Cisco 200-301 Cisco Certified Network Associate Exam Practice Test

forwards traffic to the next hop

constructs a routing table based on a routing protocol

provides CLI access to the network device

looks up an egress interface in the forwarding information base

Option A

Option B

Option C

Option D

WLAN dynamic

management

trunk

access

weighted random early detection

traffic policing

traffic shaping

traffic prioritization

R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1

R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

R1(config>#ip route 172.16.2.0 255.255.255.0 192.168.1.15

R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5

ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernetl/0

ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked

ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating

ip route 0.0.0.0 0.0.0.0 192.168.0.2

Option A

Option B

Option C

Option D

Option E

ip route 172.21.34.0 255.255.255.192 10.73.65.65

ip route 172.21.34.0 255.255.255.0 10.73.65.65

ip route 172.21.34.0 255.255.128.0 10.73.65.64

ip route 172.21.34.0 255.255.255.128 10.73.65.66

dynamic

static

active

auto

preshared key that authenticates connections

RSA token

CA that grants certificates

clear-text password that authenticates connections

one or more CRLs

authorized services

authenticator

username

password

Select the WPA Policy option with the CCKM option.

Disable AES encryption.

Enable Fast Transition and select the FT 802.1x option.

Enable Fast Transition and select the FT PSK option.

heavy traffic congestion

a duplex incompatibility

a speed conflict

queuing drops

Option A

Option B

Option C

Option D

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

The controller must be rebooted after enabling or reconfiguring LAG.

The management interface must be reassigned if LAG disabled.

Multiple untagged interfaces on the same port must be supported.

Configure the OSPF priority on router A with the lowest value between the three routers.

Configure router B and router C as OSPF neighbors of router A.

Configure the router A interfaces with the highest OSPF priority value within the area.

Configure router A with a fixed OSPF router ID

interface vlan 1234ip address 10.70.159.1 255.255.254.0

interface vlan 1148ip address 10.70.148.1 255.255.254.0

interface vlan 4722ip address 10.70.133.17 255.255.255.192

interface vlan 3002ip address 10.70.147.17 255.255.255.224

interface vlan 155ip address 10.70.155.65 255.255.255.224

offer compression

increase security by using a WEP connection

provide authentication

protect traffic on open networks

Modify the configured number of the second access list.

Add either the ip nat {inside|outside} command under both interfaces.

Remove the overload keyword from the ip nat inside source command.

Change the ip nat inside source command to use interface GigabitEthernet0/0.

lt requires multiple links between core switches

It generates one spanning-tree instance for each VLAN

It maps multiple VLANs into the same spanning-tree instance

It uses multiple active paths between end stations.

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf network broadcast

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf network point-to-point

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf cost 0

router ospf 1network 192.168.1.1 0.0.0.0 area 0hello interval 15interface e1/1Ip address 192.168.1.1 255.255.255.252

password password

crypto key generate rsa modulus 1024

ip domain-name domain

ip ssh authentication-retries 2

Configure the ip dhcp relay information command under interface Gi0/1.

Configure the ip dhcp smart-relay command globally on the router

Configure the ip helper-address 172.16.2.2 command under interface Gi0/0

Configure the ip address dhcp command under interface Gi0/0

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

GigabitEthernet0/0

GigabltEthornet0/1

GigabitEthernet0/2

GigabitEthernet0/3

multicast replication at the hardware level

fragmenting and reassembling packets

making routing decisions

forwarding packets

SSH

HTTPS

Telnet

console

Option A

Option B

Option C

Option D

IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration

IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration

An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of interfaces on multiple nodes.

Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes

interface vlan 2000ipv6 address ffc0:0000:aaaa::1234:2343/64

interface vlan 2000Ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64

interface vlan 2000ipv6 address fe80;0000:aaaa::1234:2343/64

interface vlan 2000ipv6 address fd00::1234:2343/64

Option A

Option B

Option C

Option D

configuring a password for the console port

backing up syslogs at a remote location

configuring enable passwords on network devices

setting up IP cameras to monitor key infrastructure

Configure the ip dhcp snooping trust command on the interlace that is connected to the DHCP client.

Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client.

Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server.

Configure the Ip dhcp relay information option command on the interface that is connected to the DHCP server.

ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64

iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64

Define a NAT pool on the router.

Configure static NAT translations for VLAN 200.

Configure the ip nat outside command on another interface for VLAN 200.

Update the NAT INSIDF RANGFS ACL

SYIM flood

reflection

teardrop

amplification

Switch 1 (config-if)#channel-group 1 mode onSwrtch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode passiveSwitch2(config-if)#channel-group 1 mode active

Switch1{config-if)£channel-group 1 mode activeSwitch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode onSwitch2(config-if)#channel-group 1 mode active

transport input telnet

crypto key generate rsa

ip ssh pubkey-chain

login console

username cisco password 0 Cisco

R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

int range g0/0-1channel-group 10 mode active

int range g0/0-1 chanm.l-group 10 mode desirable

int range g0/0-1channel-group 10 mode passive

int range g0/0-1 channel-group 10 mode auto

int range g0/0-1 channel-group 10 mode on

unique local address

link-local address

aggregatable global address

IPv4-compatible IPv6 address

The interface is receiving excessive broadcast traffic.

