1.
A network technician has been asked to secure all switches in the campus network. The security requirements are for each switch to automatically learn and add MAC addresses to both the address table and the running configuration. Which port security configuration will meet these requirements?
Correct Answer
B. Dynamic secure MAC addresses
Explanation
Dynamic secure MAC addresses is the correct answer because it allows the switch to automatically learn and add MAC addresses to both the address table and the running configuration. This configuration ensures that only the learned MAC addresses are allowed to access the network, providing a level of security by preventing unauthorized devices from connecting to the switch.
2.
Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)
Correct Answer(s)
A. Dynamic desirable – dynamic auto
D. Dynamic desirable – dynamic desirable
F. Dynamic desirable – trunk*
Explanation
The three pairs of trunking modes that will establish a functional trunk link between two Cisco switches are dynamic desirable - dynamic auto, dynamic desirable - dynamic desirable, and dynamic desirable - trunk. The dynamic desirable mode actively attempts to form a trunk link, while dynamic auto mode passively waits for the other end to initiate the trunking negotiation. The trunk mode allows the interface to become a trunk link immediately. These combinations ensure that both switches are actively participating in the trunk negotiation process, allowing for the successful establishment of a trunk link.
3.
Fill in the blank.The OSPF Type 1 packet is the ________ packet.
Correct Answer(s)
hello
Explanation
The OSPF Type 1 packet is the "hello" packet. This packet is used by OSPF routers to establish and maintain neighbor relationships. It is sent periodically to all OSPF routers on a network segment to discover and maintain adjacency. The hello packet contains important information such as the router ID, area ID, and priority, which are used for neighbor discovery and election of designated and backup designated routers.
4.
Which value represents the “trustworthiness” of a route and is used to determine which route to install into the routing table when there are multiple routes toward the same destination?
Correct Answer
D. Administrative distance
Explanation
Administrative distance represents the "trustworthiness" of a route. It is used to determine which route to install into the routing table when there are multiple routes toward the same destination. A lower administrative distance indicates a higher trustworthiness and priority for that route to be chosen. Therefore, administrative distance is an important factor in route selection and influences the routing decisions made by routers in a network.
5.
Refer to the exhibit. What is the OSPF cost to reach the R2 LAN 172.16.2.0/24 from R1?
Correct Answer
B. 74
Explanation
The OSPF cost to reach the R2 LAN 172.16.2.0/24 from R1 is 74. This cost value is calculated based on the bandwidth of the link between R1 and R2. The higher the bandwidth, the lower the cost. Since the link between R1 and R2 has a bandwidth of 100 Mbps, the cost is calculated as 100 Mbps divided by 1 Gbps (1000 Mbps), which equals 1. The cost is then multiplied by 64 to get the final value of 64. However, OSPF adds an additional 10 to the cost, resulting in a total cost of 74.
6.
Fill in the blank.The default administrative distance for a static route is ________.
Correct Answer
1
Explanation
The default administrative distance for a static route is 1. Administrative distance is a measure of the trustworthiness or reliability of a routing information source. In the case of static routes, which are manually configured by a network administrator, they are considered the most reliable and have the lowest administrative distance. Therefore, the default administrative distance for a static route is 1.
7.
Fill in the blank.Static routes are configured by the use of the global configuration command ________
Correct Answer
ip route
Explanation
Static routes are configured by using the global configuration command "ip route". This command allows network administrators to manually specify the next-hop IP address or exit interface for a specific destination network. By using static routes, network administrators can control the flow of traffic in their network and provide explicit routing instructions to the router. This is especially useful when there is a need to bypass dynamic routing protocols or when specific routing paths need to be defined.
8.
Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?
Correct Answer
C. Router R4 will become the DR and router R3 will become the BDR
Explanation
Based on the exhibit, the router with the highest OSPF priority will become the designated router (DR), while the router with the second-highest priority will become the backup designated router (BDR). In this case, router R4 has the highest priority (priority 200), making it the DR. Router R3 has the second-highest priority (priority 150), making it the BDR.
9.
What is the purpose of an access list that is created as part of configuring IP address translation?
Correct Answer
B. The access list defines the private IP addresses that are to be translated
Explanation
The purpose of an access list that is created as part of configuring IP address translation is to define the private IP addresses that are to be translated. This means that the access list will specify which private IP addresses should undergo translation and be mapped to public IP addresses. By defining these specific private IP addresses, the access list controls which devices or networks can access the public network through the translation process.
10.
