring the confidentiality and integrity of the information being transmitted.Rate this question:
-
- 9.
How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?
- A.
2
- B.
12
- C.
24
- D.
28
Correct Answer
C. 24Explanation
A DS1 line has a data rate of 1.544 Mb/s. Each DS0 channel has a data rate of 64 kb/s. To determine the number of DS0 channels required to produce a DS1 line, we divide the DS1 data rate by the DS0 data rate: 1.544 Mb/s / 64 kb/s = 24. Therefore, 24 DS0 channels are required to produce a 1.544 Mb/s DS1 line.Rate this question:
-
- 10.
Refer to the exhibit. Communication between two peers has failed. Based on the output that is shown, what is the most likely cause?
- A.
Interface reset
- B.
Unplugged cable
- C.
Improper cable type
- D.
PPP issue
Correct Answer
D. PPP issueExplanation
Based on the given exhibit, the output suggests that there is a problem with the PPP (Point-to-Point Protocol) connection between the two peers. This could be due to misconfiguration or authentication issues in the PPP setup, which has caused the communication failure. The other options such as interface reset, unplugged cable, and improper cable type do not seem to be the cause of the issue based on the given information.Rate this question:
-
- 11.
Refer to the exhibit. Which type of Layer 2 encapsulation used for connection D requires Cisco routers?
- A.
Ethernet
- B.
PPPoE
- C.
HDLC
- D.
PPP
Correct Answer
C. HDLCExplanation
The correct answer is HDLC because HDLC (High-Level Data Link Control) is a Layer 2 encapsulation protocol used by Cisco routers. HDLC is a synchronous data link layer protocol that provides a reliable and efficient way to transmit data over serial links. It is commonly used for point-to-point connections and is the default encapsulation type for Cisco routers.Rate this question:
-
- 12.
Which three statements are true about PPP? (Choose three.)
- A.
PPP can use synchronous and asynchronous circuits.
- B.
PPP can only be used between two Cisco devices.
- C.
PPP carries packets from several network layer protocols in LCPs.
- D.
PPP uses LCPs to establish, configure, and test the data-link connection.
- E.
PPP uses LCPs to agree on format options such as authentication, compression, and error detection.
Correct Answer(s)
A. PPP can use synchronous and asynchronous circuits.
D. PPP uses LCPs to establish, configure, and test the data-link connection.
E. PPP uses LCPs to agree on format options such as authentication, compression, and error detection.Explanation
PPP can use synchronous and asynchronous circuits, allowing it to be used in a variety of network environments. PPP uses Link Control Protocols (LCPs) to establish, configure, and test the data-link connection, ensuring a reliable connection between devices. Additionally, PPP uses LCPs to agree on format options such as authentication, compression, and error detection, allowing for customization and optimization of the connection. These features make PPP a flexible and robust protocol for establishing and maintaining data-link connections.Rate this question:
-
- 13.
A network administrator is configuring a PPP link with the commands: R1(config-if)# encapsulation ppp R1(config-if)# ppp quality 70 What is the effect of these commands?
- A.
The PPP link will be closed down if the link quality drops below 70 percent.
- B.
The NCP will send a message to the sending device if the link usage reaches 70 percent.
- C.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.
- D.
The PPP link will not be established if more than 30 percent of options cannot be accepted.
Correct Answer
A. The PPP link will be closed down if the link quality drops below 70 percent.Explanation
The commands "encapsulation ppp" and "ppp quality 70" configure a PPP link with a quality threshold of 70 percent. If the link quality drops below this threshold, the PPP link will be closed down.Rate this question:
-
- 14.
A network administrator is evaluating authentication protocols for a PPP link. Which three factors might lead to the selection of CHAP over PAP as the authentication protocol? (Choose three.)
- A.
Establishes identities with a two-way handshake
- B.
Uses a three-way authentication periodically during the session to reconfirm identities
- C.
Control by the remote host of the frequency and timing of login events
- D.
Transmits login information in encrypted format
- E.
Uses an unpredictable variable challenge value to prevent playback attacks
- F.
