Cisco Practice Tests

Questions for review:51

Sorry! You did not pass this test!

Passing score: 850
Your score: 73

Try again after reviewing the following report:

Question: What are some perceived benefits of controller-based networks as compared to traditional networks?

A. New operational models that allow for a single device to be instantiated with the entire network in mind

B. The use of APIs to mass-configure network devices, allowing for more consistency and fewer errors
C. The use of DevOps approaches in the network to increase efficiency and productivity
D. The use of legacy approaches in the network to increase efficiency and productivity

Correct answer: B C
Your answer: A D
Explanation: The following are the most common benefits of controller-based networks compared to traditional networks:

New operational models that allow for the entire network to be instantiated, and not just a single device at a time
The use of automation through APIs that enable data-driven models
The use of APIs to mass-configure network devices, allowing for more consistency and fewer errors
The use of DevOps approaches in the network to increase efficiency and productivity
The other answers, new operational models that allow for a single device to be instantiated with the entire network in mind and the use of legacy approaches in the
network to increase efficiency and productivity, are actually the opposite of the benefits when comparing controller-based networks with transitional (legacy)
networks.

Question: Devices using a wireless LAN must operate in which one of the following modes?

A. Round-robin access

B. Half duplex
C. Full duplex
D. None of these answers

Correct answer: B
Your answer: C
Explanation: WLANs require half-duplex operation because all stations must contend for use of a channel to transmit frames.

Question: Each virtual OS instance that exists on a server is referred to as a ___________

A. KVM

B. VM
C. CSR
D. hypervisor

Correct answer: B
Your answer: A
Explanation: In virtualization a virtual machine (VM) is a single instance of an operating system (OS).

Question: Four OSPF routers connect to the same LAN. In a new election after all routers have been rebooted, which router wins the DR election?

A. R4, router-id 4.4.4.4, priority 1

B. R3, router-id 3.3.3.3, priority 2
C. R1, router-id 1.1.1.1, priority 4
D. R2, router-id 2.2.2.2, priority 3

Correct answer: C
Your answer: A
Explanation: First, the DR election always chooses the BDR to become the DR if a BDR exists. However, the question states that all the routers just rebooted, so
there should be no BDR to take over for the DR. As worded, the question creates a scenario where all routers compete equally to become DR.

The routers choose the router with the highest OSPF interface priority, and if a tie, they then use the router with the highest router ID. In this case, the answers
show routers with different priorities, so no ties exist based on priority. As a result, R1, with the highest priority (4), becomes the DR.

Question: What is the wildcard mask equivalent of the subnet mask /23?

A. 0.0.0.1

B. 0.0.3.255
C. 0.0.1.255
D. 0.0.0.0
E. 0.0.0.3
F. 0.0.7.255
G. 0.0.0.7

Correct answer: C
Your answer: B
Explanation:

Question: Which three statements about RSTP are true?

A. RSTP significantly reduces topology reconverging time after a link failure.

B. RSTP expands the STP port roles by adding the alternate and backup roles.
C. RSTP port states are blocking, discarding, learning, or forwarding.
D. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.
E. RSTP also uses the STP proposal-agreement sequence.
F. RSTP uses the same timer-based process as STP on point-to-point links.

Correct answer: A B D
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-2/vlans-and-spanning-tree/stp-protocol-types.html

Question: How can you solve congestion issues from multiple links aggregating on a switch without scaling issues?

A. Increase the uplink speed

B. Decrease the uplink speed
C. Enable loop-prevention mechanisms
D. Bundle multiple links together with EtherChannel

Correct answer: D
Your answer: -
Explanation:

Question: Which of the following switch port modes will successfully form a trunk between two switches?

A. Dynamic desirable - dynamic auto

B. Trunk - dynamic desirable
C. Access - dynamic auto
D. Trunk - trunk
E. Dynamic auto - dynamic auto
F. Trunk - access

G. Trunk - dynamic auto

Correct answer: A B D G
Your answer: -
Explanation:

Question: Which translation option would most likely be used in your home to connect all your devices to the Internet over your DSL, Cable, or Fibre connection?

A. Dynamic NAT with overloading

B. Dynamic NAT
C. PAT
D. Static NAT

Correct answer: C
Your answer: B
Explanation:

Question: Which command will assign a global IPv6 address with an autoconfigured interface portion to a router interface?