The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)
Correct Answer(s)
E. -access-list 5 permit 10.7.0.0 0.0.0.31
G. -access-class 5 in
Explanation
The command "access-list 5 permit 10.7.0.0 0.0.0.31" is needed to create an access list that permits traffic from the 10.7.0.0/27 network. The wildcard mask 0.0.0.31 allows for a range of IP addresses within the network. The command "access-class 5 in" is needed to apply the access list to the VTY lines, which control Telnet access to the routers. By using these two commands together, only devices within the 10.7.0.0/27 network will be allowed Telnet access to the routers.
11.
While analyzing log files, a network administrator notices reoccurring native VLAN mismatches. What is the effect of these reoccurring errors?
Correct Answer
D. The control and management traffic on the error-occurring trunk port is being misdirected or dropped.
Explanation
Reoccurring native VLAN mismatches can cause the control and management traffic on the error-occurring trunk port to be misdirected or dropped. This means that important network control and management messages may not reach their intended destination, leading to potential network issues and misconfiguration. It is crucial to resolve these mismatches to ensure proper communication and functionality within the network.
12.
Which two characteristics describe the native VLAN? (Choose two.)
Correct Answer(s)
A. The native VLAN traffic will be untagged across the trunk link.
D. The native VLAN provides a common identifier to both ends of a trunk.
Explanation
The native VLAN provides a common identifier to both ends of a trunk, meaning that it allows devices on both ends of the trunk to communicate with each other using the same VLAN. The native VLAN traffic will be untagged across the trunk link, which means that it does not have any VLAN tags added to it. This allows for compatibility with devices that do not understand VLAN tagging.
13.
Refer to the exhibit. The Branch Router has an OSPF neighbor relationship with the HQ router over the 198.51.0.4/30 network. The 198.51.0.8/30 network link should serve as a backup when the OSPF link goes down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/1/1 100 was issued on Branch and now traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made to the static route command so that traffic will only use the OSPF link when it is up?
Correct Answer
D. Change the administrative distance to 120.
Explanation
The administrative distance determines the trustworthiness of a routing protocol. A lower administrative distance indicates a higher trust level. In this case, the static route has an administrative distance of 100, which is lower than the administrative distance of OSPF (which is typically 110 or lower). Therefore, the static route is preferred over the OSPF route, even when the OSPF link is up and functioning. To ensure that traffic only uses the OSPF link when it is up, the administrative distance of the static route should be increased. Changing the administrative distance to 120 will make the OSPF route more preferred and traffic will use the OSPF link when it is up.
14.
Refer to the exhibit. An attacker on PC X sends a frame with two 802.1Q tags on it, one for VLAN 40 and another for VLAN 12. What will happen to this frame?
Correct Answer
B. SW-A will remove both tags and forward the rest of the frame across the trunk link, where SW-B will forward the frame to hosts on VLAN 40.
Explanation
When an attacker on PC X sends a frame with two 802.1Q tags, one for VLAN 40 and another for VLAN 12, SW-A will remove both tags and forward the rest of the frame across the trunk link. SW-B will then receive the frame and forward it to the hosts on VLAN 40. This is because SW-A is configured to remove the tags and forward the frame based on the VLAN information.
15.
Which statement is true about the difference between OSPFv2 and OSPFv3?
Correct Answer
C. OSPFv3 routers do not need to have matching subnets to form neighbor adjacencies.
Explanation
In OSPFv3, routers do not need to have matching subnets to form neighbor adjacencies. This means that OSPFv3 routers can form adjacencies even if they have different subnet configurations. This is different from OSPFv2, where routers must have matching subnets in order to form neighbor adjacencies. This feature in OSPFv3 allows for more flexibility and ease of configuration in networks with diverse subnet configurations.
16.
What are two ways of turning off DTP on a trunk link between switches? (Choose two.)
Correct Answer(s)
B. Configure attached switch ports with the nonegotiate command option.
E. Place the two attached switch ports in access mode.
Explanation
To turn off DTP on a trunk link between switches, there are two ways. The first way is to configure the attached switch ports with the "nonegotiate" command option. This command disables DTP negotiation on the ports, preventing them from sending or receiving DTP frames. The second way is to place the two attached switch ports in access mode. In access mode, the ports will not negotiate trunking with the neighboring switch and will only function as access ports, effectively turning off DTP on the trunk link.
17.
Why would an administrator use a network security auditing tool to flood the switch MAC address table with fictitious MAC addresses?
Correct Answer
C. To determine which ports are not correctly configured to prevent MAC address flooding
Explanation
An administrator would use a network security auditing tool to flood the switch MAC address table with fictitious MAC addresses in order to determine which ports are not correctly configured to prevent MAC address flooding. By flooding the MAC address table, the administrator can identify any ports that are not properly configured to handle excessive MAC address traffic, which could potentially lead to security vulnerabilities or network disruptions. This allows the administrator to take corrective actions and ensure that the switch is properly configured to prevent MAC address flooding.
