Free CCNA Practice Test - 200-301 Exam Walkthrough

Check out our Cisco CCNA video and lab course by clicking on 'Courses' above.

Our books for the Cisco CCNA are all available on Amazon.

The left are IPv6 prefixes, while the right are the IPv6 prefix types. Click on the right item which matches the left. Click again to deselect.

2000::/3	Link local Unselect Unique local Unselect Global unicast Unselect 6to4 Unselect Multicast Unselect
fc00::/7	Link local Unselect Unique local Unselect Global unicast Unselect 6to4 Unselect Multicast Unselect
fe80::/10	Link local Unselect Unique local Unselect Global unicast Unselect 6to4 Unselect Multicast Unselect
2002::/16	Link local Unselect Unique local Unselect Global unicast Unselect 6to4 Unselect Multicast Unselect
ff00::/8	Link local Unselect Unique local Unselect Global unicast Unselect 6to4 Unselect Multicast Unselect

Question 1 of 103

You have the following topology in your network and a Frame Flooding attack just ended.
Just after the attack you connect a new host on the network (host C) and start sending traffic to host A, what happens and what you can do to prevent your environment from this to happening again?

The switch 1 will forward the traffic just to host A. The best way to prevent the network from this attack is using access-list on all switch ports.

The switch 1 will forward the traffic to hosts A and B. The best way to prevent the network from this attack is using spanning-tree portfast on all switch ports.

The switch 1 will forward the traffic to hosts A, B and C. The best way to prevent the network from this attack is using port security on all switch ports.

The switch 1 will forward the traffic to all the ports, including hosts A, B and the uplink port. The best way to prevent the network from this attack is using port security on all switch ports, except the uplink port.

No packet will be forwarded until the switch is reloaded. The best way to prevent the network from this attack is using spanning-tree BPDU Guard enabled on all switch ports, except the uplink port.

Question 2 of 103

Three new switches were just installed and the host A cannot ping host C. Which statements are true regarding the configuration below?

Switch1 doesn´t have the VLAN 30 on it´s VLAN database.

On Switch2, vlan 10 must be allowed on trunk interface Gi1/0/23.

Switch3 doesn´t have the VLAN 30 on it´s VLAN database.

Switch3 Gi1/0/1 interface must be configured as mode access to work this communication.

Switch1 Gi1/0/1 interface must be configured as mode trunk to work this communication.

Switch1 doesn´t have the VLAN 10 on it´s VLAN database.

Question 3 of 103

Refer to the command output below:

Which statements are true regarding the routing table above?

The destination address 192.168.230.10 will be reachable via 10.15.11.240.

The destination address 10.15.2.100 will be reachable via 10.15.106.142.

The destination address 191.168.0.1 will be reachable via 10.15.11.240.

Switch is using BGP as a routing protocol to learn the route to the destination address 192.168.40.5.

Switch is using Static route to learn the route to the destination subnet 10.51.28.0/22.

Switch is using BGP and OSPF as routing protocols.

Question 4 of 103

Regarding the following architecture, which statements are true?

In this architecture, every lower-tier switch (leaf layer) is connected to each of the top-tier switches (spine layer) in a full-mesh topology.

In this architecture, every lower-tier switch (Spine layer) is connected to each of the top-tier switches (Leaf layer) in a full-mesh topology.

All switches are connected each other in a full mesh topology.

The leaf layer consists of access switches that connect to devices such as servers, firewalls, etc.

Firewalls must be connected to the Spine switches.

STP protocol is used to prevent from network loops.

Question 5 of 103

Which of the following are examples of WAN multi-access networks? Choose all that apply.

Layer 3 MPLS service

Metro Ethernet E-LAN service (L2 VPLS)

Older WAN technologies, such as Frame Relay and ATM

DMVPN

SD-WAN

Metro Ethernet E-Line service

VPN site-to-site

Question 6 of 103

Regarding WAN architecture, which of the following are examples of point-to-point connection? Choose all that apply.

Layer 3 MPLS service

Metro Ethernet E-LAN service (L2 VPLS)

Older WAN technologies, such as Frame Relay and ATM

DMVPN

SD-WAN

Metro Ethernet E-Line service

VPN site-to-site

Question 7 of 103

Considering the THREE TIER network architecture model, which of the following statements are true regarding the DISTRIBUTION Layer?

Aggregation of LAN or WAN links.

Policy-based security in the form of access control lists (ACLs) and filtering.

Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The device acts as the demarcation point between broadcast domains.

Providing high-speed switching.

Providing reliability and fault tolerance.

Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or other processes.

Question 8 of 103

Considering the THREE TIER network architecture model, which of the following statements are true regarding the CORE Layer?

Aggregation of LAN or WAN links.

Policy-based security in the form of access control lists (ACLs) and filtering.

Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The device acts as the demarcation point between broadcast domains.

Providing high-speed switching.

Providing reliability and fault tolerance.

Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or other processes.

Question 9 of 103

10.

Click on the correct descriptions of the Cloud Service types. Click again to unselect.

Infrastructure As A Service (IAAS)	The examples of this model are Azure Cloud Services and AWS Elastic Beanstalk. Unselect The examples of this model are Amazon Web Services and Microsoft Azure. Unselect The examples of this model are SalesForce and Office 365. Unselect
Platform As A Service (PAAS)	The examples of this model are Azure Cloud Services and AWS Elastic Beanstalk. Unselect The examples of this model are Amazon Web Services and Microsoft Azure. Unselect The examples of this model are SalesForce and Office 365. Unselect
Software As A Service (SAAS)	The examples of this model are Azure Cloud Services and AWS Elastic Beanstalk. Unselect The examples of this model are Amazon Web Services and Microsoft Azure. Unselect The examples of this model are SalesForce and Office 365. Unselect

Question 10 of 103

11.

Select all statements which represents IAAS solutions provided by Cisco?

CSR 1000V

Duo

Meraki vMX

NGFWv

ASAv

Cloudlock

Umbrella

Question 11 of 103

12.

Select all statements which represents SaaS solutions.

Facebook

Gmail

Microsoft Azure

NGFWv

ASAv

SalesForce

Amazon Web Services

Question 12 of 103

13.

Regarding the following topology, which statement is TRUE?

Running show cdp neighbors" command on Switch A, the output of this command will show Switch C and Switch D connected to the port Gi1/0/24."

Running show cdp neighbors" command on Switch D, the output of this command will show Switch A and Switch B connected to the port Gi1/0/24."

Running show cdp neighbors" command on Switch C, the output of this command will show Switch A and Switch D connected to the port Gi1/0/22."

Running show cdp neighbors" command on Switch B, the output of this command will show Switch A connected to the port Gi1/0/23, Switch D connected to the port Gi1/0/24 and Switch C connected to the port Gi1/0/22."

Running show cdp neighbors" command on Switch A, C and D will show no neighbors."

Question 13 of 103

14.

Regarding the following topology, which statement is TRUE?

Running show cdp neighbors" command on Switch A, the output of this command will show Switch C and Switch D connected to the port Gi1/0/24."

Running show cdp neighbors" command on Switch D, the output of this command will show Switch A and Switch B connected to the port Gi1/0/24."

Running show cdp neighbors" command on Switch C, the output of this command will show Switch A and Switch D connected to the port Gi1/0/22."

Running show cdp neighbors" command on Switch A, C and D will show no neighbors."

Question 14 of 103

15.

Refer to the following config output and select the correct statement.

RTR01 is a Cisco 1905 router connected to the interface Gi1/0/27 of SW01.

