Composite Quiz 102 Questions: Type Text To Search Here..

04/08/2023 18:44 CCNA Training » Composite Quiz 102 Questions
Type text to search here...

Home > Composite Quiz 102 Questions
Composite Quiz 102 Questions

June 7th, 2020
Result of Composite Quiz 102 Questions:
Total Questions Full Score Passing Rate Your Score Correct Answer Percentage Elapsed
102 1320 80% 635 48.11% 00:50:17
Sorry!
You failed :( but surely you will do it better next time!
If you want to retake this quiz, please press Ctrl + F5 on Windows or press CMD + R on Mac.
Your answers are shown below:
Question 1
Refer to the exhibit.
Which route type does the routing protocol Code D represent in the output?
A. statically assigned route

B. internal BGP route
C. route learned through EIGRP
D. /24 route of a locally configured IP
Explanation
Code “D” represents for EIGRP. Code “E” could not be used for EIGRP as it was used for Exterior Gateway Protocol (EGP), which is BGP predecessor.
Question 2
What is a function of Layer 3 switches?
A. They move frames between endpoints limited to IP addresses.

B. They route traffic between devices in different VLANs.
C. They transmit broadcast traffic when operating in Layer 3 mode exclusively.
D. They forward Ethernet frames between VLANs using only MAC addresses.
Question 3
R1#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.2/24, Area 0
Process ID 1, Router ID 192.168.1.2, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 15, Dead 20, Wait 20, Retransmit 5
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0) /0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)
R2#show ip ospf interface g0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.1.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT-TO-POINT, Cost: 1
Transmit Delay is 1 sec, State POINT-TO-POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:11
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Suppress hello for 0 neighbor(s)
https://www.9tut.com/composite-quiz 1/36
The network engineer is configuring router R2 as a replacement router on the network. After the initial configuration is applied it is determined that R2
failed to show R1 as a neighbor. Which configuration must be applied to R2 to complete the OSPF configuration and enable it to establish the neighbor
relationship with R1?
Option A
Option B
R2(config)#interface g0/0/0
R2(config)#router ospf 1
R2(config-if)#ip ospf hello-interval 15
R2(config-router)#router-id 192.168.1.2
R2(config-if)#ip ospf dead-interval 20
Option C
Option D
R2(config)#router ospf 1
R2(config)#interface g0/0/0
R2(config-router)#network 192.168.1.0 255.255.255.0 area 2
R2(config-if)#ip ospf dead-interval 20
R2(config-router)#network 10.1.1.0 255.255.255.255 area 2
A. Option A
B. Option B
C. Option C
D. Option D
Explanation
In order to become OSPF neighbor, the following values must be matched on both routers:
+ Area ID
+ Authentication
+ Hello and Dead Intervals
+ Stub area Flag
+ MTU Size
Question 4
What is a network appliance that checks the state of a packet to determine whether the packet is legitimate?
A. LAN controller
B. firewall
C. load balancer
D. Layer 2 switch
Question 5
A network engineer configures the CCNA WLAN so that clients must reauthenticate hourly and to limit the number of simultaneous connections to the
WLAN to 10. Which two actions complete this configuration? (Choose two)
A. Enable the Wi-Fi Direct Clients Policy option.

B. Enable the Enable Session Timeout option and set the value to 3600.
C. Set the Maximum Allowed Clients Per AP Radio value to 10.
D. Enable the Client Exclusion option and set the value to 3600.
E. Set the Maximum Allowed Clients value to 10.
Explanation
By default, client sessions with the WLAN are limited to 1800 seconds (30 minutes). Once that session time expires, a client will be required to re-authenticate. This
setting is controlled by the Enable Session Timeout check box and the Timeout field.
Question 6
Drag and drop the functions from the left onto the correct network components on the right.
Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 13524 (which means 135
for first group, 24 for second group)
Please type your answer here: 34512 (correct answer: 14523)
Question 7
Which option best describes an API?
A. a stateless client-server model

B. communication often uses either Java scripting, Python, XML, or simple HTTP
C. an architectural style (versus a protocol) for designing applications
D. request a certain type of data by specifying the URL path that models the data
Question 8
Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?
A. active
B. mode on
C. auto
D. passive
Explanation
From the neighbor status, we notice the “Flags” are SP. “P” here means the neighbor is in Passive mode. In order to create an Etherchannel interface, the (local) SW1
ports should be in Active mode. Moreover, the “Port State” in the exhibit is “0x3c” (which equals to “00111100″ in binary format). Bit 3 is “1” which means the
ports are synchronizing -> the ports are working so the local ports should be in Active mode.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/consolidated_guide/command_reference/b_consolidated_3650_3se_cr/b_consol
Question 9
Which device permits or denies network traffic based on a set of rules?
A. wireless controller
B. access point
C. switch
D. firewall
Question 10
Two switches are connected and using Cisco Dynamic Trunking Protocol. SW1 is set to Dynamic Desirable. What is the result of this configuration?
A. The link is becomes an access port

B. The link is in an error disables stale
C. The link is in a downstate.
D. The link becomes a trunkport
Explanation
Maybe this question is missing the “SW2 is set to Dynamic Auto” part so we assume this part to find out the best answer. Dynamic Desirable + Dynamic
Desirable/Dynamic Auto/Trunk will form a trunk link.
Question 11
A technician receives a report of network slowness and the issue has been isolated to the interface FastEthernet0/13. What is the root cause of the issue?
FastEthernet0/13 is up, line protocol is up
Hardware is Fast Ethernet, address is 0001.4d27.66cd (bia 0001.4d27.66cd)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 250/255, txload 1/255, ndoad 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 18:52:43, output 00:00:01, output hang never
Last clearing of 'show interface' counters never
Queueing strategy: fifo
Output queue 0/40,0 drops; input queue 0/75, 0 drops
5 minute input rate 12000 bits/sec, 6 packets/sec
5 minute output rate 24000 bits/sec, 6 packets/sec
14488019 packets input, 2441805322 bytes
Received 345346 broadcasts, 0 runts, 0 giants, 0 throttles
261028 input errors, 259429 CRC, 1599 frame, 0 overrun, 0 ignored
0 watchdog, 84207 multicast 0 input packets with dribble condition detected
19658279 packets output, 3529106068 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
A. err-disabled port on the far end

B. local buffer overload
C. duplicate IP addressing
D. physical errors
Explanation
In this question, the input errors and CRC errors grow so the most likely cause of this problem is cable connected between two devices is faulty (physical errors).
Question 12
R1#show ip route
--output omitted--
Gateway of last resort is 192.168.14.4 to network 0.0.0.0
C 172.16.1.128/25 is directly connected, GigabitEthernet1/1/0