Makes authorized network administrator intervention a requirement to establish each session
Correct Answer(s)
B. Uses a three-way authentication periodically during the session to reconfirm identities
D. Transmits login information in encrypted format
E. Uses an unpredictable variable challenge value to prevent playback attacksExplanation
CHAP (Challenge Handshake Authentication Protocol) is preferred over PAP (Password Authentication Protocol) for authentication in a PPP link due to the following reasons:
1. CHAP establishes identities with a two-way handshake, which ensures that both the client and server authenticate each other before establishing a connection.
2. CHAP uses a three-way authentication periodically during the session to reconfirm identities. This adds an extra layer of security by continuously verifying the identities of both the client and server throughout the session.
3. CHAP transmits login information in encrypted format, making it more secure compared to PAP, which sends login credentials in plain text.
4. CHAP uses an unpredictable variable challenge value to prevent playback attacks. This means that even if an attacker intercepts the challenge-response packets, they cannot replay them to gain unauthorized access.
5. CHAP does not require authorized network administrator intervention to establish each session, making it more convenient for regular use.Rate this question:
-
- 15.
Which cellular or mobile wireless standard is considered a fourth generation technology?
- A.
LTE
- B.
GSM
- C.
CDMA
- D.
UMTS
Correct Answer
A. LTEExplanation
LTE, which stands for Long-Term Evolution, is considered a fourth-generation (4G) cellular or mobile wireless standard. It is a high-speed wireless communication technology that provides faster data transfer rates and improved network capacity compared to previous generations. LTE is widely used for mobile communication and internet access, offering enhanced performance and efficiency for various applications.Rate this question:
-
- 16.
A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?
- A.
Satellite
- B.
DSL
- C.
WiMax
- D.
Cable
Correct Answer
D. CableExplanation
Cable would be the appropriate broadband solution for the company because it typically offers faster download speeds compared to satellite, DSL, and WiMax. Additionally, cable is often more affordable than satellite and WiMax. While DSL may also provide sufficient download speed, it may not be as cost-effective as cable.Rate this question:
-
- 17.
Which technology can ISPs use to periodically challenge broadband customers over DSL networks with PPPoE?
- A.
PAP
- B.
CHAP
- C.
HDLC
- D.
Frame Relay
Correct Answer
B. CHAPExplanation
ISPs can use CHAP (Challenge-Handshake Authentication Protocol) to periodically challenge broadband customers over DSL networks with PPPoE (Point-to-Point Protocol over Ethernet). CHAP is a secure authentication protocol that verifies the identity of the customer by exchanging a series of challenge and response packets. It helps in preventing unauthorized access to the network and ensures the security of the connection.Rate this question:
-
- 18.
What are the three core components of the Cisco ACI architecture? (Choose three.)
- A.
Application Network Profile
- B.
Application Policy Infrastructure Controller
- C.
Cisco Nexus Switches
- D.
Microsoft hypervisor
- E.
Cisco Information Server
- F.
Virtual Security Gateway
Correct Answer(s)
A. Application Network Profile
B. Application Policy Infrastructure Controller
C. Cisco Nexus SwitchesExplanation
The three core components of the Cisco ACI architecture are the Application Network Profile, the Application Policy Infrastructure Controller, and the Cisco Nexus Switches. The Application Network Profile is responsible for defining the requirements and characteristics of an application's network connectivity. The Application Policy Infrastructure Controller is the centralized management and policy control point for the ACI fabric. Cisco Nexus Switches provide the physical network infrastructure for the ACI fabric, enabling communication between endpoints and enforcing policies defined by the Application Policy Infrastructure Controller.Rate this question:
-
- 19.
Which statement describes a feature of site-to-site VPNs?
- A.
The VPN connection is not statically defined.
- B.
VPN client software is installed on each host.
- C.
Internal hosts send normal, unencapsulated packets.
- D.
Individual hosts can enable and disable the VPN connection.
Correct Answer
C. Internal hosts send normal, unencapsulated packets.Explanation
Site-to-site VPNs allow multiple networks to securely communicate with each other over the internet. In this type of VPN, the internal hosts from each network send normal, unencapsulated packets. This means that the packets are not modified or encapsulated in any way before being transmitted over the VPN connection. This allows for efficient and seamless communication between the networks, as the packets can be processed by the receiving network without any additional overhead or modifications.Rate this question:
-
- 20.
