CCNA 4 Final Exam The Best

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Man04
M
Man04
Community Contributor
Quizzes Created: 15 | Total Attempts: 6,144
Questions: 49 | Attempts: 504

SettingsSettingsSettings
CCNA Quizzes & Trivia

If you are looking for the best CCNA final exam practice quiz then you just got lucky. The quiz below has the questions from the current syllabus. Give it a shot and see if you might need more reading time. All the best of luck and remember practice does make perfect.


Questions and Answers
  • 1. 

    Refer to the exhibit. The SSH connections between the remote user and the server are failing. The correct configuration of NAT has been verified. What is the most likely cause of the problem?

    • A.

      SSH is unable to pass through NAT.

    • B.

      There are incorrect access control list entries.

    • C.

      The access list has the incorrect port number for SSH.

    • D.

      The ip helper command is required on S0/0/0 to allow inbound connections.

    Correct Answer
    B. There are incorrect access control list entries.
    Explanation
    The most likely cause of the problem is that there are incorrect access control list entries. Access control lists (ACLs) are used to control network traffic and can be configured to allow or deny specific types of traffic. If the ACLs are not properly configured to allow SSH traffic, it can result in the SSH connections between the remote user and the server failing.

    Rate this question:

  • 2. 

    Which IEEE 802.16 broadband wireless technology allows users to connect to the ISP at speeds comparable to DSL and cable?

    • A.

      Wi-Fi

    • B.

      Satellite

    • C.

      WiMAX

    • D.

      Metro Ethernet

    Correct Answer
    C. WiMAX
    Explanation
    WiMAX is the correct answer because it is an IEEE 802.16 broadband wireless technology that provides high-speed internet access comparable to DSL and cable. WiMAX networks can deliver fast and reliable internet connections over long distances, making it a suitable option for users to connect to their Internet Service Provider (ISP) at high speeds. Wi-Fi, satellite, and Metro Ethernet are not specifically designed for the same purpose as WiMAX and may not offer the same level of performance.

    Rate this question:

  • 3. 

    Which statement about a VPN is true?

    • A.

      VPN link establishment and maintenance is provided by LCP.

    • B.

      DLCI addresses are used to identify each end of the VPN tunnel.

    • C.

      VPNs use virtual Layer 3 connections that are routed through the Internet.

    • D.

      Only IP packets can be encapsulated by a VPN for tunneling through the Internet.

    Correct Answer
    C. VPNs use virtual Layer 3 connections that are routed through the Internet.
  • 4. 

    What is a characteristic feature of a worm?

    • A.

      Exploits a known vulnerability

    • B.

      Attaches to executable programs

    • C.

      Masquerades as a legitmate program

    • D.

      Lies dormant until triggered by an event, time, or date

    Correct Answer
    A. Exploits a known vulnerability
    Explanation
    A characteristic feature of a worm is that it exploits a known vulnerability. This means that a worm takes advantage of a weakness or flaw in a system or software to spread and infect other devices. By exploiting these vulnerabilities, worms can quickly and easily propagate themselves through networks, causing widespread damage and disruption. Unlike viruses, worms do not need to attach themselves to executable programs or masquerade as legitimate programs. Additionally, worms do not necessarily lie dormant until triggered by an event, time, or date.

    Rate this question:

  • 5. 

    What is the result when the command permit tcp 192.168.4.0 0.0.3.255 any eq telnet is entered in an access control list and applied on the inbound interface of a router?

    • A.

      All traffic that originates from 192.168.4.0/24 is permitted.

    • B.

      All TCP traffic is permitted, and all other traffic is denied.

    • C.

      All Telnet traffic from the 192.168.0.0/16 network is permitted.

    • D.

      All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.

    Correct Answer
    D. All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.
    Explanation
    The command "permit tcp 192.168.4.0 0.0.3.255 any eq telnet" in an access control list allows all traffic from the 192.168.4.0/22 network to pass through the router on TCP port 23 (Telnet). This means that any device within the 192.168.4.0/22 network will be able to establish Telnet connections with devices on the other side of the router. Traffic from any other network or on any other port will be denied.

    Rate this question:

  • 6. 

    What can a network administrator do to recover from a lost router password?

    • A.

      Use the copy tftp: flash: command

    • B.

      Boot the router to bootROM mode and enter the b command to load the IOS manually

    • C.

      Telnet from another router and issue the show running-config command to view the password

    • D.

      Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes

    Correct Answer
    D. Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes
    Explanation
    The correct answer is to boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes. This allows the network administrator to bypass the startup configuration, including the lost password, and gain access to the router. By ignoring the startup configuration, the router will boot up without loading any configuration files, allowing the administrator to reset the password and regain control of the device.

    Rate this question:

  • 7. 

    Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router?

    • A.

      The commands overwrite the existing Managers ACL.

    • B.

      The commands are added at the end of the existing Managers ACL.

    • C.

