What are two advantages of packet switching over circuit switching? (Choose two.)

The communication costs are lower.

Multiple pairs of nodes can communicate over the same network channel.

The communication costs are lower.

There are fewer delays in the data communications processes.

Multiple pairs of nodes can communicate over the same network channel.

A dedicated secure circuit is established between each pair of communicating nodes.

A connection through the service provider network is established quickly before communications start.

Which statement is true about NCP?

Each network protocol has a corresponding NCP.

Link termination is the responsibility of NCP.

NCP establishes the initial link between PPP devices.

NCP tests the link to ensure that the link quality is sufficient

A network engineer is troubleshooting the failure of CHAP authentication over a PPP WAN link between two routers. When CHAP authentication is not included as part of the interface configuration on both routers, communication across the link is successful. What could be causing CHAP to fail?

The secret password configured on each router is different.

The username configured on each router matches the hostname of the other router.

The secret password configured on each router is different.

The clock rate has not been configured on the DCE serial interface.

The hostname configured on each router is different.

Refer to the exhibit. Which three steps are required to configure Multilink PPP on the HQ router? (Choose three.)

Assign the serial interfaces to the multilink bundle.

Enable PPP encapsulation on the serial interfaces.

Create and configure the multilink interface

Assign the serial interfaces to the multilink bundle.

Enable PPP encapsulation on the serial interfaces.

Create and configure the multilink interface

Assign the Fast Ethernet interface to the multilink bundle.

Enable PPP encapsulation on the multilink interface.

Bind the multilink bundle to the Fast Ethernet interface.

Which statement describes the difference between CHAP and PAP in PPP authentication?

PAP uses a two-way handshake method and CHAP uses a three-way handshake method.

PAP and CHAP provide equivalent protection against replay attacks.

PAP sends the password encrypted and CHAP does not send the password at all.

PAP sends the password once and CHAP sends the password repeatedly until acknowledgment of authentication is received.

Which two technologies are core components of Cisco ACI architecture? (Choose two.)

Application Policy Infrastructure Controller

Interface to the Routing System

Transparent Interconnection of Lots of Links

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

Cisco AnyConnect Secure Mobility Client with SSL

Cisco Secure Mobility Clientless SSL VPN

When GRE is configured on a router, what do the tunnel source and tunnel destination addresses on the tunnel interface refer to?

the IP addresses at each end of the WAN link between the routers

the IP addresses of the two LANs that are being connected together by the VPN

the IP address of host on the LAN that is being extended virtually

the IP addresses of tunnel interfaces on intermediate routers between the connected routers

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.What problem is preventing the hosts from communicating across the VPN tunnel?

The tunnel IP addresses are incorrect.

The EIGRP configuration is incorrect.

The tunnel IP addresses are incorrect.

The tunnel source interfaces are incorrect.

The tunnel destinations addresses are incorrect.

What two functions describe uses of an access control list? (Choose two.)

ACLs provide a basic level of security for network access.

ACLs can control which areas a host can access on a network.

ACLs assist the router in determining the best path to a destination.

Standard ACLs can restrict access to specific applications and ports.

ACLs provide a basic level of security for network access.

ACLs can permit or deny traffic based upon the MAC address originating on the router.

ACLs can control which areas a host can access on a network.

A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used?

in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device

in an IPv6 extended ACL that stops packets going to one specific destination VLAN

in an IPv4 named standard ACL that has specific UDP protocols that are allowed to be used on a specific server

in an IPv6 named ACL that permits FTP traffic from one particular LAN getting to another LAN

in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device

CCNA 4, Practice Final

Approved & Edited by ProProfs Editorial Team

At ProProfs Quizzes, our dedicated in-house team of experts takes pride in their work. With a sharp eye for detail, they meticulously review each quiz. This ensures that every quiz, taken by over 100 million users, meets our standards of accuracy, clarity, and engagement.

Learn about Our Editorial Process

| Written by Gaaabriel

Gaaabriel

Community Contributor

Quizzes Created: 8 | Total Attempts: 4,027

Questions: 55 | Attempts: 101 | Updated: Mar 20, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

Which WAN technology is capable of transferring voice and video traffic by utilizing a fixed payload of 48 bytes for every frame?
- A.
  
  Frame Relay
- B.
  
  ISDN
- C.
  
  ATM
- D.
  
  Ethernet WAN
Correct Answer
C. ATM

Explanation
ATM (Asynchronous Transfer Mode) is the correct answer because it is a WAN technology that uses fixed-sized cells of 48 bytes for every frame. This fixed payload allows for efficient transfer of voice and video traffic over the network. Frame Relay, ISDN, and Ethernet WAN are not capable of utilizing a fixed payload size of 48 bytes for every frame.

Rate this question:
2.

Which two components of a WAN would more likely be used by an ISP? (Choose two.)
- A.
  
  CO
- B.
  
  Toll network
- C.
  
  demarcation point
- D.
  
  CPE
- E.
  
  DTE
Correct Answer(s)
A. CO
B. Toll network

Explanation
An ISP (Internet Service Provider) would more likely use the CO (Central Office) and the toll network components of a WAN. The CO is a central location where the ISP connects its customer's telephone lines to its network. The toll network refers to the long-distance network that allows the ISP to connect with other networks and provide internet services to customers outside of their local area. These two components are essential for an ISP to establish and maintain its network infrastructure and provide internet connectivity to its customers.

Rate this question:
3.

What are two advantages of packet switching over circuit switching? (Choose two.)
- A.
  
  The communication costs are lower.
- B.
  
  There are fewer delays in the data communications processes.
- C.
  
  Multiple pairs of nodes can communicate over the same network channel.
- D.
  
