CCNA3 v7

  • CCNA 3 v7 Modules 13 – 14: Emerging Network Technologies Exam Answers

    How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer.

    CCNA 3 v7 Modules 13 – 14: Emerging Network Technologies Exam Answers

     

    Q(1). A company uses a cloud-based payroll system. Which cloud computing technology is this company using?

    (a)    browser as a service (BaaS)

    (b)    infrastructure as a service (IaaS)

    (c)    software as a service (SaaS)

    (d)    wireless as a service (WaaS)

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(2). For a data center, what is the difference in the server virtualization data traffic compared with the traditional client-server model?

    (a)    Data traffic from clients will be routed to multiple virtual servers.

    (b)   There are significant data exchanges between virtual servers.

    (c)     There is more data traffic flowing from virtual servers to clients.

    (d)    More network control traffic is generated between virtual servers and clients.

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(3). Which component in a traditional infrastructure device provides Layer 2 and Layer 3 functions to create data paths within a network?

    (a)    data plane

    (b)   control plane

    (c)     adjacency table

    (d)    forwarding information base

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(4). Which network traffic management technology is a basic element in SDN implementations?

    (a)    OpenFlow

    (b)    OpenStack

    (c)     IEEE 802.1aq

    (d)    Interface to the Routing System

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(5). Which type of hypervisor would most likely be used in a data center?

    (a)    Type 2

    (b)   Type 1

    (c)     Nexus

    (d)    Hadoop

     

    Correct Answer: (b)

    Explanation:

    The two type of hypervisors are Type 1 and Type 2. Type 1 hypervisors are usually used on enterprise servers. Enterprise servers rather than virtualized PCs are more likely to be in a data center.


    Q(6). Which is a characteristic of a Type 1 hypervisor?

    (a)    installed directly on a server

    (b)    best suited for consumers and not for an enterprise environment

    (c)     does not require management console software

    (d)    installed on an existing operating system

     

    Correct Answer: (a)

    Explanation:

    Type 1 hypervisors are installed directly on a server and are known as “bare metal” solutions giving direct access to hardware resources. They also require a management console and are best suited for enterprise environments.


    Q(7). Which two layers of the OSI model are associated with SDN network control plane functions that make forwarding decisions? (Choose two.)

    (a)    Layer 1

    (b)   Layer 2

    (c)    Layer 3

    (d)    Layer 4

    (e)    Layer 5

     

    Correct Answer: (b) & (c)

    Explanation:

    The SDN control plane uses the Layer 2 ARP table and the Layer 3 routing table to make decisions about forwarding traffic.


    Q(8). What pre-populates the FIB on Cisco devices that use CEF to process packets?

    (a)    the routing table

    (b)    the adjacency table

    (c)     the ARP table

    (d)    the DSP

     

    Correct Answer: (a)

    Explanation:

    CEF uses the FIB and adjacency table to make fast forwarding decisions without control plane processing. The adjacency table is pre-populated by the ARP table and the FIB is pre-populated by the routing table.


    Q(9). What is a function of the data plane of a network device?

    (a)    sending information to the CPU for processing

    (b)    building the routing table

    (c)     resolving MAC addresses

    (d)   forwarding traffic flows

     

    Correct Answer: (d)

    Explanation:

    Networking devices operate in two planes; the data plane and the control plane. The control plane maintains Layer 2 and Layer 3 forwarding mechanisms using the CPU. The data plane forwards traffic flows.


    Q(10). Which statement describes the concept of cloud computing?

    (a)    separation of application from hardware

    (b)    separation of management plane from control plane

    (c)     separation of operating system from hardware

    (d)    separation of control plane from data plane

     

    Correct Answer: (a)

    Explanation:

    Cloud computing is used to separate the application or service from hardware. Virtualization separates the operating system from the hardware.


    Q(11). Which cloud model provides services for a specific organization or entity?

    (a)    a public cloud

    (b)    a hybrid cloud

    (c)    a private cloud

    (d)    a community cloud

     

    Correct Answer: (c)

    Explanation:

    Private clouds are used to provide services and applications to a specific organization and may be set up within the private network of the organization or managed by an outside organization.


    Q(12). What two benefits are gained when an organization adopts cloud computing and virtualization? (Choose two.)

    (a)    provides a “pay-as-you-go” model, allowing organizations to treat computing and storage expenses as a utility

    (b)   enables rapid responses to increasing data volume requirements

    (c)     distributed processing of large data sets in the size of terabytes

    (d)    elimination of vulnerabilities to cyber attacks

    (e)    increases the dependance on onsite IT resources

     

    Correct Answer: (a) & (b)

    Explanation:

    Organizations can use virtualization to consolidate the number of required servers by running many virtual servers on a single physical server. Cloud computing allows organizations to scale their solutions as required and to pay only for the resources they require.


    Q(13). Which type of Hypervisor is implemented when a user with a laptop running the Mac OS installs a Windows virtual OS instance?

    (a)    type 2

    (b)    virtual machine

    (c)     type 1

    (d)    bare metal

     

    Correct Answer: (a)

    Explanation:

    Type 2 hypervisors, also known as hosted hypervisors, are installed on top of an existing operating system, such as Mac OS, Windows, or Linux.


    Q(14). A small company is considering moving many of its data center functions to the cloud. What are three advantages of this plan? (Choose three.)

    (a)    The company only needs to pay for the amount of processing and storage capacity that it uses.

    (b)    Cloud services are billed at a fixed fee no matter how much processing and storage are used by the company.

    (c)    The company does not need to be concerned about how to handle increasing data storage and processing demands with in-house data center equipment.

    (d)   The company can increase processing and storage capacity as needed and then decrease capacity when it is no longer needed.

    (e)    Single-tenant data centers can easily grow to accommodate increasing data storage requirements.

    (f)      Cloud services enable the company to own and administer its own servers and storage devices.

     

    Correct Answer: (a), (c) & (d)

    Explanation:

    Cloud computing offers many advantages to the company. Since the cloud data storage and processing facilities are owned by third-parties, the company does not need to be concerned about how it will handle increasing data storage and processing demands with its own data center equipment. The company can easily increase or decrease processing power and storage capacity based on need. Also, cloud services are billed by usage, so the company does not have the costs of supporting its own expensive data center that is not always used to maximum capacity.


    Q(15). How does virtualization help with disaster recovery within a data center?

    (a)    support of live migration

    (b)    guarantee of power

    (c)     improvement of business practices

    (d)    supply of consistent air flow

     

    Correct Answer: (a)

    Explanation:

    Live migration allows moving of one virtual server to another virtual server that could be in a different location that is some distance from the original data center.


    Q(16). What technology allows users to access data anywhere and at any time?

    (a)    Cloud computing

    (b)    virtualization

    (c)     micromarketing

    (d)    data analytics

     

    Correct Answer: (a)

    Explanation:

    Cloud computing allows organizations to eliminate the need for on-site IT equipment, maintenance, and management. Cloud computing allows organizations to expand their services or capabilities while avoiding the increased costs of energy and space.


    Q(17). Which action takes place in the assurance element of the IBN model?

    (a)    verification and corrective action

    (b)    configuring systems

    (c)     translation of policies

    (d)    integrity checks

     

    Correct Answer: (a)

    Explanation:

    The assurance element of the IBN model is concerned with end-to-end verification of network-wide behavior.


    Q(18). Refer to the exhibit. Which data format is used to represent the data for network automation applications?

    CCNA 3 v7 Modules 13 - 14: Emerging Network Technologies Exam Answers 1

    (a)    XML

    (b)    YAML

    (c)     HTML

    (d)   JSON

     

    Correct Answer: (d)

    Explanation:

    The common data formats that are used in many applications including network automation and programmability are as follows:

    ·         JavaScript Object Notation (JSON) – In JSON, the data known as an object is one or more key/value pairs enclosed in braces { }. Keys must be strings within double quotation marks ” “. Keys and values are separated by a colon.

    ·         eXtensible Markup Language (XML) – In XML, the data is enclosed within a related set of tags <tag>data</tag>.

    ·         YAML Ain’t Markup Language (YAML) – In YAML, the data known as an object is one or more key value pairs. Key value pairs are separated by a colon without the use of quotation marks. YAML uses indentation to define its structure, without the use of brackets or commas.


    Q(19). What is the function of the key contained in most RESTful APIs?

    (a)    It is the top-level object of the API query.

    (b)   It is used to authenticate the requesting source.

    (c)     It represents the main query components in the API request.

    (d)    It is used in the encryption of the message by an API request.

     

    Correct Answer: (b)

    Explanation:

    Many RESTful APIs, including public APIs, require a key. The key is used to identify the source of the request through authentication.


    Q(20). Which two configuration management tools are developed using Ruby? (Choose two.)

    (a)    Puppet

    (b)    Ansible

    (c)     SaltStack

    (d)   Chef

    (e)    RESTCONF

     

    Correct Answer: (a) & (d)

    Explanation:

    Chef and Puppet are configuration management tools developed using Ruby. Ansible and SaltStack are configuration management tools developed using Python. Ruby is typically considered a more difficult language to learn than Python. RESTCONF is a network management protocol.


    Q(21). Which term is used to describe a set of instructions for execution by the configuration management tool Puppet?

    (a)    Playbook

    (b)    Cookbook

    (c)    Manifest

    (d)    Pillar

     

    Correct Answer: (c)

    Explanation:

    The configuration management tool Puppet uses the name Manifest to describe the set of instructions to be executed.


    Q(22). Which term is used to describe a set of instructions for execution by the configuration management tool SaltStack?

    (a)    Cookbook

    (b)    Manifest

    (c)    Pillar

    (d)    Playbook

     

    Correct Answer: (c)

    Explanation:

    The configuration management tool SaltStack uses the name Pillar to describe the set of instructions to be executed.


    Q(23). Which scenario describes the use of a public API?

    (a)    It requires a license.

    (b)   It can be used with no restrictions.

    (c)     It is used between a company and its business partners.

    (d)    It is used only within an organization.

     

    Correct Answer: (b)

    Explanation:

    Public, or open, APIs have no restrictions and are available to the public. Some API providers do require a user to obtain a free key or token prior to using the API in order to control the volume of API requests received and processed.


    Q(24). What is YAML?

    (a)    It is a scripting language.

    (b)   It is a data format and superset of JSON.

    (c)     It is a compiled programming language.

    (d)    It is a web application.

     

    Correct Answer: (b)

    Explanation:

    Like JSON, YAML Ain’t Markup Language (YAML) is a data format used by applications to store and transport data. YAML is considered a superset of JSON.


    Q(25). Which RESTFul operation corresponds to the HTTP GET method?

    (a)    post

    (b)    patch

    (c)     update

    (d)   read

     

    Correct Answer: (d)

    Explanation:

    RESTful operations correspond to the following HTTP methods (shown to the left with the RESTful operation on the right):

    ·         POST > Create

    ·         GET > Read

    ·         PUT/PATCH > Update

    ·         DELETE > Delete


    Q(26). Which technology virtualizes the network control plane and moves it to a centralized controller?

    (a)    SDN

    (b)    fog computing

    (c)     cloud computing

    (d)    IaaS

     

    Correct Answer: (a)

    Explanation:

    Networking devices operate in two planes: the data plane and the control plane. The control plane maintains Layer 2 and Layer 3 forwarding mechanisms using the CPU. The data plane forwards traffic flows. SDN virtualizes the control plane and moves it to a centralized network controller.


    Q(27). What are two functions of hypervisors? (Choose two.)

    (a)    to partition the hard drive to run virtual machines

    (b)   to manage virtual machines

    (c)     to protect the host from malware infection from the virtual machines

    (d)    to share the antivirus software across the virtual machines

    (e)    to allocate physical system resources to virtual machines

     

    Correct Answer: (b) & (e)

    Explanation:

    The hypervisor does not protect the hosting OS from malware. Neither does it allow sharing software across virtual machines. The hard drive of the supporting computer does not need to be partitioned to run virtual machines. The hypervisor creates and manages virtual machines on a host computer and allocates physical system resources to them.


    Q(28). What is a difference between the functions of Cloud computing and virtualization?

    (a)    Cloud computing requires hypervisor technology whereas virtualization is a fault tolerance technology.

    (b)   Cloud computing separates the application from the hardware whereas virtualization separates the OS from the underlying hardware.

    (c)     Cloud computing provides services on web-based access whereas virtualization provides services on data access through virtualized Internet connections.

    (d)    Cloud computing utilizes data center technology whereas virtualization is not used in data centers.

     

    Correct Answer: (b)

    Explanation:

    Cloud computing separates the application from the hardware. Virtualization separates the OS from the underlying hardware. Virtualization is a typical component within cloud computing. Virtualization is also widely used in data centers. Although the implementation of virtualization facilitates an easy server fault tolerance setup, it is not a fault tolerance technology by design. The Internet connection from a data center or service provider needs redundant physical WAN connections to ISPs.​​


    Q(29). How is the YAML data format structure different from JSON?

    (a)    It uses indentations.

    (b)    It uses end tags.

    (c)     It uses hierarchical levels of nesting.

    (d)    It uses brackets and commas.

     

    Correct Answer: (a)

    Explanation:

    The structure in YAML is defined by indentations rather than brackets and commas.


    Q(30). What is the most widely used API for web services?

    (a)    XML-RPC

    (b)    SOAP

    (c)     JSON-RPC

    (d)   REST

     

    Correct Answer: (d)

    Explanation:

    REST accounts for more than 80% of all API types used for web services, making it the most widely used web service API.


    Q(31). What is REST?

    (a)    It is a way to store and interchange data in a structured format.

    (b)   It is an architecture style for designing web service applications.

    (c)     It is a human readable data structure that is used by applications for storing, transforming, and reading data.

    (d)    It is a protocol that allows administrators to manage nodes on an IP network.

     

    Correct Answer: (b)

    Explanation:

    REST is not a protocol or service, but rather a style of software architecture for designing web service applications.


    Q(32). What is a difference between the XML and HTML data formats?

    (a)    XML does not use predefined tags whereas HTML does use predefined tags.

    (b)    XML encloses data within a pair of tags whereas HTML uses a pair of quotation makes to enclose data.

    (c)     XML formats data in binary whereas HTML formats data in plain text.

    (d)    XML does not require indentation for each key/value pair but HTML does require indentation.

     

    Correct Answer: (a)

    Explanation:

    XML is a human readable data structure used to store, transfer, and read data by applications. Like HTML, XML uses a related set of tags to enclose data. However, unlike HTML, XML uses no predefined tags or document structure.


    Q(33). To avoid purchasing new hardware, a company wants to take advantage of idle system resources and consolidate the number of servers while allowing for multiple operating systems on a single hardware platform. What service or technology would support this requirement?

    (a)    dedicated servers

    (b)    Cisco ACI

    (c)    virtualization

    (d)    software defined networking

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(34). Match the term to the RESTful API request http://www.mapquestapi.com/directions/v2/route?outFormat=json&key=KEY&from=San+Jose,Ca&to=Monterey,Ca component. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 13 - 14: Emerging Network Technologies Exam Answers 2

    Explanation:

    No answer description available for this question


    Q(35). Which cloud computing opportunity would provide the use of network hardware such as routers and switches for a particular company?

    (a)    software as a service (SaaS)

    (b)    wireless as a service (WaaS)

    (c)    infrastructure as a service (IaaS)

    (d)    browser as a service (BaaS)

     

    Correct Answer: (c)

    Explanation:

    This item is based on information contained in the presentation.
    Routers, switches, and firewalls are infrastructure devices that can be provided in the cloud.


    Q(36). What component is considered the brains of the ACI architecture and translates application policies?