      The network administrator receives an error stating that the ACL already exists.

    • D.

      The commands will create a duplicate Managers ACL containing only the new commands being entered.

    Correct Answer
    A. The commands overwrite the existing Managers ACL.
    Explanation
    The given answer states that if the network administrator issues the commands shown when an ACL called Managers already exists on the router, the commands will overwrite the existing Managers ACL. This means that the new commands entered will replace the previous configuration of the Managers ACL, effectively erasing the previous rules and applying only the new commands.

    Rate this question:

  • 8. 

    Which two statements are true about IPv6? (Choose two.)

    • A.

      Security options are build into IPv6.

    • B.

      IPv6 addresses require less router overhead to process.

    • C.

      IPv6 can only be configured on an interface that does not have IPv4 on it.

    • D.

      There is no way to translate between IPv4 addresses and IPv6 addresses.

    • E.

      When enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces.

    Correct Answer(s)
    A. Security options are build into IPv6.
    E. When enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces.
    Explanation
    IPv6 includes built-in security options, such as IPsec, which provides authentication and encryption for network traffic. This enhances the security of IPv6 compared to IPv4. Additionally, when IPv6 is enabled on a router, it can automatically configure link-local IPv6 addresses on all interfaces. This allows devices to communicate on the local network without the need for manual configuration or the use of DHCP.

    Rate this question:

  • 9. 

    A system administrator must provide Internet connectivity for ten hosts in a small remote office. The ISP has assigned two public IP addresses to this remote office. How can the system administrator configure the router to provide Internet access to all ten users at the same time?

    • A.

      Configure DHCP and static NAT.

    • B.

      Configure dynamic NAT for ten users.

    • C.

      Configure static NAT for all ten users.

    • D.

      Configure dynamic NAT with overload.

    Correct Answer
    D. Configure dynamic NAT with overload.
    Explanation
    The system administrator should configure dynamic NAT with overload. Dynamic NAT allows multiple internal IP addresses to be translated to a smaller pool of public IP addresses. Overload, also known as Port Address Translation (PAT), allows multiple internal hosts to share a single public IP address by using different ports. This allows all ten users to access the Internet simultaneously using the two assigned public IP addresses. DHCP and static NAT would not be sufficient as they do not allow for multiple users to share the same public IP addresses. Static NAT for all ten users would require ten public IP addresses, which is not feasible in this scenario.

    Rate this question:

  • 10. 

    What will be the result of adding the command ip dhcp excluded-address 10.10.4.1 10.10.4.5 to the configuration of a local router that has been configured as a DHCP server?

    • A.

      Traffic that is destined for 10.10.4.1 and 10.10.4.5 will be dropped by the router.

    • B.

      Traffic will not be routed from clients with addresses between 10.10.4.1 and 10.10.4.5.

    • C.

      The DHCP server will not issue the addresses ranging from 10.10.4.1 to 10.10.4.5.

    • D.

      The router will ignore all traffic that comes from the DHCP servers with addresses 10.10.4.1 and 10.10.4.5.

    Correct Answer
    C. The DHCP server will not issue the addresses ranging from 10.10.4.1 to 10.10.4.5.
    Explanation
    By adding the command "ip dhcp excluded-address 10.10.4.1 10.10.4.5" to the configuration of the local router, the DHCP server will exclude the addresses ranging from 10.10.4.1 to 10.10.4.5 from being assigned to clients. This means that these addresses will not be available for lease by the DHCP server, ensuring that they are not assigned to any devices on the network.

    Rate this question:

  • 11. 

    Refer to the exhibit. Which statement correctly describes how Router1 processes an FTP request packet that enters interface S0/0/0, and is destined for an FTP server at IP address 172.16.1.5?

    • A.

      The router matches the incoming packet to the statement that is created by access-list 201 permit ip any any command and allows the packet into the router.

    • B.

      The router reaches the end of ACL 101 without matching a condition and drops the packet because there is no statement that was created by access-list 101 permit ip any any command.

    • C.

      The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the remaining statements in ACL 101, and allows the packet into the router.

    • D.

      The router matches the incoming packet to the statement that was created by the access-list 201 deny icmp 172.16.1.0 0.0.0.255 any command, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then the router drops the packet.

    Correct Answer
    C. The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the remaining statements in ACL 101, and allows the packet into the router.
    Explanation
    The correct answer states that the router matches the incoming packet to the statement created by access-list 101 permit ip any 172.16.1.0 0.0.0.255 command. This means that the router checks if the packet's source IP address matches the specified range (172.16.1.0 to 172.16.1.255) and if it does, it allows the packet into the router without further checking the remaining statements in ACL 101. This suggests that the FTP request packet, which is destined for an FTP server at IP address 172.16.1.5, will be allowed to pass through the router.

    Rate this question:

  • 12. 

    When a Frame Relay connection is being configured, under which condition should the command frame-relay map be used?

    • A.

