KEMBAR78
Ccna Dumb | PDF | Network Switch | Computer Network
0% found this document useful (0 votes)
30 views316 pages

Ccna Dumb

Ccna dumb

Uploaded by

reevekill
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
30 views316 pages

Ccna Dumb

Ccna dumb

Uploaded by

reevekill
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 316

QUESTION 1

A network administrator is verifying the configuration of a newly installed host by establishing an


FTP connection to a remote server. What is the highest layer of the protocol stack that the network
administrator is using for this operation?
A. application
B. presentation
C. session
D. transport
E. internet
F. data link

Answer: A

QUESTION 2
A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and
beginning with the lowest layer, drag each procedure on the left to its proper category on the right.

Verify URL Step 1


Verify NIC operation Step 2
Verify IP configuration Step 3
Verify Ethernet cable connection Step 4

Answer:
Step 1 Verify Ethernet cable connection
Step 2 Verify NIC operation
Step 3 Verify IP configuration
Step 4 Verify URL

Explanation: A typical URL (Uniform Resource Locator) could have the form
http://www.sample.com/demo.html

QUESTION 3
Which layer in the OSI reference model is responsible for determining the availability of the
receiving program and checking to see if enough resources exist for that communication?
A. transport
B. network
C. presentation
D. session
E. application
Answer: E
Explanation: For example of the application layer protocol FTP, the FTP server could have a
maximum number of concurrent connections set. When an FTP client initiates a connection with the
FTP server, the FTP server can accept or reject the connection depending on whether the maximum
number of concurrent connections is already reached.

QUESTION 4
A receiving host computes the checksum on a frame and determines that the frame is damaged. The
frame is then discarded. At which OSI layer did this happen?
A. session
B. transport
C. network
D. data link
E. physical

Answer: D

QUESTION 5
Which of the following correctly describe steps in the OSI data encapsulation process? (Choose
two.)
A. The transport layer divides a data stream into segments and may add reliability and flow control
information
B. The data link layer adds physical source and destination addresses and an FCS to the segment
C. Packets are created when the network layer encapsulates a frame with source and destination
host addresses and protocol-related control information
D. Packets are created when the network layer adds Layer 3 addresses and control information to a
segment
E. The presentation layer translates bits into voltages for transmission across the physical link

Answer: A, D
Explanation: Answer B is wrong because ‘segment’ is used instead of ‘packet’.
Answer C is wrong because ‘frame’ is used instead of ‘segment’.
Answer E is wrong because ‘presentation’ is used instead of ‘physical’.

QUESTION 6
Match the terms on the left with the appropriate OSI layer on the right. (Not all options are used.)
bits Network Layer
packets
UDP
IP addresses
segments
MAC addresses Transport Layer
windowing
routing
switching

Answer:
bits Network Layer
packets
IP addresses
routing

MAC addresses Transport Layer


UDP
segments
switching windowing

QUESTION 7
What does a Layer 2 switch use to decide where to forward a received frame?
A. source MAC address
B. source IP address
C. source switch port
D. destination IP address
E. destination port address
F. destination MAC address

Answer: F

QUESTION 8
A network interface port has collision detection and carrier sensing enabled on a shared twisted pair
network. From this statement, what is known about the network interface port?
A. This is a 10 Mb/s switch port
B. This is a 100 Mb/s switch port
C. This is an Ethernet port operating at half duplex
D. This is an Ethernet port operating at full duplex
E. This is a port on a network interface card in a PC

Answer: C

QUESTION 9
In an Ethernet network, under what two scenarios can devices transmit? (Choose two.)
A. when they receive a special token
B. when there is a carrier
C. when they detect no other devices are sending
D. when the medium is idle
E. when the server grants access

Answer: C, D

QUESTION 10
For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)
A. to uniquely identify devices at Layer 2
B. to allow communication with devices on a different network
C. to differentiate a Layer 2 frame from a Layer 3 packet
D. to establish a priority system to determine which device gets to transmit first
E. to allow communication between different devices on the same network
F. to allow detection of a remote device when its physical address is unknown

Answer: A, E

QUESTION 11
Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What
would be the most effective steps to troubleshoot this physical layer problem? (choose three.)
A. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.
B. Ensure that cables A and B are straight-through cables.
C. Ensure cable A is plugged into a trunk port.
D. Ensure that switch has power.
E. Reboot all of the devices.
F. Reseat all cables.

Answer: B, D, F
Explanation: Straight-through cable is used to connect the host into switch. If connected ports on
the switch are not turning orange or green, you should check the cable and the power of switch.

QUESTION 12
Drag the cable type on the left to the purpose for which it is best suited on the right. (Not all options
are used.)

crossover switch access port to router


null modem switch to switch
straight-through PC COM port to switch
rollover
9-25 pin serial

Answer:
switch access port to router straight-through
null modem switch to switch crossover
PC COM port to switch rollover

9-25 pin serial

QUESTION 13
Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4.
What will Switch-1 do with this data?
A. Switch-1 will drop the data because it does not have an entry for that MAC address.
B. Switch-1 will flood the data out all of its ports except the port from which the data originated.
C. Switch-1 will send an ARP request out all its ports except the port from which the data
originated.
D. Switch-1 will forward the data to its default gateway.

Answer: B

QUESTION 14
Why will a switch never learn a broadcast address?
A. Broadcasts only use network layer addressing
B. A broadcast frame is never forwarded by a switch
C. A broadcast address will never be the source address of a frame
D. Broadcast addresses use an incorrect format for the switching table
E. Broadcast frames are never sent to switches

Answer: C

QUESTION 15

How many broadcast domains are shown in the graphic assuming only the default VLAN is
configured on the switches?
A. one
B. two
C. six
D. twelve

Answer: A
Explanation:
There is only one broadcast domain because switches (with default VLAN configuration) and hubs
do not segment broadcast domains.

QUESTION 16
What is the first 24 bits in a MAC address called?
A. NIC
B. BIA
C. OUI
D. VAI

Answer: C
First 24 bits in a MAC address is called OUI (Organizationally Unique Identifier).
Last 24 bits in a MAC address is called VAI (Vendor Assigned Identifier).

QUESTION 17

Refer to the exhibit. Given this output for SwitchC, what should the network administrator's next
action be?
A. Check the trunk encapsulation mode for SwitchC's fa0/1 port
B. Check the duplex mode for SwitchC's fa0/1 port
C. Check the duplex mode for SwitchA's fa0/2 port
D. Check the trunk encapsulation mode for SwitchA's fa0/2 port

Answer: C
Explanation: Duplex mismatch is a situation where the switch is operating at full-duplex and the
connected device is operating at half-duplex, or vice versa. The result of a duplex mismatch may be
extremely slow performance.
For duplex mismatch, the counter values of both CRC (Cyclic Redundancy Check) and input errors
of the full-duplex side would increase (as shown in the diagram of the question). However for the
half-duplex side, the counter value of late collision would increase (as shown below).
SwitchA#show interface fa0/2
FastEthernet0/2 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0019.55e5.1284 (bia 0019.55e5.1284)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
92586 packets input, 40636441 bytes, 0 no buffer
Received 1254 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1253 multicast, 0 pause input
0 input packets with dribble condition detected
93835 packets output, 40751798 bytes, 0 underruns
0 output errors, 16 collisions, 1 interface resets
0 babbles, 886 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SwitchA#
QUESTION 18
Which term describes a spanning-tree network that has all switch ports in either the blocking or
forwarding state?
A. converged
B. redundant
C. provisioned
D. spanned

Answer: A

QUESTION 19
Refer to the exhibit which switch provides the spanning-tree designated port role for the network
segment that services the printers?

A. Switch1
B. Switch2
C. Switch3
D. Switch4

Answer: C

QUESTION 20
Which switch would STP choose to become the root bridge in the selection process?
A. 32768: 11-22-33-44-55-66
B. 32768: 22-33-44-55-66-77
C. 32769: 11-22-33-44-55-65
D. 32769: 22-33-44-55-66-78

Answer: A

QUESTION 21

Refer to the exhibit. Based on the information given, which switch will be elected root bridge and
why?
A. Switch A, because it has the lowest MAC address
B. Switch A, because it is the most centrally located switch
C. Switch B, because it has the highest MAC address
D. Switch C, because it is the most centrally located switch
E. Switch C, because it has the lowest priority
F. Switch D, because it has the highest priority

Answer: E

QUESTION 22

Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the most likely
reason that interface FastEthernet 0/10 is not the root port for VLAN 2?
A. This switch has more than one interface connected to the root network segment in VLAN 2
B. This switch is running RSTP while the elected designated switch is running 802.1d Spanning
Tree
C. This switch interface has a higher path cost to the root bridge than another in the topology
D. This switch has a lower bridge ID for VLAN 2 than the elected designated switch

Answer: C
QUESTION 23
Which two protocols are used by bridges and/or switches to prevent loops in a layer 2 network?
(Choose two.)
A. 802.1d
B. VTP
C. 802.1q
D. STP
E. SAP

Answer: A, D

QUESTION 24

Refer to the topology shown in the exhibit. Which ports will be STP designated ports if all the links
are operating at the same bandwidth? (Choose three.)
A. Switch A – Fa0/0
B. Switch A – Fa0/1
C. Switch B – Fa0/0
D. Switch B – Fa0/1
E. Switch C – Fa0/0
F. Switch C – Fa0/1

Answer: B, C, D

QUESTION 25
Three switches are connected to one another via trunk ports. Assuming the default switch
configuration, which switch is elected as the root bridge for the spanning-tree instance of VLAN 1?
A. the switch with the lowest MAC address
B. the switch with the highest MAC address
C. the switch with the highest IP address
D. the switch with the lowest IP address

Answer: A

QUESTION 26
In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a
switched LAN?
A. during high traffic periods
B. after broken links are re-established
C. when upper-layer protocols require high reliability
D. in an improperly implemented redundant topology
E. when a dual ring topology is in use

Answer: D

QUESTION 27
What value is primarily used to determine which port becomes the root port on each non root switch
in a spanning-tree topology?
A. path cost
B. lowest port MAC address
C. VTP revision number
D. highest port priority number
E. port priority number and MAC address

Answer: A

QUESTION 28
What is one benefit of PVST+?
A. PVST+ allows the root switch location to be optimized per VLAN.
B. PVST+ automatically selects the root bridge location, to provide optimized bandwidth usage.
C. PVST+ reduces the CPU cycles for all the switches in the network.
D. PVST+ supports Layer 3 load balancing without loops.

Answer: A
Explanation: PVST+ (Per VLAN Spanning Tree) can allow you to decide which switch is the root
switch on a per-VLAN basis.

QUESTION 29
The Certkiller LAN consists of 6 switches connected together as shown in the diagram below:
What is the name of the potential problem of this switch setup, and what protocol can prevent its
occurrence. (Select only one answer choice)
A. routing loops, hold down timers
B. switching loops, split horizon
C. routing loops, split horizon
D. switching loops, VTP
E. routing loops, STP
F. switching loops, STP

Answer: F
Explanation: The spanning-Tree Protocol (STP) prevents loops from being formed when switches
are interconnected via multiple paths. Spanning-Tree Protocol implements the 802.1D IEEE
algorithm by exchanging BPDU messages with other switches to detect loops, and then removes the
loop by blocking selected switch interfaces. This algorithm guarantees that there is one and only
one active path between two network devices.

QUESTION 30
Refer to the exhibit. A problem with network connectivity has been observed. It is suspected that the
cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this
cable being disconnected?
A. Host B would not be able to access the server in VLAN9 until the cable is reconnected.
B. Communication between VLAN3 and the other VLANs would be disabled.
C. The transfer of files from Host B to the server in VLAN9 would be significantly slower
D. For less than a minute, Host B would not be able to access the server in VLAN9. Then normal
network function would resume.

Answer: D

QUESTION 31

Refer to the exhibit. Each of these four switches has been configured with a hostname, as well as
being configured to run RSTP. No other configuration changes have been made. Which three of
these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three.)
A. SwitchA, Fa0/2, designated
B. SwitchA, Fa0/1, root
C. SwitchB, Gi0/2, root
D. SwitchB, Gi0/1, designated
E. SwitchC, Fa0/2, root
F. SwitchD, Gi0/2, root

Answer: A, B, F

QUESTION 32
Which port state is introduced by Rapid-PVST?
A. learning
B. listening
C. discarding
D. forwarding

Answer: C

QUESTION 33
Refer to the exhibit. The output that is shown is generated at a switch. Which three of these
statements are true? (Choose three.)

A. All ports will be in a state of discarding, learning, or forwarding


B. Thirty VLANs have been configured on this switch
C. The bridge priority is lower than the default value for spanning tree
D. All interfaces that are shown are on shared media
E. All designated ports are in a forwarding state
F. This switch must be the root bridge for all VLANs on this switch
Answer: A, C, E

QUESTION 34

Refer to the exhibit. Why has this switch not been elected the root bridge forVLAN1?
A. It has more than one interface that is connected to the root network segment
B. It is running RSTP while the elected root bridge is running 802.1d spanning tree
C. It has a higher MAC address than the elected root bridge
D. It has a higher bridge ID than the elected root bridge

Answer: D
Explanation: Bridge ID actually consists of priority number and MAC address. For example, the
Bridge ID of the switch is 32769 + 0008.205e.6600 which is considered to be higher than that of
Root Bridge (i.e. 20481 + 0008.217a.5800).

QUESTION 35
Refer to the exhibit. At the end of an RSTP election process, which access layer switch port will
assume the discarding role?
A. Switch3, port fa0/1
B. Switch3, port fa0/12
C. Switch4, port fa0/11
D. Switch4, port fa0/2
E. Switch3, port Gi0/1
F. Switch3, port Gi0/2

Answer: C
Explanation: If links between Switch1 and Swith2 are 100Mbps, Switch3 port Gi0/2 should be a
designated port and hence not in discarding state.

QUESTION 36
Which two of these statements regarding RSTP are correct? (Choose two.)
A. RSTP cannot operate with PVST +
B. RSTP defines new port roles
C. RSTP defines no new port states
D. RSTP is a proprietary implementation of IEEE 802.1D STP
E. RSTP is compatible with the original IEEE 802.1D STP

Answer: B, E

QUESTION 37
Which command enables RSTP on a switch?
A. spanning-tree mode mst
B. spanning-tree backbonefast
C. spanning-tree mode rapid-pvst
D. spanning-tree uplinkfast

Answer: C

QUESTION 38
At which layer of the OSI model is RSTP used to prevent loops?
A. network
B. transport
C. data link
D. physical

Answer: C

QUESTION 39
Which two states are the port states when RSTP has converged? (Choose two.)
A. forwarding
B. listening
C. learning
D. blocking
E. discarding

Answer: A, E

QUESTION 40
Which three statements about RSTP are true? (Choose three.)
A. RSTP significantly reduces topology reconverging time after a link failure.
B. RSTP expands the STP port roles by adding the alternate and backup roles.
C. RSTP port states are blocking, discarding, learning, or forwarding.
D. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.
E. RSTP also uses the STP proposal-agreement sequence.
F. RSTP uses the same timer-based process as STP on point-to-point links.

Answer: A, B, D

QUESTION 41
You wish to increase the security of all of the routers within your network. What can be done to
secure the virtual terminal interfaces on a router? (Choose two)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group
command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class
command.

Answer: D, E
Explanation:
Virtual terminal lines in a Cisco router are used for remote access into the device via telnet.
Configuring these interfaces correctly with a login and password information can be used for
security, as each user will be prompted for a password in order to obtain access. A second method is
to use the "access-class" command. Combined with an access list, this command can be used to
specify the hosts or networks that will be allowed access to the device.

QUESTION 42
A network administrator needs to allow only one Telnet connection to a router. For anyone viewing
the configuration and issuing the show run command, the password for Telnet access should be
encrypted. Which set of commands will accomplish this task?
A. service password-encryption
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4
login
password cisco
access-class 1
B. enable password secret
line vty 0
login
password cisco
C. service password-encryption
line vty 0
login
password cisco
D. service password-encryption
line vty 0 4
login
password cisco

Answer: C
QUESTION 43
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing
exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router

Answer: B

QUESTION 44
Which command encrypts all plaintext passwords?
A. Router# service password-encryption
B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption

Answer: C

QUESTION 45

Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router.
What is the cause of this failure?
A. A Level 5 password is not set.
B. The console password is missing.
C. The vty password is missing.
D. An ACL is blocking Telnet access.

Answer: C

QUESTION 46
What is the effect of using the service password-encryption command?
A. Only the enable password will be encrypted
B. Only the enable secret password will be encrypted
C. Only passwords configured after the command has been entered will be encrypted
D. It will encrypt the secret password and remove the enable secret password from the configuration
E. It will encrypt all current and future passwords

Answer: E

QUESTION 47
The network administrator cannot connect to Switch1 over a Telnet session, although the hosts
attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic
and assuming that the router and Switch2 are configured properly, which of the following
commands should be issued on Switch1 to correct this problem?
A. Switch1(config)# line con0
Switch1(config-line)# password cisco
Switch1(config-line)#login
B. Switch1(config)# interface fa0/1
Switch1(config-if)# ip address 192.168.24.3 255.255.255.0
C. Switch1(config)# ip default-gateway 192.168.24.1
D. Switch1(config)# interface fa0/1
Switch1(config-if)# duplex full
Switch1(config-if)# speed 100
E. Switch1(config)# interface fa0/1
Switch1(config-if)# switchport mode trunk

Answer: C

QUESTION 48

Refer to the exhibit. A technician has installed SwitchB and needs to configure it for remote access
from the management workstation connected to SwitchA. Which set of commands is required to
accomplish this task?
A. SwitchB(config)# interface FastEthernet 0/1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown
B. SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# ip default-gateway 192.168.8.254 255.255.255.0
SwitchB(config-if)# no shutdown
C. SwitchB(config)# ip default-gateway 192.168.8.254
SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown
D. SwitchB(config)# ip default-network 192.168.8.254
SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown
E. SwitchB(config)# ip route 192.168.8.254 255.255.255.0
SwitchB(config)# interface FastEthernet0/1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown

Answer: C

QUESTION 49
Which two benefits are provided by creating VLANs? (Choose two.)
A. added security
B. dedicated bandwidth
C. provides segmentation
D. allows switches to route traffic between subinterfaces
E. contains collisions

Answer: A, C
Explanation: The division of a LAN into different broadcast domains is a kind of segmentation.

QUESTION 50
A switch is configured with all ports assigned to vlan 2 with full duplex FastEthernet to segment
existing departmental traffic. What is the effect of adding switch ports to a new VLAN on the
switch?
A. More collision domains will be created.
B. IP address utilization will be more efficient.
C. More bandwidth will be required than was needed previously.
D. An additional broadcast domain will be created.

Answer: D

QUESTION 51
Which of the following are true statements regarding the use of VLANs to segment a network?
(Select three.)
A. They increase the size of collision domains
B. They allow logical grouping of users by function.
C. They can enhance network security.
D. They increase the size of the broadcast domain while decreasing the number of collision
domains.
E. They increase the number of broadcast domains while decreasing the size of the broadcast
domains.
F. They simplify switch administration.
Answer: B, C, E
Explanation:
VLANs are used to segment a LAN into multiple, smaller LANs. This can be used to enhance
security as local traffic from one VLAN will not be passed to users in other VLANs.

QUESTION 52
Which statement about VLAN operation on Cisco Catalyst switches is true?
A. Ports between switches should be configured in access mode so that VLANs can span across the
ports.
B. Unknown unicast frames are retransmitted only to the ports that belong to the same VLAN.
C. Broadcast and multicast frames are retransmitted to ports that are configured on different VLAN.
D. When a packet is received from an 802.1Q trunk, the VLAN ID can be determined from the
source MAC address and the MAC address table.

Answer: B

QUESTION 53
What are three benefits of implementing VLANs? (Choose three.)
A. VLANs make it easier for IT staff to configure new logical groups, because the VLANs all
belong to the same broadcast domain.
B. A more efficient use of bandwidth can be achieved allowing many physical groups to use the
same network infrastructure.
C. Port-based VLANs increase switch-port use efficiency, thanks to 802.1Q trunks.
D. A higher level of network security can be reached by separating sensitive data traffic from other
network traffic.
E. A more efficient use of bandwidth can be achieved allowing many logical networks to use the
same network infrastructure.
F. Broadcast storms can be mitigated by decreasing the number of broadcast domains, thus
increasing their size.
G. Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing
their size.

Answer: D, E, G

QUESTION 54
VLAN 3 is not yet configured on your switch. What happens if you set the switchport access vlan 3
command in interface configuration mode?
A. The command is rejected.
B. The command is accepted and you must configure the VLAN manually.
C. The port turns amber.
D. The command is accepted and the respective VLANs added to vlan.dat.

Answer: D

QUESTION 55
What are three advantages of VLANs? (Choose three.)
A. VLANs establish broadcast domains in switched networks
B. VLANs utilize packet filtering to enhance network security
C. VLANs provide a method of conserving IP addresses in large networks
D. VLANs provide a low-latency internetworking alternative to routed networks
E. VLANs allow access to network services based on department, not physical location
F. VLANs can greatly simplify adding, moving, or changing hosts on the network

Answer: A, E, F

QUESTION 56
A frame on VLAN 1 on switch S1 is sent to switch S2 where the frame is received on VLAN 2.
What causes this behavior?
A. trunk mode mismatches
B. allowing only VLAN 2 on the destination
C. native VLAN mismatches
D. VLANs that do not correspond to a unique IP subnet

Answer: C

QUESTION 57
Which two commands can be used to verify a trunk link configuration status on a given Cisco
switch interface? (Choose two.)
A. show interface trunk
B. show interface interface
C. show ip interface brief
D. show interface vlan
E. show interface switchport

Answer: A, E

QUESTION 58

Refer to the exhibit. Switch port FastEthernet 0/24 on ALSwitch1 will be used to create an IEEE
802.1Q-cornpliant trunk to another switch. Based on the output shown, what is the reason the trunk
does not form, even though the proper cabling has been attached?
A. VLANs have not been created yet
B. An IP address must be configured for the port
C. The port is currently configured for access mode
D. The correct encapsulation type has not been configured
E. The no shutdown command has not been entered for the port

Answer: C
QUESTION 59

Refer to the topology and router output shown in the exhibit. A technician is troubleshooting host
connectivity issues on the switches. The hosts in VLANs 10 and 15 on Sw11 are unable to
communicate with hosts in the same VLANs on Sw12. Hosts in the Admin VLAN are able to
communicate. The port-to-VLAN assignments are identical on the two switches. What could be the
problem?
A. The Fa0/1 port is not operational on one of the switches
B. The link connecting the switches has not been configured as a trunk
C. At least one port needs to be configured in VLAN 1 for VLANs 10 and 15 to be able to
communicate
D. Port FastEthernet 0/1 needs to be configured as an access link on both switches
E. A router is required for hosts on SW11 in VLANs 10 and 15 to communicate with hosts in the
same VLAN on Sw12

Answer: B

QUESTION 60
Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports FA0/13. An
802.1Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but
on CAT2 the native VLAN is not specified.
What will happen in this scenario?
A. 802.1Q giants frames could saturate the link
B. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send untagged frames
C. A native VLAN mismatch error message will appear
D. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send tagged frames

Answer: C

QUESTION 61
Which three of these statements regarding 802.1Q trunking are correct? (Choose three.)
A. 802.1Q native VLAN frames are untagged by default
B. 802.1Q trunking ports can also be secure ports
C. 802.1Q trunks can use 10 Mb/s Ethernet interfaces
D. 802.1Q trunks require full-duplex, point-to-point connectivity
E. 802.1Q trunks should have native VLANs that are the same at both ends

Answer: A, C, E

QUESTION 62
Which two link protocols are used to carry multiple VLANs over a single link? (Choose two.)
A. VTP
B. 802.1q
C. IGP
D. ISL
E. 802.3u

Answer: B, D

QUESTION 63
Refer to the exhibit. All switch ports are assigned to the correct VLANs, but none of the hosts
connected to SwitchA can communicate with hosts in the same VLAN connected to SwitchB.
Based on the output shown, what is the most likely problem?
A. The access link needs to be configured in multiple VLANs.
B. The link between the switches is configured in the wrong VLAN.
C. The link between the switches needs to be configured as a trunk.
D. VTP is not configured to carry VLAN information between the switches.
E. Switch IP addresses must be configured in order for traffic to be forwarded between the switches.

Answer: C

QUESTION 64
What are the possible trunking modes for a switch port? (Choose three.)
A. transparent
B. auto
C. on
D. desirable
E. client
F. forwarding

Answer: B, C, D

QUESTION 65
Refer to the exhibit. Which two statements are true of the interfaces on Switch1? (Choose two.)
A. Multiple devices are connected directly to FastEthernet0/1
B. A hub is connected directly to FastEthernet 0/5
C. FastEthernet0/1 is connected to a host with multiple network interface cards
D. FastEthernet0/5 has statically assigned MAC addresses
E. FastEthernet0/1is configured as a trunk link
F. Interface FastEthernet0/2 has been disabled

Answer: B, E

QUESTION 66
What is the function of the command switchport trunk native vlan 999 on a Cisco Catalyst switch?
A. It creates a VLAN 999 interface
B. It designates VLAN 999 for untagged traffic
C. It blocks VLAN 999 traffic from passing on the trunk
D. It designates VLAN 999 as the default for all unknown tagged traffic

Answer: B
QUESTION 67
Which IEEE standard protocol is initiated as a result of successful DTP completion in a switch over
Fast Ethernet?
A. 802.3ad
B. 802.1Q
C. 802.1D
D. 802.1w

Answer: B

QUESTION 68

How should the FastEthernet0/1 ports on the 2950 model switches that are shown in the exhibit be
configured to allow connectivity between all devices?
A. The ports only need to be connected by a crossover cable.
B. SwitchX(config)# interface fastethernet 0/1
SwitchX(config-if)# switchport mode trunk
C. SwitchX(config)# interface fastethernet 0/1
SwitchX(config-if)# switchport mode access
SwitchX(config-if)# switchport access vlan 1
D. SwitchX(config)# interface fastethernet 0/1
SwitchX(config-if)# switchport mode trunk
SwitchX(config-if)# switchport trunk vlan 1
SwitchX(config-if)# switchport trunk vlan 10
SwitchX(config-if)# switchport trunk vlan 20

Answer: A

QUESTION 69
Refer to the exhibit. The network administrator normally establishes a Telnet session with the
switch from host A. However, host A is unavailable. The administrator's attempt to telnet to the
switch from host B fails, but pings to the other two hosts are successful. What is the issue?

A. Host B and the switch need to be in the same subnet


B. The switch interface connected to the router is down
C. Host B needs to be assigned an IP address in VLA.N 1
D. The switch needs an appropriate default gateway assigned
E. The switch interfaces need the appropriate IP addresses assigned

Answer: D

QUESTION 70
A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network.
How can you accomplish this task, using the fewest physical interfaces and without decreasing
network performance?
A. Use a hub to connect the four VLANs with a Fast Ethernet interface on the router.
B. Add a second router to handle the VLAN traffic.
C. Add two more Fast Ethernet interfaces.
D. Implement a router-on-a-stick configuration.

Answer: D

QUESTION 71
Refer to the exhibit. What commands must be configured on the 2950 switch and the router to allow
communication between host 1 and host 2? (Choose two.)
A. Router(config)# interface fastethernet 0/0
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# no shutdown
B. Router(config)# interface fastethernet 0/0
Router(config-if)# no shutdown
Router(config)# interface fastethernet 0/0.1
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config)# interface fastethernet 0/0.2
Router(config-subif)# encapsulation dot1q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
C. Router(config)# router eigrp 100
Router(config-router)# network 192.168.10.0
Router(config-router)# network 192.168.20.0
D. Switch1(config)# vlan database
Switch1(config-vlan)# vtp domain XYZ
Switch1(config-vlan)# vtp server
E. Switch1(config)# interface fastethernet 0/1
Switch1(config-if)# switchport mode trunk
F. Switch1(config)# interface vlan 1
Switch1(config-if)# ip default-gateway 192.168.1.1

Answer: B, E

QUESTION 72
Refer to the exhibit. C-router is to be used as a "router-on-a-stick "to route between the VLANs. All
the interfaces have been properly configured and IP routing is operational. The hosts in the VLANs
have been configured with the appropriate default gateway. What can be said about this
configuration?
A. These commands need to be added to the configuration:
C-router(config)# router eigrp 123
C-router(config-router)# network 172.19.0.0
B. These commands need to be added to the configuration:
C-router(config)# router ospf1
C-router(config-router)# network 172.19.0.0 0.0.3.255 area 0
C. These commands need to be added to the configuration:
C-router(config)# router rip
C-router(config-router)# network 172.19.0.0
D. No further routing configuration is required

Answer: D

QUESTION 73
On corporate network, hosts on the same VLAN can communicate with each other, but they are
unable to communicate with hosts on different VLANs. What is needed to allow communication
between the VLANs?
A. A router with subinterfaces configured on the physical interface that is connected to the switch
B. A router with an IP address on the physical interface connected to the switch.
C. A switch with an access link that is configured between the switches.
D. A switch with a trunk link that is configured between the switches.

Answer: A

QUESTION 74
Refer to the exhibit. Which two statements are true about InterVLAN routing in the topology that is
shown in the exhibit? (Choose two.)
A. Host E and host F use the same IP gateway address
B. Router1 and Switch2 should be connected via a crossover cable
C. Router1 will not play a role in communications between host A and host D
D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces
E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit
F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the
same encapsulation type

Answer: D, F

QUESTION 75
Which three elements must be used when you configure a router interface for VLAN trunking?
(Choose three.)
A. one physical interface for each subinterface
B. one subinterface per VLAN
C. subinterface encapsulation identifiers that match VLAN tags
D. subinterface numbering that matches VLAN tags
E. a management domain for each subinterface
F. one IP network or subinternetwork for each subinterface

Answer: B, C, F
Explanation: Answer D is wrong because subinterface number is not necessary to match VLAN tag.
For example, the following is a correct combination that configures the subinterface number 1 to
have an encapsulation identifier 2 (in other words, data frames sending out from subinterface
number 1 will be inserted ISL tag with VLAN ID number 2):
int f0/0.1
encapsulation isl 2
QUESTION 76

Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950 Switch.

2950Switch(config-if)# switchport port-security


2950Switch(config-if)# switchport port-security mac-address sticky
2950Switch(config-if)# switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when
this frame is received by 2950 Switch? (Choose two.)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF
B. Only host A will be allowed to transmit frames on fa0/1
C. This frame will be discarded when it is received by 2950 Switch
D. All frames arriving on 2950 Switch with a destination of 0000.00aa.aaaa will be forwarded out
fa0/1
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be
forwarded out fa0/1
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950 Switch, will be
forwarded out fa0/1

Answer: B, D

QUESTION 77
Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1

Answer: C

QUESTION 78

Refer to the exhibit. A junior network administrator was given the task of configuring port security
on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other
device is detected, the port is to drop frames from this device. The administrator configured the
interface and tested it with successful pings from PC_A to RouterA, and then observes the output
from these two show commands.
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)
A. Port security needs to be globally enabled
B. Port security needs to be enabled on the interface
C. Port security needs to be configured to shut down the interface in the event of a violation
D. Port security needs to be configured to allow only one learned MAC address
E. Port security interface counters need to be cleared before using the show command
F. The port security configuration needs to be saved to NVRAM before it can become active
Answer: B, D

QUESTION 79
Select the action that results from executing these commands.
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file
B. A dynamically learned MAC address is saved in the running-configuration file
C. A dynamically learned MAC address is saved in the VLAN database
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from
that address are received
E. Statically configured MAC addresses are saved in the running-configuration file if frames from
that address are received

Answer: B

QUESTION 80
Which two commands correctly verify whether port security has been configured on port
FastEthernet 0/12 on a switch? (Choose two.)
A. SW1#show port-secure interface FastEthernet 0/12
B. SW1#show port-security interface FastEthernet 0/12
C. SW1#show running-config
D. SW1#show switchport port-security interface FastEthernet 0/12
E. SW1#show switchport port-secure interface FastEthernet 0/12

Answer: B, C

QUESTION 81
A network administrator needs to configure port security on a switch. Which two statements are
true? (Choose two.)
A. The network administrator can apply port security to EtherChannels.
B. When dynamic MAC address learning is enabled on an interface, the switch can learn new
addresses, up to the maximum defined.
C. The network administrator can configure static secure or sticky secure MAC addresses in the
voice VLAN.
D. The sticky learning feature allows the addition of dynamically learned addresses to the running
configuration.
E. The network administrator can apply port security to dynamic access ports.

Answer: B, D

QUESTION 82

Refer to the exhibit. Which subnet mask will place all hosts on Network B in the same subnet with
the least amount of wasted addresses?
A. 255.255.255.0
B. 255.255.254.0
C. 255.255.252.0
D. 255.255.248.0

Answer: B

QUESTION 83
Which subnetmask would be appropriate for a network address range to be subnetted for up to eight
LANs, with each LAN containing 5 to 26 hosts?
A. 0.0.0.240
B. 255.255.255.252
C. 255.255.255.0
D. 255.255.255.224
E. 255.255.255.240

Answer: D

QUESTION 84
Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)
A. With a network wide mask of 255.255.255.128, each interface does not require an IP address
B. With a network wide mask of 255.255.255.128, each interface does require an IP address on a
unique IP subnet
C. With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to
communicate with each other
D. With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to
communicate with each other
E. With a network wide mask of 255.255.254.0, each interface does not require an IP address

Answer: B, D, E
Explanation: For the case of /24 netmask (i.e. 255.255.255.0), PC 10.1.0.36/24 and PC 10.1.1.70/24
are in different IP subnets. A layer 3 device (e.g. router) should be placed in between and each
interface of the layer 3 device requires an IP address on a unique IP subnet.
For the case of /25 netmask (i.e. 255.255.255.128), PC 10.1.0.36/25 and PC 10.1.1.70/25 are in
different IP subnets. A layer 3 device (e.g. router) should be placed in between and each interface of
the layer 3 device requires an IP address on a unique IP subnet.
For the case of /23 netmask (i.e. 255.255.254.0), PC 10.1.0.36/23 and PC 10.1.1.70/23 are in the
same IP subnet. A layer 2 device (e.g. switch) or a layer 1 device (e.g. hub) should be placed in
between, and hence each interface of the layer 2 device or layer 1 device does not require an IP
address.

QUESTION 85
A national retail chain needs to design an IP addressing scheme to support a nationwide network.
The company needs a minimum of 300 sub-networks and a maximum of 50 host addresses per
subnet. Working with only one Class B address, which of the following subnet masks will support
an appropriate addressing scheme? (Choose two.)
A. 255.255.255.0
B. 255.255.255.128
C. 255.255.252.0
D. 255.255.255.224
E. 255.255.255.192
F. 255.255.248.0

Answer: B, E

QUESTION 86

Refer to the exhibit. A network technician is asked to design a small network with redundancy. The
exhibit represents this design, with all hosts configured in the same VLAN. What conclusions can
be made about this design?
A. This design will function as intended
B. Spanning-tree will need to be used
C. The router will not accept the addressing scheme
D. The connection between switches should be a trunk
E. The router interfaces must be encapsulated with the 802.1Q protocol

Answer: C

QUESTION 87
Which of the following addresses can be assigned to a host when using a subnet mask of
255.255.254.0? (Select three)

A. 113.10.4.0
B. 186.54.3.0
C. 175.33.3.255
D. 26.35.2.255
E. 152.135.7.0
F. 17.35.36.0

Answer: B, D, E
Explanation: Subnet Mask = 255.255.254.0 = 11111111.11111111.11111110.00000000
The use of the above subnet mask implies that the last 9 bits of an IP address are host bits.
To be assigned to a host, host bits of an IP address cannot be all 0’s or all 1’s.

QUESTION 88

Refer to the exhibit. All of the routers in the network are configured with the ip subnet-zero
command. Which network addresses should be used for Link A and Network A? (Choose two.)
A. Network A – 172.16.3.48/26
B. Network A – 172.16.3.128/25
C. Network A – 172.16.3.192/26
D. Link A – 172.16.3.0/30
E. Link A – 172.16.3.40/30
F. Link A – 172.16.3.112/30

Answer: B, D
Explanation: The command “ip subnet-zero” allows the use of subnet 0. Actually, the use of subnet
0 is allowed by default even without typing the command “ip subnet-zero”.

QUESTION 89
The network shown in the exhibit is experiencing connectivity problems. Which of the following
will correct the problems? Select two.
A. Configure the gateway on Certkiller A as 10.1.1.1.
B. Configure the gateway on Certkiller B as 10.1.2.254.
C. Configure the IP address of Certkiller A as 10.1.2.2.
D. Configure the IP address of Certkiller B as 10.1.2.2.
E. Configure the masks on both hosts to be 255.255.255.224.
F. Configure the masks on both hosts to be 255.255.255.240.

Answer: B, D

QUESTION 90
Refer to the exhibit. A network administrator is adding two new hosts to Switch A. Which three
values could be used for the configuration of these hosts? (Choose three.)

