Ccna Dumps

Question # 1 Answer:
Refer to the exhibit. C

Question # 2
Drag and drop the characteristic from the left onto the IPv6 address
type on the right.
Router OldR is replacing another router on the network with the

intention of having OldR and R2 exchange routes_ After the engineer
applied the initial OSPF
View Answer
configuration: the routes were still missing on both devices. Which Answer:
command sequence must be issued before the clear IP ospf process
command is entered to enable the neighbor relationship?
Question # 3
Refer to the exhibit.
View Answer
Answer:
1
Questions 4
Drag the descriptions of IP protocol transmissions from the left onto

the IP traffic types on the right.
An engineer must configure a floating static route on an external EIGRP

network. The destination subnet is the /29 on the LAN Interface of
R86. Which command must be executed on R14?
A.
ip route 10.80.65.0.255.255.248.0.10.73.65.66.1
B.
ip route 10.80.65.0.255.255.255..240 fa0/1 89
Options:
C.
ip route 10.80.65.0.255.255.248.0.10.73.65.66.171 Show Answer Buy Now
D. Answer:
ip route 10.80.65.0.0.0.224.10.80.65.0. 255
View Answer
Answer:
C
2
Answer:
Questions 5
Refer to the exhibit. To which device does Router1 send packets that are destined to host
10.10.13.165?
Options:
A.
Router2
B.
Router3
C.
3
Router4
D.
Router5
Show Answer Buy Now
Answer:
B
Questions 6
Options:
A.
An engineer booted a new switch and applied this configuration via
Option A
the console port. Which additional configuration must be applied to
allow administrators to authenticate directly to enable privilege B.
mode via Telnet using a local username and password?
Option B
C.
Option C
D.
4
Option D 3. Configure the connection between the switches using access
ports.
Show Answer Buy Now
4. Configure Ethernet0/1 on SW1 using data and voice VLANs.
Answer:
5. Configure Ethemet0/1 on SW2 so that the Cisco proprietary
A
neighbor discovery protocol is turned off for the designated interface
Questions 7 only.
All physical cabling between the two switches is installed.

Configure the network connectivity between the switches using the
designated VLANs and interfaces.
1. Configure VLAN 100 named Compute and VLAN 200 named

Telephony where required for each task.
Options:
Show Answer Buy Now
2. Configure Ethernet0/1 on SW2 to use the existing VLAN named
Available. Answer:
Answer:
5
See the Explanation below. on sw2
Explanation: Vlan 99
Explanation: Name Available
Answer as below configuration: Int e0/1
on sw1 Switchport access vlan 99
enable do wr
conf t Questions 8
vlan 100 All physical cabling is in place. Router R4 and PCI are fully
name Compute configured and
inaccessible. R4's WAN interfaces use .4 in the last octet for each
vlan 200
subnet.
name Telephony
Configurations should ensure that connectivity is established end-to-
int e0/1 end.
switchport voice vlan 200 1 . Configure static routing to ensure RI prefers the path through R2
switchport access vlan 100 to
int e0/0 reach only PCI on R4's LAN
switchport mode access 2. Configure static routing that ensures traffic sourced from RI will
take
do wr
6
an alternate path through R3 to PCI in the event of an outage along • When Next is clicked, the lab closes and cannot be reopened.
the primary path
3. Configure default routes on RI and R3 to the Internet using the

least number of hops
Guidelines
This is a lab item in which tasks will be performed on virtual

devices.
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and

perform the tasks.
• Console access is available for all required devices by clicking the

device icon or using
the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.

Options:
• Save your configurations to NVRAM before moving to the next
Show Answer Buy Now
item.
• Click Next at the bottom of the screen to submit this lab and move
Answer:
to the next question. Answer:
7
See the solution below in Explanation. backup route. For example, you can use an AD of 20 for this route.
Explanation: This type of static route is also known as a floating static route. To
create this static route, you need to enter the following
Explanation:
commands on R1’s console:
• To configure static routing on R1 to ensure that it prefers the path

R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0
through R2 to reach only PC1 on R4’s LAN, you need to create a
40.0.0.2 20 R1(config)#end
static route for the host 10.0.0.100/8 with a next-hop address of
20.0.0.2, which is the IP address of R2’s interface connected to R1. • To configure default routes on R1 and R3 to the Internet using the
You also need to assign a lower administrative distance (AD) to least number of hops, you need to create a static route for the
this route than the default AD of 1 for static routes, so that it has network 0.0.0.0/0 with a next-hop address of the ISP’s interface
a higher preference over other possible routes. For example, you connected to each router respectively. A default route is a special
can use an AD of 10 for this route. To create this static route, you type of static route that matches any destination address and is
need to enter the following commands on R1’s console: used when no other specific route is available. The ISP’s interface
connected to R1 has an IP address of 10.0.0.4, and the ISP’s
R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0 interface connected to R3 has an IP address of 50.0.0.4. To create
20.0.0.2 10 R1(config)#end these default routes, you need to enter the following commands
on each router’s console:
• To configure static routing on R1 that ensures that traffic sourced
from R1 will take an alternate path through R3 to PC1 in the event
On R1: R1#configure terminal R1(config)#ip route 0.0.0.0 0.0.0.0
of an outage along the primary path, you need to create another
10.0.0.4 R1(config)#end
40.0.0.2, which is the IP address of R3’s interface connected to R1. On R3: R3#configure terminal R3(config)#ip route 0.0.0.0 0.0.0.0
You also need to assign a higher AD to this route than the AD of 50.0.0.4 R3(config)#end
the primary route, so that it has a lower preference and acts as a Questions 9
8
9
1. Configure reachability to the switch SW1 LAN subnet in router
R2.
2. Configure default reachability to the Internet subnet in router R1.
3. Configure a single static route in router R2 to reach to the Internet

subnet considering both redundant links between routers R1 and R2.
A default route is NOT allowed in router R2.
4. Configure a static route in router R1 toward the switch SW1 LAN

subnet where the primary link must be through Ethernet0/1. and the
backup link must be through Ethernet0/2 using a floating route. Use
the minimal administrative distance value when required.
Options:
Show Answer Buy Now
Answer:
IP connectivity and OSPF are preconfigured on all devices where Answer:
necessary. Do not make any changes to the IP addressing or OSPF.
See the Explanation below.
The company policy uses connected interfaces and next hops when
configuring static routes except for load balancing or redundancy Explanation:
without floating static. Connectivity must be established between Explanation:
subnet 172.20.20.128/25 on the Internet and the LAN at
Answer as below configuration:
192.168.0.0/24 connected to SW1:
On R2:
10
Enable Copy run start
Conf t Questions 10
Ip route 192.168.1.0 255.255.255.0 10.10.31.1 Refer to the exhibit.
On R1:
Enable
Conf t
Ip route 0.0.0.0 0.0.0.0 10.10.13.3
On R2
Ip route 172.20.20.128 255.255.255.128 e0/2

Which command configures a floating static route to provide a
Ip route 172.20.20.128 255.255.255.128 e0/1
backup to the primary link?
On R1 Options:
Ip route 192.168.0.0 255.255.255.0 e0/1 A.
Ip route 192.168.0.0 255.255.255.0 10.10.12.2 3 ip route 0.0.0.0 0.0.0.0 209.165.202.131
Save all configurations after every router from anyone of these B.
command
ip route 209.165.201.0 255.255.255.224 209.165.202.130
Do wr
C.
Or
ip route 0.0.0.0 0.0.0.0 209.165.200.224
11
D. DHCPOFFER
ip route 209.165.200.224 255.255.255.224 209.165.202.129 254 Show Answer Buy Now
Show Answer Buy Now Answer:

Answer: A
D Questions 12
Questions 11 Refer to the exhibit.
When a client and server are not on the same physical network,
which device is used to forward requests and replies between client
and server for DHCP?
Options:
A.
DHCP relay agent
B.
DHCP server
C.
DHCPDISCOVER
Site A was recently connected to site B over a new single-mode
D. fiber path. Users at site A report Intermittent connectivity Issues
12
with applications hosted at site B. What is the reason for the Options:
problem? A.
Options:
It allows the traffic to pass through unchanged
A.
B.
Heavy usage is causing high latency.
It drops the traffic
B.
C.
An incorrect type of transceiver has been inserted into a device on
It tags the traffic with the default VLAN
the link.
D.
C.
It tags the traffic with the native VLAN
physical network errors are being transmitted between the two sites.
Show Answer Buy Now
D.
Answer:
The wrong cable type was used to make the connection.
A
Show Answer Buy Now
Explanation:
Answer:
Explanation:
B
https://www.cisco.com/c
Questions 13
/en/us/td/docs/switches/lan/catalyst2960x/software/15-
A Cisco IP phone receive untagged data traffic from an attached PC. 0_2_EX/vlan/configuration_guide/b_vlan_152ex_2960-
Which action is taken by the phone? x_cg/b_vlan_152ex_2960-x_cg_chapter_0110.pdf
13
Untagged traffic from the device attached to the Cisco IP Phone Answer:
passes through the phone unchanged, regardless of the trust state of B
the access port on the phone.
Explanation:
Questions 14
Explanation:
Which set of action satisfy the requirement for multifactor
This is an example of how two-factor authentication (2FA) works:1.
authentication?
The user logs in to the website or service with their username and
Options:
password.2. The password is validated by an authentication server
A. and, if correct, the user becomes eligible for the second factor.3. The
authentication server sends a unique code to the user’s second-factor
The user swipes a key fob, then clicks through an email link
method (such as a smartphone app).4. The user confirms their
B. identity by providing the additional authentication for their second-
The user enters a user name and password, and then clicks a factor method.
notification in an authentication app on a mobile device Questions 15
C.
The user enters a PIN into an RSA token, and then enters the
displayed RSA key on a login screen
D.
The user enters a user name and password and then re-enters the
credentials on a second screen
Show Answer Buy Now
14
3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a
pool named TEST. Using a single command, exclude addresses 1-10
from the range. Interface Ethernet0/2 on R3 must be issued the IP
address of 10.1.3.11 via DHCP.
4. Configure SSH connectivity from R1 to R3, while excluding

access via other remote connection protocols. Access for user root
and password Cisco must be set on router R3 using RSA and 1024
bits. Verify connectivity using an SSH session from router R1 using
Connectivity between three routers has been established, and IP a destination address of 10.1.3.11. Do NOT modify console access
services must be configured jn the order presented to complete the or line numbers to accomplish this task.
implementation Tasks assigned include configuration of NAT, NTP, Options:
DHCP, and SSH services.
Show Answer Buy Now
1. All traffic sent from R3 to the R1 Loopback address must be
Answer:
configured for NAT on R2. All source addresses must be translated
from R3 to the IP address of Ethernet0/0 on R2, while using only a Answer:
standard access list named NAT To verify, a ping must be successful
to the R1 Loopback address sourced from R3. Do not use NVI NAT
Explanation:
configuration.
Explanation:
2. Configure R1 as an NTP server and R2 as a client, not as a peer,
using the IP address of the R1 Ethernet0/2 interface. Set the clock on Answer as below configuration:
the NTP server for midnight on January 1, 2019.
conf t
15
R1(config)#ntp master 1 1. Configure an LACP EtherChannel and number it as 1; configure
it between switches SW1 and SVV2 using interfaces Ethernet0/0
R2(config)#ntp server 10.1.2.1
and Ethernet0/1 on both sides. The LACP mode must match on both
Exit ends
Router#clock set 00:00:00 jan 1 2019 2 Configure the EtherChannel as a trunk link.
ip dhcp pool TEST 3. Configure the trunk link with 802.1 q tags.
network 10.1.3.0 255.255.255.0 4. Configure the native VLAN of the EtherChannel as VLAN 15.
ip dhcp exluded-address 10.1.3.1 10.1.3.10
R3(config)#int e0/3
R3(config)#int e0/2
ip address dhcp
no shut
crypto key generate RSA
1024
Copy run start

Questions 16
Physical connectivity is implemented between the two Layer 2

switches, and the network connectivity between them must be
Options:
configured
16
Show Answer Buy Now switchport trunk native vlan 15
Answer: end
Answer: copy run start
See the Explanation below. on SW2:
Explanation: conf terminal
Explanation: vlan 15
Answer as below configuration: exit
On SW1: interface range eth0/0 - 1
conf terminal channel-group 1 mode active
vlan 15 exit
exit interface port-channel 1
interface range eth0/0 - 1 switchport trunk encapsulation dot1q
channel-group 1 mode active switchport mode trunk
exit switchport trunk native vlan 15
interface port-channel 1 end
switchport trunk encapsulation dot1q copy run start
switchport mode trunk Questions 17
17
Connectivity between four routers has been established. IP
connectivity must be configured in the order presented to complete
the implementation. No dynamic routing protocols are included.
1. Configure static routing using host routes to establish connectivity

from router R3 to the router R1 Loopback address using the source
IP of 209.165.200.230.
2. Configure an IPv4 default route on router R2 destined for router

R4.
3. Configure an IPv6 default router on router R2 destined for router

R4.
Options:
Show Answer Buy Now
Answer:
18
Answer: ipv6 route ::/0 2001:db8:abcd::2
See the Explanation below. end

Explanation: copy running start
Explanation: Questions 18
1.- on R3
config terminal
ip route 192.168.1.1 255.255.255.255 209.165.200.229
end
copy running start
2.- on R2
config terminal
ip route 0.0.0.0 0.0.0.0 209.165.202.130
end
copy running start
3.- on R2
config terminal
19
IP connectivity between the three routers is configured. OSPF Answer as below configuration:
adjacencies must be established.
on R1
1. Configure R1 and R2 Router IDs using the interface IP addresses
conf terminal
from the link that is shared between them.
interface Loopback0
2. Configure the R2 links with a max value facing R1 and R3. R2
must become the DR. R1 and R3 links facing R2 must remain with ip address 10.10.1.1 255.255.255.255
the default OSPF configuration for DR election. Verify the !
configuration after clearing the OSPF process.
interface Loopback1
3. Using a host wildcard mask, configure all three routers to
ip address 192.168.1.1 255.255.255.0
advertise their respective Loopback1 networks.
!
4. Configure the link between R1 and R3 to disable their ability to
add other OSPF routers. interface Ethernet0/0
Options: no shut
Show Answer Buy Now ip address 10.10.12.1 255.255.255.0
Answer: ip ospf 1 area 0
Answer: duplex auto
See the Explanation below. !
Explanation: interface Ethernet0/1
Explanation: no shut
20
ip address 10.10.13.1 255.255.255.0 ip address 192.168.2.2 255.255.255.0
ip ospf 1 area 0 !
duplex auto interface Ethernet0/0
! no shut
router ospf 1 ip address 10.10.12.2 255.255.255.0
router-id 10.10.12.1 ip ospf priority 255
network 10.10.1.1 0.0.0.0 area 0 ip ospf 1 area 0
network 192.168.1.0 0.0.0.255 area 0 duplex auto
! !
copy run star interface Ethernet0/2
--------------------------------------- no shut
On R2 ip address 10.10.23.2 255.255.255.0
conf terminal ip ospf priority 255
interface Loopback0 ip ospf 1 area 0
ip address 10.10.2.2 255.255.255.255 duplex auto
! !
interface Loopback1 router ospf 1
21
network 192.168.2.0 0.0.0.255 area 0 !
! interface Ethernet0/2
copy runs start no shut
----------------------- ip address 10.10.23.3 255.255.255.0
On R3 ip ospf 1 area 0
conf ter duplex auto
interface Loopback0 !
ip address 10.10.3.3 255.255.255.255 router ospf 1
! network 10.10.3.3 0.0.0.0 area 0
interface Loopback1 network 192.168.3.0 0.0.0.255 area 0
ip address 192.168.3.3 255.255.255.0 !
! copy run start
interface Ethernet0/1 !
no shut Questions 19
ip address 10.10.13.3 255.255.255.0
ip ospf 1 area 0
22
Options:
Three switches must be configured for Layer 2 connectivity. The
Show Answer Buy Now
company requires only the designated VLANs to be configured on
their respective switches and permitted accross any links between Answer:
switches for security purposes. Do not modify or delete VTP
Answer:
configurations.
The network needs two user-defined VLANs configured:
Explanation:
VLAN 110: MARKETING
Explanation:
VLAN 210: FINANCE
1. Configure the VLANs on the designated switches and assign them
as access ports to the interfaces connected to the PCs. Sw1
2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks enbale
with only the required VLANs permitted. config t
3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks Vlan 210
with only the required VLANs permitted.
23
Name FINANCE Vlan 210
Inter e0/1 Name FINANCE
Switchport access vlan 210 Int e0/0
do wr Switchport access vlan 110
Sw2 Int e0/1
Enable Switchport access vlan 210
config t Sw1
Vlan 110 Int e0/1
Name MARKITING Switchport allowed vlan 210
Int e0/1 Sw2
Switchport acees vlan 110 Int e0/2
do wr Switchport trunk allowed vlan 210
Sw3 Sw3
Enable Int e0/3
config t Switchport trunk allowed vlan 210
Vlan 110 Switchport trunk allowed vlan 210,110
Name MARKITING Questions 20
24
Configure IPv4 and IPv6 connectivity between two routers. For
IPv4, use a /28 network from the 192.168.1.0/24 private range. For
IPv6, use the first /64 subnet from the 2001:0db8:aaaa::/48 subnet.
1. Using Ethernet0/1 on routers R1 and R2, configure the next

usable/28 from the 192.168.1.0/24 range. The network
192.168.1.0/28 is unavailable.
2. For the IPv4 /28 subnet, router R1 must be configured with the
first usable host address.
last usable host address.
4. For the IPv6 /64 subnet, configure the routers with the IP
addressing provided from the topology. Options:
5. A ping must work between the routers on the IPv4 and IPv6 Show Answer Buy Now
address ranges.
Answer:
Answer:

Explanation:
Explanation:
25
on R1 copy running start
config terminal ---------------------
ipv6 unicast-routing for test from R1
inter eth0/1 ping ipv6 2001:db8:aaaa::1
ip addre 192.168.1.1 255.255.255.240 for test from R2
ipv6 addre 2001:db8:aaaa::1/64 ping ipv6 2001:db8:aaaa::2
not shut Questions 21
end What Is a syslog facility?
copy running start Options:
on R2 A.
config terminal Host that is configured for the system to send log messages
ipv6 unicast-routing B.
inter eth0/1 password that authenticates a Network Management System to

receive log messages
ip address 192.168.1.14 255.255.255.240
C.
ipv6 address 2001:db8:aaaa::2/64
group of log messages associated with the configured severity level
not shut
D.
end
26
set of values that represent the processes that can generate a log Example: on a switch, any process (CDP, SNMP, etc.) can generate
message a log message. On a syslog server, the logging facility is the place
where all received messages with the same priority level are stored.
Show Answer Buy Now
Questions 22
Answer:
What role does a hypervisor provide for each virtual machine in
C
server virtualization?
Explanation: Options:
Explanation:
A.
Cisco Community – Difference between logging level and logging
infrastructure-as-a-service.
facility
B.
Post by ahmednaas
Software-as-a-service
“The logging facility command basically tells the syslog server
where to put the log message. You configure the syslog server with C.
something like: control and distribution of physical resources

local7.debug /var/adm/local7.log D.
Now, when you use the “logging facility local7” on your device, all services as a hardware controller.
messages with severity “debug” or greater should be saved in
Show Answer Buy Now
/var/adm/local7.log.”
Answer:
C
27
Explanation: on e0/0 on Sw101
Explanation: • Assign an IPv6 GUA using a unique 64-Bit interface identifier
The hypervisor creates and manages virtual machines on a host on eO/O on swi02
computer and allocates physical system resources to them.
Guidelines
Questions 23
All physical cabling is in place. A company plans to deploy 32 new devices.
sites.
The sites will utilize both IPv4 and IPv6 networks.
1 . Subnet 172.25.0.0/16 to meet the subnet requirements and perform the tasks.
maximize
the number of hosts device icon or using
Using the second subnet the tab(s) above the console window.
• Assign the first usable IP address to e0/0 on Sw1O1 • All necessary preconfigurations have been applied.
• Assign the last usable IP address to e0/0 on Sw102 • Do not change the enable password or hostname for any device.
2. Subnet to meet the subnet requirements and maximize • Save your configurations to NVRAM before moving to the next
the number of hosts item.
c Using the second subnet • Click Next at the bottom of the screen to submit this lab and move
to the next question.
• Assign an IPv6 GUA using a unique 64-Bit interface identifier
28
• When Next is clicked, the lab closes and cannot be reopened. value of the fifth bit (32) to the third octet of the network address
(0), which gives you 172.25.32.0/21 as the second subnet. The
first usable IP address in this subnet is 172.25.32.1, and the last
usable IP address is 172.25.39.254.
• To assign the first usable IP address to e0/0 on Sw101, you need
to enter the following commands on the device console:
Sw101#configure terminal Sw101(config)#interface e0/0

Options: Sw101(config-if)#ip address 172.25.32.1 255.255.248.0
Show Answer Buy Now Sw101(config-if)#no shutdown Sw101(config-if)#end
Answer: • To assign the last usable IP address to e0/0 on Sw102, you need to
enter the following commands on the device console:
Answer:
See the Explanation for the solution. Sw102#configure terminal Sw102(config)#interface e0/0
Explanation: Sw102(config-if)#ip address 172.25.39.254 255.255.248.0
Sw102(config-if)#no shutdown Sw102(config-if)#end
Explanation:
• To subnet an IPv6 GUA to meet the subnet requirements and
• To subnet 172.25.0.0/16 to meet the subnet requirements and
maximize the number of hosts, you need to determine how many
maximize the number of hosts, you need to determine how many
bits you need to borrow from the interface identifier portion of
bits you need to borrow from the host portion of the address to
the address to create enough subnets for 32 sites. Since 32 is 2^5,
create enough subnets for 32 sites. Since 32 is 2^5, you need to
you need to borrow 5 bits, which means your new prefix length
borrow 5 bits, which means your new subnet mask will be /21 or
will be /69 or ffff:ffff:ffff:fff8::/69 (assuming that your IPv6 GUA
255.255.248.0. To find the second subnet, you need to add the
has a /64 prefix by default). To find the second subnet, you need
29
to add the value of the fifth bit (32) to the fourth hextet of the An engineer must configure an OSPF neighbor relationship between
network address (0000), which gives you xxxx:xxxx:xxxx:0020::/69 router R1 and R3 The authentication configuration has been
as the second subnet (where xxxx:xxxx:xxxx is your IPv6 GUA configured and the connecting interfaces are in the same 192.168
prefix). The first and last IPv6 addresses in this subnet are 1.0/30 sublet. What are the next two steps to complete the
xxxx:xxxx:xxxx:0020::1 and xxxx:xxxx:xxxx:0027:ffff:ffff:ffff:fffe configuration? (Choose two.)
respectively. Options:
• To assign an IPv6 GUA using a unique 64-bit interface identifier on
A.
e0/0 on Sw101, you need to enter the following commands on
the device console (assuming that your IPv6 GUA prefix is configure the hello and dead timers to match on both sides
2001:db8::/64):
B.
Sw101#configure terminal Sw101(config)#interface e0/0 configure the same process ID for the router OSPF process
Sw101(config-if)#ipv6 address 2001:db8::20::1/69 Sw101(config-
C.
if)#no shutdown Sw101(config-if)#end
configure the same router ID on both routing processes
• To assign an IPv6 GUA using a unique 64-bit interface identifier on
D.
e0/0 on Sw102, you need to enter the following commands on
the device console (assuming that your IPv6 GUA prefix is Configure the interfaces as OSPF active on both sides.
2001:db8::/64):
E.
Sw102#configure terminal Sw102(config)#interface e0/0 configure both interfaces with the same area ID
Sw102(config-if)#ipv6 address 2001:db8::27::fffe/69 Sw102(config-
Show Answer Buy Now
if)#no shutdown Sw102(config-if)#end
Questions 24 Answer:
30
A, E Answer:
Questions 25 C
Which design element is a best practice when deploying an 802.11b Questions 26

wireless infrastructure? Which result occurs when PortFast is enabled on an interface that is
Options: connected to another switch?
A. Options:
disabling TPC so that access points can negotiate signal levels with A.
their attached wireless devices. Spanning tree may fail to detect a switching loop in the network that
B. causes broadcast storms
setting the maximum data rate to 54 Mbps on the Cisco Wireless B.
LAN Controller VTP is allowed to propagate VLAN configuration information from

C. switch to switch automatically.
allocating nonoverlapping channels to access points that are in close C.
physical proximity to one another Root port choice and spanning tree recalculation are accelerated
D. when a switch link goes down
configuring access points to provide clients with a maximum of 5 D.
Mbps After spanning tree converges PortFast shuts down any port that
Show Answer Buy Now receives BPDUs.
31
Show Answer Buy Now
Answer:
A
Explanation:
Explanation:
Enabling the PortFast feature causes a switch or a trunk port to enter

the STP forwarding-state immediately or upon a linkup event, thus
bypassing the listening and learning states.
Note: To enable portfast on a trunk port you need the trunk keyword An engineer is required to verify that the network parameters are
“spanning-tree portfast trunk valid for the users wireless LAN connectivity on a /24 subnet. Drag
Questions 27 and drop the values from the left onto the network parameters on the
right. Not all values are used.
32
Answer:
Options:
Show Answer Buy Now
Questions 28
Answer:
33
Options:
A.
Option A
An engineer must configure GigabitEthernet1/1 to accommodate B.
voice and data traffic Which configuration accomplishes this task? Option B
C.
Option C
D.
34
Option D Show Answer Buy Now

Answer: C
A Explanation:
Questions 29 Explanation:
An engineer must configure a WLAN using the strongest encryption Many routers provide WPA2-PSK (TKIP), WPA2-PSK (AES), and
type for WPA2- PSK. Which cipher fulfills the configuration WPA2-PSK (TKIP/AES) as options. TKIP is actually an older
requirement? encryption protocol introduced with WPA to replace the very-
Options: insecure WEP encryption at the time. TKIP is actually quite similar
to WEP encryption. TKIP is no longer considered secure, and is now
A.
deprecated. In other words, you shouldn’t be using it.
WEP AES is a more secure encryption protocol introduced with WPA2
B. and it is currently the strongest encryption type for WPA2-PSK.
RC4 Questions 30
C. Refer to the exhibit.
AES
D.
TKIP
35
192.168.14.4
D.
192.168.15.5
Show Answer Buy Now
Answer:
C
Questions 31
Which IPv6 address type provides communication between subnets

and is unable to route on the Internet?
Options:
If R1 receives a packet destined to 172.161.1, to which IP address A.
does it send the packet?
global unicast
Options:
B.
A.
unique local
192.168.12.2
C.
B.
link-local
192.168.13.3
D.
C.
36
multicast
Show Answer Buy Now

C)
Answer:
B
Questions 32 D)
E)
Options:
A.
Option A
Which two configurations must the engineer apply on this network B.
so that R1 becomes the DR? (Choose two.) Option B

A) C.
Option C
D.
B)
37
Option D Which action must be taken to ensure that router A is elected as the
DR for OSPF area 0?
E.
Options:
Option E
A.
Show Answer Buy Now
Configure the OSPF priority on router A with the lowest value
Answer: between the three routers.
B, C B.
Questions 33
Configure router B and router C as OSPF neighbors of router A.
C.
Configure the router A interfaces with the highest OSPF priority

value within the area.
D.
Configure router A with a fixed OSPF router ID
Show Answer Buy Now
Answer:
C
Questions 34
38
Answer:
D
Questions 35
Which command configures OSPF on the point-to-point link

between routers R1 and R2?
Options:
Which two commands were used to create port channel 10? (Choose
A.
two )
router-id 10.0.0.15
B.
neighbor 10.1.2.0 cost 180
C.
ipospf priority 100
D.
network 10.0.0.0 0.0.0.255 area 0
Show Answer Buy Now
39
D.
Option D
E.
Option E
Show Answer Buy Now
Answer:
A, C
Questions 36
What is a function of an endpoint on a network?

