Part 10

CCNA – New Questions Part 10
Question 1: Refer to the exhibit.
An engineer is asked to configure router R1 so that it forms an OSPF single-area neighbor relationship with R2.
Which command sequence must be implemented to configure the router?
A. router
ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.2.0 0.0.0.255 area 0
B. router
ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.1.0 0.0.0.255 area 0
C. router
ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.2.0 255.255.255.0 area 0
D. routerospf 10
network 10.0.0.0 0.0.0.252 area 0
network 10.0.1.0 0.0.0.255 area 0
Answer: B
Question 2: Drag and drop the HTTP methods used with REST-Based APIs from the left onto the descriptions
on the right.
Answer:
+ creates a resource and returns to URI in the response header: POST
+ creates or replaces a previously modified resource using information in the request body: PUT
+ removes a resource: DELETE
+ retrieves a list of a resource’s URIs: GET
+ updates a resource using instructions included in the
request body: PATCH
Question 3: What is the collapsed layer in collapsed core architectures?
A. core and WAN
B. access and WAN
C. distribution and access
D. core and distribution
Answer: D
Question 4: What is the MAC address used with VRRP as a virtual address?
A. 00-00-0C-07-AD-89
B. 00-00-5E-00-01-0a
C. 00-07-C0-70-AB-01
D. 00-C6-41-93-90-91
Answer: B
Question 5: Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
Answer:
Global unicast:
2001:db8:600d:cafe::123
Link-Local unicast:
fe80:a00:27ff:feeb:8eaa
Multicast: ff05::1:3
Unique Local:
fcba:926a:e8e:7a25:b1:c6d2:1a76:8fdc
All routers in the network are configured. R2 must be the DR. After the engineer connected the devices, R1
was elected as the DR. Which command sequence must be configure on R2 to be elected as the DR in the
network?
A. R2(config)#interface gi0/0
R2(config-if)#ip ospf priority 1
B. R2(config)#interface gi0/0
R2(config-if)#ip ospf priority 100
C. R2(config)#router ospf 1
R2(config-router)#router-id 10.100.100.100
D. R2(config)#router ospf 1
R2(config-router)#router-id 192.168.2.7
Answr:B
Question 7: Which set of 2.4 GHz nonoverlapping wireless channels is standard in the United States?
A. channels 2, 7, 9, and 11
B. channels 1, 6, 11, and 14
C. channels 2, 7, and 11
D. channels 1, 6, and 11
Answer: D
Question 8: Which command entered on a switch configured with Rapid-PVST+ listens and learns for a specific
time period?
A. switch(config)#spanning-tree vlan 1 max-age 6
B. switch(config)#spanning-tree vlan 1 hello-time 10
C. switch(config)#spanning-tree vlan 1 priority 4096

D. switch(config)#spanning-tree vlan 1 forward-time 20
Answer: D
Question 9: Drag and drop the Wi-Fi terms from the left onto the descriptions on the right.
Answer:
+ Wi-Fi option based around one or more access points: distribution system
+ Wi-Fi option in which cells from different access points are linked together: extended service set
+ alphanumeric text string that identifies a wireless network: SSID
+ Wi-Fi option that enables two or more clients to communicate directly without a central access point:
independent basic service set
+ entire wireless cell of an access point and the linkage to the wired
network: infrastructure mode
interface g2/0/0
channel-group 1
mode active
interface g4/0/0
channel-group 1
mode active
interface Port-
channel1
ip address 203.0.113.65 255.255.255.252
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to