      When the remote router is a non-Cisco router

    • B.

      When the local router is configured with subinterfaces

    • C.

      When globally significant rather than locally significant DLCIs are being used

    • D.

      When the local router and the remote router are using different LMI protocols

    Correct Answer
    C. When globally significant rather than locally significant DLCIs are being used
    Explanation
    The command "frame-relay map" should be used when globally significant rather than locally significant DLCIs are being used. This command is used to map a globally significant DLCI to a specific network layer address. By using this command, the local router can associate the DLCI with a specific network layer address, allowing it to correctly route the data packets over the Frame Relay network. This is necessary when globally significant DLCIs are being used because these DLCIs are unique across the entire Frame Relay network, whereas locally significant DLCIs are only unique within a specific router.

    Rate this question:

  • 13. 

    Refer to the exhibit. RIPv2 has been configured on all routers in the network. Routers R1 and R3 do not receive RIP routing updates. On the basis of the provided configuration, what should be enabled on router R2 to remedy the problem?

    • A.

      Proxy ARP

    • B.

      CDP updates

    • C.

      SNMP services

    • D.

      RIP authentication

    Correct Answer
    D. RIP authentication
    Explanation
    The problem stated in the question is that routers R1 and R3 do not receive RIP routing updates. To remedy this problem, RIP authentication should be enabled on router R2. By enabling RIP authentication, R2 will require authentication from other routers before accepting their RIP routing updates. This will ensure that only authorized routers can send RIP updates to R2, resolving the issue of R1 and R3 not receiving RIP updates.

    Rate this question:

  • 14. 

    What are two main components of data confidentiality? (Choose two.)

    • A.

      Checksum

    • B.

      Digital certificates

    • C.

      Encapsulation

    • D.

      Encryption

    • E.

      Harshing

    Correct Answer(s)
    C. Encapsulation
    D. Encryption
    Explanation
    Data confidentiality refers to the protection of sensitive information from unauthorized access. Encapsulation is a process of enclosing data within a container, such as a file or a packet, to prevent unauthorized access. Encryption is the process of converting data into a form that can only be accessed with a decryption key, ensuring that even if the data is intercepted, it remains unreadable. Both encapsulation and encryption play crucial roles in maintaining data confidentiality by safeguarding data from unauthorized access and ensuring its integrity.

    Rate this question:

  • 15. 

    Which method is most effective in protecting the routing information that is propagated between routers on the network?

    • A.

      Disable IP source routing.

    • B.

      Configure passive interfaces

    • C.

      Configure routing protocol authentication.

    • D.

      Secure administrative lines with Secure Shell.

    Correct Answer
    C. Configure routing protocol authentication.
    Explanation
    Configuring routing protocol authentication is the most effective method in protecting the routing information that is propagated between routers on the network. By implementing authentication, routers can verify the identity of neighboring routers before exchanging routing information, ensuring that only trusted routers can participate in the routing process. This prevents unauthorized routers from injecting false or malicious routing information into the network, enhancing the overall security and integrity of the routing infrastructure.

    Rate this question:

  • 16. 

    An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an error message when trying to enter the IPv4 routes into RIPng. What is the cause of the problem?

    • A.

      When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology.

    • B.

      Incorrect IPv4 addresses are entered on the router interfaces.

    • C.

      RIPng is incompatible with dual-stack technology.

    • D.

      IPv4 is incompatible with RIPng.

    Correct Answer
    D. IPv4 is incompatible with RIPng.
    Explanation
    The cause of the problem is that IPv4 is incompatible with RIPng. RIPng is a routing protocol designed specifically for IPv6 and cannot be used to configure IPv4 routes. Therefore, when the administrator tries to enter IPv4 routes into RIPng, they receive an error message. RIPng only supports IPv6 addresses and routes, so IPv4 addresses cannot be used with this protocol.

    Rate this question:

  • 17. 

    Refer to the exhibit. A network administrator is trying to configure a router to use SDM but it is not functioning correctly. What could be the problem?

    • A.

      The username and password are not configured correctly.

    • B.

      The authentication method is not configured correctly.

    • C.

      The HTTP timeout policy is not configured correctly.

    • D.

      The vtys are not configured correctly.

    Correct Answer
    D. The vtys are not configured correctly.
    Explanation
    The problem could be that the vtys are not configured correctly. VTYs (Virtual Terminal Lines) are used to allow remote access to the router using protocols such as Telnet or SSH. If the vtys are not configured correctly, it would prevent the network administrator from accessing the router remotely, which could be the reason why the SDM (Security Device Manager) is not functioning correctly.

    Rate this question:

  • 18. 

    Refer to the exhibit. The network administrator creates a standard access control list on Router1 to prohibit traffic from the 172.16.1.0/24 network from reaching the 172.16.2.0/24 network while still permitting Internet access for all networks. On which router interface and in which direction should it be applied?

    • A.

