Free CCNA Practice Test – Exam Walkthrough Back to exams page. Check out our Cisco CCNA video and lab course by clicking on 'Courses' above. Our books for the Cisco CCNA are all available on Amazon. 1. The left are IPv6 prefixes, while the right are the IPv6 prefix types. Click on the right item which matches the left. Click again to deselect.2000::/3 Link localUnselectGlobal unicastUnselectUnique localUnselect6to4UnselectMulticastUnselectfc00::/7 Link localUnselectGlobal unicastUnselectUnique localUnselect6to4UnselectMulticastUnselectfe80::/10 Link localUnselectGlobal unicastUnselectUnique localUnselect6to4UnselectMulticastUnselect2002::/16 Link localUnselectGlobal unicastUnselectUnique localUnselect6to4UnselectMulticastUnselectff00::/8 Link localUnselectGlobal unicastUnselectUnique localUnselect6to4UnselectMulticastUnselectQuestion 1 of 103 2. You have the following topology in your network and a Frame Flooding attack just ended.Just after the attack you connect a new host on the network (host C) and start sending traffic to host A, what happens and what you can do to prevent your environment from this to happening again? The switch 1 will forward the traffic just to host A. The best way to prevent the network from this attack is using access-list on all switch ports.The switch 1 will forward the traffic to hosts A and B. The best way to prevent the network from this attack is using spanning-tree portfast on all switch ports.The switch 1 will forward the traffic to hosts A, B and C. The best way to prevent the network from this attack is using port security on all switch ports.The switch 1 will forward the traffic to all the ports, including hosts A, B and the uplink port. The best way to prevent the network from this attack is using port security on all switch ports, except the uplink port.No packet will be forwarded until the switch is reloaded. The best way to prevent the network from this attack is using spanning-tree BPDU Guard enabled on all switch ports, except the uplink port.Question 2 of 103 3. Three new switches were just installed and the host A cannot ping host C. Which statements are true regarding the configuration below? Switch1 doesn´t have the VLAN 30 on it´s VLAN database.On Switch2, vlan 10 must be allowed on trunk interface Gi1/0/23.Switch3 doesn´t have the VLAN 30 on it´s VLAN database.Switch3 Gi1/0/1 interface must be configured as mode access to work this communication.Switch1 Gi1/0/1 interface must be configured as mode trunk to work this communication.Switch1 doesn´t have the VLAN 10 on it´s VLAN database.Question 3 of 103 4. Refer to the command output below:Which statements are true regarding the routing table above?The destination address 192.168.230.10 will be reachable via 10.15.11.240.The destination address 10.15.2.100 will be reachable via 10.15.106.142.The destination address 191.168.0.1 will be reachable via 10.15.11.240.Switch is using BGP as a routing protocol to learn the route to the destination address 192.168.40.5.Switch is using Static route to learn the route to the destination subnet 10.51.28.0/22.Switch is using BGP and OSPF as routing protocols.Question 4 of 103 5. Regarding the following architecture, which statements are true?In this architecture, every lower-tier switch (leaf layer) is connected to each of the top-tier switches (spine layer) in a full-mesh topology.In this architecture, every lower-tier switch (Spine layer) is connected to each of the top-tier switches (Leaf layer) in a full-mesh topology.All switches are connected each other in a full mesh topology.The leaf layer consists of access switches that connect to devices such as servers, firewalls, etc.Firewalls must be connected to the Spine switches.STP protocol is used to prevent from network loops.Question 5 of 103 6. Which of the following are examples of WAN multi-access networks? Choose all that apply.Layer 3 MPLS serviceMetro Ethernet E-LAN service (L2 VPLS)Older WAN technologies, such as Frame Relay and ATMDMVPNSD-WANMetro Ethernet E-Line serviceVPN site-to-siteQuestion 6 of 103 7. Regarding WAN architecture, which of the following are examples of point-to-point connection? Choose all that apply.Layer 3 MPLS serviceMetro Ethernet E-LAN service (L2 VPLS)Older WAN technologies, such as Frame Relay and ATMDMVPNSD-WANMetro Ethernet E-Line serviceVPN site-to-siteQuestion 7 of 103 8. Considering the THREE TIER network architecture model, which of the following statements are true regarding the DISTRIBUTION Layer?Aggregation of LAN or WAN links.Policy-based security in the form of access control lists (ACLs) and filtering.Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The device acts as the demarcation point between broadcast domains.Providing high-speed switching.Providing reliability and fault tolerance.Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or other processes.Question 8 of 103 9. Considering the THREE TIER network architecture model, which of the following statements are true regarding the CORE Layer?Aggregation of LAN or WAN links.Policy-based security in the form of access control lists (ACLs) and filtering.Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The device acts as the demarcation point between broadcast domains.Providing high-speed switching.Providing reliability and fault tolerance.Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or other processes.Question 9 of 103 10. Click on the correct descriptions of the Cloud Service types. Click again to unselect.Infrastructure As A Service (IAAS) The examples of this model are Azure Cloud Services and AWS Elastic Beanstalk.UnselectThe examples of this model are Amazon Web Services and Microsoft Azure.UnselectThe examples of this model are SalesForce and Office 365.UnselectPlatform As A Service (PAAS) The examples of this model are Azure Cloud Services and AWS Elastic Beanstalk.UnselectThe examples of this model are Amazon Web Services and Microsoft Azure.UnselectThe examples of this model are SalesForce and Office 365.UnselectSoftware As A Service (SAAS) The examples of this model are Azure Cloud Services and AWS Elastic Beanstalk.UnselectThe examples of this model are Amazon Web Services and Microsoft Azure.UnselectThe examples of this model are SalesForce and Office 365.UnselectQuestion 10 of 103 11. Select all statements which represents IAAS solutions provided by Cisco?CSR 1000VDuoMeraki vMXNGFWvASAvCloudlockUmbrellaQuestion 11 of 103 12. Select all statements which represents SaaS solutions.FacebookGmailMicrosoft AzureNGFWvASAvSalesForceAmazon Web ServicesQuestion 12 of 103 13. Regarding the following topology, which statement is