A. host A IP address: 192.168.1.79


B. host A IP address: 192.168.1.64
C. host A default gateway: 192.168.1.78
D. host B IP address: 192.168.1.128
E. host B default gateway: 192.168.1.129
F. host B IP address: 192.168.1.190

Answer: A, C, F

QUESTION 91
A Certkiller remote office branch is set up as shown in the diagram below:

All of the hosts in the above exhibit are connected with each other via the single Catalyst
switch. Which of the following statements correctly describe the addressing scheme of this
network? (Select three)
A. The subnet mask in use is 255.255.255.192.
B. The subnet mask in use is 255.255.255.128.
C. The IP address 172.16.1.25 can be assigned to hosts in VLAN1.
D. The IP address 172.16.1.205 can be assigned to hosts in VLAN1
E. The LAN interface of the router is configured with one IP address.
F. The LAN interface of the router is configured with multiple IP addresses.

Answer: B, C, F
Explanation: Based on the diagram above, the subnet mask used for each VLAN is
255.255.255.128. This means that hosts in VLAN 1 will be addressed 172.16.1.1-172.16.1.126.
Hosts in VLAN 2 will be addressed 172.16.1.129-172.16.1.254. Because there is only one LAN
interface on the router, sub interfaces will be used, so the router's LAN interface will be configured
with two IP addresses, one for VLAN 1 and one for VLAN 2.

QUESTION 92
You are working in a data center environment and are assigned the address range 10.188.31.0/23.
You are asked to develop an IP addressing plan to allow the maximum number of subnets with as
many as 30 hosts each. Which IP address range meets these requirements?
A. 10.188.31.0/27
B. 10.188.31.0/29
C. 10.188.31.0/26
D. 10.188.31.0/25
E. 10.188.31.0/28

Answer: A
QUESTION 93
You have been asked to come up with a subnet mask that will allow all three web servers to be on
the same network while providing the maximum number of subnets. Which network address and
subnet mask meet this requirement?
A. 192.168.252.16 255.255.255.252
B. 192.168.252.8 255.255.255.252
C. 192.168.252.8 255.255.255.248
D. 192.168.252.0 255.255.255.252
E. 192.168.252.16 255.255.255.240

Answer: C

QUESTION 94
Given an IP address 172.16.28.252 with a subnet mask of 255.255.240.0, what is the correct
network address?
A. 172.16.0.0
B. 172.16.16.0
C. 172.16.24.0
D. 172.16.28.0

Answer: B

QUESTION 95

Refer to the exhibit. A new subnet with 60 hosts has been added to the network.. Which subnet
address should this network use to provide enough usable addresses while wasting the fewest
addresses?
A. 192.168.1.56/26
B. 192.168.1.56/27
C. 192.168.1.64/26
D. 192.168.1.64/27

Answer: C
QUESTION 96

Refer to the exhibit. HostA cannot ping HostB. Assuming routing is properly configured, what
could be the cause of this problem?
A. HostA is not on the same subnet as its default gateway.
B. The address of SwitchA is a subnet address.
C. The Fa0/0 interface on RouterA is on a subnet that can’t be used.
D. The serial interfaces of the routers are not on the same subnet.
E. The Fa0/0 interface on RouterB is using a broadcast address.

Answer: D

QUESTION 97
The network administrator is asked to configure 113 point-to-point links. Which IP addressing
scheme best defines the address range and subnet mask that meet the requirement and waste the
fewest subnet and host addresses?
A. 10.10.0.0/16 subnetted with mask 255.255.255.252
B. 10.10.1.0/24 subnetted with mask 255.255.255.252
C. 10.10.0.0/18 subnetted with mask 255.255.255.252
D. 10.10.0.0/23 subnetted with mask 255.255.255.252
E. 10.10.1.0/25 subnetted with mask 255.255.255.252

Answer: D
Explanation: Answer D can provide the following subnets that meet the requirement and waste the
fewest subnet and host addresses:
10.10.0.0/30
10.10.0.4/30
10.10.0.8/30
:
:
10.10.1.244/30
10.10.1.248/30
10.10.1.252/30
For faster calculation:
230-A >= 113
A <= 23
In order to waste fewest subnet addresses, A should be 23.

QUESTION 98
An administrator must assign static IP addresses to the servers in a network. For network
192.168.20.24/29, the router is assigned the first usable host address while the sales server is given
the last usable host address. Which of the following should be entered into the IP properties box for
the sales server?

A. IP address: 192.168.20.30
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.20.25
B. IP address: 192.168.20.30
Subnet Mask: 255.255.255.240
Default Gateway: 192.168.20.17
C. IP address: 192.168.20.30
Subnet Mask: 255.255.255.248
Default Gateway: 192.168.20.25
D. IP address: 192.168.20.254
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.20.1
E. IP address: 192.168.20.14
Subnet Mask: 255.255.255.248
Default Gateway: 192.168.20.9

Answer: C

QUESTION 99
Refer to the exhibit. PC_1 is exchanging packets with the FTP server. Consider the packets as they
leave RouterB interface Fa0/1 towards RouterA. Drag the correct frame and packet addresses to
their place in the table.
Answer:

QUESTION 100
Which destination addresses will be used by Host A to send data to Host C? (Choose two.)
A. the IP address of Switch 1
B. the MAC address of Switch 1
C. the IP address of Host C
D. the MAC address of Host C
E. the IP address of the router’s E0 interface
F. the MAC address of the router’s E0 interface

Answer: C, F

QUESTION 101

Refer to the graphic. Host A is communicating with the server. What will be the source MAC
address of the frames received by Host A from the server?

A. the MAC address of router interface e0


B. the MAC address of router interface e1
C. the MAC address of the server network interface
D. the MAC address of host A

Answer: A
QUESTION 102

Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to
support this transmission?
A. Interface Address: 192.168.4.7
Physical Address: 000f.2480.8916
Type: dynamic
B. Interface Address: 192.168.4.7
Physical Address: 0010.5a0c.feae
Type: dynamic
C. Interface Address: 192.168.6.1
Physical Address: 0010.5a0c.feae
Type: dynamic
D. Interface Address: 192.168.6.1
Physical Address: 000f.2480.8916
Type: dynamic
E. Interface Address: 192.168.6.2
Physical Address: 0010.5a0c.feae
Type: dynamic
F. Interface Address: 192.168.6.2
Physical Address: 000f.2485.8918
Type: dynamic

Answer: D

QUESTION 103
Exhibit:
Study the Exhibit carefully. What will Router Certkiller A do when it receives the data frame
shown? (Choose three.)
A. Router Certkiller A will strip off the source MAC address and replace it with the MAC address
0000.0c36.6965
B. Router Certkiller A will strip off the source IP address and replace it with the IP address
192.168.40.1
C. Router Certkiller A will strip off the destination MAC address and replace it with the MAC
address 0000.0c07 .4320
D. Router Certkiller A will strip off the destination IP address and replace it with the IP address of
192.168.40.1
E. Router Certkiller A will forward the data packet out interface FastEthernet0/1

F. Router Certkiller A will forward the data packet out interface FastEthernet0/2

Answer: A, C, F

QUESTION 104
Which command would you use on a Cisco router to verify the Layer 3 path to a host?
A. tracert address
B. traceroute address
C. telnet address
D. ssh address

Answer: B

QUESTION 105
Three different Certkiller routers are connected as shown below:

Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down.


Which of the following are true? (Choose two)
A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
B. Router C will use ICMP to inform Router B that Host 2 cannot be reached.
C. Router C will use ICMP to inform Host 1, Router A, and Router B that
Host 2 cannot be reached.
D. Router C will send a Destination Unreachable message type.
E. Router C will send a Router Selection message type.
F. Router C will send a Source Quench message type.

Answer: A. D
Explanation:
When a packet reaches a router that is destined for a network that is not in the routing table or for a
network that is down, the router will send an ICMP destination unreachable message back to the
sender. This informs the sending station that the packet could not be forwarded to the destination,
and this information will be sent to the sending station, not to the router.

QUESTION 106
Refer to the exhibit. A network administrator attempts to ping Host2 from Host1 and receives the
results that are shown. What is a possible problem?

A. The link between Host1 and Switch1 is down


B. TCP/IP is not functioning on Host1
C. The link between Router1 and Router2 is down
D. The default gateway on Host1 is incorrect
E. Interface Fa0/0 on Router1 is shutdown
F. The link between Switch1 and Router1 is down

Answer: C

QUESTION 107
Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as
shown. At which OSI layer is the problem?
A. data link layer
B. application layer
C. access layer
D. session layer
E. network layer

Answer: E

QUESTION 108
Which command can be used from a PC to verify the connectivity between hosts that connect
through a switch in the same LAN?
A. arp address
B. traceroute address
C. ping address
D. tracert address

Answer: C

QUESTION 109
Refer to the exhibit. Host A pings interface S0/0 on router 3. What is the TTL values for that ping
when entering router 3 S0/0?
A. 252
B. 255
C. 254
D. 253

Answer: D
Explanation: Some PC operating systems use default TTL value of 255 while some others use 128
or 64.

QUESTION 110

Refer to the exhibit. Which of these statements correctly describes the state of the switch once the
boot process has been completed?
A. As FastEthernet0/12 will be the last to come up, it will be blocked by STP
B. Remote access management of this switch will not be possible without configuration change
C. More VLANs will need to be created for this switch
D. The switch will need a different IOS code in order to support VLANs and STP

Answer: B
Explanation: It is because ‘shutdown’ is under ‘interface vlan 1’ as indicated by ‘Interface Vlan1,
changed state to administratively down’.

QUESTION 111
Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that
is shown? (Choose two.)

A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server
B. Router1 is acting as a TFTP server for other routers
C. Router1 cannot locate a valid IOS image in flash memory
D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server
E. Cisco routers will first attempt to load an image from TFTP for management purposes

Answer: A, C

QUESTION 112
Refer to the exhibit. Assuming that the entire network topology is shown, what is the operational
status of the interfaces of R2 as indicated by the command output?
A. One interface has a problem.
B. Two interfaces have problems.
C. The interfaces are functioning correctly.
D. The operational status of the interfaces cannot be determined from the output shown.

Answer: A

QUESTION 113
Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from the TFTP
server?

A. The router cannot verify that the Cisco IOS image currently in flash is valid
B. Flash memory on Cisco routers can contain only a single IOS image
C. Erasing current flash content is requested during the copy dialog
D. In order for the router to use the new image as the default, it must be the only IOS image in
flash

Answer: C
QUESTION 114

Refer to the exhibit. A network administrator configures a new router and enters the copy startup-
config running-config command on the router. The network administrator powers down the router
and sets it up at a remote location. When the router starts, it enters the system configuration dialog
as shown. What is the cause of the problem?

A. The network administrator failed to save the configuration


B. The configuration register is set to 0x2100.
C. The boot system flash command is missing from the configuration
D. The configuration register is set to 0x2102.
E. The router is configured with the boot system startup command.

Answer: A
Explanation: The correct command to save the configuration is “copy running-config startup-
config”.

QUESTION 115
Which command reveals the last method used to powercycle a router?
A. show reload
B. show boot
C. show running-config
D. show version

Answer: D

QUESTION 116
Before installing a new, upgraded version of the IOS, what should be checked on the router, and
which command should be used to gather this information? (Choose two.)
A. the amount of available ROM
B. the amount of available flash and RAM memory
C. the version of the bootstrap software present on the router
D. show version
E. show processes
F. show running-config

Answer: B, D

QUESTION 117
Refer to the exhibit. The technician wants to upload a new IOS in the router while keeping the
existing IOS. What is the maximum size of an IOS file that could be loaded if the original IOS is
also kept in flash?
A. 3MB
B. 4MB
C. 5MB
D. 7MB
E. 8MB

Answer: B

QUESTION 118

Refer to the exhibit. What can be determined about the router from the console output?
A. No configuration file was found in NVRAM
B. No configuration file was found in flash
C. No configuration file was found in the PCMCIA card
D. Configuration file is normal and will load in 15 seconds

Answer: A

QUESTION 119
Which two locations can be configured as a source for the IOS image in the boot system command?
(Choose two.)
A. RAM
B. NVRAM
C. flash memory
D. HTTP server
E. TFTP server
F. Telnet server

Answer: C, E

QUESTION 120
Refer to the exhibit. Complete this network diagram by dragging the correct device name or
description to the correct location. Not all the names or descriptions will be used.

Answer:

Explanation: Digital line uses the following signal type format:

QUESTION 121
Router# show interface s0/0/0
Serial 0/0/0 is administratively down, line protocol is down
Refer to the above. What is the reason that the interface status is “administratively down, line
protocol down”?
A. The interface is not receiving any keepalives.
B. The wrong type of cable is connected to the interface
C. The interface needs to be configured as a DTE device.
D. There is no encapsulation type configured.
E. There is a mismatch in encapsulation types.
F. The interface has been configured with the shutdown command.

Answer: F

QUESTION 122
Routing has been configured on the local router with these commands:
Local(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
Local(config)# ip route 10.1.0.0 255.255.255.0 192.168.2.2
Local(config)# ip route 10.1.0.0 255.255.0.0 192.168.3.3
Drag each destination IP address on the left to its correct next hop address on the right.

10.1.1.10 Next hop 192.168.1.1

10.1.0.14

10.2.1.3 Next hop 192.168.2.2

10.1.4.6

10.1.0.123 Next hop 192.168.3.3

10.6.8.4

Answer:
Next hop 192.168.1.1
10.2.1.3
10.6.8.4

Next hop 192.168.2.2


10.1.0.14
10.1.0.123

Next hop 192.168.3.3


10.1.1.10
10.1.4.6

QUESTION 123
Refer to the exhibit. According to the routing table, where will the router send a packet destined for
10.1.5.65?
A. 10.1.1.2
B. 10.1.2.2
C. 10.1.3.3
D. 10.1.4.4

Answer: C

QUESTION 124

Refer to the exhibit. The network administrator must establish a route by which London
workstations can forward traffic to the Manchester workstations. What is the simplest way to
accomplish this?
A. Configure a dynamic routing protocol on London to advertise all routes to Manchester.
B. Configure a dynamic routing protocol on London to advertise summarized routes to Manchester.
C. Configure a dynamic routing protocol on Manchester to advertise a default route to the London
router.
D. Configure a static default route on London with a next hop of 10.1.1.1.
E. Configure a static route on London to direct all traffic destined for 172.16.0.0/22 to 10.1.1.2.
F. Configure Manchester to advertise a static default route to London.

Answer: E

QUESTION 125

Refer to the graphic. A static route to the 10.5.6.0/24 network is to be configured on the HFD router.
Which commands will accomplish this? (Choose two.)
A. HFD(config)# ip route 10.5.6.0 0.0.0.255 fa0/0
B. HFD(config)# ip route 10.5.6.0 0.0.0.255 10.5.4.6
C. HFD(config)# ip route 10.5.6.0 255.255.255.0 fa0/0
D. HFD(config)# ip route 10.5.6.0 255.255.255.0 10.5.4.6
E. HFD(config)# ip route 10.5.4.6 0.0.0.255 10.5.6.0
F. HFD(config)# ip route 10.5.4.6 255.255.255.0 10.5.6.0

Answer: C, D

QUESTION 126
You are attempting to troubleshoot some problems within your local network. Which of the
following are router IOS commands that can be used to troubleshoot LAN connectivity problems?
(Choose three)
A. ping
B. tracert
C. ipconfig
D. show ip route
E. winipcfg
F. show interfaces

Answer: A, D, F
Explanation: “ping”, “show ip route” and “show interfaces” are valid Cisco IOS commands while
“tracert”, “ipconfig” and “winipcfg” are not valid Cisco IOS commnads.

QUESTION 127
Refer to the exhibit. The network administrator requires easy configuration options and minimal
routing protocol traffic. What two options provide adequate routing table information for traffic that
passes between the two routers and satisfy the requests of the network administrator? (Choose two.)

A. a dynamic routing protocol on InternetRouter to advertise all routes to CentralRouter


B. a dynamic routing protocol on InternetRouter to advertise summarized routes to CentralRouter
C. a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to
CentralRouter.
D. a dynamic routing protocol on CentralRouter to advertise all routes to InternetRouter
E. a dynamic routing protocol on CentralRouter to advertise summarized routes to InternetRouter
F. a static, default route on CentralRouter that directs traffic to InternetRouter

Answer: C, F

QUESTION 128
Refer to the exhibit. The speed of all serial links is E1 and the speed of all Ethernet links is 100
Mb/s. A static route will be established on the Manchester router to direct traffic toward the Internet
over the most direct path available. What configuration on the Manchester router will establish a
route toward the Internet for traffic that originates from workstations on the Manchester LAN?
A. ip route 0.0.0.0 255.255.255.0 172.16.100.2
B. ip route 0.0.0.0 0.0.0.0 128.107.1.1
C. ip route 0.0.0.0 255.255.255.252 128.107.1.1
D. ip route 0.0.0.0 0.0.0.0 172.16.100.1
E. ip route 0.0.0.0 0.0.0.0 172.16.100.2
F. ip route 0.0.0.0 255.255.255.255 172.16.100.2

Answer: E
Explanation: E1 has a speed of 2.048Mbps.

QUESTION 129

Users on the 172.17.22.0 network cannot reach the server located on the 172.31.5.0 network. The
network administrator connected to router Coffee via the console port, issued the show ip route
command, and was able to ping the server. Based on the output of the show ip route command and
the topology shown in the graphic, what is the cause of the failure?
A. The network has not fully converged
B. IP routing is not enabled
C. A static route is configured incorrectly
D. The Fast Ethernet interface on Coffee is disabled
E. The neighbor relationship table is not correctly updated
F. The routing table on Coffee has not updated

Answer: C

QUESTION 130a

Central Florida Widgets recently installed a new router in their Oviedo office. Complete the
network installation by performing the initial router configurations and configuring RIPv2 routing
using the router command line interface (CLI) on the Oviedo router.
Configure the router per the following requirements:
Name of the router is Oviedo
Enable-secret password is ish333bcb
The password to access user EXEC mode using the console is Cen462F
The password to allow telnet access to the router is henzaQ242
IPv4 addresses must be configured as follows:
Ethernet network 209.165.201.0 /27 – router has first assignable host address in subnet.
Serial network is 192.0.2.144 /28 – router has last assignable host address in the subnet
Interfaces should be enabled
Routing protocol is RIPv2

Answer:
Click Console host and type the following commands:
en
config t
hostname Oviedo
enable secret 333bcb
line con 0
password Cen462F
login
line vty 0 4
password henzaQ242
login
int f0/0
ip address 209.165.201.1 255.255.255.224
no shutdown
int s0/0/0
ip address 192.0.2.158 255.255.255.240
no shutdown
router rip
version 2
network 209.165.201.0
network 192.0.2.0
end

QUESTION 130b

Central Florida Widgets recently installed a new router in their Clermont office. Complete the
network installation by performing the initial router configurations and configuring RIPv2 routing
using the router command line interface (CLI) on the Clermont router.
Configure the router per the following requirements:
Name of the router is Clermont
Enable-secret password is ne888ra
The password to access user EXEC mode using the console is Xyz132R
The password to allow telnet access to the router is YrsT9cit
IPv4 addresses must be configured as follows:
Ethernet network 209.165.202.128 /27 – router has third assignable host address in subnet.
Serial network is 192.0.2.32 /28 – router has last assignable host address in the subnet
Interfaces should be enabled
Routing protocol is RIPv2

Answer:
Click Console host and type the following commands:
en
config t
hostname Clermont
enable secret ne888ra
line con 0
password Xyz132R
login
line vty 0 4
password YrsT9cit
login
int f0/0
ip address 209.165.202.131 255.255.255.224
no shutdown
int s0/0/0
ip address 192.0.2.46 255.255.255.240
no shutdown
router rip
version 2
network 209.165.202.0
network 192.0.2.0
end

QUESTION 131
What two things will a router do when running a distance vector routing protocol? (Choose two.)
A. Send periodic updates regardless of topology changes.
B. Send entire routing table to all routers in the routing domain.
C. Use the shortest-path algorithm to determine best path.
D. Update the routing table based on updates from their neighbors.
E. Maintain the topology of the entire network in its database.

Answer: A, D

QUESTION 132

CK3 #show ip route


Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 6 subnets, 2 masks
D 192.168.10.64/26 [90/2195456] via 192.168.10.9, 00:03:31, Serial0/0
D 192.168.10.0/30 [90/2681856] via 192.168.10.9, 00:03:31, Serial0/0
C 192.168.10.4/30 is directly connected, Serial 0/1
C 192.168.10.8/30 is directly connected, Serial 0/0
C 192.168.10.192/26 is directly connected, FastEthernet0/0
D 192.168.10.128/26 [90/2195456] via 192.168.10.5, 00:03:31, Serial 0/1
Refer to the exhibit. Certkiller uses EIGRP as the routing protocol. What path will packets take
from a host on the 192.168.10.192/26 network to a host on the LAN attached to router CK1?
A. The path of the packets will be CK3 to CK2 to CK1.
B. The path of the packets will be CK3 to CK1 to CK2.
C. The path of the packets will be both CK3 to CK2 to CK1 and CK3 and CK1.
D. The path of the packets will be CK3 to CK1.

Answer: D

QUESTION 133a

After adding Servers router, no routing updates are being exchanged between Hub and the new
location. All other interconnectivity and Internet access for the existing locations of the company
are working properly.

The task is to identify the fault(s) and correct the router configurations to provide full connectivity
between the routers.

Access to the router CLI can be gained by clicking on the appropriate host,
All passwords on all routers are cisco.
IP addresses are listed in the chart below.

Hub
Fa0/0 – 192.168.88.37
S1/0 – 198.0.18.6
S0/0 – 192.168.18.5
S0/1 192.168.30.13

Servers
Fa0/0 – 192.168.88.38
Fa1/0 – 192.168.84.113
Fa0/1 – 192.168.84.97

Office1
Fa0/0 – 192.168.84.129
Fa0/1 – 192.168.84.145
S0/0 – 192.168.18.6

Office2
Fa0/0 – 192.168.84.161
Fa0/1 – 192.168.84.177
S0/1 – 192.168.30.14

Answer:
Click HostG and type the following commands (Type “cisco” if password is asked):

en
show run

Suppose part of the running configuration is as follows:

Continue to type the following commands:

config t
router eigrp 122
no network 192.168.96.0
network 192.168.88.0
end

Click HostF and type the following commands (Type “cisco” if password is asked):

en
show run

Suppose part of the running configuration is as follows:

Continue to type the following commands:


config t
no router eigrp 22
router eigrp 122
network 192.168.84.0
network 192.168.88.0
no auto-summary
end

QUESTION 133b

After adding Main router, no routing updates are being exchanged between Campus and the new
location. All other interconnectivity and Internet access for the existing locations of the company
are working properly.

The task is to identify the fault(s) and correct the router configurations to provide full connectivity
between the routers.

Access to the router CLI can be gained by clicking on the appropriate host,
All passwords on all routers are cisco.
IP addresses are listed in the chart below.

Campus
Fa0/0 – 192.168.77.33
S1/0 – 198.0.18.6
S0/0 – 192.168.27.9
S0/1 – 192.168.50.21

Main
Fa0/0 – 192.168.77.34
Fa1/0 – 192.168.84.113
Fa0/1 – 192.168.84.97

BLD-101
Fa0/0 – 192.168.84.129
Fa0/1 – 192.168.84.145
S0/0 – 192.168.27.10

BLD-102
Fa0/0 – 192.168.84.161
Fa0/1 – 192.168.84.177
S0/1 – 192.168.50.22

Answer:
Click HostG and type the following commands (Type “cisco” if password is asked):

en
show run

Suppose part of the running configuration is as follows:

Continue to type the following commands:

config t
router eigrp 12
no network 192.168.85.0
network 192.168.77.0
end

Click HostF and type the following commands (Type “cisco” if password is asked):

en
show run

Suppose part of the running configuration is as follows:

Continue to type the following commands:

config t
no router eigrp 22
router eigrp 12
network 192.168.77.0
network 192.168.84.0
no auto-summary
end

QUESTION 134

Refer to the exhibit. When running EIGRP, what is required for RouterA to exchange routing
updates with RouterC?
A. AS numbers must be changed to match on all the routers
B. Loopback interfaces must be configured so a DR is elected
C. The no auto-summary command is needed on Router A and Router C
D. RouterB needs to have two network statements, one for each connected network

Answer: A

QUESTION 135
Which two benefits are provided by using a hierarchical addressing network addressing scheme?
(Choose two.)
A. reduces routing table entries
B. auto-negotiation of media rates
C. efficient utilization of MAC addresses
D. dedicated communications between devices
E. ease of management and troubleshooting

Answer: A, E
Explanation: Hierarchical addressing network addressing scheme implies using contiguous subnets
for the network environment and hence facilitates the use of route summarization.

QUESTION 136
Refer to the exhibited. Based on the exhibited routing table, how will packets from a host within the
192.168.10.192/26 LAN be forwarded to 192.168.10.1?
A. The router will forward packets from R3 to R2 to R1.
B. The router will forward packets from R3 to R1 to R2.
C. The router will forward packets from R3 to R2 to R1 AND from R3 to R1.
D. The router will forward packets from R3 to R1.

Answer: C

QUESTION 137

Refer to the exhibit .What is the meaning of the output MTU 1500 bytes?
A. The maximum number of bytes that can traverse this interface per second is 1500
B. The minimum segment size that can traverse this interface is 1500 bytes
C. The maximum segment size that can traverse this interface is 1500 bytes
D. The minimum packet size that can traverse this interface is 1500 bytes
E. The maximum packet size that can traverse this interface is 1500 bytes
F. The maximum frame size that can traverse this interface is 1500 bytes
Answer: E

QUESTION 138
Which two statements describe the process identifier that is used in the command to configure
OSPF on a router? (Choose two.)
Router(config)# router ospf 1
A. All OSPF routers in an area must have the same process ID.
B. Only one process number can be used on the same router.
C. Different process identifiers can be used to run multiple OSPF processes
D. The process number can be any number from 1 to 65,535.
E. Hello packets are sent to each neighbor to determine the processor identifier.

Answer: C, D

QUESTION 139

Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are
possible reasons for this problem? (Choose two.)
A. All of the routers need to be configured for backbone Area 1
B. R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3
C. A static route has been configured from R1 to R3 and prevents the neighbor adjacency from
being established
D. The hello and dead interval timers are not set to the same values on R1 and R3
E. EIGRP is also configured on these routers with a lower administrative distance
F. R1 and R3 are configured in different areas

Answer: D, F

QUESTION 140
A network administrator is trying to add a new router into an established OSPF network. The
networks attached to the new router do not appear in the routing tables of the other OSPF routers.
Given the information in the partial configuration shown below, what configuration error is causing
this problem?
Router(config)# router ospf 1
Rotuer(config-router)# network 10.0.0.0 255.0.0.0 area 0
A. The process id is configured improperly.
B. The OSPF area is configured improperly.
C. The network wildcard mask is configured improperly.
D. The network number is configured improperly.
E. The AS is configured improperly.
F. The network subnet mask is configured improperly.

Answer: C

QUESTION 141
Which characteristics are representative of a link-state routing protocol? (Choose three.)
A. provides common view of entire topology
B. exchanges routing tables with neighbors
C. calculates shortest path
D. utilizes event-triggered updates
E. utilizes frequent periodic updates

Answer: A, C, D

QUESTION 142

Refer to the exhibit. When running OSPF, what would cause router A not to form an adjacency with
router B?
A. The loopback addresses are on different subnets
B. The values of the dead timers on the routers are different
C. Route summarization is enabled on both routers
D. The process identifier on router A is different than the process identifier on router B

Answer: B
QUESTION 143

Refer to the exhibit. Given the output for this command, if the router ID has not been manually set,
what router ID will OSPF use for this router?
A. 10.1.1.2
B. 10.154.154.1
C. 172.16.5.1
D. 192.168.5.3

Answer: C

QUESTION 144
Drag the Cisco default administrative distance to the appropriate routing protocol. (Not all options
are used.)

0 RIP
1 OSPF
20 Static route referencing IP address of next hop
90 Internal EIGRP route
100 Directly connected network
110
120
130

Answer:
RIP 120
OSPF 110
20 Static route referencing IP address of next hop 1
Internal EIGRP route 90
100 Directly connected network 0

130

QUESTION 145
A router has learned three possible routes that could be used to reach a destination network. One
route is from EIGRP and has a composite metric of 20514560. Another route is from OSPF with a
metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router
install in the routing table?
A. the OSPF route
B. the EIGRP route
C. the RIPv2 route
D. all three routes
E. the OSPF and RIPv2 routes

Answer: B

QUESTION 146
Refer to the exhibit. A network associate has configured OSPF with the command:
City(config-router)# network 192.168.12.64 0.0.0.63 area 0
After completing the configuration, the associate discovers that not all the interfaces are
participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF
according to this configuration statement? (Choose three.)

A. FastEthernet0/0
B. FastEthernet0/1
C. Serial0/0
D. Seria10/1.102
E. Seria10/1.103
F. Seria10/1.104

Answer: B, C, D

QUESTION 147
What is the default administrative distance of OSPF?
A. 120
B. 110
C. 90
D. 100

Answer: B

QUESTION 148
Which parameter or parameters are used to calculate OSPF cost in Cisco routers?
A. Bandwidth and Delay
B. Bandwidth, Delay, and MTU
C. Bandwidth, MTU, Reliability, Delay, and Load
D. Bandwidth

Answer: D

QUESTION 149
Which commands are required to properly configure a router to run OSPF and to add network
192.168.16.0/24 to OSPF area 0? (Choose two.)
A. Router(config)# router ospf 1
B. Router(config-router)# network 192.168.16.0 0.0.0.255 area 0
C. Router(config-router)# network 192.168.16.0 0.0.0.255 0
D. Router(config)# router ospf 0
E. Router(config-router)# network 192.168.16.0 255.255.255.0 area 0
F. Router(config)# router ospf area 0

Answer: A, B
Explanation: OSPF cannot use process ID 0.

QUESTION 150
A router receives information about network 192 168 10.0/24 from multiple sources. What will the
router consider the most reliable information about the path to that network?
A. a directly connected interface with an address of 192.168.10.254/24
B. a static route to network 192.168.10.0/24
C. a RIP update for network 192.168.10.0/24
D. an OSPF update for network 192.168.0.0/16
E. a default route with a next hop address of 192.168.10.1
F. a static route to network 192.168.10.0/24 with a local serial interface configured as the next hop
Answer: A

QUESTION 151
When designing OSPF networks: what is the purpose of using a hierarchical design? (Choose three)
A. To reduce the complexity of router configuration
B. To speed up convergence
C. To confine network instability to single areas of the network
D. To reduce routing overhead
E. To lower costs by replacing routers
F. To decrease latency

Answer: B, C, D

QUESTION 152
Which command is used to display the collection of OSPF link states?
A. show ip ospf link-state
B. show ip ospf neighbors
C. show ip ospf isa database
D. show ip ospf database

Answer: D
Explanation: “show ip ospf database” displays a brief report of OSPF link state advertisements as
shown below:
QUESTION 153
What is the default maximum number of equal-cost paths that can be placed into the routing table of
a Cisco OSPF router?
A. 16
B. 2
C. unlimited
D. 4

Answer: D
Explanation: The following is a report of “show ip protocols” on a router with OSPF enabled:

By default, a maximum of four OSPF routes of same destination and mask with equal lowest metric
will be used to route data. In other words, the OSPF router will by default use a maximum of four
equal-cost paths for load sharing.

QUESTION 154

A network administrator is troubleshooting the OSPF configuration of routers CK1 and CK2. The
routers cannot establish an adjacency relationship on their common Ethernet link. The graphic
shows the output of the show ip ospf interface e0 command for routers CK1 and CK2. Based on the
information in the graphic, what is the cause of this problem?
A. The OSPF area is not configured properly.
B. The priority on CK1 should be set higher.
C. The cost on CK1 should be set higher.
D. The hello and dead timers are not configured properly.
E. A backup designated router needs to be added to the network.
F. The OSPF process ID numbers must match.

Answer: D

QUESTION 155
What information does a router running a link-state protocol use to build and maintain its
topological database? (Choose two.)
A. hello packets
B. SAP messages sent by other routers
C. LSAs from other routers
D. beacons received on point-to-point links
E. routing tables received from other link-state routers
F. TTL packets from designated routers

Answer: A, C

QUESTION 156
Which command shows your active Telnet connections?
A. show cdp neighbors
B. show users
C. show session
D. show queue

Answer: C

QUESTION 157
Drag the security features on the left to the specific security risks they help protect against on the
right. (Not all options are used.)

access-group remote access to device console


console password access to the console 0 line
enable secret access to connected networks or resources
CHAP authentication viewing of passwords
VTY password access to privileged mode
service password-encryption
Answer:
remote access to device console VTY password
access to the console 0 line console password
access to connected networks or resources access-group
CHAP authentication viewing of passwords service password-encryption
access to privileged mode enable secret

QUESTION 158

The following report is shown by typing the command “sh run”:


QUESTION 158.1
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A. Correctly assign an IP address to interface fa0/1.
B. Change the ip access-group command on fa0/0 from "in” to "out”.
C. Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D. Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E. Remove access-group 106 in from interface fa0/0 and add access-group 104 in.

Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line
denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the
access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any
any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over
the outbound direction.

QUESTION 158.2
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A. Attempts to telnet to the router would fail.
B. It would allow all traffic from the 10.4.4.0 network.
C. IP traffic would be passed through the interface but TCP and UDP traffic would not.
D. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0
interface.

Answer: B
Explanation:
For “access-list 114 permit ip 10.4.4.0 0.0.0.255 any”, we can easily understand that this access list
allows all traffic (ip) from 10.4.4.0/24 network.

QUESTION 158.3
What would be the effect of issuing the command ip access-group 115 in on the s0/0/1 interface?
A. No host could connect to RouterC through s0/0/1.
B. Telnet and ping would work but routing updates would fail.
C. FTP, FTP-DATA, echo, and www would work but telnet would fail.
D. Only traffic from the 10.4.4.0 network would pass through the interface.

Answer: A
Explanation:
All the “ip address” commands shown in the running-config are using subnet mask 255.255.255.0,
indicating that all hosts of the networks discussed in this question must use IP addresses with the
fourth octet value ranging from 1 to 254.
For “access-list 115 permit ip 0.0.0.0 255.255.255.0 any”, this access list ONLY allows traffic with
source IP address that has the fourth octet value equals to 0.
As a result, no host in the networks discussed in this question is allowed by access-list 115.

QUESTION 159a
A network associate is adding security to the configuration of the Corp1 router. The user on host A
should be able to use a web browser to access financial information from the Finance Web Server.
No other hosts from the LAN nor the Core should be able to use a web browser to access this
server. Since there are multiple resources for the corporation at this location including other
resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow
ONLY host A web access to the Finance Web Server. No other hosts will have web access to the
Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to “cisco”


The Core connection uses an IP address of 192.168.249.65
The computers in the Hosts LAN have been assigned addresses of 192.168.120.1 –
192.168.120.254.
Host A 192.168.120.1
Host B 192.168.120.2
Host C 192.168.120.3
Host D 192.168.120.4
The servers in the Server LAN have been assigned addresses of 172.22.41.17 – 172.22.41.30
The Finance Web Server is assigned an IP address of 172.22.41.27

Answer:
Click Console and type the following commands (Type “cisco” if password is asked):

en
show run

Suppose part of the running configuration is as follows:

Continue to type the following commands:

config t
access-list 100 permit tcp 192.168.120.1 0.0.0.0 172.22.41.27 0.0.0.0 eq 80
access-list 100 deny tcp any 172.22.41.27 0.0.0.0 eq 80
access-list 100 permit ip any any
int f0/1
ip access-group 100 out
end

Afterwards, you may click HostA and HostB to use their web browsers for testing the result.

QUESTION 159b
A corporation wants to add security to its network. The requirements are:
- Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from host C to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
- All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single outbound interface. This
access list can contain no more than three statements that meet these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
- The Core connection uses an IP address of 192.168.229.65
- The computers in the hosts LAN have been assigned addresses of 192.168.220.1 –
192.168.220.254.
Host A 192.168.220.1
Host B 192.168.220.2
Host C 192.168.220.3
Host D 192.168.220.4
- The Finance Web Server has been assigned an address of 172.22.11.17
- The Public Web Server in the Server LAN has been assigned an address of 172.22.11.18

Answer:
Click Console and type the following commands (Type “cisco” if password is asked):

en
show run
Suppose part of the running configuration is as follows:

Continue to type the following commands:

config t
access-list 100 permit tcp 192.168.220.3 0.0.0.0 172.22.11.17 0.0.0.0 eq 80
access-list 100 deny ip any 172.22.11.17 0.0.0.0
access-list 100 permit ip any 172.22.11.18 0.0.0.0
int f0/1
ip access-group 100 out
end

Afterwards, you may click HostC and HostD to use their web browsers for testing the result.