down
An engineer is configuring a Layer 3 port-channel interface with LACP. The configuration on the first device is
complete, and it is verified that both interfaces have registered the neighbor device in the CDP table. Which task
on the neighbor device enables the new port channel to come up without negotiating the channel?
A. Bring up the neighboring interfaces using the no shutdown command.
B. Change the EtherChannel mode on the neighboring interfaces to auto
C. Modify the static EtherChannel configuration of the device to passive mode
D. Configure the IP address of the neighboring device
Answer: C
What is the next hop for traffic entering R1 with a destination of 10.1.2.126?
A. 10.165.20.126
B. 10.165.20.146
C. 10.165.20.166
D. 10.165.20.226
Answer: C
A network engineer must configure R1 so that it sends all packets destined to the 10.0.0.0/24 network to R3,
and all packets destined to PC1 to R2. Which configuration must the engineer implement?
A. R1(config)#ip route 10.0.0.0 255.255.0.0 172.16.0.2
R1(config)#ip route 10.0.0.5 255.255.255.255 192.168.0.2
B. R1(config)#ip route 10.0.0.0 255.255.255.0 172.16.0.2
R1(config)#ip route 10.0.0.5 255.255.255.255 192.168.0.2
C. R1(config)#iproute 10.0.0.0 255.255.0.0 192.168.0.2
R1(config)#ip route 10.0.0.0 255.255.255.0 172.16.0.2
D. R1(config)#iproute 10.0.0.0 255.255.255.0 192.168.0.2
R1(config)#ip route 10.0.0.5 255.255.255.255 172.16.0.2
Answe: D
Question 13: Drag and drop the facts about wireless architectures from the left onto the types of access point on
the right. Not all options are used.
Answer:
Autonomous Access Point
+ acccessible for management via Tenet SSH, or a Web GUI
+ requires a management IP address
Lightweight Access Point
+ configured and managed by a WLC
+ supports different
operational modes
Question 14: Drag and drop the functions of SNMP fault-management from the left onto the definitions on the
right.
Answer:
+ The network management system launches a preconfigured script to restore functionality: restoration of
service
+ The administrator can manually intervene at the source of the fault: problem resolution
+ The system identifies performance degradation or service interruption: fault detection
+ The system groups alarms from related issues: event correlation and aggregation
+ The system reports on the source of the issue: fault diagnosis and isolation
Question 15: What is the purpose of the Cisco DNA Center controller?
A. to securely manage and deploy network devices
B. to scan a network and generate a layer 2 network diagram
C. to provide Layer 3 services to autonomous access points
D. to secure physical access to a data center
Answe: A
An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence
must be configured?
A. interfacegigabitethernet0/0
ip address 10.0.1.1 255.255.255.224
ip ospf priority 98
B. interfacegigabitethernet0/0
ip address 10.0.1.1
255.255.255.0 ip ospf
priority 255
C. interfacegigabitethernet0/0
ip address 10.0.0.34 255.255.255.248
ip ospf priority 0
D. interfacegigabitethernet0/0
ip address 10.0.0.34 255.255.255.224
ip ospf priority 100
Answer: D
R1 has just received a packet from host A that is destined to host B. Which route in the routing table is used by
R1 to reach host B?
A. 10.10.13.0/25[1/0]via 10.10.10.2
B. 10.10.13.0/25[110/2] via 10.10.10.6
C. 10.10.13.0/25[110/2] via 10.10.10.2
D. 10.10.13.0/25[108/0] via 10.10.10.10
Answer: D
The given Windows PC is requesting the IP address of the host at www.cisco.com. To which IP address is the
request sent?
A. 192.168.1.226
B. 192.168.1.253
C. 192.168.1.100
D. 192.168.1.254
Answer: B
Question 19: What is a feature of TFTP?
A. provides secure data transfer
B. relies on the well-known TCP port 20 to transmit data
C. uses two separate connections for control and data traffic
D. offers anonymous user login ability
Answer: D
Question 20: Which access point mode relies on a centralized controller tor management, roaming, and SSID
configuration?
A. repeatermode
B. bridge mode
C. lightweight mode
D. autonomous mode
Answer: C
Question 21: Which command creates a static NAT binding for a PC address of 10.1.1.1 to the public routable
address 209.165.200.225 assigned to the PC?
A. R1(config)#ip nat outside source static 209.165.200.225 10.1.1.1
B. R1(config)#ip nat inside source static 209.165.200.225 10.1.1.1
C. R1(config)#ip nat outside source static 10.1.1.1 209.165.200.225
D. R1(config)#ip nat inside source static 10.1.1.1 209.165.200.225
Answer: D
RIP 10.1.1.16/28[120/5] via F0/0 OSPF 10.1.1.0/24[110/30] via F0/1 OSPF
10.1.1.0/24[110/40] via F0/2 EIGRP 10.1.0.0/26[90/20] via F0/3 EIGRP 10.0.0.0/8[90/133]
via F0/4
Packets received by the router from BGP enter via a serial interface at 209.165.201.1. Each route is present
within the routing table. Which interface is used to forward traffic with a destination IP of 10.1.1.19?
A. F0/0
B. F0/1
C. F0/3
D. F0/4
Answer: A
Question 23: Which two REST API status-code classes represent errors? (Choose two)
A. 1XX
B. 2XX
C. 3XX
D. 4XX
E. 5XX
Answer: D E
Question 24: An engineer has configured the domain name, user name, and password on the local router. What is
the next step to complete the configuration for a Secure Shell access RSA key?
A. crypto key generate rsa
B. crypto key pubkey-chain rsa
C. crypto key import rsa pem
D. crypto key zeroize rsa
Answer: A
Question 25: Which encryption method is used by WPA3?
A. TKIP
B. SAE
C. PSK
D. AES
Answer: D
Question 26: An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain
name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination
router?
A. interfaceFastEthernet0/0
ip address 10.122.49.1 255.255.255.248
ip access-group 10 in
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
B. interface
FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-list standard 105
permit tcp 10.139.58.0 0.0.0.7 eq 22 host 10.122.49.1
C. interface
FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-list extended 110
permit tcp 10.139.58.0 0.0.0.15 host 10.122.49.1 eq 22
D. interfaceFastEthernet0/0
ip address 10.122.49.1 255.255.255.240
access-group 120 in
ip access-list extended 120
permit tcp 10.139.58.0 255.255.255.248 any eq 22
Answer: C
Question 27: What is a function of spine-and-leaf architecture?
A. mitigates oversubscription by adding a layer of leaf switches
B. limits payload size of traffic within the leaf layer
C. offers predictable latency of the traffic path between end devices
D. exclusively sends multicast traffic between servers that are directly connected to the spine
Answer: C
Question 28: What differentiates device management enabled by Cisco DNA Center from traditional campus
device management?
A. CLI-oriented device
B. centralized
C. per-device
D. device-by-device hands-on
Answer: B
Router R1 is added to the network and configured with the 10.0.0.64/26 and 10.0.20.0/24 subnets. However,
traffic destined for the LAN on R3 is not accessible. Which command when executed on R1 defines a static
route to reach the R3 LAN?
A. ip route 10.0.15.0 255.255.255.0 10.0.20.1
B. ip route 10.0.15.0 255.255.255.192 10.0.20.1
C. ip route 10.0.0.64 255.255.255.192 10.0.20.3
D. ip route 10.0.15.0 255.255.255.0 10.0.20.3
Answer: D
Router1#show ip route
Gateway of last resort is 10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is sudnetted, 1 subnets