TRUE?Running show cdp neighbors" command on Switch A, the output of this command will show Switch C and Switch D connected to the port Gi1/0/24."Running show cdp neighbors" command on Switch D, the output of this command will show Switch A and Switch B connected to the port Gi1/0/24."Running show cdp neighbors" command on Switch C, the output of this command will show Switch A and Switch D connected to the port Gi1/0/22."Running show cdp neighbors" command on Switch B, the output of this command will show Switch A connected to the port Gi1/0/23, Switch D connected to the port Gi1/0/24 and Switch C connected to the port Gi1/0/22."Running show cdp neighbors" command on Switch A, C and D will show no neighbors."Question 13 of 103 14. Regarding the following topology, which statement is TRUE?Running show cdp neighbors" command on Switch A, the output of this command will show Switch C and Switch D connected to the port Gi1/0/24."Running show cdp neighbors" command on Switch D, the output of this command will show Switch A and Switch B connected to the port Gi1/0/24."Running show cdp neighbors" command on Switch C, the output of this command will show Switch A and Switch D connected to the port Gi1/0/22."Running show cdp neighbors" command on Switch B, the output of this command will show Switch A connected to the port Gi1/0/23, Switch D connected to the port Gi1/0/24 and Switch C connected to the port Gi1/0/22."Running show cdp neighbors" command on Switch A, C and D will show no neighbors."Question 14 of 103 15. Refer to the following config output and select the correct statement.RTR01 is a Cisco 1905 router connected to the interface Gi1/0/27 of SW01.SW02 is a Cisco 2940 switch connected to the interface Gi0/1 of SW01.IP phone SEPC40ACBE1651B is connected to the interface Gi1/0/4 of SW01.RTR01 is a Cisco 1905 router connected to the interface Gi0/1 of SW01.Question 15 of 103 16. Refer to the following 'show lldp neighbor detail' output.Which of the following information is possible to get from the LLDP neighbor, according to this output? Select all that apply.Software versionManagement AddressPort DescriptionUptimeSerial NumberQuestion 16 of 103 17. Click on the supported speed which match the types of SFPs.SFP 40/100 GbpsUnselect40 GbpsUnselect10 GbpsUnselect1 GbpsUnselect100/400 GbpsUnselect25 GbpsUnselectSFP+ 40/100 GbpsUnselect40 GbpsUnselect10 GbpsUnselect1 GbpsUnselect100/400 GbpsUnselect25 GbpsUnselectSFP28 40/100 GbpsUnselect40 GbpsUnselect10 GbpsUnselect1 GbpsUnselect100/400 GbpsUnselect25 GbpsUnselectQSFP 40/100 GbpsUnselect40 GbpsUnselect10 GbpsUnselect1 GbpsUnselect100/400 GbpsUnselect25 GbpsUnselectQSFP28 40/100 GbpsUnselect40 GbpsUnselect10 GbpsUnselect1 GbpsUnselect100/400 GbpsUnselect25 GbpsUnselectQSFP-DD 40/100 GbpsUnselect40 GbpsUnselect10 GbpsUnselect1 GbpsUnselect100/400 GbpsUnselect25 GbpsUnselectQuestion 17 of 103 18. Click the 'show interfaces' field to its description. Right side is clickable.Ethernet . . . is up Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.UnselectGives the bandwidth of the interface in kilobits per second.UnselectGives the maximum transmission unit of the interface.UnselectIndicates whether interface has been taken down by an administrator.UnselectIndicates whether the interface hardware is currently active.UnselectIndicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful)UnselectEthernet . . . is administratively down Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.UnselectGives the bandwidth of the interface in kilobits per second.UnselectGives the maximum transmission unit of the interface.UnselectIndicates whether interface has been taken down by an administrator.UnselectIndicates whether the interface hardware is currently active.UnselectIndicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful)Unselectline protocol is up Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.UnselectGives the bandwidth of the interface in kilobits per second.UnselectGives the maximum transmission unit of the interface.UnselectIndicates whether interface has been taken down by an administrator.UnselectIndicates whether the interface hardware is currently active.UnselectIndicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful)UnselectHardware Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.UnselectGives the bandwidth of the interface in kilobits per second.UnselectGives the maximum transmission unit of the interface.UnselectIndicates whether interface has been taken down by an administrator.UnselectIndicates whether the interface hardware is currently active.UnselectIndicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful)UnselectMTU Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.UnselectGives the bandwidth of the interface in kilobits per second.UnselectGives the maximum transmission unit of the interface.UnselectIndicates whether interface has been taken down by an administrator.UnselectIndicates whether the interface hardware is currently active.UnselectIndicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful)UnselectBW Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.UnselectGives the bandwidth of the interface in kilobits per second.UnselectGives the maximum transmission unit of the interface.UnselectIndicates whether interface has been taken down by an administrator.UnselectIndicates whether the interface hardware is currently active.UnselectIndicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful)UnselectQuestion 18 of 103 19. Refer to the command outputs below and select all the correct statements.The IP address 192.168.40.2 is reachable via Gi1/0/2 on SW01.192.168.101.1 is the IP address of interface VLAN 101 on switch SW01.VLAN 95 has no hosts connected.The IP address 192.168.40.2 is reachable via Gi1/0/23 on SW01.The IP address 192.168.10.47 is reachable via Gi1/0/4 on SW01.Question 19 of 103 20. You are the network analyst of FloodIT company and you need to restrict the management access to the RTR01 router, where just the IP 192.168.10.100 will be able to access it through SSH. No other host or protocol should be allowed. Which commands should be used to accomplish this task?ip access-list standard SSH permit 192.168.10.100line vty 0 15 access-class SSH in transport input sship access-list standard SSH permit 192.168.10.100line vty 0 15 transport input sship access-list standard SSH permit 192.168.10.100line vty 0 15 access-class SSH inip access-list standard SSH permit tcp host 192.168.0.100 any eq 22line vty 0 15 access-class SSH in transport input sshQuestion 20 of 103 21. Considering the PAgP protocol, which statements are true? It´s a Cisco