Options:
Options: A.
A. forwards traffic between VLANs on a network
Option A B.
B. connects server and client devices to a network
Option B C.
C. allows users to record data and transmit to a tile server
Option C D.
40
provides wireless services to users in a building C.
Show Answer Buy Now Run routing protocols.
Answer: D.
C Match the destination MAC address to the MAC address table.
Explanation: E.
Explanation: Reply to an incoming ICMP echo request.
An endpoint is a host that acts as the source or destination of data Show Answer Buy Now
traffic flowing through a network.
Answer:
When you are at your PC, editing your CV and uploading it to a file
B, D
server, you are sitting at an endpoint.
Questions 38
Questions 37
What is a requirement when configuring or removing LAG on a
Which two network actions occur within the data plane? (Choose
WLC?
two.)
Options:
Options:
A.
A.
The Incoming and outgoing ports for traffic flow must be specified
Add or remove an 802.1Q trunking header.
If LAG Is enabled.
B.
B.
Make a configuration change from an incoming NETCONF RPC.
41
The controller must be rebooted after enabling or reconfiguring
LAG.
C.
The management interface must be reassigned if LAG disabled.
D.
Multiple untagged interfaces on the same port must be supported.
Show Answer Buy Now
Answer:
C
Questions 39
What is a reason for poor performance on the network interface?

Options:
A.
The interface is receiving excessive broadcast traffic.
B.
The cable connection between the two devices is faulty.
42
C.
The interface is operating at a different speed than the connected

device.
D.
The bandwidth setting of the interface is misconfigured
Show Answer Buy Now
Answer:
A
Questions 40
Refer to the exhibit. Routers R1 and R3 have the default configuration The router R2
priority is set to 99 Which commands on R3 configure it as the DR
in the 10.0 4.0/24 network?
Options:
A.
R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 100
B.
C.
43
R3(config)#interface Gig0/0 R3(config-if)i=ip ospf priority 1
D.
Show Answer Buy Now
Answer:
B
Questions 41
B)
Which configuration allows routers R14 and R86 to form an

OSPFv2 adjacency while acting as a central point for exchanging
OSPF information between routers?
A)
44
C) Option A
B.
Option B
C.
Option C
D.
Option D
D)
Show Answer Buy Now
Answer:
D
Questions 42
Options:
All traffic enters the CPE router from interface Serial0/3 with an IP
A. address of 192 168 50 1 Web traffic from the WAN is destined for a
45
LAN network where servers are load-balanced An IP packet with a
destination address of the HTTP virtual IP of 192 1681 250 must be
forwarded Which routing table entry does the router use?
Options:
A.
192.168.1.0/24 via 192.168.12.2
B. Drag and drop the prefix lengths from the left onto the
corresponding prefixes on the right Not all prefixes are used
192.168.1.128/25 via 192.168.13.3
Options:
C.
Show Answer Buy Now
192.168.1.192/26 via 192.168.14.4
Answer:
D.
Answer:
192.168.1.224/27 via 192.168.15.5
see the answer below.
Show Answer Buy Now
Explanation:
Answer:
Explanation:
B
Questions 43
46
Options:
A.
Select the WPA Policy option with the CCKM option.
B.
Disable AES encryption.

Diagram Description automatically generated with low confidence
C.
Questions 44
Enable Fast Transition and select the FT 802.1x option.
D.
Enable Fast Transition and select the FT PSK option.
Show Answer Buy Now
Answer:
C
Questions 45
Which action is taken by the data plane within a network device?

Users need to connect to the wireless network with IEEE 802. 11r- Options:
compatible devices. The connection must be maintained as users
A.
travel between floors or to other areas in the building What must be
the configuration of the connection? forwards traffic to the next hop
47
B. An engineer has started to configure replacement switch SW1. To
verify part of the configuration, the engineer issued the commands
constructs a routing table based on a routing protocol
as shown and noticed that the entry for PC2 is missing. Which
C. change must be applied to SW1 so that PC1 and PC2 communicate
provides CLI access to the network device normally?
D. A)
looks up an egress interface in the forwarding information base
Show Answer Buy Now

B)
Answer:
A
Questions 46
C)
D)
Options:
A.
48
Option A B.
B. reflection
Option B C.
C. teardrop
Option C D.
D. amplification

Answer: A
A Questions 48
Questions 47 Drag and drop the TCP or UDP details from the left onto their
corresponding protocols on the right.
Which type of network attack overwhelms the target server by
sending multiple packets to a port until the half-open TCP resources
of the target are exhausted?
Options:
A.
SYIM flood Options:
49
Show Answer Buy Now aggregatable global address
Answer: D.
Answer: IPv4-compatible IPv6 address
Show Answer Buy Now
Answer:
B
Questions 50
Questions 49 A Cisco engineer is configuring a factory-default router with these
A network engineer is installing an IPv6-only capable device. The three passwords:
client has requested that the device IP address be reachable only • The user EXEC password for console access is p4ssw0rd1
from the internal network. Which type of IPv6 address must the
• The user EXEC password for Telnet access is s3cr3t2
engineer assign?
Options: • The password for privileged EXEC mode is pnv4t3p4ss Which
command sequence must the engineer configured
A.
A)
unique local address
B.
link-local address
C.
50
D)
Options:
A.
B)
Option A
B.
Option B
C.
Option C
D.
C)
Option D
Show Answer Buy Now
Answer:
B
Questions 51
What is the difference between IPv6 unicast and anycast addressing?
51
Options: Questions 52
A. What is a requirement for nonoverlapping Wi-Fi channels?
IPv6 anycast nodes must be explicitly configured to recognize the Options:

anycast address, but IPv6 unicast nodes require no special A.
configuration
different security settings
B.
B.
IPv6 unicast nodes must be explicitly configured to recognize the
unicast address, but IPv6 anycast nodes require no special discontinuous frequency ranges
configuration C.
C. different transmission speeds
An individual IPv6 unicast address is supported on a single interface D.

on one node but an IPv6 anycast address is assigned to a group of
unique SSIDs
interfaces on multiple nodes.
Show Answer Buy Now
D.
Unlike an IPv6 anycast address, an IPv6 unicast address is assigned

Answer:
to a group of interfaces on multiple nodes B
Show Answer Buy Now Questions 53
Answer: Refer to the exhibit.
52
Configure the ip helper-address 172.16.2.2 command under interface
Gi0/0
D.
Configure the ip address dhcp command under interface Gi0/0
Show Answer Buy Now
Answer:
C
Questions 54
An engineer is configuring a new router on the network and applied
this configuration. Which additional configuration allows the PC to
obtain its IP address from a DHCP server?
Options:
A.
Configure the ip dhcp relay information command under interface

Gi0/1.
B.
Configure the ip dhcp smart-relay command globally on the router
C.
53
ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64
C.
ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64
D.
iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64
Show Answer Buy Now
Answer:
A
Questions 55
What is a function of a Next-Generation IPS?

Options:
An engineer is configuring the HO router. Which IPv6 address A.
configuration must be applied to the router fa0'1 interface for the
router to assign a unique 64-brt IPv6 address to Itself? makes forwarding decisions based on learned MAC addresses
Options: B.
A. serves as a controller within a controller-based network
ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64 C.
B.
54
integrates with a RADIUS server to enforce Layer 2 device D.
authentication rules
Custom applications are needed to configure network devices
D.
Show Answer Buy Now
correlates user activity with network events
Answer:
Show Answer Buy Now
B
Answer: Questions 57
D
Questions 56
What is an expected outcome when network management

automation is deployed?
Options:
A.
A distributed management plane must be used.
B.
Software upgrades are performed from a central controller
C.
Complexity increases when new device configurations are added
55
An engineer built a new L2 LACP EtherChannel between SW1 and An engineer must configure R1 for a new user account. The account
SW2 and executed these show commands to verify the work. Which must meet these requirements:
additional task allows the two switches to establish an LACP port
* It must be configured in the local database.
channel?
* The username is engineer.
Options:
* It must use the strongest password configurable. Which command
A.
must the engineer configure on the router?
Change the channel-group mode on SW2 to auto
Options:
B.
A.
Change the channel-group mode on SW1 to desirable.
R1 (config)# username engineer2 algorithm-type scrypt secret
C. test2021
Configure the interface port-channel 1 command on both switches. B.
D. R1(config)# username engineer2 secret 5 .password

S1$b1Ju$kZbBS1Pyh4QzwXyZ
Change the channel-group mode on SW1 to active or passive.
C.
Show Answer Buy Now
R1(config)# username engineer2 privilege 1 password 7 test2021
Answer:
D.
D
R1(config)# username englneer2 secret 4
Questions 58
S1Sb1Ju$kZbBS1Pyh4QzwXyZ
56
B
Questions 59
What is the function of the controller in a software-defined network?

Options:
A.
multicast replication at the hardware level
B.
fragmenting and reassembling packets Which route must be configured on R1 so that OSPF routing is used
C. when OSPF is up. but the server is still reachable when OSPF goes
down?
making routing decisions
Options:
D.
A.
forwarding packets
ip route 10.1.1.10 255.255.255.255 172.16.2.2 100
Show Answer Buy Now
B.
Answer:
ip route 10.1.1.0 255.255.255.0 gi0/1 125
D
C.
57
ip route 10.1.1.0 255.255.255.0 172.16.2.2 100
D.
ip route 10.1.1.10 255.255.255.255 gi0/0 125
Show Answer Buy Now

What does the switch do when it receives the frame from host A?
Answer:
Options:
D
A.
Questions 61
It drops the frame from the switch CAM table.
B.
It floods the frame out of all ports except port Fa0/1.
C.
It shuts down the port Fa0/1 and places it in err-disable mode.
D.
It experiences a broadcast storm.
Show Answer Buy Now

Host A sent a data frame destined for host D
Answer:
B
58
Drag and drop the descriptions of AAA services from the left onto
the corresponding services on the right.
Questions 63

Options:
Show Answer Buy Now
Answer:
59
Users on existing VLAN 100 can reach sites on the Internet. Which
action must the administrator take to establish connectivity to the
Internet for users in VLAN 200?
Options:
A.
Define a NAT pool on the router.
B.
Configure static NAT translations for VLAN 200.
C. The following must be considered:
Configure the ip nat outside command on another interface for • SW1 is fully configured for all traffic
VLAN 200.
• The SW4 and SW9 links to SW1 have been configured
D.
• The SW4 interface Gi0/1 and Gi0/0 on SW9 have been configured
Update the NAT INSIDF RANGFS ACL
• The remaining switches have had all VLANs adde d to their
Show Answer Buy Now VLAN database
Answer: Which configuration establishes a successful ping from PC2 to PC7

without interruption to traffic flow between other PCs?
B
A)
Questions 64
60
B)
D)
C)
Options:
A.
61
Option A A)
B.
Option B
C.
Option C
B)
D.
Option D
Show Answer Buy Now
Answer:
C)
C
Questions 65
R1 as an NTP server must have:
• NTP authentication enabled
• NTP packets sourced from Interface loopback 0

D)
• NTP stratum 2
• NTP packets only permitted to client IP 209.165 200 225
How should R1 be configured? Options:
62
A. B.
Option A authenticator
B. C.
Option B username
C. D.
Option C password
D. Show Answer Buy Now
Option D Answer:
Show Answer Buy Now D
B Refer to the exhibit.
Questions 66
Which field within the access-request packet is encrypted by

RADIUS?
Options:
A.
authorized services
63
Web traffic is coming in from the WAN interface. Which route takes name on the router. Which additional command must the engineer
precedence when the router is processing traffic destined for the configure before entering the command to generate the RSA key?
LAN network at 10 0.10.0/24? Options:
Options:
A.
A.
password password
via next-hop 10.0.1.5
B.
B.
crypto key generate rsa modulus 1024
via next-hop 10 0 1.4
C.
C.
ip domain-name domain
via next-hop 10.0 1.50
D.
D.
ip ssh authentication-retries 2
via next-hop 10.0 1 100
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
C
A Explanation:
Questions 68
Explanation:
A network engineer is configuring a switch so that it is remotely
reachable via SSH. The engineer has already configured the host
64
https://www.cisco.com/c/en/us/solutions/small-b usiness/resource- Drag and drop the statements about networking from the left onto
center/networking/how-to-setup-network-switch.html the corresponding networking types on the right.
Questions 69
Which QoS per-hop behavior changes the value of the ToS field in
the IPv4 packet header?
Options:
A.
shaping
B.
classification
Options:
C.
Show Answer Buy Now
policing
Answer:
D.
marking
Show Answer Buy Now
Answer:
D
Questions 70
65
Answer:
Explanation:
Explanation:
A
picture containing table Description automatically generated
Questions 71
Which action implements physical access control as part of the

security program of an organization?
Options:
66
A. RSA token
configuring a password for the console port C.
B. CA that grants certificates
backing up syslogs at a remote location D.
C. clear-text password that authenticates connections
configuring enable passwords on network devices E.
D. one or more CRLs
setting up IP cameras to monitor key infrastructure Show Answer Buy Now

Answer: B, C
A Questions 73
Questions 72 Drag and drop the Rapid PVST+ forwarding slate actions from the
loft to the right. Not all actions are used.
Which two components comprise part of a PKI? (Choose two.)
Options:
A.
preshared key that authenticates connections
B.
67
Options:
A.
global unicast address
B.
anycast address
Options: C.
Show Answer Buy Now multicast address
Answer: D.
Answer: link-local address
Show Answer Buy Now
Answer:
B
Questions 75
What is the purpose of the ip address dhcp command?
Questions 74 Options:
A.
Which type of IPv6 address is similar to a unicast address but is
assigned to multiple devices on the same network at the same time? to configure an Interface as a DHCP server
68
B.
to configure an interface as a DHCP helper
C.
to configure an interface as a DHCP relay
D.
to configure an interface as a DHCP client
Show Answer Buy Now

Options:
Answer: Show Answer Buy Now
D Answer:
Questions 76
Answer:
An engineer is tasked to configure a switch with port security to
ensure devices that forward unicasts multicasts and broadcasts are
unable to flood the port The port must be configured to permit only
two random MAC addresses at a time Drag and drop the required
configuration commands from the left onto the sequence on the right
Not all commands are used.
69
Explanation: transport input telnet
Explanation: B.
crypto key generate rsa
C.
ip ssh pubkey-chain
Diagram
D.
Description automatically generated
Questions 77 login console
E.
username cisco password 0 Cisco
Show Answer Buy Now
Answer:
B, E
Questions 78
Which two commands must be configured on router R1 to enable An engineer is configuring remote access to a router from IP subnet
the router to accept secure remote-access connections? (Choose two) 10.139.58.0/28. The domain name, crypto keys, and SSH have been
configured. Which configuration enables the traffic on the
Options:
destination router?
A.
A)
70
B) Options:
A.
Option A
B.
Option B
C.
C)
Option C
D.
Option D
Show Answer Buy Now
D) Answer:
B
Questions 79
71
Which two spanning-tree states are bypassed on an interface running Drag and drop the threat-mitigation techniques from the left onto the
PortFast? (Choose two.) types of threat or attack they mitigate on the right.
Options:
A.
disabled
B.
listening Options:
C. Show Answer Buy Now
forwarding Answer:
D. Answer:
learning
E.
blocking
Show Answer Buy Now

Explanation:
Answer:
Explanation:
B, D
Questions 80
72
192.168.2.0/24
C.
207.165.200.0/24
D.
192.168.1.0/24
Graphical user interface,
text, application, email Description automatically generated Show Answer Buy Now
Refer to the exhibit. B
Questions 82
Which network prefix was learned via EIGRP?

Options:
A.
172.16.0.0/16
B.
73
C.
GigabitEthernet0/2
D.
GigabitEthernet0/3
Show Answer Buy Now
Answer:
B
Questions 83
Router R1 resides in OSPF Area 0. After updating the R1 Drag and drop the functions of SNMP fault-management from the
configuration to influence the paths that it will use to direct traffic, left onto the definitions on the right.
an engineer verified that each of the four Gigabit interfaces has the Options:
same route to 10.10.0.0/16. Which interface will R1 choose to send
Show Answer Buy Now
traffic to reach the route?
Options: Answer:
A. Answer:
GigabitEthernet0/0 see the answer below image.

B. Explanation:
GigabltEthornet0/1 Explanation:
74
Traffic sourced from the loopback0 Interface is trying to connect via
ssh to the host at 10.0.1.15. What Is the next hop to the destination
address?
Options:
A.
192.168.0.7
B.
Table
192.168.0.4
C.
Questions 84
192.168.0.40
D.
192.168.3.5
Show Answer Buy Now
75
B What is a DHCP client?
Which QoS traffic handling technique retains excess packets in a A.

queue and reschedules these packets for later transmission when the
a workstation that requests a domain name associated with its IP
configured maximum bandwidth has been surpassed?
address
Options:
B.
A.
a host that is configured to request an IP address automatically
weighted random early detection
C.
B.
a server that dynamically assigns IP addresses to hosts.
traffic policing
D.
C.
a router that statically assigns IP addresses to hosts.
traffic shaping
Show Answer Buy Now
D.
Answer:
traffic prioritization
B
Show Answer Buy Now
Questions 87
Answer:
C
76
Which Layer 2 switch function encapsulates packets for different A.
VLANs so that the packets traverse the same port and maintain
It provides traffic load balancing to destinations that are more than
traffic separation between the VLANs?
two hops from the source.
Options:
B.
A.
It provides the default gateway redundancy on a LAN using two or
VLAN numbering more routers.
B. C.
VLAN DSCP It allows neighbors to share routing table information between each
C. other.
VLAN tagging D.
D. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root

bridge, which then makes the final forwarding decision.
VLAN marking
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
B
C
Questions 89
Questions 88
What is a benefit of VRRP?
Options:
77
D.
10.10.13.0/24
Show Answer Buy Now
Answer:
C
Questions 90
in Which way does a spine and-leaf architecture allow for scalability

in a network when additional access ports are required?
Options:
A.
which path is used by the router for internet traffic ?
A spine switch and a leaf switch can be added with redundant
Options:
connections between them
A.
B.
209.165.200.0/27
A spine switch can be added with at least 40 GB uplinks
B.
C.
10.10.10.0/28
A leaf switch can be added with a single connection to a core spine
C. switch.
0.0.0.0/0 D.
78
A leaf switch can be added with connections to every spine switch Spine (aggregation) switches are used to connect to all leaf switches
and are typically deployed at the end or middle of the row. Spine
Show Answer Buy Now
switches do not connect to other spine switches.
D
When implementing a router as a DHCP server, which two features
Explanation: must be configured'? (Choose two)
Spine-leaf architecture is typically deployed as two layers: spines A.

(such as an aggregation layer), and leaves (such as an access layer).
relay agent information
Spine-leaf topologies provide high-bandwidth, low-latency,
nonblocking server-to-server connectivity. B.
Leaf (aggregation) switches are what provide devices access to the database agent
fabric (the network of spine and leaf switches) and are typically C.
deployed at the top of the rack. Generally, devices connect to the
address pool
leaf switches.
D.
Devices can include servers, Layer 4-7 services (firewalls and load
balancers), and WAN or Internet routers. Leaf switches do not smart-relay
connect to other leaf switches. In spine-and-leaf architecture, every
E.
leaf should connect to every spine in a full mesh.
manual bindings
Show Answer Buy Now
79
C, E Which technology is appropriate for communication between an
Questions 92 SDN controller and applications running over the network?
Options:
What is the function of a hub-and-spoke WAN topology?
Options: A.
A. OpenFlow
B.
allows access restrictions to be implemented between subscriber
sites. REST API
B. C.
provides direct connections between subscribers NETCONF

C. D.
supports Layer 2 VPNs Southbound API

supports application optimization Answer:

Show Answer Buy Now B
80
access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100
permit ip any any
interface GigabitEthernet0/0 ip access-group 100 in
D.

permit ip any any
line vty 0 15 ip access-group 100 in

Which configuration on RTR-1 denies SSH access from PC-1 to any
Show Answer Buy Now
RTR-1 interface and allows all other traffic?
Options: Answer:
A. B
access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 Questions 95
permit ip any any In software-defined architecture, which place handles switching for
interface GigabitEthernet0/0 ip access-group 100 in traffic through a Cisco router?
B.
Options:
A.
permit ip any any Control
line vty 0 15 ip access-group 100 in B.
C. Management
81
C. A.
Data Switch(config)#spanning-tree vlan 750 priority 38003685
D. B.
application Switch(config)#spanning-tree vlan 750 root primary
Show Answer Buy Now C.
Answer: Switch(config)#spanning-tree vlan 750 priority 614440
C D.
Explanation: Switch(config)#spanning-tree vlan 750 priority 0
Explanation: Show Answer Buy Now
Data plane—Handles all the data traffic. The basic functionality of a Answer:
Cisco NX-OS device is to forward packets from one interface to
D
another. The packets that are not meant for the switch itself are
called the transit packets. These packets are handled by the data Explanation:
plane Explanation:
Questions 96
Although the spanning-tree vlan 10 root primary command will
Which configuration ensures that the switch is always the root for ensure a switch will have a bridge priority value lower than other
VLAN 750? bridges introduced to the network, the spanning-tree vlan 10 priority
0 command ensures the bridge priority takes precedence over all
Options:
other priorities.
82
Questions 97
Options:
Refer to the exhibit. All routers in the network are configured R2 A.
must be the DR. After the engineer connected the devices, R1 was
Option A
elected as the DR. Which command sequence must be configure on
R2 to Be elected as the DR in the network? B.
Option B
C.
Option C
D.
Option D
83
Answer: D
Questions 99
B
What does a router do when configured with the default DNS

lookup settings, and a URL is entered on the CLI?
Options:
A.
initiates a ping request to the URL
B.
prompts the user to specify the desired IP address Which switch becomes the root bridge?
C. Options:
continuously attempts to resolve the URL until the command is A.
cancelled
S1
D.
B.
sends a broadcast message in an attempt to resolve the URL
S2
Show Answer Buy Now
C.
84
S3 BPDUguard
S4 Answer:
Answer: Explanation:
B Explanation:
Questions 100 PortFast
Which spanning-tree enhancement avoids the learning and listening Spanning Tree Portfast causes layer 2 switch interfaces to enter
states and immediately places ports in the forwarding state? forwarding state immediately, bypassing the listening and learning
Options: states. It should be used on ports connected directly to end hosts like
servers or workstations. Note: If portfast isn’t enabled, DHCP
A.
timeouts can occur while STP converges, causing more problems.
BPDUfilter https://s kminhaj.wordpress.com/2015/03/04/spanning-tree-stp-rstp-
B. mst-enhancements/
PortFast
Questions 101
C. Drag and drop the SNMP manager and agent identifier commands
from the left onto the functions on the right
Backbonefast
D.
85
Options:
Show Answer Buy Now
Answer: If OSPF Is running on this network, how does Router2 handle traffic
from Site B to 10.10.13.128/25 at Site A?
Answer:
Options:
A.
It load-balances traffic out of Fa0/1 and Fa0/2.
B.
It is unreachable and discards the traffic.
C.
Questions 102
It sends packets out of interface FaO/2.
D.
86
It sends packets out of interface Fa0/1. D
Answer: What event has occurred if a router sends a notice level message to a
syslog server?
B
Options:
Questions 103
A.
What does physical access control regulate?
A TCP connection has been torn down
Options:
B.
A.
An ICMP connection has been built
access to spec fie networks based on business function
C.
B.
An interface line has changed status
access to servers to prevent malicious activity
D.
C.
A certificate has expired.
access :o computer networks and file systems
Show Answer Buy Now
D.
Answer:
access to networking equipment and facilities
C
Show Answer Buy Now
Questions 105
Answer:
87
How is the native VLAN secured in a network? A.
Options: Both operate at a frequency of 500 MHz.

