CCNA 4 Final Exam The Best

49 Questions | By Man04 | Updated: Mar 21, 2022 | Attempts: 502

Questions

Settings

If you are looking for the best CCNA final exam practice quiz then you just got lucky. The quiz below has the questions from the current syllabus. Give it a shot and see if you might need more reading time. All the best of luck and remember practice does make perfect.

Questions and Answers

1.

Refer to the exhibit. The SSH connections between the remote user and the server are failing. The correct configuration of NAT has been verified. What is the most likely cause of the problem?
- A.
  
  SSH is unable to pass through NAT.
- B.
  
  There are incorrect access control list entries.
- C.
  
  The access list has the incorrect port number for SSH.
- D.
  
  The ip helper command is required on S0/0/0 to allow inbound connections.
2.

Which IEEE 802.16 broadband wireless technology allows users to connect to the ISP at speeds comparable to DSL and cable?
- A.
  
  Wi-Fi
- B.
  
  Satellite
- C.
  
  WiMAX
- D.
  
  Metro Ethernet
3.

Which statement about a VPN is true?
- A.
  
  VPN link establishment and maintenance is provided by LCP.
- B.
  
  DLCI addresses are used to identify each end of the VPN tunnel.
- C.
  
  VPNs use virtual Layer 3 connections that are routed through the Internet.
- D.
  
  Only IP packets can be encapsulated by a VPN for tunneling through the Internet.
4.

What is a characteristic feature of a worm?
- A.
  
  Exploits a known vulnerability
- B.
  
  Attaches to executable programs
- C.
  
  Masquerades as a legitmate program
- D.
  
  Lies dormant until triggered by an event, time, or date
5.

What is the result when the command permit tcp 192.168.4.0 0.0.3.255 any eq telnet is entered in an access control list and applied on the inbound interface of a router?
- A.
  
  All traffic that originates from 192.168.4.0/24 is permitted.
- B.
  
  All TCP traffic is permitted, and all other traffic is denied.
- C.
  
  All Telnet traffic from the 192.168.0.0/16 network is permitted.
- D.
  
  All traffic from the 192.168.4.0/22 network is permitted on TCP port 23.
6.

What can a network administrator do to recover from a lost router password?
- A.
  
  Use the copy tftp: flash: command
- B.
  
  Boot the router to bootROM mode and enter the b command to load the IOS manually
- C.
  
  Telnet from another router and issue the show running-config command to view the password
- D.
  
  Boot the router to ROM monitor mode and configure the router to ignore the startup configuration when it initializes
7.

Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router?
- A.
  
  The commands overwrite the existing Managers ACL.
- B.
  
  The commands are added at the end of the existing Managers ACL.
- C.
  
  The network administrator receives an error stating that the ACL already exists.
- D.
  
  The commands will create a duplicate Managers ACL containing only the new commands being entered.
8.

Which two statements are true about IPv6? (Choose two.)
- A.
  
  Security options are build into IPv6.
- B.
  
  IPv6 addresses require less router overhead to process.
- C.
  
  IPv6 can only be configured on an interface that does not have IPv4 on it.
- D.
  
  There is no way to translate between IPv4 addresses and IPv6 addresses.
- E.
  
  When enabled on a router, IPv6 can automatically configure link-local IPv6 addresses on all interfaces.
9.

A system administrator must provide Internet connectivity for ten hosts in a small remote office. The ISP has assigned two public IP addresses to this remote office. How can the system administrator configure the router to provide Internet access to all ten users at the same time?
- A.
  
  Configure DHCP and static NAT.
- B.
  
  Configure dynamic NAT for ten users.
- C.
  
  Configure static NAT for all ten users.
- D.
  
  Configure dynamic NAT with overload.
10.

What will be the result of adding the command ip dhcp excluded-address 10.10.4.1 10.10.4.5 to the configuration of a local router that has been configured as a DHCP server?
- A.
  
  Traffic that is destined for 10.10.4.1 and 10.10.4.5 will be dropped by the router.
- B.
  
  Traffic will not be routed from clients with addresses between 10.10.4.1 and 10.10.4.5.
- C.
  
  The DHCP server will not issue the addresses ranging from 10.10.4.1 to 10.10.4.5.
- D.
  
  The router will ignore all traffic that comes from the DHCP servers with addresses 10.10.4.1 and 10.10.4.5.
11.

Refer to the exhibit. Which statement correctly describes how Router1 processes an FTP request packet that enters interface S0/0/0, and is destined for an FTP server at IP address 172.16.1.5?
- A.
  
  The router matches the incoming packet to the statement that is created by access-list 201 permit ip any any command and allows the packet into the router.
- B.
  
  The router reaches the end of ACL 101 without matching a condition and drops the packet because there is no statement that was created by access-list 101 permit ip any any command.
- C.
  
