CCNA – New Questions Part 9

Question 1: Refer to the exhibit.

Switch#show
etherchannel
summary [output
omitted]

Group Port-channel Protocol Ports

-------+--------------+---------+---------------------
10 Po10( LACP Gi0/0(P)
SU) Gi0/1(P)
20 Po20( LACP Gi0/2(P)
SU) Gi0/3(P)

Which two commands when used together create port channel 10? (Choose two)
A. int range g0/0-1
channel-group 10 mode active
B. int range g0/0-1
channel-group 10 mode desirable
C. int range g0/0-1
channel-group 10 mode passive
D. int range g0/0-1
channel-group 10 mode auto
E. int range g0/0-1
channel-group 10 mode on
Answer: A C
Question 2: Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on the
same network at the same time?
A. global unicast address
B. anycast address
C. multicast address
D. link-local address
Answer: B
Question 3: Which field within the access-request packet is encrypted by RADIUS?
A. authorized services
B. authenticator
C. username
D. password
Answer: D
Which two configurations must the engineer apply on this network so that R1 becomes the DR? (Choose two)
A. R1(config)#interface fastethernet0/0
R1(config-if)#ip ospf priority 200
B. R1(config)#router ospf 1
R1(config-router)#router-id 192.168.100.1
C. R3(config)#interface fastethernet0/0
R3(config-if)#ip ospf priority 0
D. R1(config)#interface fastethernet0/0
R1(config-if)#ip ospf priority 0
E. R3(config)#interface fastethernet0/0
R3(config-if)#ip ospf priority 200
Answer:A C

Question 5: Refer to the exhibit.

The router has been configured with a supernet to accommodate the requirement for 380 users on a subnet.
The requirement already considers 30% future growth. Which configuration verifies the IP subnet on router
R4?
A. Subnet:10.7.54.0
Subnet mask: 255.255.254.0
Broadcast address: 10.7.54.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
B. Subnet:10.7.54.0
Subnet mask: 255.255.254.0
Broadcast address: 10.7.55.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
C. Subnet:10.7.54.0
Subnet mask: 255.255.128.0
Broadcast address: 10.7.55.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
D. Subnet:10.7.54.0
Subnet mask: 255.255.255.0
Broadcast address: 10.7.54.255
Usable IP address range: 10.7.54.1 – 10.7.55.254
Answer: B
Question 6: What is a function of a Next-Generation IPS?
A. makes forwarding decisions based on learned MAC addresses
B. serves as a controller within a controller-based network
C. integrates with a RADIUS server to enforce Layer 2 device authentication rules
D. correlates user activity with network events
Answer: D
Question 7: What is the difference between IPv6 unicast and anycast addressing?
A. An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast
address is assigned to a group of interfaces on multiple nodes.
B. IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes
require no special configuration
C. IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes
require no special configuration
D. Unlikean IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes
Answer: A
Question 8: Refer to the exhibit.

Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted
connections? (Choose two)
A. username CNAC secret R!41!4319115@
B. crypto key generate rsa 1024
C. ip ssh version 2
D. line vty 0 4
E. transport input ssh
Answer: B E
Question 9: Which action is taken by the data plane within a network device?
A. looks up an egress interface in the forwarding information base
B. constructs a routing table based on a routing protocol
C. provides CLI access to the network device
D. forwards traffic to the next hop
Answer: D
Question 10: R1 as an NTP server must have:
* NTP authentication enabled
* NTP packets sourced from Interface loopback 0
* NTP stratum 2
* NTP packets only permitted to client
IP 209.165.200.225 How should R1
be configured?

Option A Option B
ntp authenticate ntp authenticate
ntp authentication-key 2 sha1 CISCO123 ntp authentication-key 2 md5 CISCO123
ntp source Loopback0 ntp source Loopback0
ntp access-group server-only 10 ntp ntp access-group server-only 10 ntp
master 2 stratum 2
! !
access-list 10 permit udp host access-list 10 permit udp host
209.165.200.225 any eq 123 209.165.200.225 any eq 123
Option C Option D
ntp authenticate ntp authenticate
ntp authentication-key 2 md5 CISCO123 ntp authentication-key 2 md5 CISCO123
ntp interface Loopback0 ntp source Loopback0
ntp access-group server-only 10 ntp ntp access-group server-only 10 ntp
stratum 2 master 2
! !
access-list 10 permit 209.165.200.225 access-list 10 permit 209.165.200.225
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Question 11: Refer to the exhibit.

Which route must be configured on R1 so that OSPF routing is used when OSPF is up. But the server is still
reachable when OSPF goes down?
A. ip route 10.1.1.10 255.255.255.255 172.16.2.2 100
B. ip route 10.1.1.0 255.255.255.0 gi0/1 125
C. ip route 10.1.1.0 255.255.255.0 172.16.2.2 100
D. ip route 10.1.1.10 255.255.255.255 gi0/0 125
Answer: D
Question 12: How does Rapid PVST+ create a fast loop-free network topology?
A. It requires multiple links between core switches
B. It maps multiple VLANs into the same spanning-tree instance
C. It generates one spanning-tree instance for each VLAN
D. It uses multiple active paths between end stations
Answer: C
Question 13: Which WLC management connection type is vulnerable to man-in-the-middle attacks?
A. SSH
B. HTTPS
C. Telnet
D. console
Answer: C
Question 14: Refer to the exhibit.