A. ipv6 address 2001:db8:1:1::0001/64 eui-64

B. ipv6 address 2001:db8:1:1::0001/64 auto-configure
C. ipv6 address 2001:db8:1:1::/64 auto-configure
D. ipv6 address 2001:db8:1:1::/64 eui-64
E. ipv6 address 2001:db8:1:1::/64

Correct answer: D
Your answer: -
Explanation:

Question: What is the purpose of the “service password-encryption“ command?

A. It encrypts all passwords on your router.

B. It encrypts the line console password only.
C. It encrypts the vty password only.
D. It is not a valid cisco command

Correct answer: A
Your answer: D
Explanation: This command allows you to encrypt all passwords on your router. It uses weak encryption because the router has to decode the passwords for its
operation quickly. It is meant to prevent someone from looking over your shoulder and seeing the password, that is all.

Question: Review the topology diagram. Network 10.123.0.0/24 is the backbone area. Network 10.12.0.0/24 is area 1, and network 10.34.0.0/29 is in area 2.
Which of the following are true?

A. R1 is a backbone router.
B. R1 is an ABR.
C. R1 is an internal router.
D. R3 would see the OSPF network of 10.12.0.0/24 as an intra-area route.
E. R1 and R3 would have the same LSA information about the backbone area.

Correct answer: A B E
Your answer: -
Explanation: R1 is connected to both the backbone and nonbackbone area, so it is an ABR and backbone router as a result. R3 would see a route from a remote
nonbackbone area as an inter-area route. All routers that belong to a given area will have the same information (LSA information) about that area.

R1 is an ABR, which means it has connections to the backbone and at least one nonbackbone OSPF area. So, R1 is not an internal OSPF router.

Question: Connections can be verified using a variety of troubleshooting commands. Which of the following commands uses ICMP messages to determine whether
a host is active?

A. netstat
B. tracert
C. ping
D. nslookup

Correct answer: C
Your answer: A
Explanation: http://www.learncisco.net/courses/icnd-1/lan-connections/packet-delivery-process-at-l3.html

Question: A switch’s port Gi0/1 has been correctly enabled with port security. The configuration sets the violation mode to restrict. A frame that violates the port
security policy enters the interface, followed by a frame that does not. Which of the following answers correctly describe what happens in this scenario?

A. The switch puts the interface into an err-disabled state when the first frame arrives.
B. The switch generates syslog messages about the violating traffic for the first frame.
C. The switch increments the violation counter for Gi0/1 by 1.
D. The switch discards both the first and second frame.

Correct answer: B C
Your answer: -
Explanation: First, about the two incorrect answers: When in restrict mode, the arrival of a frame that violates the port security policy does not cause the switch to
put the interface into err-disabled state. It does cause the switch to discard any frames that violate the policy, but it leaves the interface up, and does not discard
frames that do not violate the security policy, like the second frame that arrives.

Regarding the two correct answers, a port in port security restrict does cause the switch to issue log messages for a violating frame, send SNMP traps about that
same event (if SNMP is configured), and to increment the counter of violating frames.

Question: What steps are involved in configuring IPv4 extended access lists?

A. Create an extended named ACL

B. Apply the ACL globally to the router
C. Apply the ACL to an interface

D. Specify the conditions to permit or deny packets

E. Ensure that the ACL ends with a Deny ALL statement

Correct answer: A C D
Your answer: -
Explanation:

Question: Of the figures shown, which depicts an accurate Clos Architecture?

A. Topology A
B. Topology B
C. Topology C
D. Topology D

Correct answer: D
Your answer: -
Explanation: There are specific requirements for a spine leaf network:

Each leaf switch must connect to every spine switch

Each spine switch must connect to every leaf switch
Leaf switches cannot connect to each other
Spines switches cannot connect to each other
Endpoints connect only to the leaf switches
Only Topology D meets all these requirements. For the incorrect answers, here are the attributes that make them fail to meet Clos requirements:

Topology A: Neither spine switch connects to all leaf switches.

Topology B: The spines connect to each other, and some leaves connect to each other.
Topology C: Neither spine switch connects to all leaf switches.
Reference(s):
Cisco Application Centric Infrastructure (ACI): 369

Question: In Software-Defined Access (SDA), which of the answers are part of the overlay data plane?