proprietary protocol.Can be configured as auto or desirable mode.Can be configured as active or passive mode.A port in the auto mode cannot form an EtherChannel with another port that is also in the auto mode.A port in the desirable mode cannot form an EtherChannel with another port that is also in the desirable mode.A port in the passive mode cannot form an EtherChannel with another port that is also in the passive mode.Question 21 of 103 22. Considering the LACP protocol, which statements are true? It´s a Cisco proprietary protocol.Can be configured as auto or desirable mode.Can be configured as active or passive mode.A port in the auto mode cannot form an EtherChannel with another port that is also in the auto mode.A port in the desirable mode cannot form an EtherChannel with another port that is also in the desirable mode.A port in the passive mode cannot form an EtherChannel with another port that is also in the passive mode.Question 22 of 103 23. You need to configure the switch SW01 to stablish a trunk connection to the SW02.On this configuration, SW01 must communicate through all the VLANs with SW02.All the untagged traffic must be tagged as VLAN 100.Which script you should use to accomplish this task? SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode trunkSW01(config-if)#switchport access vlan 100SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode trunkSW01(config-if)#switchport trunk native vlan 100SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode trunkSW01(config-if)#switchport trunk allowed vlan 100SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode accessSW01(config-if)#switchport access vlan 100Question 23 of 103 24. Refer to the 'show interface Gi1/0/1 switchport' output command below.If this interface receives an untagged traffic, to which VLAN this traffic will be delivered?VLAN 1VLAN 2VLAN 5VLAN 1001Question 24 of 103 25. Which protocol should be used to configure a trunk interface between some Cisco switch and a Cisco router? 802.1q802.1p802.11aISLLACPPAgPQuestion 25 of 103 26. Refer to the 'show interface Gi1/0/23 switchport' command output.Which VLANs are allowed to communicate through this interface?VLANs 7,10,15,20,30,40VLANs 2 to 1001Any VLANVLAN 1VLANs 5,7,10,15,20,30,40VLAN 5Question 26 of 103 27. You are including a new switch to your network infrastructure.Before connect the switch to the network, you delete all VLAN entries, configure VTP mode as client and configure the same VTP domain from the current network.When you connect the switch to the network, all the network stops responding. What can be the issue?You forgot to setup the VTP password.The new switch has a higher Configuration Revision number than the current VTP setup. Due to this, the VLAN configuration from the new switch was propagated to all the network.The new switch has a lowest Configuration Revision number than the current VTP setup. Due to this, the VLAN configuration from the new switch was propagated to all the network.The new switch has a different VTP domain from the current VTP setup.You should configure the new switch as VTP server.Question 27 of 103 28. Considering the following command output, select all the correct statements.This switch is using 802.1D protocol.This interface Gi0/2 is in blocking state and will not communicate through VLAN 1.If the spanning-tree priority is changed to 28672, this switch will be elected as root bridge.This switch is the root bridge for VLAN 1.If the spanning-tree priority is changed to 32767, this switch will be elected as root bridge.The switch is not using the default cost value for the interface Gi0/1.Question 28 of 103 29. Click to match the interface speed to the proper default STP port cost value.100Gbps 100Unselect2Unselect19Unselect4Unselect1Unselect10Gbps 100Unselect2Unselect19Unselect4Unselect1Unselect1Gbps 100Unselect2Unselect19Unselect4Unselect1Unselect100Mbps 100Unselect2Unselect19Unselect4Unselect1Unselect10Mbps 100Unselect2Unselect19Unselect4Unselect1UnselectQuestion 29 of 103 30. When a switch comes up, there is a sequence of STP port states used by STP to prevent loops. Put the following port states in order as per the definition. learning listening initialization blocking forwarding Question 30 of 103 31. TCP and UDP protocols are part of which OSI Model layer?PhysicalData LinkNetworkTransportSessionPresentationApplicationQuestion 31 of 103 32. What are the standard ports used by SSH and HTTP protocols, respectively?TCP/22 and TCP/80TCP/21 and TCP/80UDP/22 and UDP/80TCP/22 and TCP/443TCP/22 and TCP/81TCP/22 and TCP/88Question 32 of 103 33. Select the characteristics of TCP protocol. Choose all that apply.Connection orientedConnectionlessReliableHigher header overheadSequencing of data packetsRe-transmission of lost packetsFaster than UDPLower header overheadQuestion 33 of 103 34. Which of the following are IP address networks reserved for private address as per RFC 1918? 10.0.0.0/8172.16.0.0/12192.168.0.0/16100.0.0.0/16172.0.0.0/12172.168.0.0/16Question 34 of 103 35. Which CIDR better fits the summarization of the prefixes 200.1.32.0/24, 200.1.33.0/24, 200.1.34.0/24 and 200.1.35.0/24? 200.1.32.0/23200.1.32.0/22200.1.32.0/21200.1.32.0/20200.1.32.0/19Question 35 of 103 36. Which of the following are usable IP addresses?192.168.10.10/31192.168.0.16/2910.245.200.129/26200.201.255.224/2710.9.10.255/23192.168.255.31/27Question 36 of 103 37. What is the correct subnet mask for the prefix 192.168.123.0/27255.255.255.240255.255.255.224255.255.255.248255.255.255.220255.255.255.192Question 37 of 103 38. What is the correct wildcard mask for the prefix 200.116.222.0/290.0.0.150.0.0.70.0.0.31255.255.255.248255.255.255.240255.255.255.224Question 38 of 103 39. Which command should be used to add a route to the subnet 10.0.0.0/25 using 192.168.1.1 as a gateway on IOS?ip route 10.0.0.0 255.255.255.0 192.168.1.1ip route 10.0.0.0 255.255.255.128 192.168.1.1ip route 10.0.0.0 255.255.254.0 192.168.1.1 1ip route 10.0.0.0/25 192.168.1.1Question 39 of 103 40. What is the correct order in the route selection process? Administrative distance Metrics Prefix length Question 40 of 103 41. On the table below, which Next Hop will be used to reach 192.168.1.10?172.16.1.2172.16.2.1172.16.3.1172.16.1.1172.16.10.1Question 41 of 103 42. On the table below, which Next Hop will be used to reach 192.168.1.10?172.16.1.2172.16.2.1172.16.3.1172.16.1.1172.16.10.1Question 42 of 103 43. On the following routing table, which will be the next hop to the destination address 192.168.32.1?10.1.1.110.1.1.210.1.1.310.1.1.4Question 43 of 103 44. The adjacency building process takes effect after multiple stages