Which command configures OSPF on the point-to-point link between routers R1 and R2?
A. network 10.0.0.0 0.0.0.255 area 0
B. neighbor 10.1.2.0 cost 180
C. ip ospf priority 100
D. router-id 10.0.0.15
Answer: A
Question 15: Which characteristic differentiates the concept of authentication from authorization and
accounting?
A. user-activity logging
B. service limitations
C. consumption-based billing
D. identity verification
Answer: D
Question 16: (this question is duplicated so we removed it)
Question 17: Refer to the exhibit.

Traffic that is flowing over interface TenGigabitEthernet0/0 experiences slow transfer speeds. What is the
reason for the issue?
A. heavy traffic congestion
B. queuing drops
C. a speed conflict
D. a duplex incompatibility
Answer: D
Question 18: Which type of network attack overwhelms the target server by sending multiple packets to a port
until the half-open TCP resources of the target are exhausted?
A. SYN flood
B. reflection
C. teardrop
D. amplification
Answer: A
Question 19: Which interface mode must be configured to connect the lightweight APs in a centralized
architecture?
A. WLAN dynamic
B. management
C. trunk
D. access
Answer: D
Question 20: Which two network actions occur within the data plane? (Choose two)
A. Add or remove an 802.1Q trunking header.
B. Make a configuration change from an incoming NETCONF RPC.
C. Run routing protocols.
D. Reply to an incoming ICMP echo request.
E. Match the destination MAC address to the MAC address table.
Answer: A E
Question 21: Refer to the exhibit.
A#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.1.1.1 1 EXCHANGE/- 00:00:36 172.16.32.1Serial0.1

An engineer assumes a configuration task from a peer. Router A must establish an OSPF neighbor relationship
with neighbor 172.1.1.1. The output displays the status of the adjacency after 2 hours. What is the next step in
the configuration process for the routers to establish an adjacency?
A. Setthe router B OSPF ID to the same value as its IP address
B. Setthe router B OSPF ID to a nonhost address
C. Configure a point-to-point link between router A and router B
D. Configure router A to use the same MTU size as router B
Answer: D
Question 22: Refer to the exhibit.
CPE#show ip route
192.168.1.0/24 is variably
subnetted, 3 subnets, 3 masks B
192.168.1.0/24 [20/1] via
192.168.12.2, 00:00:06
R 192.168.1.128/25 [120/5] via
192.168.13.3, 00:02:22, Ethernet0/1 O
192.168.1.192/26 [110/11] via
192.168.14.4, 00:02:22, Ethernet0/2
D 192.168.1.224/27 [90/1024640] via 192.168.15.5, 00:01:33, Ethernet0/3

All traffic enters the CPE router from interface Serial0/3 with an IP address of 192.168.50.1. Web traffic from
the WAN is destined for a LAN network where servers are load-balanced. An IP packet with a destination
address of the HTTP virtual IP of 192.168.1.250 must be forwarded. Which routing table entry does the
router use?
A. 192.168.1.0/24 via 192.168.12.2
B. 192.168.1.128/25 via 192.168.13.3
C. 192.168.1.192/26 via 192.168.14.4
D. 192.168.1.224/27 via 192.168.15.5
Answer: D
Question 23: Refer to the exhibit.

The link between PC1 and the switch is up, but it is performing poorly. Which interface condition is causing the
performance problem?
A. There is a duplex mismatch on the interface
B. There is an issue with the fiber on the switch interface
C. There is a speed mismatch on the interface
D. There is an interface type mismatch
Answer: A
Question 24: What provides centralized control of authentication and roaming in an enterprise network?
A. a lightweight access point
B. a firewall
C. a wireless LAN controller
D. a LAN switch
Answer: C
Question 25: Refer to the exhibit.

An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0/1
interface for the router to assign a unique 64-bit IPv6 address to itself?
A. ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64
B. ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64
C. ipv6 address 2001:DB8:0:1:FFFF:C601:420F:7/64
D. ipv6 address 2001:DB8:0:1:FE80:C601:420F:7/64
Answer: A
Question 26: Refer to the exhibit.

An engineer is configuring a new router on the network and applied this configuration. Which additional
configuration allows the PC to obtain its IP address from a DHCP server?
A. Configure the ip dhcp relay information command under interface Gi0/1
B. Configure the ip dhcp smart-relay command globally on the router
C. Configure the ip helper-address 172.16.2.2 command under interface Gi0/0
D. Configure the ip address dhcp command under interface Gi0/0
Answer: C
Question 27: Refer to the exhibit.

A static route must be configured on R14 to forward traffic for the 172.21.34.0/25 network that resides on R86.
Which command must be used to fulfill the request?
A. ip route 172.21.34.0 255.255.255.192 10.73.65.65
B. ip route 172.21.34.0 255.255.255.0 10.73.65.65
C. ip route 172.21.34.0 255.255.128.0 10.73.65.64
D. ip route 172.21.34.0 255.255.255.128 10.73.65.66
Answer: D
Question 28: What is a function of Opportunistic Wireless Encryption in an environment?
A. offer compression
B. increase security by using a WEP connection
C. provide authentication
D. protect traffic on open networks
Answer: D
Question 29: Refer to the exhibit.