    (a)    the Application Network Profile endpoints

    (b)    the Nexus 9000 switch

    (c)     the hypervisor

    (d)   the Application Policy Infrastructure Controller

     

    Correct Answer: (d)

    Explanation:

    The ACI architecture consists of three core components: the Application Network Profile, the Application Policy Infrastructure Controller, which serves as the brains of the ACI architecture, and the Cisco Nexus 9000 switch.


    Q(37). Which statement describes the concept of cloud computing?

    (a)    separation of management plane from control plane

    (b)    separation of control plane from data plane

    (c)    separation of application from hardware

    (d)    separation of operating system from hardware

     

    Correct Answer: (c)

    Explanation:

    Cloud computing is used to separate the application or service from hardware. Virtualization separates the operating system from the hardware.


    Q(38). In which situation would a partner API be appropriate?

    (a)    an internet search engine allowing developers to integrate the search engine into their own software applications

    (b)    company sales staff accessing internal sales data from their mobile devices

    (c)     someone creating an account on an external app or website by using his or her social media credentials

    (d)   a vacation service site interacting with hotel databases to display information from all the hotels on its web site

     

    Correct Answer: (d)

    Explanation:

    Partner API programs incorporate collaboration with other business. They facilitate communication and integration of software between a company and its business partners.


    Q(39). Because of enormous growth in web traffic, a company has planned to purchase additional servers to help handle the web traffic. What service or technology would support this requirement?

    (a)    virtualization

    (b)    data center

    (c)     cloud services

    (d)   dedicated servers

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(40). ABCTech is investigating the use of automation for some of its products. In order to control and test these products, the programmers require Windows, Linux, and MAC OS on their computers. What service or technology would support this requirement?

    (a)    dedicated servers

    (b)    software defined networking

    (c)    virtualization

    (d)    Cisco ACI

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(41). What are three components used in the query portion of a typical RESTful API request? (Choose three.)

    (a)    API server

    (b)   format

    (c)    parameters

    (d)   key

    (e)    protocol

    (f)      resources

     

    Correct Answer: (b), (c) & (d)

    Explanation:

    No answer description available for this question


    Q(42). A company has recently become multinational. Employees are working remotely, in different time zones, and they need access to company services from any place at any time. What service or technology would support this requirement?

    (a)    dedicated servers

    (b)   cloud services

    (c)     Cisco ACI

    (d)    Virtualization

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(43). Following a multicontinent advertising campaign for a new product, a company finds its client database and volume of orders are overloading its on-site computer systems but the company does not have any room to expand. What service or technology would support this requirement?

    (a)    cloud services

    (b)    dedicated servers

    (c)     data center

    (d)    virtualization

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(44). A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?

    (a)    virtualization

    (b)    software defined networking

    (c)    data center

    (d)    dedicated servers

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


  • CCNA 3 v7 Modules 9 – 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers

    How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer.

    CCNA 3 v7 Modules 9 – 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers

     

    Q(1). What is the term used to indicate a variation of delay?

    (a)    latency

    (b)    serialization delay

    (c)     speed mismatch

    (d)   jitter

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(2). A network engineer performs a ping test and receives a value that shows the time it takes for a packet to travel from a source to a destination device and return. Which term describes the value?

    (a)    jitter

    (b)   latency

    (c)     priority

    (d)    bandwidth

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(3). What role do network devices play in the IntServ QoS model?

    (a)    Network devices ensure that resources are available before traffic is allowed to be sent by a host through the network.

    (b)    Network devices provide a best-effort approach to forwarding traffic.

    (c)     Network devices are configured to service multiple classes of traffic and handle traffic as it may arrive.

    (d)    Network devices use QoS on a hop-by-hop basis to provide excellent scalability.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(4). Which device would be classified as a trusted endpoint?

    (a)    switch

    (b)    router

    (c)     firewall

    (d)   IP phone

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(5). What is the benefit of deploying Layer 3 QoS marking across an enterprise network?

    (a)    Layer 3 marking can carry the QoS information end-to-end.

    (b)    Layer 3 marking can carry QoS information on switches that are not IP aware.

    (c)     Layer 3 marking can be carried in the 802.1Q fields.

    (d)    Layer 3 marking can be used to carry non-IP traffic.

     

    Correct Answer: (a)

    Explanation:

    Marking traffic at Layer 2 or Layer 3 is very important and will affect how traffic is treated in a network using QoS.

    ·         Layer 2 marking of frames can be performed for non-IP traffic.

    ·         Layer 2 marking of frames is the only QoS option available for switches that are not “IP aware.”

    ·         Layer 3 marking will carry the QoS information end-to-end.


    Q(6). What is the function of a QoS trust boundary?

    (a)    A trust boundary identifies the location where traffic cannot be remarked.

    (b)    A trust boundary only allows traffic to enter if it has previously been marked.

    (c)    A trust boundary identifies which devices trust the marking on packets that enter a network.

    (d)    A trust boundary only allows traffic from trusted endpoints to enter the network.

     

    Correct Answer: (c)

    Explanation:

    Network traffic is classified and marked as close to the source device as possible. The trust boundary is the location where the QoS markings on a packet are trusted as they enter an enterprise network.


    Q(7). What are two approaches to prevent packet loss due to congestion on an interface? (Choose two.)

    (a)    Decrease buffer space.

    (b)    Disable queuing mechanisms.

    (c)    Drop lower-priority packets.

    (d)    Prevent bursts of traffic.

    (e)    Increase link capacity.

     

    Correct Answer: (c) & (e)

    Explanation:

    There are three approaches to prevent sensitive traffic from being dropped:

    ·         Increase link capacity to ease or prevent congestion.

    ·         Guarantee enough bandwidth and increase buffer space to accommodate bursts of traffic from fragile flows.

    ·         Prevent congestion by dropping lower-priority packets before congestion occurs.


    Q(8). What configuration scenario would offer the most protection to SNMP get and set messages?

    (a)    SNMPv2 for in-band management with read-write community strings

    (b)    SNMPv1 with out-of-band management in a private subnet

    (c)    SNMPv3 configured with the auth security level

    (d)    SNMP community strings

     

    Correct Answer: (c)

    Explanation:

    SNMPv3 supports authentication and encryption with the auth and priv security levels. SNMPv1 and SNMPv2 do not support authentication or encryption. Using a default community string is not secure because the default string of “public” is well known and would allow anyone with SNMP systems to read device MIBs.


    Q(9). Refer to the exhibit. The network administrator enters these commands into the R1 router:

    R1# copy running-config tftp
    Address or name of remote host [ ]?

    When the router prompts for an address or remote host name, what IP address should the administrator enter at the prompt?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 1

    (a)    192.168.9.254

    (b)    192.168.10.2

    (c)    192.168.11.252

    (d)    192.168.11.254

    (e)    192.168.10.1

     

    Correct Answer: (c)

    Explanation:

    The requested address is the address of the TFTP server. A TFTP server is an application that can run on a multitude of network devices including a router, server, or even a networked PC.


    Q(10). The command ntp server 10.1.1.1 is issued on a router. What impact does this command have?

    (a)    determines which server to send system log files to

    (b)   synchronizes the system clock with the time source with IP address 10.1.1.1

    (c)     identifies the server on which to store backup configurations

    (d)    ensures that all logging will have a time stamp associated with it

     

    Correct Answer: (b)

    Explanation:

    The ntp server ip-address global configuration command configures the NTP server for IOS devices.


    Q(11). As the network administrator you have been asked to implement EtherChannel on the corporate network. What does this configuration consist of?

    (a)    providing redundant links that dynamically block or forward traffic

    (b)    grouping two devices to share a virtual IP address

    (c)    grouping multiple physical ports to increase bandwidth between two switches

    (d)    providing redundant devices to allow traffic to flow in the event of device failure

     

    Correct Answer: (c)

    Explanation:

    EtherChannel is utilized on a network to increase speed capabilities by grouping multiple physical ports into one or more logical EtherChannel links between two switches. STP is used to provide redundant links that dynamically block or forward traffic between switches. FHRPs are used to group physical devices to provide traffic flow in the event of failure.


    Q(12). What is a definition of a two-tier LAN network design?

    (a)    access and core layers collapsed into one tier, and the distribution layer on a separate tier

    (b)   distribution and core layers collapsed into one tier, and the access layer on a separate tier

    (c)     access, distribution, and core layers collapsed into one tier, with a separate backbone layer

    (d)    access and distribution layers collapsed into one tier, and the core layer on a separate tier

     

    Correct Answer: (b)

    Explanation:

    Maintaining three separate network tiers is not always required or cost-efficient. All network designs require an access layer, but a two-tier design can collapse the distribution and core layers into one layer to serve the needs of a small location with few users.


    Q(13). What are two reasons to create a network baseline? (Choose two.)

    (a)    to select a routing protocol

    (b)    to determine what kind of equipment to implement

    (c)     to design a network according to a proper model

    (d)   to identify future abnormal network behavior

    (e)    to evaluate security vulnerabilities in the network

    (f)     to determine if the network can deliver the required policies

     

    Correct Answer: (d) & (f)

    Explanation:

    A network baseline is created to provide a comparison point, at the time that the network is performing optimally, to whatever changes are implemented in the infrastructure. A baseline helps to keep track of the performance, to track the traffic patterns, and to monitor network behavior.


    Q(14). A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?

    (a)    The computer has an incorrect subnet mask.

    (b)   The computer has an invalid default gateway address.

    (c)     The cable is not connected properly to the NIC.

    (d)    The computer has an invalid IP address.

     

    Correct Answer: (b)

    Explanation:

    The default gateway is the address of the device a host uses to access the Internet or another network. If the default gateway is missing or incorrect, that host will not be able to communicate outside the local network. Because the host can access other hosts on the local network, the network cable and the other parts of the IP configuration are working.


    Q(15). In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?

    (a)    Gather information.

    (b)   Narrow the scope.

    (c)     Document the symptoms.

    (d)    Determine ownership.

    (e)    Determine the symptoms.

     

    Correct Answer: (b)

    Explanation:

    In the “narrow the scope” step of gathering symptoms, a network engineer will determine if the network problem is at the core, distribution, or access layer of the network. Once this step is complete and the layer is identified, the network engineer can determine which pieces of equipment are the most likely cause.


    Q(16). A network administrator is deploying QoS with the ability to provide a special queue for voice traffic so that voice traffic is forwarded before network traffic in other queues. Which queuing method would be the best choice?

    (a)    LLQ

    (b)    CBWFQ

    (c)     WFQ

    (d)    FIFO

     

    Correct Answer: (a)

    Explanation:

    Low latency queuing (LLQ) allows delay-sensitive data, such as voice traffic, to be defined in a strict priority queue (PQ) and to always be sent first before any packets in any other queue are forwarded.


    Q(17). What are two characteristics of voice traffic? (Choose two.)

    (a)    Voice traffic latency should not exceed 150 ms.

    (b)    Voice traffic is unpredictable and inconsistent.

    (c)     Voice traffic requires at least 384 kbs of bandwidth.

    (d)    Voice traffic consumes lots of network resources.

    (e)    Dropped voice packets are not retransmitted.

     

    Correct Answer: (a) & (e)

    Explanation:

    Voice traffic does not consume a lot of network resources, such as bandwidth. However, it is very sensitive to delay and dropped packets cannot be retransmitted. For good voice quality, the amount of latency should always be less than 150 milliseconds.


    Q(18). Which type of network traffic cannot be managed using congestion avoidance tools?

    (a)    TCP

    (b)    ICMP

    (c)     IP

    (d)   UDP

     

    Correct Answer: (d)

    Explanation:

    Queuing and compression techniques can help to reduce and prevent UDP packet loss, but there is no congestion avoidance for User Datagram Protocol (UDP) based traffic.


    Q(19). When QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)

    (a)    delay

    (b)    packet addressing

    (c)    jitter

    (d)    packet routing

    (e)    link speed

     

    Correct Answer: (a) & (c)

    Explanation:

    Delay is the latency between a sending and receiving device. Jitter is the variation in the delay of the received packets. Both delay and jitter need to be controlled in order to support real-time voice and video traffic.


    Q(20). An administrator wants to replace the configuration file on a Cisco router by loading a new configuration file from a TFTP server. What two things does the administrator need to know before performing this task? (Choose two.)

    (a)    name of the configuration file that is currently stored on the router

    (b)    configuration register value

    (c)    name of the configuration file that is stored on the TFTP server

    (d)    router IP address

    (e)    TFTP server IP address

     

    Correct Answer: (c) & (e)

    Explanation:

    In order to identify the exact location of the desired configuration file, the IP address of the TFTP server and the name of the configuration file are essential information. Because the file is a new configuration, the name of the current configuration file is not necessary.


    Q(21). Refer to the exhibit. Which of the three Cisco IOS images shown will load into RAM?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 2

    (a)    The router selects an image depending on the boot system command in the configuration.

    (b)    The router selects an image depending on the value of the configuration register.

    (c)     The router selects the third Cisco IOS image because it is the most recent IOS image.

    (d)    The router selects the third Cisco IOS image because it contains the advipservicesk9 image.

    (e)    The router selects the second Cisco IOS image because it is the smallest IOS image.

     

    Correct Answer: (a)

    Explanation:

    When performing an upgrade or testing different IOS versions, the boot system command is used to select which image is used to boot the Cisco device.


    Q(22). Refer to the exhibit. What two types of devices are connected to R1? (Choose two.)

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 3

    (a)    switch

    (b)    hub

    (c)    router

    (d)    repeater

    (e)    Source Route Bridge

     

    Correct Answer: (a) & (c)

    Explanation:

    The capabilities of the devices displayed by the output show them to be a Cisco 2811 series router, Cisco 1941 series router, and a Cisco 2960 switch.


    Q(23). What are three functions provided by the syslog service? (Choose three.)

    (a)    to select the type of logging information that is captured

    (b)    to periodically poll agents for data

    (c)     to provide statistics on packets that are flowing through a Cisco device

    (d)    to provide traffic analysis

    (e)    to gather logging information for monitoring and troubleshooting

    (f)     to specify the destinations of captured messages

     

    Correct Answer: (a), (e) & (f)

    Explanation:

    There are three primary functions provided by the syslog service:

    1.       gathering logging information

    2.       selection of the type of information to be logged

    3.       selection of the destination of the logged information


    Q(24). What is the function of the MIB element as part of a network management system?

    (a)    to collect data from SNMP agents

    (b)    to send and retrieve network management information

    (c)     to change configurations on SNMP agents

    (d)   to store data about a device

     

    Correct Answer: (d)

    Explanation:

    The Management Information Base (MIB) resides on a networking device and stores operational data about the device. The SNMP manager can collect information from SNMP agents. The SNMP agent provides access to the information.


    Q(25). What network design would contain the scope of disruptions on a network should a failure occur?

    (a)    the reduction in the number of redundant devices and connections in the network core

    (b)    the installation of only enterprise class equipment throughout the network

    (c)    the deployment of distribution layer switches in pairs and the division of access layer switch connections between them

    (d)    the configuration of all access layer devices to share a single gateway

     

    Correct Answer: (c)

    Explanation:

    One way to contain the impact of a failure on the network is to implement redundancy. One way this is accomplished is by deploying redundant distribution layer switches and dividing the access layer switch connections between the redundant distribution layer switches. This creates what is called a switch block. Failures in a switch block are contained to that block and do not bring down the whole network.


    Q(26). Which action should be taken when planning for redundancy on a hierarchical network design?

    (a)    add alternate physical paths for data to traverse the network

    (b)    continually purchase backup equipment for the network

    (c)     implement STP portfast between the switches on the network

    (d)    immediately replace a non-functioning module, service or device on a network

     

    Correct Answer: (a)

    Explanation:

    One method of implementing redundancy is path redundancy, installing alternate physical paths for data to traverse the network. Redundant links in a switched network supports high availability and can be used for load balancing, reducing congestion on the network.