A. B.
separate from other VLANs within the administrative domain Both support runs of up to 55 meters.
B. C.
give it a value in the private VLAN range Both support runs of up to 100 meters.
C. D.
assign it as VLAN 1 Both support speeds of at least 1 Gigabit.

D. E.
configure it as a different VLAN ID on each end of the link Both support speeds up to 10 Gigabit.
Show Answer Buy Now Show Answer Buy Now
Answer: Answer:
A C, D
Questions 106 Questions 107
What are two similarities between UTP Cat 5e and Cat 6a cabling? Which 802.11 frame type is association response?
(Choose two.)
Options:
Options:
A.
88
management redundancy
B. B.
protected frame console
C. C.
control distribution system
D. D.
action service
Answer: Answer:
A C
Reference: [Reference: Which two outcomes are predictable behaviors for HSRP? (Choose
https://en.wikipedia.org/wiki/802.11_Frame_Types, , ] two.)
Which WLC port connects to a switch to pass normal access-point A.

traffic?
The two routers synchronize configurations to provide consistent
Options: packet forwarding
A.
89
B. Options:
The two routers negotiate one router as the active router and the A.
other as the standby router It supports numerous extensibility options including cross-domain
C. adapters and third-party SDKs.
Each router has a different IP address, both routers act as the default B.
gateway on the LAN, and traffic is load-balanced between them It supports high availability for management functions when
D. operating in cluster mode.
The two routers share a virtual IP address that is used as the default C.
gateway for devices on the LAN It enables easy autodiscovery of network elements m a brownfield
E. deployment.
The two routers share the same interface IP address and default D.
gateway traffic is load-balanced between them It is designed primarily to provide network assurance.
Answer: Answer:
B, D A
What is an advantage of Cisco DNA Center versus traditional Drag and drop the 802.11 wireless standards from the left onto the
campus device management? matching statements on the right
90
In which two ways does a password manager reduce the chance of a
hacker stealing a users password? (Choose two.)
Options:
A.
It automatically provides a second authentication factor that is

unknown to the original user.
Options: B.
Show Answer Buy Now It uses an internal firewall to protect the password repository from
unauthorized access.
Answer:
C.
Answer:
It protects against keystroke logging on a compromised device or
web site.
D.
It stores the password repository on the local workstation with built-

in antivirus and anti-malware functionality
E.
Questions 112 It encourages users to create stronger passwords.
Show Answer Buy Now
91
C, E Explanation:
Questions 113 https://www.geeksforgeeks.org/how-dhcp-server -dynamically-
Which protocol does an IPv4 host use to obtain a dynamically assigns-ip-address-to-a-
assigned IP address? host/#:~:text=DHCP%20is%20an%20abbreviation%20for,subnet%2

0mask%20and%20gateway%20address.
Options:
Questions 114
A.
A network administrator is asked to configure VLANS 2, 3 and 4 for
ARP
a new implementation. Some ports must be assigned to the new
B. VLANS with unused remaining. Which action should be taken for
the unused ports?
DHCP
Options:
C.
A.
CDP
configure port in the native VLAN
D.
B.
DNS
configure ports in a black hole VLAN
Show Answer Buy Now
C.
Answer:
configure in a nondefault native VLAN
B
D.
92
configure ports as access ports Answer:
Show Answer Buy Now A

Questions 116
Answer:
An organization has decided to start using cloud-provided services.
B
Which cloud service allows the organization to install its own
Questions 115 operating system on a virtual machine?
Which HTTP status code is returned after a successful REST API Options:
request?
A.
Options:
platform-as-a-service
A.
B.
200
software-as-a-service
B.
C.
301
network-as-a-service
C.
D.
404
infrastructure-as-a-service
D.
Show Answer Buy Now
500
Answer:
Show Answer Buy Now
B
93
Explanation: having to purchase hardware outright, users can purchase IaaS based
Explanation: on consumption, similar to electricity or other utility billing.
Below are the 3 cloud supporting services cloud providers provide In general, IaaS provides hardware so that an organization can
to customer: install their own operating system.

Questions 117
+ SaaS (Software as a Service): SaaS uses the web to deliver
applications that are managed by a thirdparty vendor and whose Which attribute does a router use to select the best path when two or
interface is accessed on the clients’ side. Most SaaS applications can more different routes to the same destination exist from two
be run directly from a web browser without any downloads or different routing protocols.
installations required, although some require plugins. Options:
+ PaaS (Platform as a Service): are used for applications, and other
A.
development, while providing cloud components to software. What
developers gain with PaaS is a framework they can build upon to dual algorithm
develop or customize applications. PaaS makes the development, B.
testing, and deployment of applications quick, simple, and cost-
metric
effective. With this technology, enterprise operations, or a thirdparty
provider, can manage OSes, virtualization, servers, storage, C.
networking, and the PaaS software itself. Developers, however,
administrative distance
manage the applications.
D.
+ IaaS (Infrastructure as a Service): self-service models for
accessing, monitoring, and managing remote datacenter hop count
infrastructures, such as compute (virtualized or bare metal), storage, Show Answer Buy Now
networking, and networking services (e.g. firewalls). Instead of
94
Answer: D.
C DNS
Explanation:
Answer:
Administrative distance is the feature used by routers to select the
A
best path when there are two or more different routes to the same
destination from different routing protocols. Administrative distance Questions 119
defines the reliability of a routing protocol. What is a function of the Cisco DNA Center Overall Health
Questions 118 Dashboard?
Options:
On workstations running Microsoft Windows, which protocol
provides the default gateway for the device? A.
Options: It provides a summary of the top 10 global issues.

A. B.
DHCP It provides detailed activity logging for the 10 devices and users on
B. the network.
STP C.
C. It summarizes the operational status of each wireless devise on the

network.
SNMP
D.
95
It summarizes daily and weekly CPU usage for servers and It is flooded out every port except G0/0.
workstations in the network.
C.
Show Answer Buy Now
It drops the frame.
Answer: D.
A It forwards it out interface G0/2 only.
Questions 120
Show Answer Buy Now
Answer:
B
Questions 121
What is a function of a remote access VPN?

Options:
A.
PC1 is trying to ping PC3 for the first time and sends out an ARP to
used cryptographic tunneling to protect the privacy of data for
S1 Which action is taken by S1?
multiple users simultaneously
Options:
B.
A.
used exclusively when a user is connected to a company's internal
It forwards it out G0/3 only network
B.
96
C. D.
establishes a secure tunnel between two branch sites be a marking mechanism that identifies different flows
allows the users to access company internal network resources Answer:

through a secure tunnel
B
Show Answer Buy Now
Explanation:
D Traffic shaping retains excess packets in a queue and then schedules
Questions 122 the excess for later transmission over increments of time.
What is the purpose of traffic shaping? Questions 123

Options: What are two roles of Domain Name Services (DNS)? (Choose
A.
Two)
Options:
to mitigate delays over slow links
A.
B.
builds a flat structure of DNS names for more efficient IP operations
to provide fair queuing for buffered flows
B.
C.
encrypts network Traffic as it travels across a WAN by default
to limit the bandwidth that a flow can use to
C.
97
improves security by protecting IP addresses under Fully Qualified switch(config)#spanning-tree portfast bpduguard default
Domain Names (FQDNs)
C.
D.
switch(config-if)#spanning-tree portfast trunk
enables applications to identify resources by name instead of IP
D.
address
switch(config-if)#no spanning-tree portfast
E.
Show Answer Buy Now
allows a single host name to be shared across more than one IP
address Answer:
Show Answer Buy Now C
D, E What is the default behavior of a Layer 2 switch when a frame with

an unknown destination MAC address is received?
Questions 124
Options:
Which command on a port enters the forwarding state immediately
A.
when a PC is connected to it?
Options: The Layer 2 switch drops the received frame
A. B.
switch(config)#spanning-tree portfast default The Layer 2 switch floods packets to all ports except the receiving
port in the given VLAN.
B.
98
C.
The Layer 2 switch sends a copy of a packet to CPU for destination

MAC address learning.
D.
The Layer 2 switch forwards the packet and adds the destination
MAC address to its MAC address table
Show Answer Buy Now
Answer:
B
Explanation:
Explanation: A network engineer must configured communication between PC A
and the File Server. To prevent interruption for any other
If the destination MAC address is not in the CAM table (unknown
destination MAC address), the switch sends the frame out all other communications, which command must be configured?
ports that are in the same VLAN as the received frame. This is Options:
called flooding. It does not flood the frame out the same port on
A.
which the frame was received.
Switch trunk allowed vlan 12
Questions 126
B.
Switchport trunk allowed vlan none
99
C. SMTP
Switchport trunk allowed vlan add 13 D.
D. ARP
Switchport trunk allowed vlan remove 10-11 Show Answer Buy Now

Answer: B
C Explanation:
A network engineer must back up 20 network router configurations SNMP is an application-layer protocol that provides a message
globally within a customer environment. Which protocol allows the format for communication between SNMP managers and agents.
engineer to perform this function using the Cisco IOS MIB? SNMP provides a standardized framework and a common language
Options: used for the monitoring and management of devices in a
network.The SNMP framework has three parts:+ An SNMP
A.
manager+ An SNMP agent+ A Management Information Base
CDP (MIB)The Management Information Base (MIB) is a virtual
information storage area for network management information,
B.
which consists of collections of managed objects.With SNMP, the
SNMP network administrator can send commands to multiple routers to do
the backup
C.
Questions 128
100
How does CAPWAP communicate between an access point in local Refer to the exhibit.
mode and a WLC?
Options:
A. Which route type does the routing protocol Code D represent in the
The access point must directly connect to the WLC using a copper output?
cable Options:
B. A.
The access point must not be connected to the wired network, as it internal BGP route
would create a loop
B.
C.
/24 route of a locally configured IP
The access point must be connected to the same switch as the WLC
C.
D.
statically assigned route
The access point has the ability to link to any switch in the network,
D.
assuming connectivity to the WLC
route learned through EIGRP
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
D
D
Questions 129
101
Questions 130 D.
Refer to the exhibit. 209.165.200.250 via Serial0/0/0
Show Answer Buy Now
Answer:
A
Questions 131
A packet is being sent across router R1 to host 172.16.0.14. What is

the destination route for the packet?
Options:
A.
209.165.200.254 via Serial0/0/1
B.
209.165.200.254 via Serial0/0/0
C.
209.165.200.246 via Serial0/1/0
102
Which configuration issue is preventing the OSPF neighbor
relationship from being established between the two routers?
Options:
A.
R2 is using the passive-interface default command
B.
R1 has an incorrect network command for interface Gi1/0
C.
R2 should have its network command in area 1
D.
R1 interface Gil/0 has a larger MTU size
Show Answer Buy Now
Answer:
D
Questions 132
103
D.
The sites were connected with the wrong cable type
Show Answer Buy Now
Answer:
A
Questions 133
Refer to Exhibit.
Shortly after SiteA was connected to SiteB over a new single-mode
fiber path users at SiteA report intermittent connectivity issues with
applications hosted at SiteB What is the cause of the intermittent
connectivity issue?
Options:
A.
Which action do the switches take on the trunk link?
Interface errors are incrementing
Options:
B.
A.
An incorrect SFP media type was used at SiteA
The trunk does not form and the ports go into an err-disabled status.
C.
B.
High usage is causing high latency
104
The trunk forms but the mismatched native VLANs are merged into For example with the above configuration, SW1 would send
a single broadcast domain. untagged frames for VLAN 999. SW2 receives them but would
think they are for VLAN 99 so we can say these two VLANs are
C.
merged.
The trunk does not form, but VLAN 99 and VLAN 999 are allowed
Questions 134
to traverse the link.
What is a function of TFTP in network operations?
D.
Options:
The trunk forms but VLAN 99 and VLAN 999 are in a shutdown
state. A.
Show Answer Buy Now transfers a backup configuration file from a server to a switch using
a username and password
Answer:
B.
B
transfers files between file systems on a router
Explanation:
C.
Explanation:
transfers a configuration files from a server to a router on a
The trunk still forms with mismatched native VLANs and the traffic
congested link
can actually flow between mismatched switches. But it is absolutely
necessary that the native VLANs on both ends of a trunk link match; D.
otherwise a native VLAN mismatch occurs, causing the two VLANs transfers IOS images from a server to a router for firmware upgrades
to effectively merge.
Show Answer Buy Now
105
D Answer:
Explanation:
D
Explanation:
Questions 136
TFTP is mostly used (Firmware upgrade) whereby the admin have
Drag and drop the Cisco Wireless LAN Controller security settings
the IOS image on one device and uses TFTP to load the image to all
from the left onto the correct security mechanism categories on the
other devices quickly.
right.
Questions 135
Where does wireless authentication happen?

Options:
A.
SSID
B.
Options:
radio
Show Answer Buy Now
C.
Answer:
band
D.
Layer 2
106
Answer:
C
Explanation:
Explanation:
Questions 137 A site-to-site VPN allows offices in multiple fixed locations to

establish secure connections with each other over a public network
When a site-to-site VPN is used, which protocol is responsible for
such as the Internet. A site-to-site VPN means that two sites create a
the transport of user data?
VPN tunnel by encrypting and sending data between two devices.
Options: One set of rules for creating a siteto-site VPN is defined by IPsec.
A. Questions 138
IKEv2 Refer to the exhibit.
B.
IKEv1
C.
IPsec What is the effect of this configuration?
D.
Options:
A.
MD5
107
All ARP packets are dropped by the switch Telnet
B. B.
Egress traffic is passed only if the destination is a DHCP server. SSH
C. C.
All ingress and egress traffic is dropped because the interface is HTTP
untrusted
D.
D.
HTTPS
The switch discard all ingress ARP traffic with invalid MAC-to-IP
E.
address bindings.
TFTP
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
D
A, C
Questions 139
Questions 140
Which two protocols must be disabled to increase security for
management connections to a Wireless LAN Controller? (Choose Which port type supports the spanning-tree portfast command
two ) without additional configuration?
Options: Options:
A. A.
108
access ports The highest up/up physical interface IP address is selected as the
router ID.
B.
C.
Layer 3 main Interfaces
The lowest IP address is incremented by 1 and selected as the router
C.
ID.
Layer 3 suninterfaces
D.
D.
The router ID 0.0.0.0 is selected and placed in the OSPF process.
trunk ports
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
B
A
Questions 142
Questions 141
Which action does the router take as rt forwards a packet through the
What is the effect when loopback interfaces and the configured network?
router ID are absent during the OSPF Process configuration?
Options:
Options:
A.
A.
The router replaces the source and desinaoon labels wth the sending
No router ID is set, and the OSPF protocol does not run. router uterface label as a source and the next hop router label as a
B. desbnabon
109
B. Options:
The router encapsulates the source and destination IP addresses with A.
the sending router P address as the source and the neighbor IP bridge
address as the destination
B.
C.
route
The router replaces the original source and destination MAC
C.
addresses with the sending router MAC address as the source and
neighbor MAC address as the destination autonomous
D. D.
The router encapsulates the original packet and then includes a tag lightweight
that identifies the source router MAC address and transmit
Show Answer Buy Now
transparently to the destination
Show Answer Buy Now

Answer:
D
Answer:
Questions 144
C
A user configured OSPF and advertised the Gigabit Ethernet
Questions 143
interface in OSPF By default, which type of OSPF network does this
Which mode must be set for APs to communicate to a Wireless interface belong to?
LAN Controller using the Control and Provisioning of Wireless Options:
Access Points (CAPWAP) protocol?
A.
110
point-to-multipoint Which action must be taken to assign a global unicast IPv6 address
on an interface that is derived from the MAC address of that
B.
interface?
point-to-point
Options:
C.
A.
broadcast
configure a stateful DHCPv6 server on the network
D.
B.
nonbroadcast
enable SLAAC on an interface
Show Answer Buy Now
C.
Answer: disable the EUI-64 bit process
C D.
Explanation:
explicitly assign a link-local address
Explanation:
Show Answer Buy Now
https://www.oreilly.com/library/view/cisco-ios-
Answer:
cookbook/0596527225/ch08s15.html
A
The Broadcast network type is the default for an OSPF enabled
ethernet interface (while Point-toPoint is the default OSPF network Questions 146
type for Serial interface with HDLC and PPP encapsulation). An organization secures its network with multi-factor authentication
Questions 145 using an authenticator app on employee smartphone. How is the
111
application secured in the case of a user’s smartphone being lost or Questions 147
stolen? What Is the path for traffic sent from one user workstation to another
Options: workstation on a separate switch In a Ihree-lter architecture model?
A. Options:
The application requires an administrator password to reactivate A.

after a configured Interval. access - core - distribution - access
B.
B.
The application requires the user to enter a PIN before it provides access - distribution - distribution - access
the second factor.
C.
C.
access - core - access
The application challenges a user by requiring an administrator
D.
password to reactivate when the smartphone is rebooted.
D. access -distribution - core - distribution - access
Show Answer Buy Now

The application verifies that the user is in a specific location before
it provides the second factor. Answer:
Show Answer Buy Now D
B Which plane is centralized by an SDN controller?
112
Options: RADIUS is most appropriate for dial authentication, but TACACS+
A. can be used for multiple types of authentication
B.
management-plane
B. TACACS+ encrypts only password information and RADIUS

encrypts the entire payload
control-plane
C.
C.
TACACS+ separates authentication and authorization, and RADIUS
data-plane merges them
D.
D.
services-plane RADIUS logs all commands that are entered by the administrator,
Show Answer Buy Now but TACACS+ logs only start, stop, and interim commands
B Answer:
Questions 149 C
What is a difference between RADIUS and TACACS+? Questions 150

Options: A packet is destined for 10.10.1.22. Which static route does the
router choose to forward the packet?
A.
Options:
113
A. Router R1 is running three different routing protocols. Which route
characteristic is used by the router to forward the packet that it
ip route 10.10.1.0 255.255.255.240 10.10.255.1
receives for destination IP 172.16.32.1?
B.
Options:
ip route 10.10.1.16 255.255.255.252 10.10.255.1
A.
C.
longest prefix
ip route 10.10.1.20 255.255.255.252 10.10.255.1
B.
D.
metric
ip route 10.10.1.20 255.255.255.254 10.10.255.1
C.
Show Answer Buy Now
cost
Answer: D.
C administrative distance
Questions 151
Show Answer Buy Now
Answer:
A
Explanation:
Explanation:
114
https://learningnetwork.cisco.com/s/question/0D53i00000KszSlCAJ What are two recommendations for protecting network ports from
/ad ministrative-distance-vs-longest-match-rule being exploited when located in an office space outside of an IT
Questions 152 closer? (Choose two.)
Options:
Where does a switch maintain DHCP snooping information?
A.
Options:
enable the PortFast feature on ports
A.
B.
in the MAC address table
implement port-based authentication
B.
C.
in the CAM table
configure static ARP entries
C.
D.
in the binding database
configure ports to a fixed speed
D.
E.
in the frame forwarding database
shut down unused ports
Show Answer Buy Now
Show Answer Buy Now
Answer:
C Answer:
Questions 153 B, E
115
Which two must be met before SSH can operate normally on a Cisco Reference: [Reference:
IOS switch? (Choose two) https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-
Options: ssh/4145-ssh.html, , ]
Questions 155
A.
An engineer must establish a trunk link between two switches. The
The switch must be running a k9 (crypto) IOS image
neighboring switch is set to trunk or desirable mode. What action
B. should be taken?
The Ip domain-name command must be configured on the switch Options:
C. A.
IP routing must be enabled on the switch configure switchport nonegotiate
D. B.
A console password must be configured on the switch configure switchport mode dynamic desirable
E. C.
Telnet must be disabled on the switch configure switchport mode dynamic auto
Show Answer Buy Now D.
Answer: configure switchport trunk dynamic desirable
A, B Show Answer Buy Now
116
C Refer to the exhibit.
Questions 156
An office has 8 floors with approximately 30-40 users per floor

What command must be configured on the router Switched Virtual
Interface to use address space efficiently?
Options:
A.
ip address 192.168.0.0 255.255.0.0
B.
ip address 192.168.0.0 255.255.254.0
C. Which route type is configured to reach the internet?

ip address 192.168.0.0 255.255.255.128 Options:
D. A.
ip address 192.168.0.0 255.255.255.224 host route
Show Answer Buy Now B.
Answer: default route
B C.
117
floating static route C.
D. 172.16.15.10
network route D.
Show Answer Buy Now 192.168.0.1
B Answer:
Questions 158 C
Refer to the exhibit. Explanation:
Explanation:
OSPF uses the following criteria to select the router ID:1. Manual
configuration of the router ID (via the “router-id x.x.x.x” command
under OSPF router configuration mode).2. Highest IP address on a
What does router R1 use as its OSPF router-ID? loopback interface.3. Highest IP address on a non-loopback and
Options: active (no shutdown) interface.
A. Questions 159
10.10.1.10 When a WLAN with WPA2 PSK is configured in the Wireless LAN
Controller GUI which format is supported?
B.
Options:
10.10.10.20
118
A. B.
Unicode Increasing reliance on self-diagnostic and self-healing
B. C.
base64 Policy-derived provisioning of resources
C. D.
decimal Providing a ship entry point for resource provisioning
D. E.
ASCII Reducing hardware footprint
Answer: Answer:
D C, D
Which two primary drivers support the need for network Which WPA3 enhancement protects against hackers viewing traffic
automation? (Choose two.) on the Wi-Fi network?
Options: Options:
A. A.
Eliminating training needs TKiP encryption
119
B. There is a speed mismatch
AES encryption C.
C. There is a protocol mismatch
scrambled encryption key D.
D. The interface is shut down
SAE encryption E.
Show Answer Buy Now The interface is error-disabled
D Answer:
Questions 162 B, E
The SW1 interface g0/1 is in the down/down state. Which two Questions 163
configurations are valid reasons for the interface conditions?(choose
Refer to Exhibit.
two)
Options:
A.
There is a duplex mismatch
B.
How does SW2 interact with other switches in this VTP domain?
120
Options: Reference: [Reference: https://www.cisco.com/c/en/us/support/docs/lan-
A. switching/vtp/10558-21.html, The VTP mode of SW2 is transparent so it

only forwards the VTP updates it receives to its trunk links without
It processes VTP updates from any VTP clients on the network on processing them., ]
its access ports.
Questions 164
B.
Which two WAN architecture options help a business improve
It receives updates from all VTP servers and forwards all locally scalability and reliability for the network? (Choose two.)
configured VLANs out all trunk ports
Options:
C.
A.
It forwards only the VTP advertisements that it receives on its trunk
asynchronous routing
ports.
B.
D.
single-homed branches
It transmits and processes VTP updates from any VTP Clients on the
network on its trunk ports C.
Show Answer Buy Now dual-homed branches
Answer: D.
C static routing
Explanation: E.
dynamic routing
121
Show Answer Buy Now
Answer:
A, C
Questions 165
Answer:
Drag and drop the descriptions of file-transfer protocols from the left
onto the correct protocols on the right. Questions 166
Which command entered on a switch configured with Rapid PVST*

listens and learns for a specific time period?
Options:
A.
switch(config)#spanning-tree vlan 1 max-age 6
Options: B.
Show Answer Buy Now switch(config)#spanning-tree vlan 1 hello-time 10
Answer: C.
switch(config)#spanning-tree vlan 1 priority 4096
D.
switch(config)#spanning-tree vlan 1 forward-time 20
122
Answer: provides a direct connection for hosts from outside of the enterprise
network
D
C.
Explanation:
ensures that NAT is not required to reach the internet with private
Explanation:
range addressing
Forward time : Determines how long each of the listening and
D.
learning states last before the port begins forwarding.
enables secure communications to the internet for all external hosts
Switch(config)# [ no ] spanning-tree vlan vlan_ID forward-time
forward_timeConfigures the forward time of a VLAN. The Show Answer Buy Now
forward_time value can be from 4 to 30 seconds.
Answer:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/
A
12-2/15-02SG/configuration/guide/config/spantree.html#56177
Questions 168
Questions 167
What is a characteristic of a SOHO network?
Which function does the range of private IPv4 addresses perform?
Options:
Options:
A.
A.
connects each switch to every other switch in the network
allows multiple companies to each use the same addresses without
conflicts B.
123
enables multiple users to share a single broadband connection C.
C. dual-homed branches
provides high throughput access for 1000 or more users D.
D. static routing
includes at least three tiers of devices to provide load balancing and E.