  A dedicated secure circuit is established between each pair of communicating nodes.
- E.
  
  A connection through the service provider network is established quickly before communications start.
Correct Answer(s)
A. The communication costs are lower.
C. Multiple pairs of nodes can communicate over the same network channel.

Explanation
Packet switching offers two advantages over circuit switching. Firstly, the communication costs are lower in packet switching as it allows for the efficient use of network resources. Instead of dedicating a circuit for the entire duration of a communication, packets can be sent separately and routed through different paths, optimizing the use of available bandwidth. Secondly, multiple pairs of nodes can communicate over the same network channel simultaneously in packet switching. This is possible because packets are individually addressed and can be interleaved and transmitted in a shared manner, allowing for increased network capacity and flexibility.

Rate this question:
4.

Which type of long distance telecommunication technology provides point-to-point connections and cellular access?
- A.
  
  WiMax
- B.
  
  municipal Wi-Fi
- C.
  
  satellite
- D.
  
  mobile broadband
Correct Answer
A. WiMax

Explanation
WiMax is the correct answer because it is a long distance telecommunication technology that provides both point-to-point connections and cellular access. WiMax stands for Worldwide Interoperability for Microwave Access and it is a wireless communication standard that allows for high-speed internet access over long distances. It is commonly used in areas where wired connections are not feasible or cost-effective. WiMax provides reliable and secure connections for both fixed and mobile devices, making it a suitable choice for long distance telecommunication.

Rate this question:
5.

What are two common types of circuit-switched WAN technologies? (Choose two.)
- A.
  
  ISDN
- B.
  
  MPLS
- C.
  
  PSTN
- D.
  
  ATM
- E.
  
  Frame Relay
Correct Answer(s)
A. ISDN
C. PSTN

Explanation
ISDN (Integrated Services Digital Network) and PSTN (Public Switched Telephone Network) are two common types of circuit-switched WAN technologies. ISDN is a digital telephony technology that allows voice and data to be transmitted over traditional telephone lines. PSTN refers to the global network of public telephone networks that use circuit-switching technology to transmit voice and data. Both ISDN and PSTN provide reliable and secure connections for communication over wide area networks.

Rate this question:
6.

Under which two categories of WAN connections does Frame Relay fit? (Choose two.)
- A.
  
  public infrastructure
- B.
  
  private infrastructure
- C.
  
  dedicated
- D.
  
  Internet
- E.
  
  packet-switched
Correct Answer(s)
B. private infrastructure
E. packet-switched

Explanation
Frame Relay fits under the categories of private infrastructure and packet-switched. Private infrastructure refers to a network that is owned and controlled by a single organization, providing dedicated and secure connections. Frame Relay can be implemented within a private network, allowing organizations to have control over their connections. Packet-switched refers to a network technology that breaks data into packets and sends them individually over a shared network. Frame Relay operates by packet-switching, where data is divided into frames and transmitted over a shared network, making it suitable for this category as well.

Rate this question:
7.

A small law firm wants to connect to the Internet at relatively high speed but with low cost. In addition, the firm prefers that the connection be through a dedicated link to the service provider. Which connection type should be selected?
- A.
  
  DSL
- B.
  
  ISDN
- C.
  
  Cable
- D.
  
  Leased line
Correct Answer
A. DSL

Explanation
DSL (Digital Subscriber Line) is the most suitable connection type for the small law firm in this scenario. DSL provides relatively high-speed internet connectivity at a low cost, making it a cost-effective option for the firm. Additionally, DSL can be set up through a dedicated link to the service provider, fulfilling the firm's preference for a dedicated connection. Therefore, DSL meets all the requirements of the law firm in terms of speed, cost, and connection type.

Rate this question:
8.

Refer to the exhibit. What type of Layer 2 encapsulation will be used for connection D on the basis of this configuration on a newly installed router:RtrA(config)# interface serial0/0/0 RtrA(config-if)# ip address 128.107.0.2 255.255.255.252 RtrA(config-if)# no shutdown
- A.
  
  Ethernet
- B.
  
  Frame Relay
- C.
  
  HDLC
- D.
  
  PPP
Correct Answer
C. HDLC

Explanation
Based on the given configuration, HDLC will be used for connection D. This is because HDLC (High-Level Data Link Control) is a Layer 2 protocol commonly used for point-to-point serial connections. The configuration shows that the interface is a serial interface (serial0/0/0), which is typically used for serial connections. Additionally, there is no mention of any other Layer 2 encapsulation protocols like Ethernet or Frame Relay, and the configuration does not include any specific commands to enable PPP (Point-to-Point Protocol) encapsulation. Therefore, HDLC is the most likely Layer 2 encapsulation for this connection.

Rate this question:
9.

Which two protocols in combination should be used to establish a link with secure authentication between a Cisco and a non-Cisco router? (Choose two.)
- A.
  
  HDLC
- B.
  
  PPP
- C.
  
  SLIP
- D.
  
  PAP
- E.
  
  CHAP
Correct Answer(s)
B. PPP
E. CHAP

Explanation
To establish a link with secure authentication between a Cisco and a non-Cisco router, PPP (Point-to-Point Protocol) should be used as the link layer protocol. PPP provides authentication options such as PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). PAP sends the password in clear text, while CHAP uses a three-way handshake process to securely authenticate the connection. Therefore, the combination of PPP and CHAP ensures secure authentication between the routers.

Rate this question:
10.

Which statement is true about NCP?
- A.
  
  Each network protocol has a corresponding NCP.
- B.
  
  Link termination is the responsibility of NCP.
- C.
  
  NCP establishes the initial link between PPP devices.
- D.
  