The cable connection between the two devices is faulty.

The interface is operating at a different speed than the connected device.

The bandwidth setting of the interface is misconfigured

forwards traffic between VLANs on a network

connects server and client devices to a network

allows users to record data and transmit to a tile server

provides wireless services to users in a building

Option A

Option B

Option C

Option D

VLANID

SSID

RFID

WLANID

interface FastEthernet0/0ip helper-address 10.0.1.1iaccess-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

interface FastEthernot0/1ip helper-address 10.0.1.1!access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

interface FastEthernetO/0ip helper-address 10.0.1.1Iaccess-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

interface FastEthernet0/1ip helper-address 10.0.1.1!access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

A distributed management plane must be used.

Software upgrades are performed from a central controller

Complexity increases when new device configurations are added

Custom applications are needed to configure network devices

Option A

Option B

Option C

Option D

Change the channel-group mode on SW2 to auto

Change the channel-group mode on SW1 to desirable.

Configure the interface port-channel 1 command on both switches.

Change the channel-group mode on SW1 to active or passive.

a lightweight access point

a firewall

a wireless LAN controller

a LAN switch

R1 (config)# username engineer2 algorithm-type scrypt secret test2021

R1(config)# username engineer2 secret 5 password S1$b1Ju$kZbBS1Pyh4QzwXyZ

R1(config)# username engineer2 privilege 1 password 7 test2021

R1(config)# username englneer2 secret 4 S1Sb1Ju$kZbBS1Pyh4QzwXyZ

Configure router A to use the same MTU size as router B.

Set the router B OSPF ID to a nonhost address.

Configure a point-to-point link between router A and router B.

Set the router B OSPF ID to the same value as its IP address

username CNAC secret R!41!4319115@

ip ssh version 2

line vty 0 4

crypto key generate rsa 1024

transport input ssh

Switch 1 (config-if)#channel-group 1 mode onSwrtch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode passiveSwitch2(config-if)#channel-group 1 mode active

Switch1{config-if)£channel-group 1 mode activeSwitch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode onSwitch2(config-if)#channel-group 1 mode active

As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer.

Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2.

Remark traffic as it traverses R1 and trust all markings at the access layer.

As traffic enters from the access layer on SW1 and SW2. trust all traffic markings.

disabled

listening

forwarding

learning

blocking

nothing plugged into the port

link flapping

shutdown command issued on the port

latency

ipv6 address 21:EB8:C1:2200:1::331/64

ipv6 address 2001:EB8:C1:22:1::331/64

ipv6 address 2001 :EB8:C 1:2200.1 ::331-64

ipv6 address 2001:EB8:C1:2200:1:0000:331/64

HTTP

SSH

HTTPS

Telnet

There is a duplex mismatch on the interface

There is an issue with the fiber on the switch interface.

There is a speed mismatch on the interface.

There is an interface type mismatch

172.16.0.0/16

192.168.2.0/24

207.165.200.0/24

192.168.1.0/24

Option A

Option B

Option C

Option D

F0/4

F0/0

F0/1

F0/3

The switch must be running a k9 (crypto) IOS image

The Ip domain-name command must be configured on the switch

IP routing must be enabled on the switch

A console password must be configured on the switch

Telnet must be disabled on the switch

It omits supports auto-discovery of network elements in a greenfield deployment.

It modular design allows someone to implement different versions to meet the specific needs of an organization

It abstracts policy from the actual device configuration

It does not support high availability of management functions when operating in cluster mode

The new frame is delivered first, the previous frame is dropped, and a retransmission request is sent.

The previous frame is delivered, the new frame is dropped, and a retransmission request is sent.

The new frame is placed in a queue for transmission after the previous frame.

The two frames are processed and delivered at the same time.

infrastructure-as-a-service.

Software-as-a-service

control and distribution of physical resources

services as a hardware controller.

ipv6 router 2000::1/128 2012::1

ipv6 router 2000::1/128 2012::1 5

ipv6 router 2000::1/128 2012::2

ipv6 router 2000::1/128 2023::2 5

ipv6 router 2000::1/128 2023::3 5

The access point must directly connect to the WLC using a copper cable

The access point must not be connected to the wired network, as it would create a loop

The access point must be connected to the same switch as the WLC

The access point has the ability to link to any switch in the network, assuming connectivity to the WLC

The CAM table is empty until ingress traffic arrives at each port

Switches dynamically learn MAC addresses of each connecting CAM table.