What are three features of a GRE tunnel? (Choose three.)
- A.
Creates nonsecure tunnels between remote sites*
- B.
Transports multiple Layer 3 protocols
- C.
Creates additional packet overhead
- D.
Uses RSA signatures to authenticate peeers
- E.
Provides encryption to keep VPN traffic confidential
- F.
Supports hosts as GRE tunnel endpoints by installing Cisco VPN client software
Correct Answer(s)
A. Creates nonsecure tunnels between remote sites*
B. Transports multiple Layer 3 protocols
C. Creates additional packet overheadExplanation
The three features of a GRE tunnel are:
1. It creates nonsecure tunnels between remote sites, allowing for the transmission of data between these sites.
2. It transports multiple Layer 3 protocols, enabling communication between different network protocols.
3. It creates additional packet overhead, which refers to the additional information added to the packets for encapsulation and routing purposes.Rate this question:
-
- 21.
Refer to the exhibit. What two commands are needed to complete the GRE tunnel configuration on router R1? (Choose two.)
- A.
R1(config-if)# tunnel source 209.165.202.129
- B.
R1(config-if)# tunnel source 172.16.2.1
- C.
R1(config-if)# tunnel destination 206.165.202.130
- D.
R1(config-if)# tunnel destination 172.16.2.2
- E.
R1(config-if)# tunnel source 209.165.202.130
- F.
R1(config-if)# tunnel destination 206.165.202.129
Correct Answer(s)
A. R1(config-if)# tunnel source 209.165.202.129
C. R1(config-if)# tunnel destination 206.165.202.130Explanation
The two commands needed to complete the GRE tunnel configuration on router R1 are "R1(config-if)# tunnel source 209.165.202.129" and "R1(config-if)# tunnel destination 206.165.202.130". These commands specify the source and destination IP addresses for the GRE tunnel.Rate this question:
-
- 22.
What does BGP use to exchange routing updates with neighbors?
- A.
TCP connections
- B.
Area numbers
- C.
Group identification numbers
- D.
Hellos
Correct Answer
A. TCP connectionsExplanation
BGP (Border Gateway Protocol) uses TCP (Transmission Control Protocol) connections to exchange routing updates with neighbors. TCP ensures reliable and ordered delivery of packets between the BGP routers, allowing them to establish a connection and exchange routing information. This ensures that the routing updates are transmitted accurately and efficiently between the BGP routers, enabling them to make informed routing decisions.Rate this question:
-
- 23.
Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
- A.
Access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any
- B.
Access-list 105 permit tcp host 10.0.54.5 any eq www access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
- C.
Access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any
- D.
R2(config)# interface gi0/0 R2(config-if)# ip access-group 105 in
- E.
R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out
- F.
R1(config)# interface s0/0/0 R1(config-if)# ip access-group 105 out
Correct Answer(s)
C. Access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any
E. R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 outExplanation
The correct ACL to filter the traffic is access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20, access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21, access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www, access-list 105 deny ip any host 10.0.54.5, and access-list 105 permit ip any any. These ACL entries allow FTP traffic from the IP address 10.0.70.23 to the FTP server at 10.0.54.5 on ports 20 and 21, and allow web traffic from any internal IP address to the FTP server on port 80. The ACL is applied outbound on interface gi0/0 of router R1.Rate this question:
-
- 24.
Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
- A.
Manually add the new deny statement with a sequence number of 5.
- B.
Manually add the new deny statement with a sequence number of 15.
- C.
Create a second access list denying the host and apply it to the same interface.
- D.
Add a deny any any statement to access-list 1.
Correct Answer
A. Manually add the new deny statement with a sequence number of 5.Explanation
To block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network, the administrator can manually add the new deny statement with a sequence number of 5. This will ensure that the deny statement is placed before any permit statements in the ACL, allowing it to take effect and block packets from the specified host.Rate this question:
-
- 25.
Refer to the exhibit. What can be determined from this output?
- A.
The ACL is missing the deny ip any any ACE.
- B.