  NCP tests the link to ensure that the link quality is sufficient
Correct Answer
A. Each network protocol has a corresponding NCP.

Explanation
Each network protocol has a corresponding NCP. This means that for every network protocol, there is a specific Network Control Protocol (NCP) that is responsible for managing and controlling the communication between devices using that protocol. The NCP handles tasks such as establishing and terminating links, testing the link quality, and ensuring that the communication between devices using the protocol is reliable and efficient.

Rate this question:
11.

A network engineer is troubleshooting the failure of CHAP authentication over a PPP WAN link between two routers. When CHAP authentication is not included as part of the interface configuration on both routers, communication across the link is successful. What could be causing CHAP to fail?
- A.
  
  The username configured on each router matches the hostname of the other router.
- B.
  
  The secret password configured on each router is different.
- C.
  
  The clock rate has not been configured on the DCE serial interface.
- D.
  
  The hostname configured on each router is different.
Correct Answer
B. The secret password configured on each router is different.

Explanation
The failure of CHAP authentication could be caused by the secret password configured on each router being different. CHAP authentication requires that both routers have the same secret password configured in order to establish a secure connection. If the passwords do not match, the authentication process will fail and communication across the link will not be successful.

Rate this question:
12.

Refer to the exhibit. Which three steps are required to configure Multilink PPP on the HQ router? (Choose three.)
- A.
  
  Assign the serial interfaces to the multilink bundle.
- B.
  
  Enable PPP encapsulation on the serial interfaces.
- C.
  
  Create and configure the multilink interface
- D.
  
  Assign the Fast Ethernet interface to the multilink bundle.
- E.
  
  Enable PPP encapsulation on the multilink interface.
- F.
  
  Bind the multilink bundle to the Fast Ethernet interface.
Correct Answer(s)
A. Assign the serial interfaces to the multilink bundle.
B. Enable PPP encapsulation on the serial interfaces.
C. Create and configure the multilink interface

Explanation
To configure Multilink PPP on the HQ router, the first step is to assign the serial interfaces to the multilink bundle. This is done to combine multiple physical links into a single logical link. The second step is to enable PPP encapsulation on the serial interfaces, which is necessary for PPP to encapsulate and transmit data over the links. The third step is to create and configure the multilink interface, which will act as the logical interface for the combined links. This includes specifying the IP address, subnet mask, and other configuration parameters for the multilink interface.

Rate this question:
13.

Which statement describes the difference between CHAP and PAP in PPP authentication?
- A.
  
  PAP uses a two-way handshake method and CHAP uses a three-way handshake method.
- B.
  
  PAP and CHAP provide equivalent protection against replay attacks.
- C.
  
  PAP sends the password encrypted and CHAP does not send the password at all.
- D.
  
  PAP sends the password once and CHAP sends the password repeatedly until acknowledgment of authentication is received.
Correct Answer
A. PAP uses a two-way handshake method and CHAP uses a three-way handshake method.

Explanation
PAP uses a two-way handshake method and CHAP uses a three-way handshake method. In PAP, the client sends the username and password to the server in clear text, and the server responds with an acknowledgment. This two-way exchange is vulnerable to replay attacks. On the other hand, CHAP uses a three-way handshake where the client sends the username to the server, and the server responds with a challenge. The client then encrypts the challenge with the password and sends it back to the server for verification. This three-way exchange provides better protection against replay attacks.

Rate this question:
14.

A technician at a remote location is troubleshooting a router and has emailed partial debug command output to a network engineer at the central office. The message that is received by the engineer only contains a number of LCP messages that relate to a serial interface. Which WAN protocol is being used on the link?
- A.
  
  Frame Relay
- B.
  
  HDLC
- C.
  
  PPP
- D.
  
  VPN
Correct Answer
C. PPP

Explanation
The partial debug command output containing LCP messages suggests that the WAN protocol being used on the link is PPP (Point-to-Point Protocol). PPP is commonly used for establishing a direct connection between two devices over a serial interface, making it a suitable choice for troubleshooting a router in a remote location. Frame Relay, HDLC, and VPN are not indicated by the LCP messages and are therefore not the correct answer.

Rate this question:
15.

Which DSL technology provides higher downstream bandwidth to the user than upstream bandwidth?
- A.
  
  ADSL
- B.
  
  SDSL
- C.
  
  CDMA
- D.
  
  TDMA
Correct Answer
A. ADSL

Explanation
ADSL, or Asymmetric Digital Subscriber Line, is a DSL technology that provides higher downstream bandwidth to the user than upstream bandwidth. This means that the user can receive data at a faster rate than they can send data. This type of connection is commonly used in residential and small business settings where users typically download more data than they upload, such as streaming videos or browsing the internet.

Rate this question:
16.

Which communication protocol allows the creation of a tunnel through the DSL connection between the customer router and the ISP router to send PPP frames?
- A.
  
  PPPoE
- B.
  
  CHAP
- C.
  
  POTS
- D.
  
  ADSL
Correct Answer
A. PPPoE

Explanation
PPPoE (Point-to-Point Protocol over Ethernet) is the correct answer. It allows the creation of a tunnel through the DSL connection between the customer router and the ISP router to send PPP (Point-to-Point Protocol) frames. PPPoE is commonly used in DSL connections to establish a secure and reliable connection between the customer and the ISP. It encapsulates PPP frames within Ethernet frames, allowing the transmission of PPP packets over Ethernet networks.

Rate this question:
17.

Which group of APIs are used by an SDN controller to communicate with various applications?
- A.
  
  eastbound APIs
- B.
  
  westbound APIs
- C.
  
  Northbound APIs
- D.
  