    Q(27). What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)

    (a)    increased flexibility

    (b)    increased network management options

    (c)     decreased number of critical points of failure

    (d)   reduced costs

    (e)    increased bandwidth availability

     

    Correct Answer: (a) & (d)

    Explanation:

    Wireless connectivity at the access layer provides increased flexibility, reduced costs, and the ability to grow and adapt to changing business requirements. Utilizing wireless routers and access points can provide an increase in the number of central points of failure. Wireless routers and access points will not provide an increase in bandwidth availability.


    Q(28). What is a basic function of the Cisco Borderless Architecture access layer?

    (a)    aggregates Layer 2 broadcast domains

    (b)   provides access to the user

    (c)     aggregates Layer 3 routing boundaries

    (d)    provides fault isolation

     

    Correct Answer: (b)

    Explanation:

    A function of the Cisco Borderless Architecture access layer is providing network access to the users. Layer 2 broadcast domain aggregation, Layer 3 routing boundaries aggregation, and high availability are distribution layer functions. The core layer provides fault isolation and high-speed backbone connectivity.


    Q(29). Which characteristic would most influence a network design engineer to select a multilayer switch over a Layer 2 switch?

    (a)    ability to have multiple forwarding paths through the switched network based on VLAN number(s)

    (b)   ability to build a routing table

    (c)     ability to provide power to directly-attached devices and the switch itself

    (d)    ability to aggregate multiple ports for maximum data throughput

     

    Correct Answer: (b)

    Explanation:

    Multilayer switches, also known as Layer 3 switches, can route and build a routing table. This capability is required in a multi-VLAN network and would influence the network designer to select a multilayer switch. The other options are features also available on Layer 2 switches, so they would not influence the decision to select a multilayer switch.


    Q(30). Refer to the exhibit. Why are routers R1 and R2 not able to establish an OSPF adjacency?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 4

    (a)    The serial interfaces are not in the same area.

    (b)    The process numbers are not the same in both routers.

    (c)     A backbone router cannot establish an adjacency with an ABR router.

    (d)    The router ID values are not the same in both routers.

     

    Correct Answer: (a)

    Explanation:

    On router R1, the network 192.168.10.0/30 is defined in the wrong area (area 1). It has to be defined in area 0 in order to establish adjacency with router R2, which has the network 192.168.10.0/30 defined in area 0.


    Q(31). When is the most appropriate time to measure network operations to establish a network performance baseline?

    (a)    whenever high network use is detected, so that how the network performs under stress can be monitored

    (b)    during quiet vacation periods, so that the level of non-data traffic can be determined

    (c)    at the same time each day across a set period of average working days, so that typical traffic patterns can be established

    (d)    at random times during a 10 week period, so that abnormal traffic levels can be detected

     

    Correct Answer: (c)

    Explanation:

    The purpose of establishing a network performance baseline is to provide a reference of normal or average network use to enable data traffic anomalies to be detected and then investigated. Network operations that are not average, or are not normal, cannot be used to establish a network performance baseline.


    Q(32). Refer to the exhibit. A user has configured a NIC on the PC as shown but finds that the PC is unable to access the Internet. What is the problem?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 5

    (a)    The preferred DNS address is incorrect.

    (b)   The default gateway address is incorrect.

    (c)     The settings were not validated upon exit.

    (d)    There should not be an alternate DNS server.

     

    Correct Answer: (b)

    Explanation:

    In order for a computer to communicate outside its network, it must have a valid default gateway configured.This address cannot be the same as the IP address of the computer.


    Q(33). Refer to the exhibit. A network engineer configured an ACL preventing Telnet and HTTP access to the HQ web server from guest users in the Branch LAN. The address of the web server is 192.168.1.10 and all guest users are assigned addresses in the 192.168.10.0/24 network. After implementing the ACL, no one can access any of the HQ servers. What is the problem?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 6

    (a)    Inbound ACLs must be routed before they are processed.

    (b)   The ACL is implicitly denying access to all the servers.

    (c)     Named ACLs require the use of port numbers.

    (d)    The ACL is applied to the interface using the wrong direction.

     

    Correct Answer: (b)

    Explanation:

    Both named and numbered ACLs have an implicit deny ACE at the end of the list. This implicit deny blocks all traffic.


    Q(34). Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers as shown. PC1 is unable to connect to PC2. What should the administrator do first when troubleshooting the OSPFv2 implementation?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 7

    (a)    Disconnect the serial link between router R1 and R2.

    (b)    Turn off OSPFv2.

    (c)     Implement the network 192.168.255.0 0.0.0.3 area 0 command on router R1.

    (d)   Test Layer 3 connectivity between the directly connected routers.

     

    Correct Answer: (d)

    Explanation:

    A prerequisite for OSPFv2 neighbor relationships to form between two routers is Layer 3 connectivity. A successful ping confirms that a router interface is active and may be able to form an OSPF neighbor adjacency.


    Q(35). What type of traffic is described as requiring latency to be no more than 150 milliseconds (ms)?

    (a)    voice

    (b)    video

    (c)     data

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(36). A network manager wants to add a time to log messages so that there is record of when the message was generated. What command should the administrator use on a Cisco router?

    (a)    show cdp interface

    (b)    ntp server 10.10.14.9

    (c)    service timestamps log datetime

    (d)    clock timezone PST -7

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(37). Match the functions to the corresponding layers. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 8

    Explanation:

    No answer description available for this question


    Q(38). Match the borderless switched network guideline description to the principle. (Not all options are used.)

    Correct Answer

     

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 9

    Explanation:

    No answer description available for this question


    Q(39). What are two characteristics of the best-effort QoS model? (Choose two.)

    (a)    It allows end hosts to signal their QoS needs to the network.

    (b)    It uses a connection-oriented approach with QoS.

    (c)     It provides preferential treatment for voice packets.

    (d)   It does not provide a delivery guarantee for packets.

    (e)    It treats all network packets in the same way.

     

    Correct Answer: (d) & (e)

    Explanation:

    The best-effort QoS model provides no guarantees and it is commonly used on the Internet. The best-effort QoS model treats all network packets in the same way.


    Q(40). Why is QoS an important issue in a converged network that combines voice, video, and data communications?

    (a)    Data communications are sensitive to jitter.

    (b)    Legacy equipment is unable to transmit voice and video without QoS.
    Correct Response

    (c)    Voice and video communications are more sensitive to latency.

    (d)    Data communications must be given the first priority.

     

    Correct Answer: (c)

    Explanation:

    Without any QoS mechanisms in place, time-sensitive packets, such as voice and video, will be dropped with the same frequency as email and web browsing traffic.


    Q(41). A network administrator configures a router with the command sequence:

    R1(config)# boot system tftp://c1900-universalk9-mz.SPA.152-4.M3.bin

    R1(config)# boot system rom

    What is the effect of the command sequence?

    (a)    On next reboot, the router will load the IOS image from ROM.

    (b)    The router will search and load a valid IOS image in the sequence of flash, TFTP, and ROM.

    (c)     The router will copy the IOS image from the TFTP server and then reboot the system.

    (d)   The router will load IOS from the TFTP server. If the image fails to load, it will load the IOS image from ROM.

     

    Correct Answer: (d)

    Explanation:

    The boot system command is a global configuration command that allows the user to specify the source for the Cisco IOS Software image to load. In this case, the router is configured to boot from the IOS image that is stored on the TFTP server and will use the ROMmon imagethat is located in the ROM if it fails to locate the TFTP server or fails to load a valid image from the TFTP server.


    Q(42). Which statement describes SNMP operation?

    (a)    An SNMP agent that resides on a managed device collects information about the device and stores that information remotely in the MIB that is located on the NMS.

    (b)   A set request is used by the NMS to change configuration variables in the agent device.

    (c)     An NMS periodically polls the SNMP agents that are residing on managed devices by using traps to query the devices for data.

    (d)    A get request is used by the SNMP agent to query the device for data.

     

    Correct Answer: (b)

    Explanation:

    An SNMP agent that resides on a managed device collects and stores information about the device and its operation. This information is stored by the agent locally in the MIB. An NMS periodically polls the SNMP agents that are residing on managed devices by using the get request to query the devices for data.


    Q(43). Refer to the exhibit. A network administrator issues the show lldp neighbors command on a switch. What are two conclusions that can be drawn? (Choose two.)

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 10

    (a)    Dev1 is connected to interface Fa0/5 of S1.

    (b)    Dev1 is a switch with mixed types of interfaces.

    (c)    Dev2 is a switch.

    (d)    Dev1 is connected to interface Fa0/4 of Dev2.

    (e)    S1 has only two interfaces.

     

    Correct Answer: (a) & (c)

    Explanation:

    In the output from the show lldp command, under Capability, R indicates a router and B indicates a bridge (switch). Nothing indicates that Dev1 and Dev2 are connected to one another.


    Q(44). What are the three layers of the switch hierarchical design model? (Choose three.)

    (a)    distribution

    (b)    network access

    (c)     data link

    (d)    enterprise

    (e)    access

    (f)     core

     

    Correct Answer: (a), (e) & (f)

    Explanation:

    The access layer is the lowest layer and it provides network access to users. The distribution layer has many functions, but it aggregates data from the access layer, provides filtering, policy control, and sets Layer 3 routing boundaries. The core layer provides high speed connectivity.


    Q(45). Refer to the exhibit. Which devices exist in the failure domain when switch S3 loses power?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 11

    (a)    S4 and PC_2

    (b)    PC_3 and PC_2

    (c)    PC_3 and AP_2

    (d)    S1 and S4

    (e)    AP_2 and AP_1

     

    Correct Answer: (c)

    Explanation:

    A failure domain is the area of a network that is impacted when a critical device such as switch S3 has a failure or experiences problems.


    Q(46). A network designer is considering whether to implement a switch block on the company network. What is the primary advantage of deploying a switch block?

    (a)    This is network application software that prevents the failure of a single network device.

    (b)   The failure of a switch block will not impact all end users.

    (c)     This is a security feature that is available on all new Catalyst switches.

    (d)    A single core router provides all the routing between VLANs.

     

    Correct Answer: (b)

    Explanation:

    The configuration of a switch block provides redundancy so that the failure of a single network device generally has little or no effect on end users.


    Q(47). Which troubleshooting tool would a network administrator use to check the Layer 2 header of frames that are leaving a particular host?

    (a)    knowledge base

    (b)   protocol analyzer

    (c)     CiscoView

    (d)    baselining tool

     

    Correct Answer: (b)

    Explanation:

    A protocol analyzer such as Wireshark is capable of displaying the headers of data at any OSI Layer.


    Q(48). Refer to the exhibit. R1 and R3 are connected to each other via the local serial 0/0/0 interface. Why are they not forming an adjacency?

    CCNA 3 v7 Modules 9 - 12: Optimize, Monitor, and Troubleshoot Networks Exam Answers 12

    (a)    They have different routing processes.

    (b)    They have different router IDs.

    (c)    They are in different subnets.

    (d)    The connecting interfaces are configured as passive.

     

    Correct Answer: (c)

    Explanation:

    The routers need to be in the same subnet in order to form an adjacency. The routing processes can be different on each router. The router IDs must be different for routers that participate in the same routing domain. The interfaces are not passive.


    Q(49). What type of traffic is described as not resilient to loss?

    (a)    data

    (b)    video

    (c)     voice

     

    Correct Answer: (a)

    Explanation:

    Most applications use either TCP or UDP. Unlike UDP, TCP performs error recovery. Data applications that have no tolerance for data loss, such as email and web pages, use TCP to ensure that, if packets are lost in transit, they will be resent.


    Q(50). A network manager wants lists the contents of flash. What command should the administrator use on a Cisco router?

    (a)    show file systems

    (b)   dir

    (c)     lldp enable

    (d)    service timestamps log datetime

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(51). Voice packets are being received in a continuous stream by an IP phone, but because of network congestion the delay between each packet varies and is causing broken conversations. What term describes the cause of this condition?

    (a)    buffering

    (b)    latency

    (c)     queuing

    (d)   jitter

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(52). A user is unable to reach the website when typing http://www.cisco.com in a web browser, but can reach the same site by typing http://72.163.4.161 . What is the issue?

    (a)    DHCP

    (b)   DNS

    (c)     Default Gateway

    (d)    TCP/IP Protocol stack

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(53). What type of traffic is described as tending to be unpredictable, inconsistent, and bursty?

    (a)    Audio

    (b)   Video

    (c)     Data

    (d)    Voice

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(54). A network manager wants to determine the size of the Cisco IOS image file on the networking device. What command should the administrator use on a Cisco router?

    (a)    show flash:0

    (b)    copy flash: tftp:

    (c)     config-register 0x2102

    (d)    confreg 0x2142

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(55). What is the principle that is applied when a network technician is troubleshooting a network fault by using the divide-and-conquer method?

    (a)    Testing is performed at Layer 7 and at Layer 1, then at Layers 6 and 2, and so on, working towards the middle of the stack until all layers are verified as operational.

    (b)   Once it is verified that components in a particular layer are functioning properly, it can then be assumed that components in the layers below it are also functional.

    (c)     Testing is performed at all layers of the OSI model until a non-functioning component is found.

    (d)    Once it is verified that a component in a particular layer is functioning properly, testing can then be performed on any other layer.

     

    Correct Answer: (b)

    Explanation:

    The nature of the OSI and TCP/IP layered models is that upper layers are dependent on lower layers. So when troubleshooting, if a particular layer is found to be working correctly then it can be assumed that all layers below it are also functioning correctly.


    Q(56). Which queuing algorithm has only a single queue and treats all packets equally?

    (a)    CBWFQ

    (b)   FIFO

    (c)     LLQ

    (d)    WFQ

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(57). What type of traffic is described as traffic that requires at least 30 Kbps of bandwidth?

    (a)    voice

    (b)    data

    (c)     video

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(58). What type of traffic is described as being able to tolerate a certain amount of latency, jitter, and loss without any noticeable effects?

    (a)    voice

    (b)    video

    (c)     data

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(59). A network manager wants to view the amount of available and free memory, the type of file system, and its permissions. What command should the administrator use on a Cisco router?

    (a)    ntp server 10.10.14.9

    (b)    lldp enable

    (c)     clock timezone PST -7

    (d)   show file systems

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(60). What type of traffic is described as requiring latency to be no more than 400 milliseconds (ms)?

    (a)    voice

    (b)    data

    (c)    video

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(61). What type of traffic is described as consisting of traffic that requires a higher priority if interactive?

    (a)    data

    (b)    voice

    (c)     video

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(62). A network manager wants to configure the router to load a new image from flash during bootup. What command should the administrator use on a Cisco router?

    (a)    copy flash: tftp:

    (b)   boot system

    (c)     clock set 14:25:00 nov 13 2018

    (d)    copy tftp startup-config

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(63). What type of traffic is described as predictable and smooth?

    (a)    data

    (b)    video

    (c)    voice

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(64). A network manager wants to ensure that the device will ignore the startup config file during startup and bypass the required passwords. What command should the administrator use on a Cisco router?

    (a)    copy usbflash0:/R1-Config

    (b)    copy running-config tftp

    (c)    confreg 0x2142

    (d)    config-register 0x2102

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(65). What type of traffic is described as having a high volume of data per packet?

    (a)    video

    (b)    voice

    (c)     data

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(66). A network manager wants to backup the running configuration to a file server. What command should the administrator use on a Cisco router?

    (a)    cd usbflash0:

    (b)    show file systems

    (c)    copy running-config tftp

    (d)    dir

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(67). What type of traffic is described as consisting of traffic that gets a lower priority if it is not mission-critical?