      Interface Fa0/0, inbound

    • B.

      Interface Fa0/0, outbound

    • C.

      Interface Fa0/1, inbound

    • D.

      Interface Fa0/1, outbound

    Correct Answer
    D. Interface Fa0/1, outbound
    Explanation
    The access control list should be applied on interface Fa0/1 in the outbound direction. This means that the ACL will be applied to traffic leaving the Fa0/1 interface, preventing traffic from the 172.16.1.0/24 network from reaching the 172.16.2.0/24 network. However, it will still allow Internet access for all networks.

    Rate this question:

  • 19. 

    A network administrator is instructing a technician on best practices for applying ACLs. Which suggestion should the administrator provide?

    • A.

      Named ACLs are less efficient than numbered ACLs.

    • B.

      Standard ACLs should be applied closest to the core layer.

    • C.

      ACLs applied to outbound interfaces are the most efficient.

    • D.

      Extended ACLs should be applied closest to the source that is specified by the ACL.

    Correct Answer
    D. Extended ACLs should be applied closest to the source that is specified by the ACL.
  • 20. 

    Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command?

    • A.

      Queuing strategy

    • B.

      Serial cable type

    • C.

      Interface IP address

    • D.

      Encapsulation method

    Correct Answer
    B. Serial cable type
    Explanation
    The show controllers command is used to display detailed information about the hardware components of a device. By using this command, one can determine the type of serial cable being used for a particular interface. This information is crucial for troubleshooting connectivity issues, as different serial cable types may require different configurations or troubleshooting steps.

    Rate this question:

  • 21. 

    What three statements describe the roles of devices in a WAN? (Choose three.)

    • A.

      A CSU/DSU terminates a digital local loop.

    • B.

      A modem terminates a digital local loop.

    • C.

      A CSU/DSU terminates an analog local loop.

    • D.

      A modem terminates an analog local loop.

    • E.

      A router is commonly considered a DTE device.

    Correct Answer(s)
    A. A CSU/DSU terminates a digital local loop.
    D. A modem terminates an analog local loop.
    E. A router is commonly considered a DTE device.
    Explanation
    A CSU/DSU terminates a digital local loop, meaning it connects the customer's network to the service provider's network over a digital line. A modem terminates an analog local loop, meaning it connects the customer's network to the service provider's network over an analog line. A router is commonly considered a DTE (Data Terminal Equipment) device, which means it is responsible for generating and receiving data signals in a network.

    Rate this question:

  • 22. 

    Refer to the exhibit. Router1 and Router2 each support separate areas of a data center, and are connected via a crossover cable. Resources attached to Router1 are unable to connect to resources attached to Router2. What is the likely cause?

    • A.

      The crossover cable is faulty.

    • B.

      The IP addressing is incorrect

    • C.

      There is a Layer 2 problem with the router connection.

    • D.

      The upper layers are experiencing an unspecified problem.

    • E.

      One or both of the Ethernet interfaces are not working correctly.

    Correct Answer
    C. There is a Layer 2 problem with the router connection.
    Explanation
    The likely cause of the issue is a Layer 2 problem with the router connection. This means that there is an issue with the data link layer of the OSI model, which handles the physical connection and data transfer between devices. It could be a problem with the crossover cable itself or with the Ethernet interfaces of the routers. This would result in a failure to establish a proper connection between Router1 and Router2, causing the inability to connect resources between them.

    Rate this question:

  • 23. 

    Refer to the exhibit. A network administrator has issued the commands that are shown on Router1 and Router2. A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem with the RIPng configuration?

    • A.

      The serial interfaces are in different subnets.

    • B.

      The RIPng process is not enabled on interfaces.

    • C.

      The RIPng processes do not match between Router1 and Router2.

    • D.

      The RIPng network command is missing from the IPv6 RIP configuration.

    Correct Answer
    B. The RIPng process is not enabled on interfaces.
    Explanation
    The most likely problem with the RIPng configuration is that the RIPng process is not enabled on interfaces. This means that the routers are not exchanging routing information for the LAN network because the RIPng process is not active on the interfaces connected to that network.

    Rate this question:

  • 24. 

    Which encapsulation protocol when deployed on a Cisco router over a serial interface is only compatible with another Cisco router?

    • A.

      PPP

    • B.

      SLIP

    • C.

      HDLC

    • D.

      Frame Relay

    Correct Answer
    C. HDLC
    Explanation
    HDLC (High-Level Data Link Control) is an encapsulation protocol that is only compatible with another Cisco router. HDLC is a proprietary protocol developed by Cisco and is commonly used for point-to-point connections between Cisco routers. It provides a reliable and efficient way to encapsulate data and control information for transmission over a serial interface. Unlike other protocols like PPP, SLIP, and Frame Relay, HDLC is specific to Cisco devices and cannot be used with non-Cisco routers.

    Rate this question:

  • 25. 

    At what physical location does the responsibilty for a WAN connection change from the user to the service provider?