SW02 is a Cisco 2940 switch connected to the interface Gi0/1 of SW01.

IP phone SEPC40ACBE1651B is connected to the interface Gi1/0/4 of SW01.

RTR01 is a Cisco 1905 router connected to the interface Gi0/1 of SW01.

Question 15 of 103

16.

Refer to the following 'show lldp neighbor detail' output.

Which of the following information is possible to get from the LLDP neighbor, according to this output? Select all that apply.

Software version

Management Address

Port Description

Uptime

Serial Number

Question 16 of 103

17.

Click on the supported speed which match the types of SFPs.

SFP	10 Gbps Unselect 100/400 Gbps Unselect 25 Gbps Unselect 1 Gbps Unselect 40 Gbps Unselect 40/100 Gbps Unselect
SFP+	10 Gbps Unselect 100/400 Gbps Unselect 25 Gbps Unselect 1 Gbps Unselect 40 Gbps Unselect 40/100 Gbps Unselect
SFP28	10 Gbps Unselect 100/400 Gbps Unselect 25 Gbps Unselect 1 Gbps Unselect 40 Gbps Unselect 40/100 Gbps Unselect
QSFP	10 Gbps Unselect 100/400 Gbps Unselect 25 Gbps Unselect 1 Gbps Unselect 40 Gbps Unselect 40/100 Gbps Unselect
QSFP28	10 Gbps Unselect 100/400 Gbps Unselect 25 Gbps Unselect 1 Gbps Unselect 40 Gbps Unselect 40/100 Gbps Unselect
QSFP-DD	10 Gbps Unselect 100/400 Gbps Unselect 25 Gbps Unselect 1 Gbps Unselect 40 Gbps Unselect 40/100 Gbps Unselect

Question 17 of 103

18.

Click the 'show interfaces' field to its description. Right side is clickable.

Ethernet . . . is up	Indicates whether the interface hardware is currently active. Unselect Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address. Unselect Gives the maximum transmission unit of the interface. Unselect Indicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful) Unselect Gives the bandwidth of the interface in kilobits per second. Unselect Indicates whether interface has been taken down by an administrator. Unselect
Ethernet . . . is administratively down	Indicates whether the interface hardware is currently active. Unselect Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address. Unselect Gives the maximum transmission unit of the interface. Unselect Indicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful) Unselect Gives the bandwidth of the interface in kilobits per second. Unselect Indicates whether interface has been taken down by an administrator. Unselect
line protocol is up	Indicates whether the interface hardware is currently active. Unselect Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address. Unselect Gives the maximum transmission unit of the interface. Unselect Indicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful) Unselect Gives the bandwidth of the interface in kilobits per second. Unselect Indicates whether interface has been taken down by an administrator. Unselect
Hardware	Indicates whether the interface hardware is currently active. Unselect Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address. Unselect Gives the maximum transmission unit of the interface. Unselect Indicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful) Unselect Gives the bandwidth of the interface in kilobits per second. Unselect Indicates whether interface has been taken down by an administrator. Unselect
MTU	Indicates whether the interface hardware is currently active. Unselect Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address. Unselect Gives the maximum transmission unit of the interface. Unselect Indicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful) Unselect Gives the bandwidth of the interface in kilobits per second. Unselect Indicates whether interface has been taken down by an administrator. Unselect
BW	Indicates whether the interface hardware is currently active. Unselect Specifies the hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address. Unselect Gives the maximum transmission unit of the interface. Unselect Indicates whether the software processes that handle the line protocol believe that the interface is usable (that is, whether keepalives are successful) Unselect Gives the bandwidth of the interface in kilobits per second. Unselect Indicates whether interface has been taken down by an administrator. Unselect

Question 18 of 103

19.

Refer to the command outputs below and select all the correct statements.

The IP address 192.168.40.2 is reachable via Gi1/0/2 on SW01.

192.168.101.1 is the IP address of interface VLAN 101 on switch SW01.

VLAN 95 has no hosts connected.

The IP address 192.168.40.2 is reachable via Gi1/0/23 on SW01.

The IP address 192.168.10.47 is reachable via Gi1/0/4 on SW01.

Question 19 of 103

20.

You are the network analyst of FloodIT company and you need to restrict the management access to the RTR01 router, where just the IP 192.168.10.100 will be able to access it through SSH. No other host or protocol should be allowed. Which commands should be used to accomplish this task?

ip access-list standard SSH permit 192.168.10.100line vty 0 15 access-class SSH in transport input ssh

ip access-list standard SSH permit 192.168.10.100line vty 0 15 transport input ssh

ip access-list standard SSH permit 192.168.10.100line vty 0 15 access-class SSH in

ip access-list standard SSH permit tcp host 192.168.0.100 any eq 22line vty 0 15 access-class SSH in transport input ssh

Question 20 of 103

21.

Considering the PAgP protocol, which statements are true?

It´s a Cisco proprietary protocol.

Can be configured as auto or desirable mode.

Can be configured as active or passive mode.

A port in the auto mode cannot form an EtherChannel with another port that is also in the auto mode.

A port in the desirable mode cannot form an EtherChannel with another port that is also in the desirable mode.

A port in the passive mode cannot form an EtherChannel with another port that is also in the passive mode.

Question 21 of 103

22.

Considering the LACP protocol, which statements are true?

It´s a Cisco proprietary protocol.

Can be configured as auto or desirable mode.

Can be configured as active or passive mode.

A port in the auto mode cannot form an EtherChannel with another port that is also in the auto mode.

A port in the desirable mode cannot form an EtherChannel with another port that is also in the desirable mode.

A port in the passive mode cannot form an EtherChannel with another port that is also in the passive mode.

Question 22 of 103

23.

You need to configure the switch SW01 to stablish a trunk connection to the SW02.
On this configuration, SW01 must communicate through all the VLANs with SW02.
All the untagged traffic must be tagged as VLAN 100.
Which script you should use to accomplish this task?

SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode trunkSW01(config-if)#switchport access vlan 100

SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode trunkSW01(config-if)#switchport trunk native vlan 100

SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode trunkSW01(config-if)#switchport trunk allowed vlan 100

SW01(config)#interface GigabitEthernet1/0/1 SW01(config-if)#switchport mode accessSW01(config-if)#switchport access vlan 100

Question 23 of 103

24.

Refer to the 'show interface Gi1/0/1 switchport' output command below.

If this interface receives an untagged traffic, to which VLAN this traffic will be delivered?

VLAN 1

VLAN 2

VLAN 5

VLAN 1001

Question 24 of 103

25.

Which protocol should be used to configure a trunk interface between some Cisco switch and a Cisco router?

802.1q

802.1p

802.11a

ISL

LACP

PAgP

Question 25 of 103

26.

Refer to the 'show interface Gi1/0/23 switchport' command output.

Which VLANs are allowed to communicate through this interface?

VLANs 7,10,15,20,30,40

VLANs 2 to 1001

Any VLAN

VLAN 1

VLANs 5,7,10,15,20,30,40

VLAN 5

Question 26 of 103

27.

You are including a new switch to your network infrastructure.
Before connect the switch to the network, you delete all VLAN entries, configure VTP mode as client and configure the same VTP domain from the current network.
When you connect the switch to the network, all the network stops responding. What can be the issue?

You forgot to setup the VTP password.

The new switch has a higher Configuration Revision number than the current VTP setup. Due to this, the VLAN configuration from the new switch was propagated to all the network.

The new switch has a lowest Configuration Revision number than the current VTP setup. Due to this, the VLAN configuration from the new switch was propagated to all the network.