  Southbound APIs
Correct Answer
C. Northbound APIs

Explanation
Northbound APIs are used by an SDN controller to communicate with various applications. These APIs allow applications to request network services and provide instructions to the controller. The northbound APIs enable the controller to receive information about the network state, such as topology and traffic, and provide this information to the applications. This allows applications to make intelligent decisions and control the behavior of the network.

Rate this question:
18.

Which two technologies are core components of Cisco ACI architecture? (Choose two.)
- A.
  
  Application Network Profile
- B.
  
  Application Policy Infrastructure Controller
- C.
  
  OpenFlow enabled switches
- D.
  
  Interface to the Routing System
- E.
  
  Transparent Interconnection of Lots of Links
Correct Answer(s)
A. Application Network Profile
B. Application Policy Infrastructure Controller

Explanation
The two core components of Cisco ACI architecture are the Application Network Profile and the Application Policy Infrastructure Controller. The Application Network Profile allows for the creation and management of application-specific network policies, while the Application Policy Infrastructure Controller serves as the centralized management and policy enforcement point for the ACI fabric. These technologies work together to provide a programmable and policy-driven network infrastructure.

Rate this question:
19.

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
- A.
  
  Cisco AnyConnect Secure Mobility Client with SSL
- B.
  
  Cisco Secure Mobility Clientless SSL VPN
- C.
  
  Frame Relay
- D.
  
  remote access VPN using IPsec
- E.
  
  site-to-site VPN
Correct Answer
E. site-to-site VPN

Explanation
A site-to-site VPN would be the most cost-effective method of providing a proper and secure connection between the two corporate networks. This solution allows for the secure transmission of data between the two networks over the internet without the need for leased lines. It provides a secure and encrypted connection, ensuring the confidentiality and integrity of the data being transmitted. Additionally, it eliminates the need for additional hardware or infrastructure, making it a cost-effective solution for connecting the two networks.

Rate this question:
20.

When GRE is configured on a router, what do the tunnel source and tunnel destination addresses on the tunnel interface refer to?
- A.
  
  the IP addresses at each end of the WAN link between the routers
- B.
  
  the IP addresses of the two LANs that are being connected together by the VPN
- C.
  
  the IP address of host on the LAN that is being extended virtually
- D.
  
  the IP addresses of tunnel interfaces on intermediate routers between the connected routers
Correct Answer
A. the IP addresses at each end of the WAN link between the routers

Explanation
The tunnel source and tunnel destination addresses on the tunnel interface refer to the IP addresses at each end of the WAN link between the routers. This means that these addresses are used to establish the GRE tunnel between the routers and encapsulate the data packets for transmission over the WAN link.

Rate this question:
21.

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.What problem is preventing the hosts from communicating across the VPN tunnel?
- A.
  
  The EIGRP configuration is incorrect.
- B.
  
  The tunnel IP addresses are incorrect.
- C.
  
  The tunnel source interfaces are incorrect.
- D.
  
  The tunnel destinations addresses are incorrect.
Correct Answer
B. The tunnel IP addresses are incorrect.

Explanation
The problem preventing the hosts from communicating across the VPN tunnel is that the tunnel IP addresses are incorrect. This means that the IP addresses configured for the tunnel are not matching or compatible with the IP addresses expected for the tunnel to function properly.

Rate this question:
22.

Which routing protocol is used to exchange routing information between autonomous systems on the Internet?
- A.
  
  IS-IS
- B.
  
  EIGRP
- C.
  
  OSPF
- D.
  
  BGP
Correct Answer
D. BGP

Explanation
BGP (Border Gateway Protocol) is the correct answer because it is the routing protocol used to exchange routing information between autonomous systems on the Internet. BGP is responsible for routing data packets between different networks, allowing them to communicate and exchange information. It is widely used in large-scale networks and is designed to handle the complex routing requirements of the Internet.

Rate this question:
23.

Refer to the exhibit. For which autonomous system would running BGP not be appropriate?
- A.
  
  65003
- B.
  
  65002
- C.
  
  65004
- D.
  
  65005
Correct Answer
A. 65003

Explanation
Running BGP would not be appropriate for autonomous system 65003 because it is the only autonomous system in the given options that is not adjacent to any other autonomous system. BGP is typically used for routing between autonomous systems, so if an autonomous system is not connected to any other autonomous systems, there would be no need to run BGP in that system.

Rate this question:
24.

What two functions describe uses of an access control list? (Choose two.)
- A.
  
  ACLs assist the router in determining the best path to a destination.
- B.
  
  Standard ACLs can restrict access to specific applications and ports.
- C.
  
  ACLs provide a basic level of security for network access.
- D.
  
  ACLs can permit or deny traffic based upon the MAC address originating on the router.
- E.
  
  ACLs can control which areas a host can access on a network.
Correct Answer(s)
C. ACLs provide a basic level of security for network access.
E. ACLs can control which areas a host can access on a network.

Explanation
Access Control Lists (ACLs) serve two main functions. Firstly, they provide a basic level of security for network access by allowing or denying traffic based on specified criteria such as source/destination IP address, protocol, port number, etc. Secondly, ACLs can control which areas or resources a host can access on a network, allowing administrators to define and enforce access policies. The other options mentioned in the question are incorrect because ACLs do not assist routers in path determination or control traffic based on MAC addresses.

Rate this question:
25.

A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used?
- A.
  
  In an IPv6 extended ACL that stops packets going to one specific destination VLAN
- B.
  
  in an IPv4 named standard ACL that has specific UDP protocols that are allowed to be used on a specific server
- C.
  
  in an IPv6 named ACL that permits FTP traffic from one particular LAN getting to another LAN
- D.
  
  in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device
Correct Answer
D. in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device

Explanation
The lt and gt keywords would be used in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device. These keywords are used to specify a range of values for a particular field in the packet header, such as the source or destination port. "lt" stands for "less than" and "gt" stands for "greater than", allowing the administrator to filter packets based on their port numbers falling within a specified range.