have been fulfilled. Drag the OSPF transitional stages in the correct order. Exstart Down Exchange Init Full Two-way Loading Question 44 of 103 45. Which interface level command should be used to configure it on OSPF area 10? RTR1(config-if)#network 192.168.10.0 0.0.0.255 area 10RTR1(config-if)#ip ospf 1 area 10RTR1(config-if)#ip ospf area 10RTR1(config-if)#ip ospf 10RTR1(config-if)#ip ospf 10 area 1RTR1(config-if)#ip ospf 192.168.10.0 255.255.255.0 area 10Question 45 of 103 46. Refer to the following show output.Which statements are true regarding the output above?This router is the designated router for area 1.This router is using the default timer values.This router is using 192.168.255.1 as router ID.This router is using 192.168.255.3 as router ID.Question 46 of 103 47. Refer to the show ip route outputs below.What script should be used to advertise the default route (since the default route is on routing table) and 10.x.x.x subnets from area 0 as 10.0.0.0/21 to RTR3? RTR1(config-router)#area 0 range 10.0.0.0 255.255.224.0RTR1(config-router)#default information originateRTR1(config-router)#area 0 range 10.0.0.0 255.255.248.0RTR1(config-router)#default-information originateRTR1(config-router)#area 0 range 10.0.0.0 255.255.240.0RTR1(config-router)#default-information originate alwaysRTR1(config-router)#area 0 range 10.0.0.0 255.255.240.0RTR1(config-router)#default-information originateQuestion 47 of 103 48. Click the OSPF LSA Types which match the proper description on the right. Right side is clickable.LSA Type 1 Router LSAUnselectNetwork LSAUnselectSummary LSAUnselectSummary ASBR LSAUnselectNSSA External LSAUnselectAutonomous system external LSAUnselectLSA Type 2 Router LSAUnselectNetwork LSAUnselectSummary LSAUnselectSummary ASBR LSAUnselectNSSA External LSAUnselectAutonomous system external LSAUnselectLSA Type 3 Router LSAUnselectNetwork LSAUnselectSummary LSAUnselectSummary ASBR LSAUnselectNSSA External LSAUnselectAutonomous system external LSAUnselectLSA Type 4 Router LSAUnselectNetwork LSAUnselectSummary LSAUnselectSummary ASBR LSAUnselectNSSA External LSAUnselectAutonomous system external LSAUnselectLSA Type 5 Router LSAUnselectNetwork LSAUnselectSummary LSAUnselectSummary ASBR LSAUnselectNSSA External LSAUnselectAutonomous system external LSAUnselectLSA Type 7 Router LSAUnselectNetwork LSAUnselectSummary LSAUnselectSummary ASBR LSAUnselectNSSA External LSAUnselectAutonomous system external LSAUnselectQuestion 48 of 103 49. Click the OSPF area types to match the restriction. Right side is clickable.Normal NoneUnselectNo Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowedUnselectNo Type 3, 4 or 5 LSAs allowed except the default summary routeUnselectNo Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverseUnselectNo Type 5 AS-external LSA allowedUnselectStub NoneUnselectNo Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowedUnselectNo Type 3, 4 or 5 LSAs allowed except the default summary routeUnselectNo Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverseUnselectNo Type 5 AS-external LSA allowedUnselectTotally Stub NoneUnselectNo Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowedUnselectNo Type 3, 4 or 5 LSAs allowed except the default summary routeUnselectNo Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverseUnselectNo Type 5 AS-external LSA allowedUnselectNSSA NoneUnselectNo Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowedUnselectNo Type 3, 4 or 5 LSAs allowed except the default summary routeUnselectNo Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverseUnselectNo Type 5 AS-external LSA allowedUnselectNSSA Totally Stub NoneUnselectNo Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowedUnselectNo Type 3, 4 or 5 LSAs allowed except the default summary routeUnselectNo Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverseUnselectNo Type 5 AS-external LSA allowedUnselectQuestion 49 of 103 50. Regarding the output below, which commands should be used to redistribute routes between OSPF and EIGRP? RTR4 must receive the default route either.router eigrp 10 redistribute ospf 10 subnetsrouter ospf 10 redistribute eigrp 10 subnetsrouter eigrp 10 redistribute ospf 10 default-information originaterouter ospf 10 redistribute eigrp 10 subnetsrouter eigrp 10 redistribute ospf 10 metric 10000 100 255 1 1500router ospf 10 redistribute eigrp 10 subnetsrouter eigrp 10 redistribute ospf 10 metric 10000 100 255 1 1500 default-information originaterouter ospf 10 redistribute eigrp 10 subnetsQuestion 50 of 103 51. Regarding the following command output, which statements are true?Regarding EIGRP metric weights, just bandwidth and delay will be considered to calculate the metricRegarding EIGRP metric weights, just bandwidth and load will be considered to calculate the metricRegarding EIGRP metric weights, just delay and reliability will be considered to calculate the metricOSPF Area 10 is being redistributed into EIGRP AS 10All prefixes redistributed from static routing table is using 170 as administrative distanceAll prefixes redistributed from connected routing table is using 170 as administrative distanceQuestion 51 of 103 52. Which statements are true regarding the following command line?Router(config)# ip nat inside source static 10.1.1.2 200.1.1.2 10.1.1.2 is the outside global address200.1.1.2 is the inside global address200.1.1.2 is the inside local address10.1.1.2 is the inside local address200.1.1.2 is the outside global address10.1.1.2 is the inside global addressQuestion 52 of 103 53. An internal host cannot reach the 200.201.202.203 server on the internet.You were asked to fix this. Which commands you need to issue on RTR01 to accomplish this?BTW, the host already reaches RTR1, so don´t need to worry about routing issues. You need to allow the communication to any tcp port.ip access-list extended NAT-HOST-WWW permit tcp host 10.0.0.10 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat insideinterface GigabitEthernet0/0/0 ip nat outsideip access-list extended NAT-HOST-WWW permit ip 10.0.0.10 255.255.255.255 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat insideinterface GigabitEthernet0/0/0 ip nat outside ip access-list extended NAT-HOST-WWW permit ip 10.0.0.0 0.0.0.255 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat insideinterface GigabitEthernet0/0/0 ip nat outside ip access-list extended NAT-HOST-WWW permit ip host 10.0.0.10 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside Question 53 of 103 54. An internal HTTP service must be published to the internet using the standard HTTP port, as per the topology below.You were asked to publish only HTTP service (using the