18.
A new network policy requires an ACL to deny HTTP access from all guests to a web server at the main office. All guests use addressing from the IPv6 subnet 2001:DB8:19:C::/64. The web server is configured with the address 2001:DB8:19:A::105/64. Implementing the NoWeb ACL on the interface for the guest LAN requires which three commands? (Choose three.)
Correct Answer(s)
C. Deny tcp any host 2001:DB8:19:A::105 eq 80
D. Permit ipv6 any any
F. Ipv6 traffic-filter NoWeb in
Explanation
The first command "deny tcp any host 2001:DB8:19:A::105 eq 80" denies TCP traffic from any source to the web server at the specified IPv6 address on port 80, effectively blocking HTTP access from all guests. The second command "permit ipv6 any any" allows any other IPv6 traffic from any source to any destination, ensuring that non-HTTP traffic is still allowed. The third command "ipv6 traffic-filter NoWeb in" applies the ACL named "NoWeb" as an inbound filter on the interface for the guest LAN, enforcing the ACL rules.
19.
An OSPF router has three directly connected networks; 172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would advertise only the 172.16.1.0 network to neighbors?
Correct Answer
A. Router(config-router)# network 172.16.1.0 0.0.255.255 area 0
Explanation
The correct answer is "router(config-router)# network 172.16.1.0 0.0.255.255 area 0". This command uses a wildcard mask of 0.0.255.255, which means that only the second octet of the IP address is considered for the network match. Therefore, it will only advertise the 172.16.1.0 network to neighbors.
20.
Refer to the exhibit. Which type of route is 172.16.0.0/16?
Correct Answer
B. Level 1 parent route
Explanation
The given IP address, 172.16.0.0/16, falls under the category of a "level 1 parent route." In networking, routes are organized in a hierarchical structure, with parent routes encompassing multiple child routes. A level 1 parent route is one that covers a range of IP addresses within a specific network. In this case, the route 172.16.0.0/16 includes all IP addresses from 172.16.0.0 to 172.16.255.255, making it a level 1 parent route.
21.
Refer to the exhibit. Which type of IPv6 static route is configured in the exhibit?
Correct Answer
B. Recursive static route
Explanation
In the exhibit, the static route is configured with the next-hop IPv6 address of 2001:DB8:1:2::1. A recursive static route is used when the next-hop IP address is not directly connected but is reached through another router. In this case, the router will recursively determine the best path to reach the destination by forwarding the packet to the next-hop router specified in the static route. Therefore, the correct answer is recursive static route.
22.
Which subnet mask would be used as the classful mask for the IP address 192.135.250.27?
Correct Answer
C. 255.255.255.0
Explanation
The classful mask for the IP address 192.135.250.27 would be 255.255.255.0. This is because the IP address falls within the range of Class C addresses, which have a default subnet mask of 255.255.255.0.
23.
Which subnet mask would be used as the classful mask for the IP address 128.107.52.27?
Correct Answer
B. 255.255.0.0
Explanation
The IP address 128.107.52.27 falls under Class B network range. Class B networks have a default subnet mask of 255.255.0.0. Therefore, the correct subnet mask for the given IP address would be 255.255.0.0.
24.
Refer to the exhibit. A small business uses VLANs 8, 20, 25, and 30 on two switches that have a trunk link between them. What native VLAN should be used on the trunk if Cisco best practices are being implemented?
Correct Answer
B. 5
Explanation
The native VLAN on a trunk link is used for untagged traffic. Cisco best practices recommend using a different native VLAN than the VLANs being used for data traffic to improve security and prevent VLAN hopping attacks. In this scenario, since VLANs 8, 20, 25, and 30 are being used, the native VLAN should be set to a different VLAN. The only option that is different from the VLANs being used is 5, so it should be used as the native VLAN on the trunk.
25.
The buffers for packet processing and the running configuration file are temporarily stored in which type of router memory?
Correct Answer
C. RAM
Explanation
RAM stands for Random Access Memory, which is a type of computer memory that allows data to be read from and written to quickly. In the context of a router, RAM is used to temporarily store the buffers for packet processing and the running configuration file. This allows the router to efficiently process incoming packets and quickly access the current configuration. Flash memory, NVRAM, and ROM are other types of memory used in routers, but they do not serve the same purpose as RAM in this case.
26.