The new switch has a different VTP domain from the current VTP setup.

You should configure the new switch as VTP server.

Question 27 of 103

28.

Considering the following command output, select all the correct statements.

This switch is using 802.1D protocol.

This interface Gi0/2 is in blocking state and will not communicate through VLAN 1.

If the spanning-tree priority is changed to 28672, this switch will be elected as root bridge.

This switch is the root bridge for VLAN 1.

If the spanning-tree priority is changed to 32767, this switch will be elected as root bridge.

The switch is not using the default cost value for the interface Gi0/1.

Question 28 of 103

29.

Click to match the interface speed to the proper default STP port cost value.

100Gbps	19 Unselect 4 Unselect 2 Unselect 100 Unselect 1 Unselect
10Gbps	19 Unselect 4 Unselect 2 Unselect 100 Unselect 1 Unselect
1Gbps	19 Unselect 4 Unselect 2 Unselect 100 Unselect 1 Unselect
100Mbps	19 Unselect 4 Unselect 2 Unselect 100 Unselect 1 Unselect
10Mbps	19 Unselect 4 Unselect 2 Unselect 100 Unselect 1 Unselect

Question 29 of 103

30.

When a switch comes up, there is a sequence of STP port states used by STP to prevent loops. Put the following port states in order as per the definition.

learning
forwarding
blocking
initialization
listening

Question 30 of 103

31.

TCP and UDP protocols are part of which OSI Model layer?

Physical

Data Link

Network

Transport

Session

Presentation

Application

Question 31 of 103

32.

What are the standard ports used by SSH and HTTP protocols, respectively?

TCP/22 and TCP/80

TCP/21 and TCP/80

UDP/22 and UDP/80

TCP/22 and TCP/443

TCP/22 and TCP/81

TCP/22 and TCP/88

Question 32 of 103

33.

Select the characteristics of TCP protocol. Choose all that apply.

Connection oriented

Connectionless

Reliable

Higher header overhead

Sequencing of data packets

Re-transmission of lost packets

Faster than UDP

Lower header overhead

Question 33 of 103

34.

Which of the following are IP address networks reserved for private address as per RFC 1918?

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

100.0.0.0/16

172.0.0.0/12

172.168.0.0/16

Question 34 of 103

35.

Which CIDR better fits the summarization of the prefixes 200.1.32.0/24, 200.1.33.0/24, 200.1.34.0/24 and 200.1.35.0/24?

200.1.32.0/23

200.1.32.0/22

200.1.32.0/21

200.1.32.0/20

200.1.32.0/19

Question 35 of 103

36.

Which of the following are usable IP addresses?

192.168.10.10/31

192.168.0.16/29

10.245.200.129/26

200.201.255.224/27

10.9.10.255/23

192.168.255.31/27

Question 36 of 103

37.

What is the correct subnet mask for the prefix 192.168.123.0/27

255.255.255.240

255.255.255.224

255.255.255.248

255.255.255.220

255.255.255.192

Question 37 of 103

38.

What is the correct wildcard mask for the prefix 200.116.222.0/29

0.0.0.15

0.0.0.7

0.0.0.31

255.255.255.248

255.255.255.240

255.255.255.224

Question 38 of 103

39.

Which command should be used to add a route to the subnet 10.0.0.0/25 using 192.168.1.1 as a gateway on IOS?

ip route 10.0.0.0 255.255.255.0 192.168.1.1

ip route 10.0.0.0 255.255.255.128 192.168.1.1

ip route 10.0.0.0 255.255.254.0 192.168.1.1 1

ip route 10.0.0.0/25 192.168.1.1

Question 39 of 103

40.

What is the correct order in the route selection process?

Administrative distance
Prefix length
Metrics

Question 40 of 103

41.

On the table below, which Next Hop will be used to reach 192.168.1.10?

172.16.1.2

172.16.2.1

172.16.3.1

172.16.1.1

172.16.10.1

Question 41 of 103

42.

On the table below, which Next Hop will be used to reach 192.168.1.10?

172.16.1.2

172.16.2.1

172.16.3.1

172.16.1.1

172.16.10.1

Question 42 of 103

43.

On the following routing table, which will be the next hop to the destination address 192.168.32.1?

10.1.1.1

10.1.1.2

10.1.1.3

10.1.1.4

Question 43 of 103

44.

The adjacency building process takes effect after multiple stages have been fulfilled.
Drag the OSPF transitional stages in the correct order.

Down
Full
Exchange
Two-way
Exstart
Init
Loading

Question 44 of 103

45.

Which interface level command should be used to configure it on OSPF area 10?

RTR1(config-if)#network 192.168.10.0 0.0.0.255 area 10

RTR1(config-if)#ip ospf 1 area 10

RTR1(config-if)#ip ospf area 10

RTR1(config-if)#ip ospf 10

RTR1(config-if)#ip ospf 10 area 1

RTR1(config-if)#ip ospf 192.168.10.0 255.255.255.0 area 10

Question 45 of 103

46.

Refer to the following show output.

Which statements are true regarding the output above?

This router is the designated router for area 1.

This router is using the default timer values.

This router is using 192.168.255.1 as router ID.

This router is using 192.168.255.3 as router ID.

Question 46 of 103

47.

Refer to the show ip route outputs below.

What script should be used to advertise the default route (since the default route is on routing table) and 10.x.x.x subnets from area 0 as 10.0.0.0/21 to RTR3?

RTR1(config-router)#area 0 range 10.0.0.0 255.255.224.0RTR1(config-router)#default information originate

RTR1(config-router)#area 0 range 10.0.0.0 255.255.248.0RTR1(config-router)#default-information originate

RTR1(config-router)#area 0 range 10.0.0.0 255.255.240.0RTR1(config-router)#default-information originate always

RTR1(config-router)#area 0 range 10.0.0.0 255.255.240.0RTR1(config-router)#default-information originate

Question 47 of 103

48.

Click the OSPF LSA Types which match the proper description on the right. Right side is clickable.

LSA Type 1	Router LSA Unselect Autonomous system external LSA Unselect Summary ASBR LSA Unselect Summary LSA Unselect NSSA External LSA Unselect Network LSA Unselect
LSA Type 2	Router LSA Unselect Autonomous system external LSA Unselect Summary ASBR LSA Unselect Summary LSA Unselect NSSA External LSA Unselect Network LSA Unselect
LSA Type 3	Router LSA Unselect Autonomous system external LSA Unselect Summary ASBR LSA Unselect Summary LSA Unselect NSSA External LSA Unselect Network LSA Unselect
LSA Type 4	Router LSA Unselect Autonomous system external LSA Unselect Summary ASBR LSA Unselect Summary LSA Unselect NSSA External LSA Unselect Network LSA Unselect
LSA Type 5	Router LSA Unselect Autonomous system external LSA Unselect Summary ASBR LSA Unselect Summary LSA Unselect NSSA External LSA Unselect Network LSA Unselect
LSA Type 7	Router LSA Unselect Autonomous system external LSA Unselect Summary ASBR LSA Unselect Summary LSA Unselect NSSA External LSA Unselect Network LSA Unselect

Question 48 of 103

49.

Click the OSPF area types to match the restriction. Right side is clickable.