    (a)    voice

    (b)   data

    (c)     video

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


  • CCNA 3 v7 Modules 6 – 8: WAN Concepts Exam Answers

    How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer.

    CCNA 3 v7 Modules 6 – 8: WAN Concepts Exam Answers

     

    Q(1). Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.)

    (a)    NAT improves packet handling.

    (b)    NAT adds authentication capability to IPv4.

    (c)     NAT will impact negatively on switch performance.

    (d)    NAT causes routing tables to include more information.

    (e)    NAT provides a solution to slow down the IPv4 address depletion.

    (f)     NAT introduces problems for some applications that require end-to-end connectivity.

     

    Correct Answer: (e) & (f)

    Explanation:

    No answer description available for this question


    Q(2). A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task?

    (a)    Router# show ip nat translations

    (b)    Router# show ip nat statistics

    (c)     Router# clear ip nat translations

    (d)    Router# debug ip nat translations

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(3). What are two tasks to perform when configuring static NAT? (Choose two.)

    (a)    Configure a NAT pool.

    (b)   Create a mapping between the inside local and outside local addresses.

    (c)    Identify the participating interfaces as inside or outside interfaces.

    (d)    Define the inside global address on the server

    (e)    Define the outside global address.

     

    Correct Answer: (b) & (c)

    Explanation:

    No answer description available for this question


    Q(4). What is a disadvantage of NAT?

    (a)    There is no end-to-end addressing.

    (b)    The router does not need to alter the checksum of the IPv4 packets.

    (c)     The internal hosts have to use a single public IPv4 address for external communication.

    (d)    The costs of readdressing hosts can be significant for a publicly addressed network.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(5). Refer to the exhibit. From the perspective of R1, the NAT router, which address is the inside global address?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 1

    (a)    192.168.0.10

    (b)    192.168.0.1

    (c)    209.165.200.225

    (d)    209.165.200.254

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    There are four types of addresses in NAT terminology.
    Inside local address
    inside global address
    outside local address
    outside global address
    the inside global address of PC1 is the address that the ISP sees as the source address of packets, which in this example is the IP address on the serial interface of R1, 209.165.200.224.


    Q(6). Refer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 2

    (a)    244

    (b)    10

    (c)    1

    (d)    255

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    The NAT configuration on R1 is static NAT which translates a single inside IP address, 192.168.0.10 into a single public IP address, 209.165.200.255. If more hosts need translation, then a NAT pool of inside global address or overloading should be configured.


    Q(7). Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 3

    (a)    A standard access list numbered 1 was used as part of the configuration process.

    (b)    Three addresses from the NAT pool are being used by hosts.

    (c)    Address translation is working.

    (d)    One port on the router is not participating in the address translation.

    (e)    The name of the NAT pool is refCount.

    (f)     Two types of NAT are enabled.

     

    Correct Answer: (a), (c) & (f)

    Explanation:

    No answer description available for this question

    Explanation:

    The show ip nat statistics, show ip nat translations, and debug ip nat commands are useful in determining if NAT is working and and also useful in troubleshooting problems that are associated with NAT. NAT is working, as shown by the hits and misses count. Because there are four misses, a problem might be evident. The standard access list numbered 1 is being used and the translation pool is named NAT as evidenced by the last line of the output. Both static NAT and NAT overload are used as seen in the Total translations line.


    Q(8). Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 4

    (a)    192.168.1.5

    (b)    203.0.113.10

    (c)     172.16.1.254

    (d)    172.16.1.10

    (e)    209.165.200.245

    (f)      192.0.2.2

     

    Correct Answer: (e)

    Explanation:

    No answer description available for this question

    Explanation:

    Because the packet is between RT2 and the web server, the source IP address is the inside global address of PC, 209.165.200.245.


    Q(9). 9. Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 5

    (a)    dynamic NAT with a pool of two public IP addresses

    (b)   PAT using an external interface

    (c)     static NAT with a NAT pool

    (d)    static NAT with one entry

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    The output shows that there are two inside global addresses that are the same but that have different port numbers. The only time port numbers are displayed is when PAT is being used. The same output would be indicative of PAT that uses an address pool. PAT with an address pool is appropriate when more than 4,000 simultaneous translations are needed by the company.


    Q(10). Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 6

    (a)    inside global

    (b)    outside global

    (c)     outside local

    (d)    inside local

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    From the perspective of users behind NAT, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.


    Q(11). Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the web server on the internal network. What two addresses are needed in place of A and B to complete the static NAT configuration? (Choose two.)

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 7

    (a)    A = 209.165.201.2

    (b)   A = 10.1.0.13

    (c)     B = 209.165.201.7

    (d)    B = 10.0.254.5

    (e)    B = 209.165.201.1

     

    Correct Answer: (b) & (e)

    Explanation:

    No answer description available for this question

    Explanation:

    Static NAT is a one-to-one mapping between an inside local address and an inside global address. By using static NAT, external devices can initiate connections to internal devices by using the inside global addresses. The NAT devices will translate the inside global address to the inside local address of the target host.


    Q(12). What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command?

    (a)    It allows many inside hosts to share one or a few inside global addresses.

    (b)    It allows a list of internal hosts to communicate with a specific group of external hosts.

    (c)     It allows external hosts to initiate sessions with internal hosts.

    (d)    It allows a pool of inside global addresses to be used by internal hosts.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    Dynamic NAT uses a pool of inside global addresses that are assigned to outgoing sessions. If there are more internal hosts than public addresses in the pool, then an administrator can enable port address translation with the addition of the overload keyword. With port address translation, many internal hosts can share a single inside global address because the NAT device will track the individual sessions by Layer 4 port number.


    Q(13). Refer to the exhibit. Which source address is being used by router R1 for packets being forwarded to the Internet?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 8

    (a)    10.6.15.2

    (b)    209.165.202.141

    (c)     198.51.100.3

    (d)   209.165.200.225

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question

    Explanation:

    The source address for packets forwarded by the router to the Internet will be the inside global address of 209.165.200.225. This is the address that the internal addresses from the 10.6.15.0 network will be translated to by NAT.


    Q(14). Refer to the exhibit. The NAT configuration applied to the router is as follows:

    ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255

    ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224

    ERtr(config)# ip nat inside source list 1 pool corp overload

    ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4

    ERtr(config)# interface gigabitethernet 0/0

    ERtr(config-if)# ip nat inside

    ERtr(config-if)# interface serial 0/0/0

    ERtr(config-if)# ip nat outside

    Based on the configuration and the output shown, what can be determined about the NAT status within the organization?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 9

    (a)    Static NAT is working, but dynamic NAT is not.

    (b)    Dynamic NAT is working, but static NAT is not.

    (c)    Not enough information is given to determine if both static and dynamic NAT are working.

    (d)    NAT is working.

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    There is not enough information given because the router might not be attached to the network yet, the interfaces might not have IP addresses assigned yet, or the command could have been issued in the middle of the night. The output does match the given configuration, so no typographical errors were made when the NAT commands were entered.


    Q(15). Which situation describes data transmissions over a WAN connection?

    (a)    A network administrator in the office remotely accesses a web server that is located in the data center at the edge of the campus.

    (b)    A manager sends an email to all employees in the department with offices that are located in several buildings.

    (c)     An employee prints a file through a networked printer that is located in another building.

    (d)   An employee shares a database file with a co-worker who is located in a branch office on the other side of the city.

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question

    Explanation:

    When two offices across a city are communicating, it is most likely that the data transmissions are over some type of WAN connection. Data communications within a campus are typically over LAN connections.


    Q(16). Which two technologies are categorized as private WAN infrastructures? (Choose two.)

    (a)    Frame Relay

    (b)    VPN

    (c)    MetroE

    (d)    DSL

    (e)    Cable

     

    Correct Answer: (a) & (c)

    Explanation:

    No answer description available for this question

    Explanation:

    Private WAN technologies include leased lines, dialup, ISDN, Frame Relay, ATM, Ethernet WAN (an example is MetroE), MPLS, and VSAT.


    Q(17). Which network scenario will require the use of a WAN?

    (a)    Employees need to connect to the corporate email server through a VPN while traveling.

    (b)    Employees need to access web pages that are hosted on the corporate web servers in the DMZ within their building.

    (c)     Employee workstations need to obtain dynamically assigned IP addresses.

    (d)    Employees in the branch office need to share files with the headquarters office that is located in a separate building on the same campus network.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    When traveling employees need to connect to a corporate email server through a WAN connection, the VPN will create a secure tunnel between an employee laptop and the corporate network over the WAN connection. Obtaining dynamic IP addresses through DHCP is a function of LAN communication. Sharing files among separate buildings on a corporate campus is accomplished through the LAN infrastructure. A DMZ is a protected network inside the corporate LAN infrastructure.


    Q(18). What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

    (a)    SHA

    (b)    RSA

    (c)     DH

    (d)   MD5

    (e)    AES

     

    Correct Answer: (a) & (d)

    Explanation:

    No answer description available for this question

    Explanation:

    The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authenticity) are MD5 and SHA.


    Q(19). What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)

    (a)    SHA

    (b)    RSA

    (c)    AES

    (d)    DH

    (e)    PSK

     

    Correct Answer: (a) & (c)

    Explanation:

    No answer description available for this question

    Explanation:

    The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two algorithms that can be used within an IPsec policy to protect interesting traffic are AES, which is an encryption protocol, and SHA, which is a hashing algorithm.


    Q(20). Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

    (a)    client-based SSL

    (b)    site-to-site using an ACL

    (c)    clientless SSL

    (d)    site-to-site using a preshared key

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.


    Q(21). Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

    (a)    integrity

    (b)    authentication

    (c)     confidentiality

    (d)    secure key exchange

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    Integrity is a function of IPsec and ensures data arrives unchanged at the destination through the use of a hash algorithm. Confidentiality is a function of IPsec and utilizes encryption to protect data transfers with a key. Authentication is a function of IPsec and provides specific access to users and devices with valid authentication factors. Secure key exchange is a function of IPsec and allows two peers to maintain their private key confidentiality while sharing their public key.


    Q(22). Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

    (a)    clientless SSL VPN

    (b)   client-based IPsec VPN

    (c)     IPsec VPN

    (d)    IPsec Virtual Tunnel Interface VPN

    (e)    GRE over IPsec VPN

     

    Correct Answer: (a) & (b)

    Explanation:

    No answer description available for this question

    Explanation:

    Enterprise managed VPNs can be deployed in two configurations:

    ·         Remote Access VPN – This VPN is created dynamically when required to establish a secure connection between a client and a VPN server. Remote access VPNs include client-based IPsec VPNs and clientless SSL VPNs.

    ·         Site-to-site VPN – This VPN is created when interconnecting devices are preconfigured with information to establish a secure tunnel. VPN traffic is encrypted only between the interconnecting devices, and internal hosts have no knowledge that a VPN is used. Site-to-site VPNs include IPsec, GRE over IPsec, Cisco Dynamic Multipoint (DMVPN), and IPsec Virtual Tunnel Interface (VTI) VPNs.


    Q(23). Which is a requirement of a site-to-site VPN?

    (a)    It requires hosts to use VPN client software to encapsulate traffic.

    (b)    It requires the placement of a VPN server at the edge of the company network.

    (c)    It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

    (d)    It requires a client/server architecture.

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    Site-to-site VPNs are static and are used to connect entire networks. Hosts have no knowledge of the VPN and send TCP/IP traffic to VPN gateways. The VPN gateway is responsible for encapsulating the traffic and forwarding it through the VPN tunnel to a peer gateway at the other end which decapsulates the traffic.


    Q(24). What is the function of the Diffie-Hellman algorithm within the IPsec framework?

    (a)    guarantees message integrity

    (b)   allows peers to exchange shared keys

    (c)     provides authentication

    (d)    provides strong data encryption

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel.


    Q(25). What does NAT overloading use to track multiple internal hosts that use one inside global address?

    (a)    port numbers

    (b)    IP addresses

    (c)     autonomous system numbers

    (d)    MAC addresses

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    NAT overloading, also known as Port Address Translation (PAT), uses port numbers to differentiate between multiple internal hosts.


    Q(26). Question as presented:

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 10

    Explanation:

    The inside local address is the private IP address of the source or the PC in this instance. The inside global address is the translated address of the source or the address as seen by the outside device. Since the PC is using the outside address of the R1 router, the inside global address is 192.0.2.1. The outside addressing is simply the address of the server or 203.0.113.5.


    Q(27). Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 11

    (a)    192.168.0.1

    (b)    192.168.0.10

    (c)     209.165.201.1

    (d)   209.165.200.225

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question

    Explanation:

    In static NAT a single inside local address, in this case 192.168.0.10, will be mapped to a single inside global address, in this case 209.165.200.225. Internet hosts will send packets to PC1 and use as a destination address the inside global address 209.165.200.225.


    Q(28). Which type of VPN uses the public key infrastructure and digital certificates?

    (a)    SSL VPN

    (b)    GRE over IPsec

    (c)     IPsec virtual tunnel interface

    (d)    dynamic multipoint VPN

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(29). Which two WAN infrastructure services are examples of private connections? (Choose two.)

    (a)    cable

    (b)    DSL

    (c)    Frame Relay

    (d)   T1/E1

    (e)    Wireless

     

    Correct Answer: (c) & (d)

    Explanation:

    No answer description available for this question

    Explanation:

    Private WANs can use T1/E1, T3/E3, PSTN, ISDN, Metro Ethernet, MPLS, Frame Relay, ATM, or VSAT technology.


    Q(30). Which two statements about the relationship between LANs and WANs are true? (Choose two.)

    (a)    Both LANs and WANs connect end devices.

    (b)   WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals.

    (c)     WANs must be publicly-owned, but LANs can be owned by either public or private entities.

    (d)   WANs connect LANs at slower speed bandwidth than LANs connect their internal end devices.

    (e)    LANs connect multiple WANs together.

     

    Correct Answer: (b) & (d)

    Explanation:

    No answer description available for this question

    Explanation:

    Although LANs and WANs can employ the same network media and intermediary devices, they serve very different areas and purposes. The administrative and geographical scope of a WAN is larger than that of a LAN. Bandwidth speeds are slower on WANs because of their increased complexity. The Internet is a network of networks, which can function under either public or private management.


    Q(31). Which statement describes an important characteristic of a site-to-site VPN?

    (a)    It must be statically set up.

    (b)    It is ideally suited for use by mobile workers.

    (c)     It requires using a VPN client on the host PC.

    (d)    After the initial connection is established, it can dynamically change connection information.

    (e)    It is commonly implemented over dialup and cable modem networks.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    A site-to-site VPN is created between the network devices of two separate networks. The VPN is static and stays established. The internal hosts of the two networks have no knowledge of the VPN.


    Q(32). How is “tunneling” accomplished in a VPN?

    (a)    New headers from one or more VPN protocols encapsulate the original packets.

    (b)    All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.

    (c)     Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.

    (d)    A dedicated circuit is established between the source and destination devices for the duration of the connection.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    Packets in a VPN are encapsulated with the headers from one or more VPN protocols before being sent across the third party network. This is referred to as “tunneling”. These outer headers can be used to route the packets, authenticate the source, and prevent unauthorized users from reading the contents of the packets.


    Q(33). Which statement describes a VPN?

    (a)    VPNs use open source virtualization software to create the tunnel through the Internet.

    (b)    VPNs use logical connections to create public networks through the Internet.

    (c)     VPNs use dedicated physical connections to transfer data between remote users.

    (d)   VPNs use virtual connections to create a private network through a public network.

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question

    Explanation:

    A VPN is a private network that is created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices.


    Q(34). Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
    What problem is causing PC-A to be unable to communicate with the Internet?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 12

    (a)    The ip nat inside source command refers to the wrong interface.