QUESTION 160
On which options are standard access lists based?
A. destination address and subnet mask
B. source address and subnet mask
C. destination address and wildcard mask
D. source address and wildcard mask

Answer: D

QUESTION 161
Which item represents the standard IP ACL?
A. access-list 2500 deny tcp any host 192.168.1.1 eq 22
B. access-list 50 deny 192.168.1.1 0.0.0.255
C. access-list 110 permit ip any any
D. access-list 101 deny tcp any host 192.168.1.1

Answer: B
Explanation: ACL stands for Access Control List

QUESTION 162
ACL 10
Statements are written in this order:
A. permit any
B. deny 172.21.1.128 0.0.0.15
C. permit 172.21.1.129 0.0.0.0
D. permit 172.21.1.142 0.0.0.0

Refer to the above. Statements A, B, C, and D of ACL 10 have been entered in the shown order and
applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and
last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict
anyone from the network. How can the ACL statements be re-arranged so that the system works as
intended?
A. DBAC
B. BADC
C. ACDB
D. CDBA

Answer: D

QUESTION 163

Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet.
Which interface command immediately removes the effect of ACL 102?
A. no ip access-list 102 in
B. no ip access-group 102 out
C. no ip access-group 102 in
D. no ip access-class 102 in
E. no ip access-class 102 out

Answer: B

QUESTION 164
A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on
networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACLs,
when combined, are the best for accomplishing this task? (Choose two.)
A. access-list 10 permit ip 192.168.146.0 0.0.0.255
B. access-list 10 permit ip 192.168.149.0 0.0.255.255
C. access-list 10 permit ip 192.168.146.0 0.0.1.255
D. access-list 10 permit ip 192.168.148.0 0.0.1.255
E. access-list 10 permit ip 192.168.147.0 0.0.255.255
F. access-list 10 permit ip 192.168.146.0 255.255.255.0

Answer: C, D

QUESTION 165
Which statement about access lists that are applied to an interface is true?
A. You can apply only one access list on any interface
B. You can apply multiple access lists with the same protocol or in different directions
C. You can configure one access list, per direction, per layer 3 protocol
D. You can place as many access lists as you want on any interface

Answer: C

QUESTION 166
When you are troubleshooting an ACL issue on a router, which command can help you to verify
which interfaces are affected by the ACL?
A. show ip access-lists
B. list ip interface
C. show ip interface
D. show interface
E. show access-lsits

Answer: C

QUESTION 167

Two routers named Atlanta and Brevard are connected via their serial interfaces as illustrated, but
they are unable to communicate. The Atlanta router is known to have the correct configuration.
Given the partial configurations, identify the fault on the Brevard router that is causing the lack of
connectivity.
A. incompatible IP address
B. insufficient bandwidth
C. incorrect subnet mask
D. incompatible encapsulation
E. link reliability too low
F. IPCP closed

Answer: D

QUESTION 168
Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0.
Based on the output from RouterA, what are two possible reasons for the failure? (Choose two.)
A. The cable that is connected to S0/0 on RouterA is faulty
B. Interface S0/0 on RouterB is administratively down
C. Interface S0/0 on RouterA is configured with an incorrect subnet mask
D. The IP address that is configured on S0/0 of RouterB is not in the correct subnet
E. Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU
F. The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that is
configured on S0/0 of RouterA

Answer: E, F

QUESTION 169

Refer to the exhibit. The Bigtime router is unable to authenticate to the Littletime router. What is the
cause of the problem?
A. The usernames are incorrectly configured on the two routers
B. The passwords do not match on the two routers
C. CHAP authentication cannot be used on a serial interface
D. The routers cannot be connected from interface S0/0 to interface S0/0
E. With CHAP authentication, one router must authenticate to another router. The routers cannot be
configured to authenticate to each other

Answer: B
QUESTION 170
Drag each category on the left to its corresponding router output line on the right. Each router
output line is the result of a show ip interface command. Not all categories are used.

Layer 1 problem Serial0/1 is up, line protocol is up


Layer 2 problem Serial0/1 is up, line protocol is down
Layer 3 problem Serial0/1 is down, line protocol is down
Port operational Serial0/1 is administratively down, line
protocol is down
Port disabled

Answer:
Serial0/1 is up, line protocol is up Port operational
Serial0/1 is up, line protocol is down Layer 2 problem
Layer 3 problem Serial0/1 is down, line protocol is down Layer 1 problem
Serial0/1 is administratively down, line Port disabled
protocol is down

QUESTION 171
Which command is used to enable CHAP authentication, with PAP as the fallback method, on a
serial interface?
A. Router(config-if)# authentication ppp chap fallback ppp
B. Router(config-if)# ppp authentication chap fallback ppp
C. Router(config-if)# authentication ppp chap pap
D. Router(config-if)# ppp authentication chap pap

Answer: D

QUESTION 172
Which two statements about using the CHAP authentication mechanism in a PPP link are true?
(Choose two.)
A. CHAP authentication passwords are sent in plaintext.
B. CHAP authentication periodically occurs after link establishment.
C. CHAP uses a three-way handshake.
D. CHAP authentication is performed only upon link establishment.
E. CHAP has no protection from playback attacks.
F. CHAP uses a two-way handshake.
Answer: B, C
Explanation: CHAP provides protection against playback attack by the peer through the use of an
incrementally changing identifier and of a variable challenge-value. CHAP requires that both the
client and server know the plaintext of the secret, although it is never sent over the network.
CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the
identity of remote clients.

QUESTION 173
A network administrator needs to configure a serial link between the main office and a remote
location. The router at the remote office is a non-Cisco router. How should the network
administrator configure the serial interface of the main office router to make the connection?
A. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# no shut
B. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation ppp
Main(config-if)# no shut
C. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation frame-relay
Main(config-if)# authentication chap
Main(config-if)# no shut
D. Main(config)# interface serial 0/0
Main(config-if)# ip address 172.16.1.1 255.255.255.252
Main(config-if)# encapsulation ietf
Main(config-if)# no shut

Answer: B

QUESTION 174
Which Layer 2 protocol encapsulation type supports synchronous and asynchronous circuits and has
built-in security mechanisms?
A. X.25
B. HDLC
C. Frame Relay
D. PPP

Answer: D
Explanation: PPP can be used in synchronous serial link (e.g. leased line) and asynchronous serial
link (e.g. dialup line). Also, PPP can support authentication.
QUESTION 175
At which layer of the OSI model does PPP perform?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5

Answer: A

QUESTION 176
Refer to the exhibit. The two exhibited devices are the only Cisco devices on the network. The
serial network between the two devices has a mask of 255.255.255.252.Given the output that is
shown, what three statements are true of these devices? (Choose three.)

A. The Manchester serial address is 10.1.1.1


B. The Manchester serial address is 10.1.1.2
C. The London router is a Cisco 2610
D. The Manchester router is a Cisco 2610
E. The CDP information was received on port Serial0/0 of the Manchester router
F. The CDP information was sent by port Serial0/0 of the London router

Answer: A, C, E

QUESTION 177
Which command would you configure globally on a Cisco router that would allow you to view
directly connected Cisco devices?
A. enable cdp
B. cdp enable
C. cdp run
D. run cdp

Answer: C

QUESTION 178
Which two statements about static NAT translations are true? (Choose two.)
A. They allow connections to be initiated from the outside.
B. They require no inside or outside interface markings because addresses are statically defined.
C. They are always present in the NAT table.
D. They can be configured with access lists, to allow two or more connections to be initiated from
the outside.

Answer: A, C

QUESTION 179a
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside.
- The appropriate static routes have also been configured (since the company will be a stub network,
no protocol will be required)
- All passwords have been temporarily set to “cisco”.

The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide
Internet for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host
provided for testing.

Configuration information
router name - Weaver
inside global addresses - 198.18.184.105 - 198.18.184.110/29
inside local addresses - 192.168.100.17 - 192.168.100.30/28
number of inside hosts - 14
Answer:
Click Console and type the following commands (Type “cisco” if password is asked):

en
config t
access-list 10 permit 192.168.100.16 0.0.0.15
ip nat pool global 198.18.184.105 198.18.184.110 netmask 255.255.255.248
ip nat inside source list 10 pool global overload
end

Click Host for Testing and type “ping 192.0.2.114”. The ping result should be successful if your
configuration is accurate!

QUESTION 179b
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside.
- The appropriate static routes have also been configured (since the company will be a stub network,
no protocol will be required)
- All passwords have been temporarily set to “cisco”.

The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide
Internet for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host
provided for testing.

Configuration information
router name - Weaver
inside global addresses - 198.18.243.129 - 198.18.243.134/29
inside local addresses - 192.168.97.129 - 192.168.97.190/26
number of inside hosts - 62

Answer:
Click Console and type the following commands (Type “cisco” if password is asked):

en
config t
access-list 10 permit 192.168.97.128 0.0.0.63
ip nat pool global 198.18.243.129 198.18.243.134 netmask 255.255.255.248
ip nat inside source list 10 pool global overload
end

Click Host for Testing and type “ping 192.0.2.90”. The ping result should be successful if your
configuration is accurate!

QUESTION 179c
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside.
- The appropriate static routes have also been configured (since the company will be a stub network,
no protocol will be required)
- All passwords have been temporarily set to “cisco”.

The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide
Internet for the hosts in the Bomar LAN. Functionality can be tested by clicking on the host
provided for testing.

Configuration information
router name - Bomar
inside global addresses - 198.18.222.201 - 198.18.222.206/29
inside local addresses - 192.168.31.33 - 192.168.31.62/27
number of inside hosts - 30

Answer:
Click Console and type the following commands (Type “cisco” if password is asked):

en
config t
access-list 10 permit 192.168.31.32 0.0.0.31
ip nat pool global 198.18.222.201 198.18.222.206 netmask 255.255.255.248
ip nat inside source list 10 pool global overload
end

Click Host for Testing and type “ping 192.0.2.202”. The ping result should be successful if your
configuration is accurate!

QUESTION 180
Refer to the exhibit. What statement is true of the configuration for this network?
A. The configuration that is shown provides inadequate outside address space for translation of
the number of inside addresses that are supported
B. Because of the addressing on interface FastEthernet0/1, the Seria10/0 interface address will not
support the NAT configuration as shown
C. The number 1 referred to in the ip nat inside source command references access-list number 1
D. External Router must be configured with static routes to networks 172.16.1.0/24 and
172.16.2.0/24

Answer: C

QUESTION 181
What will happen if a private IP address is assigned to a public interface connected to an ISP?
A. Addresses in a private range will be not routed on the Internet backbone.
B. Only the ISP router will have the capability to access the public network.
C. The NAT process will be used to translate this address in a valid IP address.
D. Several automated methods will be necessary on the private network.
E. A conflict of IP addresses happens, because other public routers can use the same range.

Answer: A

QUESTION 182
What are two benefits of using NAT? (Choose two.)
A. NAT conserves addresses through host MAC-level multiplexing
B. NAT protects network security because private networks are not advertised
C. NAT eliminates the need to re-address all hosts that require external access
D. NAT accelerates the routing process because no modifications are made on the packets
E. Dynamic NAT facilitates connections from the outside of the network
F. NAT facilitates end-to-end communication when IPsec is enabled

Answer: B, C

QUESTION 183
How does a DHCP server dynamically assign IP addresses to hosts?
A. Addresses are permanently assigned so that the host uses the same address at all times
B. Addresses are assigned for a fixed period of time. At the end of the period, a new request for
an address must be made, and another address is then assigned
C. Addresses are leased to hosts. A host will usually keep the same address by periodically
contacting the DHCP server to renew the lease
D. Addresses are allocated after a negotiation between the server and the host to determine the
length of the agreement

Answer: C

QUESTION 184
When a DHCP server is configured, which two IP addresses should never be assignable to hosts?
(Choose two.)
A. network or subnetwork IP address
B. broadcast address on the network
C. IP address leased to the LAN
D. IP address used by the interfaces
E. manually assigned address to the clients
F. designated IP address to the DHCP server

Answer: A, B

QUESTION 185
Which statement is correct regarding the operation of DHCP?
A. A DHCP client uses a ping to detect address conflicts
B. A DHCP server uses a gratuitous ARP to detect DHCP clients
C. A DHCP client uses a gratuitous ARP to detect a DHCP server
D. If an address conflict is detected, the address is removed from the pool and an administrator must
resolve the conflict
E. If an address conflict is detected, the address is removed from the pool for an amount of time
configurable by the administrator
F. If an address conflict is detected, the address is removed from the pool and will not be reused
until the server is rebooted

Answer: D

QUESTION 186

Refer to the exhibit. Which rule does the DHCP server use when there is an IP address conflict?
A. The address is removed from the pool until the conflict is resolved.
B. The address remains in the pool until the conflict is resolved.
C. Only the IP detected by Gratuitous ARP is removed from the pool.
D. Only the IP detected by Ping is removed from the pool.
E. The IP will be shown, even after the conflict is resolved.

Answer: A

QUESTION 187
What are three reasons that an organization with multiple branch offices and roaming users might
implement a Cisco VPN solution instead of point-to-point WAN links? (Choose three.)
A. reduced cost
B. better throughput
C. reduced latency
D. increased security
E. scalability
F. broadband incompatibility

Answer: A, D, E

QUESTION 188
Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide
secure end-to-end communications?
A. L2TP
B. RSA
C. IPsec
D. PPTP

Answer: C
Explanation: Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication session.
A virtual private network (VPN) is a secure way of connecting to a private Local Area Network at a
remote location, using the Internet or any insecure public network to transport the network data
packets privately, using IPsec commonly.

QUESTION 189
How many bits are contained in each field of an IPv6 address?
A. 24
B. 4
C. 8
D. 16

Answer: D

QUESTION 190
Which option is a valid IPv6 address?
A. 2001:0000:130F::099a::12a
B. 2002:7654:A1AD:61:81AF:CCC1
C. FEC0:ABCD:WXYZ:0067::2A4
D. 2004:1:25A4:886F::1

Answer: D

QUESTION 191
What is the alternative notation for the IPv6 address
B514:82C3:0000:0000:0029:EC7A:0000:EC72?
A. B514:82C3::0029:EC7A:EC72
B. B514:82C3::0029:EC7A:0:EC72
C. B514:82C3:0029:EC7A:EC72
D. B514:82C3:0029::EC7A:0000:EC72

Answer: B

QUESTION 192
Which IPv6 address is valid?
A. 2001:0db8:0000:130F:0000:0000:08GC:140B
B. 2001:0db8:0:130H::87C:140B
C. 2031:0:130F::9C0:876A:130B
D. 2031::130F::9C0:876A:130B

Answer: C

QUESTION 193
Which IPv6 address is the equivalent of the IPv4 interface loopback address 127.0.0.1?
A. ::1
B. 0::/10
C. 2000::/3
D. ::

Answer: A

QUESTION 194
Which command enables IPv6 forwarding on a Cisco router?
A. ipv6 neighbor
B. ipv6 unicast-routing
C. ipv6 host
D. ipv6 local

Answer: B

QUESTION 195
Which command can you use to manually assign a static IPv6 address to a router interface?
A. ipv6 autoconfig
B. ipv6 address PREFIX_1 ::1/64
C. ipv6 address 2001:db8:2222:7272::72/64
D. ipv6 autoconfig 2001:db8:2222:7272::72/64

Answer: C

QUESTION 196
Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.)
A. Global addresses start with 2000::/3
B. Link-local addresses start with FE00:/12
C. Link-local addresses start with FF00::/10
D. There is only one loopback address and it is ::1
E. If a global address is assigned to an interface, then that is the only allowable address for the
interface

Answer: A, D

QUESTION 197
Which IPv6 address is the all-router multicast group?
A. FF02::3
B. FF02::4
C. FF02::2
D. FF02::1

Answer: C

QUESTION 198
Which two of these statements are true of IPv6 address representation? (Choose two.)
A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
B. A single interface may be assigned multiple IPv6 addresses of any type.
C. Every IPv6 interface contains at least one loopback address.
D. The first 64 bits represent the dynamically created interface ID.
E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.

Answer: B, C
Explanation: ::1/128 — The loopback address is a unicast localhost address. If an application in a
host sends packets to this address, the IPv6 stack will loop these packets back on the same virtual
interface (corresponding to 127.0.0.1 in IPv4).
QUESTION 199
Which of these represents an IPv6 link-local address?
A. FE08::280e:611:a:f14f:3d69
B. FE80::380e:611a:e14f:3d69
C. FE81::280f:512b:e14f:3d69
D. FEFE:0345:5f1b::e14d:3d69

Answer: B

QUESTION 200
How is an EUI-64 format interface ID created from a 48-bit MAC address?
A. by appending 0xFF to the MAC address
B. by prefixing the MAC address with 0xFFEE
C. by prefixing the MAC address with 0xFF and appending 0xFF to it
D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC
address
E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes

Answer: D

QUESTION 201
What are three features of the IPv6 protocol? (Choose three.)
A. checksums
B. complicated header
C. no broadcasts
D. optional IPsec
E. autoconfiguration
F. plug-and-play

Answer: C, E, F
Explanation: There is no broadcast in IPv6 and this functionality is taken over by multicast. This
can avoid irrelevant hosts to be affected by broadcasts as in the case of IPv4.
One of the great features of IPv6 is its automatic configuration. It is no longer necessary to
configure each host separately or to create a static entry in the DHCP server - simply plug the host
in and it will configure itself to function properly in the local network and play (i.e. communicate)
with other hosts.
QUESTION 202
The network administrator has been asked to give reasons for moving from IPv4 to IPv6. What are
two valid reasons for adopting IPv6 over IPv4? (Choose two.)
A. change of source address in the IPv6 header
B. no broadcast
C. change of destination address in the IPv6 header
D. NAT
E. autoconfiguration
F. Telnet access does not require a password

Answer: B, E

QUESTION 203
What is known as "one-to-nearest" addressing in IPv6?
A. global unicast
B. anycast
C. multicast
D. unspecified address

Answer: B

QUESTION 204
Which three are characteristics of an IPv6 anycast address? (Choose three.)
A. the same address for multiple devices in the group
B. one-to-many communication model
C. one-to-nearest communication model
D. any-to-many communication model
E. delivery of packets to the group interface that is closest to the sending device
F. a unique IPv6 address for each device in the group

Answer: A, C, E

QUESTION 205
Which two are features of IPv6? (Choose two.)
A. allcast
B. broadcast
C. podcast
D. anycast
E. multicast

Answer: D, E

QUESTION 206
Refer to the exhibit. What is the effect of the configuration that is shown?

A. It configures SSH globally for all logins


B. It tells the router or switch to try to establish an SSH connection first and if that fails to use
Telnet
C. It configures the virtual terminal lines with the password 030752180500
D. It configures a Cisco network device to use the SSH protocol on incoming communications via
the virtual terminal ports
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.

Answer: D

QUESTION 207
Where does routing occur within the DoD TCP/IP reference model?
A. application
B. internet
C. network
D. transport

Answer: B
Explanation: The DoD (Department of Defense) TCP/IP model is a condensed version of the OSI
model and only has four layers.
QUESTION 208
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt
of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter

Answer: D

QUESTION 209
Assuming the default switch configuration, which VLAN range can be added, modified, and
removed on a Cisco switch?
A. 1 through 1002
B. 2 through 1001
C. 1 through 1001
D. 2 through 1005

Answer: B
Explanation: Please see the following test:
Switch#show vlan brief

VLAN Name Status Ports


---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#no vlan 1
Default VLAN 1 may not be deleted.
Switch(config)#no vlan 1002
Default VLAN 1002 may not be deleted.
Switch(config)#no vlan 1003
Default VLAN 1003 may not be deleted.
Switch(config)#no vlan 1004
Default VLAN 1004 may not be deleted.
Switch(config)#no vlan 1005
Default VLAN 1005 may not be deleted.
Switch(config)#

QUESTION 210
Which two of these are characteristics of the 802.1Q protocol? (Choose two.)
A. It includes an 8-bit field which specifies the priority of a frame.
B. It is a Layer 2 messaging protocol which maintains VLAN configurations across networks.
C. It is a trunking protocol capable of carrying untagged frames.
D. It modifies the 802.3 frame header, and thus requires that the FCS be recomputed.
E. It is used exclusively for tagging VLAN frames and does not address network reconvergence
following switched network topology changes.

Answer: C, D
Explanation: 802.3 frame header means Ethernet header and 802.1Q trunking protocol may insert a
4 bytes tag just after the source MAC address of the Ethernet header and hence requiring the FCS of
the Ethernet header be recomputed.

QUESTION 211
Which parameter can be tuned to affect the selection of a static route as a backup, when a dynamic
protocol is also being used?
A. link bandwidth
B. link cost
C. administrative distance
D. link delay
E. hop count

Answer: C
Explanation: The global configuration command “ip route 20.0.0.0 255.0.0.0 10.10.10.10 121”
manually defines “121” as the administrative distance for the static route which can be act as a
backup for a dynamic routing protocol (e.g. a backup for the RIP route 20.0.0.0/8 which has an
administrative distance of 120).

QUESTION 212
Which two are advantages of static routing when compared to dynamic routing? (Choose two.)
A. An efficient algorithm is used to build routing tables, using automatic updates.
B. Routing updates are automatically sent to neighbors.
C. Routing traffic load is reduced when used in stub network links.
D. Configuration complexity decreases as network size increases.
E. Routing tables adapt automatically to topology changes.
F. Security increases because only the network administrator may change the routing tables.
G. Route summarization is computed automatically by the router.

Answer: C, F
Explanation:

In the above diagram, Network X is a stub network and Router S is a stub router. In order for Router
S to route packets to remote networks, it’s enough for Router S to use a static default route to point
to Router D instead of using Dynamic Routing Protocols.
QUESTION 213
A network administrator is troubleshooting an EIGRP problem on a router and needs to confirm the
IP addresses of the devices with which the router has established adjacency. The retransmit interval
and the queue counts for the adjacent routers also need to be checked. What command will display
the required information?
A. Router# show ip eigrp adjacency
B. Router# show ip eigrp topology
C. Router# show ip eigrp interfaces
D. Router# show ip eigrp neighbors

Answer: D
Explanation:

“Q Count” (Queue Counts):


Number of EIGRP packets (e.g. update packets) that the software is waiting to send.
“RTO” (Retransmission TimeOut, in milliseconds (ms)):
This is the amount of time the software waits before retransmitting a packet from the retransmission
queue to a neighbor.

QUESTION 214
Which three approaches can be used while migrating from an IPv4 addressing scheme to an IPv6
scheme. (Choose three.)
A. configure IPv6 directly
B. configure IPv4 tunnels between IPv6 islands
C. statically map IPv4 addresses to IPv6 addresses
D. use DHCPv6 to map IPv4 addresses to IPv6 addresses
E. enable dual-stack routing
F. use proxing and translation to translate IPv6 packets into IPv4 packets.

Answer: B, E, F
Explanation:
Answer B means using Overlay Tunneling.
Answer F means using NAT-PT.

QUESTION 215

Refer to the exhibit. If the router Cisco returns the given output and has not had its router ID set
manually, which value will OSPF use as its router ID?
A. 2.2.2.2
B. 192.168.1.1
C. 1.1.1.1
D. 172.16.1.1

Answer: A

QUESTION 216
Refer to the exhibit. If the devices produced the given output, what is the cause of the Etherchannel
problem?
A. There is an MTU mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.
B. There is a speed mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.
C. There is an encapsulation mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.
D. SW1’s Fa0/1 interface is administratively shut down.

Answer: B

QUESTION 217

Refer to the exhibit. What set of commands was configured on interface Fa0/3 to produce the given
output?
A. interface FastEthernet 0/3
channel-group 2 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
B. interface FastEthernet 0/3
channel-group 2 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
C. interface FastEthernet 0/3
channel-group 1 mode desirable
switchport trunk encapsulation dot1q
switchport mode trunk
D. interface FastEthernet 0/3
channel-group 2 mode passive
switchport trunk encapsulation dot1q
switchport mode trunk

Answer: D

QUESTION 218
What authentication type is used by SNMPv2?
A. community strings
B. HMAC-SHA
C. HMAC-MD5
D. CBC-DES

Answer: A

QUESTION 219
Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)
A. SNMPv2 added the Inform protocol message to SNMP.
B. SNMPv3 added the GetBulk protocol messages to SNMP.
C. SNMPv3 enhanced SNMPv2 security features.
D. SNMPv3 added the Inform protocol messages to SNMP.
E. SNMPv2 added the GetBulk protocol message to SNMP.
F. SNMPv2 added the GetNext protocol message to SNMP.

Answer: A, C, E

QUESTION 220

Refer to the exhibit. What is the cause of the Syslog output messages?
A. Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down.
B. The EIGRP neighbor connected to Fa0/1 is partitioning in a different EIGRP process, causing the
adjacency to go down.
C. The EIGRP neighbor on Fa0/1 went down due to a failed link.
D. A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.

Answer: D

QUESTION 221
What command instructs the device to timestamp Syslog debug messages in milliseconds?
A. service timestamps debug datetime msec
B. service timestamps debug datetime localtime
C. service timestamps log datetime localtime
D. service timestamps log datetime msec

Answer: A

QUESTION 222
Which command sequence will configure a router to run OSPF and add network 10.1.1.0 /24 to area
0?
A. router ospf
network 10.1.1.0 0.0.0.255
B. router ospf area 0
network 10.1.1.0 255.255.255.0 area 0
C. router ospf 1
network 10.1.1.0 0.0.0.255
D. router ospf 1
network 10.1.1.0 0.0.0.255 area 0
E. router ospf area 0
network 10.1.1.0 0.0.0.255 area 0
F. router ospf
network 10.1.1.0 255.255.255.0 area 0

Answer: D

QUESTION 223
What SNMP message alerts the manager to a condition on the network?
A. response
B. capture
C. trap
D. get

Answer: C

QUESTION 224
What is the default Syslog facility level?
A. local4
B. local5
C. local6
D. local7
Answer: D

QUESTION 225
What is a global command?
A. a command that is available in every release of IOS, regardless of the version or deployment
status
B. a command that can be entered in any configuration mode
C. a command that is universal in application and supports all protocols
D. a command that is implemented in all foreign and domestic IOS versions
E. a command that is set once and affects the entire router

Answer: E

QUESTION 226
In a switched environment, what does the IEEE 802.1Q standard describe?
A. VLAN pruning
B. the process for root bridge selection
C. a method of VLAN trunking
D. trunking the operation of VTP
E. an approach to wireless LAN communication

Answer: C

QUESTION 227
What OSPF command, when configured, will include all interfaces into area 0?
A. network 0.0.0.0 255.255.255.255 area 0
B. network 0.0.0.0 0.0.0.0 area 0
C. network 255.255.255.255 0.0.0.0 area 0
D. network all-interfaces area 0

Answer: A

QUESTION 228
Which statement describes the process ID that is used to run OSPF on a router?
A. It is globally significant and is used to represent the AS number.
B. It is locally significant and is used to identify an instance of the OSPF database.
C. It is globally significant and is used to identify OSPF stub areas.
D. It is locally significant and must be the same throughout an area.

Answer: B

QUESTION 229

A network administrator is configuring an EtherChannel between SW1 and SW2. The SW1
configuration is shown. What is the correct configuration for SW2?
A. interface FastEthernet 0/1
channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk

B. interface FastEthernet 0/1


channel-group 2 mode auto
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 2 mode auto
switchport trunk encapsulation dot1q
switchport mode trunk

C. interface FastEthernet 0/1


channel-group 1 mode desirable
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode desirable
switchport trunk encapsulation dot1q
switchport mode trunk

D. interface FastEthernet 0/1


channel-group 1 mode passive
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode passive
switchport trunk encapsulation dot1q
switchport mode trunk

Answer: C

QUESTION 230
What parameter can be different on ports within an EtherChannel?
A. speed
B. DTP negotiation settings
C. trunk encapsulation
D. duplex

Answer: B

QUESTION 231
A network administrator creates a layer 3 EtherChannel, bundling four interfaces into channel group
1. On what interface is the IP address configured?
A. the port-channel 1 interface
B. the highest number member interface
C. all member interfaces
D. the lowest number member interface

Answer: A
After a multilayer switch is configured to be used as a router, an IP address can then be configured
on the port-channel interface.
QUESTION 232
What are three components that comprise the SNMP framework? (Choose three.)
A. MIB
B. agent
C. set
D. AES
E. supervisor
F. manager

Answer: A, B, F
Explanation: MIB (Management Information Base) resides on the SNMP Agent device. MIB
consists of collection of managed objects such as “ciscoEnvMonTemperatureStatusValue” (for
getting the temperature of the SNMP Agent device), “cdpGlobalMessageInterval” (for getting or
setting the interval (the default value is 60 seconds) at which CDP messages are to be generated on
the SNMP Agent device).

QUESTION 233
Which protocol can cause overload on a CPU of a managed device?
A. Netflow
B. WCCP
C. IP SLA
D. SNMP

Answer: D
Explanation: A managed device is a device that requires some form of monitoring and management
(i.e. the SNMP Agent).
Sometimes, messages like this might appear in the SNMP Agent’s console:
%SNMP-3-CPUHOG: Processing ….. of …..
This means that the SNMP Agent has taken too much time to process a request from the SNMP
Manager.

QUESTION 234
What is the alert message generated by SNMP agents called? (Choose two.)
A. TRAP
B. INFORM
C. GET
D. SET
Answer: A, B

QUESTION 235
Which three features are added in SNMPv3 over SNMPv2? (Choose three.)
A. Message Integrity
B. Compression
C. Authentication
D. Encryption
E. Error Detection

Answer: A, C, D

QUESTION 236
Which three statements about Syslog utilization are true? (Choose three.)
A. Utilizing Syslog improves network performance.
B. The Syslog server automatically notifies the network administrator of network problems.
C. A Syslog server provides the storage space necessary to store log files without using router disk
space.
D. There are more Syslog messages available within Cisco IOS than there are comparable SNMP
trap messages.
E. Enabling Syslog on a router automatically enables NTP for accurate time stamping.
F. A Syslog server helps in aggregation of logs and alerts.

Answer: C, D, F

QUESTION 237
A network administrator enters the following command on a router: logging trap 3. What are three
message types that will be sent to the Syslog server? (Choose three.)
A. informational
B. emergency
C. warning
D. critical
E. debug
F. error

Answer: B, D, F
QUESTION 238
What are the popular destinations for syslog messages to be saved? (Choose three.)
A. Flash
B. The logging buffer RAM
C. The console terminal
D. Other terminals
E. Syslog server

Answer: B, C, E
Explanation: The Global Configuration mode command “logging buffered debugging” configures
that all system message loggings will be stored in RAM.
The system message loggings stored in RAM could be displayed at the end of the report shown by
the Privileged mode command “show logging”.

QUESTION 239
Which two statements about HSRP operation are true? (Choose two.)
A. The virtual IP address and virtual MAC address are active on the HSRP Master router.
B. The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
C. HSRP supports only clear-text authentication.
D. The HSRP virtual IP address must be on a different subnet than the routers' interfaces on the
same LAN.
E. The HSRP virtual IP address must be the same as one of the router's interface addresses on the
LAN.

Answer: A, B
Explanation: Cisco HSRP (Hot Standby Routing Protocol) can be used to provide a redundant
default gateway for the hosts.
HSRP is configured on two or more routers so that the router with the highest HSRP priority
number (default is 100) will be elected as the HSRP active router (or called HSRP master router)
and the router with the second highest HSRP priority number will be elected as the HSRP standby
router.
The virtual IP address and virtual MAC address are active on the HSRP active router. In other
words, the HSRP active router is currently forwarding packets that are sent to the virtual IP address
or the virtual MAC address.
HSRP default timers are a 3 second hello interval and a 10 second dead interval. In other words, the
HSRP active router sends periodic HSRP hello packets every 3 seconds and the HSRP standby
router will be promoted as the new HSRP active router if the HSRP standby router could not receive
HSRP hello packets from the original HSRP active router for 10 seconds.

QUESTION 240
What is a valid HSRP virtual MAC address?
A. 0000.5E00.01A3
B. 0007.B400.AE01
C. 0000.0C07.AC15
D. 0007.5E00.B301

Answer: C
Explanation: HSRP virtual MAC address is in the format of 0000.0C07.AC**.

QUESTION 241
Router(config)# interface gigabitEthernet 0/1
Router(config)# ip address 192.168.1.1 255.255.255.0
Router(config)# speed 100
Router(config)# duplex full

Which command can you enter to verify link speed and duplex setting on the interface?
A. router#show ip protocols
B. router#show startup-config
C. router#show interface gig 0/1
D. router#show line

Answer: C

QUESTION 242
Which MAC protocol sets a random timer to reattempt communication?
A. CSMA/CA
B. RARP
C. IEEE 802.1x
D. CSMA/CD

Answer: D
Explanation: MAC stands for Media Access Control.
QUESTION 243
Which two statements about late collisions are true? (Choose two.)
A. They occur when CRC errors and interference occur on the cable.
B. By definition, they occur after the 512th bit of the frame has been transmitted.
C. They indicate received frames that did not pass the FCS match.
D. They are frames that exceed 1518 bytes.
E. They may indicate a duplex mismatch.

Answer: B, E

QUESTION 244
Which interface counter can you use to diagnose a duplex mismatch problem?
A. giants
B. no carrier
C. runts
D. late collisions
E. deferred

Answer: D

QUESTION 245
Which two statements about Ethernet standards are true? (Choose two.)
A. Ethernet 10BASE-T does not support full-duplex.
B. Ethernet is defined by IEEE standard 802.2.
C. When an Ethernet network uses CSMA/CA, it terminates transmission as soon as a collision
occurs.
D. When an Ethernet network uses CSMA/CD, it terminates transmission as soon as a collision
occurs.
E. Ethernet is defined by IEEE standard 802.3.

Answer: D, E
Explanation: The Institute of Electrical and Electronics Engineers (IEEE) is a standards setting
body. 802.3 is the standard which Ethernet operates by. It is the standard for CSMA/CD (Carrier
Sense Multiple Access with Collision Detection).
CSMA/CD is what Ethernet uses to control access to the network medium (network cable). If there
is no data, any node may attempt to transmit, if the nodes detect a collision, both stop transmitting
and wait a random amount of time before retransmitting the data.
QUESTION 246
Which two spanning-tree port states does RSTP combine? (Choose two.)
A. listening
B. blocking
C. discarding
D. learning
E. forwarding

Answer: A, B

QUESTION 247
Which condition indicates that service password-encryption is enabled?
A. The enable secret is in clear text in the configuration.
B. The local username password is encrypted in the configuration.
C. The local username password is in clear text in the configuration.
D. The enable secret is encrypted in the configuration.

Answer: B
Explanation: The following is a partial report of “sh run” before typing the “service password-
encryption” command:
Router#sh run
Building configuration...

Current configuration : 806 bytes


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
:
:
username demo password 0 test
:
:

The following is a partial report of “sh run” after typing the “service password-encryption”
command:
Router#sh run
Building configuration...

Current configuration : 809 bytes


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
:
:
username demo password 7 0835495D1D
:
:

QUESTION 248
Which feature facilitates the tagging of frames on a specific VLAN?
A. encapsulation
B. routing
C. switching
D. hairpinning

Answer: A

QUESTION 249
Which three commands must you enter to create a trunk that allows VLAN 20? (Choose three.)
A. Switch(config-if)#switchport trunk allowed vlan 20
B. Switch(config-if)#switchport mode dynamic desirable
C. Switch(config-if)#switchport trunk native vlan 20
D. Switch(config-if)#switchport mode trunk
E. Switch(config-if)#switchport mode dynamic auto
F. Switch(config-if)#switchport trunk encapsulation dot1q

Answer: A, D, F

QUESTION 250
Which command can you enter to determine whether a switch port is operating in trunking mode?
A. show interface switchport
B. show ip interface brief
C. show interfaces
D. show vlan

Answer: A
Explanation:
Switch#show interface switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
:
:
Name: Fa0/2
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
:
:
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
:
:

QUESTION 251
Which technology can enable multiple VLANs to communicate with one another?
A. inter-VLAN routing using a Layer 2 switch
B. intra-VLAN routing using a Layer 3 switch
C. intra-VLAN routing using router on a stick
D. inter-VLAN routing using a Layer 3 switch

Answer: D
Explanation: Intra-VLAN routing actually indicates the communication within the same VLAN.
Inter-VLAN routing actually indicates the communication between different VLANs.
Layer 3 switch is also called Multilayer switch.
QUESTION 252
Which type of device can be replaced by the use of subinterfaces for VLAN routing?
A. Layer 2 switch
B. Layer 2 bridge
C. Layer 3 switch
D. router

Answer: C
Explanation: By configuring a router’s subinterfaces for intervlan routing (i.e. By configuring
router-on-a-stick), it is not necessary to have a multilayer switch (i.e. Layer 3 switch) that performs
intervlan routing.

QUESTION 253
Which utility can you use to determine whether a switch can send echo requests and replies?
A. ping
B. Telnet
C. traceroute
D. SSH

Answer: A

QUESTION 254
What is the purpose of the POST operation on a router?
A. enable a TFTP server
B. set the configuration register
C. determine whether additional hardware has been added
D. locate an IOS image for booting

Answer: C
Explanation: Power-on self-test (POST) - This event is a series of hardware tests to verify that all
the router's components are functional. During this test, the router also determines what hardware is
present. POST executes from microcode resident in the system ROM.

QUESTION 255
Which command can you enter to set the default route for all traffic to an interface?
A. router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
B. router(config-router)#default-information originate
C. router(config)#ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/1
D. router(config-router)#default-information originate always

Answer: A

QUESTION 256

Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected
to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and
R5.
The EIGRP routing protocol is configured.
You are required to troubleshoot and resolve the EIGRP issues between the various routers.
Use the appropriate show commands to troubleshoot the issues.

QUESTION 256a
The following partial report is shown by typing the command “sh run” on R4:

interface Loopback0
ip address 10.4.4.4 255.255.255.255
!
interface Loopback1
ip address 10.4.4.5 255.255.255.255
!
interface Loopback2
ip address 10.4.4.6 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.123.4 255.255.255.0
:
:
router eigrp 1
network 192.168.123.0
!