    • A.

      Demilitarized zone (DMZ)

    • B.

      Demarcation point

    • C.

      Local loop

    • D.

      Cloud

    Correct Answer
    B. Demarcation point
    Explanation
    The demarcation point is the physical location where the responsibility for a WAN connection changes from the user to the service provider. It is the point where the user's network ends and the service provider's network begins. At this point, the service provider takes over the maintenance and management of the connection, ensuring its reliability and performance. The demarcation point is typically located at the customer premises and is marked by a demarcation device or demarcation point extension.

    Rate this question:

  • 26. 

    Which three guidelines would help contribute to creating a strong password policy? (Choose three.)

    • A.

      Once a good password is created, do not change it.

    • B.

      Deliberately misspell words when creating passwords.

    • C.

      Create passwords that are at least 8 characters in length.

    • D.

      Use combinations of upper case, lower case, and special characters.

    • E.

      Write passwords in locations that can be easily retrieved to avoid being locked out.

    Correct Answer(s)
    B. Deliberately misspell words when creating passwords.
    C. Create passwords that are at least 8 characters in length.
    D. Use combinations of upper case, lower case, and special characters.
    Explanation
    The three guidelines that would help contribute to creating a strong password policy are deliberately misspelling words when creating passwords, creating passwords that are at least 8 characters in length, and using combinations of upper case, lower case, and special characters. These guidelines ensure that passwords are not easily guessable and provide a higher level of security.

    Rate this question:

  • 27. 

    Which variable is permitted or denied by a standard access control list?

    • A.

      Protocol type

    • B.

      Source IP address

    • C.

      Source MAC address

    • D.

      Destination IP address

    • E.

      Destination MAC address

    Correct Answer
    B. Source IP address
    Explanation
    A standard access control list (ACL) permits or denies access based on the source IP address. This means that it can either allow or block traffic based on the IP address of the device or network that is trying to access a particular resource. The ACL evaluates the source IP address of incoming packets and makes a decision on whether to permit or deny them based on the configured rules. The other variables mentioned, such as protocol type, source MAC address, destination IP address, and destination MAC address, may be used in other types of ACLs but are not specifically mentioned as being permitted or denied by a standard ACL.

    Rate this question:

  • 28. 

    Refer to the exhibit. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router Router1 are shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two networks?

    • A.

      Apply the ACL in the inbound direction.

    • B.

      Apply the ACL on the FastEthernet 0/0 interface.

    • C.

      Reverse the order of the TCP protocol statements in the ACL.

    • D.

      Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet .

    Correct Answer
    C. Reverse the order of the TCP protocol statements in the ACL.
    Explanation
    The correct answer is to reverse the order of the TCP protocol statements in the ACL. By reversing the order, the ACL will first match the specific TCP traffic for telnet and permit it, and then match the any traffic and deny it. This will allow telnet traffic between the two networks while still restricting other traffic.

    Rate this question:

  • 29. 

    When NAT is in use, what is used to determine the addresses that can be translated on a Cisco router?

    • A.

      Access control list

    • B.

      Routing protocol

    • C.

      Inbound interface

    • D.

      ARP cache

    Correct Answer
    D. ARP cache
    Explanation
    When NAT (Network Address Translation) is in use on a Cisco router, the addresses that can be translated are determined by the ARP cache. The ARP cache is a table that maps IP addresses to MAC addresses on a local network. It is used to resolve IP addresses to their corresponding MAC addresses, allowing devices to communicate with each other. In the context of NAT, the router looks at the ARP cache to determine which IP addresses can be translated, typically mapping them to a single public IP address.

    Rate this question:

  • 30. 

    Which two statements are true about creating and applying access lists? (Choose two.)

    • A.

      There is an implicit deny at the end of all access lists.

    • B.

      One access list per port, per protocol, per direction is permitted.

    • C.

      Access list entries should filter in the order from general to specific.

    • D.

      The term "inbound" refers to traffic that enters the network from the router interface where the ACL is applied.

    • E.

      Standard ACLs should be applied closest to the source while extended ACLs should be applied closest to the destination.

    Correct Answer(s)
    A. There is an implicit deny at the end of all access lists.
    D. The term "inbound" refers to traffic that enters the network from the router interface where the ACL is applied.
    Explanation
    Access lists are used to filter network traffic based on certain criteria. The statement "There is an implicit deny at the end of all access lists" is true because if a packet does not match any of the conditions specified in the access list, it will be denied by default. The statement "The term 'inbound' refers to traffic that enters the network from the router interface where the ACL is applied" is also true because inbound traffic is traffic that is coming into the network from an external source through the router interface where the access list is implemented.

    Rate this question:

  • 31. 

    A technician has been asked to run Cisco SDM one-step lockdown on the router of a customer. What will be the result of this process?

    • A.

      Traffic is only forwarded from SDM-trusted Cisco routers.