The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses

It requires a minimum number of secure MAC addresses to be filled dynamically

DHCP relay agent

DHCP server

DHCPDISCOVER

DHCPOFFER

The seventh bit of the original MAC address of the interface is inverted

The interface ID is configured as a random 64-bit value

The characters FE80 are inserted at the beginning of the MAC address of the interface

The MAC address of the interface is used as the interface ID without modification

Perform a lookup in the MAC address table and discard the frame due to a missing entry.

Insert the source MAC address and port into the forwarding table and forward the frame to Sales-1.

Map the Layer 2 MAC address to the Layer 3 IP address and forward the frame.

Flood the frame out of all ports except on the port where Sales-1 is connected.

switchport mode trunk

switchport mode dynamic desirable

switchport mode dynamic auto

switchport nonegotiate

IS-IS

RIP

Internal EIGRP

OSPF

Cisco DNA Center device management can deploy a network more quickly than traditional campus device management

Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management

Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options

Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management

Change the protocol to EtherChannel mode on.

Change the LACP mode to active

Change the LACP mode to desirable

Change the protocol to PAqP and use auto mode

IP SLA

syslog

NetFlow

SNMPv3

R2 is using the passive-interface default command

R1 has an incorrect network command for interface Gi1/0

R2 should have its network command in area 1

R1 interface Gil/0 has a larger MTU size

array

string

object

Boolean

Light is transmitted through the core of the fiber

A BNC connector is used for fiber connections

The glass core component is encased in a cladding

Fiber connects to physical interfaces using Rj-45 connections

The data can pass through the cladding

Option A

Option B

Option C

Option D

to analyze traffic and drop unauthorized traffic from the Internet

to transmit wireless traffic between hosts

to pass traffic between different networks

forward traffic within the same broadcast domain

RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication

TACACS+ encrypts only password information and RADIUS encrypts the entire payload

TACACS+ separates authentication and authorization, and RADIUS merges them

RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands

ip address 192.168.0.0 255.255.0.0

ip address 192.168.0.0 255.255.254.0

ip address 192.168.0.0 255.255.255.128

ip address 192.168.0.0 255.255.255.224

internal BGP route

/24 route of a locally configured IP

statically assigned route

route learned through EIGRP

It provides network security

It differentiates traffic entering access posits

It identities an individual access point on a WLAN

It identifies a WLAN

It uses SAE for authentication.

It uses a 4-way handshake for authentication.

It uses RC4 for encryption.

It uses TKIP for encryption.

Ansible

Python

Puppet

Chef

policy plane

management plane

control plane

data plane

Only traditional networks offer a centralized control plane

Only traditional networks natively support centralized management

Traditional and controller-based networks abstract policies from device configurations

Only controller-based networks decouple the control plane and the data plane

between zones 1 and 2

between zones 2 and 5

between zones 3 and 4

between zones 3 and 6

The switch port interface trust state becomes untrusted

The switch port remains administratively down until the interface is connected to another switch

Dynamic ARP inspection is disabled because the ARP ACL is missing

The switch port remains down until it is configured to trust or untrust incoming packets

OpenFlow

Java

REST

XML

collision

CRC

runt

late collision

There is a duplex mismatch

There is a speed mismatch

There is a protocol mismatch

The interface is shut down

The interface is error-disabled

Enabled interfaces are automatically placed in listening state

Enabled interfaces come up and move to the forwarding state immediately

Enabled interfaces never generate topology change notifications.

Enabled interfaces that move to the learning state generate switch topology change notifications

Enabled interfaces wait 50 seconds before they move to the forwarding state

host route

default route

floating static route

network route

in the MAC address table

in the CAM table

in the binding database

in the frame forwarding database

switchport trunk allowed vlan 10

switchport trunk native vlan 10

switchport mode trunk

switchport trunk encapsulation dot1q

broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites

multicast traffic from a server at one site to hosts at another location

spanning-tree updates between switches that are at two different sites

unicast messages from a host at a remote site to a server at headquarters

between the SDN controller and PCs on the network

between the SON controller and switches and routers on the network

between the SON controller and services and applications on the network

between network applications and switches and routers on the network

6

8

12

18

R1(config)# interface fa0/0R1(config-if)# ip helper-address 198.51.100.100

R2(config)# interface gi0/0R2(config-if)# ip helper-address 198.51.100.100

R1(config)# interface fa0/0R1(config-if)# ip address dhcpR1(config-if)# no shutdown

R2(config)# interface gi0/0R2(config-if)# ip address dhcp

R1(config)# interface fa0/0R1(config-if)# ip helper-address 192.0.2.2

enable the PortFast feature on ports

implement port-based authentication

configure static ARP entries

configure ports to a fixed speed

shut down unused ports

enable AAA override

enable RX-SOP

enable DTIM

enable Band Select

No router ID is set, and the OSPF protocol does not run.

The highest up/up physical interface IP address is selected as the router ID.

The lowest IP address is incremented by 1 and selected as the router ID.