C 192.168.12.0/24 is directly connected, FastEthernet0/0
C 172.16.16.1 is directly connected, Loopback1
192.168.10.0/24 is variably subnetted, 3 subnets, 3 masks
O 192.168.10.0/24 [110/2] via 192.168.14.4, 00:03:01, FastEthernet1/0
D 192.168.10.1/32 [90/52778] via 192.168.12.2, 00:05:11, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.14.4, 00:05:11, FastEthernet1/0
If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
A. 192.168.14.4
B. 192.168.15.5
C. 192.168.13.3
D. 192.168.12.2
Explanation
The packet destined to 172.16.1.1 would match the default route (the last line) so it sends the packet to 192.168.14.4.
Question 13
When is the PUT method used within HTTP?
A. when a read-only operation is required
B. to display a web site
C. to update a DNS server
D. when a nonidempotent operation is needed
Explanation
PUT is similar to POST in that it can create resources, but it does so when there is a defined URL wherein PUT replaces the entire resource if it exists or creates new
if it does not exist.
Question 14
An implementer is preparing hardware for virtualization to create virtual machines on a host. What is needed to provide communication between
hardware and virtual machines?
A. switch
B. router
C. straight cable
D. hypervisor
Question 15
What is a syslog facility?
A. set of values that represent the processes that can generate a log message
B. host that is configured for the system to send log messages
C. password that authenticates a Network Management System to receive log messages
D. group of log messages associated with the configured severity level
Explanation
System logs are the product of a communications protocol (RFC 5424) for transmitting event messages and alerts across an IP network. Facility is defined by the
syslog protocol, and provides a rough clue of where in a system the message originated.
Reference: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/security-analytics/8-2-1/_reference_home/syslog.html
Question 16
What is a function of the Cisco DNA Center Overall Health Dashboard?
A. It summarizes daily and weekly CPU usage for servers and workstations in the network.
B. It provides detailed activity logging for the 10 devices and users on the network.
C. It summarizes the operational status of each wireless device on the network.
D. It provides a summary of the top 10 global issues.
Explanation
The bottom of Cisco DNA Center Overall Health Dashboard displays the top 10 issues, if any, that must be addressed.
Question 17
When a switch receives a frame from an unknown source MAC address, which action does the switch take with the frame?
A. It associate the source MAC address with the LAN port on which it was received and saves it to the MAC address table.
B. It sends the frame to ports within the CAM table identified with an unknown source MAC address.
C. It attempts to send the frame back to the source to ensure that the source MAC address is still available for transmissions.
D. It floods the frame out all interfaces, including the interface it was received on.
Question 18
Which WPA mode uses PSK authentication?
A. Client
B. Enterprise
C. Personal
D. Local
Explanation
Both versions of Wi-Fi Protected Access (WPA/WPA2) can be implemented in either of two modes:
+ Personal or Pre-Shared Key (PSK) Mode: This mode is appropriate for most home networks—but not business networks. You define an encryption passphrase
on the wireless router and any other access points (APs). Then the passphrase must be entered by users when connecting to the Wi-Fi network.
Though this mode seems very easy to implement, it actually makes properly securing a business network nearly impossible. Unlike with the Enterprise mode,
wireless access can’t be individually or centrally managed. One passphrase applies to all users. If the global passphrase should need to be changed, it must be
manually changed on all the APs and computers. This would be a big headache when you need to change it; for instance, when an employee leaves the company or
when any computers are stolen or compromised. Unlike with the Enterprise mode, the encryption passphrase is stored on the computers. Therefore, anyone on the
computer—whether it be employees or thieves—can connect to the network and also recover the encryption passphrase.
Reference: https://www.ciscopress.com/articles/article.asp?p=1576225
Question 19
What event has occurred if a router sends a notice level message to a syslog server?
A. An ICMP connection has been built

B. A certificate has expired
C. A TCP connection has been torn down
D. An interface line has changed status
Explanation
If you used to configure a Cisco device then maybe you saw this notice level message:
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
Number 5 in the above message represents for the Notification Level (Normal, but significant, conditions exist).
Question 20
When deploying syslog, which severity level logs informational message?
A. 4
B. 2
C. 6
D. 0
Question 21
Which network plane is centralized and manages routing decisions?
A. data plane
B. policy plane
C. management plane
D. control plane
Question 22
Which plan must be implemented to ensure optimal QoS marking practices on this network?
A. As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer
B. Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2
C. Remark traffic as it traverses R1 and trust all markings at the access layer
D. As traffic enters from the access layer on SW1 and SW2, trust all traffic markings
Explanation
“Classify, mark, and police as close to the traffic-sources as possible.” -> Answer 'As traffic traverses MLS1 remark the traffic, but trust all markings at the access
layer ' is not correct.
Reference: https://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd80295aa1.pdf
As a rule, it is not recommended to trust markings set by end users leveraging PCs or other endpoint devices. End users can intentionally or unintentionally abuse
QoS policies that trust markings of end devices. If users and unclassified applications take advantage of the configured QoS policy as a result of trusting end devices,
this can result in easily starving priority queues with nonpriority traffic, ruining quality of service for real-time applications.
Reference: https://www.ciscopress.com/articles/article.asp?p=2756478&seqNum=2
-> Answer 'As traffic enters from the access layer on SW1 and SW2, trust all traffic markings ' and answer 'Remark traffic as it traverses R1 and trust all markings at
the access layer' are not correct.
Question 23
Refer to the exhibit. The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be
performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another? (Choose two)
Configured interfaces:
New York:
Atlanta: Washington:
S0/0/0: 2012::2/126
S0/0/0: 2012::1/126 S0/0/0: 2023::3/126
S0/0/1: 2023::2/126
Loopback1: 2000::1/128 Loopback3: 2000::3/128
Loopback2:2000::2/128
A. Configure the ipv6 route 2012::/126 s0/0/0 command on the Atlanta router
B. Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router
C. Configure the ipv6 route 2012::/126 2023::1 command on the Washington router
D. Configure the ipv6 route 2012::/126 2023:2 command on the Washington router
E. Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router
Explanation
The short syntax of static IPv6 route is:
ipv6 route <destination-IPv6-address> {next-hop-IPv6-address | exit-interface}
Question 24
Which type of network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are
exhausted?
A. amplification
B. reflection
C. teardrop
D. SYN flood
Explanation
A SYN flood (half-open attack) is a type of denial-of-service (DDoS) attack which aims to make a server unavailable to legitimate traffic by consuming all available
server resources. By repeatedly sending initial connection request (SYN) packets, the attacker is able to overwhelm all available ports on a targeted server machine,
causing the targeted device to respond to legitimate traffic sluggishly or not at all.
Question 25
What is the purpose of classifying network traffic in QoS?
A. identifies the type of traffic that will receive a particular treatment

B. writes the class identifier of a packet to a dedicated field in the packet header
C. services traffic according to its class
D. configures traffic-matching rules on network devices
Explanation
The goal of network traffic classification is to group traffic based on user-defined criteria so that the resulting
groups of network traffic can then be subjected to specific QoS treatments.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/configuration/15-mt/qos-classn-15-mt-book/qos-classn-ntwk-trfc.pdf
Question 26
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
Note: You just need to click on one of the boxes on the right to match it with the corresponding box on the left.
2001:db8:600d:cafe::123 Link-Local unicast

fe80:a00:27ff:feeb:8eaa Global unicast
ff05::1:3 Unique Local
fcba:926a:e8e:7a25:b1:c6d2:1a76:8fdc Multicast
Explanation
Link-local addresses are allocated with the FE80::/64 prefix -> can be easily recognized by the prefix FE80
All IPv6 multicast addresses share the prefix of FF00::/8 -> The first octet is FF (1111 1111). This way you can tell at a glance if an IPv6 address is intended for
multicast or not.
Unique local IPv6 addresses have the similar function as IPv4 private addresses. They are not allocated by an address registry and are not meant to be routed outside
their domain. Unique local IPv6 addresses start with FC00::/7 -> The first octet can be FC or FD. However when you implement this you have to set the L-bit (the
right-most bit of the first octet) to 1 which means that the first two digits will be FD.
Question 27
Which two statements about EtherChannel technology are true? (Choose two)
A. EtherChannel does not allow load sharing of traffic among the physical links within the EtherChannel
B. You can configure multiple EtherChannel links between two switches, using up to a limit of sixteen physical ports
C. EtherChannel provides increased bandwidth by bundling existing FastEthernet or Gigabit Ethernet interfaces into a single EtherChannel
D. STP does not block EtherChannel links
E. EtherChannel allows redundancy in case one or more links in the EtherChannel fail
Explanation
In fact answer 'STP does not block EtherChannel links' is also correct as STP considers Etherchannel links as one physical link so this question should have three
correct answers. But answer 'STP does not block EtherChannel links' is not as obvious as the other two answers so we should choose them.
Question 28
Which command should you enter to verify the priority of a router in an HSRP group?
A. show standby
B. show sessions
C. show hsrp
D. show interfaces
Explanation
Below is an example of the “show standby” command:
We can see the current HSRP priority of this device, which is 90 and the configured HSRP priority too (which is 90, too).
Question 29
Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP)
protocol?
A. route
B. lightweight
C. autonomous
D. bridge
Explanation
Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight
+ Autonomous: self-sufficient and standalone. Used for small wireless networks.
+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other via a logical
pair of CAPWAP tunnels.
Question 30
An engineer must configure a core router with a floating static default route to the backup router at 10.200.0.2. Which command meets the requirements?
A. ip route 0.0.0.0 0.0.0.0 10.200.0.2

B. ip route 0.0.0.0 0.0.0.0 10.200.0.2 1
C. ip route 0.0.0.0 0.0.0.0 10.200.0.2 10
D. ip route 0.0.0.0 0.0.0.0 10.200.0.2 floating
Question 31
What is a practice that protects a network from VLAN hopping attacks?
A. Configure an ACL to prevent traffic from changing VLANs