B 209.165.200.224 [20/0] via 10.10.12.2, 03:03:03
209.165.201.0/27 is sudnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2, 03:03:03
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2, 03:03:03
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
C 10.10.10.0/28 is directly
connected, GigabitEthernet0/0 C
10.10.11.0/30 is directly
connected, FastEthernet2/0
C 10.10.12.0/30 is directly connected, GigabitEthernet0/1
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via
10.10.10.1, 00:00:03, GigabitEthernet0/0
O 10.10.13.144/28 [110/2] via
O 10.10.13.160/29 [110/2] via
O 10.10.13.208/29 [110/2] via
S* 0.0.0.0/0 [1/0] via 10.10.11.2
Drag and drop the prefix lengths from the left onto the corresponding prefixes on the right. Not all prefixes are
used.
Answer:
10.10.13.0 – 255.255.255.128
10.10.13.144 – 255.255.255.240
10.10.13.160 – 255.255.255.248
209.165.202.128 – 255.255.255.224
Question 31: What is a zero-day exploit?
A. It is when an attacker inserts malicious code into a SQL server.
B. It is when a new network vulnerability is discovered before a fix is available.
C. It is when the perpetrator inserts itself in a conversation between two parties and captures or alters data.
D. It is when the network is saturated with malicious traffic that overloads resources and bandwidth.
Answer: B
Question 32: After a recent security breach and a RADIUS failure, an engineer must secure the console port of
each enterprise router with a local username and password. Which configuration must the engineer apply to
accomplish this task?
Option A Option B
aaa new-model username localuser secret
aaa authorization exec plaintextpassword line con 0
default local aaa login
authentication login authentication
default radius default privilege
username localuser privilege 15 level 15
secret plaintextpassword
Option C Option D
username localuser secret aaa new-
plaintextpassword line con 0 model
no login local line con 0
privilege level password
15 plaintextpassword
privilege level 15
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B (?)
Question 33: Which command implies the use of SNMPv3?
A. snmp-server community
B. snmp-server host
C. snmp-server enable traps
D. snmp-server user
Answer: D
Clients on the WLAN are required to use 802.11r. What action must be taken to meet the requirement?
A. Enable CCKM under Authentication Key Management
B. Under Protected Management Frames, set the PMF option to Required
C. Set the Fast Transition option to Enable and enable FT 802.1X under Authentication Key Management
D. Set the Fast Transition option and the WPA gtk-randomize State to disable
Answer: C
Question 35: When a switch receives a frame for an unknown destination MAC address, how is the frame
handled?
A. broadcast to all ports on the switch
B. flooded to all ports except the origination port
C. forwarded to the first available port
D. inspected and dropped by the switch
Answer: B
Question 36: What is the default port-security behavior on a trunk link?
A. It causes a network loop when a violation occurs.
B. It disables the native VLAN configuration as soon as port security is enabled.
C. It places the port in the err-disabled state if it learns more than one MAC address.
D. It places the port in the err-disabled state after 10 MAC addresses are statically configured.
Answer: C
How many objects are present in the given JSON-encoded data?
A. one
B. four
C. seven
D. nine
Answer: D
Question 38: What are two examples of multifactor authentication? (Choose two)
A. single sign-on
B. unique user knowledge
C. passwords that expire
D. soft tokens
E. shared password responsibility
Answer: B D
Gateway of last resort is
10.10.11.2 to network 0.0.0 0
209.165.200.0/27 is subnetted,
1 subnets
B 209.165.200.224 [20/0] via 10 10.12.2,03:22:14
B 209.165.201.0 [20/0] via 10.10.12.2, 02:26:33
B 209.165.202.128 [20/0] via 10.10.12.2,02:26:03
O 10.10.13.128/28 [110/2] via
10.10.10.1, 00:00:04, GigabitEthernet0/0 O
10.10.13.144/28 [110/2] via 10.10.10.1,
00:00:04, GigabitEthernet0/0 O
10.10.13.160/29 [110/2] via 10.10.10.1,
10.10.13.208/29 [110/2] via 10.10.10.1,
00:00:04, GigabitEthernet0/0 S* 0.0.0 0/0
[1/0] via 10.10.11.2
What is the subnet mask of the route to the 10.10.13.160 prefix?
A. 255.255.255.240
B. 255.255.255.128
C. 255.255.248.0
D. 255.255.255.248
Answer: D
Routers R1, R2, and R3 use a protocol to identify their neighbors’ IP addresses, hardware platforms, and
software versions. A network engineer must configure R2 to avoid sharing any neighbor information with R3,
and maintain its relationship with R1. What action meets this requirement?
A. Configure the no lldp run command globally
B. Configure the no lldp receive command on g0/1
C. Configure the no cdp run command globally
D. Configure the no cdp enable command on g0/2
Answer: D
Question 41: What is a function of an endpoint?
A. It passes unicast communication between hosts in a network
B. It is used directly by an individual user to access network services
C. It provides security between trusted and untrusted sections of the network
D. It transmits broadcast traffic between devices in the same VLAN
Answer: B
A network engineer started to configure port security on a new switch. These requirements must be met:
– MAC addresses must be learned dynamically.
– Log messages must be generated without disabling the
interface when unwanted traffic is seen. Which two commands
must be configured to complete this task? (Choose two)
A. SW(config-if)#switchport port-security mac-address 0010.7B84.45E6
B. SW(config-if)#switchport port-security maximum 2
C. SW(config-if)#switchport port-security mac-address sticky