redundancy
dynamic routing
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
B
A, C
Questions 169
Questions 170
Which two WAN architecture options help a business scalability and
How do TCP and UDP differ in the way they guarantee packet
reliability for the network? (Choose two)
delivery?
Options:
Options:
A.
A.
asychronous routing
TCP uses checksum, acknowledgement, and retransmissions, and
B. UDP uses checksums only.
single-homed branches B.
124
TCP uses two-dimensional parity checks, checksums, and cyclic Show Answer Buy Now
redundancy checks and UDP uses retransmissions only.
Answer:
C.
Answer:
TCP uses checksum, parity checks, and retransmissions, and UDP
uses acknowledgements only.
D.
TCP uses retransmissions, acknowledgement and parity checks and

UDP uses cyclic redundancy checks only.
Show Answer Buy Now Explanation:
A
Questions 171
Drag and drop the IPv6 address type characteristics from the left to
the right.
Options:
125
B.
full mesh
C.
point-to-point
D.
hub-and-spoke
Show Answer Buy Now
Answer:
C
Questions 173
Graphical user interface, application Description automatically
generated When configuring a WLAN with WPA2 PSK in the Cisco Wireless
Questions 172 LAN Controller GUI, which two formats are available to select?
(Choose two)
Which WAN topology provides a combination of simplicity quality,
Options:
and availability?
Options: A.
A. ASCII
B.
partial mesh
126
base64
C.
binary
D. A network administrator must permit SSH access to remotely

manage routers in a network. The operations team resides on the
decimal
10.20.1.0/25 network. Which command will accomplish this task?
E.
Options:
hexadecimal
A.
Show Answer Buy Now
access-list 2699 permit udp 10.20.1.0 0.0.0.255
Answer: B.
A, E no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
Explanation:
C.
Reference: [Reference:
access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CO D.
NSOLIDATED_chapter_01010001.html, , , , ] no access-list 2699 deny ip any 10.20.1.0 0.0.0.255

Questions 174
Show Answer Buy Now
Answer:
127
D provide secure user logins to devices on the network.
Explanation: Answer:
Note : Already a statement is there in last to allow SSH Traffic for A
network 10.20.1.0 0.0.0.127, but Second statement says deny ip any
Questions 176
10.20.1.0 0.0.0.255, so how it will work once it is denied. So the
right answer is remove the --- no access-list 2699 deny ip any What is a DHCP client?
10.20.1.0 0.0.0.255. Options:
Questions 175
A.
What is a role of wireless controllers in an enterprise network? a host that is configured to request an IP address automatically
Options:
B.
A.
a server that dynamically assigns IP addresses to hosts
centralize the management of access points in an enterprise network
C.
B.
a workstation that requests a domain name associated with its IP
support standalone or controller-based architectures address
C. D.
serve as the first line of defense in an enterprise network a rooter that statically assigns IP addresses to hosts
128
A The virtual router MAC address associated with a virtual router is

Questions 177 an IEEE 802 MAC Address in the following format:
Which virtual MAC address is used by VRRP group 1? 00-00-5E-00-01-{VRID} (in hex in internet standard bit-order)
A. What describes the operation of virtual machines?
0050.0c05.ad81 Options:
B. A.
0007.c061.bc01 Virtual machines are responsible for managing and allocating host
hardware resources
C.
B.
0000.5E00.0101
In a virtual machine environment, physical servers must run one
D.
operating system at a time.
0500.3976.6401
C.
Show Answer Buy Now
Virtual machines are the physical hardware that support a virtual
Answer: environment.
C D.
Explanation:
129
Virtual machines are operating system instances that are decoupled
from server hardware
Show Answer Buy Now

B)
Answer:
B
Questions 179
C)
D)
Options:
A.
Option
An engineer must configure router R2 so it is elected as the DR on B.

the WAN subnet. Which command sequence must be configured?
Option
A)
C.
130
Option B.
D. object
Option C.
Show Answer Buy Now Boolean
Answer: D.
A string
Questions 180 Show Answer Buy Now
Refer to the exhibit. Answer:

A
Questions 181
In which structure does the word "warning" directly reside?

Options:
A.
array
131
D)
Options:
A.
Option A
B.
SW1 supports connectivity for a lobby conference room and must be
secured. The engineer must limit the connectivity from PCI lo ma Option B
SW1 and SW2 network. The MAC addresses allowed must be C.
Limited to two. Which configuration secures the conference room
Option C
connectivity?
D.
A)
Option D
Show Answer Buy Now

B)
Answer:
B
Questions 182
C)
132
Refer to the exhibit. In the Advanced configuration, set the DTIM value to 125.
Show Answer Buy Now
Answer:
C
A network engineer is configuring a WLAN to connect with the Questions 183
172.16.10.0/24 network on VLAN 20. The engineer wants to limit
the number of devices that connect to the WLAN on the USERWL
SSID to 125. Which configuration must the engineer perform on the
WLC?
Options:
A.
In the Management Software activation configuration, set the

Clients value to 125.
B.
In the Controller IPv6 configuration, set the Throttle value to 125.
C.
In the WLAN configuration, set the Maximum Allowed Clients

value to 125.
D.
133
Options:
Show Answer Buy Now
Answer:
Answer:
The Router1 routing table has multiple methods to reach

10.10.10.0/24 as shown. The default Administrative Distance is
used. Drag and drop the network conditions from the left onto the
routing methods that Router1 uses on the right. Questions 184
134
D.
10.165 20.226
Show Answer Buy Now
Answer:
D
Questions 185
Which cable type must be used to interconnect one switch using

1000 BASE-SX GBiC modules and another switch using 1000
BASE-SX SFP modules?
What is the next hop for traffic entering R1 with a destination of Options:
10.1.2 126?
A.
Options:
LC to SC
A.
B.
10.165 20.126
SC t ST
B.
C.
10.165.20.146
SC to SC
C.
D.
10.165.20.166
135
LC to LC D
Answer: Which command configures the Cisco WLC to prevent a serial

session with the WLC CLI from being automatical togged out?
D
Options:
Questions 186
A.
How does frame switching function on a switch?
config sessions maxsessions 0
Options:
B.
A.
config sessions timeout 0
forwards frames to a neighbor port using CDP
C.
B.
config serial timeout 0
modifies frames that contain a known source VLAN
D.
C.
config serial timeout 9600
inspects and drops frames from unknown destinations
Show Answer Buy Now
D.
Answer:
forwards known destinations to the destination port
B
Show Answer Buy Now
Questions 188
Answer:
136
What does a switch search for in the CAM table when forwarding a A switch searches for the destination MAC address and the
frame? destination port in the CAM table when forwarding a frame. The
Options: CAM table, or content addressable memory table, is a data structure
that stores the MAC addresses of the devices connected to the
A.
switch ports and their associated VLANs. The switch uses the CAM
source MAC address and aging time table to make layer 2 forwarding decisions based on the destination
MAC address of a frame. When a frame arrives at a switch port, the
B.
switch first learns the source MAC address and the source port of
destination MAC address and flush time the frame and updates the CAM table accordingly. Then, the switch
C.
looks up the destination MAC address of the frame in the CAM
table and finds the corresponding destination port. If there is a
source MAC address and source port match, the switch forwards the frame out of that port only. If there is
D. no match, the switch floods the frame out of all ports except the
source port123.
destination MAC address and destination port
References:
Show Answer Buy Now
• 1: Why is the CAM table in a switch called CAM table and not
Answer:
MAC table even though it holds MAC addresses?
D • 2: ARP and CAM Table
Explanation: • 3: The CAM Table or MAC address Table

Drag and drop the QoS terms from the left onto the descriptions on
the right.
137
Options:
Show Answer Buy Now Table Description
automatically generated
Answer:
Questions 190
Answer:
A switch is a forwarding a frame out of an interfaces except the
interface that received the frame. What is the technical term for this
process?
Options:
A.
ARP
B.
Explanation:
CDP
Explanation:
C.
138
flooding
D.
multicast D)
Show Answer Buy Now
Answer:
C
Options:
Questions 191
A.
Refer to the exhibit. A multivendor network exists and the company
Option A
is implementing VoIP over the network for the first time.
B.
A)
Option B
C.
Option C
B)
D.
Option D
Show Answer Buy Now

C)
Answer:
139
Questions 192
What is a function of an endpoint?

Options:
A.
It is used directly by an individual user to access network services
B.
A network engineer started to configure two directly-connected
It passes unicast communication between hosts in a network routers as shown. Which command sequence must the engineer
configure on R2 so that the two routers become OSPF neighbors?
C.
A)
It transmits broadcast traffic between devices in the same VLAN
D.
It provides security between trusted and untrusted sections of the B)

network.
Show Answer Buy Now

C)
Answer:
A
Questions 193 D)
140
Options:
A.
Option A
B.
Option B
C.
Options:
Option C
Show Answer Buy Now
D.
Answer:
Option D
Answer:
Show Answer Buy Now
Answer:
D
Questions 194
Drag and drop the WLAN components from the left onto the
component details on the right.
141
Questions 195 D
Refer to the exhibit. Questions 196
What describes the functionality of southbound APIs?

Options:
A.
An engineer executed the script and added commands that were not
necessary for SSH and now must remove the commands. They use HTTP messages to communicate.
Options: B.
A. They enable communication between the controller and the network
metric device.
B. C.
cost They convey information from the controller to the SDN

applications.
C.
D.
longest prefix
They communicate with the management plane.
D.
Show Answer Buy Now
administrative distance
Answer:
Show Answer Buy Now
B
Answer:
Questions 197
142
Refer to the exhibit. SW1, because its priority is the lowest and its MAC address is
higher
Show Answer Buy Now
Answer:
B
Questions 198
An engineer must configure a core router with a floating static

Rapid PVST+ mode is on the same VLAN on each switch. Which default route to the backup router at 10.200.0.2.
switch becomes the root bridge and why?
Options:
A.
SW2, because its MAC address is the highest
B.
SW3, because its priority is the highest
C.
SW4, because its priority is highest and its MAC address is lower Options:
Answer:
143
Answer: router-on-a-stick
Show Answer Buy Now
Answer:
A
Questions 200
Drag and drop the configuration management terms from the left
onto the descriptions on the right. Not all terms are used.
Questions 199
Which WAN topology has the highest degree of reliability?

Options:
A.
full mesh
B.
Point-to-point
C. Options:
hub-and-spoke Show Answer Buy Now
D. Answer:
144
Answer: C.
To implement centralized user account management
D.
To deploy the management plane separately from the rest of the

network Answer: A
Show Answer Buy Now
Answer:
A
Questions 202
Questions 201
Why would a network administrator choose to implement

automation in a network environment?
Options:
A.
To simplify the process of maintaining a consistent configuration

state across all devices
B. Refer to the exhibit.
To centralize device information storage
145
A network administrator configures an interface control re switch so Option B
that it connects to interface Gi1/0/1 on switch Cat9300-1. Which
C.
configuration must be applied to the new interface?
Option C
A)
D.
Option D
B) Show Answer Buy Now
Answer:
A
C) Questions 203
D)
Options:
A.
Option A
B.
146
C.
ip route 192.168.23.0 255.255.255.255 192.168.13.3 121
D.
ip route 192.168.23.0 255.255.255.0 192.168.13.3
Show Answer Buy Now
Answer:
B
Questions 204
What is the function of "off-the-shell" switches in a controller-based

Routers R1 and R2 are configured with RIP as the dynamic routing
network?
protocol. A network engineer must configure R1 with a floating
static route to serve as a backup route to network 192.168.23. Which Options:
command must the engineer configure on R1? A.
Options:
providing a central view of the deployed network
A.
B.
ip route 192.168.23.0 255.255.255.0 192.168.13.3 100
forwarding packets
B.
C.
ip route 192.168.23.0 255.255.255.0 192.168.13.3 121
making routing decisions
147
D. D.
setting packet-handling policies It sends the traffic via prefix 172.31.0.0/25
Answer: Answer:
D D
A packet from a company s branch office is destined to host Which interface IP address serves as the tunnel source for CAPWAP
172.31.0.1 at headquarters. The sending router has three possible packets from the WLC to an AP?
matches in its routing table for the packet prefixes: 172. 31.0 Options:
.0/16.72.31.0.0724. and 172.31 0 0/25. How does the router handle
A.
the packet?
Options: service
A. B.
It sends the traffic via prefix 172.31.0.0/16 trunk
B. C.
It sends the traffic via the default gateway 0.0.0.070. AP-manager
C. D.
It sends the traffic via prefix 172.31.0.0/24 virtual AP connection
148
Answer: GetNext
C C.
Explanation: Set
Explanation: D.
The AP-manager interface is used by the WLC to communicate with GetBulk

access points using CAPWAP packets2. The AP-manager interface
E.
has an IP address that serves as the tunnel source for CAPWAP
packets from the WLC to an AP3. The service interface is used for Inform
out-of-band management of the WLC, such as Telnet and Show Answer Buy Now
SSH4. The trunk interface is used to connect the WLC to a switch
and carry multiple VLANs5. The virtual AP connection is not an Answer:
interface, but a logical connection between an AP and a WLC that A, D
allows multiple SSIDs to be supported by a single AP6.
Questions 208
Questions 207
What are two protocols within the IPsec suite? (Choose two)
Which two features introduced in SNMPv2 provides the ability to
Options:
retrieve large amounts of data in one request
A.
Options:
AH
A.
B.
Get
149
3DES
C.
ESP
D.
TLS
E.
AES
Show Answer Buy Now
Answer:
D, E How many objects are present in the given JSON-encoded data?
Refer to the exhibit. A.
one
B.
four
C.
seven
150
D. D.
nine ip ospf priority 0
Answer: Answer:
B C
A Cisco engineer notices thai two OSPF neighbors are connected Which 802.11 frame type is Association Response?
using a crossover Ethernet cable. The neighbors are taking too long Options:
to become fully adjacent. Which command must be issued under the
A.
interface configuration on each router to reduce the time required for
the adjacency to reach the FULL state? management
Options: B.
A. control
ip ospf network broadcast C.
B. action
ip ospf dead-interval 40 D.
C. protected frame
ip ospf network point-to-point Show Answer Buy Now
151
A Answer:
Questions 212
A
How does authentication differ from authorization? Questions 213
Options:
In a cloud-computing environment what is rapid elasticity?
A. Options:
Authentication verifies the identity of a person accessing a network, A.
and authorization determines what resource a user can access.
control and monitoring of resource consumption by the tenant
B.
B.
Authentication is used to record what resource a user accesses, and
authorization is used to determine what resources a user can access automatic adjustment of capacity based on need
C. C.
Authentication is used to determine what resources a user is allowed pooling resources in a multitenant model based on need
to access, and authorization is used to track what equipment is D.

allowed access to the network
self-service of computing resources by the tenant
D.
Show Answer Buy Now
Authentication is used to verify a person's identity, and authorization
is used to create syslog messages for logins.
Answer:
B
152
Questions 214 Which configuration on the NewSwitch side of the link meets these
Refer to the exhibit. requirements?
A)
B)
C)
D)
A new VLAN and switch are added to the network. A remote

engineer configures OldSwitch and must ensure that the Options:
configuration meets these requirements: A.
• accommodates current configured VLANs Option A
• expands the range to include VLAN 20 B.
• allows for IEEE standard support for virtual LANs Option B
153
C. Answer:
Option C
D.
Option D
Show Answer Buy Now
C Explanation:
Questions 215
type on the right.
Options:
Graphical
Show Answer Buy Now
user interface, application Description automatically generated
154
Which advantage does the network assurance capability of Cisco Show Answer Buy Now
DNA Center provide over traditional campus management?
Answer:
Options:
C
A.
Questions 217
Cisco DNA Center correlates information from different
NO: 346
management protocols to obtain insights, and traditional campus
management requires manual analysis. What must a network administrator consider when deciding whether
to configure a new wireless network with APs in autonomous mode
B.
or APs running in cloud-based mode?
Cisco DNA Center handles management tasks at the controller to
Options:
reduce the load on infrastructure devices, and traditional campus
management uses the data backbone. A.
C. Autonomous mode APs are less dependent on an underlay but more

complex to maintain than APs in cloud-based mode.
Cisco DNA Center leverages YANG and NETCONF to assess the
status of fabric and nonfabric devices, and traditional campus B.
management uses CLI exclusively. Cloud-based mode APs relay on underlays and are more complex to
D. maintain than APs in autonomous mode.
Cisco DNA Center automatically compares security postures among C.

network devices, and traditional campus management needs manual Cloud-based mode APs are easy to deploy but harder to automate
comparisons. than APs in autonomous mode.
155
D. TCP encourages out-of-order packet delivery, and UDP prevents re-
ordering.
Autonomous mode APs are easy to deploy and automate than APs in
cloud-based mode. Show Answer Buy Now

Answer: A
A Questions 219
Questions 218
How do TCP and UDP fit into a query-response model?

Options:
A.
TCP establishes a connection prior to sending data, and UDP sends

immediately.
B.
TCP uses error detection for packets, and UDP uses error recovery.
C. Refer to the exhibit. An engineer is building a new Layer 2 LACP

EtherChannel between SW1 and SW2. and they executed the given
TCP avoids using sequencing, and UDP avoids using
show commands to verify the work Which additional task must be
acknowledgments.
performed so that the switches successfully bundle the second
D. member in the LACP port-channel?
156
Options:
A.
Configure the switchport trunk allowed vlan 300 command on SW1

port-channel 1
B.
Configure the switchport trunk allowed vlan 300 command on A packet sourced from 10.10.10.1 is destined for 10.10.8.14. What
interface Fa0/2 on SW1. is the subnet mask of the destination route?
C. Options:
Configure the switchport trunk allowtd vlan add 300 command on A.
interface FaO 2 on SW2. 255.255.254.0

D. B.
Configure the switchport trunk allowtd vlan add 300 command on 255.255.255.240
SW1 port-channel 1
C.
Show Answer Buy Now
255.255.255.248
Answer:
D.
B
255.255.255.252
Questions 220
Show Answer Buy Now
Answer:
157
B A.
Questions 221 Option A
An engineer is configuring switch SW1 to act an NTP server when B.

all upstream NTP server connectivity fails. Which configuration
Option B
must be used?
C.
A)
Option C
D.
B) Option D
Show Answer Buy Now
Answer:
C) B
Questions 222
Which channel-group mode must be configured when multiple

D) distribution interfaces connected to a WLC are bundled?
Options:
A.
Options:
Channel-group mode passive.
158
B. The P2P blocking action option is disabled on the WLC.
Channel-group mode on. Options:
C. A.
Channel-group mode desirable. Enable the Static IP Tunneling option.
D. B.
Channel-group mode active. Disable the Coverage Hole Detection option.
Answer: Check the DHCP Addr. Assignment check box.
B D.
Questions 223 Set the P2P Blocking Action option to Forward-UpStream.
Refer to the exhibit. Show Answer Buy Now
Answer:
A
Questions 224
Drag and drop the Ansible terms from the left onto the right.
159
Answer:
Options:
Show Answer Buy Now
Which type of port is used to connect lo the wired network when an

autonomous AP maps two VLANs to its WLANs?
Options:
A.
LAG
B.
EtherChannel
C.
160
trunk
D.
access
Show Answer Buy Now
Answer:
C
Questions 226
Which two values does router R1 use to identify valid routes for the
R3 loopback address 1.1.1.3/32? (Choose two.)
Options:
A.
lowest cost to teach the next hop
B.
highest metric
161
C. A.
highest administrative distance queuing
D. B.
lowest metric marking
E. C.
lowest administrative distance shaping
Answer: policing
D, E Show Answer Buy Now

Refer to the exhibit. D
Explanation:
Explanation:
R1 is applying policing to incoming packets. Policing is a QoS

mechanism that limits the rate of traffic flow by dropping or
Which per-hop QoS behavior is R1 applying to incoming packets? remarking packets that exceed the configured rate limit. In this case,
Options: R1 is applying policing to incoming packets on interface G0/0 and
G0/1. The exhibit shows that R1 is configured to police traffic at a
162
rate of AF31, AF21, and AF11. This means that R1 is limiting the interface Gi0/0
rate of traffic flow for these three traffic classes .
ipv6 address 2001:db8:1:AFFF::/64 eui-64
References:
C.
• : Cisco CCNA Certification Guide - Chapter 16: Quality of Service interface Gi0/1
(QoS)
ipv6 address
• : Cisco IOS Quality of Service Solutions Configuration Guide -
2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA00:/127
Configuring Class-Based Policing
D.
Questions 228
interface Gi0/0
Refer to the exhibit. IPv6 must be implemented on R1 to the ISP
The uplink between R1 and the ISP must be configured with a ipv6 address 2001:db8:0:AFFF::/64 eui-64
manual assignment, and the LAN interface must be self-provisioned
E.
Both connections must use the applicable IPv6 networks Which two
configurations must be applied to R1? (Choose two.) interface Gi0/0
Options: ipv6 address

2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA03;/127
A.
Show Answer Buy Now
interface Gi0/1
ipv6 address Answer:

2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA02:/127 C, D
B. Questions 229
163
What are two disadvantages of a full-mesh topology? (Choose two.) Options:
Options: A.
A. It serves as a sequence tag on SNMP traffic messages.
It needs a high MTU between sites. B.
B. It serves as a password lo protect access to MIB objects.
It has a high implementation cost. C.
C. It passes the Active Directory username and password that are

required for device access
It must have point-to-point communication.
D.
D.
It translates alphanumeric MIB output values to numeric values.
It requires complex configuration.
Show Answer Buy Now
E.
It works only with BGP between sites. Answer:

Questions 231
Answer:
B, D
Questions 230
What is the role of community strings in SNMP operations?
164
Show Answer Buy Now
Answer:
C
Questions 232
Why implement VRRP?