The router ID 0.0.0.0 is selected and placed in the OSPF process.

Option A

Option B

Option C

Option D

Router2(config)#ntp passive

Router2(config)#ntp server 172.17.0.1

Router2(config)#ntp master 4

Router2(config)#ntp server 192.168.0.2

The core and distribution layers perform the same functions

The access layer manages routing between devices in different domains

The network core is designed to maintain continuous connectivity when devices fail.

The core layer maintains wired connections for each host

The distribution layer runs Layer 2 and Layer 3 technologies

10.10.1.10

10.10.10.20

172.16.15.10

192.168.0.1

disabling TPC so that access points can negotiate signal levels with their attached wireless devices.

setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller

allocating nonoverlapping channels to access points that are in close physical proximity to one another

configuring access points to provide clients with a maximum of 5 Mbps

large and requires a flexible, scalable network design

large and must minimize downtime when hardware fails

small and needs to reduce networking costs currently

small but is expected to grow dramatically in the near future

TKiP encryption

AES encryption

scrambled encryption key

SAE encryption

moves from a two-tier to a three-tier network architecture to provide maximum redundancy

provides an added layer of security to protect from DDoS attacks

allows configuration and monitoring of the network from one centralized port

combines control and data plane functionality on a single device to minimize latency

Interface errors are incrementing

An incorrect SFP media type was used at SiteA

High usage is causing high latency

The sites were connected with the wrong cable type

forwarding remote client/server traffic

facilitates spanning-tree elections

processing inbound SSH management traffic

sending and receiving OSPF Hello packets

802.1q trunks

Cisco vPC

LLDP

LACP

when the sending device waits 15 seconds before sending the frame again

when the cable length limits are exceeded

when one side of the connection is configured for half-duplex

when Carrier Sense Multiple Access/Collision Detection is used

when a collision occurs after the 32nd byte of a frame has been transmitted

It multiple the active K value by 256 to calculate the route with the lowest metric.

For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth.

It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.

It count the number of hops between the source router and the destination to determine the router with the lowest metric

10.10.10.0/28

10.10.13.0/25

10.10.13.144/28

10.10.13.208/29

Host that is configured for the system to send log messages

password that authenticates a Network Management System to receive log messages

group of log messages associated with the configured severity level

set of values that represent the processes that can generate a log message

encrypts data before sending between data resources

devices are directly connected and use UDP to pass file information

uses separate control and data connections to move files between server and client

offers proprietary support at the session layer when transferring data

The NMS software must be loaded with the MIB associated with the trap.

The NMS must be configured on the same router as the SNMP agent

The NMS must receive a trap and an inform message from the SNMP agent within a configured interval

The NMS must receive the same trap from two different SNMP agents to verify that it is reliable.

ip route 10.10.1.0 255.255.255.240 10.10.255.1

ip route 10.10.1.16 255.255.255.252 10.10.255.1

ip route 10.10.1.20 255.255.255.252 10.10.255.1

ip route 10.10.1.20 255.255.255.254 10.10.255.1

ip helper-address

ip address dhcp

ip dhcp pool

ip dhcp relay

WEP

RC4

AES

TKIP

Local AP mode creates two CAPWAP tunnels per AP to the WLC

FiexConnect AP mode fails to function if the AP loses connectivity with the WLC

FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured

Local AP mode causes the AP to behave as if it were an autonomous AP

ip address dhcp

ip helper-address

ip dhcp pool

ip dhcp client

CDP

SNMP

SMTP

ARP

ipv6 route 2000::1/128 2012::1

ipv6 route 2000::3/128 2023::3

ipv6 route 2000::3/128 s0/0/0

ipv6 route 2000::1/128 2012::2

ipv6 route 2000::1/128 s0/0/1

Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller

Devices establish an iPsec tunnel to exchange data with the controller

Devices use the call-home protocol to periodically send data to the controller.

The Cisco CU Analyzer tool gathers data from each licensed network device and streams it to the controller.

enable dynamic ARP inspection

manually implement trunk ports and disable DTP

activate all ports and place in the default VLAN

configure extended VLANs

autonomous

lightweight

bridge

mobility express

connects each switch to every other switch in the network

enables multiple users to share a single broadband connection

provides high throughput access for 1000 or more users

includes at least three tiers of devices to provide load balancing and redundancy

209.165.200.0/27

10.10.10.0/28

0.0.0.0/0

10.10.13.0/24

Switch 1

Switch 2

Switch 3

Switch 4

It load-balances traffic out of Fa0/1 and Fa0/2.

It is unreachable and discards the traffic.

It sends packets out of interface FaO/2.

It sends packets out of interface Fa0/1.