D. SW(config-if)#switchport port-security violation shutdown
E. SW(config-if)#switchport port-security violation restrict
Answer: B E
Question 43: What are two features of the DHCP relay agent? (Choose two)
A. minimizes the necessary number of DHCP servers
B. assigns DNS locally and then forwards request to DHCP server
C. isconfigured under the Layer 3 interface of a router on the client subnet
D. allows only MAC-to-IP reservations to determine the local subnet of a client
E. permits one IP helper command under an individual Layer 3 interface
Answer: A C
A network engineer must configure router R1 with a host route to the server. Which command must the engineer
configure?
A. R1(config)#ip route 10.10.10.10 255.255.255.255 192.168.0.2
B. R1(config)#ip route 10.10.10.0 255.255.255.0 192.168.0.2
C. R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2
D. R1(config)#ip route 192.168.0.2 255.255.255.255 10.10.10.10
Answer: A
Question 45: In a cloud-computing environment, what is rapid elasticity?
A. automatic adjustment of capacity based on need
B. control and monitoring of resource consumption by the tenant
C. pooling resources in a multitenant model based on need
D. self-service of computing resources by the tenant
Answer: A
Question 46: Drag and drop the steps in a standard DNS lookup operation from the left into the order on the
right.
Answer:
Step 1: An endpoint submits a request for the IP address of a domain name Step 2: The DNS submits a request
to a root DNS server
Step 3: The DNS submits a request to the domain DNS server Step 4: The DNS receives a reply from the
domain DNS server Step 5: The DNS responds to the endpoint
Question 47: What must be considered for a locally switched FlexConnect AP if the VLANs that are used by the
AP and client access are different?
A. The APs must be connected to the switch with multiple links in LAG mode.
B. The native VLAN must match the management VLAN of the AP.
C. The switch port mode must be set to trunk.
D. IEEE 802.1Q trunking must be disabled on the switch port.
Answer: C
Question 48: Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from
being automatically logged out?
A. config sessions maxsessions 0
B. config serial timeout 9600
C. config serial timeout 0
D. config sessions timeout 0
Answer: C
Question 49: Which two IPv6 addresses are used to provide connectivity between two routers on a shared link?
(Choose two)
A. 2002::512:1204b:1111::1/64
B. ff06:bb43:cc13:dd16:1bb:ff14:7545:234d
C. FF02::0001:FF00:0000/104
D. 2001:701:104b:1111::1/64
E. ::ffff:10.14.101.1/96
Answer: D E (?)
An architect is managing a wireless network with APs from several branch offices connecting to the WLC in the
data center. There is a new requirement for a single WLAN to process the client data traffic without sending it
to the WLC. Which action must be taken to complete the request?
A. Enable local HTTP profiling
B. Enable FlexConnect Local Switching
C. Enable local DHCP Profiling
D. Enable Disassociation Imminent
Answer: B
Question 51: What is a function of MAC address learning?
A. It is disabled by default on all interfaces connected to trunks
B. It increases security on the management VLAN
C. It is enabled by default on all VLANs and interfaces
D. It increases the potential for MAC address flooding
Answer: C
Question 52: A Cisco engineer at a new branch office is configuring a wireless network with access points that
connect to a controller that is based at corporate headquarters. Wireless client traffic must terminate at the branch
office and access-point survivability is required in the event of a WAN outage. Which access point mode must be
selected?
A. Lightweight with local switching disabled
B. Local with AP fallback enabled
C. OfficeExtend with high availability disabled
D. FlexConnect with local switching enabled
Answer: D
Question 53: What is an advantage of using auto mode versus static mode for power allocation when an access
point is connected to a PoE switch port?
A. The default level is used for the access point
B. It detects the device is a powered device
C. All four pairs of the cable are used
D. Power policing is enabled at the same time
Answer: B
R1# show ip route |
begin gateway
Gateway of last
resort is not set
O 172.16.2.128/25 [110/3184437] via
207.165.200.250, 00:00:24, Serial0/0/0 O
172.16.3.64/27 [110/3184437] via
207.165.200.250, 00:00:24, Serial0/0/0 O
172.16.3.128/28 [110/3184437] via
207.165.200.250, 00:00:24, Serial0/0/0 O
172.16.3.192/29 [110/3184437] via
207.165.200.250, 00:00:24, Serial0/0/0 O
172.16.4.0/23 [110/3184437] via
207.165.200.250, 00:00:24, Serial0/0/0
207.165.200.0/24 is variably
subnetted, 4 subnets, 2 masks C
207.165.200.248/30 is directly
connected, Serial0/0/0
L 207.165.200.249/32 is directly
connected, Serial0/0/0 C
207.165.200.252/30 is directly
connected, Serial0/0/1 L
207.165.200.253/32 is directly
Drag and drop the learned prefixes from the left onto the subnet masks on the right.
Answer:
172.16.4.0 – 255.255.254.0
172.16.2.128 – 255.255.255.128
172.16.3.64 – 255.255.255.224
172.16.3.128 – 255.255.255.240
172.16.3.192 – 255.255.255.248
Question 55: Drag and drop the Ansible features from the left to the right. Not all features are used.
Answer:
uses the YAML language
executes modules via SSH
by default pushes
configurations to the client
operates without agents
--Some output missing--
Routing Descriptor Blocks:
* directly connected, via Ethernet0/1
Route metric is 0, traffic share count is 1
CPE# ping 203.0.113.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/oax = 1/1/1 ms
CPE# show ip route