Rate this question:
26.

Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
- A.
  
  Manually add the new deny ACE with a sequence number of 5.
- B.
  
  Manually add the new deny ACE with a sequence number of 15.
- C.
  
  Create a second access list denying the host and apply it to the same interface.
- D.
  
  Add a deny any any ACE to access-list 1.
Correct Answer
A. Manually add the new deny ACE with a sequence number of 5.

Explanation
The administrator should manually add the new deny ACE with a sequence number of 5. This is because the error message indicates that there is already an ACE with a sequence number of 5 in the ACL. By manually adding the new deny ACE with a higher sequence number, such as 5, it ensures that the new ACE will be processed before the existing ACE with the same sequence number, effectively blocking packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network.

Rate this question:
27.

Which statement describes a difference between the operation of inbound and outbound ACLs?
- A.
  
  In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.
- B.
  
  Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.
- C.
  
  Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
- D.
  
  On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.
Correct Answer
C. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.

Explanation
Inbound ACLs are processed before the packets are routed, meaning that they are evaluated as soon as the packets enter the network interface. This allows for filtering and controlling the incoming traffic based on specific criteria. On the other hand, outbound ACLs are processed after the routing is completed, meaning that they are evaluated when the packets are leaving the network interface. This allows for filtering and controlling the outgoing traffic based on specific criteria. This difference in processing order allows for different levels of control and filtering in inbound and outbound ACLs.

Rate this question:
28.

Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)
- A.
  
  deny ip any any
- B.
  
  deny ipv6 any any
- C.
  
  permit ipv6 any any
- D.
  
  deny icmp any any
- E.
  
  permit icmp any any nd-ns
- F.
  
  permit icmp any any nd-na
Correct Answer(s)
B. deny ipv6 any any
E. permit icmp any any nd-ns
F. permit icmp any any nd-na

Explanation
The three implicit access control entries that are automatically added to the end of an IPv6 ACL are "deny ipv6 any any", "permit icmp any any nd-ns", and "permit icmp any any nd-na". These entries deny any IPv6 traffic, allow ICMP Neighbor Discovery NS messages, and allow ICMP Neighbor Discovery NA messages respectively.

Rate this question:
29.

What is the result of a DHCP starvation attack?
- A.
  
  Legitimate clients are unable to lease IP addresses.
- B.
  
  Clients receive IP address assignments from a rogue DHCP server.
- C.
  
  The attacker provides incorrect DNS and default gateway information to clients.
- D.
  
  The IP addresses assigned to legitimate clients are hijacked.
Correct Answer
A. Legitimate clients are unable to lease IP addresses.

Explanation
A DHCP starvation attack is a type of network attack where an attacker floods a DHCP server with a large number of fake DHCP requests, exhausting the available IP addresses in the server's pool. As a result, legitimate clients are unable to lease IP addresses from the server, causing a denial of service for those clients. This attack can disrupt network connectivity for legitimate users and make it difficult for them to access network resources.

Rate this question:
30.

What is a recommended best practice when dealing with the native VLAN?
- A.
  
  Turn off DTP.
- B.
  
  Use port security.
- C.
  
  Assign it to an unused VLAN.
- D.
  
  Assign the same VLAN number as the management VLAN.
Correct Answer
C. Assign it to an unused VLAN.

Explanation
A recommended best practice when dealing with the native VLAN is to assign it to an unused VLAN. This helps to prevent any potential security vulnerabilities that may arise from using a default or well-known VLAN. By assigning the native VLAN to an unused VLAN, it ensures that it is isolated from other VLANs and reduces the risk of unauthorized access or attacks on the network.

Rate this question:
31.

Which management protocol can be used securely with Cisco devices to retrieve or write to variables in a MIB?
- A.
  
  SNMP version 1
- B.
  
  SNMP version 2
- C.
  
  SNMP version 2c
- D.
  
  SNMP version 3
Correct Answer
D. SNMP version 3

Explanation
SNMP version 3 is the correct answer because it is the most secure management protocol that can be used with Cisco devices to retrieve or write to variables in a MIB (Management Information Base). SNMP version 3 provides authentication, encryption, and access control, making it the preferred choice for secure communication between network devices and management systems. SNMP versions 1 and 2 do not offer the same level of security as version 3, while SNMP version 2c is a community-based protocol that also lacks the advanced security features of version 3.

Rate this question:
32.

What are two benefits of using SNMP traps? (Choose two.)
- A.
  
  They reduce the load on network and agent resources.
- B.
  
  They can passively listen for exported NetFlow datagrams.
- C.
  
  They limit access for management systems only.
- D.
  
  They can provide statistics on TCP/IP packets that flow through Cisco devices.
- E.
  
  They eliminate the need for some periodic polling requests.
Correct Answer(s)
A. They reduce the load on network and agent resources.
E. They eliminate the need for some periodic polling requests.

Explanation
SNMP traps provide two benefits. Firstly, they reduce the load on network and agent resources by allowing devices to send notifications only when specific events occur, instead of constantly polling for updates. This helps to optimize network performance and reduce unnecessary traffic. Secondly, SNMP traps eliminate the need for some periodic polling requests by proactively notifying management systems about important events or conditions. This ensures that critical information is promptly delivered, improving network monitoring and troubleshooting efficiency.

Rate this question:
33.

What is an advantage of SNMPv3 over SNMPv1 or SNMPv2?
- A.
  