Normal	None Unselect No Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverse Unselect No Type 3, 4 or 5 LSAs allowed except the default summary route Unselect No Type 5 AS-external LSA allowed Unselect No Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowed Unselect
Stub	None Unselect No Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverse Unselect No Type 3, 4 or 5 LSAs allowed except the default summary route Unselect No Type 5 AS-external LSA allowed Unselect No Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowed Unselect
Totally Stub	None Unselect No Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverse Unselect No Type 3, 4 or 5 LSAs allowed except the default summary route Unselect No Type 5 AS-external LSA allowed Unselect No Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowed Unselect
NSSA	None Unselect No Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverse Unselect No Type 3, 4 or 5 LSAs allowed except the default summary route Unselect No Type 5 AS-external LSA allowed Unselect No Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowed Unselect
NSSA Totally Stub	None Unselect No Type 5 AS-external LSAs allowed, but Type 7 LSAs that convert to Type 5 at the NSSA ABR can traverse Unselect No Type 3, 4 or 5 LSAs allowed except the default summary route Unselect No Type 5 AS-external LSA allowed Unselect No Type 3, 4 or 5 LSAs except the default summary route, but Type 7 LSAs that convert to Type 5 at the NSSA ABR are allowed Unselect

Question 49 of 103

50.

Regarding the output below, which commands should be used to redistribute routes between OSPF and EIGRP? RTR4 must receive the default route either.

router eigrp 10 redistribute ospf 10 subnetsrouter ospf 10 redistribute eigrp 10 subnets

router eigrp 10 redistribute ospf 10 default-information originaterouter ospf 10 redistribute eigrp 10 subnets

router eigrp 10 redistribute ospf 10 metric 10000 100 255 1 1500router ospf 10 redistribute eigrp 10 subnets

router eigrp 10 redistribute ospf 10 metric 10000 100 255 1 1500 default-information originaterouter ospf 10 redistribute eigrp 10 subnets

Question 50 of 103

51.

Regarding the following command output, which statements are true?

Regarding EIGRP metric weights, just bandwidth and delay will be considered to calculate the metric

Regarding EIGRP metric weights, just bandwidth and load will be considered to calculate the metric

Regarding EIGRP metric weights, just delay and reliability will be considered to calculate the metric

OSPF Area 10 is being redistributed into EIGRP AS 10

All prefixes redistributed from static routing table is using 170 as administrative distance

All prefixes redistributed from connected routing table is using 170 as administrative distance

Question 51 of 103

52.

Which statements are true regarding the following command line?
Router(config)# ip nat inside source static 10.1.1.2 200.1.1.2

10.1.1.2 is the outside global address

200.1.1.2 is the inside global address

200.1.1.2 is the inside local address

10.1.1.2 is the inside local address

200.1.1.2 is the outside global address

10.1.1.2 is the inside global address

Question 52 of 103

53.

An internal host cannot reach the 200.201.202.203 server on the internet.
You were asked to fix this. Which commands you need to issue on RTR01 to accomplish this?
BTW, the host already reaches RTR1, so don´t need to worry about routing issues. You need to allow the communication to any tcp port.

ip access-list extended NAT-HOST-WWW permit tcp host 10.0.0.10 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat insideinterface GigabitEthernet0/0/0 ip nat outside

ip access-list extended NAT-HOST-WWW permit ip 10.0.0.10 255.255.255.255 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat insideinterface GigabitEthernet0/0/0 ip nat outside

ip access-list extended NAT-HOST-WWW permit ip 10.0.0.0 0.0.0.255 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat insideinterface GigabitEthernet0/0/0 ip nat outside

ip access-list extended NAT-HOST-WWW permit ip host 10.0.0.10 host 200.201.202.203ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

Question 53 of 103

54.

An internal HTTP service must be published to the internet using the standard HTTP port, as per the topology below.
You were asked to publish only HTTP service (using the standard port) using the public IP 100.101.102.103. Which commands you need to issue on RTR01 to accomplish this?
BTW, the server already reaches RTR1, so don´t need to worry about routing issues.

ip nat inside source static tcp 10.0.0.10 8080 100.101.102.103 80interface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat inside

ip access-list extended NAT-SERVER-WWW permit tcp any host 10.0.0.10 eq 8080ip nat inside source list NAT-HOST-WWW interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

ip nat inside source static ip 10.0.0.10 100.101.102.103interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

ip nat inside source static tcp 100.101.102.103 80 10.0.0.10 8080interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

Question 54 of 103

55.

You are the security engineer of SecureIT company.
You need to implement a cloud proxy solution, where your local hosts will need to reach the proxy server to access any external website.
Currently, all the hosts are using static proxy configuration pointing to the IP address 192.168.100.100 and port TCP/3080.
Which configuration can be used to make this migration with low impact?
The new proxy IP is 200.201.202.203 and the new TCP port is TCP/9400.

ip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 host 192.168.100.100 eq 3080ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static tcp 200.201.202.203 9400 192.168.100.100 3080 ip route 192.168.100.100 255.255.255.255 GigabitEthernet0/0/0 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

ip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 host 192.168.100.100 eq 3080ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static tcp 200.201.202.203 9400 192.168.100.100 3080 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

ip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 host 192.168.100.100 eq 3080ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static 200.201.202.203 192.168.100.100 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

ip access-list extended WWW-HOST-NAT permit tcp 10.0.0.0 0.0.0.255 eq 3080 host 192.168.100.100ip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadip nat outside source static 200.201.202.203 192.168.100.100 interface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

Question 55 of 103

56.

Which command can be used to allow internal IP addresses from the corporate network 10.0.0.0/24 to access any public IP, using the interface Gi0/0/0 as translated source?

ip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat inside

ip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 255.255.255.0 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat inside

ip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/0 overloadinterface GigabitEthernet0/0/1 ip nat outsideinterface GigabitEthernet0/0/0 ip nat inside

ip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/1 overload

ip access-list extended WWW-HOST-NAT permit ip 10.0.0.0 0.0.0.255 anyip nat inside source list WWW-HOST-NAT interface GigabitEthernet0/0/1 overloadinterface GigabitEthernet0/0/0 ip nat outsideinterface GigabitEthernet0/0/1 ip nat inside

Question 56 of 103

57.

You need to configure you network switch to use the router as the NTP server.
Which configuration must be done in the switch to accomplish this task? Follow the information needed:
NTP server IP: 192.168.0.1
key: cisco

ntp authentication-key 1 md5 ciscontp authenticatentp server 192.168.0.1 key 1

ntp authentication-key 1 md5 ciscontp authenticatentp server 192.168.0.1

ntp authentication-key 1 md5 ciscontp master 192.168.0.1 key 1

ntp authentication-key 1 md5 ciscontp server 192.168.0.1

ntp authentication-key ciscontp authenticatentp server 192.168.0.1 key 1

Question 57 of 103

58.

You need to configure a NTP server for your internal network with MD5 authentication using the password cisco.
Which configuration must be done on the NTP server to accomplish this task?

ntp authentication-key 1 md5 ciscontp authenticatentp trusted-key 1ntp master 5

ntp authentication-key ciscontp trusted-key 1ntp master 5

ntp authentication-key 1 md5 ciscontp authenticatentp trusted-key 1

ntp authentication-key md5 ciscontp authenticatentp master 5

ntp authentication-key 1 md5 ciscontp trusted-key 1ntp master 5

Question 58 of 103

59.

Drag the syslog ID on the left to the proper syslog level on the right.

1	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect
2	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect
3	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect
4	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect
5	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect
6	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect
7	debugging Unselect errors Unselect warnings Unselect critical Unselect notification Unselect alerts Unselect informational Unselect

Question 59 of 103

60.

Which of the following configuration should be used to send syslog messages to the syslog server 192.168.0.10, limiting the messages to warning and higher?