A company is configuring a failover plan and must implement the default routes in such a way that a floating
static route will assume traffic forwarding when the primary link goes down. Which primary route
configuration must be used?
A. ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernet1/0
B. ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked
C. ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating
D. ip route 0.0.0.0 0.0.0.0 192.168.0.2
Answer: D
Question 30: Which action implements physical access control as part of the security program of an
organization?
A. settingup IP cameras to monitor key infrastructure
B. backing up syslogs at a remote location
C. configuring enable passwords on network devices
D. configuring a password for the console port
Answer: A
Question 31: Refer to the exhibit.

An engineer is asked to insert the new VLAN into the existing trunk without modifying anything previously
configured Which command accomplishes this task?
A. switchport trunk allowed vlan 100-104
B. switchport trunk allowed vlan all
C. switchport trunk allowed vlan add 104
D. switchport trunk allowed vlan 104
Answer: C
Question 32: Refer to the exhibit.

What is a reason for poor performance on the network interface?

A. The interface is receiving excessive broadcast traffic.
B. The cable connection between the two devices is faulty.
C. The interface is operating at a different speed than the connected device.
D. The bandwidth setting of the interface is misconfigured
Answer: B
Question 33: Refer to the exhibit.

Routers R1 and R3 have the default configuration. The router R2 priority is set to 99. Which commands on R3
configure it as the DR in the 10.0.4.0/24 network?
A. R3(config)#interface Gig0/1
R3(config-if)#ip ospf priority 100
B. R3(config)#interface Gig0/0
R3(config-if)#ip ospf priority 100
C. R3(config)#interface Gig0/0
R3(config-if)#ip ospf priority 1
D. R3(config)#interface Gig0/1
 R3(config-if)#ip ospf priority 0
Answer: A
Question 34: Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?
A. shaping
B. marking
C. policing
D. classification
Answer: B
Question 35: Refer to the exhibit.

Router1#show ip route
Gateway of last resort is 10.10.11.2
to network 0.0.0.0
209.165.200.0/27 is subnetted, 1
subnets
B 209.165.200.224 [20/0] via 10.10.12.2,03:32:14
209.165.201.0/27 is subnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2,02:26:53
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2,02:46:03
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
O 10.10.13.0/25 [110/2] via 10.10.10.1,00:00:04, GigabitEthernet0/0
O 10.10.13.128/28 [110/2] via 10.10.10.5,00:00:12, GigabitEthernet0/1
O 10.10.13.144/28 [110/2] via
10.10.10.9,00:01:57, GigabitEthernet0/2 O
10.10.13.160/29 [110/2] via
10.10.10.5,00:00:12, GigabitEthernet0/1 O
10.10.13.208/29 [110/2] via
10.10.10.13,00:01:57, GigabitEthernet0/3
S* 0.0.0.0/0 [1/0] via 10.10.11.2

Which next-hop IP address does Router1 use for packets destined to host 10.10.13.158?
A. 10.10.10.5
B. 10.10.11.2
C. 10.10.12.2
D. 10.10.10.9
Answer: D
Question 36: What is one reason to implement LAG on a Cisco WLC?
A. to increase security and encrypt management frames
B. to provide link redundancy and load balancing
C. to allow for stateful and link-state failover
D. to enable connected switch ports to failover and use different VLANs
Answer: B
Question 37: Refer to the exhibit.
Web traffic is coming in from the WAN interface. Which route takes precedence when the router is processing
traffic destined for the LAN network at 10.0.10.0/24?
A. via next-hop 10.0.1.5
B. via next-hop 10.0.1.4
C. via next-hop 10.0.1.50
D. via next-hop 10.0.1.100
Answer: A
Question 38: Which PoE mode enables powered-device detection and guarantees power when the device is
detected?
A. dynamic
B. static
C. active
D. auto
Answer: B
Question 39: A Cisco engineer must configure a single switch interface to meet these requirements
* accept untagged frames and place them in VLAN 20
* accept tagged frames in VLAN 30 when CDP
detects a Cisco IP phone Which command set
must the engineer apply?
A. switchport mode access
switchport access vlan 20
switchport voice vlan 30
B. switchportmode trunk
switchport access vlan 20
switchport voice vlan 30
C. switchportmode dynamic auto
switchport trunk native vlan 20
switchport trunk allowed vlan 30
switchport voice vlan 30
D. switchportmode dynamic desirable
switchport access vlan 20
switchport trunk allowed vlan 30
switchport voice vlan 30
Answer: A
Question 40: Refer to the exhibit.
Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?
A. Router(config)#hostname R15
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config-line)#line vty 0 15
R15(config-line)# transport
input ssh
R15(config)#ip ssh source-interface Fa0/0
R15(config)#ip ssh stricthostkeycheck
B. Router(config)#ipdomain-name cisco.com
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2
Router(config-line)#line vty 0 15
Router(config-line)# transport input all
Router(config)#ip ssh logging events
C. Router(config)#hostname R15
R15(config)#ip domain-name cisco.com
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config)#ip ssh version 2
R15(config-line)#line vty 0 15 R15(config-line)# transport input ssh
D. Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2
Router(config-line)#line vty 0 15
Router(config-line)# transport input ssh
Router(config)#ip ssh logging events
R15(config)#ip ssh stricthostkeycheck
Answer: C
Question 41: Refer to the exhibit.
Users need to connect to the wireless network with IEEE 802.11r-compatible devices. The connection must
be maintained as users travel between floors or to other areas in the building. What must be the configuration
of the connection?
A. Selectthe WPA Policy option with the CCKM option
B. Disable AES encryption
C. Enable Fast Transition and select the FT 802.1x option
D. Enable Fast Transition and select the FT PSK option
Answer: C
Question 42: Refer to the exhibit.