standard port) using the public IP 100.101.102.103. Which commands you need to issue on RTR01 to accomplish this?BTW, the server already reaches RTR1, so don´t need to worry about routing issues.ip nat inside source static tcp 10.0.0.10 8080 100.101.102.103 80interface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat insideip access-list extended NAT-SERVER-WWW permit tcp any host 10.0.0.10 eq 8080ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideip nat inside source static ip 10.0.0.10 100.101.102.103interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideip nat inside source static tcp 100.101.102.103 80 10.0.0.10 8080interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideQuestion 54 of 103 55. You are the security engineer of SecureIT company.You need to implement a cloud proxy solution, where your local hosts will need to reach the proxy server to access any external website.Currently, all the hosts are using static proxy configuration pointing to the IP address 192.168.100.100 and port TCP/3080.Which configuration can be used to make this migration with low impact?The new proxy IP is 200.201.202.203 and the new TCP port is TCP/9400.ip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 host 192.168.100.100 eq 3080ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static tcp 200.201.202.203 9400 192.168.100.100 3080 ip route 192.168.100.100 255.255.255.255 GigabitEthernet0/0/0 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 host 192.168.100.100 eq 3080ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static tcp 200.201.202.203 9400 192.168.100.100 3080 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 host 192.168.100.100 eq 3080ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static 200.201.202.203 192.168.100.100 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 eq 3080 host 192.168.100.100ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static 200.201.202.203 192.168.100.100 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideQuestion 55 of 103 56. Which command can be used to allow internal IP addresses from the corporate network 10.0.0.0/24 to access any public IP, using the interface Gi0/0/0 as translated source?ip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat insideip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 255.255.255.0 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat insideip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat insideip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/1 overloadip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/1 overloadinterface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat insideQuestion 56 of 103 57. You need to configure you network switch to use the router as the NTP server.Which configuration must be done in the switch to accomplish this task? Follow the information needed:NTP server IP: 192.168.0.1key: cisco ntp authentication-key 1 md5 ciscontp authenticatentp server 192.168.0.1 key 1ntp authentication-key 1 md5 ciscontp authenticatentp server 192.168.0.1ntp authentication-key 1 md5 ciscontp master 192.168.0.1 key 1ntp authentication-key 1 md5 ciscontp server 192.168.0.1ntp authentication-key ciscontp authenticatentp server 192.168.0.1 key 1Question 57 of 103 58. You need to configure a NTP server for your internal network with MD5 authentication using the password cisco.Which configuration must be done on the NTP server to accomplish this task?ntp authentication-key 1 md5 ciscontp authenticatentp trusted-key 1ntp master 5ntp authentication-key ciscontp trusted-key 1ntp master 5ntp authentication-key 1 md5 ciscontp authenticatentp trusted-key 1ntp authentication-key md5 ciscontp authenticatentp master 5ntp authentication-key 1 md5 ciscontp trusted-key 1ntp master 5Question 58 of 103 59. Drag the syslog ID on the left to the proper syslog level on the right.1 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselect2 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselect3 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselect4 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselect5 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselect6 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselect7 informationalUnselectnotificationUnselectwarningsUnselectcriticalUnselecterrorsUnselectdebuggingUnselectalertsUnselectQuestion 59 of 103 60. Which of the following configuration should be used to send syslog messages to the syslog server 192.168.0.10, limiting the messages to warning and higher? SW01(config)#logging 12.168.0.10SW01(config)#logging trap 4SW01(config)#logging 192.168.0.10SW01(config)#logging trap 4SW01(config)#logging 192.168.0.10SW01(config)#logging trap 5SW01(config)#logging 192.168.0.10SW01(config)#logging trap 3SW01(config)#logging 192.168.0.10 trap 5Question 60 of 103 61. You already configure the syslog server to receive logs from your network devices.Now, you need to limit the number of messages per second to 10. Make sure this will not affect the messages from level 3 or higher.SW01(config)#logging rate-limit 10 except 3SW01(config)#logging limit 10 except 3SW01(config)#logging limit 10 except errorsSW01(config)#logging trap 5 limit 10 except 3SW01(config)#logging trap 5 10 3Question 61 of 103 62. You configure HSRP per the topology below. After the implementation, you notice the following message:%HSRP-4-DIFFVIP1: GigabitEthernet0/0 Grp 1 active routers virtual IP address 192.168.200.1 is different to the locally configured address 192.168.200.254What can be the cause of this issue?The same IP address was used on both sides (R1/R2 and R3/R4)The same priority was used on both sides (R1/R2 and R3/R4)There is a loop on the network between the switchesThe same standby group was used on both sides (R1/R2 and R3/R4)There is no error on the logQuestion 62 of 103 63. You need to implement HSRP as per the following topology.When the primary router fails, the secondary needs to be activated. Once the primary becomes online again, it needs to be the active again.Which of the presented script can be used to accomplish the task?R1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 preemptR2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90 standby 1 preemptR3:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254 standby 254 preemptR4:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254 standby 254 prio 90 standby 254 preemptR1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 100 standby 1 preemptR2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90 standby 1 preemptR3:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 100 standby 1 