The loopback interfaces on R4 with the IP addresses of 10.4.4.4/32, 10.4.4.5/32, and 10.4.4.6/32 are
not appearing in the routing table of R5.
Why are the interfaces missing?
A. The interfaces are shutdown, so they are not being advertised.
B. R4 has been incorrectly configured to be in another AS, so it does not peer with R5.
C. Automatic summarization is enabled, so only the 10.0.0.0 network is displayed.
D. The loopback addresses haven’t been advertised, and the network command is missing on R4.

Answer: D
Explanation: The EIGRP network commands “network 10.4.4.4 0.0.0.0”, “network 10.4.4.5
0.0.0.0” and “network 10.4.4.6 0.0.0.0” are missing on R4.

QUESTION 256b
The following partial report is shown by typing the command “sh run” on R5:

interface Loopback0
ip address 10.5.5.5 255.255.255.255
!
interface Loopback1
ip address 10.5.5.55 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.123.5 255.255.255.0
!

The following partial report is shown by typing the command “sh ip route” on R1:

D 10.5.5.5 [90/2323456] via 192.168.13.3, 00:09:42, Serial1/1


[90/2323456] via 192.168.12.2, 00:09:42, Serial1/3

Which path does traffic take from R1 to R5?


A. The traffic goes through R2.
B. The traffic goes through R3.
C. The traffic is equally load-balanced over R2 and R3.
D. The traffic is unequally load-balanced over R2 and R3.

Answer: C
Explanation: Since two EIGRP routing entries with equal metric (i.e. 2323456) are shown for
10.5.5.5 (i.e. R5) in R1 routing table, the traffic from R1 to R5 is equally load-balanced out from
interface Serial1/1 (i.e. to R3) and interface Serial1/3 (i.e. to R2).

QUESTION 256c
The following partial report is shown by typing the command “sh run” on R1:

interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.16.1 255.255.255.0
!
:
:
interface Serial1/1
ip address 192.168.13.1 255.255.255.0
:
:
interface Serial1/3
ip address 192.168.12.1 255.255.255.0:
:
:
router eigrp 1
network 10.1.1.1 0.0.0.0
network 192.168.12.0
network 192.168.13.0
network 192.168.16.0

The following partial report is shown by typing the command “sh run” on R5:

interface Loopback0
ip address 10.5.5.5 255.255.255.255
!
interface Loopback1
ip address 10.5.5.55 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.123.5 255.255.255.0
!
:
:
router eigrp 1
network 10.5.5.5 0.0.0.0
network 10.10.10.0 0.0.0.255
network 192.168.123.0
!

Study the following output taken on R1:


R1# Ping 10.5.5.55 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.5.5.55, timout is 2 seconds:
Packet sent with a source address of 10.1.1.1
…..
Success rate is 0 percent (0/5)
Why are the pings failing?
A. The network statement is missing on R5.
B. The loopback interface is shut down on R5.
C. The network statement is missing on R1.
D. The IP address that is configured on the Lo1 interface on R5 is incorrect.

Answer: A
Explanation: The EIGRP network command “network 10.5.5.55 0.0.0.0” is missing on R5.

QUESTION 257
If two OSPF neighbors have formed complete adjacency and are exchanging link-state
advertisements, which state have they reached?
A. 2-Way
B. FULL
C. Exchange
D. Exstart

Answer: B
QUESTION 258

Your company has decided to connect the main office with three other remote branch offices using
point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main
office and the routers located in the remote branch offices.
Use appropriate show commands to troubleshoot the issues.

QUESTION 258a
The following partial report is shown by typing the command “sh run” on R3:

interface Serial1/0
description ***Connected to R4-Branch1 office***
ip address 10.10.240.1 255.255.255.252
encapsulation ppp
ip ospf 3 area 0
:
:
router ospf 3
router-id 192.168.3.3
!

The following partial report is shown by typing the command “sh run” on R4:

interface Serial1/0
description ***Connected to R3-Main Branch office***
ip address 10.10.240.2 255.255.255.252
encapsulation ppp
ip ospf 4 area 2
:
:
router ospf 4
router-id 192.168.4.4
!

An OSPF neighbor adjacency is not formed between R3 in the main office and R4 in the Branch1
office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a Layer 2 issue; an encapsulation mismatch on serial links.
C. There is an OSPF hello and dead interval mismatch.
D. The R3 router ID is configured on R4.

Answer: A
Explanation: The ip ospf area command is an alternative to enabling OSPFv2 (i.e. IPv4 OSPF)
through the address of the interface that matches the address range specified by the network area
command.

QUESTION 258b
The following partial report is shown by typing the command “sh run” on R3:

hostname R3
:
:
username R5 password 0 cisco123
username R6 password 0 cisco123
!
:
:
interface Serial1/1
description ***Connected to R5-Branch2 office***
ip address 10.10.240.5 255.255.255.252
encapsulation ppp
ip ospf hello-interval 50
ip ospf 3 area 0
ppp authentication chap
:
:
router ospf 3
router-id 192.168.3.3
!

The following partial report is shown by typing the command “sh run” on R5:

hostname R5
:
:
username R3 password 0 cisco123
!
:
:
interface Serial1/0
description ***Connected to R3-Main Branch office***
ip address 10.10.240.6 255.255.255.252
encapsulation ppp
ip ospf 5 area 0
ppp authentication chap
:
:
router ospf 5
router-id 192.168.5.5
!

An OSPF neighbor adjacency is not formed between R3 in the main office and R5 in the Branch2
office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a PPP authentication issue; a password mismatch.
C. There is an OSPF hello and dead interval mismatch.
D. There is a missing network command in the OSPF process on R5.

Answer: C
In order to form OSPF neighbor adjacency, the OSPF hello interval used on both interfaces of the
OSPF routers must match. However, R3 s1/1 uses OSPF hello interval other than the default
(because the ip ospf hello-interval command is shown) while R5 s1/0 uses default OSPF hello
interval (because ip ospf hello-interval command is not shown), R3 and R5 cannot form OSPF
neighbor adjacency.
QUESTION 258c
The following partial report is shown by typing the command “sh run” on R1:

interface Ethernet0/1
description ***Connected to L2SW***
ip address 10.10.230.1 255.255.255.0
ip ospf hello-interval 25
ip ospf 1 area 0
!
:
:
router ospf 1
router-id 192.168.1.1
!

The following partial report is shown by typing the command “sh run” on R2:

interface Ethernet0/1
description ***Connected to L2SW***
ip address 10.10.230.2 255.255.255.0
ip ospf 2 area 0
!
:
:
router ospf 2
router-id 192.168.2.2
!

The following partial report is shown by typing the command “sh run” on R3:

interface Ethernet0/0
description ***Connected to LAN***
ip address 10.10.230.3 255.255.255.0
ip ospf 3 area 0
!
:
:
router ospf 3
router-id 192.168.3.3
!

R1 does not form an OSPF neighbor adjacency with R2. Which option would fix the issue?
A. R1 ethernet0/1 is shutdown. Configure no shutdown command.
B. R1 ethernet0/1 configured with a non-default OSPF hello interval of 25; configure no ip ospf
hello-interval 25
C. R2 ethernet0/1 and R3 ethernet0/0 are configured with a non-default OSPF hello interval of 25;
configure no ip ospf hello-interval 25
D. Enable OSPF for R1 ethernet0/1; configure ip ospf 1 area 0 command under ethernet0/1.

Answer: B

QUESTION 258d
The following partial report is shown by typing the command “sh run” on R3:

hostname R3
:
:
username R5 password 0 cisco123
username R6 password 0 cisco123
!
:
:
interface Serial1/2
description ***Connected to R6-Branch3 office***
ip address 10.10.240.9 255.255.255.252
encapsulation ppp
ip ospf 3 area 0
ppp authentication chap
:
:
router ospf 3
router-id 192.168.3.3
!

The following partial report is shown by typing the command “sh run” on R6:
hostname R6
:
:
username R3 password 0 cisco123
!
:
:
interface Serial1/0
description ***Connected to R3-Main Branch office***
ip address 10.10.240.10 255.255.255.252
encapsulation ppp
ip ospf 6 area 0
:
:
router ospf 6
router-id 192.168.3.3
!

An OSPF neighbor adjacency is not formed between R3 in the main office and R6 in the Branch3
office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a PPP authentication issue; the usename is not configured on R3 and R6.
C. There is an OSPF hello and dead interval mismatch.
D. The R3 router ID is configured on R6.

Answer: D
Explanation: OSPF router ID must be unique among OSPF routers.

QUESTION 259
Which command can you enter to determine whether serial interface 0/2/0 has been configured
using HDLC encapsulation?
A. router#show interfaces Serial 0/2/0
B. router#show ip interface brief
C. router#show ip interface s0/2/0
D. router#show platform

Answer: A
QUESTION 260
What is the danger of the permit any entry in a NAT access list?
A. It prevents the correct translation of IP addresses on the inside network.
B. It can cause too many addresses to be assigned to the same interface.
C. It can lead to overload resources on the router.
D. It can disable the overload commands.

Answer: C

QUESTION 261
Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)
A. external global
B. inside global
C. external local
D. inside private
E. outside private
F. inside local

Answer: B, F

QUESTION 262
Which command can you enter in global configuration mode to create a DHCP address pool?
A. ip dhcp excluded-address 10.0.2.1 10.0.2.49
B. ip dhcp conflict logging
C. service dhcp
D. ip dhcp pool DHCP_pool

Answer: D

QUESTION 263
Which three statements about IPv6 address fd14:920b:f83d:4079::/64 are true? (Choose three.)
A. The global ID is 4079.
B. The subnet ID is 4079.
C. The subnet ID is 14920bf83d.
D. The address is a unique local address.
E. The global ID is 14920bf83d.
F. The address is a link-local address.
Answer: B, D, E

QUESTION 264
Which two statements about IPv6 multicast addresses are true? (Choose two.)
A. They use the prefix FC80::/8.
B. They identify a group of interfaces on different devices.
C. If the lifetime parameter is set to 1, the route is permanent.
D. If the scope parameter is set to 5, the route is local to the node.
E. They use the prefix FF00::/8.

Answer: B, E

QUESTION 265
Which two statements about IPv6 anycast addresses are true? (Choose two.)
A. They are used in conjunction with source-specific multicast for IPv6.
B. They are allocated from the IPv6 unicast address space.
C. They are allocated from the IPv6 broadcast address space.
D. They receive packets on the closest interface that is discovered by the routing protocol.
E. They use the prefix FC00::/8

Answer: B, D

QUESTION 266
While viewing the running configuration of a router, you observe the command logging trap
warning. Which syslog messages will the router send?
A. levels 1-4
B. warnings only
C. levels 1-5
D. levels 0-4
E. levels 0-5

Answer: D

QUESTION 267
If you configure syslog messages without specifying the logging trap level, which log messages will
the router send?
A. error conditions only
B. warning and error conditions only
C. normal but significant conditions only
D. all levels except debugging
E. informational messages only

Answer: D

QUESTION 268
Which protocol is the first Cisco proprietary implementation of FHRP?
A. HSRP
B. VRRP
C. CARP
D. GLBP

Answer: A
Explanation: A First Hop Redundancy Protocol (FHRP) is a protocol which is designed to protect
the default gateway used on a network by allowing two or more routers to provide backup for the
default gateway address; in the event of failure of the/an active router, the backup router will take
over the default gateway address, usually within a few seconds.
Hot Standby Router Protocol (HSRP) - Cisco's initial, proprietary standard.
Virtual Router Redundancy Protocol (VRRP) - an open standard protocol.
Gateway Load Balancing Protocol (GLBP) - a more recent proprietary standard from Cisco that
permits load balancing automatically as well as redundancy.

QUESTION 269
Which feature builds a FIB and an adjacency table to expedite packet forwarding?
A. Cisco Express Forwarding
B. cut-through
C. process switching
D. fast switching

Answer: A
Explanation: Cisco Express Forwarding (CEF) is an advanced packet forwarding technology used
mainly in large core networks or the Internet to enhance the overall network performance. CEF is
mainly used to increase packet forwarding speed by reducing the overhead and delays introduced by
other routing techniques. CEF consists of two key components: The Forwarding Information Base
(FIB) and adjacency table. The FIB is similar to the routing table generated by multiple routing
protocols, maintaining only the next-hop address for a particular IP-route. The adjacency table
maintains layer 2 information linked to a particular FIB entry, avoiding the need for an ARP request
for each table lookup.

QUESTON 270
Which command can you enter to verify that a router is synced with a configured time source?
A. ntp server time
B. ntp associations
C. ntp authenticate
D. show ntp authenticate
E. show ntp associations

Answer: E
Explanation: NTP (Network Time Protocol) is a management protocol that is used to synchronize
the clocks of various TCP/IP devices across the network. Suppose the Global Configuration
command “ntp server 192.168.13.57” has been typed on Router1, where 192.168.13.57 is the time
source (i.e. the NTP time server).
Router1> show ntp associations
address ref clock st when poll reach delay offset disp
*~192.168.13.57 192.168.1.111 3 32 128 377 7.9 11.18 3.6
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

QUESTION 271
What are two reasons that duplex mismatches can be difficult to diagnose? (Choose two)
A. Full-duplex interfaces use CSMA/CD logic, so mismatches may be disguised by collisions
B. The symptoms of a duplex mismatch may be intermittent
C. 1-Gbps interfaces are full-duplex by default
D. Autonegotiation is disabled
E. The interface displays a connected (up/up) state even when the duplex settings are mismatched

Answer: B, E

QUESTION 272
If the primary root bridge experiences a power loss, which switch takes over?
A. switch 00E0.F726.3DC6
B. switch 00E0.F90B.6BE3
C. switch 0040.0BC0.90C5
D. switch 0004.9A1A.C182

Answer: D

QUESTION 273
When an interface is configured with PortFast BPDU guard, how does the interface respond when it
receives a BPDU?
A. It goes into a down/down state
B. It goes into an errdisable state
C. It becomes the root bridge for the configured VLAN
D. It continues operating normally.

Answer: B

QUESTION 274
Which command can you enter to view the ports that are assigned to VLAN 20?
A. Switch#show ip interface brief
B. Switch#show ip interface vlan 20
C. Switch#show interface vlan 20
D. Switch#show vlan id 20

Answer: D
Explanation:

QUESTION 275
Which condition does the err-disabled status indicate on an Ethernet interface?
A. The interface is configured with the shutdown command
B. The device at the other end of the connection is powered off
C. There is a duplex mismatch.
D. The interface is fully functioning
E. Port security has disabled the interface
F. The serial interface is disabled

Answer: E

QUESTION 276
Which two statements about IPv4 multicast traffic are true? (Choose two.)
A. It is bandwidth-intensive
B. It is the most efficient way to deliver data to multiple receivers
C. It simultaneously delivers multiple streams of data
D. It uses a minimum amount of network bandwidth
E. It burdens the source host without affecting remote hosts

Answer: B, C
Explanation: Answer C means it delivers multiple copies of data at the same time.

QUESTION 277
What are three characteristics of the TCP protocol? (Choose three)
A. It requires applications to determine when data packets must be retransmitted
B. It uses a single SYN-ACK message to establish a connection
C. It ensures that all data is transmitted and received by the remote device
D. It uses separate SYN and ACK messages to establish a connection
E. It supports significantly higher transmission speeds than UDP
F. The connection is established before data is transmitted

Answer: C, D, F

QUESTION 278
Refer to the exhibit. PC_1 is sending packets to the FTP server. Consider the packets as they leave
RouterA interface Fa0/0 towards RouterB. Drag the correct frame and packet address to their place
in the table.

Answer:

QUESTION 279
Which step in the router boot process searches for an IOS image to load into the router?
A. POST
B. bootstrap
C. ROMMON mode
D. mini-IOS

Answer: B

QUESTION 280

You work for a company that provides managed network services, and of your real estate clients
running a small office is experiencing network issues. Troubleshoot the network issues.

Router R1 connects the main office to Internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2, and R3 is RIPv2.
R1 sends default route into RIPv2 for internal routers to forward Internet traffic to R1.
Server1 and Server2 are placed in VLAN 100 and 200 respectively, and are still running router on
stick configuration with router R2.

You have console access on R1, R2, R3, and L2SW1 devices. Use only show commands to
troubleshoot the issues.

QUESTION 280.1
The following partial report is shown by typing the command “sh run” on L2SW1:
:
interface Ethernet0/0
description ***Link to R2***
switchport trunk encapsulation dot1q
switchport mode trunk
:

The following partial report is shown by typing the command “sh run” on R2:
:
interface Ethernet0/1
no ip address
:
interface Ethernet0/1.100
description ***Link to Server1 Segment***
encapsulation dot1Q 200
ip address 192.168.100.1 255.255.255.0
:
interface Ethernet0/1.200
description ***Link to Server2 Segment***
encapsulation dot1Q 100
ip address 192.168.200.1 255.255.255.0
:

Server1 and Server2 are unable to communicate with the rest of the network. Your initial check with
system administrators shows that IP address settings are correctly configured on the server side.
What could be an issue?
A. The VLAN encapsulation is misconfigured on the router subinterfaces.
B. The IP address is misconfigured on the primary router interface.
C. The router is missing subinterface configuration.
D. The trunk is not configured on the L2SW1 switch.

Answer: A
Explanation: “encapsulation dot1Q 100” should be typed on interface Ethernet0/1.100 while
“encapsulation dot1Q 200” should be typed on interface Ethernet0/1.200.

QUESTION 280.2
The following partial report is shown by typing the command “sh ip route” on R1:
:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
R 10.10.10.0 …..
172.16.0.0/16 is variably subnetted, 5 subnets, 3masks
R 172.16.11.0/30 …..
C 172.16.14.0/30 …..
L 172.16.14.1/32 …..
C 172.16.16.0/24 …..
L 172.16.16.1/32 …..
R 192.168.1.0/24 …..
R 192.168.100.0/24 …..
R 192.168.200.0/24 …..
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/27 …..
L 209.165.201.1/32 …..
R1#

The following partial report is shown by typing the command “sh run” on R1:
:
interface Ethernet0/0
description ***Link to ISP***
ip address 209.165.201.1 255.255.255.224
:

Users in the main office complain that they are unable to reach Internet sites. You observe that
Internet traffic that is destined toward the ISP router is not forwarded correctly on R1. What could
be an issue?

Ping to Internet server shows the following results from R1:


Rl#ping 209.165.200.225 Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 209.165.200.225, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

A. The next-hop router address for the default route is incorrectly configured.
B. The default route that is to the ISP router is configured with an AD of 255.
C. The default route that is to the ISP router is not configured on R1.
D. R1 is configured as the DHCP client and is not receiving the default route via DHCP from the
ISP router.

Answer: C

QUESTION 280.3
The following partial report is shown by typing the command “sh run” on R2:
:
interface Ethernet0/3
description ***Link to LAN***
ip address 10.10.10.1 255.255.255.0
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
network 192.168.100.0
network 192.168.200.0
no auto-summary
!
ip forward-protocol nd
!
:

The following partial report is shown by typing the command “sh run” on R3:
:
interface Ethernet0/3
no ip address
shutdown
!
ip forward-protocol nd
!
:

Examine the R2 configuration. The traffic that is destined to the R3 LAN network that is sourced
from R2 is forwarded to R1 instead of R3. What could be an issue?
R2#traceroute 10.10.12.1 source 10.10.10.1
Type escape sequence to abort
Tracing the route to 10.10.12.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.14.1 0 msec 1 msec 0 msec
2 172.16.14.1 !H !H * R2#

A. RIPv2 routing updates are suppressed between R2 and R3 using the passive interface feature.
B. RIPv2 is enabled on R3 but the R3 LAN network is not advertised into the RIPv2 domain.
C. There is no issue. This behavior is normal because the default route is propagated into the RIPv2
domain by R1.
D. RIPv2 is not enabled on R3.

Answer: D

QUESTION 280.4
The following partial report is shown by typing the command “sh run” on R1:
:
router rip
version 2
network 172.16.0.0
:
ip route 10.10.10.0 255.255.255.0 172.16.14.2 200
:

The following partial report is shown by typing the command “sh ip route” on R1:
:
10.0.0.0/24 is subnetted, 1 subnets
R 10.10.10.0 [120/1] via 172.16.14.2, 00:00:20, Ethernet0/2
172.16.0.0/16 is variably subnetted, 5 subnets, 3masks
:

Which statement is correct, based on the R1 routing table?


A. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of
RIPv2, because the static route AD that is configured is less than the AD of RIPv2.
B. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static
route, because the static route AD that is configured is higher than the AD of RIPv2.
C. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses static route instead of
RIPv2, but the traffic is forwarded to the ISP instead of the internal network.
D. Traffic that is destined to 10.10.10.0/24 from the R1 LAN network uses RIPv2 instead of static
route, because the static route AD that is configured is 255.

Answer: B
Explanation: The static route AD configured is 200 and therefore it is higher than AD of RIPv2
which is 120.

QUESTION 281
Which three statements about link-state routing are true? (Choose three.)
A. Routes are updated when a change in topology occurs.
B. Updates are sent to a multicast address by default
C. It uses split horizon
D. Updates are sent to a broadcast address
E. RIP is a link-state protocol
F. OSPF is a link-state protocol

Answer: A, B, F

QUESTION 282
Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.)
A. Leased lines support up to T1 link speeds
B. Multiple leased lines can share a router interface
C. Leased lines require little installation and maintenance expertise
D. Leased lines provide highly flexible bandwidth scaling.
E. Leased lines provide inexpensive WAN access
F. Leased lines with sufficient bandwidth can avoid latency between endpoints

Answer: C, D

QUESTION 283
During which phase of PPPoE is PPP authentication performed?
A. the Authentication phase
B. Phase 2
C. the PPP Session phase
D. the Active Discovery phase
E. Phase 1

Answer: C

QUESTION 284
Which statement about LLDP is true?
A. It is configured in global configuration mode
B. The LLDP update frequency is a fixed value
C. It is a Cisco proprietary protocol
D. It runs over the transport layer.

Answer: A

QUESTION 285
What are two benefits of private IPv4 IP addresses? (Choose two)
A. They eliminate the necessity for NAT policies
B. They are routed the same as public IP addresses.
C. They can be assigned to devices without Internet connections
D. They eliminate duplicate IP conflicts
E. They are less costly than public IP addresses

Answer: C, E

QUESTION 286
You are a junior network engineer for a financial company, and the main office network is
experiencing network issues. Troubleshoot the network issues.

Router R1 connects the main office to the Internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2, and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward Internet traffic to R1.

You have console access on R1, R2, and R3 devices. Use only show commands to troubleshoot the
issues.

QUESTION 286.1
The following partial report is shown by typing the command “sh run” on R2:
:
ip dhcp excluded-address 192.168.20.1
:
ip dhcp pool DHCPASSIGNR3
network 192.168.20.0 255.255.255.252
:
interface Ethernet0/0
description ***Link to R3***
ip address 192.168.20.1 255.255.255.252
:
The following partial report is shown by typing the command “sh run” on R3:
:
interface Ethernet0/1
description ***Link to R2***
no ip address
:

Examine the DHCP configuration between R2 and R3; R2 is configured as the DHCP server and R3
as the client. What is the reason R3 is not receiving the IP address via DHCP?
A. On R2, the network statement in the DHCP pool configuration is incorrectly configured.
B. On R3, DHCP is not enabled on the interface that is connected to R2.
C. On R2, the interface that is connected to R3 is in shutdown condition.
D. On R3, the interface that is connected to R2 is in shutdown condition.

Answer: B

QUESTION 286.2
The following partial report is shown by typing the command “sh run” on R1:
:
interface Ethernet0/2
description ***Link to R2***
ip address 192.168.10.1 255.255.255.252
:
ntp server 209.165.200.226
:

The following partial report is shown by typing the command “sh run” on R2:
:
ntp server 192.168.100.1
:

The R1 router clock is synchronized with the ISP router. R2 is supposed to receive NTP updates
from R1. But you observe that the R2 clock is not synchronized with R1. What is the reason R2 is
not receiving NTP updates from R1?
A. The IP address that is used in the NTP configuration on R2 router is incorrect.
B. The NTP server command is not configured on R2.
C. The R2 Ethernet interface that is connected to R1 is placed in shutdown condition.
D. The R1 Ethernet interface that is connected to R2 is placed in shutdown condition.

Answer: A

QUESTION 286.3
The following partial report is shown by typing the command “sh run” on R2:
:
interface Ethernet0/2
description ***Link to R1***
ip address 192.168.10.2 255.255.255.252
ip access-group SERVER1BLOCK in
:
ip access-list standard SERVER1BLOCK
deny 172.16.200.0 0.0.0.255
permit any
:

Why are applications that are installed on PCs in R2 LAN network 10.100.20.0/24 unable to
communicate with Server1?
A. A standard ACL statement that is configured on R1 is blocking the traffic sourced from the
Server1 network.
B. A standard ACL statement that is configured on R2 is blocking the traffic sourced from the
Server1 network.
C. A Standard ACL statement that is configured on R2 is blocking the traffic sourced from the R2
LAN network.
D. A standard ACL statement that is configured on R1 is blocking the traffic sourced from the R2
LAN network.

Answer: B

QUESTION 286.4
The following partial report is shown by typing the command “sh run” on R1:
:
interface Ethernet0/0
description ***Link to ISP***
ip address 209.165.200.225 255.255.255.224
ip nat inside
:
interface Ethernet0/1
description ***Link to Server1 segment***
ip address 172.16.200.1 255.255.255.0
ip nat outside
:
interface Ethernet0/2
description *** Link to R2***
ip address 192.168.10.1 255.255.255.252
ip nat outside
:

Users complain that they are unable to reach internet sites. You are troubleshooting Internet
connectivity problems at the main office. Which statement correctly identifies the problem on R1?
A. Interesting traffic for the NAT ACL is incorrectly configured.
B. NAT configurations on the interfaces are incorrectly configured.
C. The NAT translation statement is incorrectly configured.
D. Only static NAT translation is configured for the server and is missing dynamic NAT for internal
networks.

Answer: B

QUESTION 287
Which command can you enter to display duplicate IP addresses that the DHCP server assigns?
A. show ip dhcp database 10.0.2.12
B. show ip dhcp conflict 10.0.2.12
C. show ip dhcp binding 10.0.2.12
D. show ip dhcp server statistics

Answer: B

QUESTION 288
In which two formats can the IPv6 address fd15:0db8:0000:0000:0700:0003:400F:572B be written?
(Choose two.)
A. fd15:db8::700:3:400F:572B
B. fd15:db8:0::700:3:4F:572B
C. fd15:0db8::7:3:4F:572B
D. fd15::db8::700:3:400F:572B
E. fd15:0db8:0000:0000:700:3:400F:572B

Answer: A, E

QUESTION 289
Which command can you enter to verity that a 128-bit address is live and responding?
A. ping ipv6
B. traceroute
C. telnet
D. ping

Answer: A

QUESTION 290
Which three statements about IPv6 prefixes are true? (Choose three.)
A. FE80::/8 is used for link-local unicast
B. FF00::/8 is used for IPv6 multicast
C. FC00::/7 is used in private networks.
D. 2001::1/127 is used for loopback addresses.
E. FE80::/10 is used for link-local unicast
F. FEC0::/10 is used for IPv6 broadcast

Answer: B, C, E

QUESTION 291
Which two statements about IPv6 and routing protocols are true? (Choose two.)
A. Loopback addresses are used to form routing adjacencies
B. EIGRP, OSPF, and BGP are the only routing protocols that support IPv6
C. Link-local addresses are used to form routing adjacencies
D. EIGRPv3 was developed to support IPv6 routing
E. OSPFv3 was developed to support IPv6 routing

Answer: C, E
QUESTION 292
Which three circumstances can cause a GRE tunnel to be in an up/down state? (Choose three.)
A. An ACL is blocking the outbound traffic.
B. A valid route to the tunnel destination address is missing from the routing table
C. The ISP is blocking the traffic.
D. The tunnel destination address is routed through the tunnel itself.
E. The Tunnel interface IP address is misconfigured
F. The tunnel source interface is down.

Answer: B, D, F
Explanation: The following settings can cause a GRE tunnel to be in an up/down state:
ip route 20.0.0.0 255.0.0.0 tu1
interface tunnel 1
tunnel destination 20.20.20.20
:
:

QUESTION 293
Which logging command can enable administrators to correlate syslog messages with millisecond
precision?
A. no logging console
B. logging host 10.2.0.21
C. service timestamps log datetime msec
D. no logging monitor
E. logging buffered 4

Answer: C

QUESTION 294
Which feature can you implement to reserve bandwidth for VoIP calls across the call path?
A. round robin
B. CBWFQ
C. PQ
D. RSVP

Answer: D
QUESTION 295
Which function of the IP SLAs ICMP Jitter operation can you use to determine whether a VoIP
issue is caused by excessive end-to-end time?
A. jitter
B. packet loss
C. round-trip time latency
D. successive packet loss

Answer: C

QUESTION 296
Which statement about RADIUS security is true?
A. It supports EAP authentication for connecting to wireless networks.
B. It ensures that user activity is fully anonymous.
C. It provides encrypted multiprotocol support.
D. Device-administration packets are encrypted in their entirety.

Answer: A

QUESTION 297
Which two statements about wireless LAN controllers are true? (Choose two.)
A. They rely on external firewalls for WLAN security.
B. They can manage mobility policies at a systemwide level
C. They are best suited to smaller wireless networks
D. They must be configured through a GUI over HTTP or HTTPS
E. They can simplify the management and deployment of wireless LANs

Answer: B, E

QUESTION 298
Which two statements about northbound and southbound APIs are true? (Choose two.)
A. Only northbound APIs allow program control of the network.
B. Both northbound and southbound APIs allow program control of the network
C. Only northbound API interfaces use a Service Abstraction Layer
D. Only southbound APIs allow program control of the network.
E. Both northbound and southbound API interfaces use a Service Abstraction Layer.
F. Only southbound API interfaces use a Service Abstraction Layer.
Answer: A, F

QUESTION 299
Which protocol advertises a virtual IP address to facilitate transparent failover of a Cisco routing
device?
A. ESRP
B. DHCP
C. RSMLT
D. FHRP

Answer: D

QUESTION 300
Which command can you enter to verify that a BGP connection to a remote device is established?
A. show ip route
B. show ip bgp summary
C. show ip bgp paths
D. show ip community-list

Answer: B

QUESTION 301
What is the authoritative source for an address lookup?
A. the operating system cache
B. a recursive DNS search
C. the browser cache
D. the ISP local cache

Answer: B

QUESTION 302
Which spanning-tree protocol rides on top of another spanning-tree protocol?
A. PVST+
B. Mono Spanning Tree
C. RSTP
D. MSTP

Answer: D
Explanation: IEEE 802.1s MSTP (Multiple Spanning Tree Protocol) can be used to map multiple
VLANs to a single instance for spanning tree calculation. This makes less CPU consumption when
comparing to the method of a spanning tree calculation for each VLAN which is the default on
Cisco switches. MSTP relies on RSTP for spanning tree calculation and therefore MSTP rides on
top of RSTP.

QUESTION 303
Which switching method duplicates the first six bytes of a frame before making a switching
decision?
A. ASIC switching
B. store-and-forward switching
C. cut-through switching
D. fragment-free switching

Answer: C

QUESTION 304
Refer to the exhibit. What two results would occur if the hub were to be replaced with a switch that
is configured with one Ethernet VLAN? (Choose two.)

A. The number of collision domains would remain the same


B. The number of collision domains would decrease
C. The number of collision domains would increase
D. The number of broadcast domains would remain the same
E. The number of broadcast domains would decrease
F. The number of broadcast domains would increase
Answer: C, D

QUESTION 305

Which of the following statements describe the network shown in the graphic? (Choose two.)
A. There are two broadcast domains in the network
B. There are four broadcast domains in the network
C. There are six broadcast domains in the network
D. There are four collision domains in the network
E. There are five collision domains in the network
F. There are seven collision domains in the network

Answer: A, F

QUESTION 306
If three devices are plugged into one port on a switch and two devices are plugged into a different
port, how many collision domains are on the switch?
A. 2
B. 4
C. 5
D. 6

Answer: A

QUESTION 307
Which command can you execute to set the user inactivity timer to 10 seconds?
A. SW1(config-line)#absolute-timeout 0 10
B. SW1(config-line)#exec-timeout 10
C. SW1(config-line)#exec-timeout 0 10
D. SW1(config-line)#absolute-timeout 10

Answer: C

QUESTION 308
Which command can you use to set the hostname on a switch?
A. switch-mdf-c1(config-if)#hostname switch-mdf1
B. switch-mdf-c1#hostname switch-mdf1
C. switch-mdf-c1>hostname switch-mdf1
D. switch-mdf-c1(config)#hostname switch-mdf1

Answer: D

QUESTION 309
Which three statements about DTP are true? (Choose three.)
A. It is disabled by default
B. It is a universal protocol
C. It is a proprietary protocol
D. It is enabled by default
E. It is a Layer 2-based protocol
F. It is a Layer 3-based protocol

Answer: C, D, E
Explanation: The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol
developed by Cisco Systems for the purpose of negotiating trunking on a link between two
switches, and for negotiating the type of trunking encapsulation to be used. It works on Layer 2 of
the OSI model and is enabled by default on Cisco switches.

QUESTION 310
Which three statements about static routing are true? (Choose three.)
A. It is best used for small-scale deployments
B. It uses consistent route determination
C. Router can use update messages to reroute when links fail
D. Routing is disrupted when links fail
E. It requires more resources than other routing methods
F. It is best used for large-scale deployments

Answer: A, B, D

QUESTION 311
What is the correct routing match to reach 172.16.1.5/32?
A. the default route
B. 172.16.1.0/25
C. 172.16.1.0/24
D. 172.16.1.0/26

Answer: D

QUESTION 312
RTR01(config) #router eigrp 103
RTR01(config-router) #network 10.4.3.0
RTR01(config-router) #network 172.16.4.0
RTR01(config-router) #network 192.168.2.0
RTR01(config-router) #auto-summary

If RTR01 is configured as shown, which three addresses will be received by other routers that are
running EIGRP on the network? (Choose three.)
A. 192.168.0.0
B. 192.168.2.0
C. 172.16.0.0
D. 10.0.0.0
E. 172.16.4.0
F. 10.4.3.0

Answer: B, C, D

QUESTION 313
Which command can you enter to verify that a 128-bit address is live and responding?
A. show ipv6
B. traceroute
C. telnet
D. ping
Answer: D
Explanation: “ping ipv6 <ipv6 address>” can be used to verify that a 128-bit address is live and
responding.

QUESTION 314
Drag each IPv6 prefix on the left to its use on the right.

FF02::1 All EIGRPv6 routers


FF02::5 All link-local nodes on a segment
FF02::6 All OSPFv3 routers
FF02::A All PIM routers
FF02::D All site-local routers
FF05::2 OSPFv3 designated routers

Answer:
All EIGRPv6 routers FF02::A
All link-local nodes on a segment FF02::1
All OSPFv3 routers FF02::5
All PIM routers FF02::D
All site-local routers FF05::2
OSPFv3 designated routers FF02::6

Explanation:
FF02::1 is for all IPv6 nodes on the link-local segment.
FF02::2 is for all IPv6 routers on the link-local segment.
FF05::2 is for all IPv6 routers on the local physical network site.
FF02::5 is for all IPv6 OSPF (i.e. OSPFv3) routers on the link-local segment.
FF02::6 is for all IPv6 OSPF (i.e. OSPFv3) DR/BDR routers on the link-local segment.
FF02::A is for all IPv6 EIGRP (i.e. EIGRPv6) routers on the link-local segment.
FF02::D is for all IPv6 PIM (Protocol Independent Multicast, which is a multicast routing protocol)
routers on the link-local segment.

QUESTION 315
Which two statements about IPv6 router advertisement messages are true? (Choose two.)
A. The advertised prefix length must be 64 bits
B. They are sourced from the configured IPv6 interface address
C. The advertised prefix length must be 48 bits.
D. Their destination is always the link-local address of the neighboring node
E. They use ICMPv6 type 134
Answer: A, E
Explanation:

Router advertisement (RA) messages, which have a value of 134 in the Type field of the ICMPv6
packet header, are periodically sent out each configured interface of an IPv6 router. The advertised
prefix length in RA messages must always be 64 bits. The RA messages are sent to the all-nodes
multicast address (i.e. FF02::1) and have the router link-local address as the source address.

QUESTION 316
If a router has four interfaces and each interface is connected to four switches, how many broadcast
domains are present on the router?
A. 1
B. 2
C. 4
D. 8

Answer: C

QUESTION 317
If primary and secondary root switches with priority 16384 both experience catastrophic losses,
which tertiary switch can take over?
A. a switch with priority 4096
B. a switch with priority 8192
C. a switch with priority 12288
D. a switch with priority 20480

Answer: D

QUESTION 318
Which command sequence can you enter to create VLAN 20 and assign it to an interface on a
switch?