    • B.

      Security testing is performed and the results are saved as a text file stored in NVRAM.

    • C.

      The router is tested for potential security problems and any necessary changes are made.

    • D.

      All traffic entering the router is quarantined and checked for viruses before being forwarded.

    Correct Answer
    C. The router is tested for potential security problems and any necessary changes are made.
    Explanation
    Running Cisco SDM one-step lockdown on the router of a customer will result in the router being tested for potential security problems and any necessary changes being made. This process ensures that the router is secure and protected against potential threats. It helps in identifying any vulnerabilities and implementing the necessary security measures to mitigate them.

    Rate this question:

  • 32. 

    An issue of response time has recently arisen on an application server. The new release of a software package has also been installed on the server. The configuration of the network has changed recently. To identify the problem, individuals from both teams responsible for the recent changes begin to investigate the source of the problem. Which statement applies to this situation?

    • A.

      Scheduling will be easy if the network and software teams work independently.

    • B.

      It will be difficult to isolate the problem if two teams are implementing changes independently.

    • C.

      Results from changes will be easier to reconcile and document if each team works in isolation.

    • D.

      Only results from the software package should be tested as the network is designed to accommodate the proposed software platform.

    Correct Answer
    A. Scheduling will be easy if the network and software teams work independently.
    Explanation
    It will be difficult to isolate the problem if two teams are implementing changes independently. When there is an issue with response time on an application server, it is important for both the network and software teams to work together to investigate the source of the problem. If they work independently, it will be difficult to identify and isolate the specific cause of the issue. By collaborating and coordinating their efforts, the teams can more effectively troubleshoot and address the problem.

    Rate this question:

  • 33. 

    Refer to the exhibit. What is placed in the address field in the header of a frame that will travel from the DC router to the Orlando router?

    • A.

      DLCI 123

    • B.

      DLCI 321

    • C.

      10.10.10.25

    • D.

      10.10.10.26

    • E.

      MAC address of the Orlando router

    Correct Answer
    B. DLCI 321
    Explanation
    The address field in the header of a frame that will travel from the DC router to the Orlando router is DLCI 321. This is because DLCI (Data Link Connection Identifier) is used in Frame Relay networks to identify the virtual circuit between two routers. In this case, DLCI 321 is the identifier for the virtual circuit between the DC router and the Orlando router.

    Rate this question:

  • 34. 

    Refer to the exhibit. What can be concluded from the exhibited output of the debug ip nat command?

    • A.

      The 10.1.1.225 host is exchanging packets with the 192.168.0.10 host.

    • B.

      The native 10.1.200.254 address is being translated to 192.168.0.10.

    • C.

      The 192.168.0.0/24 network is the inside network.

    • D.

      Port address translation is in effect.

    Correct Answer
    C. The 192.168.0.0/24 network is the inside network.
    Explanation
    The correct answer is that the 192.168.0.0/24 network is the inside network. This can be concluded from the exhibited output of the debug ip nat command.

    Rate this question:

  • 35. 

    Which statement is true about wildcard masks?

    • A.

      Inverting the subnet mask will always create the wildcard mask.

    • B.

      A wildcard mask identifies a network or subnet bit by using a "1".

    • C.

      The same function is performed by both a wildcard mask and a subnet mask.

    • D.

      When a "0" is encountered in a wildcard mask, the IP address bit must be checked.

    Correct Answer
    D. When a "0" is encountered in a wildcard mask, the IP address bit must be checked.
    Explanation
    A wildcard mask is used in network routing to determine which bits of an IP address should be checked for a match. When a "0" is encountered in a wildcard mask, it means that the corresponding bit in the IP address must be checked. This is because a "0" in the wildcard mask indicates that the bit in the IP address must match exactly, while a "1" indicates that the bit can be either 0 or 1. Therefore, when a "0" is encountered in the wildcard mask, the IP address bit must be checked to determine if it matches the desired criteria.

    Rate this question:

  • 36. 

    An administrator is unable to receive e-mail. While troubleshooting the problem, the administrator is able to ping the local mail server IP address successfully from a remote network and can successfully resolve the mail server name to an IP address via the use of the nslookup command. At what layer of the OSI model is the problem most likely to be found?

    • A.

      Application

    • B.

      Transport

    • C.

      Network

    • D.

      Data link

    Correct Answer
    A. Application
    Explanation
    Based on the given information, the problem is most likely to be found at the application layer of the OSI model. The administrator is able to ping the local mail server IP address successfully, which indicates that the network and data link layers are functioning properly. Additionally, the administrator is able to resolve the mail server name to an IP address using the nslookup command, suggesting that the network layer is also working correctly. Since the issue is specifically related to receiving emails, it is likely that there is a problem with the application layer responsible for handling email communication.

    Rate this question:

  • 37. 

    Which security solution has the responsibility of monitoring suspicious processes that are running on a host and that might indicate infection of Trojan horse applications?