    (b)   The NAT interfaces are not correctly assigned.

    (c)     The static route should not reference the interface, but the outside address instead.

    (d)    The access list used in the NAT process is referencing the wrong subnet.

    (e)    This router should be configured to use static NAT instead of PAT.

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    The output of show ip nat statistics shows that the inside interface is FastEthernet0/0 but that no interface has been designated as the outside interface. This can be fixed by adding the command ip nat outside to interface Serial0/0/0.


    Q(35). What type of address is 64.100.190.189?

    (a)    public

    (b)    private

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(36). Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?

    (a)    MPLS VPN

    (b)   IPsec virtual tunnel interface

    (c)     dynamic multipoint VPN

    (d)    GRE over IPsec

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(37). Match the scenario to the WAN solution. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 13

    Explanation:

    No answer description available for this question


    Q(38). Question as presented:

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 14

    Refer to the exhibit. The PC is sending a packet to the Server on the remote network. Router R1 is performing NAT overload. From the perspective of the PC, match the NAT address type with the correct IP address. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 15

    Explanation:

    No answer description available for this question


    Q(39). Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 16

    (a)    Interface Fa0/0 should be configured with the command no ip nat inside.

    (b)   Interface S0/0/0 should be configured with the command ip nat outside.

    (c)     R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11.

    (d)    R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11.

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    In order for NAT translations to work properly, both an inside and outside interface must be configured for NAT translation on the router.


    Q(40). In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet?

    (a)    outside global

    (b)    inside global

    (c)     outside local

    (d)    inside local

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    From the perspective of a NAT device, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.


    Q(41). Refer to the exhibit. Which two statements are correct based on the output as shown in the exhibit? (Choose two.)

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 17

    (a)    The output is the result of the show ip nat translations command.

    (b)   The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10.

    (c)     The output is the result of the show ip nat statistics command.

    (d)    Traffic with the destination address of a public web server will be sourced from the IP of 192.168.1.10.

    (e)    The host with the address 209.165.200.235 will respond to requests by using a source address of 209.165.200.235.

     

    Correct Answer: (a) & (b)

    Explanation:

    No answer description available for this question

    Explanation:

    The output displayed in the exhibit is the result of the show ip nat translations command. Static NAT entries are always present in the NAT table, while dynamic entries will eventually time out.


    Q(42). Which circumstance would result in an enterprise deciding to implement a corporate WAN?

    (a)    when the enterprise decides to secure its corporate LAN

    (b)   when its employees become distributed across many branch locations

    (c)     when the number of employees exceeds the capacity of the LAN

    (d)    when the network will span multiple buildings

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    WANs cover a greater geographic area than LANs do, so having employees distributed across many locations would require the implementation of WAN technologies to connect those locations. Customers will access corporate web services via a public WAN that is implemented by a service provider, not by the enterprise itself. When employee numbers grow, the LAN has to expand as well. A WAN is not required unless the employees are in remote locations. LAN security is not related to the decision to implement a WAN.


    Q(43). What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

    (a)    protects IPsec keys during session negotiation

    (b)    authenticates the IPsec peers

    (c)     creates a secure channel for key negotiation

    (d)   guarantees message integrity

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question

    Explanation:

    The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. The Hashed Message Authentication Code (HMAC) is a data integrity algorithm that uses a hash value to guarantee the integrity of a message.


    Q(44). What algorithm is used with IPsec to provide data confidentiality?

    (a)    Diffie-Hellman

    (b)    SHA

    (c)     MD5

    (d)    RSA

    (e)    AES

     

    Correct Answer: (e)

    Explanation:

    No answer description available for this question

    Explanation:

    The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms that are used to ensure that data is not intercepted and modified (data integrity) are MD5 and SHA. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm that is used for key exchange. RSA is an algorithm that is used for authentication.


    Q(45). Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

    (a)    remote access VPN

    (b)    Frame Relay

    (c)     Layer 2 MPLS VPN

    (d)   site-to-site VPN

    (e)    Layer 3 MPLS VPN

     

    Correct Answer: (a) & (d)

    Explanation:

    No answer description available for this question

    Explanation:

    VPNs can be managed and deployed as either of two types:

    ·         Enterprise VPNs – Enterprise-managed VPNs are a common solution for securing enterprise traffic across the internet. Site-to-site and remote access VPNs are examples of enterprise managed VPNs.

    ·         Service Provider VPNs – Service provider managed VPNs are created and managed over the provider network. Layer 2 and Layer 3 MPLS are examples of service provider managed VPNs. Other legacy WAN solutions include Frame Relay and ATM VPNs.


    Q(46). Question as presented:

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 18

    Explanation:

    The inside local address is the private IP address of the source or the PC in this instance. The inside global address is the translated address of the source or the address as seen by the outside device. Since the PC is using the outside address of the R1 router, the inside global address is 192.0.2.1. The outside addressing is simply the address of the server or 203.0.113.5.


    Q(47). Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations. Which statement correctly describes the NAT translation that is occurring on router RT2?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 19

    (a)    The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT.

    (b)    The traffic from a source IPv4 address of 192.0.2.88 is being translated by router RT2 to reach a destination IPv4 address of 192.168.254.253.

    (c)     The traffic from a source IPv4 public address that originates traffic on the internet would be able to reach private internal IPv4 addresses.

    (d)    The traffic from a source IPv4 address of 192.168.2.20 is being translated by router RT2 to reach a destination IPv4 address of 192.0.2.254.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    Because no outside local or outside global address is referenced, the traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by using static NAT. In the output from the command show ip nat translations, the inside local IP address of 192.168.2.20 is being translated into an outside IP address of 192.0.2.254 so that the traffic can cross the public network. A public IPv4 device can connect to the private IPv4 device 192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.


    Q(48). What type of address is 10.100.126.126?

    (a)    private

    (b)    public

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(49). Which type of VPN connects using the Transport Layer Security (TLS) feature?

    (a)    SSL VPN

    (b)    MPLS VPN

    (c)     IPsec virtual tunnel interface

    (d)    dynamic multipoint VPN

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(50). Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)

    (a)    DSL switch

    (b)   ISR router

    (c)    another ASA

    (d)    multilayer switch

    (e)    Frame Relay switch

     

    Correct Answer: (b) & (c)

    Explanation:

    No answer description available for this question


    Q(51). Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

    (a)    IKE

    (b)    IPsec

    (c)     OSPF

    (d)   GRE

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(52). What is a disadvantage when both sides of a communication use PAT?

    (a)    End-to-end IPv4 traceability is lost.

    (b)    The flexibility of connections to the Internet is reduced.

    (c)     The security of the communication is negatively impacted.

    (d)    Host IPv4 addressing is complicated.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(53). What two addresses are specified in a static NAT configuration?

    (a)    the outside global and the outside local

    (b)    the inside local and the outside global

    (c)     the inside global and the outside local

    (d)   the inside local and the inside global

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(54). A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)

    (a)    municipal Wi-Fi

    (b)    digital subscriber line

    (c)    leased line

    (d)   Ethernet WAN

    (e)    Cable

     

    Correct Answer: (c) & (d)

    Explanation:

    No answer description available for this question


    Q(55). What type of address is 128.107.240.239?

    (a)    Public

    (b)    Private

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(56). Which type of VPN has both Layer 2 and Layer 3 implementations?

    (a)    IPsec virtual tunnel interface

    (b)    dynamic multipoint VPN

    (c)     GRE over IPsec

    (d)   MPLS VPN

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(57). Refer to the exhibit. A network administrator has configured R2 for PAT. Why is the configuration incorrect?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 20

    (a)    NAT-POOL2 is bound to the wrong ACL

    (b)    The ACL does not define the list of addresses to be translated.

    (c)     The overload keyword should not have been applied.

    (d)    The static NAT entry is missing

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explain:
    In the exhibit, NAT-POOL 2 is bound to ACL 100, but it should be bound to the configured ACL 1. This will cause PAT to fail. 100, but it should be bound to the configured ACL 1. This will cause PAT to fail.


    Q(58). Match each component of a WAN connection to its description. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 21

    Explanation:

    No answer description available for this question


    Q(59). Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?

    (a)    dynamic multipoint VPN

    (b)    SSL VPN

    (c)     IPsec virtual tunnel interface

    (d)   GRE over IPsec

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(60). Match the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to and external server at the IP address 209.165.200.254 across a router R1 that running dynamic NAT. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 22

    Explanation:

    Place the options in the following order:

    ·         step 5 => R1 replaces the address 192.168.10.10 with a translated inside global address.

    ·         step 2 => R1 checks the NAT configuration to determine if this packet should be translated.

    ·         step 4 => R1 selects an available global address from the dynamic address pool.

    ·         step 1 => The host sends packets that request a connection to the server at the address 209.165.200.254

    ·         step 3 => If there is no translation entry for this IP address, R1 determines that the source address 192.168.10.10 must be translated


    Q(61). Which type of VPN involves passenger, carrier, and transport protocols?

    (a)    GRE over IPsec

    (b)    dynamic multipoint VPN

    (c)     MPLS VPN

    (d)    IPsec virtual tunnel interface

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(62). Match the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to an external server at the IP address 209.165.200.254 across a router R1 that is running dynamic NAT. (Not all options are used.)

    Correct Answer

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 23

    Explanation:

    No answer description available for this question

     


    Q(63). Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations . Which statement correctly describes the NAT translation that is occurring on router RT2?

    CCNA 3 v7 Modules 6 - 8: WAN Concepts Exam Answers 24

    (a)    The traffic from a source IPv4 public address that originates traffic on the internet would be able to reach private internal IPv4 addresses.

    (b)    The traffic from a source IPv4 address of 192.168.2.20 is being translated by router RT2 to reach a destination IPv4 address of 192.0.2.254.

    (c)    The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT.

    (d)    The traffic from a source IPv4 address of 192.0.2.88 is being translated by router RT2 to reach a destination IPv4 address of 192.168.254.253.

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explain:

    Because no outside local or outside global address is referenced, the traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by using static NAT. In the output from the command show ip nat translations , the inside local IP address of 192.168.2.20 is being translated into an outside IP address of 192.0.2.254 so that the traffic can cross the public network. A public IPv4 device can connect to the private IPv4 device 192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.


    Q(64). What type of address is 10.131.48.7?

    (a)    Private

    (b)    Public

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(65). Which type of VPN supports multiple sites by applying configurations to virtual interfaces instead of physical interfaces?

    (a)    dynamic multipoint VPN

    (b)   IPsec virtual tunnel interface

    (c)     MPLS VPN

    (d)    GRE over IPsec

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(66). Which type of VPN involves a non-secure tunneling protocol being encapsulated by IPsec?

    (a)    dynamic multipoint VPN

    (b)    SSL VPN

    (c)     IPsec virtual tunnel interface

    (d)   GRE over IPsec

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(67). What type of address is 10.19.6.7?

    (a)    private

    (b)    public

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(68). What type of address is 64.101.198.197?

    (a)    public

    (b)    private

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(69). What type of address is 64.101.198.107

    (a)    public

    (b)    private

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(70). What type of address is 10.100.34.34?

    (a)    private

    (b)    public

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(71). What type of address is 192.168.7.126?

    (a)    Private.

    (b)    Public

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(72). What type of address is 198.133.219.148?

    (a)    Private.

    (b)   Public

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(73). Which two end points can be on the other side of an ASA site-to-site VPN? (Choose two.)

    (a)    DSL switch

    (b)   router

    (c)    another ASA

    (d)    multilayer switch

    (e)    Frame Relay switch

     

    Correct Answer: (b) & (c)

    Explanation:

    No answer description available for this question


  • CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers

    How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer.

    CCNA 3 v7 Modules 3 – 5: Network Security Exam Answers

     

    Q(1). The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?

    (a)    adware

    (b)   DDoS

    (c)     phishing

    (d)    social engineering

    (e)    spyware

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(2). What causes a buffer overflow?

    (a)    launching a security countermeasure to mitigate a Trojan horse

    (b)    downloading and installing too many software updates at one time

    (c)    attempting to write more data to a memory location than that location can hold

    (d)    sending too much information to two or more interfaces of the same device, thereby causing dropped packets

    (e)    sending repeated connections such as Telnet to a particular device, thus denying other data sources

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(3). Which objective of secure communications is achieved by encrypting data?

    (a)    authentication

    (b)    availability

    (c)    confidentiality

    (d)    integrity

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(4). What type of malware has the primary objective of spreading across the network?

    (a)    worm

    (b)    virus

    (c)     Trojan horse

    (d)    Botnet

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(5). What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers?

    (a)    financial gain

    (b)    fame seeking

    (c)     status among peers

    (d)    political reasons

     

    Correct Answer: (a)

    Explanation:

    Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.


    Q(6). Which type of hacker is motivated to protest against political and social issues?

    (a)    hacktivist

    (b)    cybercriminal

    (c)     script kiddie

    (d)    vulnerability broker

     

    Correct Answer: (a)

    Explanation:

    Hackers are categorized by motivating factors. Hacktivists are motivated by protesting political and social issues.


    Q(7). What is a ping sweep?

    (a)    A query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain.

    (b)    A scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services.

    (c)     A software application that enables the capture of all network packets that are sent across a LAN.

    (d)   A network scanning technique that indicates the live hosts in a range of IP addresses.

     

    Correct Answer: (d)

    Explanation:

    A ping sweep is a tool that is used during a reconnaissance attack. Other tools that might be used during this type of attack include a ping sweep, port scan, or Internet information query. A reconnaissance attack is used to gather information about a particular network, usually in preparation for another type of network attack.


    Q(8). In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?

    (a)    address spoofing

    (b)    MITM

    (c)     session hijacking

    (d)   DoS

     

    Correct Answer: (d)

    Explanation:

    In a DoS or denial-of-service attack, the goal of the attacker is to prevent legitimate users from accessing network services.


    Q(9). Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?

    (a)    nonrepudiation

    (b)    authentication

    (c)    integrity

    (d)    confidentiality

     

    Correct Answer: (c)

    Explanation:

    Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with protocols, such as HMAC. Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES. Data confidentiality can also be ensured using asymmetric algorithms, including RSA and PKI.


    Q(10). If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it?

    (a)    a digital certificate

    (b)    a different public key

    (c)    a private key

    (d)    DH

     

    Correct Answer: (c)

    Explanation:

    When an asymmetric algorithm is used, public and private keys are used for the encryption. Either key can be used for encryption, but the complementary matched key must be used for the decryption. For example if the public key is used for encryption, then the private key must be used for the decryption.


    Q(11). Refer to the exhibit. Which two ACLs would permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface? (Choose two.)

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 1

    (a)    access-list 1 permit 192.168.10.0 0.0.0.127

    (b)    access-list 2 permit host 192.168.10.9
    access-list 2 permit host 192.168.10.69

    (c)    access-list 5 permit 192.168.10.0 0.0.0.63
    access-list 5 permit 192.168.10.64 0.0.0.63

    (d)    access-list 3 permit 192.168.10.128 0.0.0.63

    (e)    access-list 4 permit 192.168.10.0 0.0.0.255

     

    Correct Answer: (a) & (c)

    Explanation:

    The permit 192.168.10.0 0.0.0.127 command ignores bit positions 1 through 7, which means that addresses 192.168.10.0 through 192.168.10.127 are allowed through. The two ACEs of permit 192.168.10.0 0.0.0.63 and permit 192.168.10.64 0.0.0.63 allow the same address range through the router.


    Q(12). Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)

    (a)    destination UDP port number

    (b)    computer type

    (c)     destination MAC address

    (d)   ICMP message type

    (e)    source TCP hello address

     

    Correct Answer: (a) & (d)

    Explanation:

    Extended access lists commonly filter on source and destination IPv4 addresses and TCP or UDP port numbers. Additional filtering can be provided for protocol types.