A. LISP
B. GRE
C. OSPF
D. VXLAN

Correct answer: D
Your answer: -
Explanation: The SDA overlay creates VXLAN tunnels between SDA edge nodes. Edge nodes then create a data plane by forwarding frames sent by endpoints over
the VXLAN tunnels. LISP plays a role in the overlay as the control plane, which learns the identifiers of each endpoint, matching the endpoint to the fabric node that
can teach the endpoint, so that the overlay knows where to create VXLAN tunnels.

For the other incorrect answers, note that while GRE is a tunneling protocol, SDA uses VXLAN for tunneling, and not GRE. Finally, OSPF acts as a control plane
routing protocol, rather than a data plane protocol for SDA.

Question: Switches use MAC addresses and a MAC address table to decide whether to filter, forward, or flood frames. Which statements describe how switches
learn where MAC addresses are within a LAN?

A. When a frame is received, the switch associates the destination port and MAC address of the incoming frame with the port it came in on
B. If a MAC address is unknown, a switch will flood all ports exceptthe one it came in on
C. When a frame is received, the switch uses a signaling protocol to map and then associate a source MAC address to the port number it came in on
D. When a frame is received, the switch looks atthe source MAC address and associates it with the port number the frame used to enter the switch

Correct answer: B D
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/ethernet-lans/developing-design-for-layer-2.html

Question: What is the purpose of InterVLAN routing?

A. To increase the scalability of a VLAN

B. To transport packets from one VLAN to another VLAN
C. To convert packets from Layer 2 to Layer 3
D. To transport packets within the same VLAN
E. To increase the security of a VLAN

Correct answer: B
Your answer: A
Explanation:

Question: Which of the following statements are correct about VLANs?

A. The default VLAN is VLAN 1

B. VLAN 1 should be deleted for security reasons
C. All ports are a member of VLAN 1 by default
D. A VLAN must be configured on a switch before it can forward traffic for that VLAN
E. Switches do not need the VLAN configured in order to forward traffic for it
F. All ports are a member of no VLAN by default
G. The default VLAN is VLAN 1000

Correct answer: A C D
Your answer: -
Explanation:

Question: Examine the output provided. What statements are accurate about the configuration of OSPFv3?

A. The [ipv6 ospf process-id area area-id] command enables OSPFv3 on an interface
B. The [router-id router_id] command statically configures a name for the router within the OSPFv3 process
C. The [ipv6 router ospf process-id] command assigns OSPF to a specific area
D. 10.10.10.10 is the address of the interface participating in OSPFv3 routing

Correct answer: A B
Your answer: -
Explanation:

Question: Which application(s) would Jitter and Delay not be a concern for the users experience?

A. Online Gaming.
B. VoIP.
C. Web browsers.
D. videoconferencing.

Correct answer: C
Your answer: D
Explanation: Jitter and Delay are necessary for any application that runs in Real-Time. If the delay is too high, the application may become unusable, the same goes
with jitter as the quality will decline dramatically. For web browsers, on the other hand, the user will send a packet to a web server and wait for the response to
come back with all the data. The web browser does not mind if there was a lot of jitter or delay as long as it receives its data.

Question: Which command will assign a static link-local address to an interface?

A. ipv6 address 2001::12:1 link-local

B. ipv6 address 2001::12:1/64 link-local
C. ipv6 address 2001::12:1
D. ipv6 address fe80::12:1/64 link-local
E. ipv6 address fe80::12:1 link-local
F. ipv6 address fe80::12:1

Correct answer: E
Your answer: -
Explanation:

Question: Which DSCP marking group was created to be backward compatible with Internet Protocol Precedence (IPP) values?

A. EF
B. AF
C. CS
D. PF

Correct answer: C
Your answer: -
Explanation: DiffServ defines the Class Selector (CS) Differentiated Services Code Point (DSCP) as a set of values designed to be backward compatible with Internet
Protocol Precedence (IPP) numbering. IPP was used on networks before DSCPs were defined.

Question: Which command in line vty configuration mode is needed while configuring SSH to inform the Cisco IOS router that authentication needs to be
performed using usernames and passwords stored locally on the router?