YAML

JSON

EBCDIC

SGML

XML

Enable dynamic ARP inspection

Configure an ACL to prevent traffic from changing VLANs

Change native VLAN to an unused VLAN ID

Implement port security on internet-facing VLANs

ipv6 address 2001:db8::700:3:400F:572B

ipv6 address 2001:db8:0::700:3:4F:572B

ipv6 address 2001:Odb8::7:3:4F:572B

ipv6 address 2001::db8:0000::700:3:400F:572B

Bronze

Platinum

Silver

Gold

OpenFlow

REST API

NETCONF

Southbound API

configure port in the native VLAN

configure ports in a black hole VLAN

configure in a nondefault native VLAN

configure ports as access ports

Virtual machines are responsible for managing and allocating host hardware resources

In a virtual machine environment, physical servers must run one operating system at a time.

Virtual machines are the physical hardware that support a virtual environment.

Virtual machines are operating system instances that are decoupled from server hardware

local port ID

lowest path cost to the root bridge

lowest neighbor's bridge ID

lowest neighbor's port ID

Add a "permit ip any any" statement to the begining of ACL 101 for allowed traffic.

Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic

The source and destination IPs must be swapped in ACL 101

The ACL must be configured the Gi0/2 interface inbound on R1

The ACL must be moved to the Gi0/1 interface outbound on R2

RIP route 10.0.0.0/30

iBGP route 10.0.0.0/30

OSPF route 10.0.0.0/30

EIGRP route 10.0.0.1/32

OSPF route 10.0.0.0/16

set the default network as 20.20.20.0/24

set the default gateway as 20.20.20.2

configure a static route with Fa0/1 as the egress interface to reach the 20.20.20.0/24 network

configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 network

5GHz provides increased network capacity with up to 23 nonoveriapping channels.

For maximum throughput, the WLC is configured to dynamically set adjacent access points to the same channel.

5GHz channel selection requires an autonomous access point.

Adjacent cells with overlapping channels use a repeater access point.

Cells that overlap one another are configured to use nonoveriapping channels.

It load-balances traffic by assigning the same metric value to more than one route to the same destination m the IP routing table.

It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.

It forwards multiple packets to the same destination over different routed links n the data path

It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN

the path through R1, because the OSPF administrative distance is 110

the path through R2. because the IBGP administrative distance is 200

the path through R2 because the EBGP administrative distance is 20

the path through R3. because the EIGRP administrative distance is lower than OSPF and BGP

Physical access control

Social engineering attack

brute force attack

user awareness

It selects the RIP route because it has the longest prefix inclusive of the destination address.

It chooses the OSPF route because it has the longest prefix inclusive of the destination address.

it load-balances traffic between all three routes

It chooses the EIGRP route because it has the lowest administrative distance

Add the switch in the VTP domain with a lower revision number

Add the switch with DTP set to dynamic desirable

Add the switch in the VTP domain with a higher revision number

Add the switch with DTP set to desirable

1.544 Mbps

2.048 Mbps

34.368 Mbps

43.7 Mbps

interface gi0/1no cdp enable

interface gi0/1clear cdp table

interface gi0/0no cdp advertise-v2

interface gi0/0no cdp run

read

create

replace

update

Switch(config)#spanning-tree vlan 750 priority 38003685

Switch(config)#spanning-tree vlan 750 root primary

Switch(config)#spanning-tree vlan 750 priority 614440

Switch(config)#spanning-tree vlan 750 priority 0

It serves as the centralized management point of an SDN architecture.

It centralizes the data plane for the network.

It is the card on a core router that maintains all routing decisions for a campus.

It is a pair of core routers that maintain all routing decisions for a campus

There is limited unique address space, and traffic on the new subnet will stay local within the organization.

The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.

Traffic on the subnet must traverse a site-to-site VPN to an outside organization.

The ISP requires the new subnet to be advertised to the internet for web services.

RADIUS

TACACS+

SCP

Telnet

SSH

act as routers to connect a user to the service prowler network

a threat to the network if they are compromised

support inter-VLAN connectivity

enforce policies for campus-wide traffic going to the internet

used cryptographic tunneling to protect the privacy of data for multiple users simultaneously

used exclusively when a user is connected to a company's internal network

establishes a secure tunnel between two branch sites

allows the users to access company internal network resources through a secure tunnel

interface GigabitEthernet0/0/1channel-group 10 mode on

interface GigabitEthernet0/0/1channel-group 10 mode active

interface GigabitEthernet0/0/1channel-group 10 mode auto

interface port-channel 10switchportswitchport mode trunk

interface port-channel 10no switchportip address 172.16.0.1.255.255.255.0

relay agent information

database agent

address pool

smart-relay

manual bindings

Ipv6 route 2001:db8:23::/128 fd00:12::2

Ipv6 route 2001:db8:23::14/128 fd00:13::3

Ipv6 route 2001:db8:23::14/64 fd00:12::2

Ipv6 route 2001:db8:23::/64 fd00:12::2

Ipv6 route 2001:db8:23::14/64 fd00:12::2 200

Provide uninterrupted forwarding service.