    • A.

      Antivirus application

    • B.

      Operating system patches

    • C.

      Intrusion prevention system

    • D.

      Cisco Adaptive Security Appliance

    Correct Answer
    C. Intrusion prevention system
    Explanation
    An intrusion prevention system (IPS) is responsible for monitoring suspicious processes on a host and identifying potential infections caused by Trojan horse applications. It works by analyzing network traffic and comparing it against a database of known attack signatures or abnormal behavior patterns. If any suspicious activity is detected, the IPS can take immediate action to block or prevent the attack, ensuring the security of the host and network.

    Rate this question:

  • 38. 

    A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?

    • A.

      Conduct a performance test and compare with the baseline that was established previously.

    • B.

      Determine performance on the intranet by monitoring load times of company web pages from remote sites.

    • C.

      Interview departmental administrative assistants and determine if they think load time for web pages has improved.

    • D.

      Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.

    Correct Answer
    A. Conduct a performance test and compare with the baseline that was established previously.
    Explanation
    The best way for the network administrator to determine how the change has affected performance and availability on the company intranet is to conduct a performance test and compare it with the baseline that was established previously. By conducting a performance test, the administrator can measure factors such as response time, throughput, and latency to assess the impact of the change. Comparing these test results with the previously established baseline will provide a clear indication of any improvements or degradation in performance and availability.

    Rate this question:

  • 39. 

    Refer to the exhibit. Branch A has a Cisco router and Branch B has a non-Cisco router that is using IETF encapsulation . After the commands that are shown are entered, R2 and R3 fail to establish the PVC. The R2 LMI is Cisco, and the R3 LMI is ANSI. The LMI is successfully established at both locations. Why is the PVC failing?

    • A.

      The PVC to R3 must be point-to-point.

    • B.

      LMI types cannot be different on each end of a PVC.

    • C.

      A single port can only support one encapsulation type.

    • D.

      The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.

    Correct Answer
    D. The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.
    Explanation
    The PVC is failing because the IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command. This parameter is necessary for the non-Cisco router at Branch B to understand the encapsulation type being used. Without it, the non-Cisco router is unable to establish the PVC with R2 and R3.

    Rate this question:

  • 40. 

    Refer to the exhibit. A system administrator must provide connectivity to a foreign network for ten hosts in a small remote office. The commands that are listed in the exhibit were entered into the router that connects the foreign network. The users in the remote office report occasional failure to connect to resources in the foreign network. What is the likely problem?

    • A.

      The source addresses are not correctly designated.

    • B.

      The translated address pool is not correctly sized.

    • C.

      The access-list command is referencing the wrong addresses.

    • D.

      The wrong interface is designated as the source for translations.

    Correct Answer
    B. The translated address pool is not correctly sized.
    Explanation
    The likely problem is that the translated address pool is not correctly sized. This means that there are not enough available addresses in the pool to accommodate all ten hosts in the remote office. As a result, some hosts may be unable to connect to resources in the foreign network when all the addresses in the pool are already in use.

    Rate this question:

  • 41. 

    Refer to the exhibit. The link between the CTRL and BR_1 routers is configured as shown in the exhibit. Why are the routers unable to establish a PPP session?

    • A.

      The clock rate is incorrect.

    • B.

      The usernames are misconfigured.

    • C.

      The IP addresses are on different subnets.

    • D.

      The clock rate is configured on the wrong end of the link.

    Correct Answer
    B. The usernames are misconfigured.
    Explanation
    The routers are unable to establish a PPP session because the usernames are misconfigured. PPP (Point-to-Point Protocol) requires authentication between the two routers, and this is typically done using usernames and passwords. If the usernames are not correctly configured on both routers, they will not be able to authenticate each other and establish a PPP session.

    Rate this question:

  • 42. 

    Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24 inside network. Host A has sent a packet to Web Server. What is the destination IP address of the return packet from Web Server when received at R1?

    • A.

      10.1.1.2:80

    • B.

      10.1.1.2:1234

    • C.

      172.30.20.1:1234

    • D.

      172.30.20.1:3333

    Correct Answer
    D. 172.30.20.1:3333
    Explanation
    When R1 performs NAT overload, it replaces the source IP address and port number of the packet with its own IP address and a randomly assigned port number. In this case, the packet from Host A to the Web Server would have its source IP address and port number changed to 172.30.20.1 and 3333 respectively. Therefore, when the return packet from the Web Server is received at R1, its destination IP address and port number would be 172.30.20.1:3333.

    Rate this question:

  • 43. 

    Refer to the exhibit. From the output of the show interface commands, at which OSI layer is a fault indicated?

    • A.

      Application

    • B.

      Transport

    • C.

      Network

    • D.

      Data link

    • E.