SW01(config)#logging 12.168.0.10SW01(config)#logging trap 4

SW01(config)#logging 192.168.0.10SW01(config)#logging trap 4

SW01(config)#logging 192.168.0.10SW01(config)#logging trap 5

SW01(config)#logging 192.168.0.10SW01(config)#logging trap 3

SW01(config)#logging 192.168.0.10 trap 5

Question 60 of 103

61.

You already configure the syslog server to receive logs from your network devices.
Now, you need to limit the number of messages per second to 10. Make sure this will not affect the messages from level 3 or higher.

SW01(config)#logging rate-limit 10 except 3

SW01(config)#logging limit 10 except 3

SW01(config)#logging limit 10 except errors

SW01(config)#logging trap 5 limit 10 except 3

SW01(config)#logging trap 5 10 3

Question 61 of 103

62.

You configure HSRP per the topology below. After the implementation, you notice the following message:

%HSRP-4-DIFFVIP1: GigabitEthernet0/0 Grp 1 active routers virtual IP address 192.168.200.1 is different to the locally configured address 192.168.200.254What can be the cause of this issue? hsrp1

The same IP address was used on both sides (R1/R2 and R3/R4)

The same priority was used on both sides (R1/R2 and R3/R4)

There is a loop on the network between the switches

The same standby group was used on both sides (R1/R2 and R3/R4)

There is no error on the log

Question 62 of 103

63.

You need to implement HSRP as per the following topology.
When the primary router fails, the secondary needs to be activated. Once the primary becomes online again, it needs to be the active again.
Which of the presented script can be used to accomplish the task?

R1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 preemptR2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90 standby 1 preemptR3:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254 standby 254 preemptR4:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254 standby 254 prio 90 standby 254 preempt

R1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 100 standby 1 preemptR2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90 standby 1 preemptR3:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 100 standby 1 preemptR4:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 90 standby 1 preempt

R1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 100R2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90R3:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 100R4:interface GigabitEthernet0/0 standby 1 ip 192.168.200.254 standby 1 prio 90

R1:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1R2:interface GigabitEthernet0/0 standby 1 ip 192.168.200.1 standby 1 prio 90R3:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254R4:interface GigabitEthernet0/0 standby 254 ip 192.168.200.254 standby 254 prio 90

Question 63 of 103

64.

What is the main purpose of using FHRP?

Provides a secure communication between the routers.

Provides the first hop redundancy using a virtual IP address, which can be shared between 2 or more routers.

Provides an equal cost load balance through a virtual IP address.

Provides IP address dinamically to the hosts of a network.

Question 64 of 103

65.

Which of the following access-list should be used to deny the following specific inbound traffic in the interface Gi0/0?
SOURCE: 192.168.0.10
DESTINATION: 200.200.200.200
PROTOCOL: IP

ip access-list extended block-specific deny ip host 192.168.0.10 host 200.200.200.200 permit ip any anyinterface GigabitEthernet0/0 ip access-group block-specific in

ip access-list extended block-specific deny ip host 192.168.0.10 host 200.200.200.200interface GigabitEthernet0/0 ip access-group block-specific in

ip access-list extended block-specific deny ip 192.168.0.10 255.255.255.255 200.200.200.200 255.255.255.255 permit ip any anyinterface GigabitEthernet0/0 ip access-group block-specific in

ip access-list extended block-specific deny tcp host 192.168.0.10 host 200.200.200.200interface GigabitEthernet0/0 ip access-group block-specific in

ip access-list extended block-specific permit tcp host 192.168.0.10 host 200.200.200.200interface GigabitEthernet0/0 ip access-group block-specific in

Question 65 of 103

66.

You need to create an access-list where:
- SSH traffic with destination 192.168.10.10 must be blocked just from subnet 192.168.0.0/24;
- NTP traffic with destination 1.2.3.4 must be allowed just from subnet 192.168.0.0/24;
- All the remaining traffic must be allowed.

Which of the following access-list should be used?

ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit udp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123 permit ip any any

ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit udp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 permit ip any any

ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit udp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123

ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit tcp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123 permit ip any any

ip access-list extended acl deny tcp 192.168.0.0 0.0.0.255 host 192.168.10.10 eq 22 permit tcp 192.168.0.0 0.0.0.255 host 1.2.3.4 eq 123 deny udp any host 1.2.3.4 eq 123

Question 66 of 103

67.

Drag the prefix on the right to the respective wildcard on the right.

192.168.5.16/28	0.0.15.255 Unselect 0.0.1.255 Unselect 0.0.0.15 Unselect 0.0.0.63 Unselect 0.0.7.255 Unselect
200.201.240.0/20	0.0.15.255 Unselect 0.0.1.255 Unselect 0.0.0.15 Unselect 0.0.0.63 Unselect 0.0.7.255 Unselect
210.255.128.0/21	0.0.15.255 Unselect 0.0.1.255 Unselect 0.0.0.15 Unselect 0.0.0.63 Unselect 0.0.7.255 Unselect
10.165.54.0/23	0.0.15.255 Unselect 0.0.1.255 Unselect 0.0.0.15 Unselect 0.0.0.63 Unselect 0.0.7.255 Unselect
10.125.24.0/26	0.0.15.255 Unselect 0.0.1.255 Unselect 0.0.0.15 Unselect 0.0.0.63 Unselect 0.0.7.255 Unselect

Question 67 of 103

68.

You need to configure a router for AAA authentication using TACACS+ and local authentication as a fallback. Which of the following script can be used?

aaa new-modeltacacs-server host 10.1.2.10 key ciscoaaa authentication login default group tacacs+ localaaa authorization exec default group tacacs+ local

tacacs-server host 10.1.2.10aaa authentication login default group tacacs+ localaaa authorization exec default group tacacs+ local

aaa new-modeltacacs-server host 10.1.2.10 key ciscoaaa authentication login default tacacs+ localaaa authorization exec default tacacs+ local

tacacs-server host 10.1.2.10 key ciscoaaa authentication login group tacacs+ localaaa authorization exec group tacacs+ local

Question 68 of 103

69. Which of the following are characteristics of the TACACS+ protocol?

Uses TCP port 49

Uses UDP port 1812 and/or 1645

Encrypts the entire payload of each packet

Encrypts only passwords

It´s an open standard

No command logging

Full command logging

Question 69 of 103

70.

Which of the following are characteristics of the RADIUS protocol?

Uses TCP port 49

Uses UDP port 1812 and/or 1645

Encrypts the entire payload of each packet

Encrypts only passwords

It´s an open standard

No command logging

Full command logging

Question 70 of 103

71.

Drag the attack type on the left to the correct definition on the right.

IP Address Spoofing Attack	It is an application or device that can read, monitor, and capture network data exchanges and read network packets. Unselect This attack occurs when threat actors have positioned themselves between a source and destination. Unselect A threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet. Unselect If threat actors discover a valid user account, the threat actors have the same rights as the real user. Unselect Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Unselect
Password-Based Attacks	It is an application or device that can read, monitor, and capture network data exchanges and read network packets. Unselect This attack occurs when threat actors have positioned themselves between a source and destination. Unselect A threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet. Unselect If threat actors discover a valid user account, the threat actors have the same rights as the real user. Unselect Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Unselect
Denial of Service Attack	It is an application or device that can read, monitor, and capture network data exchanges and read network packets. Unselect This attack occurs when threat actors have positioned themselves between a source and destination. Unselect A threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet. Unselect If threat actors discover a valid user account, the threat actors have the same rights as the real user. Unselect Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Unselect
Man-in-the-Middle Attack	It is an application or device that can read, monitor, and capture network data exchanges and read network packets. Unselect This attack occurs when threat actors have positioned themselves between a source and destination. Unselect A threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet. Unselect If threat actors discover a valid user account, the threat actors have the same rights as the real user. Unselect Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Unselect
Sniffer Attack	It is an application or device that can read, monitor, and capture network data exchanges and read network packets. Unselect This attack occurs when threat actors have positioned themselves between a source and destination. Unselect A threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet. Unselect If threat actors discover a valid user account, the threat actors have the same rights as the real user. Unselect Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Unselect

Question 71 of 103

72.