A.
Switch(config)#vlan 20
Swithc(config)#interface vlan 20
Switch(config-if)#switchport access vlan 20

B.
Switch(config)#vlan 20
Swithc(config)#interface vlan 20
Switch(config-if)#switchport trunk allowed vlan 20

C.
Switch(config)#interface gig x/y
Swithc(config-if)# vlan 20
Switch(config-vlan)#switchport access vlan 20

D.
Switch(config)#vlan 20
Swithc(config)#interface vlan 20
Switch(config-if)#switchport trunk native vlan 20

E.
Switch(config)#vlan 20
Swithc(config)#interface gig x/y
Switch(config-if)#switchport access vlan 20

Answer: E
Explanation: “gig” is the short form of gigabitethernet. Example of “x/y” is 0/1.

QUESTION 319
Which three commands can you use to set a router boot image? (Choose three.)
A. Router(config)# boot system tftp c7300-js-mz.122-33.SB8a.bin
B. Router> boot flash:c180x-adventerprisek9-mz-124-6T.bin
C. Router(config)# boot system rom
D. Router(config)# boot flash:c180x-adventerprisek9-mz-124-6T.bin
E. Router(config)# boot bootldr bootflash:c4500-jk9s-mz.122-23f.bin
F. Router(config)# boot system flash c4500-p-mz.121-20.bin
Answer: A, C, F
Explanation:
Router(config)#boot system ?
WORD TFTP filename or URL
flash Boot from flash memory
ftp Boot from a server via ftp
mop Boot from a Decnet MOP server
rcp Boot from a server via rcp
rom Boot from rom
tftp Boot from a tftp server

QUESTION 320
Which command can you enter to route all traffic that is destined for 192.168.0.0/20 to a specific
interface?
A. router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
B. router(config)#ip route 0.0.0.0 255.255.255.0 GigabitEthernet0/1
C. router(config)#ip route 192.168.0.0 255.255.240.0 GigabitEthernet0/1
D. router(config)#ip route 192.168.0.0 255.255.255.0 GigabitEthernet0/1

Answer: C

QUESTION 321
Which two statements about unique local IPv6 addresses are true? (Choose two.)
A. They use the prefix FC00::/7
B. They are identical to IPv4 private addresses
C. They can be routed on the IPv6 global Internet
D. They are defined by RFC 1884.
E. They use the prefix FEC0::/10.

Answer: A, B

QUESTION 322
Which two features can dynamically assign IPv6 addresses? (Choose two.)
A. NHRP
B. IPv6 stateless autoconfiguration
C. ISATAP tunneling
D. DHCP
E. IPv6 stateful autoconfiguration

Answer: B, D
Explanation: The method of IPv6 routers sending Router Advertisements for hosts to autoconfigure
their IPv6 addresses is called IPv6 Stateless Address Autoconfiguration (SLAAC).

QUESTION 323
After you configure the Loopback0 interface, which command can you enter to verify the status of
the interface and determine whether fast switching is enabled?
A. Router#show run
B. Router#show ip interface brief
C. Router#show ip interface loopback 0
D. Router#show interface loopback 0

Answer: C
Explanation:
Router(config)#int lo0
Router(config-if)#ip address 1.1.1.1 255.0.0.0
Router(config-if)#end
Router#sh ip int lo0
Loopback0 is up, line protocol is up
Internet address is 1.1.1.1/8
:
:
IP fast switching is enabled
:
:
IP CEF switching is enabled
:
:

By default, the routing switching mechanism of CEF is used by the router. The routing switching
mechanism of Fast Switching will be used when the Global Configuration mode command “no ip
cef” is typed.

QUESTION 324
What are two requirements for an HSRP group? (Choose two.)
A. exactly one standby active router
B. exactly one active router
C. one or more standby routers
D. one or more backup virtual routers
E. exactly one backup virtual router

Answer: B, C

QUESTION 325
A Cisco router is booting and has just completed the POST process. It is now ready to find and load
an IOS image. What function does the router perform next?
A. It checks the configuration register
B. It attempts to boot from a TFTP server
C. It loads the first image file in flash memory
D. It inspects the configuration file in NVRAM for boot instructions

Answer: A
If the configuration register is 0x2102, the startup-config stored in NVRAM will be read later.
If the configuration register is 0x2142, the startup-config stored in NVRAM will not be read later.

QUESTION 326
Which functionality does split horizon provide?
A. It prevents routing loops in link-state protocols.
B. It prevents switching loops in link-state protocols.
C. It prevents switching loops in distance-vector protocols.
D. It prevents routing loops in distance-vector protocols.

Answer: D
Explanation: RIP is a distance-vector routing protocol and implements Split Horizon to prevent
routing loops.

QUESTION 327

Refer to the exhibit. What is the most appropriate summarization for these routes?
A. 10.0.0.0 /21
B. 10.0.0.0 /22
C. 10.0.0.0 /23
D. 10.0.0.0 /24

Answer: B
Explanation: To obtain the most appropriate summarization, you should find out the leading bits
with the same value among those routes, as in the following:

10.0.00000000.0
10.0.00000001.0
10.0.00000010.0
10.0.00000011.0

You may then use a single static route command (e.g. “ip route 10.0.0.0 255.255.252.0 s0/0/0”) for
those routes instead of four static route commands (e.g. “ip route 10.0.0.0 255.255.255.0 s0/0/0”,
“ip route 10.0.1.0 255.255.255.0 s0/0/0”, “ip route 10.0.2.0 255.255.255.0 s0/0/0” and “ip route
10.0.3.0 255.255.255.0 s0/0/0”).

QUESTION 328
Which three statements accurately describe Layer 2 Ethernet switches? (Choose three.)
A. Switches that are configured with VLANs make forwarding decisions based on both Layer 2 and
Layer 3 address information.
B. If a switch receives a frame for an unknown destination, it uses ARP to resolve the address.
C. Establishing VLANs increases the number of broadcast domains.
D. In a properly functioning network with redundant switched paths, each switched segment will
contain one root bridge with all its ports in the forwarding state. All other switches in that broadcast
domain will have only one root port.
E. Spanning Tree Protocol allows switches to automatically share VLAN information.
F. Microsegmentation decreases the number of collisions on the network.

Answer: C, D, F
Explanation: Actually, “switched segment” does not have a concrete definition and different people
may have different ideas. However, as indicated by answer D, “switched segment” tends to mean
“broadcast domain”.
“Microsegmenation” means to use “switch” to connect hosts while “no microsegmentation” means
to use “hub” to connect hosts.
QUESTION 329
Which feature is configured by setting a variance that is at least two times the metric?
A. path count
B. unequal cost load balancing
C. path selection
D. equal cost load balancing

Answer: B
Explanation:
For EIGRP, load balancing can also occur among routes with different metrics through the use of
Router Configuration mode command “variance <value>” (default value is 1 which means “equal
cost load balancing”). This is called “unequal cost load balancing”, as shown in the following
routing table:

For example, “variance 2” might be typed on Router0 so that 39020 <= 30720 * 2 where 30720 is
the feasible distance of Router0 to the destination network 192.168.5.0/24. As a result, the EIGRP
route to 192.168.5.0/24 via 192.168.2.2 with metric 39020 can also be included in the routing table
for unequal cost load balancing routing.
If “variance 3” is typed instead, EIGRP routes to 192.168.5.0/24 with metric <= 30720 * 3 can be
included in the routing table for unequal cost load balancing routing.

QUESTION 330
Which three encapsulation layers in the OSI model are combined into the TCP/IP application layer?
(Choose three.)
A. network
B. data link
C. application
D. session
E. transport
F. presentation

Answer: C, D, F
Explanation: TCP/IP network model was on the path of development when the OSI network model
was published and there was interaction between the designers of TCP/IP and OSI network models.
OSI is a seven-layered network model, but TCP/IP is a four-layered network model. The following
figure compares the TCP/IP and OSI network models:

QUESTION 331
Which symptom most commonly indicates that two connecting interfaces are configured with a
duplex mismatch?
A. an interface with an up/down status
B. the spanning-tree process shutting down
C. an interface with a down/down status
D. collisions on the interface

Answer: D

QUESTION 332
Which three options are switchport configurations that can always avoid duplex mismatch errors
between two switches? (Choose three.)
A. Set both sides of the connection to half duplex.
B. Set both sides of the connection to auto-negotiate.
C. Set one side of the connection to auto-negotiate and the other side to half duplex.
D. Set one side of the connection to auto-negotiate and the other side to full duplex.
E. Set one side of the connection to full duplex and the other side to half duplex.
F. Set both sides of the connection to full duplex.

Answer: A, B, F

QUESTION 333
Which type of MAC address is aged automatically by the switch?
A. static
B. manual
C. automatic
D. dynamic

Answer: D

QUESTION 334
When you enable PortFast on a switch port, the port immediately transitions to which state?
A. listening
B. forwarding
C. blocking
D. learning

Answer: B

QUESTION 335
A BPDU guard is configured on an interface that has PortFast enabled. Which state does the
interface enter when it receives a BPDU?
A. listening
B. blocking
C. errdisable
D. shutdown

Answer: C

QUESTION 336
Which two statements about data VLANs on access ports are true? (Choose two.)
A. Exactly one VLAN can be configured on the interface.
B. Two or more VLANs can be configured on the interface.
C. They can be configured as host ports.
D. 802.1Q encapsulation must be configured on the interface.
E. They can be configured as trunk ports.

Answer: A, C
Explanation: The configuration of the Interface Configuration mode command “switchport host”
has the following three effects:
1. switchport mode will be set to access
2. spanning-tree portfast will be enabled
3. channel group (if any) will be disabled
Therefore, configuring the command “switchport host” can still keep the interface to be an access
port.

QUESTION 337
Under normal operations, Cisco recommends that you configure switchports on which VLAN?
A. on the default VLAN
B. on the management VLAN
C. on the native VLAN
D. on any VLAN except the default VLAN

Answer: D
Explanation: For Cisco switches, the default VLAN is VLAN 1. It is a security best practice to
configure all used switch ports to be associated with VLANs other than VLAN 1. It is also a further
good practice to shut down all unused switch ports to prevent unauthorized access.

QUESTION 338
Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in
trunk mode, dynamic desirable mode, or dynamic auto mode?
A. off
B. dynamic auto
C. dynamic desirable
D. access

Answer: C
QUESTION 339
Which two statements about VTP are true? (Choose two.)
A. All switches must use the same VTP version.
B. All switches must be configured with a unique VTP domain name.
C. All switches must be configured to perform trunk negotiation.
D. The VTP server must have the highest revision number in the domain.
E. All switches must be configured with the same VTP domain name.

Answer: A, E
Explanation: Although VTP has version 1, 2 and 3, the CCNA syllabus focuses on VTP version 1
and 2 only. VTP version 1 is used unless you typed the Global Configuration mode command “vtp
version 2”. VTP version 1 and 2 are incompatible with each other.

QUESTION 340
Which VTP mode prevents you from making changes to VLANs?
A. client
B. server
C. transparent
D. off

Answer: A

QUESTION 341
Which two steps must you perform to enable router-on-a-stick on a switch? (Choose two.)
A. Configure an IP route to the VLAN destination network.
B. Configure the subinterface number exactly the same as the matching VLAN.
C. Connect the router to a trunk port
D. Configure full duplex.
E. Assign the access port to a VLAN.

Answer: C, E

QUESTION 342
Which port security mode can assist with troubleshooting by keeping count of violations?
A. access
B. restrict
C. shutdown
D. protect

Answer: B
Explanation: The number of frames dropped (due to address violation) by Port Security Restrict
mode can be counted by the SecurityViolation counter, as shown below:

QUESTION 343
Which command can you enter in a network switch configuration so that learned MAC addresses
are saved in configuration as they connect?
A. Switch(config-if)#switchport mode access
B. Switch(config-if)#switchport port-security maximum 10
C. Switch(config-if)#switchport port-security
D. Switch(config-if)#switchport port-security mac-address sticky

Answer: D

QUESTION 344
Which two EtherChannel PAgP modes can you configure? (Choose two.)
A. active
B. passive
C. desirable
D. on
E. auto

Answer: C, E

QUESTION 345
Which option is the correct CIDR notation for 192.168.0.0 subnet 255.255.255.252?
A. /29
B. /30
C. /31
D. /32

Answer: B
Explanation: CIDR stands for Classless InterDomain Routing. CIDR notation means the subnet
mask in short form.

QUESTION 346

Refer to the exhibit. You determine that Computer A cannot ping Computer B. Which reason for the
problem is most likely true?
A. The subnet mask for Computer A is incorrect.
B. The default gateway address for Computer A is incorrect.
C. The subnet mask for Computer B is incorrect.
D. The default gateway address for Computer B is incorrect.

Answer: A

QUESTION 347
Refer to the exhibit. You have determined that computer A cannot ping computer B. Which reason
for the problem is most likely true?
A. The computer A subnet mask is incorrect.
B. The computer B default gateway address is incorrect.
C. The computer A default gateway address is incorrect.
D. The computer B subnet mask is incorrect.

Answer: C

QUESTION 348
Which two statements about the extended traceroute command are true? (Choose two.)
A. It can be repeated automatically at a specified interval.
B. It can use a specified TTL value.
C. It can use a specified ToS.
D. It can validate the reply data.
E. It can send packets from a specified interface or IP address.

Answer: B, E
Explanation:
Router A>enable
Router A#traceroute
Protocol [ip]:
Target IP address: 192.168.40.2
Source address: 172.16.23.2
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.40.2
1 172.31.20.2 16 msec 16 msec 16 msec
2 172.20.10.2 28 msec 28 msec 32 msec
3 192.168.40.2 32 msec 28 msec *

Source address --- The interface or IP address of the router to use as a source address for the probes.
The router normally picks the IP address of the outbound interface to use.
Minimum Time to Live [1] --- The TTL value for the first probes. The default is 1, but it can be set
to a higher value to suppress the display of known hops.
Maximum Time to Live [30] --- The largest TTL value that can be used. The default is 30. The
traceroute command terminates when the destination is reached or when this value is reached.

QUESTION 349
Which option describes a benefit of a point-to-point leased line?
A. flexibility of design
B. full-mesh capability
C. low cost
D. simplicity of configuration

Answer: D

QUESTION 350
Which command can you enter to display the operational status of the network ports on a router?
A. show interface status
B. show ip interface brief
C. show running-config interface fastethernet 0/1
D. show interface switchport

Answer: B
Explanation: The following is a sample output from the “show ip interface brief” command:
QUESTION 351

Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does it send
the packet?
A. 192.168.14.4
B. 192.168.12.2
C. 192.168.13.3
D. 192.168.15.5

Answer: A

QUESTION 352
When a router is unable to find a known route in the routing table, how does it handle the packet?
A. It sends the packet over the route with the best metric.
B. It discards the packet.
C. It sends the packet to the gateway of last resort.
D. It sends the packet to the next hop address.

Answer: C
Explanation: A gateway of last resort or default gateway is a route used by the router when no other
known route exists to transmit the IP packet.
QUESTION 353
Which type of routing protocol operates by using first-hand information from each device's peers?
A. exterior gateway protocols
B. distance vector protocols
C. link-state protocols
D. path vector protocols

Answer: C
Explanation: Link state routers have firsthand information from all their peer routers. Each router
originates information about itself, its directly connected links, and the state of those links. This
information is passed around from router to router, each router making a copy of it, but never
changing it. The ultimate objective is that every router has identical information about the
internetwork, and each router will independently calculate its own best paths.

QUESTION 354
If router R1 knows a static route to a destination network and then learns about the same destination
network through a dynamic routing protocol, how does R1 respond?
A. It disables the routing protocol.
B. It prefers the static route.
C. It sends a withdrawal notification to the neighboring router.
D. It refuses to advertise the dynamic route to other neighbors.

Answer: B

QUESTION 355
Which path does a router choose when it has multiple possible paths to the destination over
different routing protocols?
A. the path with both the lowest administrative distance and the highest metric
B. the path with the lowest administrative distance
C. the path with the lowest metric
D. the path with both the lowest administrative distance and lowest metric

Answer: B

QUESTION 356
Which two options are requirements for configuring RIPv2 on an IPv4 network router? (Choose
two.)
A. allowing unicast updates for RIP
B. enabling RIP on the router
C. enabling automatic route summarization
D. enabling RIP authentication
E. connecting RIP to a WAN interface

Answer: A, B
Explanation: Someone may configure RIPv2 to use unicast updates instead of multicast updates by
typing the Router Configuration mode command “neighbor <ip address>”. If that is the case, you
should make sure your environment can allow that unicast updates to pass through.

QUESTION 357
Which effect of the passive-interface command on R1 is true?

R1
interface FastEthernet0/0
ip address 172.16.0.1 255.255.0.0

interface FastEthernet0/1
ip address 172.17.0.1 255.255.0.0

router rip
passive-interface FastEthernet0/0
network 172.16.0.0
network 172.17.0.0
version 2

A. It removes the 172.17.0.0 network from all updates on all interfaces on R1.
B. Interface Fa0/0 operates in RIPv1 mode.
C. It prevents interface Fa0/0 from sending updates.
D. It removes the 172.16.0.0 network from all updates on all interfaces on R1.

Answer: C
Explanation: The Router Configuration mode command “passive-interface <interface name>” is
used to stop RIP from sending routing updates on an interface. However, RIP continues to receive
and process routing updates from its neighbors on that interface.
QUESTION 358

Refer to the exhibit. On R1, which routing protocol is in use on the route to 192.168.10.1?
A. IGRP
B. EIGRP
C. RIP
D. OSPF

Answer: B

QUESTION 359
Which two authentication methods are compatible with MLPPP on a serial interface? (Choose two.)
A. PAP
B. TACACS+
C. LEAP
D. CHAP
E. PEAP

Answer: A, D
Explanation: MLPPP stands for MultiLink Point-to-Point Protocol. It can provide load balancing
over multiple PPP links. PAP and CHAP are two methods of authentication that can be used with
PPP links.

QUESTION 360
Which statement about Cisco Discovery Protocol is true?
A. It can discover information from routers, firewalls, and switches.
B. It runs on the physical layer and the data link layer.
C. It runs on the network layer.
D. It is a Cisco-proprietary protocol.
Answer: D
Explanation: CDP can discover information from routers and switches, but not firewalls. CDP runs
on the data link layer.

QUESTION 361
Which command can you enter to re-enable Cisco Discovery Protocol on a local router after it has
been disabled?
A. Router(config)# cdp enable
B. Router(config-if)# cdp enable
C. Router(config)# cdp run
D. Router(config-if)# cdp run

Answer: C

QUESTION 362
Which two options are the best reasons to use an IPv4 private IP space? (Choose two.)
A. to enable intra-enterprise communication
B. to conserve global address space
C. to implement NAT
D. to connect applications
E. to manage routing overhead

Answer: A, B
Explanation: The obvious advantage of using private address space is to conserve the globally
unique address space.
Using private address space also gives you greater flexibility in network design, since you will have
more address space available than you could get from the globally unique pool. This facilitates
intra-enterprise communication which needs a large amount of IP addresses for a lot of devices
within the enterprise.

QUESTION 363
How does NAT overloading provide one-to-many address translation?
A. It uses a pool of addresses.
B. It uses virtual MAC addresses and virtual IP addresses.
C. It converts IPv4 addresses to unused IPv6 addresses
D. It assigns a unique TCP/UDP port to each session.
Answer: D

QUESTION 364
What is the effect of the overload keyword in an NAT translation configuration?
A. It enables the outside interface to forward traffic.
B. It enables the inside interface to receive traffic.
C. It enables port address translation.
D. It enables the use of a secondary pool of IP addresses when the first pool is depleted.

Answer: C

QUESTION 365
Which command can you enter to determine the addresses that have been assigned on a DHCP
server?
A. show ip dhcp server statistics
B. show ip dhcp pool
C. show ip dhcp database
D. show ip dhcp binding

Answer: D
Explanation: When running DHCP servers on Cisco routers, administrators often want to view the
database of DHCP leases or bindings. In order to view the current ip address leases, type “show ip
dhcp binding” at the enable prompt. You will be presented with a table of ip address leases with
columns which specify the ip address, the mac address, the lease expiration date, and the type of
lease.

QUESTION 366
What are the two minimum required components of a DHCP binding? (Choose two.)
A. an IP address
B. a DHCP pool
C. a hardware address
D. an exclusion list
E. an ip-helper statement

Answer: A, C
Explanation: A DHCP binding is a mapping between the IP address and MAC address of a client.

QUESTION 367
Which command can you enter to troubleshoot the failure of address assignments?
A. show ip dhcp import
B. show ip dhcp database
C. show ip dhcp pool
D. clear ip dhcp server statistics

Answer: C
Explanation:
“show ip dhcp pool” can display the current utilization level for a pool:

QUESTION 368
Which two commands can you enter to display the current time sources statistics on the device?
(Choose two)
A. show clock
B. show ntp status
C. show time
D. show ntp association
E. show clock detail

Answer: B, D
Explanation:
Router#show ntp association

address ref clock st when poll reach delay offset disp


*~110.140.10.80 .MRS. 1 17 64 7 27.318 -0.258 1938.6
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

From the above report, 110.140.10.80 is the IP address of the reference time source.

QUESTION 369
Which command can you enter to configure the switch as an authoritative NTP server?
A. switch(config)#ntp master 3
B. switch(config)#ntp source 193.168.2.2
C. switch(config)#ntp peer 193.168.2.2
D. switch(config)#ntp server 193.168.2.2

Answer: A
Explanation: By using the Global Configuration mode command “ntp master [stratum level]”, you
can configure a Cisco device to act as an authoritative NTP server, enabling it to distribute time
even when it is not synchronized to an existing time server. For the “ntp master” command, you can
specify a stratum level. The range is from 1 to 15 (default is 8). The lower the stratum level
configured, the more reliable the authoritative NTP server pretended to be.

QUESTION 370
How many bits represent the network ID in IPv6?
A. 32
B. 48
C. 64
D. 128

Answer: B
Explanation: For example of global unicast addresses, the first 48 bits are network ID and the
subsequent 16 bits are subnet ID.
QUESTION 371
After you apply the given configuration to R1, you notice that it failed to enable OSPF. Which
action can you take to correct the problem?

R1
ipv6 cef

interface FastEthernet0/0
no ip address
ipv6 enable
ipv6 address 2001:DB8:1::1/64
ipv6 ospf l area 0

ipv6 router ospf 1


router-id 172.16.1.1

A. Configure a loopback interface on R1


B. Configure an IPv4 address on interface F0/0.
C. Enable IPv6 unicast routing on R1.
D. Configure an autonomous system number on OSPF

Answer: C

QUESTION 372
Which address prefix does OSPFv3 use when multiple IPv6 addresses are configured on a single
interface?
A. all prefixes on the interface
B. the prefix that the administrator configures for OSPFv3 use
C. the highest prefix on the interface
D. the lowest prefix on the interface

Answer: A
Explanation: In IPv6, you can configure many addresses (e.g. 2001:0:0:1::1, 2001:0:0:11::1,
2001:0:0:111::1) on an interface. In OSPFv3, all address prefixes (e.g. 2001:0:0:1::/64,
2001:0:0:11::/64, 2001:0:0:111::/64) on an interface are included by default. You cannot select some
address prefixes to be imported into OSPFv3; either all address prefixes on an interface are
imported (by typing the Interface Configuration mode command “ipv6 ospf <process-id> area
<area-id>”), or no address prefixes on an interface are imported (by not typing the Interface
Configuration mode command “ipv6 ospf <process-id> area <area-id>”).

QUESTION 373
Which major IPv6 address type is supported in IPv4 but rarely used?
A. unicast
B. broadcast
C. multicast
D. anycast

Answer: D
Explanation: Anycast was first introduced in IPv6 and was adopted but rarely used in IPv4.

QUESTION 374
Which two statements about syslog logging are true? (Choose two.)
A. The size of the log file is dependent on the resources of the device.
B. Messages are stored in the internal memory of the device.
C. Syslog logging is disabled by default
D. Messages can be erased when the device reboots.
E. Messages are stored external to the device.

Answer: B, D

QUESTION 375
Which statement about SNMPv2 is true?
A. Its privacy algorithms use MD5 encryption by default
B. Its authentication and privacy algorithms are enabled without default values.
C. It requires passwords at least eight characters in length.
D. It requires passwords to be encrypted.

Answer: B
Explanation:
The following are the details of SNMPv2 security model:
• Authentication method: Community String
• Availability of encryption: No
Default values do not exist for authentication or privacy algorithms when you configure the SNMP
commands.
The minimum length for a password (i.e. community string) is one character.
QUESTION 376
In which byte of an IP packet can traffic be marked?
A. the CoS byte
B. the ToS byte
C. the QoS byte
D. the DSCP byte

Answer: B
Explanation: ToS is a field in IP header that has a byte (i.e. 8 bits). DSCP has 6 bits which is a part
of the ToS byte.

QUESTION 377
Which function does traffic shaping perform?
A. It drops packets to control the output rate.
B. It buffers and queues excess packets.
C. It buffers traffic without queuing it
D. It queues traffic without buffering it

Answer: B

QUESTION 378
Which function does the IP SLAs ICMP Path Echo operation perform to assist with
troubleshooting?
A. hop-by-hop response time
B. packet-loss detection
C. congestion detection
D. one way jitter measurements

Answer: A
Explanation: The Cisco IOS IP SLAs ICMP path echo operation allows you to measure end-to-end
and hop-by-hop network response time between a Cisco device and other devices using IP.

QUESTION 379
Which IEEE mechanism is responsible for the authentication of devices when they attempt to
connect to a local network?
A. 802.11
B. 802.1x
C. 802.3x
D. 802.2x

Answer: B

QUESTION 380
Which utility can you use to identify redundant or shadow rules?
A. the Cisco APIC-EM automation scheduler
B. the ACL trace tool in Cisco APIC-EM
C. the ACL analysis tool in Cisco APIC-EM
D. the Cisco WAN application

Answer: C
Explanation: Cisco APIC-EM (Application Policy Infrastructure Controller Enterprise Module) is
an SDN controller developed for traditional routers / switches. ACL (Access Control List) Analysis
in Cisco APIC-EM can analyze ACLs on each network device so that shadow entries, redundant
entries or correlated entries can be identified quickly.
QUESTION 381
Which major component of the Cisco network virtualization architecture isolates users according to
policy?
A. network services virtualization
B. access control
C. policy enforcement
D. path isolation

Answer: B
Explanation: Cisco network virtualization architecture has three main components:
1. Network access control and segmentation of classes of users: Users are authenticated and either
allowed or denied into a logical partition. Users are segmented into employees, contractors and
consultants, and guests, with respective access to IT assets. This component identifies users who are
authorized to access the network and then places them into the appropriate logical partition.
2. Path isolation: Network isolation is preserved across the entire enterprise. This component
maintains traffic partitioned over a routed infrastructure and transports traffic over and between
isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also
performed in this component.
3. Network Services virtualization: This component provides access to shared or dedicated network
services such as security, quality of service (QoS), and address management (Dynamic Host
Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per
partition and isolates application environments, if required.

QUESTION 382
Which utility can you use to identify the cause of a traffic-flow blockage between two devices in a
network?
A. APIC-EM automation scheduler
B. ACL analysis tool in APIC-EM
C. iWan application
D. ACL path analysis tool in APIC-EM

Answer: D
Explanation:

After clicking “Start Trace”:


QUESTION 383
Which three technical services support cloud computing? (Choose three.)
A. redundant connections
B. extended SAN services
C. Layer 3 network routing
D. VPN connectivity
E. network-monitored power sources
F. IP localization

Answer: B, C, F
Explanation:
In brief, the following technical services are essential to supporting the high level of flexibility,
resource availability, and transparent resource connectivity required for cloud computing:
• The Layer 3 network offers the traditional routed interconnection between remote sites and
provides end-user access to cloud services.
• Extended SAN services support data access and accurate data replication. SAN (Storage Area
Network) is a dedicated high-speed network that interconnects and presents shared pools of storage
devices to multiple servers.
• By activating IP localization service, it can improve server-to-server workflows even after the
migration of VMs (Virtual Machines) to another site.
For details:
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xr-software/
white_paper_c11-694882.html

QUESTION 384
Which configuration command can you apply to a HSRP router so that its local interface becomes
active if all other routers in the group fail?
A. Router(config)#standby 1 track Ethernet
B. No additional configuration is required.
C. Router(config)#standby 1 preempt
D. Router(config)#standby 1 priority 250

Answer: B

QUESTION 385
When troubleshooting client DNS issues, which two tasks must you perform? (Choose two.)
A. Determine whether a DHCP address has been assigned.
B. Determine whether the hardware address is correct.
C. Ping a public website IP address.
D. Ping the DNS server.
E. Determine whether the name servers have been configured.

Answer: D, E

QUESTION 386
Which three options are types of Layer 2 network attack? (Choose three.)
A. spoofing attacks
B. ARP attacks
C. botnet attacks
D. VLAN hopping
E. DDOS attacks
F. brute force attacks

Answer: A, B, D
Explanation:
Spoofing attack: An attacker can launch MAC spoofing attacks by sending frames with spoofed
MAC address which actually belongs to the attacker’s target host. The switch receives those frames
and will update its MAC address table with entry which maps this spoofed MAC address to the
attacker’s port.

ARP attack (Attacker “poisons” the ARP tables):

VLAN Hopping Attack (An attacker PC can spoof as a switch to form a trunk link with another
switch. Afterwards, the attacker PC can access different VLANs.):

QUESTION 387
Which command can you enter to configure an IPv6 floating static route?
A. router(config)#ipv6 route FE80:0202::/32 serial 0/1 201
B. router(config)#ipv6 route ::/0 serial 0/l
C. router(config)#ipv6 route FE80:0202::/32 serial 0/l 1
D. router(config)#ipv6 route static resolve default

Answer: A
Explanation: Floating static route is static route like any other but with configured administrative
distance (larger than the default value of 1) in the configuration. For answer A, the configured
administrative distance is 201 which is larger than the default value.
A floating static route is a backup route so that when your main route (e.g. an RIP route with
administrative distance 120) is down then the floating static route with administrative distance 201
will take over.

QUESTION 388
Which two statements about floating static routes are true? (Choose two.)
A. They have a higher administrative distance than the default static route administrative distance.
B. They are routes to the exact /32 destination address.
C. They are used as backup routes when the primary route goes down.
D. They are dynamic routes that are learned from a server.
E. They are used when a route to the destination network is missing.

Answer: A, C

QUESTION 389
Which function allows EIGRP peers to receive notice of impending topology changes?
A. goodbye messages
B. advertised changes
C. successors
D. expiration of the hold timer

Answer: A
Explanation: The goodbye message is a feature designed to improve EIGRP network convergence.
The goodbye message is broadcast when an EIGRP routing process is shutdown to inform adjacent
peers about the impending topology change. This feature allows supporting EIGRP peers to
synchronize and recalculate neighbor relationships more efficiently than would occur if the peers
discovered the topology change after the hold timer expired.
QUESTION 390
Which two statements about EIGRP on IPv6 networks are true? (Choose two.)
A. It supports a shutdown feature.
B. It is configured on the interface.
C. It is globally configured.
D. It is vendor agnostic.
E. It is configured using a network statement

Answer: A, B
Explanation: The following is a sample configuration for IPv6 EIGRP:
IPv6 EIGRP has a shutdown feature. The routing process should be in “no shutdown” mode in order
to start running.

QUESTION 391
Which statement about EIGRP on IPv6 devices is true?
A. The neighbors of each device are directly configured.
B. The configuration uses process numbers.
C. It is configured directly on the interface.
D. The configuration uses secondary IP addresses.

Answer: C

QUESTION 392
Where does the configuration reside when a helper address is configured to support DHCP?
A. on every router along the path
B. on the router closest to the server
C. on the switch trunk interface
D. on the router closest to the client

Answer: D
Explanation: Suppose the DHCP client and the DHCP server are in different networks. Because the
DHCP client sends a DHCP request as a broadcast packet, the DHCP request cannot cross over a
router into another network. So the router closest to the DHCP client can be configured with the
Interface Configuration mode command “ip helper-address <IP address of the DHCP Server>” so
as to send the DHCP request as a unicast packet, and hence this unicast packet can then be routed to
the DHCP server.

QUESTION 393
Which WAN topology is most appropriate for a centrally located server farm with several satellite
branches?
A. hub and spoke
B. point-to-point
C. full mesh
D. star

Answer: A
Explanation:
In a hub and spoke WAN topology, one physical site act as Hub (Example, Main Office), while
other physical sites act as spokes. Spoke sites are connected to each other via Hub site and the
network communication between two spokes always travel through the hub.

QUESTION 394
Which two statements about firewalls are true? (Choose two.)
A. They can limit unauthorized user access to protected data.
B. They must be placed only at locations where the private network connects to the Internet.
C. They can prevent attacks from the Internet only.
D. Each wireless access point requires its own firewall.
E. They can be used with an intrusion prevention system

Answer: A, E
Explanation: Intrusion Prevention System (IPS) stores signatures that define identified patterns in
attack packets. IPS can capture and analyze network packets by comparing those network packets to
the signatures. When a signature is matched, IPS can drop the network packets (since they are
identified as attack packets) and even reset the connection.

QUESTION 395
When is the most appropriate time to escalate an issue that you are troubleshooting?
A. when you have been unable to resolve the issue after 30 minutes
B. when you have gathered all available information about the issue
C. when you lack the proper resources to resolve the issue
D. when a more urgent issue that requires your intervention is detected

Answer: B
QUESTION 396
Which two options describe benefits of aggregated chassis technology? (Choose two.)
A. It supports redundant configuration files.
B. It requires only one IP address per VLAN.
C. Switches can be located anywhere regardless of their physical distance from one another.
D. It supports HSRP, VRRP, and GLBP.
E. It requires only three IP addresses per VLAN.
F. It reduces management overhead.

Answer: B, F
Explanation:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-switching-system-
1440/prod_qas0900aecd806ed74b.html

QUESTION 397
Which three options are fields in a basic Ethernet data frame? (Choose three.)
A. Version
B. Frame Check Sequence
C. Length/Type
D. Time to Live
E. Header Checksum
F. Preamble

Answer: B, C, F

Explanation: The preamble field provides a predictable signal so that the electronics in an Ethernet
receiver can synchronize the data sampling clock to the incoming message.

QUESTION 398
Which six-byte field in a basic Ethernet frame must be an individual address?
A. DA
B. FCS
C. SOF
D. SA
Answer: D
Explanation: Source Address (SA) - The source MAC address consists of six bytes, and it is used to
identify the sending station. Therefore it must be an individual address and cannot be a group
address.

QUESTION 399
Which two types of information are held in the MAC address table? (Choose two.)
A. source IP addresses
B. protocols
C. port numbers
D. destination IP addresses
E. MAC addresses

Answer: C, E
Explanation: port numbers means switch interface numbers.

QUESTION 400
Which protocol is a Cisco proprietary implementation of STP?
A. PVST+
B. MSTP
C. RSTP
D. CST

Answer: A

QUESTION 401
Which two protocols can detect native VLAN mismatch errors? (Choose two.)
A. PAgP
B. Cisco Discovery Protocol
C. VTP
D. STP
E. DTP

Answer: B, D
Explanation: If there is a native VLAN mismatch situation, CDP will report a message like the
following:
*Mar 1 01:35:01: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered
on FastEthernet0/13 (1), with sw1 FastEthernet0/13 (10).
Also, STP will block the concerned switch port.

QUESTION 402
When you troubleshoot an IPv4 connectivity issue on a router, which three router configuration
checks you must perform? (Choose three.)
A. Verify that the router firmware is up-to-date.
B. Verify that the router interface IP address is correct.
C. Verify that the DNS is configured correctly.
D. Verify that a default route is configured.
E. Verify that the route appears in the routing table.
F. Verify that the router and the host use the same subnet mask.

Answer: B, D, E
Explanation: Answer F is incorrect since it is not necessary for the router (e.g. an intermediate
router) to have the same subnet mask as that of the host.

QUESTION 403
When troubleshooting Ethernet connectivity issues, how can you verify that an IP address is known
to a router?
A. Check whether the IP address is in the CAM table.
B. Check whether the IP address is in the routing table.
C. Check whether the IP address is in the ARP table.
D. Check whether an ACL is blocking the IP address.

Answer: C
Explanation: Ethernet connectivity issues implicitly imply local LAN issues. Therefore, the
existence of an entry in the ARP table mapping the local LAN IP address to a MAC address
indicates that the local LAN IP address is known to the router.

QUESTION 404
Which value must a device send as its username when using CHAP to authenticate with a remote
peer site over a PPP link?
A. the local hostname
B. the automatically-generated username
C. the hostname of the remote device
D. the username defined by the administrator

Answer: A

QUESTION 405
Which two options are benefits of private IP addresses? (Choose two.)
A. They can be implemented without requiring the administrator to coordinate with IANA.
B. They are managed by the IANA.
C. They provide network isolation from the Internet.
D. They increase the flexibility of the network design.
E. They are routable over the Internet.

Answer: C, D

QUESTION 406
Which command can you enter to create a NAT pool of 6 addresses?
A. Router(config)#ip nat pool test 175.17.12.69 175.17.12.76 prefix-length 8
B. Router(config)#ip nat pool test 178.17.12.66 178.17.12.72 prefix-length 8
C. Router(config)#ip nat pool test 175.17.12.69 175.17.13.74 prefix-length 16
D. Router(config)#ip nat pool test 175.17.12.69 175.17.12.74 prefix-length 24

Answer: D
Explanation: The portion “prefix-length” can be replaced by “netmask”. For examples:
The portion “prefix-length 8” can be replaced by “netmask 255.0.0.0”.
The portion “prefix-length 16” can be replaced by “netmask 255.255.0.0”.
The portion “prefix-length 24” can be replaced by “netmask 255.255.255.0”.