Because there are no matches for line 10, the ACL is not working.
- C.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
- D.
The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.
Correct Answer
D. The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.Explanation
The output of the exhibit shows that there are no matches for line 10 in the ACL. This means that the router has not received any Telnet packets from the specific source IP address (10.35.80.22) that are destined for the specific destination IP address (10.23.77.101). Therefore, the correct answer is that the router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.Rate this question:
-
- 26.
What is the only type of ACL available for IPv6?
- A.
Named standard
- B.
Named extended
- C.
Numbered standard
- D.
Numbered extended
Correct Answer
B. Named extendedExplanation
The only type of ACL available for IPv6 is the named extended ACL. This type of ACL allows for more specific and granular control over network traffic by allowing the user to define a named access control list with specific permit or deny statements. It provides greater flexibility in terms of filtering IPv6 traffic based on various criteria such as source and destination IP addresses, protocols, and port numbers. Named extended ACLs are commonly used in IPv6 networks to enforce security policies and restrict access to specific resources.Rate this question:
-
- 27.
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
- A.
Permit tcp any host 2001:DB8:10:10::100 eq 25
- B.
Permit tcp host 2001:DB8:10:10::100 any eq 25
- C.
Permit tcp any host 2001:DB8:10:10::100 eq 23
- D.
Permit tcp host 2001:DB8:10:10::100 any eq 23
Correct Answer
A. Permit tcp any host 2001:DB8:10:10::100 eq 25Explanation
The correct answer is "permit tcp any host 2001:DB8:10:10::100 eq 25". This command entry allows TCP traffic from any host to an SMTP server on network 2001:DB8:10:10::/64. The "any" keyword allows any source IP address, and the "host 2001:DB8:10:10::100" specifies the destination IP address. The "eq 25" indicates that the traffic is for the SMTP service on port 25.Rate this question:
-
- 28.
Refer to the exhibit. Considering how packets are processed on a router that is configured with ACLs, what is the correct order of the statements?
- A.
C-B-A-D
- B.
A-B-C-D
- C.
C-B-D-A
- D.
B-A-D-C
- E.
D-A-C-B
Correct Answer
C. C-B-D-AExplanation
The correct order of the statements for how packets are processed on a router configured with ACLs is C-B-D-A. This means that first, the router checks the packet against the access control lists (ACLs) configured on it (C). Then, it performs the necessary routing functions, such as checking the routing table and making forwarding decisions (B). After that, the router applies any NAT (Network Address Translation) or PAT (Port Address Translation) if necessary (D). Finally, the router forwards the packet to the appropriate outgoing interface (A).Rate this question:
-
- 29.
Which two hypervisors are suitable to support virtual machines in a data center? (Choose two.)
- A.
Virtual PC
- B.
VMware Fusion
- C.
VMware ESX/ESXi
- D.
Oracle VM VirtualBox
- E.
Microsoft Hyper-V 2012
Correct Answer(s)
C. VMware ESX/ESXi
E. Microsoft Hyper-V 2012Explanation
VMware ESX/ESXi and Microsoft Hyper-V 2012 are suitable hypervisors to support virtual machines in a data center. VMware ESX/ESXi is a widely used enterprise-level hypervisor that provides robust virtualization capabilities and management features. Microsoft Hyper-V 2012 is also a popular hypervisor that offers virtualization services and is specifically designed for Windows-based environments. Both hypervisors have proven track records in data center environments and are capable of efficiently running virtual machines.Rate this question:
-
- 30.
How can DHCP spoofing attacks be mitigated?
- A.
By disabling DTP negotiations on nontrunking ports
- B.
By implementing DHCP snooping on trusted ports
- C.
By implementing port security
- D.
By the application of the ip verify source command to untrusted ports​
Correct Answer
B. By implementing DHCP snooping on trusted portsExplanation
DHCP spoofing attacks can be mitigated by implementing DHCP snooping on trusted ports. DHCP snooping is a security feature that prevents unauthorized DHCP servers from providing IP addresses to clients on a network. It works by inspecting DHCP messages and maintaining a binding table of valid IP-MAC address pairs. By enabling DHCP snooping on trusted ports, the network can ensure that only authorized DHCP servers are able to provide IP addresses to clients, thereby preventing spoofing attacks.Rate this question:
-
- 31.