An engineer must configure a floating static route on an external Options:
EIGRP network. The destination subnet is the /29 on the LAN
A.
Interface of R86. Which command must be executed on R14?
to provide end users with a virtual gateway in a multivendor
Options:
network
A.
B.
ip route 10.80.65.0.255.255.248.0.10.73.65.66.1
to leverage a weighting scheme to provide uninterrupted service
B.
C.
ip route 10.80.65.0.255.255.255..240 fa0/1 89
to detect link failures without the overhead of Bidirectional
C. Forwarding Detection
ip route 10.80.65.0.255.255.248.0.10.73.65.66.171 D.
D. to hand over to end users the autodiscovery of virtual gateways

ip route 10.80.65.0.0.0.224.10.80.65.0. 255 Show Answer Buy Now
165
Answer:
A
Questions 233
Options:
Show Answer Buy Now
Router OldR is replacing another router on the network with the
intention of having OldR and R2 exchange routes_ After the Answer:
engineer applied the initial OSPF Answer:
configuration: the routes were still missing on both devices. Which C
command sequence must be issued before the clear IP ospf process
Questions 234
command is entered to enable the neighbor relationship?
type on the right.
166
Options: D.
Show Answer Buy Now southbound API
Answer:
D
Explanation:
Questions 235 Cisco overview doc for SDN here:

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Ce
Which type of API allows SDN controllers to dynamically make
nter /VMDC/SDN/SDN.html
changes to the network?
Dumpspedia
Options:
Questions 1
A.
northbound API
B.
REST API
C.
SOAP API
167
B.
Text
C.
Switch AccSw2 has just been added to the network along with PC2. All
VLANs have been implemented on AccSw2. How must the ports on
AccSw2 be configured to establish Layer 2 connectivity between PC1
and PC2?
Options:
Text
A. Description automatically generated
D.
Text Description
168
Text Description
Show Answer
Answer:
A
Questions 2
Refer to the exhibit. The Router1 routing table has multiple methods to reach 10.10.10.0/24
as shown. The default Administrative Distance is used. Drag and drop
the network conditions from the left onto the routing methods that
Router1 uses on the right.
169
Options: Options:
Show Answer Show Answer
Answer: Answer:
Answer: Answer:
Drag and drop the use cases for device-management technologies from
Configure IPv4 and IPv6 connectivity between two routers. For
the left onto the corresponding.
IPv4, use a /28 network from the 192.168.1.0/24 private range. For
IPv6, use the first /64 subnet from the 2001:0db8:aaaa::/48 subnet.
1. Using Ethernet0/1 on routers R1 and R2, configure the next

usable/28 from the 192.168.1.0/24 range. The network
192.168.1.0/28 is unavailable.
first usable host address.
170
3. For the IPv4 /28 subnet, router R2 must be configured with the Answer:
last usable host address.
Answer:
4. For the IPv6 /64 subnet, configure the routers with the IP
addressing provided from the topology. See the Explanation below.
5. A ping must work between the routers on the IPv4 and IPv6
Explanation:
address ranges.
Explanation:
on R1
config terminal
ipv6 unicast-routing
inter eth0/1
ip addre 192.168.1.1 255.255.255.240
ipv6 addre 2001:db8:aaaa::1/64
not shut
end
Options:
copy running start
Show Answer Buy Now
on R2
171
config terminal
ipv6 unicast-routing
inter eth0/1
ip address 192.168.1.14 255.255.255.240
ipv6 address 2001:db8:aaaa::2/64
not shut
end
copy running start
---------------------
for test from R1
ping ipv6 2001:db8:aaaa::1

Connectivity between three routers has been established, and IP
for test from R2
services must be configured jn the order presented to complete the
ping ipv6 2001:db8:aaaa::2 implementation Tasks assigned include configuration of NAT, NTP,
Questions 5 DHCP, and SSH services.
1. All traffic sent from R3 to the R1 Loopback address must be

configured for NAT on R2. All source addresses must be translated
from R3 to the IP address of Ethernet0/0 on R2, while using only a
standard access list named NAT To verify, a ping must be successful
172
to the R1 Loopback address sourced from R3. Do not use NVI NAT See the Explanation below.
configuration.
Explanation:
2. Configure R1 as an NTP server and R2 as a client, not as a peer,
using the IP address of the R1 Ethernet0/2 interface. Set the clock on Explanation:
the NTP server for midnight on January 1, 2019.
3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a
conf t
pool named TEST. Using a single command, exclude addresses 1-10
from the range. Interface Ethernet0/2 on R3 must be issued the IP R1(config)#ntp master 1
address of 10.1.3.11 via DHCP. R2(config)#ntp server 10.1.2.1
4. Configure SSH connectivity from R1 to R3, while excluding Exit
access via other remote connection protocols. Access for user root
Router#clock set 00:00:00 jan 1 2019
and password Cisco must be set on router R3 using RSA and 1024
bits. Verify connectivity using an SSH session from router R1 using ip dhcp pool TEST
a destination address of 10.1.3.11. Do NOT modify console access
network 10.1.3.0 255.255.255.0
or line numbers to accomplish this task.
ip dhcp exluded-address 10.1.3.1 10.1.3.10
Options:
R3(config)#int e0/3
Show Answer Buy Now
R3(config)#int e0/2
Answer:
ip address dhcp
Answer: no shut
crypto key generate RSA

173
1024 D.
Copy run start cisco123


Answer:
Explanation:
Explanation:
If neither the enable password command nor the enable secret

command is configured, and if there is a line password configured
Which password must an engineer use to enter the enable mode? for the console, the console line password serves as the enable
password for all VTY sessions -> The “enable secret” will be used
Options:
first if available, then “enable password” and line password.
A.
Questions 7
adminadmin123
B.
default
C.
testing 1234
174
2. Configure the R2 links with a max value facing R1 and R3. R2
must become the DR. R1 and R3 links facing R2 must remain with
the default OSPF configuration for DR election. Verify the
configuration after clearing the OSPF process.
3. Using a host wildcard mask, configure all three routers to

advertise their respective Loopback1 networks.
4. Configure the link between R1 and R3 to disable their ability to

add other OSPF routers.
Options:
Show Answer Buy Now
Answer:
Answer:
Explanation:
IP connectivity between the three routers is configured. OSPF
adjacencies must be established. Explanation:
1. Configure R1 and R2 Router IDs using the interface IP addresses Answer as below configuration:
from the link that is shared between them.
on R1
175
conf terminal duplex auto
interface Loopback0 !
ip address 10.10.1.1 255.255.255.255 router ospf 1
! router-id 10.10.12.1
interface Loopback1 network 10.10.1.1 0.0.0.0 area 0
ip address 192.168.1.1 255.255.255.0 network 192.168.1.0 0.0.0.255 area 0
! !
interface Ethernet0/0 copy run star
no shut ---------------------------------------
ip address 10.10.12.1 255.255.255.0 On R2
ip ospf 1 area 0 conf terminal
duplex auto interface Loopback0
! ip address 10.10.2.2 255.255.255.255
no shut interface Loopback1
ip ospf 1 area 0 !
176
no shut copy runs start
ip address 10.10.12.2 255.255.255.0 -----------------------
ip ospf priority 255 On R3
ip ospf 1 area 0 conf ter
duplex auto interface Loopback0
! ip address 10.10.3.3 255.255.255.255
no shut interface Loopback1
ip ospf priority 255 !
ip ospf 1 area 0 interface Ethernet0/1
duplex auto no shut
! ip address 10.10.13.3 255.255.255.0
router ospf 1 ip ospf 1 area 0
network 192.168.2.0 0.0.0.255 area 0 !
177
interface Ethernet0/2
no shut
ip address 10.10.23.3 255.255.255.0
ip ospf 1 area 0
duplex auto
router ospf 1
network 10.10.3.3 0.0.0.0 area 0
network 192.168.3.0 0.0.0.255 area 0
copy run start
!
Questions 8
178
IP connectivity and OSPF are preconfigured on all devices where
necessary. Do not make any changes to the IP addressing or OSPF.
The company policy uses connected interfaces and next hops when
configuring static routes except for load balancing or redundancy
without floating static. Connectivity must be established between
subnet 172.20.20.128/25 on the Internet and the LAN at
192.168.0.0/24 connected to SW1:
1. Configure reachability to the switch SW1 LAN subnet in router

R2.
2. Configure default reachability to the Internet subnet in router R1.

179
3. Configure a single static route in router R2 to reach to the Internet Conf t
subnet considering both redundant links between routers R1 and R2.
Ip route 192.168.1.0 255.255.255.0 10.10.31.1
A default route is NOT allowed in router R2.
On R1:
4. Configure a static route in router R1 toward the switch SW1 LAN
subnet where the primary link must be through Ethernet0/1. and the Enable
backup link must be through Ethernet0/2 using a floating route. Use Conf t
the minimal administrative distance value when required.
Ip route 0.0.0.0 0.0.0.0 10.10.13.3
Options:
On R2
Show Answer Buy Now
Ip route 172.20.20.128 255.255.255.128 e0/2
Answer: Ip route 172.20.20.128 255.255.255.128 e0/1
Answer: On R1
Ip route 192.168.0.0 255.255.255.0 e0/1

Ip route 192.168.0.0 255.255.255.0 10.10.12.2 3
Explanation:
Save all configurations after every router from anyone of these
Explanation: command
Answer as below configuration: Do wr
On R2: Or
Enable Copy run start
180
Questions 9
Drag and drop the network protocols from the left onto the correct
transport services on the right.
Options:
Show Answer Buy Now
Answer:
Options:
Explanation:
Answer:
Questions 10
An engineer is configuring an encrypted password for the enable

command on a router where the local user database has already been
configured Drag and drop the configuration commands from the left
into the correct sequence on the right Not all commands are used
181
RADIUS server
D.
wireless LAN controller
Show Answer Buy Now
Answer:
B
Graphical
user interface, application Description automatically generated Questions 12
Questions 11 Physical connectivity is implemented between the two Layer 2
Which device controls the forwarding of authentication requests for switches, and the network connectivity between them must be
users when connecting to the network using a lightweight access configured
point? 1. Configure an LACP EtherChannel and number it as 1; configure

Options: it between switches SW1 and SVV2 using interfaces Ethernet0/0
and Ethernet0/1 on both sides. The LACP mode must match on both
A. ends
TACACS server 2 Configure the EtherChannel as a trunk link.
B. 3. Configure the trunk link with 802.1 q tags.
wireless access point 4. Configure the native VLAN of the EtherChannel as VLAN 15.
C.
182
On SW1:
conf terminal
vlan 15
exit
interface range eth0/0 - 1
channel-group 1 mode active
exit
interface port-channel 1
Options: switchport trunk encapsulation dot1q
Show Answer Buy Now switchport mode trunk
switchport trunk native vlan 15

Answer:
end
Answer:
copy run start
See the Explanation below. on SW2:
Explanation: conf terminal
vlan 15
Explanation:
183
exit 1 . Configure static routing to ensure RI prefers the path through R2
to
interface range eth0/0 - 1
reach only PCI on R4's LAN
channel-group 1 mode active
2. Configure static routing that ensures traffic sourced from RI will
exit
take
interface port-channel 1
an alternate path through R3 to PCI in the event of an outage along
switchport trunk encapsulation dot1q
the primary path
switchport mode trunk
3. Configure default routes on RI and R3 to the Internet using the
switchport trunk native vlan 15 least number of hops
end Guidelines
copy run start This is a lab item in which tasks will be performed on virtual
Questions 13 devices.
All physical cabling is in place. Router R4 and PCI are fully • Refer to the Tasks tab to view the tasks for this lab item.
configured and • Refer to the Topology tab to access the device console(s) and
inaccessible. R4's WAN interfaces use .4 in the last octet for each perform the tasks.
subnet. • Console access is available for all required devices by clicking the
Configurations should ensure that connectivity is established end-to- device icon or using
end. the tab(s) above the console window.
184
• Do not change the enable password or hostname for any device. Show Answer Buy Now
• Save your configurations to NVRAM before moving to the next Answer:

item.
Answer:
See the solution below in Explanation.
• When Next is clicked, the lab closes and cannot be reopened.
Explanation:
Explanation:
• To configure static routing on R1 to ensure that it prefers the path

through R2 to reach only PC1 on R4’s LAN, you need to create a
20.0.0.2, which is the IP address of R2’s interface connected to R1.
You also need to assign a lower administrative distance (AD) to
this route than the default AD of 1 for static routes, so that it has
a higher preference over other possible routes. For example, you
can use an AD of 10 for this route. To create this static route, you
need to enter the following commands on R1’s console:
R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0

20.0.0.2 10 R1(config)#end
Options:
185
• To configure static routing on R1 that ensures that traffic sourced these default routes, you need to enter the following commands
from R1 will take an alternate path through R3 to PC1 in the event on each router’s console:
of an outage along the primary path, you need to create another
static route for the host 10.0.0.100/8 with a next-hop address of On R1: R1#configure terminal R1(config)#ip route 0.0.0.0 0.0.0.0
40.0.0.2, which is the IP address of R3’s interface connected to R1. 10.0.0.4 R1(config)#end
You also need to assign a higher AD to this route than the AD of On R3: R3#configure terminal R3(config)#ip route 0.0.0.0 0.0.0.0
the primary route, so that it has a lower preference and acts as a 50.0.0.4 R3(config)#end
backup route. For example, you can use an AD of 20 for this route.
Questions 14
This type of static route is also known as a floating static route. To
create this static route, you need to enter the following What is a function of a remote access VPN?
commands on R1’s console:
Options:
R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0 A.

40.0.0.2 20 R1(config)#end
used cryptographic tunneling to protect the privacy of data for
• To configure default routes on R1 and R3 to the Internet using the multiple users simultaneously
least number of hops, you need to create a static route for the B.
network 0.0.0.0/0 with a next-hop address of the ISP’s interface
used exclusively when a user is connected to a company's internal
connected to each router respectively. A default route is a special
network
type of static route that matches any destination address and is
used when no other specific route is available. The ISP’s interface C.
connected to R1 has an IP address of 10.0.0.4, and the ISP’s
establishes a secure tunnel between two branch sites
interface connected to R3 has an IP address of 50.0.0.4. To create
D.
186
allows the users to access company internal network resources Answer:
through a secure tunnel
Show Answer Buy Now
Answer:
Questions 15
Drag and drop the SNMP manager and agent identifier commands Questions 16
from the left onto the functions on the right
Connectivity between four routers has been established. IP
connectivity must be configured in the order presented to complete
the implementation. No dynamic routing protocols are included.
1. Configure static routing using host routes to establish connectivity

from router R3 to the router R1 Loopback address using the source
IP of 209.165.200.230.
2. Configure an IPv4 default route on router R2 destined for router

Options:
R4.
Show Answer Buy Now
3. Configure an IPv6 default router on router R2 destined for router
R4.
Answer:
187
Answer:
Explanation:
Explanation:
1.- on R3
config terminal
ip route 192.168.1.1 255.255.255.255 209.165.200.229
end
copy running start
2.- on R2
config terminal
ip route 0.0.0.0 0.0.0.0 209.165.202.130

Options: end
Show Answer Buy Now copy running start
Answer: 3.- on R2
188
config terminal input errors
ipv6 route ::/0 2001:db8:abcd::2 Show Answer Buy Now
end Answer:
copy running start
D, E
Questions 17
Explanation:
A frame that enters a switch fails the Frame Check Sequence. Which
two interface counters are incremented? (Choose two) Explanation:
Options: Whenever the physical transmission has problems, the receiving
A.
device might receive a frame whose bits have changed values. These
frames do not pass the error detection logic as implemented in the
runts FCS field in the Ethernet trailer. The receiving device discards the
B. frame and counts it as some kind of input error.
giants Cisco switches list this error as a CRC error. Cyclic redundancy
check (CRC) is a term related to how the FCS math detects an error.
C.
The “input errors” includes runts, giants, no buffer, CRC, frame,
frame
overrun, and ignored counts.
D.
The output below show the interface counters with the “show
CRC interface s0/0/0” command:
E.
189
1. Configure VLAN 100 named Compute and VLAN 200 named
Telephony where required for each task.
2. Configure Ethernet0/1 on SW2 to use the existing VLAN named

Available.
3. Configure the connection between the switches using access

ports.
4. Configure Ethernet0/1 on SW1 using data and voice VLANs.
5. Configure Ethemet0/1 on SW2 so that the Cisco proprietary

neighbor discovery protocol is turned off for the designated interface
Questions 18 only.
All physical cabling between the two switches is installed.

Configure the network connectivity between the switches using the
designated VLANs and interfaces. Options:
190
Show Answer Buy Now switchport access vlan 100
Answer: int e0/0
switchport mode access

Answer:
do wr
See the Explanation below. on sw2
Explanation: Vlan 99
Explanation: Name Available
Answer as below configuration: Int e0/1
on sw1 Switchport access vlan 99
enable do wr
Questions 19
conf t
vlan 100 Refer to the exhibit.
name Compute
vlan 200
name Telephony
int e0/1
switchport voice vlan 200
191
R5 is the current DR on the network, and R4 is the BDR. Their Option
interfaces are flapping, so a network engineer wants the OSPF
B.
network to elect a different DR and BDR. Which set of
configurations must the engineer implement? Option
A) C.
Option
D.
B) Option
Show Answer Buy Now
Answer:
C)
D
Questions 20
When implementing a router as a DHCP server, which two features

D) must be configured'? (Choose two)
Options:
A.
Options: relay agent information
A.
192
B.
database agent
C.
address pool
D.
smart-relay
E. An access list is required to permit traffic from any host on interface

manual bindings G0/0 and deny traffic from interface G/0/1. Which access list must
be applied?
Show Answer Buy Now
Answer:
C, E
Questions 21
Options:
A.
Option A
193
B. Ethernet0/1 on both sides. The LACP mode must match on both
ends.
Option B
2. Configure the EtherChanneI as a trunk link.
C.
3. Configure the trunk link with 802. Iq tags.
Option C
4. Configure VLAN 'MONITORING' as the untagged VLAN of the
D.
EtherChannel.
Option D
==================
Show Answer Buy Now
Guidelines
Answer:
A devices.
Questions 22
Physical connectivity is implemented between the two Layer 2
perform the tasks.
switches,
and the network connectivity between them must be configured.
device icon or using
I . Configure an LACP EtherChanneI and number it as 44; configure
the tab(s) above the console window.
it
between switches SWI and SW2 using interfaces EthernetO/O and
• Do not change the enable password or hostname for any device.
194
• Save your configurations to NVRAM before moving to the next
item.
• When Next is clicked, the lab closes and cannot be reopened.
Options:
Show Answer Buy Now
Answer:
195
Answer: channel44 and set the LACP mode to active on both ends. The
LACP mode must match on both ends for the EtherChannel to
Solution is given below explanation. form.

• On both SW1 and SW2, exit the interface range configuration
Explanation: mode by using the exit command.
• On both SW1 and SW2, enter the Port-channel interface
Explanation:
configuration mode by using the interface port-channel 44
To configure an LACP EtherChannel and number it as 44, configure command.
it between switches SW1 and SW2 using interfaces Ethernet0/0 and • On both SW1 and SW2, configure the Port-channel interface as a
Ethernet0/1 on both sides, configure the EtherChannel as a trunk trunk link by using the switchport mode trunk command.
link, configure the trunk link with 802.1q tags, and configure VLAN • On both SW1 and SW2, configure the Port-channel interface to
‘MONITORING’ as the untagged VLAN of the EtherChannel, you use 802.1q tags for VLAN identification by using the switchport
need to follow these steps: trunk encapsulation dot1q command.
• On both SW1 and SW2, configure VLAN ‘MONITORING’ as the
• On both SW1 and SW2, enter the global configuration mode by
untagged VLAN of the Port-channel interface by using the
using the configure terminal command.
switchport trunk native vlan MONITORING command.
• On both SW1 and SW2, select the two interfaces that will form
• On both SW1 and SW2, exit the Port-channel interface
the EtherChannel by using the interface range ethernet 0/0 - 1
configuration mode by using the exit command.
command. This will enter the interface range configuration mode.
• On both SW1 and SW2, save the configuration to NVRAM by using
• On both SW1 and SW2, set the protocol to LACP by using the
the copy running-config startup-config command.
channel-protocol lacp command.
• On both SW1 and SW2, assign the interfaces to an EtherChannel Questions 23
group number 44 by using the channel-group 44 mode active
command. This will create a logical interface named Port-
196
When configuring a WLAN with WPA2 PSK in the Cisco Wireless Explanation:
LAN Controller GUI, which two formats are available to select?
(Choose two)
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
Options: 4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CO
NSOLIDATED_chapter_01010001.html, , , , ]
A.
Questions 24
ASCII
Which WAN topology provides a combination of simplicity quality,
B.
and availability?
base64
Options:
C.
A.
binary
partial mesh
D.
B.
decimal
full mesh
E.
C.
hexadecimal
point-to-point
Show Answer Buy Now
D.
Answer: hub-and-spoke
A, E Show Answer Buy Now
197
Answer: allows a single host name to be shared across more than one IP
address
C
Show Answer Buy Now
Questions 25
Answer:
What are two roles of Domain Name Services (DNS)? (Choose
Two) D, E
A. Which switch technology establishes a network connection
builds a flat structure of DNS names for more efficient IP operations immediately when it is plugged in?
B. Options:
encrypts network Traffic as it travels across a WAN by default A.
C. PortFast
improves security by protecting IP addresses under Fully Qualified B.

Domain Names (FQDNs) BPDU guard
D.
C.
enables applications to identify resources by name instead of IP UplinkFast
address
D.
E.
BackboneFast
198
Answer: iPsec over ISATAP
D.
A
GRE
Explanation:
Show Answer Buy Now
Explanation:
Answer:
PortFast is useful to connect hosts and switches to a switch. Access
layer switches are more frequently “plugged in” and “plugged out” B
than distribution or core layer switches. Also, this feature’s target is
Questions 28
just to minimize STP convergence time.
Questions 27 What criteria is used first during me root port selection process?
What mechanism carries multicast traffic between remote sites and

Options:
supports encryption? A.
Options: local port ID
A. B.
ISATAP lowest path cost to the root bridge
B. C.
GRE over iPsec lowest neighbor's bridge ID
199
D. model
lowest neighbor's port ID E.
Show Answer Buy Now recipe
B Answer:
Questions 29 C, D
Which two components are needed to create an Ansible script that Questions 30
configures a VLAN on a switch? (Choose two.)
An engineer must configure Interswitch VLAN communication
Options: between a Cisco switch and a third-party switch. Which action
should be taken?
A.
Options:
cookbook
A.
B.
configure IEEE 802.1p
task
B.
C.
configure IEEE 802.1q
playbook
C.
D.
configure ISL
200
D. D.
configure DSCP enables secure communications to the internet for all external hosts
Answer: Answer:
B A
Which function does the range of private IPv4 addresses perform? What are two improvements provided by automation for network
management in an SDN environment? (Choose two)
Options:
Options:
A.
A.
allows multiple companies to each use the same addresses without
conflicts Data collection and analysis tools establish a baseline for the
network
B.
B.
provides a direct connection for hosts from outside of the enterprise
network Artificial intelligence identifies and prevents potential design
failures.
C.
C.
ensures that NAT is not required to reach the internet with private
range addressing
201
Machine learning minimizes the overall error rate when automating
troubleshooting processes
D.
New devices are onboarded with minimal effort
E.
Proprietary Cisco APIs leverage multiple network management

tools.
Show Answer Buy Now Which command provides this output?
Options:
Answer:
A.
B, E
show ip route
Questions 33
B.
show ip interface
C.
show interface
D.
show cdp neighbor
202
Show Answer Buy Now F.
Answer: inside public
Show Answer Buy Now

D
Answer:
Questions 34
Which type of address is the public IP address of a NAT device? C
Options: Explanation:
A. Explanation:
outside global NAT use four types of addresses:* Inside local address – The IP
B. address assigned to a host on the inside network. The address is
usually not an IP address assigned by the Internet Network
outsdwde local Information Center (InterNIC) or service provider.This address is
C. likely to be an RFC 1918 private address.* Inside global address – A
legitimate IP address assigned by the InterNIC or service provider
inside global
that represents one or more inside local IP addresses to the outside
D. world.* Outside local address – The IP address of an outside host as
it is known to the hosts on the inside network.* Outside global
insride local
address – The IP address assigned to a host on the outside network.
E. The owner of the host assigns this address.
outside public Questions 35
203
Explanation:
Explanation:
A network administrator must permit SSH access to remotely Note : Already a statement is there in last to allow SSH Traffic for
manage routers in a network. The operations team resides on the network 10.20.1.0 0.0.0.127, but Second statement says deny ip any
10.20.1.0/25 network. Which command will accomplish this task? 10.20.1.0 0.0.0.255, so how it will work once it is denied. So the
Options: right answer is remove the --- no access-list 2699 deny ip any
10.20.1.0 0.0.0.255.
A.
Questions 36
access-list 2699 permit udp 10.20.1.0 0.0.0.255
Which two functions are performed by the core layer in a three-tier
B.
architecture? (Choose two)
no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22 Options:
C.
A.
access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
Provide uninterrupted forwarding service.
D.
B.
no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
Police traffic that is sent to the edge of the network.
Show Answer Buy Now
C.
204
Provide direct connectivity for end user devices. Drag and drop the SNMP components from the left onto the
descriptions on the right.
D.
Ensure timely data transfer between layers.
E.
Inspect packets for malicious activity.
Show Answer Buy Now
Answer: Options:
A, D Show Answer Buy Now
Explanation: Answer:
Explanation:
Answer:
Cisco is very clear about the purpose of this layer. Its only role is to
forward traffic, the fastest it can. Here you don’t apply any policy, Questions 38
as you must try to reduce the load of the core so it can focus on Drag and drop the 802.11 wireless standards from the left onto the
routing. matching statements on the right
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus
/campover.html#wp708831
Questions 37
205
Which 802.11 frame type is association response?
Options:
A.
management
B.
protected frame
Options: C.
Show Answer Buy Now control
Answer: D.
action
Answer:
Show Answer Buy Now
Answer:
Explanation:
https://en.wikipedia.org/wiki/802.11_Frame_Types, , ]
Questions 39
206
Questions 40
Drag and drop the threat-mitigation techniques from the left onto the
types of threat or attack they mitigate on the right.
Options: Double-Tagging attack:
Show Answer Buy Now
Answer:
In this attack, the attacking computer generates frames with two
Answer: 802.1Q tags. The first tag matches the native VLAN of the trunk
port (VLAN 10 in this case), and the second matches the VLAN of a
Explanation: host it wants to attack (VLAN 20).When the packet from the
attacker reaches Switch A, Switch A only sees the first VLAN 10
Explanation:
and it matches with its native VLAN 10 so this VLAN tag is
removed. Switch A forwards the frame out all links with the same
native VLAN 10. Switch B receives the frame with an tag of VLAN
20 so it removes this tag and forwards out to the Victim
207
computer.Note: This attack only works if the trunk (between two What is the next hop address for traffic that is destined to host
switches) has the same native VLAN as the attacker.To mitigate this 10.0.1.5?
type of attack, you can use VLAN access control lists (VACLs,
Options:
which applies to all traffic within a VLAN. We can use VACL to
drop attacker traffic to specific victims/servers) or implement A.
Private VLANs.ARP attack (like ARP poisoning/spoofing) is a type 10.0.1.3
of attack in which a malicious actor sends falsified ARP messages
B.
over a local area network as ARP allows a gratuitous reply from a
host even if an ARP request was not received. This results in the 10.0.1.50
linking of an attacker’s MAC address with the IP address of a
C.
legitimate computer or server on the network. This is an attack based
on ARP which is at Layer 2.Dynamic ARP inspection (DAI) is a 10.0.1.4
security feature that validates ARP packets in a network which can
D.
be used to mitigate this type of attack.
Loopback D
Questions 41
Show Answer Buy Now
Answer:
Questions 42
Which access layer threat-mitigation technique provides security

based on identity?
208
Options: A.
A. group access points together to increase throughput on a given

channel
Dynamic ARP Inspection
B.
B.
configure the first three access points are configured to use Channels
using a non-default native VLAN
1, 6, and 11
C.
C.
802.1x
include a least two access points on nonoverlapping channels to
D. support load balancing
DHCP snooping D.
Show Answer Buy Now assign physically adjacent access points to the same Wi-Fi channel
C Answer:
Questions 43 B
What is recommended for the wireless infrastructure design of an Questions 44

organization?
When DHCP is configured on a router, which command must be
Options: entered so the default gateway is automatically distributed?
209
Options: Central AP management requires more complex configurations
A. B.
default-router Unique SSIDs cannot use the same authentication method
B. C.
default-gateway It supports autonomous and lightweight APs
C. D.
ip helper-address It eliminates the need to configure each access point individually
dns-server Answer:
Show Answer Buy Now
D
Answer:
Questions 46
A Refer to the exhibit.
Questions 45
What is a benefit of using a Cisco Wireless LAN Controller?
Options:
A.
210
Options:
A.
Switch 1
B.
Switch 2
C.
Switch 3
D.
Switch 4
Show Answer Buy Now
Answer:
Which switch becomes the root of the spanning tree for VLAN 110? B
Questions 47
Which configuration ensures that the switch is always the root for
VLAN 750?
Options:
211
A. 0 command ensures the bridge priority takes precedence over all
other priorities.
Switch(config)#spanning-tree vlan 750 priority 38003685
Questions 48
B.
Drag and drop the WLAN components from the left onto the correct
Switch(config)#spanning-tree vlan 750 root primary
C.
D.
Show Answer Buy Now
Options:
Answer:
Show Answer Buy Now
D
Answer:
Explanation:
Explanation:
Although the spanning-tree vlan 10 root primary command will

ensure a switch will have a bridge priority value lower than other
bridges introduced to the network, the spanning-tree vlan 10 priority
212
Answer: A.
SW1
B.
SW2
C.
SW3
D.
Questions 49
SW4
Show Answer Buy Now
Answer:
Which switch in this configuration will be elected as the root Questions 50

bridge?
Drag and drop the DHCP snooping terms from the left onto the
Options:
213
Options:
A.
read
B.
update
Options: C.
create
Show Answer Buy Now
D.
Answer:
delete
Answer:
Show Answer Buy Now
Answer:
Explanation:
Explanation:
GET: This method retrieves the information identified by the request