B. Implement port security on internet-facing VLANs
C. Change native VLAN to an unused VLAN ID
D. Enable dynamic ARP inspection
Explanation
VLAN Hopping: By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing
Layer 3 security measures. VLAN hopping can be accomplished by switch spoofing or double tagging. One of a popular type of VLAN Hopping is
Double-Tagging attack:
In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and
the second matches the VLAN of a host it wants to attack (VLAN 20).
When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed.
Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards
out to the Victim computer.
Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker. In other words, this attack is only successful if the
attacker belongs to the native VLAN of the trunk link. Another important point is, this attack is strictly one way as it is impossible to encapsulate the return packet.
To mitigate this type of attack, we can use VLAN access control lists (VACLs, which applies to all traffic within a VLAN. We can use VACL to drop attacker traffic
to specific victims/servers); or implement Private VLANs; or keep the native VLAN of all trunk ports different from user VLANs.
Question 32
A static route must be configured on R14 to forward traffic for the 172.21.34.0/25 network that resides on R86. Which command must be used to fulfill the
request?
A. ip route 172.21.34.0 255.255.128.0 10.73.65.64

B. ip route 172.21.34.0 255.255.255.192 10.73.65.65
C. ip route 172.21.34.0 255.255.255.0 10.73.65.65
D. ip route 172.21.34.0 255.255.255.128 10.73.65.66
Question 33
A router has two static routes to the same destination network under the same OSPF process. How does the router forward packets to the destination if the
next-hop devices are different?
A. The router chooses the route with the oldest age.

B. The router chooses the next hop with the lowest IP address.
C. The router load-balances traffic over all routes to the destination.
D. The router chooses the next hop with the lowest MAC address.
Explanation
You can add multiple static routes for the same destination network to provide one or more of the following benefits:
+ IP load balancing – When you add multiple IP static routes for the same destination to different next-hop gateways, and the routes each have the same metric and
administrative distance, the Layer 3 switch can load balance traffic to the routes’ destination.
+ Path redundancy – When you add multiple static IP routes for the same destination, but give the routes different metrics or administrative distances, the Layer 3
switch uses the route with the lowest administrative distance by default, but uses another route to the same destination if the first route becomes unavailable.
Reference: https://docs.ruckuswireless.com/fastiron/08.0.40/fastiron-08040a-l3guide/GUID-FE67DB45-70C8-420D-AE8A-AEF36F4CF53D.html
Question 34
Drag and drop the characteristic from the left onto the IPv6 address type on the right.
Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 1324 (which means 13
for first group, 24 for second group).
Explanation
Answer:
Multicast
+ sends packets to a group address rather than a single address
+ has a unicast source sent to a group
Anycast
+ is used exclusively by a non-host device
+ is routed to the nearest interface that has the address
Explanation
An anycast address is an address that is assigned to a set of interfaces that typically belong to different nodes. A packet sent to an anycast address is delivered to the
closest interface (as defined by the routing protocols in use) identified by the anycast address.
Anycast addresses can be used only by a device, not a host, and anycast addresses must not be used as the source address of an IPv6 packet.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3se/5700/ip6-anycast-add-xe.html
Question 35
Which function does an SNMP agent perform?
A. It requests information from remote network nodes about catastrophic system events.
B. It manages routing between Layer 3 devices in a network
C. It coordinates user authentication between a network device and a TACACS+ or RADIUS server
D. It sends information about MIB variables in response to requests from the NMS
Question 36
Which two capacities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two)
A. modular design that is upgradable as needed

B. adapters that support all families of Cisco IOS software
C. SDKs that support interaction with third-party network equipment
D. customized versions for small, medium, and large enterprises
E. REST APIs that allow for external applications to interact natively
Explanation
Cisco DNA Center offers 360-degree extensibility through four distinct types of platform capabilities:
+ Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the network and to reap network analytics and insights for IT
and business innovation.
+ Process adapters, built on integration APIs, allow integration with other IT and network systems to streamline IT operations and processes.
+ Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent
intent-based infrastructure across the entire IT environment.
+ SDKs allow management to be extended to third-party vendor’s network devices to offer support for diverse environments.
Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-cent-platf-aag-cte-en.html
Question 37
Drag and drop the DNS lookup commands from the left onto the functions on the right.
enables DNS lookup on an individual interface ip domain name

enables the DNS server on the device ip host
identifies a DNS server to provide lookup services ip domain lookup source-interface
specifies a sequence of domain names ip domain list
specifies the default domain to append to unqualified host names ip dns server
statically maps an IP address to a hostname ip name-server
Explanation
Answer:
+ enables DNS lookup on an individual interface: ip domain lookup source-interface

+ enables the DNS server on the device: ip dns server
+ identifies a DNS server to provide lookup services: ip name-server
+ specifies a sequence of domain names: ip domain list
+ specifies the default domain to append to unqualified host names: ip domain name
+ statically maps an IP address to a hostname: ip host
Explanation
The command “ip domain-lookup” enables DNS-based host name-to-address translation. This command is enabled by default.
The ip domain name defines a list of default domain names to complete unqualified hostnames. The ip domain list command is similar to the ip domain name
command, except that with the ip domain list command you can define a list of domains, each to be tried in turn until the system finds a match.
The ip host defines a static hostname-to-address mapping in the hostname cache. For example: Device(config)# ip host cisco-rtp 192.168.0.148
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dns/configuration/15-mt/dns-15-mt-book/dns-config-dns.html
Question 38
What is a DNS lookup operation?
A. serves requests over destination port 53

B. DNS server forwards the client to an alternate IP address when the primary IP is down
C. DNS server pings the destination to verify that it is available
D. responds to a request for IP address to domain name resolution to the DNS server
Explanation
An example of DNS is described below:

When you attempt to go to a domain name such as 9tut.com, your browser will instruct your computer to do a DNS lookup on that domain name. This DNS lookup
will query a DNS resolver (for example Google at 8.8.8.8). Once the resolver responds, the computer will usually choose the first IP in the response and use that for
the connection.
The most frequently used port for DNS is UDP 53 but as time progresses, DNS will reply on TCP Port 53 more heavily.
Question 39
SW1#show etherchannel
Channel-group listing:
----------------------
Group: 2
--------
Group state = L2
Ports: 1 Maxports = 8
Port-channels: 1 Max Portchannels = 1
Protocol: PAGP
A network engineer updates the existing configuration on interface fastethernet1/1 switch SW1. It must establish an EtherChannel by using the same group
designation with another vendor switch. Which configuration must be performed to complete the process?
A. interface fastethernet 1/1

channel-group 2 mode active
B. interface fastethernet 1/1
channel-group 2 mode on
C. interface port-channel 2
channel-group 2 mode auto
D. interface port-channel 2
channel-group 2 mode desirable
Question 40
What is a capability of FTP in network management operations?
A. encrypts data before sending between data resources