preemptR4:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 90 standby 1 preemptR1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 100R2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90R3:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 100R4:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 90R1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1R2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90R3:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254R4:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254 standby 254 prio 90Question 63 of 103 64. What is the main purpose of using FHRP?Provides a secure communication between the routers.Provides the first hop redundancy using a virtual IP address, which can be shared between 2 or more routers.Provides an equal cost load balance through a virtual IP address.Provides IP address dinamically to the hosts of a network.Question 64 of 103 65. Which of the following access-list should be used to deny the following specific inbound traffic in the interface Gi0/0?SOURCE: 192.168.0.10DESTINATION: 200.200.200.200PROTOCOL: IPip access-list extended block-specific deny ip host 192.168.0.10 host 200.200.200.200 permit ip any anyinterface GigabitEthernet0/0 ip access-group block-specific inip access-list extended block-specific deny ip host 192.168.0.10 host 200.200.200.200interface GigabitEthernet0/0 ip access-group block-specific inip access-list extended block-specific deny ip 192.168.0.10 255.255.255.255 200.200.200.200 255.255.255.255 permit ip any anyinterface GigabitEthernet0/0 ip access-group block-specific inip access-list extended block-specific deny tcp host 192.168.0.10 host 200.200.200.200interface GigabitEthernet0/0 ip access-group block-specific inip access-list extended block-specific permit tcp host 192.168.0.10 host 200.200.200.200interface GigabitEthernet0/0 ip access-group block-specific inQuestion 65 of 103 66. You need to create an access-list where:- SSH traffic with destination 192.168.10.10 must be blocked just from subnet 192.168.0.0/24;- NTP traffic with destination 1.2.3.4 must be allowed just from subnet 192.168.0.0/24;- All the remaining traffic must be allowed.Which of the following access-list should be used?ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit udp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123 permit ip any anyip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit udp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 permit ip any anyip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit udp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit tcp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123 permit ip any anyip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit tcp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123Question 66 of 103 67. Drag the prefix on the right to the respective wildcard on the right.192.168.5.16/28 0.0.7.255Unselect0.0.1.255Unselect0.0.0.15Unselect0.0.0.63Unselect0.0.15.255Unselect200.201.240.0/20 0.0.7.255Unselect0.0.1.255Unselect0.0.0.15Unselect0.0.0.63Unselect0.0.15.255Unselect210.255.128.0/21 0.0.7.255Unselect0.0.1.255Unselect0.0.0.15Unselect0.0.0.63Unselect0.0.15.255Unselect10.165.54.0/23 0.0.7.255Unselect0.0.1.255Unselect0.0.0.15Unselect0.0.0.63Unselect0.0.15.255Unselect10.125.24.0/26 0.0.7.255Unselect0.0.1.255Unselect0.0.0.15Unselect0.0.0.63Unselect0.0.15.255UnselectQuestion 67 of 103 68. You need to configure a router for AAA authentication using TACACS+ and local authentication as a fallback. Which of the following script can be used?aaa new-modeltacacs-server host 10.1.2.10 key ciscoaaa authentication login default group tacacs+ localaaa authorization exec default group tacacs+ localtacacs-server host 10.1.2.10aaa authentication login default group tacacs+ localaaa authorization exec default group tacacs+ localaaa new-modeltacacs-server host 10.1.2.10 key ciscoaaa authentication login default tacacs+ localaaa authorization exec default tacacs+ localtacacs-server host 10.1.2.10 key ciscoaaa authentication login group tacacs+ localaaa authorization exec group tacacs+ localQuestion 68 of 103 69. Which of the following are characteristics of the TACACS+ protocol?Uses TCP port 49Uses UDP port 1812 and/or 1645Encrypts the entire payload of each packetEncrypts only passwordsIt´s an open standardNo command loggingFull command loggingQuestion 69 of 103 70. Which of the following are characteristics of the RADIUS protocol?Uses TCP port 49Uses UDP port 1812 and/or 1645Encrypts the entire payload of each packetEncrypts only passwordsIt´s an open standardNo command loggingFull command loggingQuestion 70 of 103 71. Drag the attack type on the left to the correct definition on the right. IP Address Spoofing Attack Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.UnselectA threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.UnselectIt is an application or device that can read, monitor, and capture network data exchanges and read network packets.UnselectIf threat actors discover a valid user account, the threat actors have the same rights as the real user.UnselectThis attack occurs when threat actors have positioned themselves between a source and destination.UnselectPassword-Based Attacks Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.UnselectA threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.UnselectIt is an application or device that can read, monitor, and capture network data exchanges and read network packets.UnselectIf threat actors discover a valid user account, the threat actors have the same rights as the real user.UnselectThis attack occurs when threat actors have positioned themselves between a source and destination.UnselectDenial of Service Attack Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.UnselectA threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.UnselectIt is an application or device that can read, monitor, and capture network data exchanges and read network packets.UnselectIf threat actors discover a valid user account, the threat actors have the same rights as the real user.UnselectThis attack occurs when threat actors have positioned themselves between a source and destination.UnselectMan-in-the-Middle Attack Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.UnselectA threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.UnselectIt is an application or device that can read, monitor, and capture network data exchanges and read network packets.UnselectIf threat actors discover a valid user account, the threat actors have the same rights as the real user.UnselectThis attack occurs when threat actors