QUESTION 407
While troubleshooting a DCHP client that is behaving erratically, you discover that the client has
been assigned the same IP address as a printer that is a static IP address. Which option is the best
way to resolve the problem?
A. Configure a static route to the client.
B. Assign the client the same IP address as the router.
C. Move the client to another IP subnet.
D. Move the printer to another IP subnet.
E. Reserve the printer IP address.
Answer: E
Explanation: Answer E means to type the Global Configuration mode command “ip dhcp excluded-
address < IP address of the printer>”.

QUESTION 408
Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.)
A. Configure IP address parameters from DHCP server to a host.
B. Provide an easy management of layer 3 devices.
C. Assign and renew IP address from the default pool.
D. Set the IP gateway to be used by the network.
E. Perform host discovery used DHCPDISCOVER message.
F. Monitor IP performance using the DHCP server.

Answer: A, D
Explanation: Answer C is incorrect because manually configured pool is needed.

QUESTION 409
Which two options are benefits of DHCP snooping? (Choose two.)
A. It prevents static reservations.
B. It prevents DHCP reservations.
C. It tracks the location of hosts in the network.
D. It simplifies the process of adding DHCP servers to the network.
E. It prevents the deployment of rogue DHCP servers.

Answer: C, E
Explanation: A “DHCP snooping” enabled switch can work with information from a DHCP server
to:
 Track the physical location of hosts by recording the IP address and the MAC address a host is
using and the switch interface the host is connecting to to a DHCP snooping binding database.
 Ensure that hosts only use the IP addresses assigned to them.
 Ensure that only authorized DHCP servers are accessible by blocking traffic from DHCP
servers on untrusted interfaces.
The DHCP snooping binding database can be shown by the command “show ip dhcp snooping
binding”:
Switch#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface

------------------ --------------- ---------- ------------- ---- --------------------

01:02:03:04:05:06 10.1.2.150 9837 dhcp-snooping 20 GigabitEthernet2/0/1


00:D0:B7:1B:35:DE 10.1.2.151 237 dhcp-snooping 20 GigabitEthernet2/0/2

Total number of bindings: 2

QUESTION 410
Which NTP type designates a router without an external reference clock as an authoritative time
source?
A. peer
B. server
C. client
D. master

Answer: D
Explanation: By using the Global Configuration mode command “ntp master [stratum level]”, you
can configure a Cisco device to act as an authoritative NTP server, enabling it to distribute time
even when it is not synchronized to an existing time server. For the “ntp master” command, you can
specify a stratum level. The range is from 1 to 15 (default is 8). The lower the stratum level
configured, the more reliable the authoritative NTP server pretended to be.

QUESTION 411
Which value indicates the distance from the NTP authoritative time source?
A. priority
B. layer
C. location
D. stratum

Answer: D
Explanation:
NTP uses a stratum to describe the distance between a network device and an authoritative time
source:
• A stratum 1 time server is directly attached to an authoritative time source (such as a radio or
atomic clock or a GPS time source).
• A stratum 2 time server receives its time through NTP from a stratum 1 time server.
• A stratum 3 time server receives its time through NTP from a stratum 2 time server.
And so on.

QUESTION 412
Which header field is new in IPv6?
A. Flow Label
B. Hop Limit
C. Version
D. Traffic Class

Answer: A
Explanation: “Flow Label” is a new field in IPv6 header. The 20-bit “Flow Label” field in the IPv6
header can be used by a source to label a set of packets belonging to the same flow.

QUESTION 413
R1
ipv6 unicast-routing
interface FastEthernet0/0
no ip address
ipv6 enable
ipv6 address 2001:DB8:12::1/64
ipv6 ospf 1 area 0
ipv6 router ospf 1
router-id 172.16.1.1

R2
ipv6 unicast-routing
interface FastEthernet0/0
no ip address
ipv6 enable
ipv6 address 2001:DB8:12::2/64
ipv6 ospf 1 area 1
ipv6 router ospf 1
router-id 172.16.2.2

After you apply the given configurations to R1 and R2, you notice that OSPFv3 fails to start. Which
reason for the problem is most likely true?
A. The IPv6 network addresses on R1 and R2 are mismatched.
B. The autonomous system numbers on R1 and R2 are mismatched.
C. The router IDs on R1 and R2 are mismatched.
D. The area numbers on R1 and R2 are mismatched.

Answer: D
QUESTION 414
Which value must you configure on a device before EIGRP for IPv6 can start running?
A. process ID
B. router ID
C. loopback interface
D. public IP address

Answer: B
Explanation:
The configuration of IPv6 EIGRP has some restrictions which are:
 The router ID needs to be configured for an IPv6 EIGRP AS before it can run.
 IPv6 EIGRP has a shutdown feature. Ensure that the IPv6 EIGRP AS is in "no shutdown"
mode in order to run the protocol.
The following is a typical IPv6 EIGRP configuration:
R1#config t
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router eigrp 1
R1(config-rtr)#router-id 1.1.1.1
R1(config-rtr)#no shutdown
R1(config-rtr)#interface GigabitEthernet 0/1
R1(config-if)#ipv6 address 2001:DB8:0:1::1/64
R1(config-if)#ipv6 eigrp 1
R1(config-if)#no shutdown
R1(config-if)#interface GigabitEthernet 0/2
R1(config-if)#ipv6 address 2001:DB8:0:2::1/64
R1(config-if)#ipv6 eigrp 1
R1(config-if)#no shutdown
R1(config-if)#

QUESTION 415
Which IPv6 function serves the same purpose as ARP entry verification on an IPv4 network?
A. neighbor discovery verification
B. MAC address table verification
C. routing table entry verification
D. interface IP address verification

Answer: A
Explanation: ARP is replaced by NDP (Neighbor Discovery Protocol) in IPv6.
QUESTION 416
Which three features are represented by the letter A in AAA authentication? (Choose three.)
A. accounting
B. authentication
C. authority
D. authorization
E. accessibility
F. accountability

Answer: A, B, D

QUESTION 417
Which two statements about MPLS are true? (Choose two.)
A. It provides automatic authentication.
B. It tags customer traffic using 802.1q.
C. It encapsulates all traffic in an IPv4 header.
D. It can carry multiple protocols, including IPv4 and IPv6.
E. It uses labels to separate and forward customer traffic.

Answer: D, E

QUESTION 418
Which technology can provide security when connecting multiple sites across the Internet?
A. EBGP
B. DMVPN
C. site-to-site VPN
D. MPLS

Answer: B
Explanation: Cisco DMVPN (Dynamic Multipoint Virtual Private Network) allows multiple sites to
connect over the Internet, providing data integrity and data encryption.
QUESTION 419
Which two options are primary responsibilities of the APIC-EM controller? (Choose two.)
A. It makes network functions programmable
B. It tracks license usage and Cisco IOS versions.
C. It automates network actions between legacy equipment.
D. It automates network actions between different device types.
E. It provides robust asset management.

Answer: A, D
Explanation: The APIC-EM platform delivers many significant benefits. For examples, it:
● Creates an intelligent, open, programmable network with open APIs
● Can help customers save time, resources, and costs through advanced automation services
● Provides a single point for network-wide automation and control on various types of device.

QUESTION 420
Which HSRP feature was new in HSRPv2?
A. VLAN group numbers that are greater than 255
B. virtual MAC addresses
C. preemption
D. tracking

Answer: A
Explanation: In HSRP version 1, group numbers are restricted to the range from 0 to 255 (using
virtual MAC address range 0000.0C07.AC00 to 0000.0C07.ACFF). HSRP version 2 expands the
group number range from 0 to 4095 (using virtual MAC address range 0000.0C9F.F000 to
0000.0C9F.FFFF). Version 1 is the default version of HSRP. To use version 2, the Interface
Configuration mode command “standby version 2” should be configured.
QUESTION 421
R1
interface Loopback0
ip address 172.16.1.33 255.255.255.224
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
router bgp 100
neighbor 192.168.12.2 remote-as 100

Which command do you enter so that R1 advertises the loopback0 interface to the BGP peers?
A. network 172.16.1.32 mask 255.255.255.224
B. network 172.16.1.0 0.0.0.255
C. network 172.16.1.32 255.255.255.224
C. network 172.16.1.33 mask 255.255.255.224
D. network 172.16.1.32 mask 0.0.0.31
E. network 172.16.1.32 0.0.0.31

Answer: A
Explanation: Since R1 already has a directly connected routing entry of 172.16.1.32/27 in the
routing table, the BGP Router Configuration mode command “network 172.16.1.32 mask
255.255.255.224” can cause R1 BGP to advertise 172.16.1.32/27 to the BGP peers.

QUESTION 422
Which statement about recovering a password on a Cisco router is true?
A. A factory reset is required if you forget the password.
B. It requires physical access to the router.
C. It requires a secure SSL/VPN connection.
D. The default reset password is Cisco.

Answer: B
Explanation: You have to use a console connection in order to perform password recovery on a
Cisco router / switch.

QUESTION 423
Which option is the master redundancy scheme for stacked switches?
A. 1:N
B. 1:1
C. N:1
D. 1+N

Answer: A
Explanation: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-
switches/prod_white_paper09186a00801b096a.html

QUESTION 424
Which two options are features of the extended ping command? (Choose two.)
A. It can send a specified number of packets.
B. It can ping multiple hosts at the same time.
C. It can count the number of hops to the remote host.
D. It can resolve the destination host name
E. It can send packets from a specified interface or IP address.

Answer: A, E
Explanation: The following is an example of using extended ping command:

A specified number of packets can be sent by answering the “Repeat count” question.
The source IP address of packets sent can be defined by answering the “Source address or interface”
question. Please note that you can only state an IP address or an interface name that the router (i.e.
R2, as mentioned in the diagram) actually has.

QUESTION 425
Which type of attack can be mitigated by configuring the default native VLAN to be unused?
A. MAC spoofing
B. CAM table overflow
C. switch spoofing
D. VLAN hopping

Answer: D
Explanation: http://www.omnisecu.com/ccna-security/what-is-double-tagging-attack-how-to-
prevent-double-tagging-attack.php

QUESTION 426
Which WAN topology provides a direct connection from each site to all other sites on the network?
A. single-homed
B. full mesh
C. point-to-point
D. hub-and-spoke

Answer: B
Explanation:

QUESTION 427
Drag and drop each cable type from the left onto the type of connection for which it is best suited
on the right.

crossover console to PC
DTE/DCE router serial to router serial
rollover switch to router
straight-through switch to switch

Answer:
console to PC rollover
router serial to router serial DTE/DCE
switch to router straight-through
switch to switch crossover

QUESTION 428
How can you manually configure a switch so that it is selected as the root switch?
A. Increase the priority number
B. Lower the port priority number
C. Increase the port priority number
D. Lower the priority number

Answer: D

QUESTION 429
Which three are valid modes for a switch port used as a VLAN trunk? (Choose three.)
A. auto
B. forwarding
C. desirable
D. on
E. blocking
F. transparent

Answer: A, C, D

QUESTION 430
Which feature must you enable to distribute VLANs automatically across multiple switches?
A. Configure the native VLAN.
B. Define each VLAN.
C. Configure NTP.
D. Configure VTP.

Answer: D

QUESTION 431
Which definition of a default route is true?
A. a route that is manually configured
B. a route used when a route to the destination network is missing
C. a route to the exact /32 destination address
D. a dynamic route learned from a server

Answer: B
Explanation: Besides manually configured, a default route can be learned from another router.

QUESTION 432
R1#show ip route
:
:
C 192.168.12.0/24 is directly connected, FastEthernet0/0
C 192.168.13.0/24 is directly connected, FastEthernet0/1
C 192.168.14.0/24 is directly connected, FastEthernet1/0
192.168.10.0/24 is variably subnetted, 3 subnets, 3 masks
O 192.168.10.0/24 [110/2] via 192.168.14.4, 00:02:01, FastEthernet1/0
O 192.168.10.32/27 [110/11] via 192.168.13.3, 00:00:52, FastEthernet0/1
O 192.168.0.0/16 [110/2] via 192.168.15.5, 00:05:01, FastEthernet1/1
D 192.168.10.1/32 [90/52778] via 192.168.12.2, 00:03:44, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.14.4, 00:00:10, FastEthernet1/0

If R1 sends traffic to 192.168.10.45, the traffic is sent through which interface?


A. FastEthernet0/1
B. FastEthernet0/0
C. FastEthernetl/0
D. FastEthernet1/1

Answer: A

QUESTION 433
R1#show ip route
:
:
C 192.168.12.0/24 is directly connected, FastEthernet0/0
C 192.168.13.0/24 is directly connected, FastEthernet0/1
C 192.168.14.0/24 is directly connected, FastEthernet1/0
192.168.10.0/24 is variably subnetted, 3 subnets, 3 masks
O 192.168.10.0/24 [110/2] via 192.168.14.4, 00:02:01, FastEthernet1/0
O 192.168.10.32/27 [110/11] via 192.168.13.3, 00:00:52, FastEthernet0/1
O 192.168.0.0/16 [110/2] via 192.168.15.5, 00:05:01, FastEthernet1/1
D 192.168.10.1/32 [90/52778] via 192.168.12.2, 00:03:44, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.14.4, 00:00:10, FastEthernet1/0

What is the metric for the route from R1 to 192.168 10.1?


A. 2
B. 90
C. 110
D. 52778

Answer: D

QUESTION 434
Which command can you enter on a switch to display the IP addresses associated with connected
devices?
A. show cdp neighbors detail
B. show cdp interface
C. show cdp traffic
D. show cdp neighbors

Answer: A

QUESTION 435
Which configuration can be used with PAT to allow multiple inside addresses to be translated to a
single outside address?
A. DNS
B. dynamic routing
C. preempt
D. overload

Answer: D

QUESTION 436
ip dhcp pool test
network 192.168.10.0 /27
domain-name cisco.com
dns-server 172.16.1.1 172.16.2.1
netbios-name-server 172.16.1.10 172.16.2.10
After you apply the given configuration to a router, the DHCP clients behind the device cannot
communicate with hosts outside of their subnet. Which action is most likely to correct the problem?
A. Activate the DHCP pool
B. Correct the subnet mask
C. Configure the DNS server on the same subnet as the clients
D. Configure the default gateway

Answer: D
Explanation: Configure the default gateway by using the command “default-router”.

QUESTION 437
Which type of IPv6 unicast IP address is reachable across the Internet?
A. unique local
B. link local
C. global
D. compatible

Answer: C

QUESTION 438
Which statement about IPv6 link-local addresses is true?
A. They must be configured on all IPv6 interfaces
B. They must be manually configured
C. They are advertised globally on the network
D. They must be globally unique

Answer: A

QUESTION 439
Which two options are fields in an Ethernet frame? (Choose two.)
A. header
B. source IP address
C. frame check sequence
D. type
E. destination IP address
Answer: C, D

QUESTION 440
Which type of cable must you use to connect two devices with MDI interfaces?
A. rolled
B. crossed
C. straight-through
D. crossover

Answer: D

QUESTION 441
Which RPVST+ port state is excluded from all STP operations?
A. learning
B. blocking
C. forwarding
D. disabled

Answer: D
Explanation: A disabled port cannot send or receive BPDUs.

QUESTION 442
Which statement about spanning-tree root-bridge election is true?
A. Every VLAN must use the same root bridge.
B. It is always performed automatically.
C. Each VLAN must have its own root bridge.
D. Every root bridge must reside on the same root switch.

Answer: C

QUESTION 443
In which type of port can switches interconnect for multi-VLAN communication?
A. trunk port
B. interface port
C. access port
D. switch port
Answer: A

QUESTION 444
Under which circumstance is a router on a stick most appropriate?
A. when the router must route multiple subnets across a single physical link
B. when the router must route a single subnet across a single physical link
C. when the router must route a single subnet across multiple physical links
D. when the router must route multiple subnets across multiple physical links

Answer: A

QUESTION 445
To enable router on a stick on a router subinterface, which two steps must you perform? (Choose
two.)
A. Configure the subinterface with an IP address.
B. Configure full duplex and speed.
C. Configure a default to route traffic between subinterfaces.
D. Configure encapsulation dot1q.
E. Configure an IP route to the VLAN destination network.

Answer: A, D

QUESTION 446
How does a router handle an incoming packet whose destination network is missing from the
routing table?
A. It routes the packet to the default route.
B. It broadcasts the packet to each network on the router.
C. It broadcasts the packet to each interface on the router.
D. It discards the packet

Answer: A

QUESTION 447
Which type of secure MAC address must be configured manually?
A. static
B. dynamic
C. sticky
D. bia

Answer: A

QUESTION 448
Which port security violation mode allows traffic from valid MAC addresses to pass but blocks
traffic from invalid MAC addresses?
A. shutdown VLAN
B. shutdown
C. protect
D. restrict

Answer: C
Explanation: Both the protect mode and the restrict mode can allow traffic from valid MAC
addresses to pass but block traffic from invalid MAC addresses. The difference is that a security
violation counter is incremented and a console message of dropping traffic is displayed in the
restrict mode, while it is not in the protect mode. Since the question does not mention the security
violation counter and the console message, protect should be a better answer.

QUESTION 449
Which option is the industry-standard protocol for EtherChannel?
A. DTP
B. Cisco Discovery Protocol
C. PAgP
D. LACP

Answer: D

QUESTION 450
Which address class includes network 191.168.0.1/27?
A. Class A
B. Class B
C. Class D
D. Class C
Answer: B

QUESTION 451
How many host addresses are available on the network 192.168.1.0 subnet 255.255.255.240?
A. 6
B. 8
C. 14
D. 16

Answer: C

QUESTION 452

Refer to the exhibit. If computer A is sending traffic to computer B, which option is the source IP
address when a packet leaves R1 on interface F0/1?
A. IP address of the R1 interface F0/1
B. IP address of the R2 interface F0/1
C. IP address of computer B
D. IP address of computer A

Answer: D

QUESTION 453
Which statement about upgrading a Cisco IOS device with TFTP is true?
A. The Cisco IOS device must be on the same LAN as the TFTP server
B. The operation is performed in passive mode.
C. The operation is performed in an unencrypted format.
D. The operation is performed in active mode.

Answer: C
Explanation: TFTP has no encryption process in place.
QUESTION 454
When is a routing table entry identified as directly connected?
A. when the route is statically assigned to reach a specific network
B. when the local router is in use as the network’s default gateway
C. when the network resides on a remote router that is physically connected to the local router
D. when an interface on the router is configured with an IP address and enabled

Answer: D
Explanation: For answer C, it means the remote router, not the network, is physically connected to
the local router.

QUESTION 455
Which definition of a host route is true?
A. a route to the exact /32 destination address
B. a route that is manually configured
C. a dynamic route learned from a server
D. a route used when a route to the destination network is missing

Answer: A

QUESTION 456
Which type of routing protocol operates by exchanging the entire routing information?
A. distance-vector protocols
B. link-state protocols
C. exterior gateway protocols
D. path-vector protocols

Answer: A

QUESTION 457
Router R1 has a static route that is configured to a destination network. A directly connected
interface is configured with an IP address in the same destination network. Which statement about
R1 is true?
A. R1 refuses to advertise the dynamic route to other neighbors.
B. R1 prefers the static route.
C. R1 sends a withdrawal notification to the neighboring router.
D. R1 prefers the directly connected interface.
Answer: D

QUESTION 458
Which command must you enter to enable OSPFv2 in an IPv4 network?
A. router ospf value
B. router ospfv2 process-id
C. router ospf process-id
D. ip ospf hello-interval seconds

Answer: C

QUESTION 459
R1
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
router ospf 1
router-id 172.16.1.1
network 172.16.1.1 0.0.0.0 area 0
network 192.168.10.0 0.0.0.255 area 0

You have discovered that computers on the 192.168.10.0/24 network can ping their default
gateway, but they cannot connect to any sources on a remote network. Which reason for the
problem is most likely true?
A. The 192.168.12.0/24 network is missing from OSPF.
B. The OSPF process ID is incorrect.
C. The OSPF area number is incorrect.
D. An ARP table entry is missing for 192.168.10.0.
E. A VLAN number is incorrect for 192.168.10.0.

Answer: A

QUESTION 460
While troubleshooting a connection problem on a computer, you determined that the computer can
ping a specific web server but it cannot connect to TCP port 80 on that server. Which reason for the
problem is most likely true?
A. A route is missing.
B. An ARP table entry is missing.
C. A VLAN number is incorrect.
D. An ACL is blocking the TCP port.

Answer: D
Explanation: ACL stands for Access Control List.

QUESTION 461
Which PPP subprotocol negotiates authentication options?
A. DLCI
B. NCP
C. SLIP
D. ISDN
E. LCP

Answer: E
Explanation: PPP is one of the WAN protocols that you can configure on Cisco IOS routers.

PPP operates on the data link layer (layer 2) but as you can see the data link layer has been split into
two pieces:
 NCP: Network Control Protocol
 LCP: Link Control Protocol
LCP is used to negotiate authentication options such as whether authentication is needed, which
authentication method (e.g. CHAP, PAP) is used if authentication is needed.
NCP is used to make sure you can run different protocols (e.g. IPv4, IPv6) over the PPP link.
QUESTION 462
When you deploy Multilink PPP on your network, where must you configure the group IP address
on each device?
A. under the multilink interface
B. in the global configuration
C. under the serial interfaces
D. under the routing protocol

Answer: A
Explanation: Multilink PPP allows packets to be fragmented and fragments to be sent at the same
time over multiple point-to-point links to the same remote address. The following is a configuration
example:
Router1# config t
Router1(config)# interface multilink 1
Router1(config-if)# ip address 172.16.1.1 255.255.0.0
Router1(config-if)# ppp multilink
Router1(config-if)# ppp multilink group 1
Router1(config-if)# int s0/0/0
Router1(config-if)# encapsulation ppp
Router1(config-if)# ppp multilink
Router1(config-if)# ppp multilink group 1
Router1(config-if)# no shutdown
Router1(config-if)# int s0/0/1
Router1(config-if)# encapsulation ppp
Router1(config-if)# ppp multilink
Router1(config-if)# ppp multilink group 1
Router1(config-if)# no shutdown
Router1(config-if)# end
Router1#

QUESTION 463
Which three options are types of IPv6 static routes? (Choose three.)
A. recursive static routes
B. injected static routes
C. directly connected static routes
D. redistributed static routes
E. fully specified static routes
F. dynamically specified static routes

Answer: A, C, E
Explanation:
A fully specified static route means both the output interface and the next hop address are specified.
For example:
ipv6 route 2001:DB8::/32 gigabitethernet1/0/0 2001:DB8:3000:1

A directly connected static route means only the output interface is specified. For example:
ipv6 route 2001:DB8::/32 gigabitethernet1/0/0

A recursive static route means only the next hop address is specified. For example:
ipv6 route 2001:DB8::/32 2001:DB8:3000:1

QUESTION 464
Which address block identifies all link-local addresses?
A. FC00::/7
B. FC00::/8
C. FE80::/10
D. FF00::/8

Answer: C

QUESTION 465
Which two steps must you perform on each device that is configured for IPv4 routing before you
implement OSPFv3? (Choose two.)
A. Enable IPv6 unicast routing.
B. Configure a loopback interface.
C. Configure a router ID.
D. Enable IPv6 on an interface.
E. Configure an autonomous system number.

Answer: A, D

QUESTION 466
Which two statements about IPv6 address 2002:ab10:beef::/48 are true? (Choose two.)
A. It is used for a 6to4 tunnel
B. It is used for an ISATAP tunnel.
C. The embedded IPv4 address can be globally routed.
D. The MAC address 20:02:b0:10:be:ef is embedded into the IPv6 address.
E. The embedded IPv4 address is an RFC 1918 address.

Answer: A, C
Explanation: An automatic 6to4 tunnel allows isolated IPv6 networks to be connected over an IPv4
network. The key difference between automatic 6to4 tunnels and manually configured tunnels is
that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are
not configured in pairs. The IPv4 address embedded in the IPv6 address is used to find the other end
of the automatic tunnel.
An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which
creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4
infrastructure. The tunnel destination is determined by the IPv4 address of the border router
extracted from the IPv6 address that starts with the prefix 2002::/16, where the format is
2002:hexadecimal-format-of-border-router-IPv4-address::/48.
For 2002:ab10:beef::/48 mentioned in the question, the part ab10:beef corresponds to
171.16.190.239 which is a public IPv4 address where:
Hexadecimal Decimal
ab 171
10 16
be 190
ef 239

QUESTION 467
Which command can you enter on a switch to determine the current SNMP security model?
A. snmp-server contact
B. show snmp engineID
C. show snmp pending
D. show snmp group

Answer: D
Explanation: The security model (either v1, v2c, or v3) can be shown by the command “show snmp
group”:
router# show snmp group
groupname: public security model:v1
:
:
QUESTION 468
Which option is the main function of congestion management?
A. providing long-term storage of buffered data
B. discarding excess traffic
C. classifying traffic
D. queuing traffic based on priority

Answer: D

QUESTION 469
Which two statements about TACACS+ are true? (Choose two.)
A. It authenticates against the user database on the local device.
B. It is enabled on Cisco routers by default.
C. It is more secure than AAA authentication.
D. It uses a managed database.
E. It can run on a UNIX server.

Answer: D, E
Explanation: By installing Cisco Secure ACS for Windows on a Windows server or Cisco Secure
ACS for Unix on a Unix server, devices such as Cisco routers or Cisco switches can communicate
with the server (where a managed database for authentication resided) through TACACS+ protocol.

QUESTION 470
Which technology supports multiple dynamic secure connections over an unsecure transport
network?
A. client VPN
B. VPN
C. DMVPN
D. site-to-site VPN

Answer: C
Explanation: DMVPN (Dynamic Multipoint VPN) is a routing technique we can use to build a VPN
network with multiple sites without having to statically configure all devices. It’s a “hub and spoke”
network where the spokes will be able to communicate with each other directly without having to
go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice
for connecting different sites using regular Internet connections.
QUESTION 471
Which three options are the major components of a network virtualization architecture? (Choose
three.)
A. policy enforcement
B. authentication services
C. path isolation
D. network resilience
E. virtual network services
F. network access control

Answer: C, E, F
Explanation: Cisco network virtualization architecture has three main components:
1. Network access control and segmentation of classes of users: Users are authenticated and either
allowed or denied into a logical partition. Users are segmented into employees, contractors and
consultants, and guests, with respective access to IT assets. This component identifies users who are
authorized to access the network and then places them into the appropriate logical partition.
2. Path isolation: Network isolation is preserved across the entire enterprise. This component
maintains traffic partitioned over a routed infrastructure and transports traffic over and between
isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also
performed in this component.
3. Network Services virtualization: This component provides access to shared or dedicated network
services such as security, quality of service (QoS), and address management (Dynamic Host
Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per
partition and isolates application environments, if required.

QUESTION 472
Which keyword enables an HSRP router to take the active role immediately when it comes online?
A. version
B. preempt
C. priority
D. IP address

Answer: B

QUESTION 473
Which statement about DHCP snooping is true?
A. It can be configured on switches and routers
B. It blocks traffic from DHCP servers on untrusted interfaces.
C. It allows packets from untrusted ports if their source MAC address is found in the binding table.
D. It uses DHCPDiscover packets to identify DHCP servers.

Answer: B
Explanation: A “DHCP snooping” enabled switch can work with information from a DHCP server
to:
 Track the physical location of hosts by recording the IP address and the MAC address a host is
using and the switch interface the host is connecting to to a DHCP snooping binding database.
 Ensure that hosts only use the IP addresses assigned to them.
 Ensure that only authorized DHCP servers are accessible by blocking traffic from DHCP
servers on untrusted interfaces.
The DHCP snooping binding database can be shown by the command “show ip dhcp snooping
binding”:
Switch#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface

------------------ --------------- ---------- ------------- ---- --------------------

01:02:03:04:05:06 10.1.2.150 9837 dhcp-snooping 20 GigabitEthernet2/0/1

00:D0:B7:1B:35:DE 10.1.2.151 237 dhcp-snooping 20 GigabitEthernet2/0/2

Total number of bindings: 2

QUESTION 474
Where does a switch maintain DHCP snooping information?
A. in the MAC address table
B. in the VLAN database
C. in the DHCP binding database
D. in the CAM table

Answer: C

QUESTION 475
In which option is the benefit of implementing an intelligent DNS for a cloud computing solution?
A. It eliminates the need for a GSS.
B. It enables the ISP to maintain DNS records automatically.
C. It can redirect user requests to locations that are using fewer network resources.
D. It reduces the need for a backup data center.

Answer: C
Explanation: The Cisco GSS 4492R Global Site Selector is part of the Cisco ACE Application
Control Engine family and a crucial component of any data center or cloud computing architecture
that requires an appliance-based, security-focused, universal global load balancer.
The Cisco GSS 4492R allows businesses to deploy global Internet and intranet applications with the
confidence that all application users will be quickly routed to a standby data center if a primary data
center outage or overload occurs. The Cisco GSS 4492R does this by performing as an intelligent
Domain Name Service (DNS) authoritative server, such that when a user’s web browser send a
request such as “where is www.bxb.com” they receive the best of all the possible IP addresses for
that particular user at that particular time.

QUESTION 476
Which prompt does a Cisco switch display when it is running in privileged exec mode?
A. switch(config-if)#
B. switch#
C. switch>
D. switch(config)#

Answer: B

QUESTION 477
Drag and drop the STP failure types from the left onto the potential causes on the right.

packet corruption cable with a high error rate


PortFast configuration duplex mismatch
error
resource errors fiber cable with a damaged strand
traffic collisions link between two switches that unexpectedly
transitions to forwarding mode
unidirectional link Switch with an overloaded CPU

Answer:
cable with a high error rate packet corruption
duplex mismatch traffic collisions
fiber cable with a damaged strand unidirectional link
link between two switches that unexpectedly PortFast
transitions to forwarding mode configuration error
Switch with an overloaded CPU resource errors

Explanation: Unidirectional link (i.e. traffic can be sent one way only) can occur if there is a
problem with the cable. This problem occurs more often on fiber-optic connection.
QUESTION 478
Under which two circumstances is a switch port that is configured with PortFast BPDU guard error-
disabled? (Choose two.)
A. when a single IP address is configured on the switch
B. when a wireless access point running in bridge mode is connected to a switch
C. when a connected server has more than one VLAN configured on its NIC
D. when the switch receives a BPDU from a connected switch
E. when the switch receives a request for an IP address from an individual PC

Answer: B, D
Explanation: STP is available only when the access point is in bridge mode.
Bridge mode allows the Access Point to communicate with another Access Point which is in bridge
mode also. A typical scenario is connecting two buildings through a wireless connection. Wireless
clients will not communicate to APs in bridge mode.

QUESTION 479
Drag and drop the switching concepts from the left onto the correct descriptions on the right.

dynamic MAC address feature that determines whether incoming


traffic will be allowed
MAC ACL MAC address that remains in the MAC table
after a reboot
MAC address table MAC address that is learned by the switch
through normal traffic flows
MAC aging adding a previously unknown MAC address
into the address table
MAC learning associates a learned MAC address with its
connected interface
static MAC Address removing an inactive MAC address from the
address table after a specified period

Answer:
feature that determines whether incoming MAC ACL
traffic will be allowed
MAC address that remains in the MAC table static MAC Address
after a reboot
MAC address that is learned by the switch dynamic MAC
through normal traffic flows address
adding a previously unknown MAC address MAC learning
into the address table
associates a learned MAC address with its MAC address table
connected interface
removing an inactive MAC address from the MAC aging
address table after a specified period

Explanation: ACL stands for Access Control List.

QUESTION 480
Drag and drop the MAC address types from the left onto the correct descriptions on the right.

dynamic secure MAC cleared from the CAM table when the switch
address reboots
nonsecure MAC address configured with the switchport port-security
mac-address command
static secure MAC dynamically learned addresses that can be
address retained permanently
sticky MAC address requires access VLAN configuration only

Answer:
cleared from the CAM table when the switch dynamic secure
reboots MAC address
configured with the switchport port-security static secure MAC
mac-address command address
dynamically learned addresses that can be sticky MAC address
retained permanently
requires access VLAN configuration only nonsecure MAC
address

Explanation: The MAC address table is also called the CAM (Content Addressable Memory) table.
“Requires access VLAN configuration only” implies there is no Port Security configuration set on
that port. Therefore, the MAC addresses learnt on that port are nonsecure.

QUESTION 481
Which two statements about multicast addresses are true? (Choose two.)
A. 02-00-5e-7f-11-c1 is a multicast MAC address.
B. They allow one-to-one communication.
C. 01-00-5e-7b-11-c1 is a multicast MAC address.
D. 01-00-53-ab-11-c1 is a multicast MAC address.
E. They allow one-to-many communication.

Answer: C, E
Explanation: To support IP multicasting, the Internet authorities have reserved the multicast MAC
address range of 01-00-5E-00-00-00 to 01-00-5E-7F-FF-FF.

QUESTION 482
Drag and drop each multicast IP address on the left to the empty Multicast Address column on the
right. Not all options are used.

10.255.255.255
192.168.1.0
239.0.1.255
239.2.12.255
224.0.0.1
224.10.1.25

Answer:
10.255.255.255 239.0.1.255
192.168.1.0 239.2.12.255
224.0.0.1
224.10.1.25

QUESTION 483
Drag and drop the descriptions of IP protocol transmissions from the left onto the correct IP traffic
types on the right.

It sends transmissions in sequence. TCP


Transmissions include an 8-byte header.
It transmits packets as a stream.
It transmits packets individually.
It uses a higher transmission rate to
support latency-sensitive applications.
It uses a lower transmission rate to ensure UDP
reliability.

Answer:
TCP
It sends transmissions in sequence.
It transmits packets as a stream.
It uses a lower transmission rate to ensure
reliability.

UDP
Transmissions include an 8-byte header.
It transmits packets individually.
It uses a higher transmission rate to support
latency-sensitive applications.

Explanation: The size of a UDP header is 8 bytes and UDP transmits packets individually without
the need to establish a connection in advance.

QUESTION 484
Drag and drop the protocol from the left onto the matching IP traffic type on the right.

DHCP TCP
HTTP
SMTP
SNMP
Telnet
VOIP UDP

Answer:
TCP
HTTP
SMTP
Telnet

UDP
DHCP
SNMP
VOIP

Explanation: VOIP stands for Voice over IP.

QUESTION 485
Drag and drop the extended traceroute option from the left onto the correct description on the right.

maximum time to live A value that, when reached, terminates the


traceroute command.
minimum time to live IP header options.
number display Overrides the router’s selection of an
outbound interface.
source address Sets the interval for which the probe will wait
for a response.
timeout Suppresses the display of known hops.
timestamps, verbose Suppresses the display of hostnames.

Answer:
A value that, when reached, terminates the maximum time to
traceroute command. live
IP header options. timestamps, verbose
Overrides the router’s selection of an source address
outbound interface.
Sets the interval for which the probe will wait timeout
for a response.
Suppresses the display of known hops. minimum time to
live
Suppresses the display of hostnames. number display

Explanation:
Router A>enable
Router A#traceroute
Protocol [ip]:
Target IP address: 192.168.40.2
Source address: 172.16.23.2
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.40.2
1 172.31.20.2 16 msec 16 msec 16 msec
2 172.20.10.2 28 msec 28 msec 32 msec
3 192.168.40.2 32 msec 28 msec *

Source address --- The interface or IP address of the router to use as a source address for the probes.
The router normally picks the IP address of the outbound interface to use.
Numeric display [n] --- The default is to have both a symbolic (e.g. abc.def.com) and numeric
display; however, you can suppress the symbolic display.
Timeout in seconds [3] --- The number of seconds to wait for a response to a probe packet. The
default is 3 seconds.
Minimum Time to Live [1] --- The TTL value for the first probes. The default is 1, but it can be set
to a higher value to suppress the display of known hops.
Maximum Time to Live [30] --- The largest TTL value that can be used. The default is 30. The
traceroute command terminates when the destination is reached or when this value is reached.
Loose, Strict, Record, Timestamp, Verbose[none] --- IP header options. You can specify any
combination. The traceroute command issues prompts for the required fields. Note that the
traceroute command will place the requested options in each probe; however, there is no guarantee
that all routers (or end nodes) will process the options.

QUESTION 486
Which two protocols are dynamic routing protocols? (Choose two.)
A. SNMP
B. MPLS
C. CEF
D. GRE
E. EIGRP
F. OSPF

Answer: E, F

QUESTION 487
Drag and drop the disadvantages of static or dynamic routing from the left onto the correct routing
types on the right.

increases CPU load Dynamic Routing


less fault tolerant than other routing options
less practical on large networks
limits the ability of the network
administrator to choose the best route
requires manual updates Static Routing

Answer:
Dynamic Routing
increases CPU load
limits the ability of the network
administrator to choose the best route

Static Routing
less fault tolerant than other routing options
less practical on large networks
requires manual updates

QUESTION 488
Which command is needed to send RIPv2 updates as broadcast when configured for RIPv2?
A. ip rip receive version 1
B. ip rip receive version 2
C. ip rip v2-broadcast
D. version 2

Answer: C
Explanation: To allow RIP Version 2 update packets to be sent as broadcast packets (i.e. with
destination IP address of 255.255.255.255) instead of multicast packets (i.e. with destination IP
address of 224.0.0.9), use the “ip rip v2-broadcast” command in Interface Configuration mode.