Questions 51
URI. In the context of the RESTful web services, this method is
Which CRUD operation corresponds to the HTTP GET method?
214
used to retrieve resources. This is the method used for read D
operations (the R in CRUD).
Questions 53
https:// hub.packtpub.com/crud-operations-rest/
Questions 52 What is a recommended approach to avoid co-channel congestion
while installing access points that use the 2.4 GHz frequency?
What does physical access control regulate?
Options:
Options:
A.
A.
different nonoverlapping channels
access to spec fie networks based on business function
B.
B.
different overlapping channels
access to servers to prevent malicious activity
C.
C.
one overlapping channel
access :o computer networks and file systems
D.
D.
one nonoverlapping channel
access to networking equipment and facilities
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
A
215
Questions 54 Which two encoding methods are supported by REST APIs?
Which API is used in controller-based architectures to interact with (Choose two)
edge devices? Options:

Options: A.
A. YAML
overlay B.
B. JSON
northbound C.
C. EBCDIC
underlay D.
D. SGML
southbound E.
Show Answer Buy Now XML
D Answer:
Questions 55 B, E
216
Explanation: 200
Explanation: B.
https://www.cisco.com/c/en/us/td/docs/switches/datac enter/aci/apic/ 301

sw/2- C.
x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/
b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html 404
Reference: [Reference: D.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000 500
/sw/5_x/rest_api_config/b_Cisco_N1KV_VMware_REST_API_Config_5x/b
Show Answer Buy Now
_Cisco_N1KV_VMware_REST_API_Config_5x_chapter_010.pdf, , The
Application Policy Infrastructure Controller (APIC) REST API is a Answer:
programmatic interface that uses REST architecture. The API accepts and
returns HTTP (not enabled by default) or HTTPS messages that contain A
JavaScript Object Notation (JSON) or Extensible Markup Language (XML)
documents., , ]
Questions 57
Which HTTP status code is returned after a successful REST API

request?
Options:
A.
217
After running the code in the exhibit, which step reduces the amount D
of data that the NETCONF server returns to the NETCONF client,
to only the interface's configuration? Questions 58
Options: In which two ways does a password manager reduce the chance of a
hacker stealing a users password? (Choose two.)
A.
Options:
Use the Ixml library to parse the data returned by the NETCONF
server for the interface's configuration. A.
B. It automatically provides a second authentication factor that is

unknown to the original user.
Create an XML filter as a string and pass it to get_config() method
as an argument. B.
C. It uses an internal firewall to protect the password repository from

unauthorized access.
Create a JSON filter as a string and pass it to the get_config()
method as an argument. C.
D. It protects against keystroke logging on a compromised device or

web site.
Use the JSON library to parse the data returned by the NETCONF
server for the interface's configuration. D.
Show Answer Buy Now It stores the password repository on the local workstation with built-
in antivirus and anti-malware functionality
Answer:
E.
218
It encourages users to create stronger passwords. user awareness
Answer: Answer:
C, E D
An email user has been lured into clicking a link in an email sent by Explanation:
their company's security organization. The webpage that opens
This is a training program which simulates an attack, not a real
reports that it was safe but the link could have contained malicious
attack (as it says “The webpage that opens reports that it was safe”)
code. Which type of security program is in place?
so we believed it should be called a “user awareness”
Options: program.Therefore the best answer here should be “user awareness”.
A. This is the definition of“User awareness” from CCNA 200- 301
Offical Cert Guide Book:“User awareness: All users should be made
Physical access control aware of the need for data confidentiality to protect corporate
B. information, as well as their own credentials and personal
information. They should also be made aware of potential threats,
Social engineering attack
schemes to mislead, and proper procedures to report security
C. incidents. ” Note: Physical access control means infrastructure
locations, such as network closets and data centers, should remain
brute force attack
securely locked.
D.
Questions 60
219
What is a characteristic of a SOHO network? Options:
Options: A.
A. The Layer 2 switch drops the received frame
connects each switch to every other switch in the network B.
B. The Layer 2 switch floods packets to all ports except the receiving
port in the given VLAN.
enables multiple users to share a single broadband connection
C.
C.
The Layer 2 switch sends a copy of a packet to CPU for destination
provides high throughput access for 1000 or more users
MAC address learning.
D.
D.
includes at least three tiers of devices to provide load balancing and
The Layer 2 switch forwards the packet and adds the destination
redundancy
MAC address to its MAC address table
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
B
B
Questions 61
Explanation:
What is the default behavior of a Layer 2 switch when a frame with
an unknown destination MAC address is received? Explanation:
220
If the destination MAC address is not in the CAM table (unknown Answer:
destination MAC address), the switch sends the frame out all other
ports that are in the same VLAN as the received frame. This is
B
called flooding. It does not flood the frame out the same port on
Explanation:
which the frame was received.
Stateful inspection, also known as dynamic packet filtering, is a

Which device tracks the state of active connections in order to make
firewall technology that monitors the state of active connections and
a decision to forward a packet through?
uses this information to determine which network packets to allow
Options: through the firewall.
A. Questions 63
wireless access point How do TCP and UDP differ in the way they provide reliability for
B. delivery of packets?
firewall
Options:
C. A.
wireless LAN controller TCP is a connectionless protocol that does not provide reliable
delivery of data, UDP is a connection-oriented protocol that uses
D.
sequencing to provide reliable delivery.
router B.
Show Answer Buy Now
221
TCP does not guarantee delivery or error checking to ensure that
there is no corruption of data UDP provides message
acknowledgement and retransmits data if lost.
C.
TCP provides flow control to avoid overwhelming a receiver by

sending too many packets at once, UDP sends packets to the
receiver in a continuous stream without checking for sequencing
D.
TCP uses windowing to deliver packets reliably; UDP provides

reliable message transfer between hosts by establishing a three-way If OSPF is running on this network, how does Router 2 handle
handshake traffic from Site B to 10.10.13/25 at Site A?
Show Answer Buy Now Options:
A.
Answer:
It sends packets out of interface Fa0/2 only.
C
B.
Questions 64
It sends packets out of interface Fa0/1 only.
C.
It cannot send packets to 10.10.13 128/25
D.
222
It load-balances traffic out of Fa0/1 and Fa0/2
Show Answer Buy Now
Answer:
Explanation:
Options:
Explanation:
Show Answer Buy Now
Router2 does not have an entry for the subnet 10.10.13.128/25. It
only has an entry for 10.10.13.0/25, which ranges from 10.10.13.0 to Answer:
10.10.13.127.
Answer:
https://study-ccna.com/administrative-distance-metric/
Questions 65
Drag and drop the DNS lookup components from the left onto the
functions on the right.
Explanation:
223
Explanation: password
Show Answer Buy Now
Answer:
Diagram Questions 67
Questions 66
Which field within the access-request packet is encrypted by

RADIUS?
Options:
A.
authorized services
An engineer is configuring an EtherChannel using LACP between
B. Switches 1 and 2 Which configuration must be applied so that only
authenticator Switch 1 sends LACP initiation packets?
C.
Options:
username A.
D. Switch 1 (config-if)#channel-group 1 mode on
224
Swrtch2(config-if)#channel-group 1 mode passive
B.
Switch1(config-if)#channel-group 1 mode passive
Switch2(config-if)#channel-group 1 mode active
C.
Switch1{config-if)£channel-group 1 mode active
Switch2(config-if)#channel-group 1 mode passive

R1 learns all routes via OSPF Which command configures a backup
D.
static route on R1 to reach the 192 168.20.0/24 network via R3?
Switch1(config-if)#channel-group 1 mode on
Options:
Switch2(config-if)#channel-group 1 mode active
A.
Show Answer Buy Now
R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2
Answer: B.
C R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90
Questions 68 C.
Refer to the exhibit. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111
D.
225
R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2
Show Answer Buy Now
Answer:
Questions 69
Drag and drop the functions of DHCP from the left onto any of the Answer:
positions on the right Not all functions are used
Explanation:
Explanation:
Options:
Graphical user interface,
Show Answer Buy Now text, application, email Description automatically generated
226
Refer to the exhibit. Configure router B and router C as OSPF neighbors of router A.
C.
Configure the router A interfaces with the highest OSPF priority

value within the area.
D.
Configure router A with a fixed OSPF router ID
Show Answer Buy Now
Answer:
Questions 71
Which action must be taken to ensure that router A is elected as the Which action is taken by the data plane within a network device?
DR for OSPF area 0?
Options:
Options:
A.
A.
forwards traffic to the next hop
Configure the OSPF priority on router A with the lowest value
B.
between the three routers.
constructs a routing table based on a routing protocol
B.
227
C. multicast address
provides CLI access to the network device D.
D. link-local address
looks up an egress interface in the forwarding information base Show Answer Buy Now

Answer: B
A Questions 73
Questions 72 Which protocol uses the SSL?
Which type of IPv6 address is similar to a unicast address but is Options:

assigned to multiple devices on the same network at the same time?
A.
Options:
HTTP
A.
B.
global unicast address
SSH
B.
C.
anycast address
HTTPS
C.
D.
228
Telnet switchport trunk allowed vlan add 104
Answer: switchport trunk allowed vlan all
D.
C
switchport trunk allowed vlan 104
Questions 74
Show Answer Buy Now
Answer:
Questions 75
Which type of network attack overwhelms the target server by

sending multiple packets to a port until the half-open TCP resources
An engineer is asked to insert the new VLAN into the existing trunk
of the target are exhausted?
without modifying anything previously configured Which command
accomplishes this task? Options:
Options: A.
A. SYIM flood
switchport trunk allowed vlan 100-104 B.
B. reflection
229
C. D.
teardrop SSH
amplification Answer:
Show Answer Buy Now
D
Answer:
Questions 77
A Which interface mode must be configured to connect the lightweight
APs in a centralized architecture?
Questions 76
Options:
Which protocol is used for secure remote CLI access?
A.
Options:
WLAN dynamic
A.
B.
HTTPS
management
B.
C.
HTTP
trunk
C.
D.
Telnet
230
access An individual IPv6 unicast address is supported on a single interface
on one node but an IPv6 anycast address is assigned to a group of
Show Answer Buy Now
interfaces on multiple nodes.
Answer: D.
D Unlike an IPv6 anycast address, an IPv6 unicast address is assigned

to a group of interfaces on multiple nodes
Questions 78
Show Answer Buy Now
What is the difference between IPv6 unicast and anycast addressing?
Answer:
Options:
A. C
IPv6 anycast nodes must be explicitly configured to recognize the Questions 79

anycast address, but IPv6 unicast nodes require no special
configuration
B.
IPv6 unicast nodes must be explicitly configured to recognize the

unicast address, but IPv6 anycast nodes require no special
configuration
A network engineer must update the configuration on Switch2 so
C.
that it sends LLDP packets every minute and the information sent
via LLDP is refreshed every 3 minutes Which configuration must
the engineer apply?
231
A) Option C
D.
Option D
B)
Show Answer Buy Now
Answer:
C)
A
Questions 80
Drag and drop the TCP or UDP details from the left onto their
D)
corresponding protocols on the right.
Options:
A.
Option A Options:
B. Show Answer Buy Now
Option B
Answer:
C.
232
C.
via next-hop 10.0 1.50
D.
Answer:
via next-hop 10.0 1 100
Questions 81
Show Answer Buy Now
Answer:
Questions 82
A network engineer must implement an IPv6 configuration on the
Web traffic is coming in from the WAN interface. Which route takes vlan 2000 interface to create a routable locally-unique unicast
precedence when the router is processing traffic destined for the address that is blocked from being advertised to the internet. Which
LAN network at 10 0.10.0/24? configuration must the engineer apply?
Options: Options:
A.
A.
via next-hop 10.0.1.5 interface vlan 2000
B. ipv6 address ffc0:0000:aaaa::1234:2343/64
B.
via next-hop 10 0 1.4
233
interface vlan 2000 • The password for privileged EXEC mode is pnv4t3p4ss Which
command sequence must the engineer configured
Ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64
A)
C.
interface vlan 2000
ipv6 address fe80;0000:aaaa::1234:2343/64
D.
interface vlan 2000
ipv6 address fd00::1234:2343/64 B)

Show Answer Buy Now
Answer:
Questions 83
A Cisco engineer is configuring a factory-default router with these

three passwords: C)
• The user EXEC password for console access is p4ssw0rd1
• The user EXEC password for Telnet access is s3cr3t2
234
Show Answer Buy Now
Answer:
Questions 84

D)
Options:
A.
Option A
B.
Option B An IP subnet must be configured on each router that provides
C.
enough addresses for the number of assigned hosts and anticipates
no more than 10% growth for now hosts. Which configuration script
Option C must be used?
D. A)
Option D
235
D)
B)
Options:
C)
A.
Option A
236
B. A.
Option B int range g0/0-1
C. channel-group 10 mode active
Option C B.
D. int range g0/0-1 chanm.l-group 10 mode desirable
Option D C.
Show Answer Buy Now int range g0/0-1
Answer: channel-group 10 mode passive
D.
C
int range g0/0-1 channel-group 10 mode auto
Questions 85
E.
int range g0/0-1 channel-group 10 mode on
Show Answer Buy Now
Answer:
Which two commands when used together create port channel 10? A, C
(Choose two.)
Questions 86
Options:
237
Refer to the exhibit. C.
Configure the interface port-channel 1 command on both switches.
D.
Change the channel-group mode on SW1 to active or passive.
Show Answer Buy Now
Answer:
Questions 87
An engineer built a new L2 LACP EtherChannel between SW1 and Refer to the exhibit.
SW2 and executed these show commands to verify the work. Which
additional task allows the two switches to establish an LACP port
channel?
Options:
A.
Change the channel-group mode on SW2 to auto
B.
Change the channel-group mode on SW1 to desirable.
238
D.
queuing drops
Show Answer Buy Now
Answer:
Questions 88
Which characteristic differentiates the concept of authentication

from authorization and accounting?
Traffic that is flowing over interface TenGigabitEthernet0/0
experiences slow transfer speeds. What is the reason for the issue? Options:
Options: A.
A. user-activity logging
heavy traffic congestion B.
B. service limitations
C.
a duplex incompatibility
C. consumption-based billing
D.
a speed conflict
239
identity verification
Show Answer Buy Now

C)
Answer:
D
D)
Questions 89

E)
Options:
A.
Option A
B.
Which two configurations must the engineer apply on this network
Option B
so that R1 becomes the DR? (Choose two.)
C.
A)
Option C
D.
B)
240
Option D travel between floors or to other areas in the building What must be
the configuration of the connection?
E.
Options:
Option E
A.
Show Answer Buy Now
Select the WPA Policy option with the CCKM option.
Answer:
B.
B, C
Disable AES encryption.
Questions 90 C.
Refer to the exhibit. Enable Fast Transition and select the FT 802.1x option.
D.
Enable Fast Transition and select the FT PSK option.
Show Answer Buy Now
Answer:
Questions 91
Users need to connect to the wireless network with IEEE 802. 11r-
compatible devices. The connection must be maintained as users Refer to the exhibit.
241
There is an interface type mismatch
Show Answer Buy Now
Answer:
Questions 92

The link between PC1 and the switch is up. but it is performing
poorly. Which interface condition is causing the performance
problem?
Options:
A.
There is a duplex mismatch on the interface

Packets received by the router from BGP enter via a serial interface
B.
at 209 165 201 1 Each route is present within the routing table
There is an issue with the fiber on the switch interface. Which interface is used to forward traffic with a destination IP of
C. 10.1.1.19?
There is a speed mismatch on the interface.

Options:
D. A.
242
F0/4
B.
F0/0
C.
F0/1
D.
Options:
F0/3
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
Answer:
B
Questions 93
Drag and drop the characteristics of networking from the left onto
the networking types on the right.
Questions 94
243
D)
Options:
An engineer has started to configure replacement switch SW1. To A.
verify part of the configuration, the engineer issued the commands
as shown and noticed that the entry for PC2 is missing. Which Option A
change must be applied to SW1 so that PC1 and PC2 communicate B.

normally?
Option B
A)
C.
Option C
D.
B)
Option D
Show Answer Buy Now
C) Answer:
244
Questions 95 router ospf 1
OSPF must be configured between routers R1 and R2. Which OSPF network 192.168.1.1 0.0.0.0 area 0
configuration must be applied to router R1 to avoid a DR/BDR
interface e1/1
election?
ip address 192.168.1.1 255.255.255.252
Options:
ip ospf cost 0
A.
D.
router ospf 1
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
hello interval 15
ip address 192.168.1.1 255.255.255.252
interface e1/1
ip ospf network broadcast
Ip address 192.168.1.1 255.255.255.252
B.
Show Answer Buy Now
router ospf 1
network 192.168.1.1 0.0.0.0 area 0 Answer:
interface e1/1 B
ip address 192.168.1.1 255.255.255.252 Questions 96
ip ospf network point-to-point An engineer is configuring remote access to a router from IP subnet
C. 10.139.58.0/28. The domain name, crypto keys, and SSH have been
245
configured. Which configuration enables the traffic on the
destination router?
A)
Options:
A.
Option A
B)
B.
Option B
C.
Option C
C) D.
Option D
Show Answer Buy Now
Answer:
D) B
Questions 97
246
What is one reason to implement LAG on a Cisco WLC?
Options:
A.
to increase security and encrypt management frames
B.
Which command configures OSPF on the point-to-point link
to provide link redundancy and load balancing between routers R1 and R2?
C. Options:
to allow for stateful and link-state failover A.
D. router-id 10.0.0.15
to enable connected switch ports to failover and use different B.

VLANs
neighbor 10.1.2.0 cost 180
Show Answer Buy Now
C.
Answer: ipospf priority 100
B D.
Questions 98 network 10.0.0.0 0.0.0.255 area 0
Show Answer Buy Now

247
Answer: A.
D GigabitEthernet0/0
B.
Questions 99
GigabltEthornet0/1
C.
GigabitEthernet0/2
D.
GigabitEthernet0/3
Show Answer Buy Now
Answer:
Questions 100
Router R1 resides in OSPF Area 0. After updating the R1 Refer to the exhibit.
configuration to influence the paths that it will use to direct traffic,
an engineer verified that each of the four Gigabit interfaces has the
same route to 10.10.0.0/16. Which interface will R1 choose to send
traffic to reach the route?
Options:
248
The router has been configured with a supernet to accommodate the
requirement for 380 users on a subnet The requirement already
considers 30% future growth. Which configuration verifies the IP
subnet on router R4?
A) Options:
A.
Option A
B.
B) Option B
C.
Option C
D.
C) Option D
Show Answer Buy Now
Answer:
B
D)
Questions 101
249
Refer to the exhibit. ip route 10.1.1.10 255.255.255.255 gi0/0 125
Show Answer Buy Now
Answer:
Questions 102
What is a requirement when configuring or removing LAG on a

WLC?
Which route must be configured on R1 so that OSPF routing is used
when OSPF is up. but the server is still reachable when OSPF goes Options:
down? A.
Options:
The Incoming and outgoing ports for traffic flow must be specified
A. If LAG Is enabled.
ip route 10.1.1.10 255.255.255.255 172.16.2.2 100 B.
B. The controller must be rebooted after enabling or reconfiguring

LAG.
ip route 10.1.1.0 255.255.255.0 gi0/1 125
C.
C.
The management interface must be reassigned if LAG disabled.
ip route 10.1.1.0 255.255.255.0 172.16.2.2 100
D.
D.
250
Multiple untagged interfaces on the same port must be supported. Answer:
Show Answer Buy Now
Answer:
Questions 103
Drag and drop the Rapid PVST+ forwarding slate actions from the
loft to the right. Not all actions are used. Questions 104
An engineer must configure R1 for a new user account. The account

must meet these requirements:
* It must be configured in the local database.
* The username is engineer.
* It must use the strongest password configurable. Which command

must the engineer configure on the router?
Options:
Options:
Show Answer Buy Now
A.
Answer:
R1 (config)# username engineer2 algorithm-type scrypt secret
test2021
251
B.
R1(config)# username engineer2 secret 5 .password

S1$b1Ju$kZbBS1Pyh4QzwXyZ
C.
R1(config)# username engineer2 privilege 1 password 7 test2021
D. Drag and drop the prefix lengths from the left onto the
R1(config)# username englneer2 secret 4 corresponding prefixes on the right Not all prefixes are used
S1Sb1Ju$kZbBS1Pyh4QzwXyZ Options:
Answer: Answer:
B Answer:
Questions 105
see the answer below.
Explanation:
Explanation:
252
Diagram
Description automatically generated with low confidence
Questions 106 Chart, bar chart Description automatically generated
Drag and drop the REST API call methods for HTTP from the left Questions 107
onto the actions they perform on the right Not all methods are used.
What is a function of Opportunistic Wireless Encryption in an
Options: environment?
Answer: A.
offer compression
Answer:
B.
see the answer below increase security by using a WEP connection
Explanation: C.
Explanation: provide authentication
D.
253
protect traffic on open networks F0/11
Answer: F0/12
D.
D
F0/13
Questions 108
Show Answer Buy Now
Answer:
Questions 109
Packets received by the router from BGP enter via a serial interface Which WLC management connection type is vulnerable to man-in-
at 209.165.201.10. Each route is present within the routing table. the-middle attacks?
Which interface is used to forward traffic with a destination IP of
Options:
10.10.10.24?
A.
Options:
SSH
A.
B.
F0/10
HTTPS
B.
254
C. traffic shaping
Telnet D.
D. traffic prioritization
console Show Answer Buy Now

Answer: C
C Questions 111
Questions 110 What is an expected outcome when network management
automation is deployed?
Which QoS traffic handling technique retains excess packets in a
queue and reschedules these packets for later transmission when the Options:
configured maximum bandwidth has been surpassed?
A.
Options:
A distributed management plane must be used.
A.
B.
weighted random early detection
Software upgrades are performed from a central controller
B.
C.
traffic policing
Complexity increases when new device configurations are added
C.
255
D. D.
Custom applications are needed to configure network devices ip ssh authentication-retries 2
Answer: Answer:
B C