What is a secure configuration option for remote access to a network device?
- A.
Configure SSH.
- B.
Configure Telnet.
- C.
Configure 802.1x.
- D.
Configure an ACL and apply it to the VTY lines.
Correct Answer
A. Configure SSH.Explanation
Configuring SSH (Secure Shell) is a secure configuration option for remote access to a network device. SSH provides encrypted communication between the client and the server, ensuring the confidentiality and integrity of data transmitted over the network. It also provides authentication mechanisms to verify the identity of the remote user. In contrast, Telnet is an insecure protocol that transmits data in clear text, making it vulnerable to eavesdropping and unauthorized access. Configuring 802.1x is a method for controlling network access, but it is not specifically related to remote access configuration. Configuring an ACL (Access Control List) and applying it to the VTY (Virtual Terminal) lines can provide additional security measures by restricting access to the device, but it does not provide the same level of encryption and authentication as SSH.Rate this question:
-
- 32.
What action can a network administrator take to help mitigate the threat of VLAN attacks?
- A.
Disable VTP.
- B.
Configure all switch ports to be members of VLAN 1.
- C.
Disable automatic trunking negotiation.
- D.
Enable PortFast on all switch ports.
Correct Answer
C. Disable automatic trunking negotiation.Explanation
Disabling automatic trunking negotiation can help mitigate the threat of VLAN attacks. Trunking allows multiple VLANs to be carried over a single link, but it can also be exploited by attackers to gain unauthorized access to VLANs. By disabling automatic trunking negotiation, the network administrator can manually configure trunk links, ensuring that only authorized VLANs are allowed on the trunk and preventing attackers from accessing sensitive VLANs.Rate this question:
-
- 33.
What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
- A.
VTP
- B.
LLDP
- C.
HSRP
- D.
RADIUS
- E.
TACACS+
Correct Answer(s)
D. RADIUS
E. TACACS+Explanation
RADIUS and TACACS+ are the two protocols supported on Cisco devices for AAA (Authentication, Authorization, and Accounting) communications. RADIUS (Remote Authentication Dial-In User Service) is a widely used protocol that provides centralized authentication, authorization, and accounting for remote access users. TACACS+ (Terminal Access Controller Access-Control System Plus) is another protocol that provides similar functionality but with additional features such as separate authentication and authorization processes. These protocols are used to secure and manage access to network devices and resources.Rate this question:
-
- 34.
Which SNMP message type informs the network management system (NMS) immediately of certain specified events?
- A.
GET request
- B.
SET request
- C.
GET response
- D.
Trap
Correct Answer
D. TrapExplanation
A Trap SNMP message type is used to inform the network management system (NMS) immediately of certain specified events. It allows devices to notify the NMS about any abnormal or critical events that occur in the network, such as system failures, network congestion, or security breaches. The NMS can then take appropriate actions to address these events and ensure the smooth operation of the network.Rate this question:
-
- 35.
Refer to the exhibit. A SNMP manager is using the community string of snmpenable and is configured with the IP address 172.16.10.1. The SNMP manager is unable to read configuration variables on the R1 SNMP agent. What could be the problem?
- A.
The SNMP agent is not configured for read-only access.
- B.
The community of snmpenable2 is incorrectly configured on the SNMP agent.
- C.
The ACL is not permitting access by the SNMP manager.
- D.
The incorrect community string is configured on the SNMP manager.
Correct Answer
C. The ACL is not permitting access by the SNMP manager.Explanation
The problem could be that the ACL is not permitting access by the SNMP manager. This means that the SNMP manager's IP address (172.16.10.1) is not allowed to access the SNMP agent. As a result, the SNMP manager is unable to read configuration variables on the R1 SNMP agent.Rate this question:
-
- 36.
Refer to the exhibit. Which SNMP authentication password must be used by the member of the ADMIN group that is configured on router R1?
- A.
Cisco54321
- B.
Cisco98765
- C.
Cisco123456
- D.