B. uses separate control and data connections to move files between server and client
C. offers proprietary support at the session layer when transferring data
D. devices are directly connected and use UDP to pass file information
Explanation
There are actually two ports associated with FTP: TCP 20 and 21. FTP creates a virtual connection over TCP port 21 for control information, and then it creates a
separate TCP connection on port 20 for data transfers.
Reference: Cisco Secure Internet Security Solutions Book
Question 41
Refer to the exhibit. Which path is used by the router for Internet traffic?
R1#show ip route
209.165.200.0/27 is subnetted, 1 subnets
B 209.165.200.224 [20/0] via 10.10.12.2, 00:10:34
C 10.10.10.0/28 is directly connected, GigabitEthernet0/0
C 10.10.13.0/30 [110/2] via 10.10.10.1, 00:03:34, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.11.2
Switch1#show ip route
Gateway of last resort is not set
C 10.10.13.0/24 is directly connected, VLAN20
A. 10.10.10.0/28
B. 0.0.0.0/0
C. 209.165.200.0/27
D. 10.10.13.0/24
Question 42
Which two outcomes are predictable behaviors for HSRP? (Choose two)
A. The two routed share the same IP address, and default gateway traffic is load-balanced between them
B. Each router has a different IP address both routers act as the default gateway on the LAN, and traffic is load balanced between them
C. The two routers negotiate one router as the active router and the other as the standby router
D. The two routers synchronize configurations to provide consistent packet forwarding
E. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN
Question 43
Routers R1 and R3 have the default configuration. The router R2 priority is set to 99. Which commands on R3 configure it as the DR in the 10.0.4.0/24
network?
A. R3(config)#interface Gig0/1
R3(config-if)#ip ospf priority 0
B. R3(config)#interface Gig0/0
C. R3(config)#interface Gig0/0
D. R3(config)#interface Gig0/1
Question 44
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which
configuration enables the traffic on the destination router?
A. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in
!
ip access-list standard 110
permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1
B. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
!
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
C. line vty 0 15
access-group 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22
D. line vty 0 15
access-class 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22
Explanation
When applying access-list to line vty we must use “access-class”, not “access-group”. Subnet 10.139.58.0/28 converts to wildcard mask is 10.139.58.0 0.0.0.15. And
we have to use port 22 as the destination port.
Question 45
A manager asks a network engineer to advise which cloud service models are used so employees do not have to waste their time installing, managing, and
updating software which is only used occasionally. Which cloud service model does the engineer recommend?
A. infrastructure-as-a-service
B. platform-as-a-service
C. software-as-a-service
D. business process as service to support different types of service
Explanation
Three cloud supporting services cloud providers provide to customer:
+ SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients’
side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins.
+ PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with PaaS is
a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and
cost-effective. With this technology, enterprise operations, or a third-party provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS
software itself. Developers, however, manage the applications. PaaS provides everything except applications.
+ IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or
bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on
consumption, similar to electricity or other utility billing.
Question 46
What makes Cisco DNA Center different from traditional network management applications and their management of networks?
A. It modular design allows someone to implement different versions to meet the specific needs of an organization
B. It does not support high availability of management functions when operating in cluster mode
C. It abstracts policy from the actual device configuration
D. It only supports auto-discovery of network elements in a green field deployment.
Question 47
Refer to the exhibit. A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have
been partially configured with VLANs 10, 11, 12 and 13. What is the next step in the configuration?
A. Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation
B. Add PC A to VLAN 10 and the File Server to VLAN 11 for VLAN segmentation
C. Add a router on a stick between Switch A and Switch B allowing for inter-VLAN routing
D. Add PC A to the same subnet as the File Server allowing for intra-VLAN communication
Explanation
In fact we only need to add (allow) VLAN 13 to the trunk link of Switch A. Switch B allows all VLANs by default so we don’t need to do any further configuration.
Question 48
Which configuration enables an EtherChannel to form dynamically between SW1 and SW2 by using an industry-standard protocol, and to support full IP
connectivity between all PCs?
Option A Option B
SW1# SW1#
interface Gi0/1 interface Gi0/1
switchport switchport
switchport mode trunk switchport mode trunk
channel-group 1 mode on channel-group 1 mode auto
! !
switchport mode trunk switchport mode access
channel-group 1 mode auto channel-group 1 mode active
SW2# SW2#
interface Gi0/1 interface gi0/1
channel-group 1 mode auto channel-group 1 mode desirable
! !
channel-group 1 mode on channel-group 1 mode desirable
interface port-channel 1
switchport
switchport mode trunk
Option C
SW1#
interface Gi0/1
switchport
!
interface Gi0/2
switchport
switchport mode trunk Option D
—missing config—
SW2#
interface Gi0/1
switchport
channel-group 1 mode passive
!
interface Gi0/2
switchport
channel-group 1 mode passive
A. Option A
B. Option B
C. Option C
D. Option D
Explanation
LACP is the IEEE Standard (IEEE 802.3ad) and is the most common dynamic ether-channel protocol, whereas PAgP is a Cisco proprietary protocol.
Question 49
What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received?
A. The Layer 2 switch drops the received frame

B. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning
C. The Layer 2 switch forwards the packet and adds the destination MAC address to Its MAC address table
D. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN
Explanation
If the destination MAC address is not in the CAM table (unknown destination MAC address), the switch sends the frame out all other ports that are in the same
VLAN as the received frame. This is called flooding. It does not flood the frame out the same port on which the frame was received.
Question 50
Which statement correctly compares traditional networks and controller-based networks?
A. Only traditional networks natively support centralized management

B. Only traditional networks offer a centralized control plane
C. Only controller-based networks decouple the control plane and the data plane
D. Traditional and controller-based networks abstract policies from device configurations
Explanation
Most traditional devices use a distributed architecture, in which each control plane is resided in a networking device. Therefore they need to communicate with each
other via messages to work correctly.
In contrast to distributed architecture, centralized (or controller-based) architectures centralizes the control of networking devices into one device, called SDN
controller -> Answer 'Only controller-based networks decouple the control plane and the data plane' is correct.
Question 51
Refer to exhibit. The loopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host routes
must be configured on the NEW York router? (Choose two)
Configured interfaces:
New York:
Atlanta: Washington:
S0/0/0: 2012::2/126
S0/0/0: 2012::1/126 S0/0/0: 2023::3/126
S0/0/1: 2023::2/126
Loopback1: 2000::1/128 Loopback3: 2000::3/128
Loopback2:2000::2/128
A. ipv6 route 2000::3/128 2023::3
B. ipv6 route 2000::1/128 2012::1
C. ipv6 route 2000::1/128 s0/0/1
D. ipv6 route 2000::1/128 2012::2
E. ipv6 route 2000::3/128 s0/0/0
Explanation
The short syntax of static IPv6 route is:
ipv6 route <destination-IPv6-address> {next-hop-IPv6-address | exit-interface}
Therefore if we use the destination-IPv6-address, we have to specify the IPv6 address of the remote (next-hop) router, not the local IPv6 address. If we use the exit-
interface, we have to use the local exit-interface, not remote interface.
In this question, we have to suppose that all IPv6 addresses of Atlanta ends with .1 and Washington ends with .3
Please notice that this question asks about the command used on NEW York router so answer "ipv6 route 2000::1/128 2012::1" is used to reach Atlanta router while
answer "ipv6 route 2000::3/128 2023::3" is used to reach Washington router.
Question 52
Which CRUD operation modifies an existing table or view?
A. replace
B. update
C. read
D. create
Explanation
CRUD is short for CREATE, READ, UPDATE and DELETE operations. Only UPDATE operation modifies an existing table or view.
Question 53
An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence must be configured?
A. interface gigabitethernet0/0
ip address 10.0.1.1 255.255.255.0
ip ospf priority 255
B. interface gigabitethernet0/0
ip address 10.0.0.34 255.255.255.224
ip ospf priority 100
C. interface gigabitethernet0/0
ip address 10.0.1.1 255.255.255.224
ip ospf priority 98
D. interface gigabitethernet0/0
ip address 10.0.0.34 255.255.255.248
ip ospf priority 0
Explanation
The OSPF priority of R1 is 99 so we have to set the OSPF priority to a higher value. Also the IP address must be 10.0.0.34/27.
Question 54
Which syslog severity level is considered the most severe and results in the system being considered unusable?
A. Alert
B. Error
C. Critical
D. Emergency
Explanation
The Syslog levels are:
Level Keyword Description

0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages
Question 55
What is an expected outcome when network management automation is deployed?
A. Complexity increases when new device configurations are added

B. Software upgrades are performed from a central controller
C. Custom applications are needed to configure network devices
D. A distributed management plane must be used.
Question 56
An administrator must turn off the Cisco Discovery Protocol on the port configured with last usable address in the 10.0.0.0/30 subnet. Which command set
meets the requirement?
A. interface gi0/1
no cdp enable
B. interface gi0/0
no cdp run
C. interface gi0/0
no cdp advertise-v2
D. interface gi0/1
clear cdp table
Explanation
In order to disable CDP on an interface, we have to use the "no cdp enable" under interface mode.
Note: "no cdp run" is a global configuration command.
Question 57
A newly configured PC fails to connect to the internet using TCP port 80 to www.cisco.com. Which setting must be modified for the connection to work?
A. Default Gateway
B. DNS Servers
C. Subnet Mask
D. DHCP Server
Explanation
We see this PC has been assigned an IP address 10.2.2.2, Default Gateway 10.2.2.1, DNS Server 8.8.8.8 but its subnet mask is 255.255.255.192 (or /26) which is
different from the subnet mask of its default gateway so this is the issue.
Question 58
Drag and drop the statements about device management from the left onto the corresponding device-management types on the right.
Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 136245 (which means
136 for first group, 245 for second group).Please type your answer here: 52525 (correct answer: 346125)
Question 59
What are two characteristics of a public cloud implementation? (Choose two)
A. It enables an organization to fully customize how it deploys network resources

B. It is owned and maintained by one party, but it is shared among multiple organizations
C. It is a data center on the public Internet that maintains cloud services for only one company
D. It supports network resources from a centralized third-party provider and privately-owned virtual resources
E. It provides services that are accessed over the Internet
Explanation
Public clouds are managed by a third-party cloud provider. Public cloud computing resources are shared among multiple customers, unlike private clouds.
Question 60
Refer to the exhibit. Which prefix does Router 1 use for traffic to Host A?
Router1#show ip route
209.165.200.0/27 is sudnetted, 1 subnets