  Faster response times
- B.
  
  Security
- C.
  
  Support of other network monitoring protocols
- D.
  
  mobility
Correct Answer
B. Security

Explanation
SNMPv3 has an advantage over SNMPv1 or SNMPv2 in terms of security. SNMPv3 includes features such as authentication, encryption, and access control, which provide a higher level of security compared to the earlier versions. These security measures help in protecting sensitive data and preventing unauthorized access to the network devices.

Rate this question:
34.

What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?
- A.
  
  802.1X
- B.
  
  SNMP
- C.
  
  SPAN
- D.
  
  Syslog
Correct Answer
C. SPAN

Explanation
SPAN (Switched Port Analyzer) is a network monitoring tool that copies the traffic flowing through one switch port and sends it to another switch port for analysis. It allows network administrators to capture and analyze network traffic without interrupting the normal flow of data. By using SPAN, administrators can monitor network performance, troubleshoot issues, and detect any suspicious or malicious activities on the network.

Rate this question:
35.

RSPAN depends on which type of VLAN?
- A.
  
  native VLAN
- B.
  
  Management VLAN
- C.
  
  default VLAN
- D.
  
  RSPAN VLAN
- E.
  
  Black hole VLAN
- F.
  
  Private VLAN
Correct Answer
D. RSPAN VLAN

Explanation
RSPAN (Remote Switched Port Analyzer) is a feature that allows the monitoring of traffic on multiple switches across a network. It works by creating a dedicated VLAN called RSPAN VLAN, which is used to transport the mirrored traffic from the source switch to the destination switch where the network analyzer is connected. Therefore, the correct answer is RSPAN VLAN as it specifically refers to the VLAN type that RSPAN depends on.

Rate this question:
36.

Why is QoS an important issue in a converged network that combines voice, video, and data communications?
- A.
  
  Data communications must be given the first priority.
- B.
  
  Data communications are sensitive to jitter.
- C.
  
  Voice and video communications are more sensitive to latency.
- D.
  
  Legacy equipment is unable to transmit voice and video without QoS.
Correct Answer
C. Voice and video communications are more sensitive to latency.

Explanation
Voice and video communications require real-time transmission and any delay in delivering the data can result in poor call quality or video playback. Latency refers to the delay in transmitting data packets from one point to another. In a converged network that combines voice, video, and data communications, ensuring low latency is crucial to maintain the quality of voice and video streams. Therefore, prioritizing voice and video communications by implementing Quality of Service (QoS) mechanisms becomes important to minimize latency and provide a seamless experience for users.

Rate this question:
37.

What are two characteristics of voice traffic? (Choose two.)
- A.
  
  It is delay sensitive.
- B.
  
  It is bursty.
- C.
  
  It can tolerate latency up to 400 ms.
- D.
  
  It consumes few network resources.
- E.
  
  It is insensitive to packet loss.
Correct Answer(s)
A. It is delay sensitive.
D. It consumes few network resources.

Explanation
Voice traffic is characterized by being delay sensitive, meaning that any significant delay in transmitting the voice data can result in poor call quality or dropped calls. Additionally, voice traffic consumes few network resources, as the data packets for voice calls are relatively small compared to other types of data, such as video or file transfers.

Rate this question:
38.

True or False.DiffServ is a QoS strategy that enforces end-to-end guarantees.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False

Explanation
DiffServ (Differentiated Services) is a QoS (Quality of Service) strategy that provides differentiated treatment to different types of network traffic. However, it does not enforce end-to-end guarantees. DiffServ operates at the network layer and uses various mechanisms such as traffic classification, marking, and queuing to prioritize and manage network traffic. While it can improve the overall quality of service, it does not guarantee end-to-end performance or enforce specific guarantees for individual flows or connections.

Rate this question:
39.

What QoS step must occur before packets can be marked?
- A.
  
  policing
- B.
  
  shaping
- C.
  
  classifying
- D.
  
  Queuing
Correct Answer
C. classifying

Explanation
Before packets can be marked, they must go through the process of classifying. This involves examining the packets and determining their characteristics or attributes, such as the source or destination IP address, port number, or protocol type. Classifying allows network devices to identify and categorize packets into different classes or groups based on specific criteria. Once packets are classified, they can then be marked with appropriate Quality of Service (QoS) labels or tags, which are used to prioritize and manage the packets as they traverse the network.

Rate this question:
40.

Refer to the exhibit. A network administrator has deployed QoS and has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. Where should initial marking occur to establish the trust boundary?
- A.
  
  Trust Boundary 1
- B.
  
  Trust Boundary 2
- C.
  
  Trust Boundary 3
- D.
  
  Trust Boundary 4
Correct Answer
A. Trust Boundary 1

Explanation
Initial marking should occur at Trust Boundary 1 to establish the trust boundary. This is because Trust Boundary 1 is the first point where the network administrator has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. By marking the traffic at Trust Boundary 1, the network administrator can ensure that the QoS policies and prioritization are applied consistently throughout the network.

Rate this question:
41.

Which IoT pillar provides the infrastructure for application mobility?
- A.
  
  The Fog computing pillar
- B.
  
  the application enablement platform pillar
- C.
  
  the network connectivity pillar
- D.
  
  the management and automation pillar
Correct Answer
B. the application enablement platform pillar

Explanation
The application enablement platform pillar provides the infrastructure for application mobility in IoT. This pillar focuses on enabling applications to interact with and access data from various IoT devices and sensors. It provides tools, APIs, and frameworks that allow developers to build and deploy applications that can easily move and adapt to different devices and environments. By leveraging the capabilities of the application enablement platform, IoT applications can be more flexible, scalable, and portable, allowing for seamless mobility across different devices and networks.