Police traffic that is sent to the edge of the network.

Provide direct connectivity for end user devices.

Ensure timely data transfer between layers.

Inspect packets for malicious activity.

It provides traffic load balancing to destinations that are more than two hops from the source.

It provides the default gateway redundancy on a LAN using two or more routers.

It allows neighbors to share routing table information between each other.

It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.

It allows directly connected neighbors to share configuration information.

It allows a router to use bridge priorities to create multiple loop-free paths to a single destination.

It reduces routing failures by allowing Layer 3 load balancing between OSPF neighbors that have the same link metric.

It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network.

Frames are sent to every port on the switch in the same VLAN except from the originating port

Frames are sent to every port on the switch that has a matching entry in the MAC address table.

Frames are sent to all ports, including those that are assigned to other VLANs.

Frames are sent to every port on the switch in the same VLAN.

ARP

DHCP

CDP

DNS

CPU ACL

TACACS

Flex ACL

RADIUS

The switch rewrites the source and destination MAC addresses with its own.

The source MAC address is changed.

The source and destination MAC addresses remain the same.

The destination MAC address is replaced with ffff.ffff.ffff.

IPsec tunnel mode with AH

IPsec transport mode with AH

IPsec tunnel mode with ESP

IPsec transport mode with ESP

Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor

The hypervisor can virtualize physical components including CPU. memory, and storage

Each hypervisor can support a single virtual machine and a single software switch

The hypervisor communicates on Layer 3 without the need for additional resources

intrusion detection

user awareness

physical access control

network authorization

1729.0.0/16

172.28.0.0/16

192.0.0.0/8

209.165.201.0/24

Layer 2 switch

load balancer

firewall

LAN controller

access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any anyinterface GigabitEthernet0/0 ip access-group 100 in

access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any anyline vty 0 15 ip access-group 100 in

access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any anyinterface GigabitEthernet0/0 ip access-group 100 in

access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any anyline vty 0 15 ip access-group 100 in

to mitigate delays over slow links

to provide fair queuing for buffered flows

to limit the bandwidth that a flow can use to

be a marking mechanism that identifies different flows

worm

malware

DDoS

man-in-the-middle

centralize the management of access points in an enterprise network

support standalone or controller-based architectures

serve as the first line of defense in an enterprise network

provide secure user logins to devices on the network.

Both operate at a frequency of 500 MHz.

Both support runs of up to 55 meters.

Both support runs of up to 100 meters.

Both support speeds of at least 1 Gigabit.

Both support speeds up to 10 Gigabit.

Option A

Option B

Option C

Option D

Facilities communication between the controller and the applications

Facilities communication between the controller and the networking hardware

allows application developers to interact with the network

integrates a controller with other automation and orchestration tools.

Option A

Option B

Option C

Option D

Both have a 50 micron core diameter

Both have a 9 micron core diameter

Both have a 62.5 micron core diameter

Both have a 100 micron core diameter

ipconfig /all

ifconfig -a

show interface

netstat -r

SW1#interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5interface Gi0/2switchport mode trunkswitchport trunk allowed vlan 5,7,9,108SW2#interface Gi0/1switchport mode accessswitchport access vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 7,9,108

SW1#interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5interface Gi0/2switchport mode accessswitchport trunk allowed vlan 7,9,108SW2#interface Gi0/1switchport mode accessno switchport access vlan 1switchport access vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 7,9,108switchport trunk native vlan 5

SW#1 -interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5interface Gi0/2switchport mode trunkswitchport trunk allowed vlan 5,7,9,108SW2#interface Gi0/1switchport mode accessswitchport access vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5

SW1#interface Gi0/1switchport mode trunkswitchport trunk allowed vian 5,7,9,108interface Gi0/2switchport mode trunkswitchport trunk allowed vlan 7,9,108SW2#interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 5,7,9,108

one

three

six

nine

Discovery response

DHCP request

DHCP discover

Discovery request

PSK

TKIP

SAE

AES

a server that dynamically assigns IP addresses to hosts

a router that statically assigns IP addresses to hosts

a host that is configured to request an IP address automatically

a workstation that requests a domain name associated with its IP address

encryption and decryption for VPN link processing

building route tables and updating the forwarding table

changing the source or destination address during NAT operations

encapsulation and decapsulation of packets in a data-link frame

6

8

12

18

It sends the traffic via prefix 172.31.0.0/16

It sends the traffic via the default gateway 0.0.0.070.

It sends the traffic via prefix 172.31.0.0/24

It sends the traffic via prefix 172.31.0.0/25

0.0.0.0.0/0

10.56.0.1

10.56.128.19

Vlan57

for small networks with minimal need for growth

the access and distribution layers must be on the same device

for large networks that are connected to multiple remote sites

only when using VSS technology

It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup.

It sends all traffic over the path via 10.0.1.100.

It load-balances traffic over 172.16.9.5 and 172.16.4.4.