A network technician is configuring port security on switches. The interfaces on the switches are configured in such a way that when a violation occurs, packets with unknown source address are dropped and no notification is sent. Which violation mode is configured on the interfaces?
Correct Answer
C. Protect
Explanation
The violation mode that is configured on the interfaces is "protect". In this mode, when a violation occurs, packets with an unknown source address are dropped, but no notification is sent. The protect mode allows the switch to protect against unauthorized devices by simply dropping the packets from unknown sources without alerting the network administrator.
27.
A standard ACL has been configured on a router to allow only clients from the 10.11.110.0/24 network to telnet or to ssh to the VTY lines of the router. Which command will correctly apply this ACL?
Correct Answer
D. Access-group 11 in
Explanation
The correct command to apply the standard ACL is "access-group 11 in". This command will apply the ACL with the number 11 to the inbound traffic on the router's interfaces. By applying the ACL to the inbound traffic, it will restrict access to only clients from the 10.11.110.0/24 network to telnet or ssh to the VTY lines of the router.
28.
Refer to the exhibit.What address will summarize the LANs attached to routers 2-A and 3-A and can be configured in a summary static route to advertise them to an upstream neighbor?
Correct Answer
D. 10.0.0.0/21
Explanation
The correct answer is 10.0.0.0/21. This is because it covers the range of all the LANs attached to routers 2-A and 3-A. The subnet mask /21 allows for a larger range of IP addresses compared to the other options, making it the most suitable choice for summarizing the LANs.
29.
A security specialist designs an ACL to deny access to a web server from all sales staff. The sales staff are assigned addressing from the IPv6 subnet 2001:db8:48:2c::/64. The web server is assigned the address 2001:db8:48:1c::50/64. Configuring the WebFilter ACL on the LAN interface for the sales staff will require which three commands? (Choose three.)
Correct Answer(s)
B. Deny tcp host 2001:db8:48:1c::50 any eq 80
C. Deny tcp any host 2001:db8:48:1c::50 eq 80
E. Deny ipv6 any any
Explanation
The correct answer is to use the commands "deny tcp host 2001:db8:48:1c::50 any eq 80", "deny tcp any host 2001:db8:48:1c::50 eq 80", and "deny ipv6 any any". These commands are necessary to deny access to the web server from all sales staff. The first two commands deny TCP traffic from the sales staff to the web server on port 80, while the third command denies any IPv6 traffic from any source to any destination. By using these three commands, the ACL effectively blocks all sales staff from accessing the web server.
30.
To enable RIP routing for a specific subnet, the configuration command network 192.168.5.64 was entered by the network administrator. What address, if any, appears in the running configuration file to identify this network?
Correct Answer
B. 192.168.5.0
Explanation
The network address that appears in the running configuration file to identify the network is 192.168.5.0. This is because when configuring RIP routing using the "network" command, the address specified is used as the network address. In this case, the network address is 192.168.5.0, which represents the subnet that the network administrator wants to enable RIP routing for.
31.
Refer to the exhibit. An ACL preventing FTP and HTTP access to the interval web server from all teaching assistants has been implemented in the Board Office. The address of the web server is 172.20.1.100 and all teaching assistants are assigned addresses in the 172.21.1.0/24 network. After implement the ACL, access to all servers is denied. What is the problem?
Correct Answer
C. Named ACLs requite the use of port numbers
Explanation
The problem is that named ACLs require the use of port numbers. This means that the ACL implemented in the Board Office is not correctly configured to allow access to the FTP and HTTP ports on the web server. As a result, the ACL is denying access to all servers, including the web server. To fix the issue, the ACL should be modified to include the necessary port numbers for FTP and HTTP access to the web server.
32.
Refer to the exhibit. Assuming that the routing tables are up to date and no ARP messages are needed, after a packet leaves H1, how many times is the L2 header rewritten in the path to H2?
Correct Answer
B. 2
Explanation
After a packet leaves H1, the L2 header is rewritten once when it reaches S1, and then it is rewritten again when it reaches S2. Therefore, the L2 header is rewritten two times in the path to H2.
33.
Please fill answer belowa router learns of multiple toward the same destination. Which value in a routing table replesents the trustworthiness of learned routes and is used by the router to determine which route to install into the routing table for specific situation? ________
Correct Answer
metric
Explanation
The value in a routing table that represents the trustworthiness of learned routes and is used by the router to determine which route to install into the routing table for a specific situation is the metric. The metric is a numerical value assigned to each route, indicating the cost or distance to reach a destination. A lower metric value indicates a more reliable or efficient route, and the router will prefer routes with lower metrics over routes with higher metrics when making routing decisions.