Cisco654321
Correct Answer
C. Cisco123456Explanation
The SNMP authentication password that must be used by the member of the ADMIN group configured on router R1 is "cisco123456". This can be determined by referring to the exhibit, which does not provide any additional information or context.Rate this question:
-
- 37.
A network administrator has noticed an unusual amount of traffic being received on a switch port that is connected to a college classroom computer. Which tool would the administrator use to make the suspicious traffic available for analysis at the college data center?
- A.
RSPAN
- B.
TACACS+
- C.
802.1X
- D.
DHCP snooping
- E.
SNMP
Correct Answer
A. RSPANExplanation
RSPAN stands for Remote Switched Port Analyzer. It is a feature that allows the network administrator to monitor traffic on a switch port remotely. In this scenario, the network administrator wants to analyze the unusual traffic being received on a switch port connected to a college classroom computer. By using RSPAN, the administrator can mirror the suspicious traffic to a designated port on the switch, which can then be sent to the college data center for analysis.Rate this question:
-
- 38.
What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?
- A.
802.1X
- B.
SNMP
- C.
SPAN
- D.
Syslog
Correct Answer
C. SPANExplanation
SPAN stands for Switched Port Analyzer. It is a network monitoring tool that copies traffic from one switch port and sends it to another switch port for analysis. This allows network administrators to monitor and analyze network traffic without interrupting the normal flow of data. SPAN is commonly used for troubleshooting, performance monitoring, and security analysis.Rate this question:
-
- 39.
Voice packets are being received in a continuous stream by an IP phone, but because of network congestion the delay between each packet varies and is causing broken conversations. What term describes the cause of this condition?
- A.
Buffering
- B.
Latency
- C.
Queuing
- D.
Jitter
Correct Answer
D. JitterExplanation
Jitter is the term that describes the condition where voice packets are received in a continuous stream but with varying delays due to network congestion. This variation in delay causes broken conversations, as the packets are not arriving in a consistent and timely manner.Rate this question:
-
- 40.
What mechanism compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream?
- A.
Digital signal processor
- B.
Playout delay buffer
- C.
Voice codec
- D.
WFQ
Correct Answer
B. Playout delay bufferExplanation
A playout delay buffer compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream. This buffer helps to smooth out any variations in the arrival time of packets, ensuring a consistent and uninterrupted playback of the audio.Rate this question:
-
- 41.
Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?
- A.
CBWFQ
- B.
FIFO
- C.
LLQ
- D.
FCFS
Correct Answer
C. LLQExplanation
LLQ stands for Low Latency Queueing, which is a QoS mechanism that allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent. This mechanism prioritizes certain types of traffic, like voice, over others to ensure that they are delivered with minimal delay.Rate this question:
-
- 42.
Which type of network traffic cannot be managed using congestion avoidance tools?
- A.
TCP
- B.
UDP
- C.
IP
- D.
ICMP
Correct Answer
B. UDPExplanation
Congestion avoidance tools are used to manage network traffic by controlling the flow of data to prevent congestion. UDP (User Datagram Protocol) is a connectionless protocol that does not have built-in congestion control mechanisms. Unlike TCP (Transmission Control Protocol), which uses congestion avoidance algorithms, UDP does not have the ability to detect or respond to network congestion. Therefore, UDP traffic cannot be effectively managed using congestion avoidance tools.Rate this question:
-
- 43.
Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?
- A.
Traffic shaping
- B.
Weighted random early detection
- C.
Classification and marking
- D.
Traffic policing
Correct Answer
A. Traffic shapingExplanation
The correct answer is traffic shaping. Traffic shaping is a congestion avoidance technique that controls the rate of outgoing traffic to match the allowed bandwidth. It smooths out traffic bursts and ensures that the network resources are utilized efficiently.Rate this question:
-
- 44.
What is the function of a QoS trust boundary?
- A.
A trust boundary identifies the location where traffic cannot be remarked.
- B.
A trust boundary identifies which devices trust the marking on packets that enter a network.
- C.
A trust boundary only allows traffic to enter if it has previously been marked.
- D.
A trust boundary only allows traffic from trusted endpoints to enter the network.