An engineer is configuring an EtherChannel using LACP between Switches 1 and 2. Which configuration
must be applied so that only Switch 1 sends LACP initiation packets?
A. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode passive
B. Switch1(config-if)#channel-group 1 mode passive
Switch2(config-if)#channel-group 1 mode active
C. Switch1(config-if)#channel-group 1 mode active
Switch2(config-if)#channel-group 1 mode passive
D. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode active
Answer: C
Question 43: Refer to the exhibit.

SW1 = 24596 0018.184e.3c00

SW2 = 28692 004a.14e5.4077
SW3 = 32788 0022.55cf.dd00
SW4 = 64000 0041.454d.407f
Which switch becomes the root of a spanning tree for VLAN 20 if all links are of equal speed?
A. SW1
B. SW2
C. SW3
D. SW4
Answer: A
Question 44: Refer to the exhibit.

Router1(config)#interface GigabitEthernet0/0
Router1(config-if)#ip address 209.165.200.225 255.255.255.224
Router1(config-if)#ip nat outside
Router1(config)#interface GigabitEthernet0/1
Router1(config-if)#ip nat inside
Router1(config)#interface GigabitEthernet
Router1(config-if)#encapsulation dot1Q 100
Router1(config-if)#ip address 10.10.10.1 255.255.255.0
Router1(config)#interface GigabitEthernet0/1.200
Router1(config-if)#encapsulation dot1Q 200
Router1(config-if)#ip address 10.10.20.1 255.255.255.0
Router1(config)#ip access-list standard
NAT_INSIDE_RANGES

Router1(config-std-nacl)#permit 10.10.10.0 0.0.0.255

Router1(config)#ip nat inside source list NAT_INSIDE_RANGES interface GigabitEthernet0/0 overload

Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to
establish connectivity to the Internet for users in VLAN 200?
A. Definea NAT pool on the router.
B. Update the NAT INSIDF RANGFS ACL
C. Configure the ip nat outside command on another interface for VLAN 200
D. Configure static NAT translations for VLAN 200
Answer: B
Question 45: Which protocol uses the SSL?
A. HTTP
B. HTTPS
C. SSH
D. Telnet
Answer: B
Question 46: Drag and drop the facts about wireless architectures from the left onto the types of access point on
the right. Not all options are used.

Answer:
Autonomous Access Point
+ requires a management IP address
+ accessible for management via Telnet, SSH, or a web GUI
Cloud-Based Access Point
+ managed from a web-based dashboard
+ supports automatic
deployment
Question 47: Which value is the unique identifier that an access point uses to establish and maintain wireless
connectivity to wireless network devices?
A. VLANID
B. SSID
C. RFID
D. WLANID
Answer: B
Question 48: A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer
has already configured the host name on the router. Which additional command must the engineer configure
before entering the command to generate the RSA key?
A. password password
B. crypto key generate rsa modulus 1024
C. ip domain-name domain
D. ip ssh authentication-retries 2
Answer: C
Question 49: Refer to the exhibit.

Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on
Gi0/1 must be configured for the appropriate VLANs to establish connectivity between the PCs. Which
command set fulfills the requirement?
A. SwitchA(config-if)#switchport mode access

SwitchA(config-if)#switchport access vlan 50

SwitchA(config-if)#switchport voice vlan 51
B. SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport access vlan 50
SwitchA(config-if)#switchport voice vlan untagged
C. SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#switchport trunk allowed vlan add 50, 51
SwitchA(config-if)#switchport voice vlan dot1p
D. SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#switchport trunk allowed vlan 50, 51
SwitchA(config-if)#switchport qos trust cos
Answer: A
 Question 50: Which QoS traffic handling technique retains excess packets in a queue and reschedules these
packets for later transmission when the configured maximum bandwidth has been surpassed?
A. traffic shaping
B. traffic policing
C. weighted random early detection
D. traffic prioritization
Answer: A
Question 51: Refer to the exhibit.

R1 learns all routes via OSPF. Which command configures a backup static route on R1 to reach the
192.168.20.0/24 network via R3?
A. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111
B. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90
C. R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2
D. R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2
Answer: A
Question 52: Which Layer 2 switch function encapsulates packets for different VLANs so that the packets
traverse the same port and maintain traffic separation between the VLANs?
A. VLAN numbering
B. VLAN DSCP
C. VLAN tagging
D. VLAN marking
Answer: C
Question 53: What is an expected outcome when network management automation is deployed?
A. A distributed management plane must be used.
B. Software upgrades are performed from a central controller
C. Complexity increases when new device configurations are added
D. Custom applications are needed to configure network devices
Answer: B
Question 54: Refer to the exhibit.