have positioned themselves between a source and destination.UnselectSniffer Attack Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.UnselectA threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.UnselectIt is an application or device that can read, monitor, and capture network data exchanges and read network packets.UnselectIf threat actors discover a valid user account, the threat actors have the same rights as the real user.UnselectThis attack occurs when threat actors have positioned themselves between a source and destination.UnselectQuestion 71 of 103 72. Which of the following definition is related to Ransomware? It can display unsolicited advertising using pop-up web browser windows, new toolbars, or unexpectedly redirect a webpage to a different website.Typically denies a user access to their files by encrypting the filesThey are used by threat actors to gain administrator account-level access to a computer.Similar to adware, but used to gather information about the user and send to threat actors without the user’s consent.self-replicating program that propagates automatically without user actions by exploiting vulnerabilities in legitimate software.Question 72 of 103 73. Which of the following definition is related to Rootkit? It can display unsolicited advertising using pop-up web browser windows, new toolbars, or unexpectedly redirect a webpage to a different website.Typically denies a user access to their files by encrypting the filesThey are used by threat actors to gain administrator account-level access to a computer.Similar to adware, but used to gather information about the user and send to threat actors without the user’s consent.self-replicating program that propagates automatically without user actions by exploiting vulnerabilities in legitimate software.Question 73 of 103 74. Which of the following script can be used to configure SSHv2 as authentication protocol?ip domain name cisco.comcrypto key generate rsa modulus 2048ip ssh version 2ip domain name cisco.comip ssh version 2crypto key generate rsa 2048ip ssh version 2ip domain name cisco.comcrypto key generate rsa 2048ip ssh version 2ip domain name cisco.comcrypto key generate modulus 2048ip ssh version 2ip domain name cisco.comcrypto key rsa modulus 2048ip ssh version 2Question 74 of 103 75. Which type of hacker attempt to discover exploits and report them to vendors, sometimes for prizes or rewards? Script KiddiesVulnerability BrokerHacktivistsCyber criminalsState-SponsoredQuestion 75 of 103 76. Which switch feature can be used to protect the network against man-in-the-middle attacks?Dynamic ARP Inspectionaccess-listDHCPIDSWSAQuestion 76 of 103 77. You need to activate DAI in the VLAN 10 per the following definitions:Ports 1 to 40 - UntrustedPorts 41 to 48 - TrustedWhich script can be used?SW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/41-48SW1(config-if)# ip arp inspection trustSW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/1-40SW1(config-if)# ip arp inspection untrustSW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/1-40SW1(config-if)# ip arp inspection untrustSW1(config-if)# interface range Gi1/0/41-48SW1(config-if)# ip arp inspection trustSW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/1-40SW1(config-if)# no ip arp inspection trustSW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/41-48SW1(config-if)# no ip arp inspection trustQuestion 77 of 103 78. Which type of IPv6 address are allocated from the unicast address space to be assigned to a set of interfaces that typically belong to different nodes?UnicastBroadcastAnycastMulticastGlobal UnicastQuestion 78 of 103 79. Which of the following are multicast addresses?232.1.2.3FF02::1FE80::1240.3.2.12001::12002::2Question 79 of 103 80. Which statement provides the correct value used by the host to assign itself an EUI-64 address from it´s MAC address?0xFFFE0xFE800xFF000xFFFF0xFF80Question 80 of 103 81. Which of the following statements are needed to assign a EUI-64 IPv6 address to an interface using a specific prefix?RTR1(config)#ipv6 unicast-routing RTR1(config-if)#ipv6 address 2001:abc:1234:2::32/64 eui-64 RTR1(config-if)#ipv6 address 2001:abc:1234:2::32 eui-64 RTR1(config)#ipv6 routingRTR1(config-if)#ipv6 address autoconfig eui-64 Question 81 of 103 82. After you create the NAT entry to use the cloud proxy internally in your network, you need to evolve this architecture changing the IP based proxy to a DNS name-based implementation.As you don´t have any DNS server locally (since this is a small office), you need to configure DNS service on the router and create an entry for the proxy server.The name will be proxy.secureit.net and the IP address is 192.168.100.100.As per the corporate policy, no public access is allowed directly from hosts, just through the proxy. So, make sure public hosts will not be translated.Which configuration must be used to accomplish this task?R1(config)# ip dns serverR1(config)# ip domain-lookupR1(config)# ip name-server 8.8.8.8 1.1.1.1R1(config)# ip host proxy.secureit.net 192.168.100.100R1(config)# ip name-server 8.8.8.8 1.1.1.1R1(config)# ip host proxy.secureit.net 192.168.100.100R1(config)# ip domain-lookupR1(config)# ip name-server 8.8.8.8 1.1.1.1R1(config)# ip host proxy.secureit.net 192.168.100.100R1(config)# ip domain-lookupR1(config)# ip host proxy.secureit.net 192.168.100.100R1(config)# ip dns serverR1(config)# ip host proxy.secureit.net 192.168.100.100Question 82 of 103 83. Everytime you misspell a command, the router tries to translate it. Since you are not using DNS on the router, you want to disable it.Which command can be used in a Cisco router to avoid the router from DNS translations?no ip domain-lookupno ip dns serverno ip name-serverno ip dns clientno dns clientQuestion 83 of 103 84. What is the definition of LLQ and what is the command to configure it?Low Latency Queuing (LLQ) provides strict priority queueing for CBWFQ, reducing jitter in voice conversations.Low Latency Queuing (LLQ) allows you to control the maximum rate of traffic transmitted or received on an interface.Low Latency Queuing (LLQ) can selectively discard lower priority traffic when the interface begins to get congested and provide differentiated performance characteristics for different classes of service.Router(config-pmap-c)# priority 50Router(config-pmap-c)# shape average 384000 15440Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action dropRouter(config-pmap-c)# random-detect dscp-basedQuestion 84 of 103 85. Which of the following statements is the term used to indicate the difference in the end-to-end delay between packets?delaylatencyjitterlosspriorityQuestion 