Correct Answer
B. A trust boundary identifies which devices trust the marking on packets that enter a network.Explanation
A QoS trust boundary is a mechanism that determines which devices within a network trust the marking on packets that enter the network. It helps to ensure that the quality of service (QoS) markings on packets are respected and maintained as they traverse the network. By identifying which devices trust the markings, the trust boundary helps to enforce QoS policies and prioritize traffic accordingly.Rate this question:
-
- 45.
Which type of QoS marking is applied to Ethernet frames?
- A.
CoS
- B.
ToS
- C.
DSCP
- D.
IP precedence
Correct Answer
A. CoSExplanation
CoS (Class of Service) is the type of QoS marking that is applied to Ethernet frames. CoS is used to prioritize different types of traffic and ensure that high-priority traffic is given preferential treatment in the network. It is commonly used in Ethernet networks to differentiate between different classes of traffic and ensure that critical data, such as voice or video, is given higher priority over less time-sensitive data.Rate this question:
-
- 46.
Which pillar of the Cisco IoT System allows data to be analyzed and managed at the location where it is generated?
- A.
Data analytics
- B.
Fog computing
- C.
Network connectivity
- D.
Application enhancement platform
Correct Answer
B. Fog computingExplanation
Fog computing is the pillar of the Cisco IoT System that allows data to be analyzed and managed at the location where it is generated. Fog computing refers to the practice of processing and analyzing data at the edge of the network, closer to where the data is generated, rather than sending it to a centralized cloud server. This allows for faster data processing, reduced latency, and improved security and privacy. Fog computing is especially useful in IoT applications where real-time analysis and decision-making are required.Rate this question:
-
- 47.
A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?
- A.
Conduct a performance test and compare with the baseline that was established previously.
- B.
Determine performance on the intranet by monitoring load times of company web pages from remote sites.
- C.
Interview departmental administrative assistants to determine if web pages are loading more quickly.
- D.
Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.
Correct Answer
A. Conduct a performance test and compare with the baseline that was established previously.Explanation
To determine how the change has affected performance and availability on the company intranet, the network administrator should conduct a performance test and compare it with the previously established baseline. This will provide a direct measurement of the intranet's performance before and after the change. By comparing the results, the administrator can identify any improvements or declines in performance and availability. This method is objective and provides quantitative data, making it the most reliable approach to assess the impact of the change.Rate this question:
-
- 48.
In which stage of the troubleshooting process would ownership be researched and documented?
- A.
Gather symptoms.
- B.
Implement corrective action.
- C.
Isolate the problem.
- D.
Update the user and document the problem.
Correct Answer
A. Gather symptoms.Explanation
In the stage of gathering symptoms during the troubleshooting process, ownership would be researched and documented. This is because during this stage, the technician is collecting information about the problem and trying to understand its scope and impact. Researching ownership involves identifying who is responsible for the issue and documenting it for further investigation and resolution.Rate this question:
-
- 49.
Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
- A.
A less-structured approach based on an educated guess
- B.
An approach comparing working and nonworking components to spot significant differences
- C.
A structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
- D.
An approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
Correct Answer
A. A less-structured approach based on an educated guessExplanation
A seasoned network administrator is likely to have more experience and knowledge in troubleshooting network issues. They may have encountered similar problems in the past and developed a good intuition for identifying the root cause of the problem. Therefore, a less-structured approach based on an educated guess would be more appropriate for them. They can rely on their expertise and make educated guesses to quickly identify and resolve the issue without following a strict troubleshooting process.Rate this question:
-
- 50.
A router has been configured to use simulated network traffic in order to monitor the network performance between the router and a distant network device. Which command would display the results of this analysis?
- A.
Show ip route
- B.
Show ip protocols
- C.
Show ip sla statistics
- D.
Show monitor
Correct Answer
C. Show ip sla statisticsExplanation
The command "show ip sla statistics" is used to display the results of the analysis of simulated network traffic on a router. This command provides information about the performance and statistics of the IP Service Level Agreement (SLA) operations, which includes the simulated network traffic monitoring. It allows network administrators to monitor and troubleshoot network performance between the router and a distant network device.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 14, 2019Quiz Created by
Catherine Halcomb
Back to top