B 209.165.200.224 [20/0] via 10.10.12.2, 03:03:03
209.165.201.0/27 is sudnetted, 1 subnets
B 209.165.201.0 [20/0] via 10.10.12.2, 03:03:03
209.165.202.0/27 is subnetted, 1 subnets
B 209.165.202.128 [20/0] via 10.10.12.2, 03:03:03
O 10.10.13.0/25 [110/2] via 10.10.10.1, 00:00:03, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.11.2
A. 10.10.13.0/25
B. 10.10.13.208/29
C. 10.10.13.144/28
D. 10.10.10.0/28
Explanation
The prefix with “longest prefix” will be matched first, in this case is “/29”.
Question 61
Drag and drop the AAA terms from the left onto the description on the right.
tracks activity accounting

verifies access rights authorization
updates session attributes CoA
verifies identity authentication
Explanation
+ tracks activity: accounting

+ verifies access rights: authorization
+ updates session attributes: CoA
+ verifies identity: authentication
AAA stands for Authentication, Authorization and Accounting.
+ Authentication: Specify who you are (usually via login username & password)
+ Authorization: Specify what actions you can do, what resource you can access
+ Accounting: Monitor what you do, how long you do it (can be used for billing and auditing)
RADIUS CoA (Change of Authorization) is a feature that allows a RADIUS server to adjust an active client session.
Question 62
A network engineer must configured communication between PC A and the File Server. To prevent interruption for any other communications, which
command must be configured?
A. Switchport trunk allowed vlan remove 10-11
B. Switch trunk allowed vlan 12
C. Switchport trunk allowed vlan none
D. Switchport trunk allowed vlan add 13
Explanation
Switch A does not allow VLAN 13 to go through so we must add VLAN 13 to the allowed list of interface Gi0/1 of SwitchA by the command “switchport trunk
allowed vlan add 13”.
Question 63
What is a characteristic of private IPv4 addressing?
A. complies with PCI regulations

B. provides an added level of protection against internet threats
C. enables secure connectivity over the internet
D. is used on internal hosts that stream data solely to external resources
Explanation
By using private IPv4 addressing, an Internet threats cannot reach the internal hosts directly, thus it provides an additional level of protection against Internet threats.
Question 64
Which enhancement is implemented in WPA3?
A. protects against brute force attacks

B. uses TKIP
C. employs PKI to identify access points
D. applies 802.1x authentication
Explanation
Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable
to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3,
the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves
security of the initial key exchange and offers better protection against offline dictionary-based attacks.
Reference: https://www.webtitan.com/blog/wpa3-wifi-security-enhancements-will-not-block-all-threats/
Question 65
Which command can you enter to allow Telnet to be supported in addition to SSH?
A. transport input telnet ssh

B. no transport input telnet
C. privilege level 15
D. transport input telnet
Question 66
Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting. What
service or technology would support this requirement?
A. Cisco ACI
B. APIC-EM
C. cloud services
D. data center
Question 67
Which QoS feature drops traffic that exceeds the committed access rate?
A. policing
B. shaping
C. weighted fair queuing
D. FIFO
Explanation
Policing: is used to control the rate of traffic flowing across an interface. During a bandwidth exceed (crossed the maximum configured rate), the excess traffic is
generally dropped or remarked.
Question 68
What are two southbound APIs? (Choose two)
A. CORBA
B. NETCONF
C. DSC
D. Thrift
E. Open Flow
Explanation
OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should interact with the forwarding plane to make adjustments to the
network, so it can better adapt to changing business requirements.
The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install, manipulate and delete configuration to network devices.
Other southbound APIs are:

+ onePK: a Cisco proprietary SBI to inspect or modify the network element configuration without hardware upgrades.
+ OpFlex: an open-standard, distributed control system. It send “summary policy” to network elements.
Question 69
An engineer must configure interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken?
A. configure ISL
B. configure IEEE 802.1p
C. configure IEEE 802.1q
D. configure DSCP
Explanation
IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. When a frame enters the VLAN-aware portion of the network
(a trunk link, for example), a VLAN ID tag is added to represent the VLAN membership of that frame. The picture below shows how VLAN tag is added and
removed while going through the network.
Question 70
When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)
A. 2000::/3
B. FF02::1
C. FC00::/7
D. FF02::2
E. 2002::5
Explanation
When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all-
node group is used to communicate with all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer address resolution. Routers
also join a third multicast group, the all-routers group (FF02::2).
Question 71
Drag the descriptions of device management from the left onto the types of device management on the right.
Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 136245 (which means 136
Question 72
When using Rapid PVST+, which command guarantees the switch is always the root bridge for VLAN 200?
A. spanning-tree vlan 200 priority 0

B. spanning-tree vlan 200 priority 38572422
C. spanning-tree vlan 200 root primary
D. spanning-tree vlan 200 priority 614440
Question 73
What are two differences between optical-fiber cabling and copper cabling? (Choose two)
A. The data can pass through the cladding

B. Fiber connects to physical interfaces using RJ-45 connections
C. A BNC connector is used for fiber connections
D. The glass core component is encased in a cladding
E. Light is transmitted through the core of the fiber
Explanation
The two main elements of an optical fiber are its core and cladding. The “core”, or the axial part of the optical fiber made of silica glass, is the light transmission area
of the fiber. It may sometimes be treated with a “doping” element to change its refractive index and therefore the velocity of light down the fiber.
The “cladding” is the layer completely surrounding the core.
Reference: https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/transceiver-modules/white_paper_c11-463661.html
Question 74
Which level of severity must be set to get informational syslogs?
A. debug
B. notice
C. alert
D. critical
Explanation
The Syslog levels are:
Level Keyword Description

0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages
If you specify a level, that level and all the higher levels will be displayed. Therefore in order to receive informational syslog we must set to level 6 or level 7.
Question 75
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two)
A. Enable the Cisco Discovery Protocol

B. Configure the port type as access and place in VLAN 99
C. Configure the ports as trunk ports
D. Administratively shut down the ports
E. Configure the ports in an EtherChannel
Question 76
SW1#show run
Building configuration...
!
hostname SW1
!
ip domain-name test
!
username CCNA privilege 1 password 0 ciscol23
!
interface FastEthernet0/1
switchport access vlan 10
!
interface Vlan10
ip address 192.168.1.2 255.255.255.0
!
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet
SW1#show crypto key mypubkey rsa

% Key pair was generated at: 0:1:23 UTC Mar 1 2021
Key name: SW1.test
An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote configuration. Which two commands or
command sequences must the engineer apply to the switch? (Choose two)
A. SW1(config)# crypto key generate rsa

B. SW1(config)# username NEW secret R3mote123
C. SW1(config)#line vty 0 15
SW1(config-line)#transport input ssh
D. SW1(config)#enable secret ccnaTest123
E. SW1(config)# interface f0/1
SW1(config-if)# switch port mode trunk
Explanation
"encrypted remote configuration" -> configure SSH.
On VTY lines we configured "login local" command which means that authentication uses locally configured credentials using the "username ... secret ..." command
or "username ... password ..." command. In this question we already had the latter so we don't need to configure the former -> Answer "SW1(config)# username
NEW secret R3mote123" is not correct.
From the "show crypto key mypubkey rsa", "Key pair was generated" we learned that the command "crypto key generate rsa" has been issued to create the key ->
Answer "SW1(config)# crypto key generate rsa" is not correct.
One interesting of SSH is we need to configure an "enable secret" password or we cannot login to the device. We tested it with IOU Web IOSv15.4 with the
configuration above and see this result:
We also created the "NEW" username with command "username NEW secret R3mote123" and received the same result:
-> Answer "SW1(config)#enable secret ccnaTest123" is correct.
Question 77
Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the right
Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order. For example: 136245 (which means
136 for first group, 245 for second group).
Explanation
Answer:
TCP:
+ SMTP
+ HTTP
+ Telnet
UDP:
+ DNS
+ SNMP
+ RTP
Question 78
An engineer is configuring a new Cisco switch NewSW, to replace SW2. The details have been provided:
* Switches SW1 and SW2 are third-party devices without support for trunk ports
* The existing connections must be maintained between PC1 PC2 and PC3
* Allow the switch to pass traffic from future VLAN 10. Which configuration must be applied?
Option A Option B
NewSW(config)#interface f0/0 NewSW(config)#interface f0/0