85 of 103 86. You need to implement a QoS policy in your network.The first task is to define the QoS classes.Which of the following definitions would be the recommended?Voice - EFCall-signalling - CS3Interactive Video - AF41Critical Data - AF31Bulk Data - AF11Network Management - CS2Call-signalling - EFVoice - AF41Interactive Video - AF31Critical Data - AF21Bulk Data - AF11Network Management - CS2Voice - CS1Call-signalling - CS3Interactive Video - AF31Critical Data - AF21Bulk Data - AF11Network Management - CS2Voice - AF41Call-signalling - AF31Interactive Video - CS4Critical Data - CS3Bulk Data - CS2Network Management - CS1Voice - AF41Call-signalling - AF31Interactive Video - AF21Critical Data - AF11Bulk Data - CS1Network Management - CS2Question 86 of 103 87. Regarding QoS Conditionally-Trusted Endpoint. Which protocol is used to identify a Cisco phone connected to the switch, trusting it´s QoS markings?COSCDPQoSAutoQoSLDPQuestion 87 of 103 88. You already configure voice and access VLAN to all users ports on a switch. Which of the following commands are necessary to enable port security and limit the number of mac addresses per port to 1 on each voice and access vlan?Make sure the ports will not disable when a violation occurs. Just drop the unknown source address packets and generates a SNMP trap to the syslog.SW01(config-if)#switchport port-securitySW01(config-if)#switchport port-security maximum 1 vlan accessSW01(config-if)#switchport port-security maximum 1 vlan voiceSW01(config-if)#switchport port-security maximum 1SW01(config-if)# switchport port-security violation restrictSW01(config-if)# switchport port-security violation shutdownSW01(config-if)# switchport port-security violation protectQuestion 88 of 103 89. Drag each WLAN Standard on the left, to it´s description on the right.802.11 Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselect802.11a Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselect802.11b Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselect802.11g Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselect802.11n Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselect802.11ac Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselect802.11ax Speeds of up to 11 Mbps and it´s better able to penetrate building structuresUnselectProvides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technologyUnselectData rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet)UnselectSpeeds of up to 2 MbpsUnselectSpeeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11gUnselectReleased in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devicesUnselectSpeeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacityUnselectQuestion 89 of 103 90. Which of the following WLAN authentication method uses the Advanced Encryption Standard (AES) for encryption?WEPWPAWPA2WPA3WPA4Question 90 of 103 91. Which of the following are WLAN authentication methods?WEPWPAWPA2WPA3WPA4Question 91 of 103 92. Which ports are used by CAPWAP to stablish the control message tunnel and the data tunnel, respectively?UDP/5246 and UDP/5247UDP/1646 and UDP/1647TCP/5246 and TCP/5247TCP/1646 and TCP/1647UDP/1812 and UDP/1813Question 92 of 103 93. On which type of wireless deployment access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost?FlexConnectCAPWAPLWAPPAutonomousBSSQuestion 93 of 103 94. In a controller-based network architecture, the controller needs to communicate to the networking devices.What is the name of the interface between the controller and those devices?Southbound InterfaceNorthbound InterfaceControl PlaneData PlaneManagement PlaneQuestion 94 of 103 95. The SDN solution architecture has three layers. Which of the following protocols run in the Control Plane layer?OSPFBGPIPSSHTelnetQuestion 95 of 103 96. Which Cisco DNA solution enables network access in minutes for any user or device to any application without compromising security?ACISD-AccessSD-WANCisco DNA AssuranceCisco DNA SecurityQuestion 96 of 103 97. Your company want to reduce costs by replacing current MPLS solution by internet links using VPN to connect the locations.Since you have 9 locations which must connect each other, which of the following is the best solution in this case?All the locations have Cisco routers and they will not be replaced at this time.DMVPNSSL VPNFlexVPNVPN Site-to-SiteRemote Access VPNQuestion 97 of 103 98. Which of the following is a VPN type with which, users can access the private networks over internet remotely?Remote Access VPNSite to Site VPN DMVPNFlexVPNQuestion 98 of 103 99. Which command configures the router to act as a Relay Agent for DHCP?ip helper-address 192.168.1.10ip dhcp forward 192.168.1.10ip dhcp proxy agent 192.168.1.10ip dhcp-proxy 192.168.1.10Question 99 of 103 100. Which of the following option can be used to create the following DHCP scope:IP pool range: 10.10.1.20 - 10.10.1.200Default Gateway: 10.10.1.1Mask: 255.255.255.0TFTP Server: 192.168.10.10DNS: 10.10.10.10 10.10.10.11Router(config)#ip dhcp excluded-address 10.10.1.1 10.10.1.19Router(config)#ip dhcp excluded-address 10.10.1.201 10.10.1.254Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-router 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 150 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0Router(config)#ip dhcp excluded-address 10.10.1.1 10.10.1.20Router(config)#ip dhcp excluded-address 10.10.1.200 10.10.1.254Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-gateway 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 53 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0Router(config)#ip dhcp excluded-address 10.10.1.20 10.10.1.200Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-router 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 69 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0Router(config)#ip dhcp excluded-address 10.10.1.1 10.10.1.20Router(config)#ip dhcp excluded-address 10.10.1.200 10.10.1.254Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-gateway 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 69 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0Question 100 of 103 101. Considering the following script:Which data format was used to write the code above?JSONXMLYAMLHTMLQuestion 101 of 103 102. Which of the following agentless automation tool uses SSH to connect to the network devices?AnsiblePuppetChefAPICACIQuestion 102 of 103 103. Which automation tool uses only a server-client architecture based in a pull deployment model, where the clients check regularly on the server if anything needs to be updated?PuppetChefAnsibleAPICYAMLXMLQuestion 103 of 103 Loading...