Rate this question:
42.

What are three abstraction layers of a computer system? (Choose three.)
- A.
  
  Hardware
- B.
  
  Firmware
- C.
  
  Services
- D.
  
  Security
- E.
  
  Network
- F.
  
  Data
Correct Answer(s)
A. Hardware
B. Firmware
C. Services

Explanation
The three abstraction layers of a computer system are hardware, firmware, and services. Hardware refers to the physical components of the computer system, such as the processor, memory, and storage devices. Firmware is the software that is embedded into the hardware and provides low-level control and functionality. Services refer to the software programs and applications that run on top of the hardware and firmware, providing specific functions and capabilities to the user.

Rate this question:
43.

Users are reporting longer delays in authentication and in accessing network resources during certain time periods of the week. What kind of information should network engineers check to find out if this situation is part of a normal network behavior?
- A.
  
  the network performance baseline
- B.
  
  Syslog records and messages
- C.
  
  debug output and packet captures
- D.
  
  Network configuration files
Correct Answer
A. the network performance baseline

Explanation
To determine if the longer delays in authentication and accessing network resources are part of normal network behavior, network engineers should check the network performance baseline. This baseline provides a reference point for normal network performance, allowing engineers to compare current performance against expected behavior. By analyzing the baseline data, they can identify any deviations or anomalies that may be causing the delays. This information helps in troubleshooting and optimizing the network to ensure efficient and reliable operation.

Rate this question:
44.

A user is unable to connect to the Internet. The network administrator decides to use the top-down troubleshooting approach. Which action should the administrator perform first?
- A.
  
  Run the tracert command to identify the faulty device.
- B.
  
  Check the patch cable connection from the PC to the wall.
- C.
  
  Enter an IP address in the address bar of the web browser to determine if DNS has failed.
- D.
  
  Run the ipconfig command to verify the IP address, subnet mask, and gateway on the PC.
Correct Answer
C. Enter an IP address in the address bar of the web browser to determine if DNS has failed.

Explanation
The network administrator should first enter an IP address in the address bar of the web browser to determine if DNS has failed. This is because DNS (Domain Name System) is responsible for translating domain names into IP addresses. By entering an IP address directly in the browser, the administrator can bypass DNS and check if the issue is related to DNS failure. This step helps narrow down the troubleshooting process and identify the root cause of the connectivity problem.

Rate this question:
45.

How do network administrators use IP SLAs to monitor a network and to detect a network failure early?
- A.
  
  By using network protocol analyzers to evaluate errors
- B.
  
  By measuring the CPU and memory usage on routers and switches
- C.
  
  By simulating network data and IP services to collect network performance data in real time
- D.
  
  By taking a snap shot of network performance and comparing with an established baseline
Correct Answer
C. By simulating network data and IP services to collect network performance data in real time

Explanation
Network administrators use IP SLAs (Service Level Agreements) to monitor a network and detect network failures early by simulating network data and IP services. This allows them to collect real-time network performance data, enabling them to identify any issues or anomalies promptly. By simulating network data, administrators can measure various aspects such as latency, packet loss, and jitter, helping them assess the overall network health and ensure that it meets the required service level agreements. This proactive monitoring approach helps administrators detect potential network failures before they impact users or services.

Rate this question:
46.

What are two examples of network problems that are found at the data link layer? (Choose two.)
- A.
  
  Encapsulation errors
- B.
  
  framing errors
- C.
  
  electromagnetic interference
- D.
  
  incorrect interface clock rates
- E.
  
  late collisions and jabber
Correct Answer(s)
A. Encapsulation errors
B. framing errors

Explanation
Encapsulation errors and framing errors are two examples of network problems that can occur at the data link layer. Encapsulation errors refer to issues with the process of encapsulating data into frames, such as errors in adding necessary headers or trailers. Framing errors, on the other hand, occur when there are errors in identifying the start and end of frames, leading to data corruption. These problems can disrupt the proper transmission and reception of data at the data link layer, affecting the overall network performance.

Rate this question:
47.

The output of the show ip interface brief command indicates that Serial0/0/0 is up but the line protocol is down. What are two possible causes for the line protocol being in the down state? (Choose two.)
- A.
  
  The clock rate is not set on the DTE.
- B.
  
  An incorrect default gateway is set on the router.
- C.
  
  A network is missing from the routing protocol configuration.
- D.
  
  The encapsulation on the Serial0/0/0 interface is incorrect.
- E.
  
  Keepalives are not being sent by the remote device.
Correct Answer(s)
D. The encapsulation on the Serial0/0/0 interface is incorrect.
E. Keepalives are not being sent by the remote device.

Explanation
Two possible causes for the line protocol being in the down state are: the encapsulation on the Serial0/0/0 interface is incorrect, and keepalives are not being sent by the remote device.

Rate this question:
48.

Refer to the exhibit. A small office uses an ISR to provide connectivity for both wired and wireless computers. One day, a sales person who is using a laptop cannot connect to Server1 through the wireless network. A network technician attempts to determine if the problem is on the wireless or the wired network. The technician pings successfully from the wireless laptop to the default gateway IP address on the ISR. What should be the next troubleshooting step?
- A.
  
  Ping from the laptop to PC1.
- B.
  
  Ping from Server1 to PC1.
- C.
  
  Ping from Server1 to its gateway IP address.
- D.
  
  Ping from the laptop to the Ethernet port on the cable modem.
Correct Answer
C. Ping from Server1 to its gateway IP address.

Explanation
The next troubleshooting step should be to ping from Server1 to its gateway IP address. This step will help determine if there is a connectivity issue between Server1 and the ISR's gateway. If the ping is successful, it would indicate that the wired network is functioning properly. If the ping fails, it would suggest a problem with the wired network, and further troubleshooting would be required.