198.51.100.1 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via
198.51.100.1, 00:02:07
198.51.100.0/24 is variably
198.51.100.0/30 is directly
connected, Ethernet0/0 L
198.51.100.2/32 is directly
connected, Ethernet0/0
203.0.113.0/24 is variably
203.0.113.0/30 is directly
connected, Ethernet0/1 L
203.0.113.2/32 is directly
connected, Etheraet0/1
After configuring a new static route on the CPE, the engineer entered this series of commands to verify that
the new configuration is operating normally. When is the static default route installed into the routing table?
A. when the default route learned over external BGP becomes invalid
B. when 203.0.113.1 is no longer reachable as a next hop
C. when the default route learned over external BGP changes its next hop
D. when
a route to 203.0.113.1 is learned via BGP
Answer: A
Wireless LAN access must be set up to force all clients from the NA WLAN to authenticate against the local
database. The WLAN is configured for local EAP authentication. The time that users access the network must
not be limited. Which action completes this configuration?
A. Check the Guest User Role check box
B. Clear the Lifetime (seconds) value
C. Set the Lifetime (seconds) value to 0
D. Uncheck the Guest User check box
Answer: D
Question 58: Which remote access protocol provides unsecured remote CLI access?
A. Telnet
B. SSH
C. console
D. Bash
Answer: A
An engineer must configure the interface that connects to PC1 and secure it in a way that only PC1 is
allowed to use the port. No VLAN tagging can be used except for a voice VLAN. Which command
sequence must be entered to configure the switch?
A. SW1(config-if)#switchport mode nonegotiate
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum 1
B. SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security mac-address 0050.7966.6800
C. SW1(config-if)#switchport mode dynamic desirable
SW1(config-if)#switchport port-security mac-address 0050.7966.6800
SW1 (config-if)#switchport port-security mac-address sticky
D. SW1(config-if)#switchport mode dynamic auto
SW1(config-if)#switchport port-security violation restrict
Answer: B
A public IPv6 address must be configured for internet access. Which command must be configured on the R2
WAN interface to the service provider?
A. ipv6 address fe80::260:3EFF:FE11:6770 link-local
B. ipv6 address fe80: :/10
C. ipv6 address 2001:db8:433:47:4620:ffff:ffff:ffff/64 anycast
D. ipv6 address 2001:db8:123:45::4/64
Answer: D
Question 61: Drag and drop the device behaviors from the left onto the matching HSRP state on the right.
Answer:
+ is waiting to hear from the neighbor device: Learn
+ is forwarding packets: Active
+ has heard from the neighbor device and is receiving hello packets: Listen
+ is transmitting and receiving hello packets: Speak
+ is ready to forward packets if the device that is currently
forwarding packets fails: Standby
Question 62: Which two functions does a WLC perform in the lightweight access-point architecture that an AP
performs independently in an autonomous architecture? (Choose two)
A. handling the association, authentication, and roaming of wireless clients
B. encrypting and decrypting traffic that uses the WAP protocol family
C. preventing collisions between wireless clients on the same RF channel
D. managing RF channels, including transmission power
E. sending and processing beacon frames
Answer: A D
Current Neighbor
Relationship
Neighbor ID Dead Addres Interface
Pri State Time s
192.168.1.1 00:00: 192.16 GigabitEth
1 33 8.1.1 ernet0/0
FULL/DR
Desired Neighbor
Relationship
Neighbor ID Dead Addres Interface
Pri State Time s
192.168.1.1 00:00: 192.16 GigabitEth
0 FULL/ 31 8.1.1 ernet0/0
-
How must OSPF be configured on the GigabitEthernet0/0 interface of the neighbor device to achieve the desired
neighbor relationship?
A. Router(config)#interface
GigabitEthernet 0/0
Router(config-if)#ip ospf cost 5
B. Router(config)#interface
GigabitEthernet 0/0
Router(config-if)#ip ospf 1 area
2
C. Router(config)#interface
GigabitEthernet 0/0
Router(config-if)#ip ospf
network point-to-point
D. Router(config)#interface
GigabitEthernet 0/0
Router(config-if)#ip ospf
priority 1
Answer: C
Question 64: What causes a port to be placed in the err-disabled state?
A. latency
B. nothing plugged into the port
C. shutdown command issued on the port
D. link flapping
Answer: D
Question 65: Which function forwards frames to ports that have a matching destination MAC address?
A. frame pushing
B. frame filtering
C. frame flooding
D. frame switching
Answer: D
The SW1 and SW2 Gi0/0 ports have been preconfigured. An engineer is given these requirements:
+ Allow all PCs to communicate with each other at Layer 3.
+ Configure untagged traffic to use VLAN 5.
+ Disable VLAN 1 from being used.
Which configuration set meets these requirements?
Option A Option B
SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 5,7,9,108 switchport trunk allowed vlan 5,7,9,108
switchport trunk native vlan 5
switchport mode trunk switchport mode access
switchport trunk allowed vlan 7,9,108 switchport trunk allowed vlan 7,9,108
SW2# SW2#
switchport mode trunk switchport mode access
switchport trunk allowed vlan 7 no switchport access vlan 1
interface Gi0/7 switchport access vlan 7
switchport mode trunk interface Gi0/7
switchport trunk allowed vlan 5,7,9,108 switchport mode trunk
switchport trunk allowed vlan 7,9,108
Option C Option D
SW1# SW1#
interface Gi0/1 interface Gi0/1 switchport mode trunk
switchport mode trunk switchport trunk allowed vlan 5,7,9,108
switchport trunk allowed vlan 5,7,9,108 switchport trunk native vlan 5
switchport trunk allowed vlan 5,7,9,108 switchport trunk allowed vlan 5,7,9,108
SW2# SW2#
switchport mode access switchport mode access
switchport access vlan 7 switchport access vlan 7
switchport trunk allowed vlan 7,9,108 switchport trunk allowed vlan 5,7,9,108
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
SW1#show ip interface brief
Interface IP-Address OK?
Method Status Protocol
FastEthernet0/1 unassignedYES
manual down down
SW1#show interface fa0/1 status