The primary route across Gi0/0 is configured on both routers. A secondary route must be configured to
establish connectivity between the workstation networks. Which command set must be configured to
complete this task?
A. R1
ip route 172.16.2.0 255.255.255.240 172.16.0.2 113
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.1 114
B. R1
ip route 172.16.2.0 255.255.255.240 172.16.0.5 89
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.6 89
C. R1
ip route 172.16.2.0 255.255.255.248 172.16.0.5 110
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.6 110
D. R1
ip route 172.16.2.0 255.255.255.224 172.16.0.6 111
R2
ip route 172.16.1.0 255.255.255.0 172.16.0.5 112
Answer: D

Question 55: Refer to the exhibit.

Which action must be taken so that neighboring devices rapidly discover switch Cat9300?
A. Enable portfast on the ports that connect to neighboring devices
B. Configure the cdp holdtime 10 command on switch Cat9300
C. Configure the cdp timer 10 command on the neighbors of switch Cat9300
D. Configure the cdp timer 10 command on switch Cat9300
Answer: D
Question 56: Refer to the exhibit.

SW2 is replaced due to a hardware failure. A network engineer starts to configure SW2 by copying the Fa0/1
interface configuration from SW1. Which command must be configured on the Fa0/1 interface of SW2 to
enable PC1 to connect to PC2?

A. switchport mode trunk

B. switchport trunk native vlan 10
C. switchport trunk allowed remove 10
D. switchport mode access
Answer: A

Question 57: How do UTP and STP cables compare?

A. STP cables are cheaper to produre and easier to install and UTP cables are more expensive and harder to
install.
B. UTP cables are less prone to crosstalk and interference and STP cables are more prone to crosstalk and
interference.
C. UTP cables provide faster and more reliable data transfer rates and STP cables are slower and less reliable.
D. STP cables are shielded and protect against electromagnetic interference and UTP lacks the same protection
against electromagnetic interference.
Answer: D

Question 58 : Drag and drop the statements about device management from the left onto the corresponding
device-management types on the right.

Answer:
Cisco DNA Center Device Management:
+ It provides a single interface for network security and analytics
+ It supports CLI templates to apply a consistent configuration to multiple devices
+ It uses NetFlow to analyze potential security threats and take appropriate action on that traffic
Traditional Device Management:
+ It uses multiple tools and applications to analyze and troubleshoot different types of data
+ It manages device configurations on a per-device basis
+ Security is managed near the perimeter of the network with firewalls, VPNs, and IPS
Question 59: Which port type does a lightweight AP use to connect to the wired network when configured in
FlexConnect mode with local switching and VLAN tagging?
A. EtherChannel
B. access
C. LAG
D. trunk
Answer: D
Question 60: An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network.
Which feature must be enabled and configured to prevent connection issues with the printer?
A. passive client
B. static IP tunneling
C. DHCP address assignment
D. client exclusion
Answer: A
Question 61: An engineer is configuring router R1 with an IPv6 static route for prefix
2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1 The route must be reachable
via the R1 Gigabit 0/0 interface. Which command configures the designated route?
A. R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
B. R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
C. R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
D. R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
Answer: A
Question 62: Refer to the exhibit. What must be configured to enable 802.11w on the WLAN?

A. Set PMF to Required

B. Enable MAC Filtering
C. Enable WPA Policy
D. Set Fast Transition to Enabled
Answer: A
Question 63: Drag and drop the IPv6 address details from the left onto the corresponding types on the right.

Answer:
Anycast:
+ used exclusively by a non-host device
+ assigned to more than one interface
Multicast:
+ derived from the FF00::/8 address range
+ provides one-to-many communications
Unicast:
+ includes link-local and loopback addresses
+ identifies an interface on an
IPv6 device
Question 64: Drag and drop the elements of a security program from the left onto the corresponding descriptions
on the right.

Answer:
+ awareness: user-awareness learning level that focuses on security practice that all employees must understand
and enforce
+ education: user-awareness learning level that focuses on learning about topics and practices beyond what is
typically required by the user’s job
+ security policy: tactical document that sets out specific tasks and methods to maintain security
+ security standard: document that outlines an organization’s security goals and practices and the roles and
responsibilities of the organization’s personnel
+ training: user-awareness learning level that focuses on teaching employees how to
perform tasks specifically required by their jobs
Question 65: Refer to the exhibit.

Which configuration establishes a Layer 2 LACP EtherChannel when applied to both switches?
A. interface range G1/1 -1/3
switchport mode access
channel-group 1 mode passive
no shutdown
B. interface range G1/1 -1/3
switchport mode trunk
channel-group 1 mode desirable
no shutdown
C. interface range G1/1 -1/3
switchport mode trunk
channel-group 1 mode active
no shutdown
D. interface range G1/1 -1/3
 switchport mode access
channel-group 1 mode on
no shutdown
Answer: C
Question 66: Refer to the exhibit.