NewSW(config-if)#switchport mode trunk NewSW(config-if)#switchport mode trunk
NewSW(config-if)#switchport trunk allowed vlan 2,10 NewSW(config-if)#switchport trunk allowed vlan 10
NewSW(config-if)#switchport trunk native vlan 2 NewSW(config-if)#switchport trunk native vlan 10
Option C Option D
NewSW(config)#interface f0/0 NewSW(config)#interface f0/0
NewSW(config-if)#switchport mode access NewSW(config-if)#switchport mode access
NewSW(config-if)#switchport trunk allowed vlan 2,10 NewSW(config-if)#switchport trunk allowed vlan 2,10
NewSW(config-if)#switchport trunk native vlan 10 NewSW(config-if)#switchport trunk native vlan 2
A. Option A
B. Option B
C. Option C
D. Option D
Explanation
We can configure trunking on the NewSW and set the native VLAN to the access VLAN 2 of SW1 so that untagged frames received from SW1 will be placed into
VLAN 2.
Question 79
A client experiences slow throughput from a server that is directly connected to the core switch in a data center. A network engineer finds minimal latency
on connections to the server, but data transfers are unreliable, and the output of the show interfaces counters errors command shows a high FCS-Err count
on the interface that is connected to the server. What is the cause of the throughput issue?
A. high bandwidth usage

B. a speed mismatch
C. a cable that is too long
D. a physical cable fault
Explanation
Frame Check Sequence Errors: The number of frame check sequence errors during the latest collection interval. Frame check sequence (FCS) errors indicate that
frames of data are being corrupted during transmission. FCS error count is the number of frames that were transmitted or received with a bad checksum (CRC value)
in the Ethernet frame.
Reference: https://www.ibm.com/docs/en/omegamon-networks/5.5.0?topic=attributes-kn3-osa-express5s-ports-errors
FCS is a checksum error, this is highly likely to be a physical layer issue.
Answer 'a cable that is too long' is not correct as the latency on long cable is high.
Question 80
Which set of action satisfy the requirement for multi-factor authentication?
A. The user swipes a key fob, then clicks through an email link
B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device
C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
D. The user enters a user name and password and then re-enters the credentials on a second screen
Explanation
This is an example of how two-factor authentication (2FA) works:
1. The user logs in to the website or service with their username and password.
2. The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor.
3. The authentication server sends a unique code to the user’s second-factor method (such as a smartphone app).
4. The user confirms their identity by providing the additional authentication for their second-factor method.
Question 81
How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap?
A. It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points
B. It segregates devices from different manufacturers onto different channels.
C. It analyzes client load and background noise and dynamically assigns a channel.
D. It allows the administrator to assign channels on a per-device or per-interface basis.
Question 82
An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the management network must be blocked
from pinging the default gateway of the new server. Which command must be configured on R1 to complete the task?
A. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.5
B. R1(config)#ip route 172.16.2.2 255.255.255.248 gi0/1
C. R1(config)#ip route 172.16.2.2 255.255.255.255 gi0/0
D. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.15
Explanation
By only configuring static route to the host New Server, we also don’t allow PC1 & PC2 ping to R2 Gi0/0 (default gateway of New Server).
Question 83
Refer to exhibit. How does SW2 interact with other switches in this VTP domain?
SW2
vtp domain cisco
vtp mode transparent
vtp password test
interface fastethernet0/1
description connection to SW1
switchport trunk encapsulation dot1q
A. It forwards only the VTP advertisements that it receives on its trunk ports
B. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports
C. It processes VTP updates from any VTP clients on the network on its access ports
D. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports
Explanation
The VTP mode of SW2 is transparent so it only forwards the VTP updates it receives to its trunk links without processing them.
Question 84
What is the expected outcome when an EUI-64 address is generated?
A. The characters FE80 are inserted at the beginning of the MAC address of the interface
B. The interface ID is configured as a random 64-bit value
C. The MAC address of the interface is used as the interface ID without modification
D. The seventh bit of the original MAC address of the interface is inverted
Explanation
The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The MAC address is first separated into two 24-bits, with one being OUI
(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address.
IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the an EUI-48 MAC address -> Answer 'The characters FE80 are
inserted at the beginning of the MAC address of the interface' and answer 'The MAC address of the interface is used as the interface ID without modification' are not
correct.
Let’s take an example of the MAC address of C601.420F.0007. This MAC address is divided into two 24-bit parts, which are “C60142” (OUI) and “0F0007” (NIC).
Then “FFFE” is inserted in the middle. Therefore we have the address: C601.42FF.FE0F.0007.
Then, according to the RFC 3513 we need to invert the Universal/Local bit (“U/L” bit) in the 7th position of the first octet. The “u” bit is set to 1 to indicate
Universal, and it is set to zero (0) to indicate local scope. In this case we don’t need to set this bit to 1 because it is already 1 (C6 = 11000110).
Therefore with the subnet of 2001:DB8:0:1::/64, the full IPv6 address is 2001:DB8:0:1:C601:42FF:FE0F:7/64
Question 85
What is recommended for the wireless infrastructure design of an organization?
A. configure the first three access points are configured to use channels 1, 6, and 11
B. assign physically adjacent access points to the same Wi-Fi channel
C. group access points together to increase throughput on a given channel
D. include a least two access points on nonoverlapping channels to support load balancing
Explanation
The 2.4 GHz band is subdivided into multiple channels each allotted 22 MHz bandwidth and separated from the next channel by 5 MHz.
-> A best practice for 802.11b/g/n WLANs requiring multiple APs is to use non-overlapping channels such as 1, 6, and 11.
If you use channels that overlap, RF interference can occur.
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-connectivity.html
Question 86
An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1
The route must be reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?
A. R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0

B. R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
C. R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
D. R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
Question 87
What does WPA3 provide in wireless networking?
A. safeguards against brute force attacks with SAE

B. increased security and requirement of a complex configuration
C. optional Protected Management Frame negotiation
D. backward compatibility with WPA and WPA2
Explanation
WPA3 only backwards compatible with WPA2 but not WPA -> Answer 'backward compatibility with WPA and WPA2' is not correct.
WPA3 increases security but not require a complex configuration -> Answer 'increased security and requirement of a complex configuration' is not correct.
Simultaneous Authentication of Equals (SAE): SAE provides a more secure, password-based authentication and key agreement mechanism even when passwords
are not following complexity requirements. It protects from brute-force attacks and makes unwanted decrypting of sessions (during or after the session) a lot harder –
just knowing the passphrase isn’t enough to decrypt the session -> Answer 'safeguards against brute force attacks with SAE' is correct.
Reference: https://www.mist.com/wpa3-just-the-essentials-on-the-latest-in-wi-fi-security/
Question 88
What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two)
A. Both support runs of up to 55 meters.

B. Both support speeds of at least 1 Gigabit.
C. Both support speeds up to 10 Gigabit.
D. Both support runs of up to 100 meters.
E. Both operate at a frequency of 500 MHz.
Question 89
An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network. Which feature must be enabled and configured to prevent
connection issues with the printer?
A. client exclusion
B. passive client
C. DHCP address assignment
D. static IP tunneling
Explanation
Passive clients are wireless devices, such as scales and printers that are configured with a static IP address. These clients do not transmit any IP information such as
IP address, subnet mask, and gateway information when they associate with an access point. As a result, when passive clients are used, the controller never knows
the IP address unless they use the DHCP.
Since the wireless controller does not have any IP related information about passive clients, it cannot respond to any ARP requests. The current behavior does not
allow the transfer of ARP requests to passive clients. Any application that tries to access a passive client will fail.
The passive client feature enables the ARP requests and responses to be exchanged between wired and wireless clients. This feature when enabled, allows the
controller to pass ARP requests from wired to wireless clients until the desired wireless client gets to the RUN state.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_01100000.pdf
Question 90
An engineer is configuring an EtherChannel using LACP between Switches 1 and 2. Which configuration must be applied so that only Switch 1 sends
LACP initiation packets?
A. Switch1(config-if)#channel-group 1 mode active