    Q(13). What type of ACL offers greater flexibility and control over network access?

    (a)    numbered standard

    (b)    named standard

    (c)    extended

    (d)    flexible

     

    Correct Answer: (c)

    Explanation:

    The two types of ACLs are standard and extended. Both types can be named or numbered, but extended ACLs offer greater flexibility.


    Q(14). What is the quickest way to remove a single ACE from a named ACL?

    (a)    Use the no keyword and the sequence number of the ACE to be removed.

    (b)    Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router.

    (c)     Create a new ACL with a different number and apply the new ACL to the router interface.

    (d)    Use the no access-list command to remove the entire ACL, then recreate it without the ACE.

     

    Correct Answer: (a)

    Explanation:

    Named ACL ACEs can be removed using the no command followed by the sequence number.


    Q(15). Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 2

    (a)    ACL 10 is removed from both the running configuration and the interface Fa0/1.

    (b)   ACL 10 is removed from the running configuration.

    (c)     ACL 10 is disabled on Fa0/1.

    (d)    ACL 10 will be disabled and removed after R1 restarts.

     

    Correct Answer: (b)

    Explanation:

    The R1(config)# no access-list <access-list number> command removes the ACL from the running-config immediately. However, to disable an ACL on an interface, the command R1(config-if)# no ip access-group should be entered.


    Q(16). Refer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 3

    (a)    The established keyword is not specified.

    (b)   The sequence of the ACEs is incorrect.

    (c)     The port number for the traffic has not been identified with the eq keyword.

    (d)    The permit statement specifies an incorrect wildcard mask.

     

    Correct Answer: (b)

    Explanation:

    When verifying an ACL, the statements are always listed in a sequential order. Even though there is an explicit permit for the traffic that is sourced from network 172.31.1.0 /24, it is being denied due to the previously implemented ACE of CiscoVille(config)# access-list 9 deny 172.31.0.0 0.0.255.255. The sequence of the ACEs must be modified to permit the specific traffic that is sourced from network 172.31.1.0 /24 and then to deny 172.31.0.0 /16.


    Q(17). A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)

    (a)    Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0

    (b)    Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255

    (c)     Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255

    (d)   Router1(config)# access-list 10 permit host 192.168.15.23

    (e)    Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0

     

    Correct Answer: (a) & (d)

    Explanation:

    To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used.


    Q(18). Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 4

    (a)    access-list 1 permit 192.168.10.128 0.0.0.63

    (b)    access-list 1 permit 192.168.10.0 0.0.0.255

    (c)    access-list 1 permit 192.168.10.96 0.0.0.31

    (d)    access-list 1 permit 192.168.10.0 0.0.0.63

     

    Correct Answer: (c)

    Explanation:

    Standard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31.


    Q(19). A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)

    (a)    Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0

    (b)   Router(config)# access-list 95 permit any

    (c)     Router(config)# access-list 95 host 172.16.0.0

    (d)   Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255

    (e)    Router(config)# access-list 95 172.16.0.0 255.255.255.255

    (f)      Router(config)# access-list 95 deny any

     

    Correct Answer: (b) & (d)

    Explanation:

    To deny traffic from the 172.16.0.0/16 network, the access-list 95 deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic, the access-list 95 permit any statement is added.


    Q(20). Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 5

    (a)    The ACL should be applied outbound on all interfaces of R1.

    (b)    The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements.

    (c)    All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

    (d)    Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.

    (e)    An extended ACL must be used in this situation.

     

    Correct Answer: (c)

    Explanation:

    Because of the implicit deny at the end of all ACLs, the access-list 1 permit any command must be included to ensure that only traffic from the 172.16.4.0/24 subnet is blocked and that all other traffic is allowed.


    Q(21). Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 6

    (a)    30 deny 172.23.16.0 0.0.15.255

    (b)    15 deny 172.23.16.0 0.0.15.255

    (c)    5 deny 172.23.16.0 0.0.15.255

    (d)    5 deny 172.23.16.0 0.0.255.255

     

    Correct Answer: (c)

    Explanation:

    The only filtering criteria specified for a standard access list is the source IPv4 address. The wild card mask is written to identify what parts of the address to match, with a 0 bit, and what parts of the address should be ignored, which a 1 bit. The router will parse the ACE entries from lowest sequence number to highest. If an ACE must be added to an existing access list, the sequence number should be specified so that the ACE is in the correct place during the ACL evaluation process.


    Q(22). Refer to the exhibit. A network administrator configures an ACL on the router. Which statement describes the result of the configuration?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 7

    (a)    An SSH connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18.

    (b)   An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.

    (c)     A Telnet connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.

    (d)    A Telnet connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18.

     

    Correct Answer: (b)

    Explanation:

    In an extended ACL, the first address is the source IP address and the second one is the destination IP address. TCP port number 22 is a well-known port number reserved for SSH connections. Telnet connections use TCP port number 23.


    Q(23). Refer to the exhibit. What can be determined from this output?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 8

    (a)    The ACL is missing the deny ip any any ACE.

    (b)    The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.

    (c)     Because there are no matches for line 10, the ACL is not working.

    (d)   The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.

     

    Correct Answer: (d)

    Explanation:

    ACL entry 10 in MyACL matches any Telnet packets between host 10.35.80.22 and 10.23.77.101. No matches have occurred on this ACE as evidenced by the lack of a “(xxx matches)” ACE. The deny ip any any ACE is not required because there is an implicit deny ACE added to every access control list. When no matches exist for an ACL, it only means that no traffic has matched the conditions that exist for that particular line. The ACL is monitoring traffic that matches three specific hosts going to very specific destination devices. All other traffic is not permitted by the implicit deny ip any any ACE.


    Q(24). Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 9

    (a)    R2(config)# interface fastethernet 0/1

    (b)    R2(config-if)# ip access-group 101 out

    (c)     R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

    (d)   R2(config-if)# ip access-group 101 in

    (e)    R2(config)# access-list 101 permit ip any any

    (f)     R2(config)# interface fastethernet 0/0

    (g)   R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1

     

    Correct Answer: (d), (f) & (g)

    Explanation:

    An extended ACL is placed as close to the source of the traffic as possible. In this case.it is placed in an inbound direction on interface fa0/0 on R2 for traffic entering the router from host with the IP address192.168.1.1 bound for the server with the IP address192.168.2.1.


    Q(25). Consider the following access list.

    access-list 100 permit ip host 192.168.10.1 any
    access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo
    access-list 100 permit ip any any

    Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)

    (a)    Only Layer 3 connections are allowed to be made from the router to any other network device.

    (b)    Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests.

    (c)     Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.

    (d)   A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.

    (e)    Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.

    (f)      Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.

     

    Correct Answer: (d) & (e)

    Explanation:

    The first ACE allows the 192.168.10.1 device to do any TCP/IP-based transactions with any other destination. The second ACE stops devices on the 192.168.10.0/24 network from issuing any pings to any other location. Everything else is permitted by the third ACE. Therefore, a Telnet/SSH session or ping reply is allowed from a device on the 192.168.10.0/24 network.


    Q(26). Refer to the exhibit. The named ACL “Managers” already exists on the router. What will happen when the network administrator issues the commands that are shown in the exhibit?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 10

    (a)    The commands are added at the end of the existing Managers ACL.

    (b)    The commands overwrite the existing Managers ACL.

    (c)     The commands are added at the beginning of the existing Managers ACL.

    (d)    The network administrator receives an error that states that the ACL already exists.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(27). In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?

    (a)    port scan attack

    (b)   SYN flood attack

    (c)     session hijacking attack

    (d)    reset attack

     

    Correct Answer: (b)

    Explanation:

    In a TCP SYN flood attack, the attacker sends to the target host a continuous flood of TCP SYN session requests with a spoofed source IP address. The target host responds with a TCP-SYN-ACK to each of the SYN session requests and waits for a TCP ACK that will never arrive. Eventually the target is overwhelmed with half-open TCP connections.


    Q(28). Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?

    (a)    DHCP

    (b)    DNS

    (c)     ICMP

    (d)    HTTP or HTTPS

     

    Correct Answer: (a)

    Explanation:

    A cybercriminal could set up a rogue DHCP server that provides one or more of the following:

    ·         Wrong default gateway that is used to create a man-in-the-middle attack and allow the attacker to intercept data

    ·         Wrong DNS server that results in the user being sent to a malicious website

    ·         Invalid default gateway IP address that results in a denial of service attack on the DHCP client

    ·

    Q(29). Refer to the exhibit. An administrator has configured a standard ACL on R1 and applied it to interface serial 0/0/0 in the outbound direction. What happens to traffic leaving interface serial 0/0/0 that does not match the configured ACL statements?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 11

    (a)    The traffic is dropped.

    (b)    The source IP address is checked and, if a match is not found, traffic is routed out interface serial 0/0/1.

    (c)     The resulting action is determined by the destination IP address.

    (d)    The resulting action is determined by the destination IP address and port number.

     

    Correct Answer: (a)

    Explanation:

    Any traffic that does not match one of the statements in an ACL has the implicit deny applied to it, which means the traffic is dropped.


    Q(30). Refer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.)

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 12

    (a)    inbound

    (b)    R2 S0/0/1

    (c)    R1 Gi0/1.12

    (d)   outbound

    (e)    R1 S0/0/0

    (f)      R2 Gi0/1.20

     

    Correct Answer: (c) & (d)

    Explanation:

    A standard access list is commonly placed as close to the destination network as possible because access control expressions in a standard ACL do not include information about the destination network.
    The destination in this example is printer VLAN 12 which has router R1 Gigabit subinterface 0/1/.12 as its gateway. A sample standard ACL that only allows printing from data VLAN 10 (192.168.10.0/24), for example, and no other VLAN would be as follows:

    R1(config)# access-list 1 permit 192.168.10.0 0.0.0.255

    R1(config)# access-list 1 deny any

    R1(config)# interface gigabitethernet 0/1.12

    R1(config-if)# ip access-group 1 out


    Q(31). Which statement describes a characteristic of standard IPv4 ACLs?

    (a)    They are configured in the interface configuration mode.

    (b)    They can be configured to filter traffic based on both source IP addresses and source ports.

    (c)     They can be created with a number but not with a name.

    (d)   They filter traffic based on source IP addresses only.

     

    Correct Answer: (d)

    Explanation:

    A standard IPv4 ACL can filter traffic based on source IP addresses only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports. However, both standard and extended ACLs can be identified with either a number or a name, and both are configured in global configuration mode.


    Q(32). What is considered a best practice when configuring ACLs on vty lines?

    (a)    Place identical restrictions on all vty lines.

    (b)    Remove the vty password since the ACL restricts access to trusted users.

    (c)     Apply the ip access-group command inbound.

    (d)    Use only extended access lists.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(33).  

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 13

    Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below.

    Router(config)# ip access-list extended 101

    Router(config-ext-nacl)# no 20

    Router(config-ext-nacl)# 5 permit tcp any any eq 22

    Router(config-ext-nacl)# 20 deny udp any any

    Which two conclusions can be drawn from this new configuration? (Choose two.)

    (a)    TFTP packets will be permitted.

    (b)   Ping packets will be permitted.

    (c)     Telnet packets will be permitted.

    (d)   SSH packets will be permitted.

    (e)    All TCP and UDP packets will be denied.

     

    Correct Answer: (b) & (d)

    Explanation:
    Router# show access-lists
    Extended IP access list 101
    5 permit tcp any any eq ssh
    10 deny tcp any any
    20 deny udp any any
    30 permit icmp any any
    So, only SSH packets and ICMP packets will be permitted.


    Q(34). Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?

    (a)    access-list 103 deny tcp host 192.168.10.0 any eq 23
    access-list 103 permit tcp host 192.168.10.1 eq 80

    (b)    access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
    access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

    (c)     access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
    access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
    ​​

    (d)   access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
    access-list 103 deny tcp
    192.168.10.0 0.0.0.255 any eq 23

     

    Correct Answer: (d)

    Explanation:

    For an extended ACL to meet these requirements the following need to be included in the access control entries:

    ·         identification number in the range 100-199 or 2000-2699

    ·         permit or deny parameter

    ·         protocol

    ·         source address and wildcard

    ·         destination address and wildcard

    ·         port number or name


    Q(35). What is the term used to describe a mechanism that takes advantage of a vulnerability?

    (a)    mitigation

    (b)   exploit

    (c)     vulnerability

    (d)    threat

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(36). Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 14

    (a)    extended ACL outbound on R2 WAN interface towards the internet

    (b)   standard ACL inbound on R1 vty lines

    (c)     extended ACLs inbound on R1 G0/0 and G0/1

    (d)    extended ACL outbound on R2 S0/0/1

     

    Correct Answer: (b)

    Explanation:

    Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible.

    Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure.


    Q(37). A technician is tasked with using ACLs to secure a router. When would the technician use the any configuration option or command?

    (a)    to add a text entry for documentation purposes

    (b)    to generate and send an informational message whenever the ACE is matched

    (c)    to identify any IP address

    (d)    to identify one specific IP address

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(38). Which statement accurately characterizes the evolution of threats to network security?

    (a)    Internet architects planned for network security from the beginning.

    (b)    Early Internet users often engaged in activities that would harm other users.

    (c)    Internal threats can cause even greater damage than external threats.

    (d)    Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.

     

    Correct Answer: (c)

    Explanation:

    Internal threats can be intentional or accidental and cause greater damage than external threats because the internal user has direct access to the internal corporate network and corporate data.


    Q(39). A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?

    (a)    spam

    (b)   social engineering

    (c)     DDoS

    (d)    anonymous keylogging

     

    Correct Answer: (b)

    Explanation:

    Social engineering attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, spam, and keylogging are all examples of software based security threats, not social engineering.


    Q(40). In what way are zombies used in security attacks?

    (a)    They target specific individuals to gain corporate or personal information.

    (b)    They probe a group of machines for open ports to learn which services are running.

    (c)     They are maliciously formed code segments used to replace legitimate applications.

    (d)   They are infected machines that carry out a DDoS attack.

     

    Correct Answer: (d)

    Explanation:

    Zombies are infected computers that make up a botnet. The zombies are used to deploy a distributed denial of service (DDoS) attack.


    Q(41). Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?

    (a)    man-in-the-middle attack

    (b)    SYN flood attack

    (c)     DoS attack

    (d)    ICMP attack

     

    Correct Answer: (a)

    Explanation:

    The man-in-the-middle attack is a common IP-related attack where threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication.


    Q(42). Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)

    (a)    host

    (b)    most

    (c)     gt

    (d)    some

    (e)    any

    (f)      all

     

    Correct Answer: (a) & (e)

    Explanation:

    The host keyword is used when using a specific device IP address in an ACL. For example, the deny host 192.168.5.5 command is the same is the deny 192.168.5.5 0.0.0.0 command. The any keyword is used to allow any mask through that meets the criteria. For example, the permit any command is the same as permit 0.0.0.0 255.255.255.255 command.


    Q(43). Which statement describes a difference between the operation of inbound and outbound ACLs?

    (a)    Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.

    (b)    In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.

    (c)     On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.

    (d)    Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.

     

    Correct Answer: (a)

    Explanation:

    With an inbound ACL, incoming packets are processed before they are routed. With an outbound ACL, packets are first routed to the outbound interface, then they are processed. Thus processing inbound is more efficient from the router perspective. The structure, filtering methods, and limitations (on an interface, only one inbound and one outbound ACL can be configured) are the same for both types of ACLs.


    Q(44). What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface?

    (a)    All TCP traffic is permitted, and all other traffic is denied.

    (b)   Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.

    (c)     All traffic from 172.16.4.0/24 is permitted anywhere on any port.

    (d)    The command is rejected by the router because it is incomplete.