Which of the following definition is related to Ransomware?

It can display unsolicited advertising using pop-up web browser windows, new toolbars, or unexpectedly redirect a webpage to a different website.

Typically denies a user access to their files by encrypting the files

They are used by threat actors to gain administrator account-level access to a computer.

Similar to adware, but used to gather information about the user and send to threat actors without the user’s consent.

self-replicating program that propagates automatically without user actions by exploiting vulnerabilities in legitimate software.

Question 72 of 103

73.

Which of the following definition is related to Rootkit?

It can display unsolicited advertising using pop-up web browser windows, new toolbars, or unexpectedly redirect a webpage to a different website.

Typically denies a user access to their files by encrypting the files

They are used by threat actors to gain administrator account-level access to a computer.

Similar to adware, but used to gather information about the user and send to threat actors without the user’s consent.

self-replicating program that propagates automatically without user actions by exploiting vulnerabilities in legitimate software.

Question 73 of 103

74.

Which of the following script can be used to configure SSHv2 as authentication protocol?

ip domain name cisco.comcrypto key generate rsa modulus 2048ip ssh version 2

ip domain name cisco.comip ssh version 2

crypto key generate rsa 2048ip ssh version 2

ip domain name cisco.comcrypto key generate rsa 2048ip ssh version 2

ip domain name cisco.comcrypto key generate modulus 2048ip ssh version 2

ip domain name cisco.comcrypto key rsa modulus 2048ip ssh version 2

Question 74 of 103

75.

Which type of hacker attempt to discover exploits and report them to vendors, sometimes for prizes or rewards?

Script Kiddies

Vulnerability Broker

Hacktivists

Cyber criminals

State-Sponsored

Question 75 of 103

76.

Which switch feature can be used to protect the network against man-in-the-middle attacks?

Dynamic ARP Inspection

access-list

DHCP

IDS

WSA

Question 76 of 103

77. You need to activate DAI in the VLAN 10 per the following definitions:
Ports 1 to 40 - Untrusted
Ports 41 to 48 - Trusted

Which script can be used?

SW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/41-48SW1(config-if)# ip arp inspection trust

SW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/1-40SW1(config-if)# ip arp inspection untrust

SW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/1-40SW1(config-if)# ip arp inspection untrustSW1(config-if)# interface range Gi1/0/41-48SW1(config-if)# ip arp inspection trust

SW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/1-40SW1(config-if)# no ip arp inspection trust

SW1(config)# ip arp inspection vlan 10SW1(config)# interface range Gi1/0/41-48SW1(config-if)# no ip arp inspection trust

Question 77 of 103

78.

Which type of IPv6 address are allocated from the unicast address space to be assigned to a set of interfaces that typically belong to different nodes?

Unicast

Broadcast

Anycast

Multicast

Global Unicast

Question 78 of 103

79.

Which of the following are multicast addresses?

232.1.2.3

FF02::1

FE80::1

240.3.2.1

2001::1

2002::2

Question 79 of 103

80.

Which statement provides the correct value used by the host to assign itself an EUI-64 address from it´s MAC address?

0xFFFE

0xFE80

0xFF00

0xFFFF

0xFF80

Question 80 of 103

81.

Which of the following statements are needed to assign a EUI-64 IPv6 address to an interface using a specific prefix?

RTR1(config)#ipv6 unicast-routing

RTR1(config-if)#ipv6 address 2001:abc:1234:2::32/64 eui-64

RTR1(config-if)#ipv6 address 2001:abc:1234:2::32 eui-64

RTR1(config)#ipv6 routing

RTR1(config-if)#ipv6 address autoconfig eui-64

Question 81 of 103

82.

After you create the NAT entry to use the cloud proxy internally in your network, you need to evolve this architecture changing the IP based proxy to a DNS name-based implementation.
As you don´t have any DNS server locally (since this is a small office), you need to configure DNS service on the router and create an entry for the proxy server.
The name will be proxy.secureit.net and the IP address is 192.168.100.100.
As per the corporate policy, no public access is allowed directly from hosts, just through the proxy. So, make sure public hosts will not be translated.
Which configuration must be used to accomplish this task?

R1(config)# ip dns serverR1(config)# ip domain-lookupR1(config)# ip name-server 8.8.8.8 1.1.1.1R1(config)# ip host proxy.secureit.net 192.168.100.100

R1(config)# ip name-server 8.8.8.8 1.1.1.1R1(config)# ip host proxy.secureit.net 192.168.100.100

R1(config)# ip domain-lookupR1(config)# ip name-server 8.8.8.8 1.1.1.1R1(config)# ip host proxy.secureit.net 192.168.100.100

R1(config)# ip domain-lookupR1(config)# ip host proxy.secureit.net 192.168.100.100

R1(config)# ip dns serverR1(config)# ip host proxy.secureit.net 192.168.100.100

Question 82 of 103

83.

Everytime you misspell a command, the router tries to translate it. Since you are not using DNS on the router, you want to disable it.
Which command can be used in a Cisco router to avoid the router from DNS translations?

no ip domain-lookup

no ip dns server

no ip name-server

no ip dns client

no dns client

Question 83 of 103

84.

What is the definition of LLQ and what is the command to configure it?

Low Latency Queuing (LLQ) provides strict priority queueing for CBWFQ, reducing jitter in voice conversations.

Low Latency Queuing (LLQ) allows you to control the maximum rate of traffic transmitted or received on an interface.

Low Latency Queuing (LLQ) can selectively discard lower priority traffic when the interface begins to get congested and provide differentiated performance characteristics for different classes of service.

Router(config-pmap-c)# priority 50

Router(config-pmap-c)# shape average 384000 15440

Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action drop

Router(config-pmap-c)# random-detect dscp-based

Question 84 of 103

85.

Which of the following statements is the term used to indicate the difference in the end-to-end delay between packets?

delay

latency

jitter

loss

priority

Question 85 of 103

86.

You need to implement a QoS policy in your network.
The first task is to define the QoS classes.
Which of the following definitions would be the recommended?

Voice - EFCall-signalling - CS3Interactive Video - AF41Critical Data - AF31Bulk Data - AF11Network Management - CS2

Call-signalling - EFVoice - AF41Interactive Video - AF31Critical Data - AF21Bulk Data - AF11Network Management - CS2

Voice - CS1Call-signalling - CS3Interactive Video - AF31Critical Data - AF21Bulk Data - AF11Network Management - CS2

Voice - AF41Call-signalling - AF31Interactive Video - CS4Critical Data - CS3Bulk Data - CS2Network Management - CS1

Voice - AF41Call-signalling - AF31Interactive Video - AF21Critical Data - AF11Bulk Data - CS1Network Management - CS2

Question 86 of 103

87. Regarding QoS Conditionally-Trusted Endpoint. Which protocol is used to identify a Cisco phone connected to the switch, trusting it´s QoS markings?