A network engineer configures the Cisco WLC to authenticate local wireless clients against a RADIUS
server. Which task must be performed to complete the process?
A. Disable the Server Status option
B. Enable the Management option
C. Enable the Network User option
D. Enable the Support for CoA option
Answer: C
Question 67: Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic
flow?
A. shaping
B. policing
C. CBWFQ
D. LLQ
Answer: B
Question 68: What is the role of disaggregation in controller-based networking?
A. It divides the control-plane and data-plane functions.
B. It summarizes the routes between the core and distribution layers of the network topology.
C. It enables a network topology to quickly adjust from a ring network to a star network
D. It streamlines traffic handling by assigning individual devices to perform either Layer 2 or Layer 3 functions.
Answer: A
Question 69: Which REST method updates an object in the Cisco DNA Center Intent API?
A. CHANGE
B. UPDATE
C. POST
D. PUT
Answer: D
Question 70: Drag and drop the QoS terms from the left onto the descriptions on the right.
Answer:
Class-based weighted fair queuing: Guarantees minimum bandwidth to specific traffic classes when an interface
is congested Classification: Categorizes packets based on the value of traffic descriptor
Congestion: Outcome of overutilization
Policing: Uses defined criteria to limit the transmission of one or more classes of traffic Shaping: Prevents
congestion by reducing the flow of the outbound traffic
Question 71: What is the function of Cisco Advanced Malware protection for next-generation IPS?
A. authorizing potentially compromised wireless traffic
B. URL filtering
C. authenticating end users
D. inspecting specific files and files types for malware
Answer: D
Question 72: An administrator must use the password complexity not manufacturer-name command to
prevent users from adding “cisco” as a password. Which command must be issued before this command?
A. Password complexity enable
B. confreg 0x2142
C. login authentication my-auth-list
D. service password-encryption
Answer: A
Question 73: What is the function of “off-the-shelf” switches in a controller-based network?
A. Forwarding packets
B. Making routing decision
C. Providing a central view of the deployed network
D. Setting packet-handling policies
Answer: A
Question 74: Which two practices are recommended for an acceptable security posture in a network? (Choose
two)
A. Maintain network equipment in a secure location
B. Backup device configurations to encrypted USB drives for secure retrieval
C. Use a cryptographic keychain to authenticate to network devices
D. Place internal email and file servers in a designated DMZ
E. Disable unused or unnecessary ports, interfaces and services
Answer: A E
Question 75: Refer to the exhibit.
What are the two steps an engineer must take to provide the highest encryption and authentication using domain
credentials from LDAP? (Choose two)
A. Select WPA policy with TKIP Encryption
B. Select WPA + WPA2 on layer 2 security
C. Select PSK under authentication key management
D. Select Static-WEP + 802.1x on Layer 2 security
E. Select 802.1x from under authentication key management

Answer: B E

Question 76: Refer to the exhibit.

Cat9K-1#show lldp
entry Cat9K-2 Local
Intf: Gi1/0/21
Chassis ID:
308b.b2b3.2880
Port id: Gi1/0/21
Port Description:
GigabitEthernet1/0/21
System Name: Cat9K-2

Managemen
t
Addresses:
IP:
10.6.110.2
The network administrator must prevent the switch Cat9K-2 IP address from being visible in LLDP without
disabling the protocol. Which action must be taken must be taken to complete the task?
A. Configure the no lldp tlv-select-management-address command globally on Cat9K-2
B. Configure the no lldp transmit command on interface G1/0/21 in Cat9K-1
C. Configure the no lldp receive command on interface G1/0/21 on Cat9K-1
D. Configure the no lldp mac-phy-cfg command globally on Cat9K-2
Answer: A
Question 77: Which WAN topology has the highest degree of reliability?
A. router-on-a-stick
B. Point-to-point
C. hub-and-spoke
D. full
mesh
Answer: D
Question 78: What is a feature of WPA?
A. 802.1x authentication
B. preshared key
C. TKIP/MIC encryption
D. small Wi-Fi application
Answer: C
Question 79: Refer to the exhibit.

R1 has taken the DROTHER role in the OSPF DR/BDR election process. Which configuration must an engineer
implement so that R1 is elected as the DR?
A. R1(config)#interface FastEthernet0/0
R1(config-if)#ip ospf priority 1
R1#clear ip ospf process
B. R1(config)#interface FastEthernet0/0
R1(config-if)#ip ospf priority 200
R1#clear ip ospf process
C. R3(config)#interface FastEthernet0/1
R3(config-if)#ip ospf priority 200
R3#clear ip ospf process
D. R2(config)#interface FastEthernet0/2
R2(config-if)#ip ospf priority 1
R2#clear ip ospf process
Answer: B
Question 80: Refer to the exhibit.
The IP address configurations must be completed on the DC-1 and HQ-1
routers based on these requirements. DC-1 Gi1/0 must be the last usable
address on a /30
DC-1 Gi1/1 must be the first usable address on a /29
DC-1 Gi1/2 must be the last usable address on a /28
HQ-1 Gi1/3 must be the last usable address on a /29
Drag and drop the commands from the left onto the destination interfaces on the right. Not all commands are
used.

Answer:
DC-1:
+ ip address 209.165.202.130 255.255.255.252
+ ip address 192.168.4.9 255.255.255.248
+ ip address 192.168.3.14 255.255.255.240
HQ-1:
+ ip address 192.168.3.14 255.255.255.248
Question 81: Refer to the exhibit.

Which type of configuration is represented in the output?

A. Chef
B. JSON
C. Ansible
D. Puppet
Answer: D
Question 82: How does TFTP operate in a network?
A. relieson the well-known TCP port 20 to transmit data
B. requires two separate connections for control and data traffic
C. uses block numbers to identify and mitigate data-transfer errors
D. provides secure data transfer
Answer: C
Question 83: Drag and drop the statements about networking from the left onto the corresponding networking
types on the right.