QUESTION 489
You are configuring the percentage of link bandwidth used by EIGRP. Drag and drop the
configuration commands from the left into the correct sequence on the right.
configure terminal step 1
enable step 2
no shut step 3
ipv6 bandwidth-percent eigrp 1 75 step 4
interface FastEthernet 0/1 step 5

Answer:
step 1 enable
step 2 configure terminal
step 3 interface FastEthernet 0/1
step 4 ipv6 bandwidth-percent eigrp 1 75
step 5 no shut

Explanation: To configure the percentage of bandwidth that may be used by EIGRP for IPv6 on an
interface, use the “ipv6 bandwidth-percent eigrp” command in Interface Configuration mode. The
following example allows EIGRP for IPv6 with autonomous system 1 to use up to 75 percent
bandwidth of the interface f0/1:
Router(config)#int f0/1
Router(config-if)#ipv6 bandwidth-percent eigrp 1 75

QUESTION 490
Drag and drop the EIGRP features from the left onto the correct descriptions on the right.

DUAL algorithm used to perform route computations


neighbor discovery handles packets in accordance with specific
parameters
protocol-dependent provides guaranteed packet delivery in the
modules correct packet sequence
RTP process of dynamically learning peers

Answer:
algorithm used to perform route computations DUAL
handles packets in accordance with specific protocol-dependent
parameters modules
provides guaranteed packet delivery in the RTP
correct packet sequence
process of dynamically learning peers neighbor discovery

Explanation: DUAL (Diffusing Update ALgorithm) is the algorithm used by EIGRP to select
efficient, loop-free routes and insert the selected routes in the routing table.
EIGRP supports different network layer protocols (e.g. IPv4, IPv6, IPX and AppleTalk). To support
all of the protocols, EIGRP uses PDM (Protocol Dependent Module) for each of the protocols
separately. One neighbor table and one topology table exist for each PDM.
RTP (Reliable Transport Protocol) provides sequencing and acknowledgment for EIGRP packets
between neighbors.

QUESTION 491
R1# show ip route
C 192.168.10.0/24 is directly connected, Vlan10
O 192.168.11.0/24 [19/2] via 172.20.3.2, 1w1d, GigabitEthernet0/1
S 192.168.12.0/24 [1/0] via 172.20.4.5
R 172.20.10.21 [20/0] via 192.168.250.35, 7w0d
B 172.20.20.21 [20/0] via 192.168.220.40, 7w9d
D 172.20.30.21 [20/0] via 192.168.200.45, 2d19h

Drag and drop the route source codes from the left to the default administrative distances on the
right.

C 0
D 1
O 90
R 110
S 120

Answer:
0 C
1 S
90 D
110 O
120 R

QUESTION 492
Which two characteristics are representative of a link-state routing protocol? (Choose two.)
A. provides common view of entire topology
B. utilizes frequent periodic updates
C. exchanges routing tables for its own routes with neighbor
D. calculates feasible path
E. utilizes event-triggered updates

Answer: A, E
Explanation: For a link-state routing protocol (e.g. OSPF), updates are sent to all routers in the same
area so that all routers in the same area have the same set of updates and therefore they have a
common view of entire topology.
QUESTION 493
Which two circumstances are private IPv4 addresses appropriate? (Choose two.)
A. on hosts that communicates only with other internal hosts
B. to allow hosts inside an enterprise to communicate in both directions with hosts outside the
enterprise
C. on hosts that require minimal access to external resources
D. on internal hosts that stream data solely to external resources
E. on the public-facing interface of a firewall

Answer: A, D
Explanation: The situation described by Answer D does not require the external resources to send
traffic to the internal hosts and hence private IP addresses are appropriate on internal hosts.

QUESTION 494
You are configuring DHCP on a router. Drag the configuration task from the left onto the correct
sequence on the right.

configure one or more DHCP database step 1


agents
configure the DHCP address pool name step 2
configure the DHCP client’s domain step 3
name
enter the service dhcp command to step 4
enable the DHCP server on the router
specify IP addresses to exclude from step 5
the DHCP address pool

Answer:
step 1 enter the service dhcp command to enable
the DHCP server on the router
step 2 configure one or more DHCP database
agents
step 3 specify IP addresses to exclude from the
DHCP address pool
step 4 configure the DHCP address pool name
step 5 configure the DHCP client’s domain name

Explanation:
To enable the Cisco DHCP server (actually enabled by default), use the “service dhcp” command in
Global Configuration mode:
(config)#service dhcp
A DHCP database agent can be a TFTP server that stores the DHCP bindings database. Bindings
are IP addresses that have been mapped to the MAC addresses of hosts that are found in the DHCP
database. You may configure a DHCP database agent (but this is an optional step). For example:
(config)#ip dhcp database tftp://<IP address>/<filename>

You may specify the domain name for the DHCP client (but this is an optional step). For example:
(config)#ip dhcp pool <name>
(dhcp-config)#domain-name cisco.com

QUESTION 495
Drag and drop the DNS lookup commands from the left onto the correct effects on the right.

ip dns server enables DNS lookup on an individual


interface
ip domain list enables the DNS server on the device
ip domain lookup identifies a DNS server to provide lookup
source-interface services
ip domain name specifies a sequence of domain names
ip host specifies the default domain to append to
unqualified host names
ip name-server statically maps an IP address to a hostname

Answer:
enables DNS lookup on an individual ip domain lookup
interface source-interface
enables the DNS server on the device ip dns server
identifies a DNS server to provide lookup ip name-server
services
specifies a sequence of domain names ip domain list
specifies the default domain to append to ip domain name
unqualified host names
statically maps an IP address to a hostname ip host

Explanation:
To specify the address of one or more name servers to use for name and address resolution, use the
“ip name-server” command in Global Configuration mode.
The following example shows how to specify 172.16.1.111 and 172.16.1.2 as the name servers:
(config)#ip name-server 172.16.1.111 172.16.1.2

To define a default domain name that the Cisco IOS software uses to complete unqualified
hostnames (i.e. names without a dotted-decimal domain name), use the “ip domain name” (or “ip
domain-name”) command in Global Configuration mode.
The following example shows how to define “cisco.com” as the default domain name:
(config)#ip domain name cisco.com

To define a list of default domain names to complete unqualified names, use the “ip domain list” (or
“ip domain-list”) command in Global Configuration mode.
If there is no domain list, the domain name that you specified with the “ip domain name” Global
Configuration command is used. If there is a domain list, the default domain name is not used. The
“ip domain list” command is similar to the “ip domain name” command, except that with the “ip
domain list” command you can define a list of domains, each to be tried in turn until the system
finds a match.
The following example shows how to add several domain names to a list:
(config)#ip domain list company.com
(config)#ip domain list school.edu

The router normally picks the IP address of the outbound interface to use as the source address of
the DNS queries. To use the IP address of a certain interface as the source address of the DNS
queries, use the “ip domain lookup source-interface” (or “ip domain-lookup source-interface”)
command in Global Configuration mode.
The following example shows how to use the IP address of interface f0/0 as the source address of
the DNS queries:
(config)#ip domain lookup source-interface f0/0

To enable the Domain Name System (DNS) server on a router, use the “ip dns server” command in
Global Configuration mode:
(config)#ip dns server

To define static hostname-to-address mappings in the DNS hostname cache, use the “ip host”
command in Global Configuration mode.
The following example shows how to add two mapping entries to the DNS hostname cache:
(config)#ip host www.example1.com 192.0.2.141
(config)#ip host www.example2.com 192.0.2.242

QUESTION 496
Drag and drop the IPv6 IP addresses from the left onto the correct IPv6 address types on the right.

:: modified EUI-64
2020:10DB:0:0:85AB:800:52:734B multicast
D8:FC:93:FF:FE:D8:05:0A unicast
FF01::1 unspecified
Answer:
modified EUI-64 D8:FC:93:FF:FE:D8:05:0A
multicast FF01::1
unicast 2020:10DB:0:0:85AB:800:52:734B
unspecified ::

QUESTION 497
You are configuring graceful shutdown for OSPFv3 on an IPv6-enabled router. Drag and drop the
configuration commands from the left into the correct sequence on the right. Not all options are
used.

configure terminal 1
enable 2
end 3
no shutdown 4
router ospfv3 process-id 5
show ipv6 ospf
shutdown

Answer:
1 enable
2 configure terminal
3 router ospfv3 process-id
no shutdown 4 shutdown
5 end
show ipv6 ospf

Explanation: The Graceful Shutdown for OSPFv3 feature provides the ability to temporarily shut
down the OSPFv3 protocol in the least disruptive manner and to notify its neighbors that it is going
away. All traffic that has another path through the network will be directed to that alternate path. A
graceful shutdown of the OSPFv3 protocol can be initiated using the shutdown command in Router
Configuration mode.
You may use the command “ipv6 router ospf <process-id>” instead of “router ospfv3 <process-
id>”.

QUESTION 498
Drag and drop the descriptions of logging from the left onto the correct logging features or
components on the right.

accepts incoming connections over vty buffered


lines logging
displays logging information during a console
terminal session
provides local access to a device syslog
server
logging
stores log messages externally terminal
stores log messages in RAM terminal
monitor

Answer:
buffered stores log messages in RAM
logging
console provides local access to a device
syslog stores log messages externally
server
logging
terminal accepts incoming connections over vty
lines
terminal displays logging information during a
monitor terminal session

Explanation: You can store the system messages in the router’s internal buffer by typing the Global
Configuration mode command “logging buffered <level>”. You can then retrieve the system
messages from the buffer at a later time for review by typing the Privileged mode command “show
logging”.
For a virtual terminal session (e.g. a telnet connection) to obtain system messages, you need to run
the Privileged mode command “terminal monitor” in order to receive system messages for that
session.

QUESTION 499
Drag and drop the benefits of a Cisco Wireless LAN controller from the left onto the correct
examples on the right.

dynamic RF feature Access points automatically adjust their signal


strength.
easy deployment process The controller image is deployed
automatically to access points.
easy upgrade process The controller provides centralized
management of users and VLANs.
optimized user The controller uses load balancing to
performance maximize throughput.

Answer:
Access points automatically adjust their signal dynamic RF feature
strength.
The controller image is deployed easy upgrade process
automatically to access points.
The controller provides centralized easy deployment
management of users and VLANs. process
The controller uses load balancing to optimized user
maximize throughput. performance

Explanation:
RF stands for Radio Frequency.
Cisco Wireless LAN controller uses load balancing to auto-balance user loads between adjacent
Access Points.

QUESTION 500
For which reason do you use the APIC-EM ACL Analysis tool?
A. It can discover and diagram network devices.
B. It can inventory devices on the network.
C. It can analyze and prioritize traffic flow based on your business policies.
D. It can help you analyze and troubleshoot issues with application traffic on your network.

Answer: D
Explanation:
Explanation: Cisco APIC-EM (Application Policy Infrastructure Controller Enterprise Module) is
an SDN controller developed for traditional routers / switches. ACL (Access Control List) Analysis
in Cisco APIC-EM can analyze ACLs on each network device so that shadow entries, redundant
entries or correlated entries can be identified quickly.
QUESTION 501
You are configuring HSRP with group number above 255 on an interface. Drag each configuration
command from the left into the correct sequence on the right.

configure the interface type step 1


exit privileged EXEC mode step 2
set the HSRP group number step 3
set the HSRP version step 4
set the interface’s IP address step 5
view the HSRP configuration step 6

Answer:
step 1 configure the interface type
step 2 set the interface’s IP address
step 3 set the HSRP version
step 4 set the HSRP group number
step 5 exit privileged EXEC mode
step 6 view the HSRP configuration

Explanation: In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP
version 2 expands the group number range from 0 to 4095. The following summary steps are stated
in a Cisco document on how to configure HSRP version 2:
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. standby version {1 | 2}
6. standby [group-number] ip [ip-address]
7. end
8. show standby

QUESTION 502
Drag and drop the major tasks in the password-recovery process for a Cisco ISR from the left into
the correct sequence on the right.

Enter configuration mode. step 1


Enter the config-register 0x2102 step 2
command.
Enter the confreg 0x2142 command to step 3
bypass the startup password.
Enter the enable secret command to step 4
change the password.
Enter the reset command to reboot the step 5
router and ignore the saved
configuration.
Remove the compact flash from the step 6
rear of the router.

Answer:
step 1 Remove the compact flash from the rear
of the router.
step 2 Enter the confreg 0x2142 command to
bypass the startup password.
step 3 Enter the reset command to reboot the
router and ignore the saved
configuration.
step 4 Enter configuration mode.
step 5 Enter the enable secret command to
change the password.
step 6 Enter the config-register 0x2102
command.

Explanation:
ISR stands for Integrated Service Router.
Details for the password-recovery process:
http://nhprice.com/how-to-recover-cisco-2921-cisco-2951-router-password.html
QUESTION 503
Which two statements about switch stacking are true? (Choose two.)
A. The switches are connected by crossover cables.
B. The first and last switch in the stack must be connected to one another.
C. The switches are connected in a daisy-chain fashion.
D. The stack is powered by a single power cable.
E. The switches must be fully meshed.

Answer: B, C
Explanation: Switch stacking connection diagram:

QUESTION 504
Drag and drop the descriptions of the differences between the switch-stacking and chassis-
aggregation models from the left onto the correct categories on the right.

less costly option Chassis Aggregation


less susceptible to software integration
issues
supports a more robust route processor
supports up to nine devices
uses dedicated cables and ports to
connect individual devices
uses Ethernet interfaces to connect Switch Stacking
individual devices

Answer:
Chassis Aggregation
less susceptible to software integration
issues
supports a more robust route processor
uses Ethernet interfaces to connect
individual devices

Switch Stacking
less costly option
supports up to nine devices
uses dedicated cables and ports to connect
individual devices

Explanation:
For chassis aggregation:
https://networklessons.com/cisco/ccna-routing-switching-icnd2-200-105/chassis-aggregation/
For switch stacking:
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/
prod_white_paper09186a00801b096a.html

QUESTION 505

You work as a network engineer for ABC Network Ltd company. On router HQ, a provider link has
been enabled and you must configure an IPv6 default route on HQ and make sure that this route is
advertised in IPv6 OSPF process. Also, you must troubleshoot another issue. The router HQ is not
forming an IPv6 OSPF neighbor relationship with router BR.

Topology Details
Two routers HQ and BR are connected via serial links.
Router HQ has interface Ethernet0/1 connected to the provider cloud and interface Ethernet 0/0
connected to RA1.
Router BR has interface Ethernet 0/0 connected to another router RA2.

IPv6 Routing Details


All routers are running IPv6 OSPF routing with process ID number 100. Refer to the topology
diagram for information about the OSPF areas. The Loopback 0 IPv4 address is the OSPF router ID
on each router.

Configuration requirements
- Configure IPv6 default route on router HQ with default gateway as 2001:DB8:B:B1B2::1.
- Verify by pinging provider test IPv6 address 2001:DB8:0:1111::1 after configuring default route
on HQ.
- Make sure that the default route is advertised in IPv6 OSPF on router HQ. This default route
should be advertised only when HQ has a default route in its routing table.
- Router HQ is not forming IPv6 OSPF neighbor with BR. You must troubleshoot and resolve this
issue.

Special Note: To gain the maximum number of points, you must complete the necessary
configurations and fix IPv6 OSPF neighbor issue with router BR. IPv6 OSPFv3 must be configured
without using address families. Do not change the IPv6 OSPF process ID.

The password configured on router HQ is cisco (all small letters).

Answer:
Click Console PC and type the following commands (Type “cisco” if password is asked):

en
show run

Suppose part of the running configuration is as follows:


:
:
ipv6 unicast-routing
:
:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
description ***Link to RA1***
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:A:C1C3::1/64
ipv6 ospf 100 area 1
!
interface Ethernet0/1
description ***Link to ISP***
ip address 209.165.200.226 255.255.255.252
ipv6 address 2001:DB8:B:B1B2::2/64
!
:
:
interface Serial1/0
description ***Link to BR***
ip address 172.16.1.1 255.255.255.252
ipv6 address 2001:DB8:A:C1C2::1/128
ipv6 ospf 100 area 2
!
:
:
ip route 0.0.0.0 0.0.0.0 209.165.200.225
!
ipv6 router ospf 100
router-id 1.1.1.1
no log-adjacency-changes
!
:
:

Continue to type the following commands:

config t
ipv6 route ::/0 2001:DB8:B:B1B2::1
end
ping ipv6 2001:DB8:0:1111::1

Successful ping report should be shown. Continue to type the following commands:

config t
ipv6 router ospf 100
default-information originate
exit
int s1/0
no ipv6 ospf 100 area 2
no ipv6 address
ipv6 address 2001:DB8:A:C1C2::1/64
ipv6 ospf 100 area 0
end

Explanation: The Router Configuration mode command “default-information originate” ensures the
default IPv6 route “::/0” would only be advertised by IPv6 OSPF of HQ router when HQ router has
a default IPv6 route in its IPv6 routing table.
The Router Configuration mode command “default-information originate always” ensures the
default IPv6 route “::/0” would always be advertised by IPv6 OSPF of HQ router regardless of
whether HQ router has a default IPv6 route in its IPv6 routing table.

QUESTION 506
You are implementing EIGRP between the main office and branch offices. In Phase 1, you must
implement and verify EIGRP configurations as mentioned in the topology. In Phase 2, your
colleague is expected to do NAT and ISP configurations.

Identify the issues that you are encountering during Phase 1 EIGRP implementation.

 Router R1 connects the main office to the Internet and routers R2 and R3 are internal routers.
 Routers Branch1 and Branch2 connect to router R2 in the main office.
 Users from the Branch1 LAN network 10.20.40.0/24 are expected to perform testing of the
application that is hosted on the servers in Server farm1, before servers are available for
production.
 The GRE tunnel is configured between R3 and Branch1, and traffic between server farm1 and
Branch1 LAN network 10.20.40.0/24 is routed through the GRE tunnel using static routes.
 The link between Branch1 and Branch2 is used as a secondary path in the event of failure of
the primary path to main office.

You have console access on R1, R2, R3, Branch1, and Branch2 devices. Use only show commands
to troubleshoot the issues.
QUESTION 506.1
The following routing entries are shown by typing the command “sh ip route” on R1:
192.168.14.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.14.248/30 is directly connected, Ethernet0/1
L 192.168.14.250/32 is directly connected, Ethernet0/1

The following partial report is shown by typing the command “sh run” on R1:
:
:
interface Ethernet0/1
description ***Link to R2***
ip address 192.168.14.250 255.255.255.252
!
:
:
router eigrp 200
network 192.168.14.0
!
:
:

The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Ethernet0/0
description ***Link to R1***
ip address 192.168.14.2 255.255.255.252
!
:
:
router eigrp 200
network 192.168.10.0
network 192.168.11.0
network 192.168.14.0
network 192.168.15.0
!
:
:

Examine the R1 routing table. None of the internal routes other than locally connected appear in the
routing table. Which cause of the issue is true?
A. EIGRP neighbor relationship was not formed due to AS mismatch between routers R1 and R2.
B. EIGRP neighbor relationship was not formed due to K values mismatch between routers R1 and
R2.
C. EIGRP packets were blocked by the inbound ACL on R1.
D. IP address was misconfigured between the R1 and R2 interfaces.

Answer: D

QUESTION 506.2
The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Ethernet0/3
description ***Link to Branch2***
ip address 192.168.11.1 255.255.255.252
!
!
router eigrp 200
network 192.168.10.0
network 192.168.11.0
network 192.168.14.0
network 192.168.15.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
interface Ethernet0/1
description ***Link to R2***
ip address 192.168.11.2 255.255.255.252
ip access-group BLOCKEIGRP in
!
:
:
router eigrp 200
network 172.16.0.0
network 192.168.11.0
network 192.168.12.0
!
:
:
ip access-list extended BLOCKEIGRP
deny eigrp any any
permit ip any any
!
:
:

The traffic from Branch2 to the main office is using the secondary path instead of the primary path
connected to R2. Which cause of the issue is true?
A. The network 192.168.11.0/30 was not advertised into EIGRP on Branch2.
B. The IP address was misconfigured between the Branch2 and R2 interfaces.
C. EIGRP packets were blocked by the inbound ACL on Branch2.
D. The primary path has more link delay configured than secondary path which causes EIGRP to
choose the secondary path.
Answer: C

QUESTION 506.3
The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Ethernet0/1
description ***Link to R3***
ip address 192.168.15.1 255.255.255.252
!
:
:

The following partial report is shown by typing the command “sh run” on R3:
:
:
interface Loopback0
ip address 10.16.200.1 255.255.255.255
!
interface Tunnel0
description ***Tunnel to Branch1 router***
ip address 192.168.100.1 255.255.255.252
keepalive 5 3
tunnel source Loopback0
tunnel destination 10.16.200.2
!
:
:
interface Ethernet0/2
description ***Link to R2***
ip address 192.168.15.2 255.255.255.252
ip access-group BLOCKEIGRP in
!
:
:
router eigrp 200
network 10.16.200.1 0.0.0.0
network 10.20.30.0 0.0.0.255
network 192.168.15.0
!
:
:
ip access-list extended BLOCKEIGRP
deny eigrp any any
permit ip any any
!
:
:

The following partial report is shown by typing the command “sh run” on Branch1:
:
:
interface Loopback0
ip address 10.16.200.2 255.255.255.255
!
interface Tunnel0
description ***Tunnel to Router R3***
ip address 192.168.100.2 255.255.255.252
keepalive 5 3
tunnel source Loopback0
tunnel destination 10.16.200.1
!
:
:
router eigrp 200
network 10.16.200.2 0.0.0.0
network 192.168.10.0
network 192.168.12.0
!
:
:

The GRE tunnel between R3 and Branch1 is down. Which cause of the issue is true?
A. The tunnel source loopback0 interface is not advertised into EIGRP in Branch1.
B. The tunnel source loopback0 interface is not advertised into EIGRP in R3.
C. The EIGRP neighbor relationship was not formed due to EIGRP packets blocked by the inbound
ACL on R3.
D. The EIGRP neighbor relationship was not formed due to the IP address being misconfigured
between the R2 and R3 interfaces.

Answer: C

QUESTION 506.4
The following partial report is shown by typing the command “sh run” on R3:
:
:
router eigrp 200
network 10.16.200.1 0.0.0.0
network 10.20.30.0 0.0.0.255
network 192.168.15.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch1:
:
:
router eigrp 200
network 10.16.200.2 0.0.0.0
network 192.168.10.0
network 192.168.12.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
router eigrp 200
network 172.16.0.0
network 192.168.11.0
network 192.168.12.0
!
:
:

You are verifying the EIGRP configurations in the topology. Which statement is true?
A. Branch2 LAN network 172.16.11.0/24 is not advertised into the EIGRP network.
B. Branch2 LAN network 172.16.10.0/24 is not advertised into the EIGRP network.
C. R3 server farm2 network 10.20.30.0/24 is not advertised into the EIGRP network.
D. Branch1 LAN network 172.16.12.0/24 is not advertised into the EIGRP network.

Answer: D

QUESTION 507
You are implementing EIGRP between the main office and branch offices. In Phase 1, you must
implement and verify EIGRP configurations as mentioned in the topology. In Phase 2, your
colleague is expected to do NAT and ISP configurations.

Identify the issues that you are encountering during Phase 1 EIGRP implementation.

 Router R1 connects the main office to the Internet and routers R2 and R3 are internal routers.
 Routers Branch1 and Branch2 connect to router R2 in the main office.
 Users from the Branch1 LAN network 10.20.40.0/24 are expected to perform testing of the
application that is hosted on the servers in Server farm1, before servers are available for
production.
 The GRE tunnel is configured between R3 and Branch1, and traffic between server farm1 and
Branch1 LAN network 10.20.40.0/24 is routed through the GRE tunnel using static routes.
 The link between Branch1 and Branch2 is used as a secondary path in the event of failure of
the primary path to main office.

You have console access on R1, R2, R3, Branch1, and Branch2 devices. Use only show commands
to troubleshoot the issues.
QUESTION 507.1
The following routing entries are shown by typing the command “sh ip route” on R1:
192.168.14.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.14.0/30 is directly connected, Ethernet0/1
L 192.168.14.1/32 is directly connected, Ethernet0/1

The following partial report is shown by typing the command “sh run” on R1:
:
:
interface Ethernet0/1
description ***Link to R2***
ip address 192.168.14.1 255.255.255.252
ip access-group BLOCKEIGRP in
!
:
:
router eigrp 200
network 192.168.14.0
!
:
:
ip access-list extended BLOCKEIGRP
deny eigrp any any
permit ip any any
!
:
:

The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Ethernet0/0
description ***Link to R1***
ip address 192.168.14.2 255.255.255.252
!
:
:
router eigrp 200
network 192.168.10.0
network 192.168.11.0
network 192.168.14.0
network 192.168.15.0
!
:
:

Examine the R1 routing table. None of the internal routes other than locally connected appear in the
routing table. Which cause of the issue is true?
A. EIGRP neighbor relationship was not formed due to AS mismatch between routers R1 and R2.
B. EIGRP neighbor relationship was not formed due to K values mismatch between routers R1 and
R2.
C. EIGRP packets were blocked by the inbound ACL on R1.
D. IP address was misconfigured between the R1 and R2 interfaces.

Answer: C

QUESTION 507.2
The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Ethernet0/3
description ***Link to Branch2***
ip address 192.168.11.1 255.255.255.252
!
!
router eigrp 200
network 192.168.10.0
network 192.168.11.0
network 192.168.14.0
network 192.168.15.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
interface Ethernet0/1
description ***Link to R2***
ip address 192.168.11.250 255.255.255.252
!
:
:
router eigrp 200
network 172.16.10.0 0.0.0.255
network 192.168.11.0
network 192.168.12.0
!
:
:

The traffic from Branch2 to the main office is using the secondary path instead of the primary path
connected to R2. Which cause of the issue is true?
A. The network 192.168.11.0/30 was not advertised into EIGRP on Branch2.
B. The IP address was misconfigured between the Branch2 and R2 interfaces.
C. EIGRP packets were blocked by the inbound ACL on Branch2.
D. The primary path has more link delay configured than secondary path which causes EIGRP to
choose the secondary path.
Answer: B

QUESTION 507.3
The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Ethernet0/1
description ***Link to R3***
ip address 192.168.15.1 255.255.255.252
!
:
:

The following partial report is shown by typing the command “sh run” on R3:
:
:
interface Loopback0
ip address 10.16.200.1 255.255.255.255
!
interface Tunnel0
description ***Tunnel to Branch1 router***
ip address 192.168.100.1 255.255.255.252
keepalive 5 3
tunnel source Loopback0
tunnel destination 10.16.200.2
!
:
:
interface Ethernet0/2
description ***Link to R2***
ip address 192.168.15.2 255.255.255.252
!
:
:
router eigrp 200
network 10.20.30.0 0.0.0.255
network 192.168.15.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch1:
:
:
interface Loopback0
ip address 10.16.200.2 255.255.255.255
!
interface Tunnel0
description ***Tunnel to Router R3***
ip address 192.168.100.2 255.255.255.252
keepalive 5 3
tunnel source Loopback0
tunnel destination 10.16.200.1
!
:
:
router eigrp 200
network 10.16.200.2 0.0.0.0
network 172.16.12.0 0.0.0.255
network 192.168.10.0
network 192.168.12.0
!
:
:

The GRE tunnel between R3 and Branch1 is down. Which cause of the issue is true?
A. The tunnel source loopback0 interface is not advertised into EIGRP in Branch1.
B. The tunnel source loopback0 interface is not advertised into EIGRP in R3.
C. The EIGRP neighbor relationship was not formed due to EIGRP packets blocked by the inbound
ACL on R3.
D. The EIGRP neighbor relationship was not formed due to the IP address being misconfigured
between the R2 and R3 interfaces.

Answer: B
Explanation: The EIGRP Router Configuration mode command “network 10.16.200.1 0.0.0.0”
should be typed on R3.

QUESTION 507.4
The following partial report is shown by typing the command “sh run” on R3:
:
:
router eigrp 200
network 10.20.30.0 0.0.0.255
network 192.168.15.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch1:
:
:
router eigrp 200
network 10.16.200.2 0.0.0.0
network 172.16.12.0 0.0.0.255
network 192.168.10.0
network 192.168.12.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
router eigrp 200
network 172.16.10.0 0.0.0.255
network 192.168.11.0
network 192.168.12.0
!
:
:
You are verifying the EIGRP configurations in the topology. Which statement is true?
A. Branch2 LAN network 172.16.11.0/24 is not advertised into the EIGRP network.
B. Branch2 LAN network 172.16.10.0/24 is not advertised into the EIGRP network.
C. R3 server farm2 network 10.20.30.0/24 is not advertised into the EIGRP network.
D. Branch1 LAN network 172.16.12.0/24 is not advertised into the EIGRP network.

Answer: A

QUESTION 508
You are implementing PPP over serial links between R1 router and branch offices. In Phase 1 you
must implement and verify PPP and GRE tunnel configurations as mentioned in the topology. In
Phase 2 your colleague is expected to do NAT and ISP configurations between R1 and ISP router.

Identify the issues that you encounter during PPP over serial links implementation.

Routers Branch1, Branch2, and Branch3 connect to Router R1 in the main office over serial links.
PPP multilink implementation is recommended between R1 and Branch1 routers.
The GRE tunnel is configured between R2 and Branch2 routers, and traffic between Server farm1
10.10.10.0/24 network and Branch2 LAN 10.10.20.0/24 network, is routed over GRE tunnel using
static route.

You have console access on R1, R2, Branch1, Branch2, and Branch3 devices. Use only show
commands to troubleshoot the issues

QUESTION 508.1
The following partial report is shown by typing the command “sh run” on R1:
:
:
Interface Multilink1
description ***Multilink Bundle to Branch1***
ip address 192.168.14.1 255.255.255.252
ppp multilink
ppp multilink group 1
:
:
Interface Serial1/0
description ***Link to Branch1***
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
serial restart-delay 0
!
Interface Serial1/1
description ***Link to Branch1***
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
serial restart-delay 0
:
:

The following partial report is shown by typing the command “sh run” on Branch1:
:
:
Interface Multilink1
description ***Multilink Bundle to R1***
ip address 192.168.14.2 255.255.255.252
ppp multilink
ppp multilink group 1
:
:
Interface Serial1/0
description ***Link to R1***
no ip address
encapsulation ppp
shutdown
ppp multilink
ppp multilink group 1
serial restart-delay 0
!
Interface Serial1/1
description ***Link to R1***
no ip address
encapsulation ppp
shutdown
ppp multilink
ppp multilink group 1
serial restart-delay 0
:
:

Why did Branch1 router lose WAN connectivity with R1 router?


A. The IP address is misconfigured on PPP multilink interface on the Branch1 router.
B. The PPP multilink group is misconfigured on the Branch1 serial interfaces.
C. The PPP multilink group is misconfigured on the R1 serial interfaces.
D. The Branch1 serial interfaces are placed in a shutdown condition.

Answer: D

QUESTION 508.2
The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Tunnel0
description ***Tunnel to Router Branch2***
ip address 172.16.100.2 255.255.255.252
keepalive 5 3
tunnel source Ethernet0/1
tunnel destination 192.168.15.2
:
:
interface Ethernet0/1
description ***Link to R1***
ip address 172.16.10.2 255.255.255.0
:
:
ip route 10.10.20.0 255.255.255.0 Tunnel0
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
interface Tunnel0
description *** Tunnel to Router R2***
ip address 172.16.100.1 255.255.255.252
keepalive 5 3
tunnel source Serial1/0
tunnel destination 172.16.10.2
:
:
interface Serial1/0
description ***Link to R1***
ip address 192.168.15.2 255.255.255.0
:
:
ip route 172.16.100.0 255.255.255.0 Tunnel0
:
:

Why is the Branch2 network 10.10.20.0/24 unable to communicate with the Server farm1 network
10.10.10.0/24 over the GRE tunnel?
A. The GRE tunnel destination is not configured on the R2 router.
B. The GRE tunnel destination is not configured on the Branch2 router.
C. The static route points to the tunnel0 interface that is misconfigured on the Branch2 router.
D. The static route points to the tunnel0 interface that is misconfigured on the R2 router.

Answer: C
Explanation: The correct static route on the Branch2 router should be “ip route 10.10.10.0
255.255.255.0 Tunnel0” instead.
QUESTION 508.3
The following partial report is shown by typing the command “sh run” on R1:
:
:
interface Serial1/3
description ***Link to Branch3***
ip address 192.168.16.1 255.255.255.252
encapsulation ppp
:
:

The following partial report is shown by typing the command “sh run” on Branch3:
:
:
interface Serial1/0
description ***Link to R1***
ip address 192.168.16.2 255.255.255.252
serial restart-delay 0
!
:
:

Why has the Branch3 router lost connectivity with R1?


Use only show commands to troubleshoot because usage of the debug command is restricted on the
Branch3 and R1 routers?
A. A PPP chap hostname mismatch is noticed between Branch3 and R1.
B. A PPP chap password mismatch is noticed between Branch3 and R1.
C. PPP encapsulation is not configured on Branch3.
D. The PPP chap hostname and PPP chap password commands are missing on the Branch3 router.

Answer: C

QUESTION 508.4
The following partial report is shown by typing the command “sh run” on R1:
:
:
interface Serial1/2
description ***Link to Branch2***
ip address 192.168.15.1 255.255.255.252
encapsulation ppp
ppp chap hostname R1
ppp chap password 0 cisco123
serial restart-delay 0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
username R1 password 0 cisco123
:
:
interface Serial1/0
description ***Link to R1***
ip address 192.168.15.2 255.255.255.252
encapsulation ppp
ppp authentication chap
serial restart-delay 0
!
:
:

Which statement about the router configurations is correct?


A. PPP PAP authentication is configured between Branch1 and R1.
B. Tunnel keepalives are not configured for the tunnel0 interface on Branch2 and R2.
C. The Branch2 LAN network 192.168.11.0/24 is not advertised into the EIGRP network.
D. The Branch3 LAN network 192.168.10.0/24 is not advertised into the EIGRP network.
E. PPP CHAP authentication is configured between Branch2 and R1.

Answer: E
Explanation: The Interface Configuration mode commands “ppp chap hostname R1” and “ppp chap
password cisco123” will cause the name “R1” and the password “cisco123” to be used during
CHAP authentication.
When “ppp chap password cisco123” is typed, “ppp chap password 0 cisco123” will appear in the
running configuration. The number “0” after the word “password” indicates that a plain-text
password will follow.
QUESTION 509
Drag and drop the IEEE standard cable names from the left onto the correct cable types on the right.

10BASE-T Copper
10GBASE-LR
10GBASE-T
100BASE-TX
1000BASE-LX
1000BASE-SC Fiber

Answer:
Copper
10BASE-T
10GBASE-T
100BASE-TX

Fiber
10GBASE-LR
1000BASE-LX
1000BASE-SC

Explanation: 10BASE-T, 10GBASE-T and 100BASE-TX use twisted pair copper cable.

QUESTION 510
Which symptom most commonly indicates that two connecting interfaces are configured with a
duplex mismatch?
A. an interface with an up/down status
B. an interface with a down/down status
C. the spanning-tree process shutting down
D. collisions on the interface

Answer: D
QUESTION 511

You work as Junior Network Engineer for ABC Network Ltd company. Your colleague has set up a
Layer 2 network for testing purpose in one of your client locations.
You must verify the configuration and fix if any issues identified as per customer requirements.

Topology Details
- Three switches (SW1, SW2, and SW3) are connected using Ethernet link as shown in the
topology diagram.
- Server1 and PC1 are connected to SW1 and are assigned to VLAN 500 and VLAN 600
respectively.
- Server2 and PC2 are connected to SW2 and are assigned to VLAN 500 and VLAN 600
respectively.
- PC3 is connected to SW3 and assigned to VLAN 600.

Customer requirements
- Verify if switch ports are assigned in correct VLANs as per topology diagram. Identify and fix
any misconfigurations found in three switches.
- Verify if trunk links are operational between switches and the IEEE 802.1q trunk encapsulation
method is used. Identify and fix if any misconfigurations are found in the trunk configuration.
- You must make sure the ports connected switches are set as trunk ports.