COS

CDP

QoS

AutoQoS

LDP

Question 87 of 103

88.

You already configure voice and access VLAN to all users ports on a switch. Which of the following commands are necessary to enable port security and limit the number of mac addresses per port to 1 on each voice and access vlan?
Make sure the ports will not disable when a violation occurs. Just drop the unknown source address packets and generates a SNMP trap to the syslog.

SW01(config-if)#switchport port-security

SW01(config-if)#switchport port-security maximum 1 vlan access

SW01(config-if)#switchport port-security maximum 1 vlan voice

SW01(config-if)#switchport port-security maximum 1

SW01(config-if)# switchport port-security violation restrict

SW01(config-if)# switchport port-security violation shutdown

SW01(config-if)# switchport port-security violation protect

Question 88 of 103

89.

Drag each WLAN Standard on the left, to it´s description on the right.

802.11	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect
802.11a	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect
802.11b	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect
802.11g	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect
802.11n	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect
802.11ac	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect
802.11ax	Data rates ranging from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) Unselect Provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Unselect Speeds of up to 54 Mbps, small coverage area and not interoperable with 802.11b and 802.11g Unselect Speeds of up to 2 Mbps Unselect Speeds of up to 11 Mbps and it´s better able to penetrate building structures Unselect Speeds of up to 54 Mbps and backward compatible with 802.11b with reduced bandwidth capacity Unselect Released in 2019. Also known as High-Efficiency Wireless (HEW). Handles many connected devices Unselect

Question 89 of 103

90.

Which of the following WLAN authentication method uses the Advanced Encryption Standard (AES) for encryption?

WEP

WPA

WPA2

WPA3

WPA4

Question 90 of 103

91. Which of the following are WLAN authentication methods?

WEP

WPA

WPA2

WPA3

WPA4

Question 91 of 103

92.

Which ports are used by CAPWAP to stablish the control message tunnel and the data tunnel, respectively?

UDP/5246 and UDP/5247

UDP/1646 and UDP/1647

TCP/5246 and TCP/5247

TCP/1646 and TCP/1647

UDP/1812 and UDP/1813

Question 92 of 103

93.

On which type of wireless deployment access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost?

FlexConnect

CAPWAP

LWAPP

Autonomous

BSS

Question 93 of 103

94.

In a controller-based network architecture, the controller needs to communicate to the networking devices.
What is the name of the interface between the controller and those devices?

Southbound Interface

Northbound Interface

Control Plane

Data Plane

Management Plane

Question 94 of 103

95.

The SDN solution architecture has three layers. Which of the following protocols run in the Control Plane layer?

OSPF

BGP

SSH

Telnet

Question 95 of 103

96.

Which Cisco DNA solution enables network access in minutes for any user or device to any application without compromising security?

ACI

SD-Access

SD-WAN

Cisco DNA Assurance

Cisco DNA Security

Question 96 of 103

97.

Your company want to reduce costs by replacing current MPLS solution by internet links using VPN to connect the locations.
Since you have 9 locations which must connect each other, which of the following is the best solution in this case?
All the locations have Cisco routers and they will not be replaced at this time.

DMVPN

SSL VPN

FlexVPN

VPN Site-to-Site

Remote Access VPN

Question 97 of 103

98.

Which of the following is a VPN type with which, users can access the private networks over internet remotely?

Remote Access VPN

Site to Site VPN

DMVPN

FlexVPN

Question 98 of 103

99.

Which command configures the router to act as a Relay Agent for DHCP?

ip helper-address 192.168.1.10

ip dhcp forward 192.168.1.10

ip dhcp proxy agent 192.168.1.10

ip dhcp-proxy 192.168.1.10

Question 99 of 103

100.

Which of the following option can be used to create the following DHCP scope:

IP pool range: 10.10.1.20 - 10.10.1.200Default Gateway: 10.10.1.1Mask: 255.255.255.0TFTP Server: 192.168.10.10DNS: 10.10.10.10 10.10.10.11

Router(config)#ip dhcp excluded-address 10.10.1.1 10.10.1.19Router(config)#ip dhcp excluded-address 10.10.1.201 10.10.1.254Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-router 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 150 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0

Router(config)#ip dhcp excluded-address 10.10.1.1 10.10.1.20Router(config)#ip dhcp excluded-address 10.10.1.200 10.10.1.254Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-gateway 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 53 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0

Router(config)#ip dhcp excluded-address 10.10.1.20 10.10.1.200Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-router 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 69 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0

Router(config)#ip dhcp excluded-address 10.10.1.1 10.10.1.20Router(config)#ip dhcp excluded-address 10.10.1.200 10.10.1.254Router(config)#ip dhcp pool POOLRouter(dhcp-config)#default-gateway 10.10.1.1Router(dhcp-config)#dns-server 10.10.10.10 10.10.10.11Router(dhcp-config)#option 69 ip 192.168.10.10Router(dhcp-config)#network 10.10.1.0 255.255.255.0

Question 100 of 103

101. Considering the following script:

json

Which data format was used to write the code above?

JSON

XML

YAML

HTML

Question 101 of 103

102.

Which of the following agentless automation tool uses SSH to connect to the network devices?

Ansible

Puppet

Chef

APIC

ACI

Question 102 of 103

103.

Which automation tool uses only a server-client architecture based in a pull deployment model, where the clients check regularly on the server if anything needs to be updated?

Puppet

Chef

Ansible

APIC

YAML

XML

Question 103 of 103

The left are IPv6 prefixes, while the right are the IPv6 prefix types. Click on the right item which matches the left. Click again to deselect.

You have the following topology in your network and a Frame Flooding attack just ended.Just after the attack you connect a new host on the network (host C) and start sending traffic to host A, what happens and what you can do to prevent your environment from this to happening again?

Three new switches were just installed and the host A cannot ping host C. Which statements are true regarding the configuration below?

Refer to the command output below:

Regarding the following architecture, which statements are true?

Which of the following are examples of WAN multi-access networks? Choose all that apply.

Regarding WAN architecture, which of the following are examples of point-to-point connection? Choose all that apply.

Considering the THREE TIER network architecture model, which of the following statements are true regarding the DISTRIBUTION Layer?

Considering the THREE TIER network architecture model, which of the following statements are true regarding the CORE Layer?

Click on the correct descriptions of the Cloud Service types. Click again to unselect.

Select all statements which represents IAAS solutions provided by Cisco?

Select all statements which represents SaaS solutions.

Regarding the following topology, which statement is TRUE?

Regarding the following topology, which statement is TRUE?

Refer to the following config output and select the correct statement.

Refer to the following 'show lldp neighbor detail' output.

Click on the supported speed which match the types of SFPs.

Click the 'show interfaces' field to its description. Right side is clickable.

Refer to the command outputs below and select all the correct statements.

You are the network analyst of FloodIT company and you need to restrict the management access to the RTR01 router, where just the IP 192.168.10.100 will be able to access it through SSH. No other host or protocol should be allowed. Which commands should be used to accomplish this task?

Considering the PAgP protocol, which statements are true?

Considering the LACP protocol, which statements are true?

You need to configure the switch SW01 to stablish a trunk connection to the SW02.On this configuration, SW01 must communicate through all the VLANs with SW02.All the untagged traffic must be tagged as VLAN 100.Which script you should use to accomplish this task?

Refer to the 'show interface Gi1/0/1 switchport' output command below.

Which protocol should be used to configure a trunk interface between some Cisco switch and a Cisco router?