A network engineer is configuring a switch so that it is remotely Explanation:
reachable via SSH. The engineer has already configured the host
https://www.cisco.com/c/en/us/solutions/small-b usiness/resource-
name on the router. Which additional command must the engineer
center/networking/how-to-setup-network-switch.html
configure before entering the command to generate the RSA key?
Questions 113
Options:
A Cisco engineer must configure a single switch interface to meet
A.
these requirements
password password
• accept untagged frames and place them in VLAN 20
B.
• accept tagged frames in VLAN 30 when CDP detects a Cisco IP
crypto key generate rsa modulus 1024 phone
C. Which command set must the engineer apply?
ip domain-name domain A)
256
Option B
C.
Option C
B) D.
Option D
Show Answer Buy Now
Answer:
C)
Questions 114
D) Refer to the exhibit.
Options:
A.
Option A
B.
257
D)
Options:
A.
Option A
Switch A is newly configured. All VLANs are present in the VLAN B.

database. The IP phone and PC A on Gi0/1 must be configured for
Option B
the appropriate VLANs to establish connectivity between the PCs.
Which command set fulfills the requirement? C.
A) Option C
D.
Option D
B) Show Answer Buy Now
Answer:
C) A
258
Questions 115
Which PoE mode enables powered-device detection and guarantees

power when the device is detected?
Options:
A.
dynamic
B.
static
C.
Site A was recently connected to site B over a new single-mode
active
fiber path. Users at site A report Intermittent connectivity Issues
D. with applications hosted at site B. What is the reason for the
auto problem?
A.
Answer:
Heavy usage is causing high latency.
B
B.
Questions 116
An incorrect type of transceiver has been inserted into a device on
Refer to the exhibit. the link.
259
C.
physical network errors are being transmitted between the two sites.
D.
The wrong cable type was used to make the connection.
Show Answer Buy Now
Answer:
Questions 117
Which configuration enables DHCP addressing for hosts connected

to interface FastEthernetO/1 on router R4?
Options:
A.
interface FastEthernet0/0
ip helper-address 10.0.1.1
260
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1 Answer:
B. B
interface FastEthernot0/1
Questions 118
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1
C.
interface FastEthernetO/0 Which configuration allows routers R14 and R86 to form an
ip helper-address 10.0.1.1 OSPFv2 adjacency while acting as a central point for exchanging
OSPF information between routers?
I
A)
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps
D.
interface FastEthernet0/1
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1
Show Answer Buy Now
261
C)
D)
B)
Options:
A.
262
Option A An engineer is updating the R1 configuration to connect a new
server to the management network. The PCs on the management
B.
network must be blocked from pinging the default gateway of the
Option B new server. Which command must be configured on R1 to complete
C. the task?
Option C Options:
D. A.
Option D R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1
R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

Answer:
C.
D
R1(config>#ip route 172.16.2.0 255.255.255.0 192.168.1.15
Questions 119
D.
R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5
Show Answer Buy Now
Answer:
263
Questions 120

security program of an organization?
Options:
A.
configuring a password for the console port
B.
An engineer is configuring a new router on the network and applied
backing up syslogs at a remote location this configuration. Which additional configuration allows the PC to
C. obtain its IP address from a DHCP server?
configuring enable passwords on network devices Options:
D. A.
setting up IP cameras to monitor key infrastructure Configure the ip dhcp relay information command under interface
Gi0/1.
Show Answer Buy Now
B.
Answer:
Configure the ip dhcp smart-relay command globally on the router
A
C.
Questions 121 Configure the ip helper-address 172.16.2.2 command under interface

Gi0/0
264
D. TKIP
Configure the ip address dhcp command under interface Gi0/0 Show Answer Buy Now

Answer: C
C
Explanation:
An engineer must configure a WLAN using the strongest encryption Many routers provide WPA2-PSK (TKIP), WPA2-PSK (AES), and
type for WPA2- PSK. Which cipher fulfills the configuration WPA2-PSK (TKIP/AES) as options. TKIP is actually an older
requirement? encryption protocol introduced with WPA to replace the very-
Options: insecure WEP encryption at the time. TKIP is actually quite similar
to WEP encryption. TKIP is no longer considered secure, and is now
A.
deprecated. In other words, you shouldn’t be using it.
WEP AES is a more secure encryption protocol introduced with WPA2
B. and it is currently the strongest encryption type for WPA2-PSK.
RC4
Questions 123
C. Refer to the exhibit.
AES
D.
265
Answer:
Questions 124
All traffic enters the CPE router from interface Serial0/3 with an IP
Which condition must be met before an NMS handles an SNMP trap
address of 192 168 50 1 Web traffic from the WAN is destined for a
from an agent?
LAN network where servers are load-balanced An IP packet with a
destination address of the HTTP virtual IP of 192 1681 250 must be Options:
forwarded Which routing table entry does the router use?
A.
Options:
The NMS software must be loaded with the MIB associated with the
A. trap.
192.168.1.0/24 via 192.168.12.2 B.
B. The NMS must be configured on the same router as the SNMP agent
192.168.1.128/25 via 192.168.13.3 C.
C. The NMS must receive a trap and an inform message from the
SNMP agent within a configured interval
192.168.1.192/26 via 192.168.14.4
D.
D.
The NMS must receive the same trap from two different SNMP
192.168.1.224/27 via 192.168.15.5
agents to verify that it is reliable.
Show Answer Buy Now
266
Answer: Answer:
A B
What is the effect when loopback interfaces and the configured Drag and drop to the characteristics of networking from the left onto
router ID are absent during the OSPF Process configuration? the correct networking types on the right.
Options:
A.
No router ID is set, and the OSPF protocol does not run.
B.
The highest up/up physical interface IP address is selected as the

router ID.
C.
Options:
The lowest IP address is incremented by 1 and selected as the router
ID. Show Answer Buy Now
D.
Answer:
The router ID 0.0.0.0 is selected and placed in the OSPF process.
267
Answer: Options:
A.
10.10.225.48 255.255.255.240
B.
10.10.225.32 255.255.255.240
C.
10.10.225.48 255.255.255.224
D.
10.10.225.32 255.255.255.224
Answer:
Questions 128
Which action does the router take as rt forwards a packet through the
Refer to the exhibit. An engineer must add a subnet for a new office
network?
that will add 20 users to the network. Which IPv4 network and
subnet mask combination does the engineer assign to minimize Options:
wasting addresses?
268
A. C
The router replaces the source and desinaoon labels wth the sending
Questions 129
router uterface label as a source and the next hop router label as a
desbnabon Refer to the exhibit.
B.
The router encapsulates the source and destination IP addresses with

the sending router P address as the source and the neighbor IP
address as the destination
C.
The nip server 192.168.0.3 command has been configured on router
The router replaces the original source and destination MAC 1 to make it an NTP client of router 2. Which command must be
addresses with the sending router MAC address as the source and configured on router 2 so that it operates in server-only mode and
neighbor MAC address as the destination relies only on its internal clock?
D. Options:
The router encapsulates the original packet and then includes a tag A.
that identifies the source router MAC address and transmit
Router2(config)#ntp passive
transparently to the destination
B.
Show Answer Buy Now
Router2(config)#ntp server 172.17.0.1
Answer:
C.
Router2(config)#ntp master 4
269
D. 192.168.1.17
Router2(config)#ntp server 192.168.0.2 B.
Show Answer Buy Now 192.168.1.61
Answer: C.
192.168.1.64
B
D.
Explanation:
192.168.1.127
Explanation:
E.
• To use internal clock of this router, use any configured IP address
192.168.1.254
in any interface of this router.
Show Answer Buy Now
Questions 130

Answer:
B, C
Questions 131
Which two prefixes are included in this routing table entry? (Choose What is the purpose of an SSID?
two.)
Options:
Options:
A.
A.
270
It provides network security Questions 132
B. What are two differences between optical-fiber cabling and copper

cabling? (Choose two)
It differentiates traffic entering access posits
Options:
C.
A.
It identities an individual access point on a WLAN
Light is transmitted through the core of the fiber
D.
B.
It identifies a WLAN
A BNC connector is used for fiber connections
Show Answer Buy Now
C.
Answer:
The glass core component is encased in a cladding
D
D.
Explanation: Fiber connects to physical interfaces using Rj-45 connections
Explanation: E.
“In IEEE 802.11 wireless local area networking standards (including The data can pass through the cladding
Wi-Fi), a service set is a group of wireless network devices which
Show Answer Buy Now
share a service set identifier (SSID)… A service set forms a logical
network of nodes operating with shared link-layer networking Answer:
parameters; they form one logical network segment.“
271
A, C Which port type supports the spanning-tree portfast command
without additional configuration?
Questions 133
Options:
What prevents a workstation from receiving a DHCP address?
A.
Options:
access ports
A.
B.
DTP
Layer 3 main Interfaces
B.
C.
STP
Layer 3 suninterfaces
C.
D.
VTP
trunk ports
D.
Show Answer Buy Now
802.10
Answer:
Show Answer Buy Now
A
Answer:
Questions 135
B
Refer to Exhibit.
Questions 134
272
ipv6 router 2000::1/128 2012::2
D.
ipv6 router 2000::1/128 2023::2 5
E.
ipv6 router 2000::1/128 2023::3 5
Show Answer Buy Now
An engineer is configuring the NEW York router to reach the Lo1

Answer:
interface of the Atlanta router using interface Se0/0/0 as the primary
path. Which two commands must be configured on the New York A, E
router so that it can reach the Lo1 interface of the Atlanta router via
Washington when the link between New York and Atlanta goes Explanation:
down? (Choose two)
Explanation:
Options:
Floating static routes are static routes that have an administrative
A. distance greater than the administrative distance (AD) of another
static route or dynamic routes. By default a static route has an AD of
ipv6 router 2000::1/128 2012::1
1 then floating static route must have the AD greater than 1. Floating
B. static route has a manually configured administrative distance
greater than that of the primary route and therefore would not be in
ipv6 router 2000::1/128 2012::1 5
the routing table until the primary route fails.
C.
Questions 136
273
Refer to the exhibit. Show Answer Buy Now
Answer:
Questions 137
When a client and server are not on the same physical network,
Which command must be executed for Gi1.1 on SW1 to become a
which device is used to forward requests and replies between client
trunk port if Gi1/1 on SW2 is configured in desirable or trunk
and server for DHCP?
mode?
Options:
Options:
A.
A.
DHCP relay agent
B.
B.
DHCP server
switchport mode dot1-tunnel
C.
C.
DHCPDISCOVER
switchport mode dynamic auto
D.
D.
DHCPOFFER
switchport mode dynamic desirable
Show Answer Buy Now
274
Answer: B
A Questions 139
Questions 138 Drag and drop the Cisco Wireless LAN Controller security settings
from the left onto the correct security mechanism categories on the
Which IPv6 address type provides communication between subnets
right.
and is unable to route on the Internet?
Options:
A.
global unicast
B.
unique local
C. Options:
link-local Show Answer Buy Now
D. Answer:
multicast
Show Answer Buy Now
Answer:
275
Answer: SNMPv3
Show Answer Buy Now
Answer:
Questions 141
Which type of traffic is sent with pure iPsec?

Questions 140
Options:
Which technology must be implemented to configure network
A.
device monitoring with the highest security?
broadcast packets from a switch that is attempting to locate a MAC
Options:
address at one of several remote sites
A.
B.
IP SLA
multicast traffic from a server at one site to hosts at another location
B.
C.
syslog
spanning-tree updates between switches that are at two different
C. sites
NetFlow D.
D.
276
unicast messages from a host at a remote site to a server at For each existing interface, it adds the metric from the source router
headquarters to the destination to calculate the route with the lowest bandwidth.
Answer: It divides a reference bandwidth of 100 Mbps by the actual

bandwidth of the existing interface to calculate the router with the
D lowest cost.
D.
Explanation:
It count the number of hops between the source router and the
Explanation:
destination to determine the router with the lowest metric
“The original poster makes a correct observation that EIGRP does
Show Answer Buy Now
not work in a pure IPSEC environment. IPSEC was designed to
process unicast traffic. Answer:
Questions 142
C
When OSPF learns multiple paths to a network, how does it select a
route? Questions 143
Options: When the active router in an HSRP group fails, what router assumes
the role and forwards packets?
A.
Options:
It multiple the active K value by 256 to calculate the route with the
lowest metric. A.
B. backup
277
B.
standby
C.
listening
D.
forwarding
Show Answer Buy Now A packet is being sent across router R1 to host 172.16.0.14. What is
the destination route for the packet?
Answer:
Options:
B A.
Questions 144 209.165.200.254 via Serial0/0/1
Refer to the exhibit. B.
209.165.200.254 via Serial0/0/0
C.
209.165.200.246 via Serial0/1/0
D.
209.165.200.250 via Serial0/0/0
278
Show Answer Buy Now A.
Answer: The OSPF router IDs are mismatched.
B.
A
Router2 is using the default hello timer.
Questions 145
C.
The network statement on Router1 is misconfigured.
D.
The OSPF process IDs are mismatched.
Show Answer Buy Now
Answer:
Questions 146
Which two protocols must be disabled to increase security for

management connections to a Wireless LAN Controller? (Choose
Refer to the exhibit. After the configuration is applied, the two
two )
routers fail to establish an OSPF neighbor relationship. what is the
reason for the problem? Options:
Options: A.
279
Telnet A.
B. Authentication verifies a username and password, and authorization

handles the communication between the authentication agent and the
SSH
user database.
C.
B.
HTTP
Authentication identifies a user who is attempting to access a
D. system, and authorization validates the users password
HTTPS C.
E. Authentication identifies and verifies a user who is attempting to

TFTP access a system, and authorization controls the tasks the user can
perform.
Show Answer Buy Now
D.
Answer:
Authentication controls the system processes a user can access and
A, C authorization logs the activities the user initiates
Show Answer Buy Now

Questions 147
What is the primary different between AAA authentication and Answer:

authorization?
C
Options:
Explanation:
280
Explanation: broadcast
AAA stands for Authentication, Authorization and Accounting.+ C.

Authentication: Specify who you are (usually via login username &
point-to-point
password)+ Authorization: Specify what actions you can do, what
resource you can access+ Accounting: Monitor what you do, how D.
long you do it (can be used for billing and auditing)An example of nonbroadcast
AAA is shown below:+ Authentication: “I am a normal user. My
Show Answer Buy Now
username/password is user_tom/learnforever”+ Authorization:
“user_tom can access LearnCCNA server via HTTP and FTP”+ Answer:
Accounting: “user_tom accessed LearnCCNA server for 2 hours”.
This user only uses “show” commands. C
Questions 148
Explanation:
A user configured OSPF in a single area between two routers A
Explanation:
serial interface connecting R1 and R2 is running encapsulation PPP
By default which OSPF network type is seen on this interface when The default OSPF network type for HDLC and PPP on Serial link is
the user types show ip ospf interface on R1 or R2? point-to-point (while the default OSPF network type for Ethernet
link is Broadcast).
Options:
Questions 149
A.
What benefit does controller-based networking provide versus
port-to-multipoint
traditional networking?
B.
Options:
281
A. Options:
moves from a two-tier to a three-tier network architecture to provide A.

maximum redundancy
Internet Group Management Protocol
B.
B.
provides an added layer of security to protect from DDoS attacks
Adaptive Wireless Path Protocol
C.
C.
allows configuration and monitoring of the network from one
Cisco Discovery Protocol
centralized port
D.
D.
Neighbor Discovery Protocol
combines control and data plane functionality on a single device to
minimize latency Show Answer Buy Now
Answer: C
C Questions 151
Questions 150 What are two characteristics of an SSID? (Choose Two)
Which protocol does an access point use to draw power from a Options:
connected switch?
A.
282
It can be hidden or broadcast in a WLAN
B.
It uniquely identifies an access point in a WLAN
C.
It uniquely identifies a client in a WLAN
D.
With which metric was the route to host 172.16.0.202 learned?
It is at most 32 characters long.
Options:
E.
A.
IT provides secured access to a WLAN
0
Show Answer Buy Now
B.
Answer:
110
B, E C.
Questions 152 38443
Refer to the exhibit. D.
3184439
Show Answer Buy Now
283
Answer: Which action must be taken in router R1 to help resolve the
configuration issue?
C
Options:
Explanation:
A.
Explanation:
set the default network as 20.20.20.0/24
Both the line “O 172.16.0.128/25” and “S 172.16.0.0/24” cover the B.
host 172.16.0.202 but with the “longest (prefix) match” rule the
router will choose the first route. set the default gateway as 20.20.20.2
Questions 153 C.
Refer to the exhibit. configure a static route with Fa0/1 as the egress interface to reach
the 20.20.20.0/24 network
D.
configure a static route with 10.10.10.2 as the next hop to reach the
20.20.20.0/24 network
Show Answer Buy Now
Answer:
D
Router R1 Fa0/0 is unable ping router R3 Fa0/1.
Questions 154
284
A packet is destined for 10.10.1.22. Which static route does the Options:
router choose to forward the packet?
A.
Options:
The user swipes a key fob, then clicks through an email link
A.
B.
ip route 10.10.1.0 255.255.255.240 10.10.255.1
The user enters a user name and password, and then clicks a
B. notification in an authentication app on a mobile device
ip route 10.10.1.16 255.255.255.252 10.10.255.1 C.
C. The user enters a PIN into an RSA token, and then enters the
displayed RSA key on a login screen
ip route 10.10.1.20 255.255.255.252 10.10.255.1
D.
D.
The user enters a user name and password and then re-enters the
ip route 10.10.1.20 255.255.255.254 10.10.255.1
credentials on a second screen
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
C
B
Questions 155
Explanation:
Which set of action satisfy the requirement for multifactor
authentication? Explanation:
285
This is an example of how two-factor authentication (2FA) works:1. Show Answer Buy Now
The user logs in to the website or service with their username and
password.2. The password is validated by an authentication server Answer:
and, if correct, the user becomes eligible for the second factor.3. The
A
authentication server sends a unique code to the user’s second-factor
method (such as a smartphone app).4. The user confirms their Questions 157
identity by providing the additional authentication for their second-
Which statement about Link Aggregation when implemented on a
factor method.
Cisco Wireless LAN Controller is true?
Questions 156
Options:
How does WPA3 improve security?
A.
Options:
To pass client traffic two or more ports must be configured.
A.
B.
It uses SAE for authentication.
The EtherChannel must be configured in "mode active"
B.
C.
It uses a 4-way handshake for authentication.
When enabled the WLC bandwidth drops to 500 Mbps
C.
D.
It uses RC4 for encryption.
One functional physical port is needed to pass client traffic
D.
Show Answer Buy Now
It uses TKIP for encryption.
286
Answer: The destination MAC address of the frame is unknown.
D Show Answer Buy Now
Answer:
Explanation:
Reference: [Reference: B
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-
Questions 159
guide/b_cg82/b_cg82_chapter_010101011.html, ]
Questions 158 What makes Cisco DNA Center different from traditional network
management applications and their management of networks?
Why does a switch flood a frame to all ports?
Options:
Options:
A.
A.
It omits supports auto-discovery of network elements in a greenfield
The frame has zero destination MAC addresses. deployment.
B. B.
The source MAC address of the frame is unknown It modular design allows someone to implement different versions to
C. meet the specific needs of an organization
The source and destination MAC addresses of the frame are the C.
same It abstracts policy from the actual device configuration

D. D.
287
It does not support high availability of management functions when Show Answer Buy Now
operating in cluster mode
Answer:
Show Answer Buy Now
B
Answer:
Questions 161
C
How does CAPWAP communicate between an access point in local
Questions 160 mode and a WLC?
Which plane is centralized by an SDN controller? Options:

Options: A.
A. The access point must directly connect to the WLC using a copper
cable
management-plane
B.
B.
The access point must not be connected to the wired network, as it
control-plane
would create a loop
C.
C.
data-plane
The access point must be connected to the same switch as the WLC
D.
D.
services-plane
288
The access point has the ability to link to any switch in the network, Show Answer Buy Now
assuming connectivity to the WLC
Answer:
Show Answer Buy Now
D
Answer:
Questions 163
D
What are two benefits of FHRPs? (Choose two.)
Questions 162
Options:
What is a characteristic of private IPv4 addressing?
A.
Options:
They prevent (oops in the Layer 2 network.
A.
B.
traverse the Internet when an outbound ACL is applied
They allow encrypted traffic.
B.
C.
issued by IANA in conjunction with an autonomous system number
They are able to bundle muftlple ports to increase bandwidth
C.
D.
composed of up to 65.536 available addresses
They enable automatic failover of the default gateway.
D.
E.
used without tracking or registration
289
They allow multiple devices lo serve as a single virtual gateway for configure switchport trunk dynamic desirable
clients in the network
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
C
D, E
Questions 165
Questions 164
What is the function of a server?
An engineer must establish a trunk link between two switches. The
Options:
neighboring switch is set to trunk or desirable mode. What action
should be taken? A.
Options: It transmits packets between hosts in the same broadcast domain.
A. B.
configure switchport nonegotiate It provides shared applications to end users.
B. C.
configure switchport mode dynamic desirable It routes traffic between Layer 3 devices.
C. D.
configure switchport mode dynamic auto It Creates security zones between trusted and untrusted networks
290
Answer: D
B Questions 167
Questions 166 Which two values or settings must be entered when configuring a
new WLAN in the Cisco Wireless LAN Controller GUI? (Choose
An engineer observes high usage on the 2.4GHz channels and lower
two)
usage on the 5GHz channels. What must be configured to allow
clients to preferentially use 5GH2 access points? Options:
Options: A.
A. management interface settings
Re- Anchor Roamed Clients B.
B. QoS settings
11ac MU-MIMO C.
C. Ip address of one or more access points
OEAP Split Tunnel D.
D. SSID
Client Band Select E.
Show Answer Buy Now Profile name
Show Answer Buy Now

Answer:
291
Answer: C
D, E Questions 169
Questions 168 A network engineer must create a diagram of a multivendor

network. Which command must be configured on the Cisco devices
An engineer configured an OSPF neighbor as a designated router.
so that the topology of the network can be mapped?
Which state verifies the designated router is in the proper mode?
Options:
Options:
A.
A.
Device(Config)#lldp run
Exchange
B.
B.
Device(Config)#cdp run
2-way
C.
C.
Device(Config-if)#cdp enable
Full
D.
D.
Device(Config)#flow-sampler-map topology
Init
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
292
A The trunk forms but VLAN 99 and VLAN 999 are in a shutdown
state.
Questions 170
Show Answer Buy Now
Refer to Exhibit.
Answer:
Explanation:
Explanation:
Which action do the switches take on the trunk link?
The trunk still forms with mismatched native VLANs and the traffic
Options:
can actually flow between mismatched switches. But it is absolutely
A. necessary that the native VLANs on both ends of a trunk link match;
otherwise a native VLAN mismatch occurs, causing the two VLANs
The trunk does not form and the ports go into an err-disabled status.
to effectively merge.
B.
For example with the above configuration, SW1 would send
The trunk forms but the mismatched native VLANs are merged into untagged frames for VLAN 999. SW2 receives them but would
a single broadcast domain. think they are for VLAN 99 so we can say these two VLANs are
C. merged.
Questions 171
The trunk does not form, but VLAN 99 and VLAN 999 are allowed
to traverse the link. How does a Cisco Unified Wireless network respond to Wi-Fi
D. channel overlap?
293
Options: Refer to the exhibit.
A.
It alternates automatically between 2.4 GHz and 5 GHz on adjacent

access points
B.
It allows the administrator to assign channels on a per-device or per-

If configuring a static default route on the router with the ip route
interface basis.
0.0.0.0 0.0.0.0 10.13.0.1 120 command how does the router
C. respond?
It segregates devices from different manufacturers onto different Options:
channels.
A.
D.
It ignores the new static route until the existing OSPF default route
It analyzes client load and background noise and dynamically is removed
assigns a channel.
B.
Show Answer Buy Now
It immediately replaces the existing OSPF route in the routing table
Answer: with the newly configured static route
A C.
It starts load-balancing traffic between the two default routes

Questions 172
D.
294
It starts sending traffic without a specific matching entry in the
routing table to GigabitEthernet0/1
Show Answer Buy Now
Answer:
Our new static default route has the Administrative Distance (AD) Answer:
of 120, which is bigger than the AD of OSPF External route (O*E2)
so it will not be pushed into the routing table until the current OSPF Answer:
External route is removed.For your information, if you don’t type
the AD of 120 (using the command “ip route 0.0.0.0 0.0.0.0
10.13.0.1”) then the new static default route would replace the OSPF
default route as the default AD of static route is 1. You will see such
line in the routing table:S* 0.0.0.0/0 [1/0] via 10.13.0.1
Questions 173
Drag and drop the lightweight access point operation modes from
the left onto the descriptions on the right
Explanation:
295
Explanation:
What is the effect of this configuration?
Options:
A.
All ARP packets are dropped by the switch
B.
Egress traffic is passed only if the destination is a DHCP server.
C.
All ingress and egress traffic is dropped because the interface is

untrusted
Table
Description automatically generated D.
Questions 174 The switch discard all ingress ARP traffic with invalid MAC-to-IP
address bindings.
Show Answer Buy Now
Answer:
296
D B
What is the same for both copper and fiber interfaces when using What are two recommendations for protecting network ports from
SFP modules? being exploited when located in an office space outside of an IT
closer? (Choose two.)
Options:
Options:
A.
A.
They support an inline optical attenuator to enhance signal strength
enable the PortFast feature on ports
B.
B.
They provide minimal interruption to services by being hot-
swappable implement port-based authentication
C. C.
They offer reliable bandwidth up to 100 Mbps in half duplex mode configure static ARP entries
D. D.
They accommodate single-mode and multi-mode in a single module configure ports to a fixed speed
Show Answer Buy Now E.
Answer: shut down unused ports
Show Answer Buy Now
297
Answer:
B, E
Questions 177

What does the switch do as it receives the frame from Sales-4?
Options:
A.
Perform a lookup in the MAC address table and discard the frame
due to a missing entry.
B.
Insert the source MAC address and port into the forwarding table
and forward the frame to Sales-1.
C.
The entire contents of the MAC address table are shown. Sales-4
Map the Layer 2 MAC address to the Layer 3 IP address and
sends a data frame to Sales-1.
forward the frame.
D.
Flood the frame out of all ports except on the port where Sales-1 is
connected.
298
Answer: Layer 2
Show Answer Buy Now

B
Answer:
Explanation:
D
Explanation:
https://www.ciscopress.com/articles/article.asp?p=3089352 &seqNu Questions 179

m=6 What is the temporary state that switch ports always enter
Questions 178 immediately after the boot process when Rapid PVST+ is used?
Where does wireless authentication happen? Options:
Options: A.
A. discarding
SSID B.
B. listening
radio C.
C. forwarding
band D.
299
learning Which device segregates a network into separate zones that have
their own security policies?
Show Answer Buy Now
Options:
Answer:
A.
A
IPS
Explanation: B.
Explanation: firewall
When Rapid PVST+ is used, switch ports always enter the blocking C.
state immediately after the boot process 1. The blocking state is the
access point
first of the five possible port states in the Rapid PVST+ protocol. In
this state, the port does not forward frames but listens to BPDUs to D.
determine the location of the root bridge and the best path to reach it switch
12. After a port enters the blocking state, it transitions to the
Show Answer Buy Now
listening state and then to the learning state before finally entering
the forwarding state. When Rapid PVST+ (Per-VLAN Spanning
Answer:
Tree Plus) is used, switch ports go through a specific state
immediately after the boot process. This state is known as the C
"discarding" state.
Questions 181
Questions 180
300
D.
nine
Show Answer Buy Now
Answer:
Questions 182
How many objects are present in the given JSON-encoded data?
Options:
A.
What is the subnet mask for route 172.16.4.0?
one Options:
B.
A.
four
255.255.248.0
C.
B.
seven
301
255.255.254.0
C.
255.255.255.192
D.
255.255.240.0
Show Answer Buy Now
Answer:
Questions 183
Refer to the exhibit. How many arrays are present in the JSON data?
Options:
A.
one
B.
three
C.
302
six Options:
D. A.
nine Change the Server Status to Disabled
Answer: Select Enable next to Management
C.
C
Select Enable next to Network User
Questions 184
D.
Change the Support for CoA to Enabled.
Show Answer Buy Now
Answer:
Questions 185
A network engineer configures the Cisco WLC to authenticate local

wireless clients against a RADIUS server Which task must be
performed to complete the process?
303
Refer to the exhibit. What is the cause of the issue?
Options:
A.
STP Which per-hop QoS behavior is R1 applying to incoming packets?