A. login authentication local

B. login
C. privilege
D. username password
E. exec-timeout
F. login local

Correct answer: F
Your answer: E
Explanation:

Question: Which of the following cloud services is most likely to be used for software development?

A. IaaS
B. PaaS
C. SaaS
D. SLBaaS

Correct answer: B
Your answer: C
Explanation: PaaS (Platform as a Service) supplies one or more virtual machines (VM) that have a working operating system (OS) as well as a predefined set of
software development tools.

As for the wrong answers, Software as a Service (SaaS) supplies a predefined software application, but typically with no ability to then later install your own
applications. IaaS (Infrastructure as a Service) supplies one or more working VMs, optionally with an OS installed, so it could be used for software development, but
the developer would have to install a variety of development tools, making IaaS less useful than a PaaS service. Finally, SLBaaS (Server Load Balancing as a
Service) can be offered as a cloud service, but it is not a general service in which customers get access to VMs on which they can then install their own
applications.

Question: Which of the following components stores startup configuration?

A. Interface
B. ROM
C. Flash
D. RAM
E. CPU
F. NVRAM

Correct answer: F
Your answer: D
Explanation: http://www.learncisco.net/courses/icnd-2/network-management/router-internal-components-overview.html

Question: Suppose you would like to select a method to protect the privacy and integrity of wireless data. Which one of the following methods should you avoid
because it has been deprecated?

A. TKIP
B. CCMP
C. GCMP
D. EAP

Correct answer: A
Your answer: -
Explanation: The TKIP method was deprecated when the 802.11 standard was updated in 2012. CCMP and GCMP are still valid methods. EAP is an authentication
framework and is not related to data encryption and integrity.

Question: Per the command output, with how many routers is router R9 full adjacent over its Gi0/0 interface?

A. 7
B. 10
C. 5
D. 2

Correct answer: D
Your answer: -
Explanation: The show ip ospf interface brief command lists a pair of counters under the heading “Nbrs F/C” on the far right of the output. The first of the two
numbers represents the number of fully adjacent neighbors (2 in this case), and the second number represents the total number of neighbors.

Question: Refer to the exhibit. All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link
A and Network A?

A. Network A - 172.16.3.48/26
B. Network A - 172.16.3.128/25
C. Network A - 172.16.3.192/26
D. Link A - 172.16.3.0/30
E. Link A - 172.16.3.40/30
F. Link A - 172.16.3.112/30

Correct answer: B D
Your answer: -
Explanation:

Question: Identify the purpose and functions of VLANs.

A. Flexibility in grouping users together logically

B. Access port security

C. Protocol and port number provisioning

D. Segmentation of network users

E. Inbound or outbound interface VLAN configuration

Correct answer: A B D
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/medium-size-switched-network-construction/vlans-and-trunk.html

Question: Why doesn't increasing the number of uplinks solve congestion issues from multiple links aggregating on a switch?

A. All traffic must pass through one physical link

B. Multiple links require extra overhead

C. All uplinks must be running at the same speed

D. STP disables ports to prevent loops

Correct answer: D
Your answer: -
Explanation:

Question: Which QoS feature is typically used inbound to a network to limit the amount of traffic that is allowed to flow in?

A. Traffic classification
B. Traffic shaping

C. Traffic limiting
D. Traffic policing

Correct answer: D
Your answer: -
Explanation: Typically traffic policers are used to control the flow of traffic coming into a network from a separate network (e.g., another company or customer).
They do this by setting a limit to the amount of traffic that is allowed to be sent. There are a variety of ways that this rate can be configured, but generally a
committed information rate (CIR) is used as an average measurement of allowed rate with an ability to allow for traffic spikes over short amounts of time.

Question: Identify the statements that accurately describe the spanning-tree root bridge and root port election processes.

A. The lowest bridge ID, or BID, signifies which switch will be elected as the root bridge
B. The highest Media Access Control, or MAC, address breaks a root bridge election tie

C. The highest cost path is the basis for electing a root port
D. The port unique identifier, or ID, is used as a criterion for root port selection

Correct answer: A D
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-2/vlans-and-spanning-tree/spanning-tree-operations.html

Question: Which command enables RSTP on a switch?