Refer to the 'show interface Gi1/0/23 switchport' command output.

Considering the following command output, select all the correct statements.

Click to match the interface speed to the proper default STP port cost value.

When a switch comes up, there is a sequence of STP port states used by STP to prevent loops. Put the following port states in order as per the definition.

TCP and UDP protocols are part of which OSI Model layer?

What are the standard ports used by SSH and HTTP protocols, respectively?

Select the characteristics of TCP protocol. Choose all that apply.

Which of the following are IP address networks reserved for private address as per RFC 1918?

Which CIDR better fits the summarization of the prefixes 200.1.32.0/24, 200.1.33.0/24, 200.1.34.0/24 and 200.1.35.0/24?

Which of the following are usable IP addresses?

What is the correct subnet mask for the prefix 192.168.123.0/27

What is the correct wildcard mask for the prefix 200.116.222.0/29

Which command should be used to add a route to the subnet 10.0.0.0/25 using 192.168.1.1 as a gateway on IOS?

What is the correct order in the route selection process?

On the table below, which Next Hop will be used to reach 192.168.1.10?

On the table below, which Next Hop will be used to reach 192.168.1.10?

<img class="alignnone size-full wp-image-830" src="https://h65xul.co.uk/wp-content/uploads/2021/05/tableroutes2.png" alt="tableroutes2" width="508" height="129" title="Free CCNA Practice Test - Exam Walkthrough 21">

On the following routing table, which will be the next hop to the destination address 192.168.32.1?

The adjacency building process takes effect after multiple stages have been fulfilled. Drag the OSPF transitional stages in the correct order.

Which interface level command should be used to configure it on OSPF area 10?

Refer to the following show output.

Refer to the show ip route outputs below.

Click the OSPF LSA Types which match the proper description on the right. Right side is clickable.

Click the OSPF area types to match the restriction. Right side is clickable.

Regarding the output below, which commands should be used to redistribute routes between OSPF and EIGRP? RTR4 must receive the default route either.

Regarding the following command output, which statements are true?

Which statements are true regarding the following command line?Router(config)# ip nat inside source static 10.1.1.2 200.1.1.2

An internal host cannot reach the 200.201.202.203 server on the internet.You were asked to fix this. Which commands you need to issue on RTR01 to accomplish this?BTW, the host already reaches RTR1, so don´t need to worry about routing issues. You need to allow the communication to any tcp port.

Which command can be used to allow internal IP addresses from the corporate network 10.0.0.0/24 to access any public IP, using the interface Gi0/0/0 as translated source?

You need to configure you network switch to use the router as the NTP server.Which configuration must be done in the switch to accomplish this task? Follow the information needed:NTP server IP: 192.168.0.1key: cisco

You need to configure a NTP server for your internal network with MD5 authentication using the password cisco.Which configuration must be done on the NTP server to accomplish this task?

Drag the syslog ID on the left to the proper syslog level on the right.

Which of the following configuration should be used to send syslog messages to the syslog server 192.168.0.10, limiting the messages to warning and higher?

You already configure the syslog server to receive logs from your network devices.Now, you need to limit the number of messages per second to 10. Make sure this will not affect the messages from level 3 or higher.

You configure HSRP per the topology below. After the implementation, you notice the following message:

You need to implement HSRP as per the following topology.When the primary router fails, the secondary needs to be activated. Once the primary becomes online again, it needs to be the active again.Which of the presented script can be used to accomplish the task?

What is the main purpose of using FHRP?

Which of the following access-list should be used to deny the following specific inbound traffic in the interface Gi0/0?SOURCE: 192.168.0.10DESTINATION: 200.200.200.200PROTOCOL: IP

You need to create an access-list where:- SSH traffic with destination 192.168.10.10 must be blocked just from subnet 192.168.0.0/24;- NTP traffic with destination 1.2.3.4 must be allowed just from subnet 192.168.0.0/24;- All the remaining traffic must be allowed.

Which of the following access-list should be used?

Drag the prefix on the right to the respective wildcard on the right.

You need to configure a router for AAA authentication using TACACS+ and local authentication as a fallback. Which of the following script can be used?

Which of the following are characteristics of the RADIUS protocol?

Drag the attack type on the left to the correct definition on the right.

Which of the following definition is related to Ransomware?

Which of the following definition is related to Rootkit?

Which of the following script can be used to configure SSHv2 as authentication protocol?

Which type of hacker attempt to discover exploits and report them to vendors, sometimes for prizes or rewards?

Which switch feature can be used to protect the network against man-in-the-middle attacks?

Which type of IPv6 address are allocated from the unicast address space to be assigned to a set of interfaces that typically belong to different nodes?

Which of the following are multicast addresses?

Which statement provides the correct value used by the host to assign itself an EUI-64 address from it´s MAC address?

Which of the following statements are needed to assign a EUI-64 IPv6 address to an interface using a specific prefix?

Everytime you misspell a command, the router tries to translate it. Since you are not using DNS on the router, you want to disable it.Which command can be used in a Cisco router to avoid the router from DNS translations?

What is the definition of LLQ and what is the command to configure it?

You have the following topology in your network and a Frame Flooding attack just ended.
Just after the attack you connect a new host on the network (host C) and start sending traffic to host A, what happens and what you can do to prevent your environment from this to happening again?

You need to configure the switch SW01 to stablish a trunk connection to the SW02.
On this configuration, SW01 must communicate through all the VLANs with SW02.
All the untagged traffic must be tagged as VLAN 100.
Which script you should use to accomplish this task?

The adjacency building process takes effect after multiple stages have been fulfilled.
Drag the OSPF transitional stages in the correct order.

Which statements are true regarding the following command line?
Router(config)# ip nat inside source static 10.1.1.2 200.1.1.2

An internal host cannot reach the 200.201.202.203 server on the internet.
You were asked to fix this. Which commands you need to issue on RTR01 to accomplish this?
BTW, the host already reaches RTR1, so don´t need to worry about routing issues. You need to allow the communication to any tcp port.

You need to configure you network switch to use the router as the NTP server.
Which configuration must be done in the switch to accomplish this task? Follow the information needed:
NTP server IP: 192.168.0.1
key: cisco

You need to configure a NTP server for your internal network with MD5 authentication using the password cisco.
Which configuration must be done on the NTP server to accomplish this task?

You already configure the syslog server to receive logs from your network devices.
Now, you need to limit the number of messages per second to 10. Make sure this will not affect the messages from level 3 or higher.

You need to implement HSRP as per the following topology.
When the primary router fails, the secondary needs to be activated. Once the primary becomes online again, it needs to be the active again.
Which of the presented script can be used to accomplish the task?

Which of the following access-list should be used to deny the following specific inbound traffic in the interface Gi0/0?
SOURCE: 192.168.0.10
DESTINATION: 200.200.200.200
PROTOCOL: IP

You need to create an access-list where:
- SSH traffic with destination 192.168.10.10 must be blocked just from subnet 192.168.0.0/24;
- NTP traffic with destination 1.2.3.4 must be allowed just from subnet 192.168.0.0/24;
- All the remaining traffic must be allowed.

Everytime you misspell a command, the router tries to translate it. Since you are not using DNS on the router, you want to disable it.
Which command can be used in a Cisco router to avoid the router from DNS translations?

You need to implement a QoS policy in your network.
The first task is to define the QoS classes.
Which of the following definitions would be the recommended?

In a controller-based network architecture, the controller needs to communicate to the networking devices.
What is the name of the interface between the controller and those devices?