34.
What is the minimum configuration for a router interface that is participating in IPv6 routing?
Correct Answer
A. To have only a link-local IPv6 address*
Explanation
The minimum configuration for a router interface that is participating in IPv6 routing is to have only a link-local IPv6 address. This means that the router interface needs to have an IPv6 address that is only valid for communication within the local network segment. This type of address is typically automatically assigned to the interface when IPv6 is enabled, and it allows the router to communicate with other devices on the same network segment.
35.
Which two statements are true about half-duplex and full-duplex communications? (Choose two.)
Correct Answer(s)
A. Full duplex offers 100 percent potential use of the bandwidth.
B. Full duplex allows both ends to transmit and receive simultaneously.
Explanation
Full duplex communications allow both ends to transmit and receive data simultaneously, which maximizes the use of the available bandwidth. This means that the communication channel is utilized to its full potential, resulting in efficient and faster data transfer.
36.
Fill in the blank.The acronym describes the type of traffic that has strict QoS requirements and utilizes a one-way overall delay less than 150 ms across the network. ________
Correct Answer(s)
VoIP
Explanation
The acronym "VoIP" stands for Voice over Internet Protocol. It refers to a type of traffic that requires strict Quality of Service (QoS) requirements and relies on a one-way overall delay of less than 150 ms across the network. VoIP enables the transmission of voice communications over the internet, allowing users to make phone calls using an internet connection rather than traditional telephone lines.
37.
Which two commands should be implemented to return a Cisco 3560 trunk port to its default configuration? (Choose two.)
Correct Answer(s)
A. S1(config-if)# no switchport trunk native vlan
B. S1(config-if)# no switchport trunk allowed vlan
Explanation
The given answer suggests that the two commands that should be implemented to return a Cisco 3560 trunk port to its default configuration are "no switchport trunk native vlan" and "no switchport trunk allowed vlan". By using these commands, any previously configured native VLAN and allowed VLANs on the trunk port will be removed, effectively resetting it to its default configuration.
38.
Which command will enable auto-MDIX on a device?
Correct Answer
A. S1(config-if)# mdix auto
Explanation
The command "S1(config-if)# mdix auto" will enable auto-MDIX on a device. Auto-MDIX is a feature that allows a device to automatically detect and configure the correct type of cable (straight-through or crossover) to use for a connection. By enabling auto-MDIX, the device will be able to automatically adjust the cable configuration as needed, eliminating the need for manual cable swapping.
39.
What is the effect of issuing the passive-interface default command on a router that is configured for OSPF?
Correct Answer
A. It prevents OSPF messages from being sent out any OSPF-enabled interface.*
Explanation
The passive-interface default command is used to set all OSPF-enabled interfaces as passive interfaces by default. A passive interface does not send OSPF messages, such as hello packets, to its neighbors. Therefore, issuing this command on a router configured for OSPF will prevent OSPF messages from being sent out any OSPF-enabled interface. This can be useful in scenarios where you want to reduce OSPF traffic or prevent certain interfaces from participating in OSPF routing.
40.
A network administrator is implementing a distance vector routing protocol between neighbors on the network. In the context of distance vector protocols, what is a neighbor?
Correct Answer
A. Routers that share a link and use the same routing protocol
Explanation
In the context of distance vector routing protocols, a neighbor refers to routers that are connected to each other through a shared link and use the same routing protocol. These routers exchange information about network topology and distances to different destinations. By sharing this information, the routers can determine the best paths for forwarding network traffic.
41.
Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)
Correct Answer(s)
A. The name of the NAT pool is refCount.
B. A standard access list numbered 1 was used as part of the configuration process.
C. Address translation is working.
Explanation
The administrator can verify the name of the NAT pool by checking if it is set to "refCount". They can also verify if a standard access list numbered 1 was used in the configuration process by checking the access list configuration. To verify if address translation is working, the administrator can check if hosts are able to communicate with external networks using their translated addresses.
42.
Which two methods can be used to provide secure management access to a Cisco switch? (Choose two.)
Correct Answer(s)
A. Configure specific ports for management traffic on a specific VLAN.
B. Configure SSH for remote management.
Explanation
The two methods that can be used to provide secure management access to a Cisco switch are configuring specific ports for management traffic on a specific VLAN and configuring SSH for remote management. By configuring specific ports for management traffic on a specific VLAN, the switch can be accessed securely through designated ports that are dedicated for management purposes. This helps to isolate management traffic from regular data traffic, enhancing security. Additionally, configuring SSH for remote management enables encrypted and secure access to the switch remotely, ensuring confidentiality and integrity of the management session.