Switch2(config-if)#channel-group 1 mode passive
B. Switch1(config-if)#channel-group 1 mode passive
Switch2(config-if)#channel-group 1 mode active
C. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode active
D. Switch1(config-if)#channel-group 1 mode on
Switch2(config-if)#channel-group 1 mode passive
Question 91
SiteA#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is aabb.cc00.0100 (bia aabb.cc00.0100)
Description: Connection to SiteB
Internet address is 10.10.10.1/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 166/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
SiteB#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Hardware is BUILT-IN-EPA-8x10G, address is 0000.0c00.750c (bia 0000.0c00.750c)
Description: Connection to SiteA
Internet address is 10.10.10.2/30
MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent connectivity issues with applications hosted
at SiteB. What is the cause of the intermittent connectivity issue?
A. High usage is causing high latency

B. An incorrect SFP media type was used at SiteA
C. Interface errors are incrementing
D. The sites were connected with the wrong cable type
Explanation
The txload and rxload on both sites are 1/255 so the interfaces are not busy in transmitting and receiving traffic. But the reliability on SiteA is only 166/255 which
indicates input and output errors increase. Reliability is calculated by this formula: reliability = number of packets / number of total frames.
Question 92
Which resource is able to be shared among virtual machines deployed on the same physical server?
A. disk
B. operating system
C. applications
D. VM configuration file
Question 93
An engineer has configured the domain name, user name, and password on the local router. What is the next step to complete the configuration for a
Secure Shell access RSA key?
A. crypto key pubkey-chain rsa
B. crypto key zeroize rsa
C. crypto key import rsa pem
D. crypto key generate rsa
Explanation
Steps to configure SSH:

1. Configure the router hostname using command “hostname”.
2. Configure the domain name using command “ip domain-name”.
3. Generate public and private keys using command “crypto key generate rsa”.
4. Create a user in the local database using command “username…secret”.
5. Allow only SSH access on VTY lines using command “transport input ssh”.
Reference: https://ipwithease.com/how-to-configure-ssh-version-2-on-cisco-router/
Question 94
Drag and drop the AAA features from the left onto the corresponding AAA security services on the right. Not all options are used
Explanation
Answer:
Authentication
+ It leverages a RADIUS server to grant user access to a reverse Telnet session
+ It verifies the user before granting access to the device
Authorization
+ It enables the device to allow user- or group-based access
+ It restricts the CLI commands that a user is able to perform
Explanation
The two unused options “It records the amount of time for which a user accesses the network on a remote server” and “It uses TACACS+ to log the configuration
commands entered by a network administrator” are Accounting features.
To use RADIUS server to allow a reverse Telnet session we have to use such command “aaa authentication login reverse-access group radius”.
Note: Reverse telnet allows you to telnet to a device then from that device connect to the console of another device.
Question 95
The entire contents of the MAC address table are shown. Sales-4 sends a data frame to Sales-1. What does the switch do as it receives the frame from Sales-
4?
A. Perform a lookup in the MAC address table and discard the frame due to a missing entry
B. Map the Layer 2 MAC address to the Layer 3 IP address and forward the frame
C. Flood the frame out of all ports except on the port where Sales-1 is connected
D. Insert the source MAC address and port into the forwarding table and forward the frame to Sales-1
Explanation
The Sales-1 information was already learned by the switch so it just forwards the frames to Sales-1. The switch also learns the information of Sales-4 because this is
the first time this host communicates to other hosts.
Question 96
What is a benefit of VRRP?
A. It provides traffic load balancing to destinations that are more than two hops from the source.
B. It provides the default gateway redundancy on a LAN using two or more routers.
C. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.
D. It allows neighbors to share routing table information between each other.
Question 97
An engineer must configure R1 for a new user account. The account must meet these requirements:
* It must be configured in the local database.
* The username is engineer2
* It must use the strongest password configurable.
Which command must the engineer configure on the router?
A. R1(config)# username engineer2 secret 4 $1Sb1Ju$kZbBSlFyh4QxwXyZ

B. R1(config)# username engineer2 privilege 1 password 7 test2021
C. R1(config)# username engineer2 algorithm-type scrypt secret test2021
D. R1(config)# username engineer2 secret 5 password $1$bUu$kZbBS1Pyh4QzwXyZ
Explanation
Secret type 4 was determined to have a flaw and was removed in later versions of iOS. Type 4 Passwords should never be used!
Secret type 5 uses MD5 which is not secured.
Secret type 9 – Scrypt and PBKDF2 (which can be used with “algorithm-type sha256”, but it is just a small part of a much larger crypto algorithm) are much slower
to compute and take longer to brute force. Currently it is the strongest password configurable in Cisco devices.
Question 98
Which port type does a lightweight AP use to connect to the wired network when it is configured in local mode?
A. trunk
B. access
C. EtherChannel
D. LAG
Explanation
Trunk mode is only required when using FlexConnect mode or when using an autonomous AP that has multiple SSIDs assigned to multiple VLANs.
Question 99
Entry #
1 192.168.10.0 255.255.254.0
2 192.168.10.0 255.255.255.192
3 192.168.10.0 255.255.0.0
4 192.168.10.0 255.255.224.0
Which entry is the longest prefix match for host IP address 192.168.10.5?
A. 2
B. 3
C. 4
D. 1
Question 100
Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.
Explanation
An autonomous AP is a self-contained device with both wired and wireless hardware so that it can bridge to the wired VLAN infrastructure wireless clients that
belong to SSIDs. Each autonomous AP must be configured with a management IP address so that it can be remotely accessed using Telnet, SSH, or a web interface.
Each AP must be individually managed and maintained unless you use a management platform such as Cisco DNA Center.
Reference: https://www.ciscopress.com/articles/article.asp?p=2999384&seqNum=5
Question 101
Which statement about Link Aggregation when implemented on a Cisco Wireless LAN Controller is true?
A. To pass client traffic two or more ports must be configured

B. When enabled the WLC bandwidth drops to 500 Mbps
C. The EtherChannel must be configured in “mode active”
D. One functional physical port is needed to pass client traffic
Explanation
Link aggregation (LAG) is a partial implementation of the 802.3ad port aggregation standard. It bundles all of the controller’s distribution system ports into a single
802.3ad port channel.
Restriction for Link aggregation:
+ LAG requires the EtherChannel to be configured for ‘mode on’ on both the controller and the Catalyst switch -> Answer 'The EtherChannel must be configured in
“mode active”' is not correct.
+ If the recommended load-balancing method cannot be configured on the Catalyst switch, then configure the LAG connection as a single member link or disable
LAG on the controller -> Answer 'To pass client traffic two or more ports must be configured' is not correct while answer 'One functional physical port is needed to
pass client traffic' is correct.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0100010.html
Question 102
What is the difference between IPv6 unicast and anycast addressing?
A. IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration
B. IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration
C. An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of
interfaces on multiple nodes.
D. Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes
Comments (17)
1. ahmed
May 16th, 2020
tnk you
2. JC
May 24th, 2020
Hi, in the question about Drag and drop the networking parameters from the left on to the correct values on the right with connection oriented and connection
less, I put as a connection oriented SMTP, SSH and FTP and connectionless SNMP, VoIP and TFTP, I think its the correct answer but you put as I failed, could
you check it please?
3. op
May 27th, 2020
Hi,
Question 63
Drag and drop the networking parameters from the left on to the correct values on the right.
Connection_Oriented_Connectionless.jpg
Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 136245 (which means 136 for
first group, 245 for second group)
Please type your answer here: 156234 Wrong
What is the correct answer?

4. 9tut
May 27th, 2020
@op, @JC: Thanks for your detection, there was an error with Q.63. We have just updated it so please try again!
5. op
May 28th, 2020
Question 50
Drag and drop the application protocols from the left onto the suitable transport protocols on the right.
TCP_UDP_Protocols_2.jpg
Please type the corresponding numbers of each item on the left to the blank below and arrange them ascendingly. For example: 136245 (which means 136 for
first group, 245 for second group)
Please type your answer here: 156234 Wrong
Sorry, Still no change !
6. op
May 28th, 2020
Sorry, Q63 is ok now.
But Q50 (they are not same) seems to be wrong too.

SMTP, FTP, SSH uses TCP while SNMP, DHCP, TFTP uses UDP .
Am I correct?
7. 9tut
May 28th, 2020
@op: Thanks for your information, we updated Q50 too!
8. op
May 28th, 2020
Thanks.
9. op
June 1st, 2020
Question 72
Refer to the exhibit. If the network environment is operating normally, which type of device must be connected to interface FastEthernet 0/1?
ip arp inspection vlan 2-10

interface fastethernet 0/1
ip arp inspection trust
A. access point
B. DHCP client
C. routercorrect
D. PC
Is this answer correct?