  The router matches the incoming packet to the statement that was created by the access-list 101 permit ip any 172.16.1.0 0.0.0.255 command, ignores the remaining statements in ACL 101, and allows the packet into the router.
- D.
  
  The router matches the incoming packet to the statement that was created by the access-list 201 deny icmp 172.16.1.0 0.0.0.255 any command, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then the router drops the packet.
12.

When a Frame Relay connection is being configured, under which condition should the command frame-relay map be used?
- A.
  
  When the remote router is a non-Cisco router
- B.
  
  When the local router is configured with subinterfaces
- C.
  
  When globally significant rather than locally significant DLCIs are being used
- D.
  
  When the local router and the remote router are using different LMI protocols
13.

Refer to the exhibit. RIPv2 has been configured on all routers in the network. Routers R1 and R3 do not receive RIP routing updates. On the basis of the provided configuration, what should be enabled on router R2 to remedy the problem?
- A.
  
  Proxy ARP
- B.
  
  CDP updates
- C.
  
  SNMP services
- D.
  
  RIP authentication
14.

What are two main components of data confidentiality? (Choose two.)
- A.
  
  Checksum
- B.
  
  Digital certificates
- C.
  
  Encapsulation
- D.
  
  Encryption
- E.
  
  Harshing
15.

Which method is most effective in protecting the routing information that is propagated between routers on the network?
- A.
  
  Disable IP source routing.
- B.
  
  Configure passive interfaces
- C.
  
  Configure routing protocol authentication.
- D.
  
  Secure administrative lines with Secure Shell.
16.

An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an error message when trying to enter the IPv4 routes into RIPng. What is the cause of the problem?
- A.
  
  When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology.
- B.
  
  Incorrect IPv4 addresses are entered on the router interfaces.
- C.
  
  RIPng is incompatible with dual-stack technology.
- D.
  
  IPv4 is incompatible with RIPng.
17.

Refer to the exhibit. A network administrator is trying to configure a router to use SDM but it is not functioning correctly. What could be the problem?
- A.
  
  The username and password are not configured correctly.
- B.
  
  The authentication method is not configured correctly.
- C.
  
  The HTTP timeout policy is not configured correctly.
- D.
  
  The vtys are not configured correctly.
18.

Refer to the exhibit. The network administrator creates a standard access control list on Router1 to prohibit traffic from the 172.16.1.0/24 network from reaching the 172.16.2.0/24 network while still permitting Internet access for all networks. On which router interface and in which direction should it be applied?
- A.
  
  Interface Fa0/0, inbound
- B.
  
  Interface Fa0/0, outbound
- C.
  
  Interface Fa0/1, inbound
- D.
  
  Interface Fa0/1, outbound
19.

A network administrator is instructing a technician on best practices for applying ACLs. Which suggestion should the administrator provide?
- A.
  
  Named ACLs are less efficient than numbered ACLs.
- B.
  
  Standard ACLs should be applied closest to the core layer.
- C.
  
  ACLs applied to outbound interfaces are the most efficient.
- D.
  
  Extended ACLs should be applied closest to the source that is specified by the ACL.
20.

Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command?
- A.
  
  Queuing strategy
- B.
  
  Serial cable type
- C.
  
  Interface IP address
- D.
  
  Encapsulation method
21.

What three statements describe the roles of devices in a WAN? (Choose three.)
- A.
  
  A CSU/DSU terminates a digital local loop.
- B.
  
  A modem terminates a digital local loop.
- C.
  
  A CSU/DSU terminates an analog local loop.
- D.
  
  A modem terminates an analog local loop.
- E.
  
  A router is commonly considered a DTE device.
22.

Refer to the exhibit. Router1 and Router2 each support separate areas of a data center, and are connected via a crossover cable. Resources attached to Router1 are unable to connect to resources attached to Router2. What is the likely cause?
- A.
  
  The crossover cable is faulty.
- B.
  
  The IP addressing is incorrect
- C.
  
  There is a Layer 2 problem with the router connection.
- D.
  
  The upper layers are experiencing an unspecified problem.
- E.
  
  One or both of the Ethernet interfaces are not working correctly.
23.

Refer to the exhibit. A network administrator has issued the commands that are shown on Router1 and Router2. A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem with the RIPng configuration?
- A.
  
  The serial interfaces are in different subnets.
- B.
  
  The RIPng process is not enabled on interfaces.
- C.
  
  The RIPng processes do not match between Router1 and Router2.
- D.
  
  The RIPng network command is missing from the IPv6 RIP configuration.
24.

Which encapsulation protocol when deployed on a Cisco router over a serial interface is only compatible with another Cisco router?
- A.
  
  PPP
- B.
  
  SLIP
- C.
  
  HDLC
- D.
  
  Frame Relay
25.

At what physical location does the responsibilty for a WAN connection change from the user to the service provider?
- A.
  
  Demilitarized zone (DMZ)
- B.
  
  Demarcation point
- C.
  
  Local loop
- D.
  
  Cloud