      Physical

    Correct Answer
    D. Data link
    Explanation
    Based on the output of the show interface commands, a fault is indicated at the data link layer of the OSI model. This can be inferred because the show interface commands provide information about the status and statistics of the data link layer protocols, such as Ethernet. Therefore, any issues or faults related to the data link layer would be reflected in this output.

    Rate this question:

  • 44. 

    What are two LCP options that can be configured for PPP? (Choose two.)

    • A.

      EAP

    • B.

      CHAP

    • C.

      IPCP

    • D.

      CDPCP

    • E.

      Stacker

    Correct Answer(s)
    B. CHAP
    E. Stacker
    Explanation
    PPP (Point-to-Point Protocol) is a data link layer protocol commonly used for establishing a direct connection between two network nodes. LCP (Link Control Protocol) is a component of PPP that is responsible for establishing, configuring, and terminating the link. Two LCP options that can be configured for PPP are CHAP (Challenge Handshake Authentication Protocol), which provides authentication between two peers, and stacker, which is a compression algorithm used to reduce the size of data packets.

    Rate this question:

  • 45. 

    Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router?

    • A.

      PPP with PAP

    • B.

      PPP with CHAP

    • C.

      HDLC with PAP

    • D.

      HDLC with CHAP

    Correct Answer
    B. PPP with CHAP
    Explanation
    PPP with CHAP should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router. PPP (Point-to-Point Protocol) is a Layer 2 protocol that provides a secure and reliable connection between two routers. CHAP (Challenge Handshake Authentication Protocol) is a secure authentication method that uses a three-way handshake process to authenticate the routers without sending plain text passwords over the link. This combination ensures that the authentication information is protected and not exposed to potential attackers.

    Rate this question:

  • 46. 

    Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP address from the DHCP server. The output of the debug ip dhcp server command shows "DHCPD: there is no address pool for 192.168.3.17". What is the problem?

    • A.

      The address 192.168.3.17 address is already in use by Fa0/0.

    • B.

      The pool of addresses for the 192Network pool is configured incorrectly.

    • C.

      The ip helper-address command should be used on the Fa0/0 interface.

    • D.

      The 192.168.3.17 address has not been excluded from the 192Network pool.

    Correct Answer
    B. The pool of addresses for the 192Network pool is configured incorrectly.
    Explanation
    The problem is that the pool of addresses for the 192Network pool is configured incorrectly. This means that the DHCP server does not have a valid range of IP addresses to assign to clients. As a result, when the host connected to Fa0/0 requests an IP address, the DHCP server is unable to provide one and generates the error message "DHCPD: there is no address pool for 192.168.3.17".

    Rate this question:

  • 47. 

    A technician is talking to a colleague at a rival company and comparing DSL transfer rates between the two companies. Both companies are in the same city, use the same service provider, and have the same rate/service plan. What is the explanation for why company 1 reports higher download speeds than company 2 reports?

    • A.

      Company 1 only uses microfilters at branch locations.

    • B.

      Company 1 has a lower volume of POTS traffic than company 2 has.

    • C.

      Company 2 is located farther from the service provider than company 1 is.

    • D.

      Company 2 shares the connection to the DSLAM with more clients than company 1 shares with.

    Correct Answer
    C. Company 2 is located farther from the service provider than company 1 is.
    Explanation
    The distance between a company and the service provider can affect the DSL transfer rates. The farther a company is from the service provider, the more likely it is to experience slower download speeds. This is because the signal strength can weaken over longer distances, leading to a decrease in download speeds. Therefore, it is likely that Company 2 reports lower download speeds compared to Company 1 due to its location being farther from the service provider.

    Rate this question:

  • 48. 

    Which statement is true about PAP in the authentication of a PPP session?

    • A.

      PAP uses a two-way handshake.

    • B.

      The password is unique and random.

    • C.

      PAP conducts periodic password challenges.

    • D.

      PAP uses MD5 hashing to keep the password secure.

    Correct Answer
    A. PAP uses a two-way handshake.
    Explanation
    The statement that is true about PAP in the authentication of a PPP session is that PAP uses a two-way handshake. This means that both the client and the server exchange their credentials in clear text during the authentication process. The client sends its username and password to the server, and the server compares it with the configured credentials to determine if the authentication is successful. The two-way handshake ensures that both parties are involved in the authentication process, providing a basic level of security for the PPP session.

    Rate this question:

  • 49. 

    Refer to the exhibit. This serial interface is not functioning correctly. Based on the output shown, what is the most likely cause?

    • A.

      Improper LMI type

    • B.

      Interface reset

    • C.

      PPP negotiation failure

    • D.

      Unplugged cable

    Correct Answer
    C. PPP negotiation failure
    Explanation
    Based on the output shown, the most likely cause of the malfunctioning serial interface is PPP negotiation failure. This can be inferred from the "Serial0/0 is down, line protocol is down" message, which indicates that there is an issue with the line protocol. PPP negotiation failure occurs when the devices on both ends of the link cannot agree on the authentication or configuration parameters during the PPP handshake process.

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.