Port Name Status Vlan Duplex Speed Type
Fa0/1 notconnect 1 a-full a-100 10/100BaseTX
What is the cause of the issue?

A. STP
B. shutdown command
C. port security
D. wrong cable type
Answer: D
10.10.11.2 to network 0.0.0.0
209.165.200.0/27 is
subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2,03:32:14
B 209.165.201.0 [20/0] via 10.10.12.2,02:26:53
B 209.165.202.128 [20/0] via 10.10.12.2,02:46:03
O 10.10.13.128/28 [110/2] via
10.10.10.1, 00:00:12, GigabitEthernet0/0 O
10.10.13.144/28 [110/2] via 10.10.10.1,
10.10.13.160/29 [110/2] via 10.10.10.1,
10.10.13.208/29 [110/2] via 10.10.10.1,
10.10.13.252/30 [110/2] via 10.10.10.1,
00:01:57, GigabitEthernet0/0 S* 0.0.0.0/0
[1/0] via 10.10.11.2
Drag and drop the subnet masks from the left onto the corresponding subnets on the right. Not all subnet masks
are used.
Answer:
10.10.13.0 – 255.255.255.128
10.10.13.128 – 255.255.255.240
10.10.13.160 – 255.255.255.248
10.10.13.252 – 255.255.255.252
A network engineer must configure the link with these requirements:

• Consume as few IP addresses as possible.
• Leave at least two additional useable IP
addresses for future growth. Which set of
configurations must be applied?
A. R1(config-if)#ip address 10.10.10.1 255.255.255.248
R2(config-if)#ip address 10.10.10.4 255.255.255.248
B. R1(config-if)#ipaddress 10.10.10.1 255.255.255.240
C. R1
(config-if)#ip address 10.10.10.1 255.255.255.252
D. R1(config-if)#ip address 10.10.10.1 255.255.255.0
Answer: A
Question 70: What is a function of Layer 3 switches?
A. They route traffic between devices in different VLANs.
B. They transmit broadcast traffic when operating in Layer 3 mode exclusively.
C. They forward Ethernet frames between VLANs using only MAC addresses.
D. They move frames between endpoints limited to IP addresses.
Answer: A
IPv6 is being implemented within the enterprise. The command ipv6 unicast-routing is configured. Interface
Gig0/0 on R1 must be configured to provide a dynamic assignment using the assigned IPv6 block. Which
command accomplishes this task?
A. ipv6 address 2001:DB8:FFFF:FCF3::/64 eui-64
B. ipv6 address 2001:DB8:FFFF:FCF3::/64 link-local
C. ipv6 address 2001:0B8:FFFF:FCF3::1/64
D. ipv6 address autoconfig 2001:DB8:FFFF:FCF2::/64
Answer: A
Which router or router group are NTP clients?