A. spanning-tree uplinkfast
B. spanning-tree mode rapid-pvst

C. spanning-tree backbonefast
D. spanning-tree mode mst

Correct answer: B
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/medium-size-switched-network-construction/performance-with-spanning-tree.html

Question: Which command would you use to ensure that an ACL does not block web-based TCP traffic?

A. permit any
B. permit tcp any any eq 80

C. permit tcp any eq 80

D. permit any any eq tcp

Correct answer: B
Your answer: -
Explanation:

Question: What is the result of issuing the command “no service password-encryption“ on a Cisco IOS router?

A. All future passwords will be stored as plain text in the running configuration
B. All current encrypted passwords and future passwords will be encrypted in the running configuration

C. All current encrypted passwords and future passwords will be stored as plain text in the running configuration
D. All future passwords will be encrypted in the running configuration

Correct answer: A
Your answer: -
Explanation:

Question: Historically, your organization has modified the network device configuration by logging in to the local devices manually. Today, your new CIO has
enforced that all configuration changes should be completed on a server in the data center and then pushed out. Which answer lists the correct term for this new
approach to configuration?

A. Version control

B. Centralized configuration

C. Configuration drift
D. Configuration monitoring

Correct answer: B
Your answer: C
Explanation: The question describes a process called centralized configuration. This process stores the configurations to a central server or service. The process
then relies of the idea that engineers make future changes to the configurations in the centralized copy - not on the individual devices themselves - then
distributing the configuration to each device.

For the incorrect answers:

Version control refers to the process of tracking the different changes that have occurred in a repository or system and creating version numbers for each change.
This enables you as an operator to restore a past configuration version if the need arises.
Configuration drift is when changes are made to a device or multiple devices that are not the indented configurations.
Configuration monitoring is alerting that the configuration of a device is different than the intended configuration. This enables an operator to resolve the
configuration issue as soon as possible.

Question: Which statements describe how to configure and verify basic NTP protocol?

A. To configure an NTP master clock, execute commands in the global configuration mode

B. Commands should be executed in the user EXEC mode when displaying the status of NTP
C. When verifying the status of NTP associations, commands should be executed in the user EXEC mode

D. Configuring a higher stratum value indicates a higher priority

Correct answer: A B
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/lan-connections/starting-a-router.html

Question: Wired Ethernet and Wi-Fi are based on which two IEEE standards, respectively?

A. 802.1, 802.3

B. 802.1, 802.3
C. 802.3, 802.11

D. 802.11, 802.3

Correct answer: C
Your answer: -
Explanation: The IEEE 802.3 standard defines Ethernet, while 802.11 defines Wi-Fi.

Question: What are the functions of neighbor discovery in IPv6?

A. Queries for unique addresses

B. Is achieved by using Internet Control Message Protocol for IPv6, or ICMPv6 with IPv6 multicast
C. Finds neighbor routers on the link

D. Determines the network layer address of a neighbor

Correct answer: A B C
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/introducing-ipv6/ipv6-header-and-icmp.html

Question: What commands would you need to configure to enable DHCP Snooping so that PC4 couldn’t become a rogue DHCP server?

A. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 10, int gi0/12, ip dhcp snooping trust

B. Configure the following on SW 1: ip dhcp snooping, ip dhcp snooping vlan 10, int gi0/24, ip dhcp snooping trust
C. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 10, int gi0/24, ip dhcp snooping trust

D. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 20, int gi0/24, ip dhcp snooping trust
E. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 20, int gi0/12, ip dhcp snooping trust

F. Configure the following on SW 1: ip dhcp snooping, ip dhcp snooping vlan 20, int gi0/24, ip dhcp snooping trust

Correct answer: E
Your answer: -
Explanation: Per the figure, PC4 resides in VLAN 20. To meet the goals of the question, the configuration needs to enable DHCP Snooping in VLAN 20, requiring
these two commands on switch SW2:

ip dhcp snooping
ip dhcp snooping vlan 20
The figure also shows the DHCP server in VLAN 20, so you need to configure switch SW2 to trust the real DHCP server port using the ip dhcp snooping trust on
interface Gi0/12.
In a perfect situation, you would also want to configure DHCP Snooping on switch SW1 properly, but doing so is not required for this question.

Question: What versions of Wi-Fi Protected Access (WPA) were defined after the IEEE ratified the IEEE 802.11i security standard?