B. Options:
port security A.
C.
queuing
wrong cable type B.
D.
marking
shutdown command C.
Show Answer Buy Now
shaping
Answer: D.
B policing
Show Answer Buy Now

Questions 186
304
Explanation: A network engineer is configuring a WLAN to connect with the
172.16.10.0/24 network on VLAN 20. The engineer wants to limit
Explanation:
the number of devices that connect to the WLAN on the USERWL
R1 is applying policing to incoming packets. Policing is a QoS SSID to 125. Which configuration must the engineer perform on the
mechanism that limits the rate of traffic flow by dropping or WLC?
remarking packets that exceed the configured rate limit. In this case,
Options:
R1 is applying policing to incoming packets on interface G0/0 and
G0/1. The exhibit shows that R1 is configured to police traffic at a A.
rate of AF31, AF21, and AF11. This means that R1 is limiting the
In the Management Software activation configuration, set the
rate of traffic flow for these three traffic classes .
Clients value to 125.
References:
B.
• : Cisco CCNA Certification Guide - Chapter 16: Quality of Service In the Controller IPv6 configuration, set the Throttle value to 125.
(QoS)
C.
• : Cisco IOS Quality of Service Solutions Configuration Guide -
Configuring Class-Based Policing In the WLAN configuration, set the Maximum Allowed Clients
value to 125.
Questions 187
D.
In the Advanced configuration, set the DTIM value to 125.
Show Answer Buy Now
Answer:
305
C D.
10.101014
Questions 188
Show Answer Buy Now
Answer:
Explanation:
Explanation:
Packets are flowing from 192.168 10.1 to the destination at IP
The router will select the next hop based on the longest prefix match
address 192.168.20 75. Which next hop will the router select for the
in the routing table. The destination IP address 192.168.20.75
packet?
belongs to the network 192.168.0.0/19, which is a classless network
Options: created by subnetting the classful network 192.168.0.0/16. The
routing table has two entries for the network 192.168.0.0/19, one
A.
with a metric of 219414 and another with a metric of 5. The router
10.10101 will choose the entry with the lower metric, which is 5, and forward
B. the packet to the next hop 10.10.10.111.
Questions 189
10.10.10.11
C. What are two differences between WPA2 and WPA3 wireless

security? (Choose two.)
10.10.10.12
306
A. Refer to the exhibit.
WPA3 um AES for stronger protection than WPA2 which uses SAE
B.
WPA2 uses 1 M-bit key encryption and WPA3 requires 256-brt key
encryption
C.
An engineer is checking the routing table in the main router to
WPA3 uses AES for stronger protection than WPA2 which uses identify the path to a server on the network. Which route does the
TKIP WPA3 uses router use to reach the server at 192.168.2.2?
D. Options:
SAE tor stronger protection than WPA2 which uses AES A.
E. S 192.168.0.0/20 [1/0] via 10.1.1.1
WPA2 uses 12B-M key encryption and WPA3 supports 128 bit and B.
192 bit key encryption
S 192.168.2.0/29 [1/0] via 10.1.1.1
Show Answer Buy Now
C.
Answer: S 192.168.2.0/28 [1/0] via 10.1.1.1
C, E D.
307
S 192.168.1.0/30 [1/0] via 10.1.1.1 A.
Show Answer Buy Now MDF-DC-4:08:E0:19: 08:B3:19
Answer: B.
MDF-DC-3:08:0E:18::1A:3C:9D
B
C.
Questions 191
MDF-DC-08:0E:18:22:05:97
D.
MDF-DC-1:DB:E:44:02:54:79
Show Answer Buy Now
Answer:
Questions 192
Which type of port is used to connect lo the wired network when an

All interfaces are in the same VLAN. All switches are configured autonomous AP maps two VLANs to its WLANs?
with the default STP priorities. During the STP electronics, which
Options:
switch becomes the root bridge?
Options: A.
308
LAG Options:
B. A.
EtherChannel 192.168.10/24
C. B.
trunk 192.168.3.0/24
D. C.
access 192.168.2.0/24
Answer: 172.16 1.0/24
Show Answer Buy Now

C
Answer:
Questions 193
Refer to the exhibit. C
Questions 194
What are two features of the DHCP relay agent? (Choose two.)
Options:
A.
Which prefix did router R1 learn from internal EIGRP?
309
assigns DNS locally and then forwards request to DHCP server What is the difference between 1000BASE-LX/LH and 1000BASE-
ZX interfaces?
B.
Options:
permits one IP helper command under an individual Layer 3
interface A.
C. 1000BASE-ZX is supported on links up to 1000km, and

1000BASE-LX/LH operates over links up to 70 km.
allows only MAC-to-IP reservations to determine the local subnet of
a client B.
D. 1000BASE-LX/LH interoperates with multimode and single-mode

fiber, and 10008ASE-ZX needs a conditioning patch cable with a
minimizes the necessary number of DHCP servers
multimode.
E.
C.
configured under the Layer 3 interface of a router on the client
1000BASE-LX/LH is supported on links up to 10km, and
subnet
1000BASE-ZX operates over links up to 70 km
Show Answer Buy Now
D.
Answer:
1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP
B, E over multimode fiber, and 1000BASE-LX/LH supports only single-

rate.
Questions 195
Show Answer Buy Now
Answer:
310
C Questions 197

Questions 196
What is the role of community strings in SNMP operations?
Options:
A.
It serves as a sequence tag on SNMP traffic messages.
B.
It serves as a password lo protect access to MIB objects.
C. What is the subnet mask of the route to the 10.10.13.160 prefix?

It passes the Active Directory username and password that are Options:
required for device access
A.
D.
255.255.255.240
It translates alphanumeric MIB output values to numeric values.
B.
Show Answer Buy Now
255.255.255.128
Answer:
C.
B 255.255.248.
311
255.255.255.248 Answer:
Show Answer Buy Now
C
Answer:
Questions 199
D Why is TCP desired over UDP for application that require extensive
error checking, such as HTTPS?
Questions 198
Options:
Which WPA mode uses PSK authentication?
A.
Options:
UDP operates without acknowledgments, and TCP sends an
A.
acknowledgment for every packet received.
Local
B.
B.
UDP reliably guarantees delivery of all packets, and TCP drops
Client packets under heavy load.
C. C.
Enterprise UDP uses flow control mechanisms for the delivery of packets, and
D. TCP uses congestion control for efficient packet delivery.
Personal D.
312
UDP uses sequencing data tor packets to arrive in order, and TCP D.
offers trie capability to receive packets in random order.
It is when an attacker inserts malicious code into a SOL server.
Show Answer Buy Now
Show Answer Buy Now
Answer:
Answer:
A
A
Questions 200
Explanation:
What is a zero-day exploit?
Explanation:
Options:
https://www.kaspersky.com/resource-center/definitions/zero-day-
A. exploit
It is when a new network vulnerability is discovered before a fix is Questions 201

available
Which two VPN technologies are recommended by Cisco for
B. multiple branch offices and large-scale deployments? (Choose two.)
It is when the perpetrator inserts itself in a conversation between two Options:

parties and captures or alters data.
A.
C.
site-to-site VPN
It is when the network is saturated with malicious traffic that
B.
overloads resources and bandwidth
IDMVPN
313
C. Options:
IGETVPN Show Answer Buy Now
D.
Answer:
IPsec remote access
Answer:
E.
clientless VPN
Show Answer Buy Now
Answer:
B, E Questions 203
Questions 202 Which advantage does the network assurance capability of Cisco
DNA Center provide over traditional campus management?
Drag and drop the IPv6 address types from the left onto their
description on the right. Options:
A.
Cisco DNA Center correlates information from different

management protocols to obtain insights, and traditional campus
management requires manual analysis.
B.
314
Cisco DNA Center handles management tasks at the controller to
reduce the load on infrastructure devices, and traditional campus
management uses the data backbone.
C.
Cisco DNA Center leverages YANG and NETCONF to assess the

status of fabric and nonfabric devices, and traditional campus Three switches must be configured for Layer 2 connectivity. The
management uses CLI exclusively. company requires only the designated VLANs to be configured on
their respective switches and permitted accross any links between
D.
switches for security purposes. Do not modify or delete VTP
Cisco DNA Center automatically compares security postures among configurations.
network devices, and traditional campus management needs manual
The network needs two user-defined VLANs configured:
comparisons.
VLAN 110: MARKETING
Show Answer Buy Now
VLAN 210: FINANCE
Answer:
1. Configure the VLANs on the designated switches and assign them
C as access ports to the interfaces connected to the PCs.
2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks

Questions 204
3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks

315
Vlan 210
Name FINANCE
Inter e0/1
Switchport access vlan 210
do wr
Options:
Sw2
Show Answer Buy Now
Enable
Answer: config t
Answer: Vlan 110
Name MARKITING
Int e0/1
Explanation: Switchport acees vlan 110
Explanation: do wr
Answer as below configuration: Sw3
Sw1 Enable
enbale config t
config t Vlan 110
316
Name MARKITING Questions 205
Vlan 210 Refer to the exhibit.
Name FINANCE
Int e0/0
Int e0/1 Which format matches the Modified EUI-64 IPv6 interface address
for the network 2001:db8::/64?
Options:
Sw1
A.
Int e0/1
2001 :db8::5000:0004:5678:0090/64
Switchport allowed vlan 210
B.
Sw2
2001 :db8:4425:5400:77ft:fe07:/64
Int e0/2
C.
Switchport trunk allowed vlan 210
2001 :db8::5000:00ff:fe04 0000/64
Sw3
D.
Int e0/3
2001 :db8::5200:00ff:fe04:0000/64
Switchport trunk allowed vlan 210
Show Answer Buy Now
Switchport trunk allowed vlan 210,110
317
Answer: B)
Questions 206
C)
D)
Options:
A.
Option A
B.
A) Option B
C.
Option C
318
D. A.
Option D 192.168.30.1
Answer: 10.10 105
C.
B
10.10.10.6
Questions 207
D.
192.168.201
Show Answer Buy Now
Answer:
Questions 208
When should an engineer implement a collapsed-core architecture?
Options:
Refer lo the exhibit. What is the next-hop P address for R2 so that
A.
PC2 reaches the application server via ElGRP?
for small networks with minimal need for growth
Options:
319
B. Options:
the access and distribution layers must be on the same device A.
C. 1
for large networks that are connected to multiple remote sites B.
D. 2
only when using VSS technology C.
Show Answer Buy Now 3
Answer: D.
4
C
Show Answer Buy Now
Questions 209
Answer:
B
Questions 210
Refer to the exhibit. A multivendor network exists and the company

is implementing VoIP over the network for the first time.
Which entry is the longest prefix match for host IP address
A)
192.168.10.5?
320
C.
Option C
B) D.
Option D
Show Answer Buy Now
C) Answer:
Questions 211
D)
What is a benefit of a point-to-point leased line?
Options:
A.
Options: flexibility of design
A. B.
Option A simplicity of configurator
B. C.
Option B low cost
321
D. E.
full-mesh capability It works only with BGP between sites.
Answer: Answer:
B B, D
What are two disadvantages of a full-mesh topology? (Choose two.) Refer to the exhibit.
Options:
A.
It needs a high MTU between sites.
B.
It has a high implementation cost.
C.
It must have point-to-point communication. The P2P blocking action option is disabled on the WLC.
D. Options:
It requires complex configuration. A.
322
Enable the Static IP Tunneling option. A network engineer must configure NETCONF. After creating the
configuration, the engineer gets output from the command show line
B.
but not from show running- config. Which command completes the
Disable the Coverage Hole Detection option. configuration?
C. Options:
Check the DHCP Addr. Assignment check box. A.
D. Device(config)# netconf lock-time 500
Set the P2P Blocking Action option to Forward-UpStream. B.
Show Answer Buy Now Device(config)# netconf max-message 1000
Answer: C.
A Device(config)# no netconf ssh acl 1
D.
Questions 214
Device(config)# netconf max-sessions 100
Show Answer Buy Now
Answer:
Questions 215
323
Which two capabilities of Cisco DNA Center make it more Questions 216
extensible as compared to traditional campus device management? Refer to the exhibit.
(Choose two.)
Options:
A.
REST APIs that allow for external applications to interact natively What is represented by "R1" and "SW1" within the JSON output?
B. Options:
adapters that support all families of Cisco IOS software A.
C. key
SDKs that support interaction with third-party network equipment B.
D. array
customized versions for small, medium, and large enterprises C.
E. value
modular design that is upgradable as needed D.
Show Answer Buy Now object
Show Answer Buy Now

Answer:
Answer:
A, C
324
C switchport trunk encapsulation dot1q
B.
Questions 217
switchport trunk allowed vlan all
switchport dot1q ethertype 0800
C.
switchport mode dynamic desirable
switchport trunk allowed vlan all
switchport trunk native vlan 7
D.
SW_1 and SW_12 represent two companies that are merging. They switchport dynamic auto
use separate network vendors. The VLANs on both Sides have been switchport nonegotiate
migrated to share IP subnets. Which command sequence must be
Show Answer Buy Now
issued on both sides to join the two companies and pass all VLANs
between the companies?
Answer:
Options:
A
A.
Questions 218
325
Which IPsec encryption mode is appropriate when the destination of IPsec encryption mode is the way IPsec secures the data packets that
a packet differs from the security termination point? are sent over an IP network. There are two main modes of IPsec
encryption: tunnel mode and transport mode1. Tunnel mode
Options:
encrypts the entire IP packet, including the original header, and adds
A. a new IP header with the source and destination addresses of the
tunnel security gateways (routers, firewalls, or VPN servers) that perform

the encryption and decryption2. Transport mode encrypts only the
B.
payload (data) of the IP packet, leaving the original header intact,
transport and uses the original source and destination addresses of the
endpoints that generate and consume the data3. Therefore, transport
C.
mode is appropriate when the destination of a packet differs from
aggressive the security termination point, as it does not change the original IP
header information. Tunnel mode is more suitable when the security
D.
termination point is also the destination of the packet, as it provides
main more protection for the original IP header information.
Explanation:
Explanation:
326
A packet sourced from 10.10.10.32 is destined for the internet.
Options:
A.
B.
C.
R1 has just received a packet from host A that is destined to host B.
2 Which route in the routing table is used by R1 to reac B?
D. Options:
32 A.
Show Answer Buy Now 10.10.13.0/25 [108/0] via 10.10.10.10
Answer: B.
B 10.10.13.0/25 [110/2] via 10.10.10.2
C.
Questions 220
10.10.13.0/25 [110/2] via 10.10.10.6
D.
10.10.13.0/25 [1/0] via 10.10.10.2
327
Show Answer Buy Now ip ospf priority 0
D Answer:
Questions 221 C
A Cisco engineer notices thai two OSPF neighbors are connected Questions 222
using a crossover Ethernet cable. The neighbors are taking too long
A network engineer is upgrading a small data center to host several
to become fully adjacent. Which command must be issued under the
new applications, including server backups that are expected to
interface configuration on each router to reduce the time required for
account for up to 90% of the bandwidth during peak times. The data
the adjacency to reach the FULL state?
center connects to the MPLS network provider via a primary circuit
Options: and a secondary circuit. How does the engineer inexpensively
update the data center to avoid saturation of the primary circuit by
A.
traffic associated with the backups?
ip ospf network broadcast
Options:
B.
A.
ip ospf dead-interval 40
Assign traffic from the backup servers to a dedicated switch.
C.
B.
ip ospf network point-to-point
Configure a dedicated circuit for the backup traffic.
D.
C.
328
Place the backup servers in a dedicated VLAN. • The existing connections must be maintained between PC1 PC2
and PC3
D.
• Allow the switch to pass traffic from future VLAN 10. Which
Advertise a more specific route for the backup traffic via the
configuration must be applied?
secondary circuit.
A)
Show Answer Buy Now
Answer:
A B)
Questions 223
C)
D)
An engineer is configuring a new Cisco switch NewSW, to replace

SW2 The details have been provided
Options:
• Switches SW1 and SW2 are third-party devices without support
for trunk ports
329
A. Channel-group mode passive.
Option A B.
B. Channel-group mode on.
Option B C.
C. Channel-group mode desirable.
Option C D.
D. Channel-group mode active.

Answer: B
B Questions 225
Questions 224 What is a characteristic of RSA?
Which channel-group mode must be configured when multiple Options:

distribution interfaces connected to a WLC are bundled?
A.
Options:
It uses preshared keys for encryption
A.
B.
330
It requires both sides to have identical keys C.
C. bridge mode
It is a private-key encryption algorithm D.
D. lightweight mode
It is a public-key cryptosystem Show Answer Buy Now
Show Answer Buy Now

Answer:
Answer: D
D Questions 227
Which access point mode relies on a centralized controller for

management, roaming, and SSID configuration?
Host A switch interface is configured in VLAN 2. Host D sends a
Options: unicast packet destined for the IP address of host A.
A.
repeater mode
B.
autonomous mode
331
Answer:
Questions 228
Which protocol is used in Software Defined Access (SDA) to

provide a tunnel between two edge nodes in different fabrics?
What does the switch do when it receives the frame from host D? Options:
Options: A.
A. Generic Router Encapsulation (GRE)
It creates a broadcast storm. B.
B. Virtual Local Area Network (VLAN)
It drops the frame from the MAC table of the switch. C.
C. Virtual Extensible LAN (VXLAN)
It shuts down the source port and places It In err-disable mode. D.
D. Point-to-Point Protocol
It floods the frame out of every port except the source port. Show Answer Buy Now
Show Answer Buy Now

Answer:
332
C Questions 230

Questions 229

security program of an organization1?
Options:
A.
backing up syslogs at a remote location
B.
configuring a password for the console port
C.
configuring enable passwords on network devices
D.
setting up IP cameras to monitor key infrastructure
Show Answer Buy Now
Answer: Switch AccSw2 has just been added to the network along with PC2.
All VLANs have been implemented on AccSw2. How must the
B ports on AccSw2 be configured to establish Layer 2 connectivity
between PC1 and PC2?
333
Options: D.
A.
Text Description automatically

generated
Text Description automatically
generated Show Answer Buy Now
B. Answer:
Questions 231

Text Description
C.
Text Description
334
Options:
Show Answer Buy Now

The Router1 routing table has multiple methods to reach
10.10.10.0/24 as shown. The default Administrative Distance is Answer:
used. Drag and drop the network conditions from the left onto the
routing methods that Router1 uses on the right.
335
Answer:

Drag and drop the use cases for device-management technologies
Show Answer Buy Now
from the left onto the corresponding.
Answer:
336
Answer:
Options:
Questions 233
Show Answer Buy Now
Drag and drop the AAA features from the left onto the
corresponding AAA security services on the right. Not all options
Answer:
are used.
337
Answer:
Drag and drop the destination IPs from the left onto the paths to
Questions 234 reach those destinations on the right.
Options:
338
Show Answer Buy Now
Answer:
B)
C)
Questions 235
D)
Two switches have been implemented and all interfaces are at the
default configuration level. A trunk link must be implemented
between two switches with these requirements:
• using an industry-standard trunking protocol

Options:
• permitting VLANs 1 -10 and denying other VLANs
A.
How must the interconnecting ports be configured?
Option A
A)
B.
339
Option B
C.
Option C
D.
Option D
Show Answer Buy Now
Answer:
340

Ccna Dumps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccna Dumps

Uploaded by

Copyright:

Available Formats

Question # 1 Answer:

Refer to the exhibit. C

Router OldR is replacing another router on the network with the

Drag the descriptions of IP protocol transmissions from the left onto

An engineer must configure a floating static route on an external EIGRP

Show Answer Buy Now

Refer to the exhibit.

All physical cabling between the two switches is installed.

1. Configure VLAN 100 named Compute and VLAN 200 named

Answer as below configuration: Int e0/1

on sw1 Switchport access vlan 99

name Compute configured and

int e0/0 reach only PCI on R4's LAN

the primary path

3. Configure default routes on RI and R3 to the Internet using the

This is a lab item in which tasks will be performed on virtual

• Refer to the Topology tab to access the device console(s) and

• Console access is available for all required devices by clicking the

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• To configure static routing on R1 to ensure that it prefers the path

2. Configure default reachability to the Internet subnet in router R1.

3. Configure a single static route in router R2 to reach to the Internet

4. Configure a static route in router R1 toward the switch SW1 LAN

Ip route 192.168.1.0 255.255.255.0 10.10.31.1 Refer to the exhibit.

Ip route 0.0.0.0 0.0.0.0 10.10.13.3

Ip route 172.20.20.128 255.255.255.128 e0/2

ip route 209.165.200.224 255.255.255.224 209.165.202.129 254 Show Answer Buy Now

Show Answer Buy Now Answer:

DHCP relay agent

notification in an authentication app on a mobile device Questions 15

Show Answer Buy Now

4. Configure SSH connectivity from R1 to R3, while excluding

crypto key generate RSA

Copy run start

Physical connectivity is implemented between the two Layer 2

Answer: copy run start

See the Explanation below. on SW2:

Explanation: conf terminal

Answer as below configuration: exit

On SW1: interface range eth0/0 - 1

conf terminal channel-group 1 mode active

exit interface port-channel 1

interface range eth0/0 - 1 switchport trunk encapsulation dot1q

channel-group 1 mode active switchport mode trunk

exit switchport trunk native vlan 15

interface port-channel 1 end

switchport trunk encapsulation dot1q copy run start

switchport mode trunk Questions 17

1. Configure static routing using host routes to establish connectivity

2. Configure an IPv4 default route on router R2 destined for router

3. Configure an IPv6 default router on router R2 destined for router

See the Explanation below. end

Answer as below configuration:

ip route 192.168.1.1 255.255.255.255 209.165.200.229

copy running start

ip route 0.0.0.0 0.0.0.0 209.165.202.130

copy running start

Answer: ip ospf 1 area 0

Answer: duplex auto

See the Explanation below. !

Explanation: interface Ethernet0/1