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(45). Which ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1?

    (a)    access-list 101 permit tcp any host 192.168.1.1 eq 80

    (b)    access-list 101 permit tcp host 192.168.1.1 eq 80 any

    (c)     access-list 101 permit tcp host 192.168.1.1 any eq 80

    (d)    access-list 101 permit tcp any eq 80 host 192.168.1.1

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(46). Refer to the exhibit. A new network policy requires an ACL denying FTP and Telnet access to a Corp file server from all interns. The address of the file server is 172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network. After implementing the ACL, no one in the Corp network can access any of the servers. What is the problem?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 46

    (a)    Inbound ACLs must be routed before they are processed.

    (b)   The ACL is implicitly denying access to all the servers.

    (c)     Named ACLs require the use of port numbers.

    (d)    The ACL is applied to the interface using the wrong direction.

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    Both named and numbered ACLs have an implicit deny ACE at the end of the list. This implicit deny blocks all traffic.


    Q(47). A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command?

    (a)    to secure administrative access to the router

    (b)    to remove an ACL from an interface

    (c)     to remove a configured ACL

    (d)    to apply a standard ACL to an interface

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(48). What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data?

    (a)    symmetric encryption algorithm

    (b)    data integrity

    (c)     exploit

    (d)    risk

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(49). Refer to the exhibit. Internet privileges for an employee have been revoked because of abuse but the employee still needs access to company resources. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 49

    (a)    standard ACL inbound on R2 WAN interface connecting to the internet

    (b)   standard ACL outbound on R2 WAN interface towards the internet

    (c)     standard ACL inbound on R1 G0/0

    (d)    standard ACL outbound on R1 G0/0

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question

    Explanation:

    – Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible.
    – Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure.


    Q(50). Refer to the exhibit. The student on the H1 computer continues to launch an extended ping with expanded packets at the student on the H2 computer. The school network administrator wants to stop this behavior, but still allow both students access to web-based computer assignments. What would be the best plan for the network administrator?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 42

    (a)    Apply an inbound standard ACL on R1 Gi0/0.

    (b)    Apply an inbound extended ACL on R2 Gi0/1.

    (c)     Apply an outbound extended ACL on R1 S0/0/1.

    (d)   Apply an inbound extended ACL on R1 Gi0/0.

    (e)    Apply an outbound standard ACL on R2 S0/0/1.

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question

    Explanation:

    This access list must be an extended ACL in order to filter on specific source and destination host addresses. Commonly, the best place for an extended ACL is closest to the source, which is H1. Traffic from H1 travels into the switch, then out of the switch into the R1 Gi0/0 interface. This Gi0/0 interface would be the best location for this type of extended ACL. The ACL would be applied on the inbound interface since the packets from H1 would be coming into the R1 router.


    Q(51). A technician is tasked with using ACLs to secure a router. When would the technician use the ‘ip access-group 101 in’ configuration option or command?

    (a)    to apply an extended ACL to an interface

    (b)    to secure management traffic into the router

    (c)     to secure administrative access to the router

    (d)    to display all restricted traffic

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(52). In which type of attack is falsified information used to redirect users to malicious Internet sites?

    (a)    DNS amplification and reflection

    (b)    ARP cache poisoning

    (c)    DNS cache poisoning

    (d)    domain generation

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(53). What is a feature of an IPS?

    (a)    It can stop malicious packets.

    (b)    It is deployed in offline mode.

    (c)     It has no impact on latency.

    (d)    It is primarily focused on identifying possible incidents.

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(54). What is the term used to describe a potential danger to a company’s assets, data, or network functionality?

    (a)    vulnerability

    (b)   threat

    (c)     asset

    (d)    exploit

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(55). Refer to the exhibit. Network 192.168.30.0/24 contains all of the company servers. Policy dictates that traffic from the servers to both networks 192.168.10.0 and 192.168.11.0 be limited to replies for original requests. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 15

    (a)    standard ACL inbound on R1 vty lines

    (b)    extended ACLs inbound on R1 G0/0 and G0/1

    (c)    extended ACL inbound on R3 G0/0

    (d)    extended ACL inbound on R3 S0/0/1

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible.

    Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure.


    Q(56). What does the CLI prompt change to after entering the command ip access-list standard aaa from global configuration mode?

    (a)    Router(config-line)#

    (b)   Router(config-std-nacl)#

    (c)     Router(config)#

    (d)    Router(config-router)#

    (e)    Router(config-if)#

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(57). Refer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 16

    (a)    extended ACL outbound on R2 WAN interface towards the internet

    (b)    standard ACL outbound on R2 WAN interface towards the internet

    (c)     standard ACL outbound on R2 S0/0/0

    (d)   extended ACLs inbound on R1 G0/0 and G0/1

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(58). A technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command?

    (a)    to remove all ACLs from the router

    (b)   to create an entry in a numbered ACL

    (c)     to apply an ACL to all router interfaces

    (d)    to secure administrative access to the router

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(59). What is the best description of Trojan horse malware?

    (a)    It is malware that can only be distributed over the Internet.

    (b)   It appears as useful software but hides malicious code.

    (c)     It is software that causes annoying but not fatal computer problems.

    (d)    It is the most easily detected form of malware.

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(60). What wild card mask will match networks 172.16.0.0 through 172.19.0.0?

    (a)    0.0.3.255

    (b)    0.252.255.255

    (c)    0.3.255.255

    (d)    0.0.255.255

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(61). What is the term used to describe gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks?

    (a)    white hat hackers

    (b)    grey hat hackers

    (c)    hacktivists

    (d)    state-sponsored hacker

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(62). Refer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 17

    (a)    extended ACL inbound on R1 G0/0

    (b)    extended ACL outbound on R2 WAN interface towards the internet

    (c)     extended ACL outbound on R2 S0/0/1

    (d)    extended ACLs inbound on R1 G0/0 and G0/1

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question

    Explanation:

    Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible.

    Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure.


    Q(63). A technician is tasked with using ACLs to secure a router. When would the technician use the no ip access-list 101 configuration option or command?

    (a)    to apply an ACL to all router interfaces

    (b)    to secure administrative access to the router

    (c)     to remove all ACLs from the router

    (d)   to remove a configured ACL

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(64). What is the term used to describe unethical criminals who compromise computer and network security for personal gain, or for malicious reasons?

    (a)    hacktivists

    (b)    vulnerability broker

    (c)    black hat hackers

    (d)    script kiddies

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(65). What is the term used to describe a guarantee that the message is not a forgery and does actually come from whom it states?

    (a)    origin authentication

    (b)    mitigation

    (c)     exploit

    (d)    data non-repudiation

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(66). A technician is tasked with using ACLs to secure a router. When would the technician use the ip access-group 101 in configuration option or command?

    (a)    to secure administrative access to the router

    (b)   to apply an extended ACL to an interface

    (c)     to display all restricted traffic

    (d)    to secure management traffic into the router

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(67). A technician is tasked with using ACLs to secure a router. When would the technician use the remark configuration option or command?

    (a)    to generate and send an informational message whenever the ACE is matched

    (b)   to add a text entry for documentation purposes

    (c)     to identify one specific IP address

    (d)    to restrict specific traffic access through an interface

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(68). Refer to the exhibit. The company CEO demands that one ACL be created to permit email traffic to the internet and deny FTP access. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 18

    (a)    extended ACL outbound on R2 WAN interface towards the internet

    (b)    standard ACL outbound on R2 S0/0/0

    (c)     extended ACL inbound on R2 S0/0/0

    (d)    standard ACL inbound on R2 WAN interface connecting to the internet

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(69). A technician is tasked with using ACLs to secure a router. When would the technician use the established configuration option or command?

    (a)    to add a text entry for documentation purposes

    (b)    to display all restricted traffic

    (c)     to allow specified traffic through an interface

    (d)   to allow returning reply traffic to enter the internal network

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(70). A technician is tasked with using ACLs to secure a router. When would the technician use the deny configuration option or command?

    (a)    to identify one specific IP address

    (b)    to display all restricted traffic

    (c)    to restrict specific traffic access through an interface

    (d)    to generate and send an informational message whenever the ACE is matched

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(71). Refer to the exhibit. Only authorized remote users are allowed remote access to the company server 192.168.30.10. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 19

    (a)    extended ACLs inbound on R1 G0/0 and G0/1

    (b)    extended ACL outbound on R2 WAN interface towards the internet

    (c)     extended ACL inbound on R2 S0/0/0

    (d)   extended ACL inbound on R2 WAN interface connected to the internet

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(72). Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation?

    CCNA 3 v7 Modules 3 - 5: Network Security Exam Answers 20

    (a)    standard ACL inbound on R1 vty lines

    (b)    extended ACL inbound on R1 G0/0

    (c)    standard ACL inbound on R1 G0/1

    (d)    extended ACL inbound on R3 S0/0/1

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(73). A technician is tasked with using ACLs to secure a router. When would the technician use the host configuration option or command?

    (a)    to add a text entry for documentation purposes

    (b)    to generate and send an informational message whenever the ACE is matched

    (c)     to identify any IP address

    (d)   to identify one specific IP address

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(74). What commonly motivates cybercriminals to attack networks as compared to hacktivists or state-sponsored hackers?

    (a)    financial gain

    (b)    political reasons

    (c)     fame seeking

    (d)    status among peers

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


  • CCNA 3 v7 Modules 1 – 2: OSPF Concepts and Configuration Exam Answers

    How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer.

    CCNA 3 v7 Modules 1 – 2: OSPF Concepts and Configuration Exam Answers

     

    Q(1). What is a function of OSPF hello packets?

    (a)    to send specifically requested link-state records

    (b)   to discover neighbors and build adjacencies between them

    (c)     to ensure database synchronization between routers

    (d)    to request specific link-state records from neighbor routers

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(2). Which OPSF packet contains the different types of link-state advertisements?

    (a)    hello

    (b)    DBD

    (c)     LSR

    (d)   LSU

    (e)    LSAck

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(3). Which three statements describe features of the OSPF topology table? (Choose three.)

    (a)    It is a link-state database that represents the network topology.

    (b)    Its contents are the result of running the SPF algorithm.

    (c)    When converged, all routers in an area have identical topology tables.

    (d)    The topology table contains feasible successor routes.

    (e)    The table can be viewed via the show ip ospf database command.

    (f)      After convergence, the table only contains the lowest cost route entries for all known networks.

     

    Correct Answer: (a), (c) & (e)

    Explanation:

    No answer description available for this question


    Q(4). What does an OSPF area contain?

    (a)    routers that share the same router ID

    (b)    routers whose SPF trees are identical

    (c)    routers that have the same link-state information in their LSDBs

    (d)    routers that share the same process ID

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(5). What is used to facilitate hierarchical routing in OSPF?

    (a)    the use of multiple areas

    (b)    frequent SPF calculations

    (c)     auto summarization

    (d)    the election of designated routers

     

    Correct Answer: (a)

    Explanation:

    OSPF supports the concept of areas to prevent larger routing tables, excessive SPF calculations, and large LSDBs. Only routers within an area share link-state information. This allows OSPF to scale in a hierarchical fashion with all areas that connect to a backbone area.


    Q(6). Which OSPF data structure is identical on all OSPF routers that share the same area?

    (a)    forwarding database

    (b)   link-state database

    (c)     adjacency database

    (d)    routing table

     

    Correct Answer: (b)

    Explanation:

    Regardless of which OSPF area a router resides in, the adjacency database, routing table, and forwarding database are unique for each router. The link-state database lists information about all other routers within an area and is identical across all OSPF routers participating in that area.


    Q(7). Which step does an OSPF-enabled router take immediately after establishing an adjacency with another router?

    (a)    builds the topology table

    (b)   exchanges link-state advertisements

    (c)     chooses the best path

    (d)    executes the SPF algorithm

     

    Correct Answer: (b)

    Explanation:

    The OSPF operation steps are as follows:

    1.       Establish neighbor adjacencies

    2.       Exchange link-state advertisements

    3.       Build the topology table

    4.      Execute the SPF algorithm

    5.      Choose the best route


    Q(8). A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected?

    (a)    The dead interval will not change from the default value.

    (b)    The dead interval will now be 30 seconds.

    (c)    The dead interval will now be 60 seconds.

    (d)    The dead interval will now be 15 seconds.

     

    Correct Answer: (c)

    Explanation:

    Cisco IOS automatically modifies the dead interval to four times the hello interval.


    Q(9). Refer to the exhibit. A network administrator has configured the OSPF timers to the values that are shown in the graphic. What is the result of having those manually configured timers?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 1

    (a)    R1 automatically adjusts its own timers to match the R2 timers.

    (b)   The R1 dead timer expires between hello packets from R2.

    (c)     The hello timer on R2 expires every ten seconds.

    (d)    The neighbor adjacency has formed.

     

    Correct Answer: (b)

    Explanation:

    The dead timer (20 seconds) on R1 expires before the next hello packet from R2 (25 seconds).


    Q(10). To establish a neighbor adjacency two OSPF routers will exchange hello packets. Which two values in the hello packets must match on both routers? (Choose two.)

    (a)    dead interval

    (b)    router priority

    (c)     list of neighbors

    (d)    router ID

    (e)    hello interval

     

    Correct Answer: (a) & (e)

    Explanation:

    The hello and dead interval timers contained in a hello packet must be the same on neighboring routers in order to form an adjacency.


    Q(11). What is the default router priority value for all Cisco OSPF routers?

    (a)    0

    (b)   1

    (c)     10

    (d)    255

     

    Correct Answer: (b)

    Explanation:

    The router priority value is used in a DR/BDR election. The default priority for all OSPF routers is 1 but it can be manually altered to any value 0 to 255.


    Q(12). Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB?

    (a)    database description

    (b)    link-state update

    (c)     link-state request

    (d)    link-state acknowledgment

     

    Correct Answer: (a)

    Explanation:

    The database description (DBD) packet contains an abbreviated list of the LSDB sent by a neighboring router and is used by receiving routers to check against the local LSDB.


    Q(13). In an OSPF network when are DR and BDR elections required?

    (a)    when the two adjacent neighbors are interconnected over a point-to-point link

    (b)    when all the routers in an OSPF area cannot form adjacencies

    (c)    when the routers are interconnected over a common Ethernet network

    (d)    when the two adjacent neighbors are in two different networks

     

    Correct Answer: (c)

    Explanation:

    When the routers are interconnected over a common Ethernet network, then a designated router (DR) and a backup DR (BDR) must be elected.


    Q(14). When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers?

    (a)    every 5 minutes

    (b)    every 10 minutes

    (c)    every 30 minutes

    (d)    every 60 minutes

     

    Correct Answer: (c)

    Explanation:

    After all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a full state. Updates (LSUs) are sent to neighbors only under the following conditions:

    ·         when a network topology change is detected (incremental updates)

    ·         every 30 minutes


    Q(15). What will an OSPF router prefer to use first as a router ID?

    (a)    a loopback interface that is configured with the highest IP address on the router

    (b)   any IP address that is configured using the router-id command

    (c)     the highest active interface IP that is configured on the router

    (d)    the highest active interface that participates in the routing process because of a specifically configured network statement

     

    Correct Answer: (b)

    Explanation:

    The first preference for an OSPF router ID is an explicitly configured 32-bit address. This address is not included in the routing table and is not defined by the network command. If a router ID that is configured through the router-id command is not available, OSPF routers next use the highest IP address available on a loopback interface, as loopbacks used as router IDs are also not routable addresses. Lacking either of these alternatives, an OSPF router will use the highest IP address from its active physical interfaces.


    Q(16). What are the two purposes of an OSPF router ID? (Choose two.)