Rate this question:
49.

Refer to the exhibit. A ping from R1 to 10.1.1.2 is successful, but a ping from R1 to any address in the 192.168.2.0 network fails. What is the cause of this problem?
- A.
  
  There is no gateway of last resort at R1.
- B.
  
  The serial interface between the two routers is down.
- C.
  
  A default route is not configured on R1.
- D.
  
  The static route for 192.168.2.0 is incorrectly configured.
Correct Answer
D. The static route for 192.168.2.0 is incorrectly configured.

Explanation
The static route for 192.168.2.0 is incorrectly configured. This means that R1 does not have a proper route to reach the 192.168.2.0 network. As a result, any ping from R1 to an address in the 192.168.2.0 network will fail because R1 does not know how to reach that network. The successful ping to 10.1.1.2 indicates that there is connectivity between R1 and another network, but the issue lies specifically with the 192.168.2.0 network.

Rate this question:
50.

Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
- A.
  
  The use of wildcard masks
- B.
  
  an implicit deny any any statement
- C.
  
  the use of named ACL statements
- D.
  
  an implicit permit of neighbor discovery packets
Correct Answer
D. an implicit permit of neighbor discovery packets

Explanation
IPv6 ACLs have an implicit permit of neighbor discovery packets, which means that these packets are allowed by default without any explicit configuration. This feature is unique to IPv6 ACLs and is not present in IPv4 ACLs. Neighbor discovery packets are essential for IPv6 network operation as they facilitate address resolution and neighbor discovery processes.

Rate this question:

CCNA 4, Practice Final

Which WAN technology is capable of transferring voice and video traffic by utilizing a fixed payload of 48 bytes for every frame?

Which two components of a WAN would more likely be used by an ISP? (Choose two.)

What are two advantages of packet switching over circuit switching? (Choose two.)

Which type of long distance telecommunication technology provides point-to-point connections and cellular access?

What are two common types of circuit-switched WAN technologies? (Choose two.)

Under which two categories of WAN connections does Frame Relay fit? (Choose two.)

A small law firm wants to connect to the Internet at relatively high speed but with low cost. In addition, the firm prefers that the connection be through a dedicated link to the service provider. Which connection type should be selected?

Refer to the exhibit. What type of Layer 2 encapsulation will be used for connection D on the basis of this configuration on a newly installed router:RtrA(config)# interface serial0/0/0 RtrA(config-if)# ip address 128.107.0.2 255.255.255.252 RtrA(config-if)# no shutdown

Which two protocols in combination should be used to establish a link with secure authentication between a Cisco and a non-Cisco router? (Choose two.)

Which statement is true about NCP?

A network engineer is troubleshooting the failure of CHAP authentication over a PPP WAN link between two routers. When CHAP authentication is not included as part of the interface configuration on both routers, communication across the link is successful. What could be causing CHAP to fail?

Refer to the exhibit. Which three steps are required to configure Multilink PPP on the HQ router? (Choose three.)

Which statement describes the difference between CHAP and PAP in PPP authentication?

Which DSL technology provides higher downstream bandwidth to the user than upstream bandwidth?

Which communication protocol allows the creation of a tunnel through the DSL connection between the customer router and the ISP router to send PPP frames?

Which group of APIs are used by an SDN controller to communicate with various applications?

Which two technologies are core components of Cisco ACI architecture? (Choose two.)

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

When GRE is configured on a router, what do the tunnel source and tunnel destination addresses on the tunnel interface refer to?

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.What problem is preventing the hosts from communicating across the VPN tunnel?

Which routing protocol is used to exchange routing information between autonomous systems on the Internet?

Refer to the exhibit. For which autonomous system would running BGP not be appropriate?

What two functions describe uses of an access control list? (Choose two.)

A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used?

Which statement describes a difference between the operation of inbound and outbound ACLs?

Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)

What is the result of a DHCP starvation attack?

What is a recommended best practice when dealing with the native VLAN?

Which management protocol can be used securely with Cisco devices to retrieve or write to variables in a MIB?

What are two benefits of using SNMP traps? (Choose two.)

What is an advantage of SNMPv3 over SNMPv1 or SNMPv2?

What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?

RSPAN depends on which type of VLAN?

Why is QoS an important issue in a converged network that combines voice, video, and data communications?

What are two characteristics of voice traffic? (Choose two.)

True or False.DiffServ is a QoS strategy that enforces end-to-end guarantees.

What QoS step must occur before packets can be marked?

Refer to the exhibit. A network administrator has deployed QoS and has configured the network to mark traffic on the VoIP phones as well as the Layer 2 and Layer 3 switches. Where should initial marking occur to establish the trust boundary?

Which IoT pillar provides the infrastructure for application mobility?

What are three abstraction layers of a computer system? (Choose three.)

Users are reporting longer delays in authentication and in accessing network resources during certain time periods of the week. What kind of information should network engineers check to find out if this situation is part of a normal network behavior?

A user is unable to connect to the Internet. The network administrator decides to use the top-down troubleshooting approach. Which action should the administrator perform first?

How do network administrators use IP SLAs to monitor a network and to detect a network failure early?

What are two examples of network problems that are found at the data link layer? (Choose two.)

The output of the show ip interface brief command indicates that Serial0/0/0 is up but the line protocol is down. What are two possible causes for the line protocol being in the down state? (Choose two.)

Refer to the exhibit. A ping from R1 to 10.1.1.2 is successful, but a ping from R1 to any address in the 192.168.2.0 network fails. What is the cause of this problem?

Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?