A. WPA
B. WPA2

C. WPA3
D. WPA0

Correct answer: B C
Your answer: -
Explanation: The Wi-Fi alliance defines three versions of Wi-Fi Protected Access (WPA):

- WPA: First generation of WPA certification; based on TKIP

- WPA2: Second generation based on CCMP
- WPA3: Third generation based on GCMP

Each version is meant to replace the previous version because of better security mechanisms. The Wi-Fi Alliance defined WPA before the IEEE created their 802.11i
security standard. After the IEEE ratified 802.11i, the Wi-Fi Alliance defined WPA2, to replace WPA, matching the details in the 802.11i standard.

Question: Which QoS feature is typically used outbound to an ISP to reduce the amount of traffic that is dropped by exceeding the purchased rate?

A. Traffic shaping

B. Traffic policing
C. Traffic limiting

D. Traffic classification

Correct answer: A
Your answer: -
Explanation: Often a connection to an Internet service provider (ISP) is physically connected with a technology that exceeds the purchased rate. To control the
amount of traffic that is allowed onto their network, ISPs limit the rate that traffic is allowed to flow into the network. This is done with traffic policers; to limit the
amount of traffic that could potentially be dropped by the ISP’s policer, an enterprise could choose to shape the traffic going out of their network and to the ISP.

Question: What is the name of the protocol that has been developed by the ONF that is used to communicate between an SDN controller and the network devices
it controls?

A. OpFlex
B. OpenSDN

C. SbControl
D. OpenFlow

Correct answer: D
Your answer: -
Explanation: The first Southbound Interface that was developed for SDN was OpenFlow; it is controlled by the Open Networking Foundation (ONF). It defines a
method of communication between the SDN controller and the switches that it will control.

Question: Which IOS command always displays OSPF hello timer settings?

A. show ip protocols

B. show ip route
C. show ip ospf interface

D. show ip ospf neighbor

E. debug ip ospf events

Correct answer: C
Your answer: -
Explanation: show ip ospf interface displays the timer setting on each interface and is the most straightforward way to see this. debug ip ospf events displays the
timer values, but only if it detects a mismatch. debug ip ospf packet shows each hello, but it does not display the time between hellos.

Question: VLAN0001 has a Bridge ID priority of 32769.

What makes up this value?

A. A priority of 32768
B. An address of 081f.f34e.b800

C. A sys-id-ext of 1
D. A forward delay of 15 seconds

Correct answer: A
Your answer: -
Explanation:

Question: What is the name of the firewall feature that, when used, can maintain a historical database of each connection through a device: Where it was sourced,
destined, and which protocol and protocol port it was using?

A. Stateless Inspection

B. Stateful Inspection
C. Network Protocol Analysis

D. Protocol State Analysis

Correct answer: B
Your answer: D
Explanation: One of the most common features on almost all firewalls (from cheap to expensive) is the support for Stateful inspection. A Stateful inspection engine
allows a firewall to track and maintain a database of the connections coming into and, if allowed, out of a port. This information can then be used to determine
which traffic should be permitted and which should not.

Question: In a reflection attack, the source IP address in the attack packets is spoofed so that it contains which one of the following entities?

A. The address of the attacker

B. The address of the reflector

C. The address of the victim

D. The address of the router

Correct answer: C
Your answer: -
Explanation: In a reflection attack, the goal is to force one host (the reflector) to reflect the packets toward a victim. Therefore, the spoofed source address
contains the address of the victim and not the reflector.

Question: Which statements define dynamic NAT when used for private to public translations?

A. Dynamic NAT only translates public addresses matching an ACL to private addresses that are defined in a NAT pool
B. Dynamic NAT only translates private addresses matching an ACL to public addresses that are defined in a NAT pool

C. Dynamic NAT only translates private addresses that are defined in a NAT pool to public addresses matching an ACL
D. Dynamic NAT allows multiple private addresses to be translated to the same public address

Correct answer: B
Your answer: -
Explanation:

Question: Why should you implement port security on a switch interface?

A. To control which devices are allowed to access the network

B. To prevent Layer 2 loops from occurring

C. To prevent a unidirectional link

D. To prevent MAC address flooding attacks

E. To control which devices are allowed to manage the switch

Correct answer: A
Your answer: -
Explanation:

Please email admin@learncisco.net if you find any issues with your score report.