It sends all traffic over the path via 172.16.4.4.

ip route 10.80.65.10 255.255.255.254 10.80.65.1

ip route 10.8065.10 255.255.255.255 10.73.65.66

ip route 1073.65.65 255.0.0.0 10.80.65.10

ip route 10.73.65.66 0.0.0.255 10.80.65.10

MAC address aging

MAC address table

frame flooding

spanning-tree protocol

FlexConnect

SE-Connect

bridge

local

Password complexity enable

confreg 0x2142

Login authentication my-auth-list

service password-encryption

TCP establishes a connection prior to sending data, and UDP sends immediately.

TCP uses error detection for packets, and UDP uses error recovery.

TCP avoids using sequencing, and UDP avoids using acknowledgments.

TCP encourages out-of-order packet delivery, and UDP prevents re-ordering.

Option A

Option B

Option C

Option D

malicious code that is installed onto a computer to allow access by an unauthorized user

malicious code with the main purpose of downloading other malicious code

malicious program that is used to launch other malicious programs

malicious code that infects a user machine and then uses that machine to send spam

To perform upgrades without service interruption

To provide fast and accurate deployment of patches and updates

To allow SSH access to all nodes in the network.

To provide software redundancy in the network.

1000BASE-ZX is supported on links up to 1000km, and 1000BASE-LX/LH operates over links up to 70 km.

1000BASE-LX/LH interoperates with multimode and single-mode fiber, and 10008ASE-ZX needs a conditioning patch cable with a multimode.

1000BASE-LX/LH is supported on links up to 10km, and 1000BASE-ZX operates over links up to 70 km

1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP over multimode fiber, and 1000BASE-LX/LH supports only single-rate.

Option A

Option B

Option C

Option D

broadcast to all ports on the switch

flooded to all ports except the origination port

forwarded to the first available port

inspected and dropped by the switch

They are a Cisco proprietary security feature.

They must include one number and one letter.

They define the VLAN on a switch.

They are case sensitive.

EtherChannel

LAG

trunk

access

GigabitEthernet0

GigabitEthernet0/1

Null0

GigabitEthernet0/3

AES

TKIP

PEAP

EAP

interface Gi0/1ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA02:/127

interface Gi0/0ipv6 address 2001:db8:1:AFFF::/64 eui-64

interface Gi0/1ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA00:/127

interface Gi0/0ipv6 address 2001:db8:0:AFFF::/64 eui-64

interface Gi0/0ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA03;/127

All four pairs of the cable are used

It detects the device is a powered device

The default level is used for the access point

Power policing is enabled at the same time

switch(config)#spanning-tree vlan 1 max-age 6

switch(config)#spanning-tree vlan 1 hello-time 10

switch(config)#spanning-tree vlan 1 priority 4096

switch(config)#spanning-tree vlan 1 forward-time 20

To simplify the process of maintaining a consistent configuration state across all devices

To centralize device information storage

To implement centralized user account management

To deploy the management plane separately from the rest of the network Answer: A

STP

port security

wrong cable type

shutdown command

on

active

auto

passive

Option A

Option B

Option C

Option D

snmp-server host

snmp-server community

snmp-server enable traps

snmp-server user

Port security

High throughput

Cable disconnect

duplex mismatch

Enable the 802.1X option for Authentication Key Management

Enable the WPA2 Policy option

Enable the CCKM option for Authentication Key Management

Enable the MAC Filtering option

Enable the OSEN Policy option

Cisco DNA Center correlates information from different management protocols to obtain insights, and traditional campus management requires manual analysis.

Cisco DNA Center handles management tasks at the controller to reduce the load on infrastructure devices, and traditional campus management uses the data backbone.

Cisco DNA Center leverages YANG and NETCONF to assess the status of fabric and nonfabric devices, and traditional campus management uses CLI exclusively.

Cisco DNA Center automatically compares security postures among network devices, and traditional campus management needs manual comparisons.

applies 802.1x authentication

usesTKIP

employs PKI to identify access points

protects against brute force attacks

255.255.255.240

255.255.255.128

255.255.248.

255.255.255.248

Option

Option

Option

ip domain-name domain

password password

crypto key generate rsa modulus 1024

ip ssh authentication-retries 2

Configure the no lldp tlv-select-management-address command globally on Cat9K-2

Configure the no lldp transmit command on interface G1/0/21 in Cat9K-1

Configure the no lldp receive command on interface G1/0/21 on Cat9K-1

Configure the no lldp mac-phy-cfg command globally on Cat9K-2

10.10.10.5

10.10.10.3

10.10.10.4

10.10.10.2

Cisco DNA Center leverages SNMPv3 tor encrypted management, and traditional campus management uses SNMPv2.

Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.

Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.

Cisco DNA Center automates SSH access for encrypted entry, and SSH Is absent from traditional campus management.

Place the AP into manual containment.

Remove the AP from WLC management.