A. R1, R2, and R3
B. R1
C. R2and R3
D R1, R3, and R4
Answer: A
Question 73: A network engineer is replacing the switches that belong to a managed-services client with new
Cisco Catalyst switches. The new switches will be configured for updated security standards, including
replacing Telnet services with encrypted connections and doubling the modulus size from 1024. Which two
commands must the engineer configure on the new switches? (Choose two)
A. transportinput ssh
B. transportinput all
C. crypto key generate rsa general-keys modulus 1024
D. crypto key generate rsa usage-keys
E. crypto key generate rsa modulus 2048
Answer: A E
Gateway of last
resort is not set
10.0.0.0/8 is variably subnetted, 2
subnets, 2 masks
connected, GigabitEthernet0/0 L
connected, GigabitEthernet0/0
S 192.168.0.0/20 [1/0] via 10.1.1.1
192.168.1.0/30 is
subnetted, 1 subnets S
192.168.1.0/30 [1/0]
via 10.1.1.1
192.168.2.0/24 is variably
subnetted, 2 subnets, 2 masks S
192.168.2.0/28 [1/0] via
10.1.1.1
S 192.168.2.0/29 [1/0] via 10.1.1.1
An engineer is checking the routing table in the main router to identify the path to a server on the network.
Which route does the router use to reach the server at 192.168.2.2?
A. S 192.168.2.0/28 [1/0] via 10.1.1.1
B. S 192.168.1.0/30 [1/0] via 10.1.1.1
C. S 192.168.0.0/20 [1/0] via 10.1.1.1
D. S 192.168.2.0/29 [1/0] via 10.1.1.1
Answer: D
{
"myCar": {
"name": "thunder",
"wheels": ["good", "good",
"pressureLow", "warning"],
"gasLight": false
},
"oldCar": {
"name": "sleepy",
"wheels": ["pressureLow", "pressureLow",
"pressureLow", "pressureLow"], "color":
"rust"
"gasLight": true
},
"newCar": {
"name": "lightning",
"wheels": ["pressureLow", "good",
"pressureLow", "good"], "color":
"blue"
"gasLight": true
}
}
In which structure does the word “warning” directly reside?
A. array
B. object
C. Boolean
D. String
Answer: A
After applying this configuration to router R1, a network engineer is verifying the implementation. If all links
are operating normally, and the engineer sends a series of packets from PC1 to PC3, how are the packets
routed?
A. They are routed to 172.16.20.2.
B. They are distributed sent round robin to interfaces S0/0/0 and S0/0/1.
C. They are routed to 192.168.100.2.
D. They are routed to 10.0.0.2.
Answer: A
Question 77: A network administrator plans an update to the Wi-Fi networks in multiple branch offices. Each
location is configured with an SSID called “Office”. The administrator wants every user who connects to the
SSID at any location to have the same access level. What must be set the same on each network to meet the
requirement?
A. radio policy
B. security policies
C. NAS-ID configuration
D. profile name
Answer: B
Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet
while using 209.165.202.129 for Port Address Translation?
A. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0

access-list 10 permit 192.168.0.0 0.0.0.255 ip nat inside source list 10 pool CCNA overload
B. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255
C. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0
D. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255
Answer: D
A multivendor network exists and the company is implementing VoIP over the network for the first time. Which
configuration is needed to implement the neighbor discovery protocol on the interface and allow it to remain off
for the remaining interfaces?
A. SW1(config)#no cdp enable
SW1 (config)#interface
gigabitethernet1/0/1
SW1(config-if)#cdp run
B. SW1(config)#lldp enable
SW1(config)#interface
SW1(config-if)#lldp run
C. SW1(config)#lldp run
SW1 (config)#interface
SW1(config-if)#lldp enable
D. SW1(config)#no cdp run
SW1(config)#interface
SW1(config-if)#lldp
transmit
SW1(config-if)#lldp receive
Answer: D
Question 80: A network architect is considering whether to implement Cisco DNA Center to deploy devices on a
new network. The organization is focused on reducing the time it currently takes to deploy devices in a
traditional campus design. For which reason would Cisco DNA Center be more appropriate than traditional
management options?
A. Cisco DNA Center provides zero-touch provisioning to third-party devices.
B. Cisco DNA Center supports deployment with a single pane of glass.
C. Cisco DNA Center minimizes the level of syslog output when reporting on Cisco devices.
D. Cisco DNA Center reduces the need for analytics on third-party access points and devices.
Answer: B
Question 81: How do TCP and UDP fit into a query-response model?
A. TCP avoids using sequencing, and UDP avoids using acknowledgments.
B. TCP uses error detection for packets, and UDP uses error recovery.
C. TCP establishes a connection prior to sending data, and UDP sends immediately.
D. TCP encourages out-of-order packet delivery, and UDP prevents re-ordering.
Answer: C
Question 82: Drag and drop the RF terms from the left onto the corresponding statements on the right.
Answer:
+ measure of the minimum power required to decode a radio signal without excessive errors: receiver
sensitivity
+ deviation from the propagation path that occurs when a signal encounters an obstacle: reflection
+ reduction of energy in a signal as it travels away from the access point and encounters free space or obstacles:
absorption
+ measure of the total unwanted signals at the receiver: noise floor
+ relative power of the desired radio signal to unwanted signals at the receiver: signal-to-noise ratio
Question 83: Which interface type enables an application running on a client to send data over an IP network to
a server?
A. southbound interface
B. applicationprogramming interface
C. northbound interface
D. Representational State Transfer application programming interface
Answer: B
access-list 10 permit 10.0.0.0 0.0.0.255
interface Serial0
ip access-list 10 in
A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interface Serial0.
What is the effect of the configuration as the administrator applies the command?
A. The sourced traffic from IP range 10.0.0.0 – 10.0.0.255 is allowed on Serial0.
B. The permit command fails and returns an error code.
C. The router fails to apply the access list to the interface.