Answer:
Traditional Networking
+ This type implements changes individually at each device.
+ Maintenance costs are higher than with other networking options.
Controller-Based Networking
+ This type provides a centralized view of the network.
+ This type leverages controllers to handle
network management. Question 84
Refer to the exhibit.

What is represented by “R1” and “SW1” within the JSON output?

A. array
B. object
C. value
D. key
Answer: C
Question 85: Refer to the exhibit.
The following must be considered
+ SW1 is fully configured for all traffic
+ The SW4 and SW9 links to SW1 have been configured
+ The SW4 interface Gi0/1 and Gi0/0 on SW9 have been configured
+ The remaining switches have had all VLANs added to their VLAN database
Which configuration establishes a successful ping from PC2 to PC7 without interruption to traffic flow between
other PCs?

Option A
SW4# Option B
SW4
interface Gi0/2 interface Gi0/7
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 14,108 switchport trunk allowed vlan 108
!
SW11# interface Gi0/2
interface Gi0/2 switchport mode access
switchport mode trunk switchport access vlan 14
switchport trunk allowed vlan 14,108
! SW11#
interface Gi0/1 interface Gi0/2
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 14,108 switchport trunk allowed vlan 14,108
!
SW9# interface Gi0/1
interface Gi0/2 switchport mode trunk
switchport mode trunk switchport trunk allowed vlan 14,108
switchport trunk allowed vlan 14
SW9#
interface Gi0/2
switchport mode access
switchport access vlan 14

Option C Option D
SW4 SW4
interface Gi0/2 interface Gi0/2
switchport mode trunk switchport mode access
switchport trunk allowed vlan 14 switchport access vlan 14
SW11# SW11#
interface Gi0/1 interface Gi0/2
switchport mode trunk switchport mode access
switchport trunk allowed vlan 14 switchport access vlan 14
!
SW9# interface Gi0/0
interface Gi0/2 switchport mode access
switchport mode trunk switchport access vlan 14
switchport trunk allowed vlan 108 !
interface Gi0/1
switchport mode trunk
SW9#
interface Gi0/2
switchport mode access
switchport access vlan 14

A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Question 86: An engineer is configuring switch SW1 to act as an NTP server when all upstream NTP server
connectivity fails. Which configuration must be used?

A. SW1# config t
SW1(config)#ntp server 192.168.1.1
SW1(config)#ntp access-group server accesslist1
B. SW1# config t
SW1(config)3 ntp peer 192.168.1.1
SW1(config)#ntp access-group peer accesslist1
C. SW1# config t
SW1(config)#ntp backup
SW1(config)#ntp server 192.168.1.1
D. SW1# config t
SW1(config)#ntp master
SW1(config)#ntp server 192.168.1.1
Answer: D
Question 87: Refer to the exhibit.

An OSPF neighbor relationship must be configured using these guidelines:

– R1 is only permitted to establish a neighbor with R2.
– R1 will never participate in DR elections.
– R1 will use a router-id of 10.1.1.1. Which configuration must be used?

Option A Option B

Option C Option D
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Question 88: How does authentication differ from authorization?
A. Authentication verifies the identity of a person accessing a network, and authorization determines what
resource a user can access.
B. Authentication is used to determine what resources a user is allowed to access, and authorization is used to
track what equipment is allowed access to the network
C. Authentication is used to verify a person’s identity, and authorization is used to create syslog messages for
logins
D. Authentication is used to record what resource a user accesses, and authorization is used to determine what
resources a user can access
Answer: A
Question 89: A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, to
which type of OSPF network does this interface belong?
A. point-to-multipoint
B. point-to-point
C. nonbroadcast
D. broadcast
Answer: D
Question 90: Refer to the exhibit.
ip arp inspection vlan 5-10
interface fastethernet0/1
switchport mode access
switchport access vlan 5
What is the effect of this configuration?
A. Egress traffic is passed only if the destination is a DHCP server.
B. All ingress and egress traffic is dropped because the interface is untrusted.
C. All ARP packets are dropped by the switch.
D. The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings.
Answer: D
Question 91: Refer to the exhibit.
Which prefix did router R1 learn from internal EIGRP?
A. 192.168.2.0/24
B. 192.168.1.0/24
C. 192.168.3.0/24
D. 172.16.1.0/24
Answer: A
Question 92: Refer to the exhibit.

Router R1 must be configured to reach the 10.0.3.0 network from the 10.0.1.0/24 segment. Which command
must be used to configure the route?
A. route add 10.0.3.0 0.255.255.255 10.0.4.2
B. route add 10.0.3.0 mask 255.255.255.0 10.0.4.3
C. ip route 10.0.3.0 0.255.255.255 10.0.4.2
D. ip route 10.0.3.0 255.255.255.0 10.0.4.3
Answer: D
Question 93: What is a benefit for external users who consume public cloud resources?
A. implemented over a dedicated WAN
B. located in the same data center as the users
C. all hosted on physical servers
D. accessed over the Internet
Answer: D
Question 94: In an SDN architecture, which function of a network node is centralized on a controller?
A. provides protocol access for remote access devices
B. discards a message due filtering
C. creates the IP routing table
D. makes a routing decision
Answer: D
Question 95: An engineer must configure neighbor discovery between the company router and an ISP.
interface gigabitethernet0/0
description Circuit-ATT4202-89930
duplex full
speed 1000
media-type gbic
negotiation auto
lldp transmit
lldp receive

What is the next step to complete the configuration if the ISP uses a third-party router?
A. Disable CDP on gi0/0.
B. Disable auto-negotiation.
C. Enable LLDP TLVs on the ISP router.
D. Enable LLDP globally.
Answer: D
Question 96: Which SDN plane forwards user-generated traffic?
A. policy plane
B. management plane
C. data
plane
D. control
plane
Answer: C
Question 97: When should an engineer implement a collapsed-core architecture?