Manually remove the AP from Pending state.

Set the AP Class Type to Friendly.

A packet sent to an IPv6 multicast address is delivered to one or more destinations at once, but a packet sent to an IPv6 anycast address is routed to the closest interface with that address.

An IPv6 multicast address uses the prefix 2002::/15 and forwards to one destination, and an IPv6 anycast address uses the prefix ff00::/8 and forwards to any destination in a group.

IPv6 multicast addresses are used to transition from IPv4 to IPv6, and IPv6 anycast addresses are used for address aggregation in an IPv6-only environment.

An IPv6 multicast address is assigned to numerous interfaces within a subnet, but an IPv6 anycast address is used for a predefined group of nodes in an all-IPv6 routers group.

Set PMF to Required.

Enable MAC Filtering.

Enable WPA Policy.

Set Fast Transition to Enabled

router ospf 100network 10.120.10.0 255.255.255.0 area 0

router ospf 120network 10.120.10.0 255.255.255.0 area 0ip route 10.120.10.0 255.255.255.0 fa0/1

router ospf 100 area 0network 10.120.10.0 0.0.0.255

Option A

Option B

Option C

Option D

metric

cost

longest prefix

administrative distance

conserve globally unique address space

simplify the addressing in the network

limit the number of nodes reachable via the Internet

reduce network complexity

email system patches

physical access control

software firewall enabled on all PCs

user awareness training

Uncheck the Guest User check box

Check the Guest User Role check box

Set the Lifetime (seconds) value to 0

Clear the Lifetime (seconds) value

To identify a resource on a target server.

To transport data or payload to a remote resource.

To specify the way in which a remote resource is modified.

To respond with the data content encoding for a request.

Get

GetNext

Set

GetBulk

Inform

802.1x authentication and AES-128 encryption

TKIP encryption improving WEP and per-packet keying

AES-64 m personal mode and AES-128 in enterprise mode

forward secrecy and SAE in personal mode for secure initial key exchange

R1(config)#ip nat inside source static 10.1.1.1 209.165.200.225

R1(config)#ip nat inside source static 209.165.200.225 10.1.1.1

R1(config)#ip nat outside source static 10.1.1.1 209.165.200.225

R1(config)#ip nat outside source static 209.165.200.225 10.1.1.1

10.165 20.126

10.165.20.146

10.165.20.166

10.165 20.226

REST APIs that allow for external applications to interact natively

adapters that support all families of Cisco IOS software

SDKs that support interaction with third-party network equipment

customized versions for small, medium, and large enterprises

modular design that is upgradable as needed

Alert

Error

Emergency

Critical

Configure the cdp timer 10 command on switch Cat9300.

Enable portfast on the ports that connect to neighboring devices.

Configure the cdp holdtime 10 command on switch Cat9300.

Configure the cdp timer 10 command on the neighbors of switch Cat9300.

Controller-based networks centralize all important data-plane functions, and traditional networks distribute data-plane functions.

Controller-based networks centralize all important control-plane functions, and traditional networks distribute control-plane functions.

Traditional networks centralize all important control-plane functions, and controller-based networks distribute control-plane functions.

Traditional networks centralize all important data-plane functions, and controller-based networks distribute data-plane functions.

ipconfig /renew

ipconfig

ipconfig /all

ipconfig /displaydns

via 10.0.4.2

via 10.0.0.2

via FastEthernet0/1

via FastEthernet1/1

It identifies the wired network to which a network device is connected.

It identifies a wireless network for a mobile device to connect.

It identifies the wireless network to which an application must connect.

It identifies the wired network to which a user device is connected.

SwitchA(config-if-range) #channel-group 1 mode desirable

SwitchA(config-if-range) #channel-group 1 mode auto

SwitchA(config-if-range) #channel-group 1 mode active

SwitchA(config-if-range) #channel-group 1 mode passive

255.255.255.224

255.255.255.248

255.255.255.0

255.255.255.252

16

32

48

64

Asset identification

User training

Physical access control

Vulnerability control

Content-Type: application/json

Accept-Encoding: application/json

Accept: application/json

Accept-Language: application/json

using the CLI via an out-of-band connection

using the WLC GUI via HTTPS

using the AP GUI via an in-band SSH connection

using the CLI via a virtual interface with SSH

To provide network redundancy in the case of a router failure

To use an open standard protocol that is configured on Cisco and third-party routers

To allow hosts in a network to use the same default gateway virtual IP when load-balancing traffic

To allow clients to be configured with multiple default gateway IPs

Uncheck the WPA Policy option check box, and check the WPA2 Policy option check box.

Uncheck the MAC Filtering option check box.

Change the WPA Encryption option from TKIP to CCMP(128AES).

Set the Security Type option to Personal.

Set the Layer 2 Security option to None.

They are allocated by the same organization.

They are routable on the global internet.

They use the same process for subnetting.

They are part of the multicast IPv6 group type.