Special Note: To gain the maximum number of points you must make sure that VLANs are assigned
to switch ports as per customer requirements and make sure the trunk links are operational between
switches. Do not change VLAN names and VLAN number that are already configured in the
switches.
The following partial report is shown by typing the command “sh run” on SW1:
:
:
vlan 500
name Server
!
vlan 600
name PC
!
interface Ethernet0/0
description ***Link to SW2***
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/1
description ***Link to SW3***
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/2
description ***Link to Server1***
switchport access vlan 500
switchport mode access
duplex auto
!
interface Ethernet0/3
description ***Link to PC1***
switchport access vlan 500
switchport mode access
duplex auto
!
:
:

The following partial report is shown by typing the command “sh run” on SW2:
:
:
vlan 500
name Server
!
vlan 600
name PC
!
interface Ethernet0/0
description ***Link to SW1***
switchport trunk encapsulation dot1q
switchport trunk native vlan 600
switchport mode trunk
duplex auto
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
description ***Link to Server2***
switchport access vlan 600
switchport mode access
duplex auto
!
interface Ethernet0/3
description ***Link to PC2***
switchport access vlan 500
switchport mode access
duplex auto
!
:
:

The following partial report is shown by typing the command “sh run” on SW3:
:
:
vlan 500
name Server
!
vlan 600
name PC
!
interface Ethernet0/0
description ***Link to SW1***
switchport access vlan 600
switchport mode access
duplex auto
!
interface Ethernet0/1
description ***Link to PC3***
switchport access vlan 600
switchport mode access
duplex auto
!
interface Ethernet0/2
duplex auto
!
interface Ethernet0/3
duplex auto
!
:
:

Answer:
Click Console host PC1 and type the following commands on SW1:
en
config t
int e0/3
switchport access vlan 600
end

Click Console host PC2 and type the following commands on SW2:
en
config t
int e0/0
no switchport trunk native vlan 600
int e0/2
switchport access vlan 500
int e0/3
switchport access vlan 600
end

Click Console host PC3 and type the following commands on SW3:
en
config t
int e0/0
no switchport access vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
end

QUESTION 512
Which two statements about configuring an EtherChannel on a Cisco switch are true? (Choose
two.)
A. An EtherChannel can operate in Layer 2 mode only.
B. The interfaces configured in the EtherChannel must be on the same physical switch.
C. The interfaces configured in the EtherChannel must be part of the same VLAN or trunk.
D. The interfaces configured in the EtherChannel must have the same STP port path cost.
E. The interfaces configured in the EtherChannel must operate at the same speed and duplex mode.

Answer: C, E

QUESTION 513
Drag and drop the protocols from the left onto the correct IP traffic types on the right.

DHCP TCP
HTTP
SMTP
SNMP
Telnet
VoIP UDP
Answer:
TCP
HTTP
SMTP
Telnet

UDP
DHCP
SNMP
VoIP

QUESTION 514
Drag and drop the values in a routing table from the left onto the correct meanings on the right.

Administrative distance Code that indicates the method by which the


router learned the route
Destination network Value used by the router to determine the
preferred route
Metric Indicator of the trustworthiness of the route
Next hop Network to which the router forwards packets
on the associated route
Route source Remote network address

Answer:
Code that indicates the method by which the Route source
router learned the route
Value used by the router to determine the Metric
preferred route
Indicator of the trustworthiness of the route Administrative
distance
Network to which the router forwards packets Next hop
on the associated route
Remote network address Destination network

QUESTION 515
Which two benefits of implementing a full-mesh WAN topology are true? (Choose two.)
A. increased latency
B. redundancy
C. improved scalability
D. reduced jitter
E. reliability
Answer: B, E

QUESTION 516
Drag and drop the PPPoE message types from the left into the sequence in which PPPoE messages
are sent on the right.

PADI 1
PADO 2
PADR 3
PADS 4

Answer:
1 PADI
2 PADO
3 PADR
4 PADS

Explanation: For a PPPoE connection, there are four steps to the Active Discovery Phase. When it
completes, both peers (i.e. PPPoE Client and PPPoE Server) know the PPPoE SESSION_ID and the
peer’s Ethernet address, which together define the PPPoE session uniquely. The steps consist of:
1. The PPPoE Client broadcasting an Initiation packet (PADI --- PPPoE Active Discovery
Initiation).
2. One or more PPPoE Servers sending Offer packets (PADO --- PPPoE Active Discovery Offer).
3. The PPPoE Client sending a unicast Session Request packet (PADR --- PPPoE Active Discovery
Request).
4. The selected PPPoE Server sending a Session Confirmation packet (PADS --- PPPoE Active
Discovery Session-confirmation).
When the PPPoE Client receives the Session Confirmation packet, it may proceed to the PPP
Session Phase. When the PPPoE Server sends the Session Confirmation packet, it may proceed to
the PPP Session Phase.

QUESTION 517
Which two statements about Cisco Discovery Protocol are true? (Choose two.)
A. It runs on the network layer and the data link layer.
B. It runs on the data link layer only.
C. It is used to initiate a VTP server and client relationship.
D. It uses SNMP to share device information to an external server.
E. It uses TLVs to share device information.

Answer: B, E
Explanation: Type Length Values (TLVs) are blocks of information embedded in CDP or LLDP
advertisements which gives details like address, capabilities, port id, ...

QUESTION 518
Which two statements about LLDP are true? (Choose two.)
A. It is a Cisco-proprietary technology.
B. It uses mandatory TLVs to discover the neighboring devices.
C. It enables systems to learn about one another over the data-link layer.
D. It functions at Layer 2 and Layer 3.
E. It is implemented in accordance with the 802.11a specification.

Answer: B, C
Explanation: Type Length Values (TLVs) are blocks of information embedded in CDP or LLDP
advertisements which gives details like address, capabilities, port id, ...

QUESTION 519
Which two addresses are defined as private IP addresses? (Choose two.)
A. 172.31.255.100
B. 12.17.1.20
C. 10.172.76.200
D. 172.15.2.250
E. 192.169.32.10

Answer: A, C

QUESTION 520
Which technology allows a large number of private IP addresses to be represented by a smaller
number of public IP addresses?
A. NTP
B. PBR
C. RFC 1918
D. NAT

Answer: D
QUESTION 521
Which type of address is the public IP address of a NAT device?
A. inside public
B. inside local
C. outside local
D. outside public
E. outside global
F. inside global

Answer: F

QUESTION 522
Drag and drop the DHCP client states from the left into the standard order in which the client passes
through them on the right.

Bound First
Initializing Second
Rebinding Third
Renewing Fourth
Requesting Fifth
Selecting Sixth

Answer:
First Initializing
Second Selecting
Third Requesting
Fourth Bound
Fifth Renewing
Sixth Rebinding

Explanation: https://technet.microsoft.com/en-us/library/cc958935.aspx

QUESTION 523
Which task must you perform to enable an IOS device to use DNS services?
A. Configure manual bindings.
B. Configure a name server.
C. Configure the relay agent information option.
D. Configure a relay agent information reforwarding policy.

Answer: B

QUESTION 524
Which three commands are required to enable NTP authentication on a Cisco router? (Choose
three.)
A. ntp max-associations
B. ntp trusted-key
C. ntp refclock
D. ntp authentication-key
E. ntp authenticate
F. ntp peer

Answer: B, D, E
Explanation: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/
system_management/configuration/guide/sm_nx_os_cg/sm_3ntp.html#93976

QUESTION 525
While troubleshooting a GRE tunnel interface issue, show interface command output displays
tunnel status up, but line protocol is down. Which reason for this problem is the most likely?
A. The tunnel was just reset.
B. The next hop server is misconfigured.
C. The route to the tunnel destination address is through the tunnel itself.
D. The interface has been administratively shut down.

Answer: C

QUESTION 526
Which two QoS tools can provide congestion management? (Choose two)
A. FRTS
B. PBR
C. CAR
D. CBWFQ
E. PQ
Answer: D, E
Explanation: PQ stands for Priority Queue and can be implemented by for example LLQ (Low
Latency Queuing).

QUESTION 527
Which two IP SLA operations can you use to measure the end-to-end response time for all IP traffic
between a Cisco router and an end device? (Choose two.)
A. ICMP path echo
B. TCP connect
C. ICMP echo
D. UDP jitter
E. UDP echo
F. ICMP path jitter

Answer: A, C
Explanation: The Cisco IOS IP SLAs ICMP echo operation measures end-to-end response time
between a Cisco router and any IP-enabled device. Response time is computed by measuring the
time taken between sending an ICMP echo request message to the destination and receiving an
ICMP echo reply.
The Cisco IOS IP SLAs ICMP path echo operation allows you to measure end-to-end and hop-by-
hop response time between a Cisco device and other devices using IP.

QUESTION 528
If you change the weight and distance parameters on a device with an established BGP neighbor,
which additional task must you perform to allow the two devices to continue exchanging routes?
A. Change the weight and distance settings on the other device to match.
B. Reset the BGP connections on the device.
C. Clear the IP routes on the device.
D. Reset the gateway interface.

Answer: B
Explanation: Once you have defined two devices to be BGP neighbors, they will form a BGP
connection and exchange routing information. If you subsequently change a BGP filter, weight,
distance, version, or timer, you must reset BGP connections (by using the command “clear ip bgp”)
in order for the configuration change to take effect.
QUESTION 529
Drag and drop the BGP components from the left onto the correct descriptions on the right.

Autonomous system Device that is running BGP


number
BGP speaker Neighbor device that shares the same AS
number as the local device
eBGP peer Neighbor that is located outside of the
administrative domain of the local device
iBGP peer Value that identifies an administrative domain
prefix Value that is advertised with the network
keyword

Answer:
Device that is running BGP BGP speaker
Neighbor device that shares the same AS iBGP peer
number as the local device
Neighbor that is located outside of the eBGP peer
administrative domain of the local device
Value that identifies an administrative domain Autonomous system
number
Value that is advertised with the network prefix
keyword

Explanation: iBGP stands for internal BGP while eBGP stands for external BGP.
Prefix has a format of <network>/<netmask>. For example: 10.0.0.0/8

QUESTION 530
Which configuration register value can you set on a Cisco device so that it ignores the NVRAM
when it boots?
A. 0x2120
B. 0x2124
C. 0x2142
D. 0x2102

Answer: C

QUESTION 531
Which two benefits can you get by stacking Cisco switches? (Choose two.)
A. The stack enables any active member to take over as the master switch if the existing master
fails.
B. Each switch in the stack can use a different IOS image.
C. Each switch in the stack handles the MAC table independently from the others.
D. You can license the entire stack with a single master license.
E. You can add or remove switches without taking the stack down.

Answer: A, E
Explanation: Every switch in the stack can act as the master. If the current master fails, another
master is elected from the stack.

QUESTION 532
Which two statements about stacking Cisco switches are true? (Choose two.)
A. Each switch manages its own MAC address table.
B. The administrator can add additional switches to the stack as demand increases.
C. It enables the administrator to manage multiple switches from a single management interface.
D. When a new master switch is elected, it queries the previous master for its running configuration.
E. The administrator can create only one stack of switches in a network which is under the same
administrative domain.

Answer: B, D
Explanation: Stacking allows multiple switches to operate as a single switch and uses a single IP
address to communicate with the network. When a new master is elected, it reapplies the running
configuration from the previous master to help ensure user and network continuity. For details:
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/
prod_white_paper09186a00801b096a.html

QUESTION 533
Which two features can you enable on a switch to capture and analyze frames that transit an
interface? (Choose two.)
A. IP SLA
B. SPAN
C. NetFlow
D. RSPAN
E. SNMP

Answer: B, D
Explanation: Switch port Analyzer (SPAN) is an efficient, high performance traffic monitoring
system. It duplicated network traffic to one or more monitor interfaces as it transverse the switch.
SPAN is used for troubleshooting connectivity issues and calculating network utilization and
performance, among many others.
Remote SPAN (RSPAN): An extension of SPAN called remote SPAN or RSPAN. RSPAN allows
you to monitor traffic from source ports distributed over multiple switches, which means that you
can centralize your network capture devices.

QUESTION 534
You are implementing PPP over serial links between R1 router and branch offices. In Phase 1 you
must implement and verify PPP and GRE tunnel configurations as mentioned in the topology. In
Phase 2 your colleague is expected to do NAT and ISP configurations between R1 and ISP router.

Identify the issues that you encounter during PPP over serial links implementation.

Routers Branch1, Branch2, and Branch3 connect to Router R1 in the main office over serial links.
PPP multilink implementation is recommended between R1 and Branch1 routers.
The GRE tunnel is configured between R2 and Branch2 routers, and traffic between Server farm1
10.10.10.0/24 network and Branch2 LAN 10.10.20.0/24 network, is routed over GRE tunnel using
static route.

You have console access on R1, R2, Branch1, Branch2, and Branch3 devices. Use only show
commands to troubleshoot the issues

QUESTION 534.1
The following partial report is shown by typing the command “sh run” on R1:
:
:
Interface Multilink1
description ***Multilink Bundle to Branch1***
ip address 192.168.14.1 255.255.255.252
ppp multilink
ppp multilink group 1
!
Interface Multilink2
no ip address
ppp multilink
ppp multilink group 2
:
:
Interface Serial1/0
description ***Link to Branch1***
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
serial restart-delay 0
!
Interface Serial1/1
description ***Link to Branch1***
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
serial restart-delay 0
:
:

The following partial report is shown by typing the command “sh run” on Branch1:
:
:
Interface Multilink1
description ***Multilink Bundle to R1***
ip address 192.168.14.2 255.255.255.252
ppp multilink
ppp multilink group 1
:
:
Interface Serial1/0
description ***Link to R1***
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
serial restart-delay 0
!
Interface Serial1/1
description ***Link to R1***
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
serial restart-delay 0
:
:

Why did Branch1 router lose WAN connectivity with R1 router?


A. The IP address is misconfigured on PPP multilink interface on the Branch1 router.
B. The PPP multilink group is misconfigured on the Branch1 serial interfaces.
C. The PPP multilink group is misconfigured on the R1 serial interfaces.
D. The Branch1 serial interfaces are placed in a shutdown condition.

Answer: C
Explanation: The Interface Configuration mode command “ppp multilink group 1” should be used
instead of “ppp multilink group 2” on R1 s1/0 and s1/1 interfaces.

QUESTION 534.2
The following partial report is shown by typing the command “sh run” on R2:
:
:
interface Tunnel0
description ***Tunnel to Router Branch2***
ip address 172.16.100.2 255.255.255.252
keepalive 5 3
tunnel source Ethernet0/1
tunnel destination 192.168.15.2
:
:
interface Ethernet0/1
description ***Link to R1***
ip address 172.16.10.2 255.255.255.0
:
:
ip route 172.16.200.0 255.255.255.0 Tunnel0
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
interface Tunnel0
description *** Tunnel to Router R2***
ip address 172.16.100.1 255.255.255.252
keepalive 5 3
tunnel source Serial1/0
tunnel destination 172.16.10.2
:
:
interface Serial1/0
description ***Link to R1***
ip address 192.168.15.2 255.255.255.0
:
:
ip route 10.10.10.0 255.255.255.0 Tunnel0
:
:

Why is the Branch2 network 10.10.20.0/24 unable to communicate with the Server farm1 network
10.10.10.0/24 over the GRE tunnel?
A. The GRE tunnel destination is not configured on the R2 router.
B. The GRE tunnel destination is not configured on the Branch2 router.
C. The static route points to the tunnel0 interface that is misconfigured on the Branch2 router.
D. The static route points to the tunnel0 interface that is misconfigured on the R2 router.

Answer: D
Explanation: The correct static route on the R2 router should be “ip route 10.10.20.0 255.255.255.0
Tunnel0” instead.
QUESTION 534.3
The following partial report is shown by typing the command “sh run” on R1:
:
:
username ClientBR3 password 0 cisco123
:
:
interface Serial1/3
description ***Link to Branch3***
ip address 192.168.16.1 255.255.255.252
encapsulation ppp
ppp authentication chap
serial restart-delay 0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch3:
:
:
interface Serial1/0
description ***Link to R1***
ip address 192.168.16.2 255.255.255.252
encapsulation ppp
ppp chap hostname client
ppp chap password 0 cisco123
serial restart-delay 0
!
:
:

Why has the Branch3 router lost connectivity with R1?


Use only show commands to troubleshoot because usage of the debug command is restricted on the
Branch3 and R1 routers?
A. A PPP chap hostname mismatch is noticed between Branch3 and R1.
B. A PPP chap password mismatch is noticed between Branch3 and R1.
C. PPP encapsulation is not configured on Branch3.
D. The PPP chap hostname and PPP chap password commands are missing on the Branch3 router.
Answer: A
Explanation: Using “ppp chap hostname <name>” and “ppp chap password <password>”
commands is one of the methods of configuring PPP CHAP authentication. The Interface
Configuration mode command “ppp chap hostname <name>” is used to specify a username that
will be sent as a response for PPP CHAP authentication. The Interface Configuration mode
command “ppp chap password <password>” is used to specify a password that will be hashed and
sent as a response for PPP CHAP authentication.

QUESTION 534.4
The following partial report is shown by typing the command “sh run” on R1:
:
:
interface Serial1/2
description ***Link to Branch2***
ip address 192.168.15.1 255.255.255.252
encapsulation ppp
ppp pap sent-username R1 password 0 cisco123
serial restart-delay 0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch2:
:
:
username R1 password 0 cisco123
:
:
interface Serial1/0
description ***Link to R1***
ip address 192.168.15.2 255.255.255.252
encapsulation ppp
ppp authentication pap
serial restart-delay 0
!
:
:
router eigrp 100
network 192.168.11.0
network 192.168.15.0
!
:
:

The following partial report is shown by typing the command “sh run” on Branch3:
:
:
router eigrp 100
network 192.168.10.0
network 192.168.16.0
!
:
:

Which statement about the router configurations is correct?


A. The PPP PAP authentication is configured between Branch2 and R1.
B. Tunnel keepalives not configured for the tunnel0 interface on Branch2 and R1.
C. The Branch2 LAN network 192.168.11.0/24 is not advertised into the EIGRP network.
D. The Branch3 LAN network 192.168.10.0/24 is not advertised into the EIGRP network.
E. PPP CHAP authentication is configured between Branch1 and R1.

Answer: A
Explanation: The Interface Configuration mode command “ppp pap sent-username <name>
password <password>” is used to specify a name and a password that will be sent for PPP PAP
authentication.

QUESTION 535
In which STP state does MAC address learning take place on a PortFast-enabled port?
A. forwarding
B. learning
C. listening
D. discarding

Answer: A
Explanation: A PortFast-enabled port does not have STP listening state and STP learning state.
QUESTION 536
Which two pieces of information can be shared with LLDP TLVs? (Choose two.)
A. access-list configuration
B. device management address
C. spanning-tree topology
D. routing configuration
E. device type

Answer: B, E
Explanation: Type Length Values (TLVs) are blocks of information embedded in CDP or LLDP
advertisements which gives details like address, capabilities (and hence an indication of the device
type), port id, ...

QUESTION 537
Which NAT function can map multiple inside addresses to a single outside address?
A. PAT
B. SFTP
C. ARP
D. TFTP
E. RARP

Answer: A

QUESTION 538
Which protocol does IPv6 use to discover other IPv6 nodes on the same segment?
A. TCPv6
B. NHRP
C. NDP
D. ARP
E. CLNS

Answer: C
Explanation: ARP is replaced by NDP (Neighbor Discovery Protocol) in IPv6.

QUESTION 539
What is the most efficient subnet mask for a point-to-point IPv6 connection?
A. /32
B. /48
C. /64
D. /127
E. /128

Answer: D
Note: /127 support is recent and may not be supported by some vendors, in this case use /126.

QUESTION 540
Drag and drop the QoS features from the left onto the correct descriptions on the right.

best effort service level that provides basic connectivity without


differentiation
CAR service level that provides preferred handling
hard QoS service level that provides reserved network resources
NBAR identification tool ideal for handling web applications
PBR polices traffic based on its bandwidth allocation
soft QoS uses route maps to match traffic criteria

Answer:
service level that provides basic connectivity without best effort
differentiation
service level that provides preferred handling soft QoS
service level that provides reserved network resources hard QoS
identification tool ideal for handling web applications NBAR
polices traffic based on its bandwidth allocation CAR
uses route maps to match traffic criteria PBR

Explanation: DiffServ Model is soft QoS while IntServ Model is hard QoS.

Cisco Network Based Application Recognition (NBAR) offers network applications intelligence to
help enable application-aware services. The following is an example of using NBAR:
class-map movie
match protocol http url “*moviedownload*”

Traffic policing can be implemented on an interface using the Interface Configuration command
“rate-limit” and this feature is called Committed Access Rate (CAR). The following is an example
of using CAR:
int s0/0/0
rate-limit output 96000 18000 36000 conform-action transmit exceed-action drop
Policy-Based Routing (PBR) provides a method to forward packets by overriding the information
available in the IP routing table. The following is an example of using a route map to match traffic:
route-map demo
match length <minimum packet size> <maximum packet size>
set ip next-hop <IP address>

QUESTION 541
Which two criteria must be met to support the ICMP echo IP SLA? (Choose two.)
A. A default gateway must be configured for the source and destination devices
B. The source device must be running Layer 2 services.
C. The source device must be a Cisco device, but the destination device can be from any vendor.
D. The source and destination devices must be Cisco devices.
E. The destination device must support the echo protocol.

Answer: C, E

QUESTION 542
Drag and drop the BGP terms from the left onto the correct descriptions on the right.

autonomous block of IP addresses


system
external BGP relationship between peers in different autonomous
system
internal BGP relationship between peers in the same autonomous
system
prefix separate network operating within one administrative
domain
private AS range value between 1 and 64,511
public AS range value between 64,512 and 65,535

Answer:
block of IP addresses prefix
relationship between peers in different autonomous external BGP
system
relationship between peers in the same autonomous internal BGP
system
separate network operating within one administrative autonomous
domain system
value between 1 and 64,511 public AS range
value between 64,512 and 65,535 private AS range
Explanation: A public AS number is globally unique and could be announced to your ISP via BGP.
A private AS number should not be announced to your ISP via BGP and the use of it is more
frequent in private networks that will never communicate directly with the Internet.

QUESTION 543
You are connecting a variety of devices on your network. Drag and drop the combinations of
devices from the left onto the correct cable types on the right.

PC to router Crossover Cable


switch to hub
switch to PC
switch to router
switch to switch
switch to wireless access point Straight-Through Cable

Answer:

Crossover Cable
PC to router
switch to hub
switch to switch

Straight-Through Cable
switch to PC
switch to router
switch to wireless access point

QUESTION 544
Which two statements about 1000BASE-T UTP cable are true? (Choose two.)
A. Both ends of the cable can transmit and receive simultaneously.
B. It uses four wire pairs.
C. It is most appropriate for installations up to 1000 feet in length.
D. It uses four wires.
E. It is most appropriate for installations up to 1000 meters in length.
Answer: A, B
Explanation: 1000BASE-T is Gigabit Ethernet using four pairs of unshielded twisted pair copper
cables with a maximum length of 100 meters.

QUESTION 545
Drag and drop the Ethernet terms from the left onto the correct descriptions on the right.
carrier sense calculated value that can increase when a new
station is added to a network
collision ability of an end device to determine that another
device is communicating on a shared link
collision detection link used to transport data between a source and a
destination
collision rate potential conflict when more than one end device
attempts to send traffic over the same link
medium use of CSMA to ensure that devices on a shared link
can communicate without interfering with one
another

Answer:
calculated value that can increase when a new collision rate
station is added to a network
ability of an end device to determine that another collision detection
device is communicating on a shared link
link used to transport data between a source and a medium
destination
potential conflict when more than one end device collision
attempts to send traffic over the same link
use of CSMA to ensure that devices on a shared link carrier sense
can communicate without interfering with one
another

Explanation: CSMA stands for Carrier Sense Multiple Access.

QUESTION 546
Switch#configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.2.2 255.255.255.0
Switch(config-if)#end

What is the effect of the given configuration?


A. It configures an inactive switch virtual interface.
B. It configures the default VLAN.
C. It configures an active management interface.
D. It configures the native VLAN.

Answer: A

QUESTION 547
Drag and drop the application protocols from the left onto the transport protocols that it uses on the
right.

DHCP TCP
FTP
SMTP
SSH
SNMP
TFTP UDP

Answer:

TCP
FTP
SMTP
SSH

UDP
DHCP
SNMP
TFTP

QUESTION 548
Which two tasks does a router perform when it receives a packet that is being forwarded from one
network to another? (Choose two.)
A. It removes the Layer 3 frame header and trailer.
B. It examines the MAC address table for the forwarding interface.
C. It removes the Layer 2 frame header and trailer.
D. It examines the routing table for the best path to the destination IP address of the packet.
E. It encapsulates the Layer 2 packet.

Answer: C, D

QUESTION 549
What are two advantages of static routing? (Choose two.)
A. It allows the administrator to control the path of traffic.
B. It produces minimal CPU load.
C. It cannot be used to load-balance traffic over multiple links.
D. It can be implemented easily even in large environments.
E. It allows the network to respond immediately to changes.

Answer: A, B

QUESTION 550
Which two advantages do dynamic routing protocols provide over static routing? (Choose two.)
A. Dynamic routing protocols are easier to manage on very large networks.
B. Dynamic routing protocols automatically adapt to reroute traffic if possible.
C. Dynamic routing requires fewer resources than static routing.
D. Only dynamic routing is supported on all topologies that require multiple routers.
E. Dynamic routing is more secure than static routing.

Answer: A, B
Explanation: Static routing is more secure than dynamic routing since no advertisements are sent.

QUESTION 551
Which two differences between distance-vector and link-state routing protocols are true? (Choose
two.)
A. Only distance-vector routing protocols maintain identical topology tables on all connected
neighbors.
B. Link-state routing protocols offer faster convergence than distance-vector protocols during
network changes.
C. Distance-vector routing protocols are less susceptible to loops than link-state protocols.
D. Only link-state routing protocols use the Bellman-Ford algorithm.
E. Only distance-vector routing protocols send full routing table updates.

Answer: B, E

QUESTION 552
You have configured a router with an OSPF router ID, but its IP address still reflects the physical
interface. Which action can you take to correct the problem in the least disruptive way?
A. Reboot the router.
B. Reload the OSPF process.
C. Save the router configuration.
D. Specify a loopback address.

Answer: B
Explanation: OSPF will continue to use its existing router ID (e.g. an IP address which was selected
from an interface) even though an OSPF Router Configuration mode command “router-id <value in
ip address format>” is configured manually afterwards. To enforce using the router ID configured
manually, you may save the configuration and reboot the router. However, you may reload the
OSPF process (by typing the Privileged mode command “clear ip ospf process”) instead which is
the least disruptive way.

QUESTION 553
Which type of access list compares source and destination IP addresses?
A. IP named
B. extended
C. reflexive
D. standard

Answer: B

QUESTION 554
A network engineer wants to allow a temporary entry for a remote user with a specific username
and password so that the user can access the entire network over the Internet. Which ACL can be
used?
A. reflexive
B. dynamic
C. standard
D. extended

Answer: B
Explanation:
Dynamic access lists (or called Lock and Key) is dependent on Telnet, authentication and extended
access lists. A dynamic access list configuration starts with the application of an extended access
list to block traffic through the router. Users that want to traverse the router are blocked by the
extended access list until they telnet to the router and are authenticated. The telnet connection then
drops and a single entry dynamic access list is added to the extended access list that exists. The
following is a configuration example with timeout of 15 minutes:

username test password abcde


username test autocommand access-enable
access-list 101 permit tcp any host 10.1.1.1 eq telnet
access-list 101 dynamic testlist timeout 15 permit ip 10.1.1.0 0.0.0.255
172.16.1.0 0.0.0.255
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
line vty 0 4
login local

QUESTION 555
Which command is configured on a switch to enable neighbor discovery in a multivendor
environment?
A. lldp run
B. lldp receive
C. lldp transmit
D. cdp run

Answer: A

QUESTION 556
In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three.)
A. IPv6 headers eliminate the IPv4 Checksum field.
B. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field.
C. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field.
D. Unlike IPv4 headers, IPv6 headers have a fixed length.
E. IPv6 uses an extension header instead of the IPv4 Fragmentation field.
F. IPv6 headers use a smaller Option field size than IPv4 headers.

Answer: A, D, E
Explanation: The following is the IPv6 packet header format:

IPv6 eliminates the Header Checksum field, which handles error checking in IPv4. IPv6 depends on
reliable transmission in the data link layer protocols and on error checking in upper-layer protocols
instead.
While IPv4 header’s total length comprises a minimum of 20 octets (8 bits per octet), IPv6 header
has only 8 fields with a fixed length of 40 octets.
IPv4 header does not have a fixed length because of the Options fields. This field is used to convey
additional information on the packet or on the way it should be processed. Routers, unless
instructed otherwise, must process the Options in the IPv4 header. The processing of most header
options pushes the packet into the slow path leading to a forwarding performance hit.
IPv4 Options perform a very important role in the IP protocol operation therefore the capability had
to be preserved in IPv6. However, the impact of IPv4 Options on performance was taken into
consideration in the development of IPv6. The functionality of Options is removed from the main
header and implemented through a set of additional headers called extension headers. The “Next
Header” field in IPv6 can be used to point to the extension headers.

QUESTION 557
Which IPv6 header field is equivalent to the TTL?
A. Scan Timer
B. Hop Count
C. Flow Label
D. Hop Limit
E. TTD

Answer: D
Explanation: The “Hop Limit” field in the IPv6 packet header is equivalent to the “TTL” field in the
IPv4 packet header.

QUESTION 558
Which two statements about the tunnel mode ipv6ip command are true? (Choose two.)
A. It specifies IPv6 as the transport protocol.
B. It specifies that the tunnel is a Teredo tunnel.
C. It enables the transmission of IPv6 packets within the configured tunnel.
D. It specifies IPv6 as the encapsulation protocol.
E. It specifies IPv4 as the encapsulation protocol.

Answer: C, E
Explanation:
Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4
infrastructure. There are many types of overlay tunneling mechanisms such as Manual, GRE
(Generic Routing Encapsulation), etc.
Manual overlay tunnel can carry IPv6 packets only (while GRE overlay tunnel can carry IPv6 and
many other types of packets) and is defined by the Tunnel Interface Configuration mode command
“tunnel mode ipv6ip”. This command specifies IPv6 as the passenger protocol and IPv4 as both the
encapsulation and transport protocol for the Manual overlay tunnel.

QUESTION 559
Which tunneling mechanism embeds an IPv4 address within an IPv6 address?
A. 4to6
B. ISATAP
C. GRE
D. Teredo
E. 6to4

Answer: E
Explanation: An automatic 6to4 tunnel allows isolated IPv6 networks to be connected over an IPv4
network. The key difference between automatic 6to4 tunnels and manually configured tunnels is
that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are
not configured in pairs. The IPv4 address embedded in the IPv6 address is used to find the other end
of the automatic tunnel.
An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which
creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4
infrastructure. The tunnel destination is determined by the IPv4 address of the border router
extracted from the IPv6 address that starts with the prefix 2002::/16, where the format is
2002:hexadecimal-format-of-border-router-IPv4-address::/48.
For 2002:ab10:beef::/48 mentioned in the question, the part ab10:beef corresponds to
171.16.190.239 which is a public IPv4 address where:
Hexadecimal Decimal
ab 171
10 16
be 190
ef 239

QUESTION 560
Which command can you enter to configure a local username with an encrypted password and
EXEC mode user privileges?
A. Router(config)#username jdone privilege 1 password 7 39109A2B3E19
B. Router(config)#username jdone privilege 1 password 7 PASSWORD1
C. Router(config)#username jdone privilege 15 password 0 PASSWORD1
D. Router(config)#username jdone privilege 15 password 0 39109A2B3E19

Answer: A
Explanation:
The portion “privilege 1” in the command represents the User EXEC mode while “privilege 15”
represents the Privileged EXEC mode.

QUESTION 561
Which option is the primary purpose of traffic shaping?
A. providing best-effort service
B. enabling policy-based routing
C. enabling dynamic flow identification
D. limiting bandwidth usage

Answer: D

QUESTION 562
You are configuring an IP SLA ICMP Echo operation to troubleshoot a network connectivity issue.
When do you enter an IP address to test the IP SLA?
A. when you specify the test frequency
B. when you define the ICMP Echo operation
C. when you verify the IP SLA operation
D. when you enable the ICMP Echo operation

Answer: B

QUESTION 563
Which two commands can you use to verify an IP SLA? (Choose two.)
A. show ip sla application
B. show ip sla history
C. show ip sla statistics
D. show ip sla reaction-configuration
E. show ip sla configuration

Answer: C, E
Explanation: The following two commands can be used to verify an IP SLA (with IP SLA number
123):
Device# show ip sla statistics 123
IPSLAs Latest Operation Statistics

IPSLA operation id: 123


Type of operation: udp-jitter
Latest RTT: 1 milliseconds
Latest operation start time: 00:24:08 PST Sat Feb 25 2012
Latest operation return code: OK
RTT Values:
Number Of RTT: 10 RTT Min/Avg/Max: 2/2/3 milliseconds
Percentile RTT: 95%
Number Of RTT: 9 RTT Min/Avg/Max: 2/2/2 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 9
Source to Destination Latency one way Min/Avg/Max: 1/1/2 milliseconds
Destination to Source Latency one way Min/Avg/Max: 1/1/2 milliseconds
Percentile SD OW: 95%
Percentile DS OW: 95%
Number of Latency one-way Samples: 8
Source to Destination Latency one way Min/Avg/Max: 1/1/1 milliseconds
Destination to Source Latency one way Min/Avg/Max: 1/1/1 milliseconds
Jitter Time:
Number of SD Jitter Samples: 9
Source to Destination Jitter Min/Avg/Max: 4/6/12 milliseconds
Number of DS Jitter Samples: 9
Destination to Source Jitter Min/Avg/Max: 0/2/5 milliseconds
Percentile SD OW: 95%
Percentile DS OW: 95%
Number of SD Jitter Samples: 8
Source to Destination Jitter Min/Avg/Max: 4/6/11 milliseconds
Number of DS Jitter Samples: 8
Destination to Source Jitter Min/Avg/Max: 0/2/4 milliseconds

Device# show ip sla configuration 123

IP SLAs Infrastructure Engine-III


Entry number: 123
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: udp-jitter
Target address/Source address: 192.0.2.2/3000
Target port/Source port: 2460/0
Type Of Service parameter: 0x0
Request size (ARR data portion): 32
Packet Interval (milliseconds)/Number of packets: 20/10
Verify data: No
Vrf Name:
Control Packets: enabled
Schedule:
Operation frequency (seconds): 60 (not considered if randomly scheduled)
Next Scheduled Start Time: Pending trigger
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): 3600
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): notInService
Threshold (milliseconds): 5000
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20

QUESTION 564
Which API uses HTTP messages to transfer data to applications residing on different hosts?
A. OpenStack
B. REST
C. OpenFlow
D. OpFlex

Answer: B

QUESTION 565
Which two values must you specify to perform an ACL-based Path Trace using APIC-EM? (Choose
two.)
A. source port
B. source interface
C. source IP address
D. destination IP address
E. destination port

Answer: C, D
Explanation: APIC-EM Path Trace can identify the cause of a traffic-flow blockage between two
devices in a network. The following is an example by specifying the required fields of Source IP
address and Destination IP address, together with the optional fields of Destination Port and
Protocol:
After clicking “Start Trace”:

QUESTION 566
Which two neighbor types are supported in a BGP environment? (Choose two.)
A. directly attached
B. internal
C. remote
D. external
E. autonomous
Answer: B, D
Explanation: If a BGP session is established between two neighbors in different autonomous
systems, the session is external BGP (EBGP), and if the session is established between two
neighbors in the same AS, the session is internal BGP (IBGP).

QUESTION 567
For which routes does the distance bgp 10 50 70 command set the administrative distance?
A. between BGP routes and IGP routes
B. for BGP internal routes only
C. for BGP external routes only
D. for all BGP routes

Answer: D
Explanation: The syntax of the command “distance bgp” is as follows:
(config)#router bgp 123
(config-router)#distance bgp external-distance internal-distance local-distance
Default: External distance is 20; internal distance is 200; local distance is 200
The “distance bgp” command allows you to change the administrative distance (i.e. the
trustworthiness of a route’s source relative to other routing protocols). The lower the administrative
distance, the more the route’s source is trusted. external-distance applies to external BGP routes
(routes learned from a peer outside your AS); internal-distance applies to internal BGP routes
(routes learned from a peer within your AS); local-distance applies to routes added with the
“network” command.

QUESTION 568
Which two server types are used to support DNS lookup? (Choose two.)
A. ESX host
B. name resolver
C. web server
D. file transfer server
E. authoritative name server

Answer: B, E
Explanation: Name resolver (also called domain name resolver) is used to respond to a user request
to resolve a domain name into an IP address.
QUESTION 569
Which two functions can be performed by a local DNS server? (Choose two.)
A. copying updated IOS images to Cisco switches
B. transferring split horizon traffic between zones
C. resolving names locally
D. forwarding name resolution requests to an external DNS server
E. assigning IP addresses to local clients

Answer: C, D

QUESTION 570
Which command can you enter on a Cisco IOS device to enable a scheduled algorithm that directs
lookup calls to multiple DNS hosts?
A. ip name-server 192.168.10.14 192.168.10.15
B. ip domain round-robin
C. ip domain lookup
D. ip domain list

Answer: B
Explanation: The following example allows a Telnet to company.example.com to connect to each
of the three IP addresses specified in the following order: the first time the hostname is referenced,
it would connect to 10.0.0.1; the second time the hostname is referenced, it would connect to
10.1.0.1; and the third time the hostname is referenced, it would connect to 10.2.0.1.
Device(config)# ip host company.example.com 10.0.0.1 10.1.0.1 10.2.0.1
Device(config)# ip domain round-robin

QUESTION 571
Which benefit of implementing a dual-homed WAN connection instead of a single-homed
connection is true?
A. Only dual-homed connections support split horizon with EIGRP.
B. Only dual-homed connections enable an individual router to tolerate the loss of a network link.
C. Only dual-homed connections support recursive routing.
D. Only dual-homed connections support OSPF in conjunction with BGP.

Answer: B
Explanation:
An example of a single-homed WAN connection:
Examples of a dual-homed WAN connection:

or

You might also like