D. The router accepts all incoming traffic to Serial0 with the last octet of the source IP set to 0.
Answer: C
Question 85
Refer to the exhibit.
172.16.2.2 to network 0.0.0.0
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks
connected, GigabitEthernet0/0/2 C
connected, GigabitEthernet0/0/0 L
connected, GigabitEthernet0/0/0
S 172.16.1.33/32 is directly
connected, GigabitEthernet0/0/1 C
connected, GigabitEthernet0/0/1 L
connected, GigabitEthernet0/0/1 S*
0.0.0.0/0 [1/0] via 172.16.2.2
A packet sourced from 10.10.10.1 is destined for 10.10.8.14. What is the subnet mask of the destination route?
A. 255.255.254.0
B. 255.255.255.240
C. 255.255.255.248
D. 255.255.255.252
Answer: B
Question 86: What are two reasons to implement IPv4 private addressing on a network? (Choose two)
A. to expand the routing table on the router
B. to facilitate renumbering when merging networks
C. to enable internal applications to treat the private IPv4 addresses as unique
D. to conserve global unique IPv4 addresses
E. to provide protection from external denial-of-service attacks
Answer: D E
A guest WLAN must be created that prompts the client for a username and password on the local web page
of the WLC. Which two actions must be performed on the Layer 2 tab before enabling the Authentication
option on the Layer 3 tab? (Choose two)
A. Uncheck the MAC Filtering option check box.
B. Set the Security Type option to Personal.
C. Change the WPA Encryption option from TKIP to CCMP128(AES).
D. Set the Layer 2 Security option to None.
E. Uncheck the WPA Policy option check box, and check the WPA2 Policy option check box.
Answer: A D
Question 88: Which script paradigm does Puppet use?
A. manifests and modules
B. strings and marionettes
C. recipes and cookbooks
D. playbooks and roles
Answer: A
Question 89: Which IPsec transport mode encrypts the IP header and the payload?
A. pipe
B. tunnel
C. control
D. transport
Answer: B
Question 90: What does WPA3 provide in wireless networking?
A. increased security and requirement of a complex configuration
B. backward compatibility with WPA and WPA2
C. optional Protected Management Frame negotiation
D. safeguards against brute force attacks with SAE
Answer: D
Question 91: Refer to the exhibit. With which metric does router R1 learn the route to host 172.16.0.202?
R1#show ip route | begin gateway
209.165.200.246 to network
0.0.0.0 S* 0.0.0.0/0 [1/0] via
209.165.200.246, Serial0/1/0
is directly connected, Serial0/1/0
172.16.0.0/16 is variably
subnetted, 3 subnets, 3 masks S
172.16.0.0/24 [1/0] via
207.165.200.250, Serial0/0/0
O 172.16.0.128/25 [110/32445] via
207.165.200.254, 00:00:33, Serial0/0/1 D
172.16.0.192/29 [90/3184439] via
207.165.200.254, 00:00:33, Serial0/0/1
207.165.200.0/24 is variably
207.165.200.248/30 is directly
L 207.165.200.249/32 is directly
connected, Serial0/0/0 C
207.165.200.252/30 is directly
connected, Serial0/0/1 L
207.165.200.253/32 is directly
A. 0
B. 110
C. 32445
D. 3184439
Answer: C
Question 92: Which two actions are taken as the result of traffic policing? (Choose two)
A. bursting
B. fragmentation
C. dropping
D. remarking
E. buffering
Answer: C D
Gateway of last resort is 0.0.0.0
to network 0.0.0.0 10.0.0.0/8 is
variably subnetted, 6 subnets, 5
masks
S 10.0.0.0/8 is directly
connected, GigabitEthernet0/0 L
connected, GigabitEthernet0/0
S 10.10.0.0/22 is directly
connected, GigabitEthernet0/0 S
connected, GigabitEthernet0/0 S
connected, GigabitEthernet0/0 S*
0.0.0.0/0 is directly connected,
GigabitEthernet0/0
Which IP route command created the best path for a packet destined for 10.10.10.3?
A. ip route 10.0.0.0 255.0.0.0 g0/0
B. ip route 10.10.10.1 255.255.255.255 g0/0
C. ip route 10.10.10.0 255.255.255.240 g0/0
D. ip route 10.10.0.0 255.255.252.0 g0/0
Answer: C
Question 94: A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are
caused by a legitimate autonomous AP. How must the alarms be stopped for the MAC address of the AP?
A. Place the AP into manual containment.
B. Remove the AP from WLC management.
C. Manually remove the AP from Pending state.
D. Set the AP Class Type to Friendly.
Answer: D
Question 95: Which security method is used to prevent man-in-the-middle attack?
A. authorization
B. authentication
C. anti-replay
D. accounting
Answer: C

Part 10

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Part 10

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Part 10

Uploaded by

Copyright:

Available Formats

CCNA – New Questions Part 10

Question 1: Refer to the exhibit.

C. switch(config)#spanning-tree vlan 1 priority 4096

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to

the right. Not all options are used.

209.165.200.0/27 is sudnetted, 1 subnets

CPE# ping 203.0.113.1

CPE# show ip route

SW1#show interface fa0/1 status

What is the cause of the issue?

A network engineer must configure the link with these requirements:

Which router or router group are NTP clients?

Question 76: Refer to the exhibit.

A. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0

C. The router fails to apply the access list to the interface.

You might also like