A. for large networks that are connected to multiple remote sites

B. the access and distribution layers must be on the same device
C. only when using VSS technology
D. for small networks with minimal need for growth
Answer: D
Question 98: Refer to the exhibit.

Routers R1 and R2 have been configured with their respective LAN interfaces. The two circuits are operational
and reachable across WAN. Which command set establishes failover redundancy if the primary circuit goes
down?
A. R1(config)#iproute 0.0.0.0 0.0.0.0 10.10.10.6 2
R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.5 2
B. R1(config)#iproute 10.10.13.10 255.255.255.255 10.10.10.6
R2(config)#ip route 192.166.0.100 255.255.255.255 10.10.10.5
C. R1(config)#iproute 10.10.13.10 255.255.255.255 10.10.10.2
R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.1
D. R1(config)#iproute 0.0.0.0 0.0.0.0 10.10.10.6
R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.5
Answer: A
Question 99: Drag and drop the traffic types from the left onto the QoS delivery mechanisms on the right.

Answer:
+ best effort: standard Web browsing traffic
+ priority queue: VoIP traffic
+ policing: video traffic
+ shaping: database

Question 100: What is a function performed by a web server?

A. provide an application that is transmitted over HTTP
B. send and retrieve email from client devices
C. securely store files for FTP access
D. authenticate and authorize a user’s identity
Answer: A
Question 101: Drag and drop the functions of AAA supporting protocols from the left onto the protocols on the
right.

Answer:
RADIUS
+ encrypts only the password when it sends an access request
+ combines authentication and authorization
+ uses UDP
TACACS+
+ separates all three AAA operations
+ encrypts the entire body of the access-request packet
+ uses TCP
Question 102: Which two wireless security standards use Counter Mode Cipher Block Chaining Message
Authentication Code Protocol for encryption and data integrity? (Choose two)
A. WPA2
B. WPA3
C. WEP
D. WPA
E. Wi-Fi 6
Answer: A B
Question 103: What is a practice that protects a network from VLAN hopping attacks?
A. Implement port security on internet-facing VLANs.
B. Configure an ACL to prevent traffic from changing VLANs.
C. Assign all access ports to VLANs other than the native VLAN.
D. Enable dynamic ARP inspection.
Answer: C
Question 104: Refer to the exhibit.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area N1 - OSPF
NSSA external type 1, N2 - OSPF
NSSA external type 2 E1 - OSPF
external type 1, E2 - OSPF external
type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default,
U - per-user static route o - ODR, P -
periodic downloaded static route, H -
NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is
10.56.0.1 to network 0.0.0.0 S*
0.0.0.0/0 [1/0] via
10.56.0.1
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks C
10.56.0.0/17 is directly
connected, Vlan56
L 10.56.0.19/32 is directly
connected, Vlan56 C
10.56.128.0/18 is directly
connected, Vlan57
L 10.56.128.19/32 is directly connected, Vlan57
When router R1 is sending traffic to IP address 10.56.192.1, which interface or next hop address does it use to
route the packet?
A. 0.0.0.0/0
B. Vlan57
C. 10.56.0.1
D. 10.56.128.19
Answer: C
Question 105: What is a function of MAC learning on a switch?
A. A static MAC address is manually added to the MAC table.
B. MAC address learning is disabled by default on all VLANs.
C. Frames received for a destination MAC address not listed in the address table are dropped.
D. The MAC address table is used to populate the ARP table.
Answer: A
Question 106: What is the difference between 1000BASE-LX/LH and 1000BASE-ZX interfaces?
A. 1000BASE-LX/LH interoperates with multimode and single-mode fiber, and 1000BASE-ZX needs a
conditioning patch cable with a multimode.
B. 1000BASE-ZX is supported on links up to 1000km, and 1000BASE-LX/LH operates over links up to 70 km.
C. 1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP over multimode fiber, and
1000BASE-LX/LH supports only single-rate.
D. 1000BASE-LX/LH is supported on links up to 10km, and 1000BASE-ZX operates over links up to 70 km.
Answer: D
Question 107: What is the effect when loopback interfaces and the configured router ID are absent
during the OSPF Process configuration?
A. The router ID 0.0.0.0 is selected and placed in the OSPF process.
B. No router ID is set, and the OSPF protocol does not run.
C. The highest up/up physical interface IP address is selected as the router ID.
D. The lowest IP address is incremented by 1 and selected as the router ID.
Answer: C
Question 108: Refer to the exhibit.

What is expected when PC_A sends data to PC_B after their initial communication?
A. The source and destination MAC addresses remain the same
B. The switch rewrites the source and destination MAC addresses with its own
C. The source MAC address is changed
D. The destination MAC address is replaced with ffff.ffff.ffff
Answer: A