Before I did the same question, PC was correct.
10. 9tut
June 1st, 2020
@op: We have just updated this question. Answer “C. router” is correct.
11. op
June 1st, 2020
Can you pl give some explanation?
12. op
June 3rd, 2020
Question 82
Refer to the exhibit. What configuration on R1 denies SSH access from PC-1 to any R1 interface and allows all other traffic?
access_list_ssh.jpg
A. access-list 100 deny tcp host 172.16.1.33 any eq 23

access-list 100 permit ip any any
line vty 0 15
access-class 100 in
B. access-list 100 deny tcp host 172.16.1.33 any eq 22
interface GigabitEthernet0/0
wrong
C. access-list 100 deny tcp host 172.16.1.33 any eq 22
correct
D. line vty 0 15
access-class 100 in
access-list 100 deny tcp host 172.16.1.33 any eq 23
interface GigabitEthernet0/0
Is this correct?
13. Pawel
June 3rd, 2020
@9tut
There is something wrong with 102q test – I had only 1 mistake but score was only 93% – some of the correct answers doesn’t count or something. (I think the
new ones because I didn’t had any problem before update)
14. JH
June 5th, 2020
@op: yes it is.

Extendend Access List , Port 22 is SSH : So it only blocks SSH traffic witch is tcp from PC-1 with IP 172.16.1.33
15. TheMattMeister
June 6th, 2020
Hey all,
just passed exam with a 963/1000! if you can knock out the 102 composite quiz with an A several times (i think i ended up running through it 10 times), i’m
sure you can pass this test. With the exception of a few questions that i’ve either just seen less or were just new, the test is identical.
good luck!
16. Mah
June 6th, 2020
Hi @9tut,
Im sorry to ask, can you kindly explain Q13 I think the answer is 10.4.4.4 which is C Please?
Why ia the answer is D?
17. 9tut
June 7th, 2020
@Mah: Could you please post that question here as the questions in the Composite Quizzes are shuffled each time you take the quiz?
Comments are closed.
Composite Quiz 20 Questions CCNAv7 (2020) – New Questions Part 2 Question 38 to 43
Premium Member Zone

Welcome Ulrich AGBIMADOU!
Welcome Premium Member

CCNA – New Questions Part 5
Composite Quizzes
IP Services Sim
IP Services Sim Version 2
Static Routing Configuration Sim
Static Routing Configuration Sim 2
OSPF Configuration Sim
LACP Configuration Sim
Voice VLAN Configuration Sim
VLAN and Trunking Configuration Sim
IPv4 and IPv6 Connectivity Sim
Named Access-list & Port Security Sim
Named Access-list & DHCP Snooping Sim
Logout
CCNA 200-301
Basic Questions
Topology Architecture Questions
Cloud & Virtualization Questions
CDP & LLDP Questions
Switch Questions
VLAN & Trunking Questions
VLAN & Trunking Questions 2
STP & VTP Questions
EtherChannel Questions
TCP & UDP Questions
IP Address & Subnetting Questions
IP Routing Questions
IP Routing Questions 2
OSPF Questions
OSPF Questions 2
EIGRP Questions
NAT Questions
NTP Questions
Syslog Questions
HSRP Questions
Access-list Questions
AAA Questions
Security Questions
Security Questions 2
DAI Questions
IPv6 Questions
DNS Questions
QoS Questions
Port Security Questions
Wireless Questions
Wireless Questions 2
SDN Questions
DNA Center Questions
Drag Drop Questions
Drag Drop Questions 2
Drag Drop Questions 3
VPN Questions
DHCP Questions
Automation Questions
Miscellaneous Questions
CCNA FAQs & Tips
Share your CCNA Experience
CCNA Self-Study
Practice CCNA GNS3 Labs
CCNA Knowledge
CCNA Lab Challenges
Puppet Tutorial
Chef Tutorial
Ansible Tutorial
JSON Tutorial
Layer 2 Threats and Security Features
AAA TACACS+ and RADIUS Tutorial
STP Root Port Election Tutorial
GRE Tunnel Tutorial
Basic MPLS Tutorial
TCP and UDP Tutorial
Border Gateway Protocol BGP Tutorial
Point to Point Protocol (PPP) Tutorial
WAN Tutorial
DHCP Tutorial
Simple Network Management Protocol SNMP Tutorial
Syslog Tutorial
Gateway Load Balancing Protocol GLBP Tutorial
EtherChannel Tutorial
Hot Standby Router Protocol HSRP Tutorial
InterVLAN Routing Tutorial
Cisco Command Line Interface CLI
Cisco Router Boot Sequence Tutorial
OSI Model Tutorial
Subnetting Tutorial – Subnetting Made Easy
Frame Relay Tutorial
Wireless Tutorial
Virtual Local Area Network VLAN Tutorial
VLAN Trunking Protocol VTP Tutorial
IPv6 Tutorial
Rapid Spanning Tree Protocol RSTP Tutorial
Spanning Tree Protocol STP Tutorial
Network Address Translation NAT Tutorial
Access List Tutorial
RIP Tutorial
EIGRP Tutorial
OSPF Tutorial
Network Resources
Free Router Simulators
CCNA Website
ENCOR Website
ENSDWI Website
ENARSI Website
DevNet Website
CCIE R&S Website
Security Website
Wireless Website
Design Website
Data Center Website
Service Provider Website
Collaboration Website
Top
Copyright © 2021 CCNA Training

Site Privacy Policy. Valid XHTML 1.1 and CSS 3.H

Composite Quiz 102 Questions: Type Text To Search Here..

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Composite Quiz 102 Questions: Type Text To Search Here..

Uploaded by

Copyright:

Available Formats

04/08/2023 18:44 CCNA Training » Composite Quiz 102 Questions

Type text to search here...

Composite Quiz 102 Questions

Result of Composite Quiz 102 Questions:

You failed :( but surely you will do it better next time!

Your answers are shown below:

Refer to the exhibit.

A. statically assigned route

What is a function of Layer 3 switches?

A. They move frames between endpoints limited to IP addresses.

Refer to the exhibit.

R1#show ip ospf interface g0/0/0

R2#show ip ospf interface g0/0/0

Refer to the exhibit.

A. Enable the Wi-Fi Direct Clients Policy option.

Please type your answer here: 34512 (correct answer: 14523)

Which option best describes an API?

A. a stateless client-server model

Which device permits or denies network traffic based on a set of rules?

A. The link is becomes an access port

A. err-disabled port on the far end

Refer to the exhibit.

Gateway of last resort is 192.168.14.4 to network 0.0.0.0

C 172.16.1.128/25 is directly connected, GigabitEthernet1/1/0

What is a syslog facility?

What is a function of the Cisco DNA Center Overall Health Dashboard?

Which WPA mode uses PSK authentication?

A. An ICMP connection has been built

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

When deploying syslog, which severity level logs informational message?

Which network plane is centralized and manages routing decisions?

Refer to the exhibit.

The short syntax of static IPv6 route is:

ipv6 route <destination-IPv6-address> {next-hop-IPv6-address | exit-interface}

What is the purpose of classifying network traffic in QoS?

A. identifies the type of traffic that will receive a particular treatment

2001:db8:600d:cafe::123 Link-Local unicast

Below is an example of the “show standby” command:

A. ip route 0.0.0.0 0.0.0.0 10.200.0.2

What is a practice that protects a network from VLAN hopping attacks?

A. Configure an ACL to prevent traffic from changing VLANs

Refer to the exhibit.

A. ip route 172.21.34.0 255.255.128.0 10.73.65.64

A. The router chooses the route with the oldest age.

Please type your answer here: 2413 (correct answer: 2314)

Which function does an SNMP agent perform?

A. modular design that is upgradable as needed

enables DNS lookup on an individual interface ip domain name

+ enables DNS lookup on an individual interface: ip domain lookup source-interface

What is a DNS lookup operation?

A. serves requests over destination port 53

An example of DNS is described below:

Refer to the exhibit.

A. interface fastethernet 1/1

What is a capability of FTP in network management operations?

A. encrypts data before sending between data resources

Reference: Cisco Secure Internet Security Solutions Book

Refer to the exhibit.

Three cloud supporting services cloud providers provide to customer:

Refer to the exhibit.

A. The Layer 2 switch drops the received frame

Which statement correctly compares traditional networks and controller-based networks?