    (a)    to uniquely identify the router within the OSPF domain

    (b)   to facilitate router participation in the election of the designated router

    (c)     to enable the SPF algorithm to determine the lowest cost path to remote networks

    (d)    to facilitate the establishment of network convergence

    (e)    to facilitate the transition of the OSPF neighbor state to Full

     

    Correct Answer: (a) & (b)

    Explanation:

    OSPF router ID does not contribute to SPF algorithm calculations, nor does it facilitate the transition of the OSPF neighbor state to full. Although the router ID is contained within OSPF messages when router adjacencies are being established, it has no bearing on the actual convergence process.


    Q(17). Refer to the exhibit. If no router ID was manually configured, what would router Branch1 use as its OSPF router ID?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 2

    (a)    10.0.0.1

    (b)    10.1.0.1

    (c)    192.168.1.100

    (d)    209.165.201.1

     

    Correct Answer: (c)

    Explanation:

    In OSPFv2, a Cisco router uses a three-tier method to derive its router ID. The first choice is the manually configured router ID with the router-id command. If the router ID is not manually configured, the router will choose the highest IPv4 address of the configured loopback interfaces. Finally if no loopback interfaces are configured, the router chooses the highest active IPv4 address of its physical interfaces.


    Q(18). A network technician issues the following commands when configuring a router:

    R1(config)# router ospf 11

    R1(config-router)# network 10.10.10.0 0.0.0.255 area 0

    What does the number 11 represent?

    (a)    the OSPF process ID on R1

    (b)    the cost of the link to R1

    (c)     the autonomous system number to which R1 belongs

    (d)    the administrative distance that is manually assigned to R1

    (e)    the area number where R1 is located

     

    Correct Answer: (a)

    Explanation:

    There is no autonomous system number to configure on OSPF. The area number is located at the end of the network statement. The cost of a link can be modified in the interface configuration mode. The process ID is local to the router.


    Q(19). An OSPF router has three directly connected networks; 172.16.0.0/16, 172.16.1.0/16, and 172.16.2.0/16. Which OSPF network command would advertise only the 172.16.1.0 network to neighbors?

    (a) router(config-router)# network 172.16.1.0 0.0.255.255 area 0

    (b) router(config-router)# network 172.16.0.0 0.0.15.255 area 0

    (c) router(config-router)# network 172.16.1.0 255.255.255.0 area 0

    (d) router(config-router)# network 172.16.1.0 0.0.0.0 area 0

     

    Correct Answer: (c)

    Explanation:

    To advertise only the 172.16.1.0/16 network the wildcard mask used in the network command must match the first 16-bits exactly. To match bits exactly, a wildcard mask uses a binary zero. This means that the first 16-bits of the wildcard mask must be zero. The low order 16-bits can all be set to 1.


    Q(20). Refer to the exhibit. Which three statements describe the results of the OSPF election process of the topology that is shown in the exhibit? (Choose three.)

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 3

    (a)    R3 will be elected BDR.

    (b)    The R4 Fast Ethernet 0/0 priority is 128.

    (c)    The R4 router ID is 172.16.1.1.

    (d)    R1 will be elected BDR.

    (e)    The router ID on R2 is the loopback interface.

    (f)     R2 will be elected DR.

     

    Correct Answer: (a), (c) & (f)

    Explanation:

    R2 will be elected DR because it has the highest priority of 255, all of the others have a priority of 1. R3 will be elected BDR because it has the numerically highest router-ID of 192.168.1.4. The R4 router-ID is 172.16.1.1 because it is the IPv4 address attached to the loopback 0 interface.


    Q(21). Refer to the exhibit. If the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 4

    (a)    Router R4 will become the DR and router R1 will become the BDR.

    (b)    Router R2 will become the DR and router R3 will become the BDR.

    (c)     Router R1 will become the DR and router R2 will become the BDR.

    (d)    Router R4 will become the DR and router R3 will become the BDR.

     

    Correct Answer: (a)

    Explanation:

    OSPF elections of a DR are based on the following in order of precedence:

    ·         highest priority from 1 -255 (0 = never a DR)

    ·         highest router ID

    ·         Highest IP address of a loopback or active interface in the absence of a manually configured router ID. Loopback IP addresses take higher precedence than other interfaces.

    In this case routers R4 and R1 have the highest router priority. Between the two, R3 has the higher router ID. Therefore, R4 will become the DR and R1 will become the BDR.


    Q(22). By default, what is the OSPF cost for any link with a bandwidth of 100 Mb/s or greater?

    (a)    100000000

    (b)    10000

    (c)    1

    (d)    100

     

    Correct Answer: (c)

    Explanation:

    OSPF uses the formula: Cost = 100,000,000 / bandwidth. Because OSPF will only use integers as cost, any bandwidth of 100 Mb/s or greater will all equal a cost of 1.


    Q(23). Refer to the exhibit. What is the OSPF cost to reach the router A LAN 172.16.1.0/24 from B?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 5

    (a)    782

    (b)    74

    (c)     128

    (d)   65

     

    Correct Answer: (d)

    Explanation:

    The formula used to calculate the OSPF cost is as follows:

    Cost = reference bandwidth / interface bandwidth

    The default reference bandwidth is 10^8 (100,000,000); therefore, the formula is

    Cost = 100,000,000 bps / interface bandwidth in bps

    Thus the cost to reach the A LAN 172.16.1.0/24 from B is as follows:
    Serial link (1544 Kbps) from B to A cost => 100,000,000 / 1,544,000 = 64
    Gigabit Ethernet link on A cost => 100,000,000 / 1,000,000,000 = 1
    Total cost to reach 172.16.1.0/24 = 64 + 1 = 65


    Q(24). Refer to the exhibit. On which router or routers would a default route be statically configured in a corporate environment that uses single area OSPF as the routing protocol?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 6

    (a)    R0-A

    (b)    ISP, R0-A, R0-B, and R0-C

    (c)     ISP

    (d)    R0-B and R0-C

    (e)    ISP and R0-A

    (f)      R0-A, R0-B, and R0-C

     

    Correct Answer: (a)

    Explanation:

    The default route is applied to the router that connects to the Internet, or R0-A. R0-A then distributes that default route using the OSPF routing protocol.


    Q(25). What command would be used to determine if a routing protocol-initiated relationship had been made with an adjacent router?

    (a)    ping

    (b)   show ip ospf neighbor

    (c)     show ip interface brief

    (d)    show ip protocols

     

    Correct Answer: (b)

    Explanation:

    While the show ip interface brief and ping commands can be used to determine if Layer 1, 2, and 3 connectivity exists, neither command can be used to determine if a particular OSPF or EIGRP-initiated relationship has been made. The show ip protocols command is useful in determining the routing parameters such as timers, router ID, and metric information associated with a specific routing protocol. The show ip ospf neighbor command shows if two adjacent routers have exchanged OSPF messages in order to form a neighbor relationship.


    Q(26). Refer to the exhibit. Which command did an administrator issue to produce this output?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 7

    (a) R1# show ip ospf interface serial0/0/1

    (b) R1# show ip route ospf

    (c) R1# show ip ospf

    (d) R1# show ip ospf neighbor

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(27). Which command is used to verify that OSPF is enabled and also provides a list of the networks that are being advertised by the network?

    (a)    show ip interface brief

    (b)    show ip ospf interface

    (c)    show ip protocols

    (d)    show ip route ospf

     

    Correct Answer: (c)

    Explanation:

    The command show ip ospf interface verifies the active OSPF interfaces. The command show ip interface brief is used to check that the interfaces are operational. The command show ip route ospf displays the entries that are learned via OSPF in the routing table. The command show ip protocols checks that OSPF is enabled and lists the networks that are advertised.


    Q(28). Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers but PC1 is unable to connect to PC2. What is the most likely problem?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 8

    (a)    Interface Fa0/0 has not been activated for OSPFv2 on router R2.

    (b)    Interface Fa0/0 is configured as a passive-interface on router R2.

    (c)     Interface S0/0 is configured as a passive-interface on router R2.

    (d)    Interface s0/0 has not been activated for OSPFv2 on router R2.

     

    Correct Answer: (a)

    Explanation:

    If a LAN network is not advertised using OSPFv2, a remote network will not be reachable. The output displays a successful neighbor adjacency between router R1 and R2 on the interface S0/0 of both routers.


    Q(29). What is the recommended Cisco best practice for configuring an OSPF-enabled router so that each router can be easily identified when troubleshooting routing issues?

    (a)    Configure a value using the router-id command.

    (b)    Use the highest active interface IP address that is configured on the router.

    (c)     Use a loopback interface configured with the highest IP address on the router.

    (d)    Use the highest IP address assigned to an active interface participating in the routing process.

     

    Correct Answer: (a)

    Explanation:

    A Cisco router is assigned a router ID to uniquely identify it. It can be automatically assigned and take the value of the highest configured IP address on any interface, the value of a specifically-configured loopback address, or the value assigned (which is in the exact form of an IP address) using the router-id command. Cisco recommends using the router-id command.


    Q(30). Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?

    (a)    load balancing equal-cost paths

    (b)    declaring a neighbor to be inaccessible

    (c)     choosing the best route

    (d)   executing the SPF algorithm

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(31). An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.223.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?

    (a)    0.0.1.255

    (b)    0.0.7.255

    (c)     0.0.15.255

    (d)    0.0.31.255

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(32). What is the format of the router ID on an OSPF-enabled router?

    (a)    a unique router host name that is configured on the router

    (b)    a unique phrase with no more than 16 characters

    (c)    a 32-bit number formatted like an IPv4 address

    (d)    an 8-bit number with a decimal value between 0 and 255

    (e)    a character string with no space

     

    Correct Answer: (c)

    Explanation:

    A router ID is a 32-bit number formatted like an IPv4 address and assigned in order to uniquely identify a router among OSPF peers.


    Q(33). Question as presented:

    DUAL is the algorithm used by EIGRP. In multiarea OSPF, OSPF is implemented using multiple areas, and all of them must be connected to the backbone area.

    Correct Answer

    Explanation:

    No answer description available for this question


    Q(34). After modifying the router ID on an OSPF router, what is the preferred method to make the new router ID effective?

    (a) HQ# copy running-config startup-config

    (b) HQ# resume

    (c) HQ# clear ip route *

    (d) HQ# clear ip ospf process

     

    Correct Answer: (d)

    Explanation:

    To modify a router-id on an OSPF-enabled router, it is necessary to reset the OSPF routing process by entering either the clear ip ospf process command or the reload command.


    Q(35). In an OSPFv2 configuration, what is the effect of entering the command network 192.168.1.1 0.0.0.0 area 0?

    (a)    It allows all 192.168.1.0 networks to be advertised.

    (b)   It tells the router which interface to turn on for the OSPF routing process.

    (c)     It changes the router ID of the router to 192.168.1.1.

    (d)    It enables OSPF on all interfaces on the router.

     

    Correct Answer: (b)

    Explanation:

    Entering the command network 192.168.1.1 0.0.0.0 area 0 will turn on only the interface with that IP address for OSPF routing. It does not change the router ID. Instead, OSPF will use the network that is configured on that interface.


    Q(36). What is the reason for a network engineer to alter the default reference bandwidth parameter when configuring OSPF?

    (a)    to force that specific link to be used in the destination route

    (b)   to more accurately reflect the cost of links greater than 100 Mb/s

    (c)     to enable the link for OSPF routing

    (d)    to increase the speed of the link

     

    Correct Answer: (b)

    Explanation:

    By default, Fast Ethernet, Gigabit, and 10 Gigabit Ethernet interfaces all have a cost of 1. Altering the default reference bandwidth alters the cost calculation, allowing each speed to be more accurately reflected in the cost.


    Q(37). Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 9

    Which task has to be performed on Router 1 for it to establish an OSPF adjacency with Router 2?

    (a)    Issue the clear ip ospf process command.

    (b)   Change the subnet mask of interface FastEthernet 0/0 to 255.255.255.0.

    (c)     Remove the passive interface command from interface FastEthernet 0/0.

    (d)    Add the network 10.0.1.0 0.0.0.255 area 0 command to the OSPF process.

     

    Correct Answer: (b)

    Explanation:

    Each interface on the link connecting the OSPF routers must be in the same subnet for an adjacency to be established. The IP address subnet mask on FastEthernet interface 0/0 must be changed to 255.255.255.0. The FastEthernet interface 0/0 is not passive. The 10.0.1.0/24 network is only connected to Router2 so should not be advertised by Router1. The clear ip ospf process command will start the OPSF process on Router1 but will not cause an adjacency to be established if the subnet mask mismatch on the connecting interfaces still exists.


    Q(38). Match the description to the term. (Not all options are used.)

    Correct Answer

     

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 10

    Explanation:

    No answer description available for this question


    Q(39). What is a benefit of multiarea OSPF routing?

    (a)    Topology changes in one area do not cause SPF recalculations in other areas.

    (b)    Routers in all areas share the same link-state database and have a complete picture of the entire network.

    (c)     A backbone area is not required.

    (d)    Automatic route summarization occurs by default between areas.

     

    Correct Answer: (a)

    Explanation:

    With multiarea OSPF, only routers within an area share the same link-state database. Changes to the network topology in one area do not impact other areas, which reduces the number of SPF algorithm calculations and the of link-state databases.


    Q(40). Match the OSPF state with the order in which it occurs. (Not all options are used.)
    Correct Answer:

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 11

    Explanation:

    No answer description available for this question


    Q(41). What indicates to a link-state router that a neighbor is unreachable?

    (a)    if the router no longer receives hello packets

    (b)    if the router receives an update with a hop count of 16

    (c)     if the router receives an LSP with previously learned information

    (d)    if the router no longer receives routing updates

     

    Correct Answer: (a)

    Explanation:

    OSPF routers send hello packets to monitor the state of a neighbor. When a router stops receiving hello packets from a neighbor, that neighbor is considered unreachable and the adjacency is broken.


    Q(42). Which three OSPF states are involved when two routers are forming an adjacency? (Choose three.)

    (a)    Exchange

    (b)   Init

    (c)     ExStart

    (d)   Two-way

    (e)    Loading

    (f)     Down

     

    Correct Answer: (b), (d) & (f)

    Explanation:

    No answer description available for this question

    Explanation:

    OSPF operation progresses through 7 states for establishing neighboring router adjacency, exchanging routing information, calculating the best routes, and reaching convergence. The Down, Init, and Two-way states are involved in the phase of neighboring router adjacency establishment.


    Q(43). Refer to the exhibit. Suppose that routers B, C, and D have a default priority, and router A has a priority 0. Which conclusion can be drawn from the DR/BDR election process?

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam

    (a)    If the priority of router C is changed to 255, then it will become the DR.

    (b)    Router A will become the DR and router D will become the BDR.

    (c)    If the DR fails, the new DR will be router B.

    (d)    If a new router with a higher priority is added to this network, it will become the DR.

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question

    Explanation:

    If the priority is set to 0, the router is not capable of becoming the DR, so router A cannot be the DR. OSPF DR and BDR elections are not preemptive. If a new router with a higher priority or higher router ID is added to the network after the DR and BDR election, the newly added router does not take over the DR or the BDR role.


    Q(44). An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 64.102.0.0 255.255.255.128. What wildcard mask would the administrator use in the OSPF network statement?

    (a)    0.0.31.255

    (b)    0.0.0.63

    (c)     0.0.63.255

    (d)   0.0.0.127

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(45). Which command will a network engineer issue to verify the configured hello and dead timer intervals on a point-to-point WAN link between two routers that are running OSPFv2?

    (a) show ipv6 ospf interface serial 0/0/0

    (b) show ip ospf neighbor

    (c) show ip ospf interface fastethernet 0/1

    (d) show ip ospf interface serial 0/0/0

     

    Correct Answer: (d)

    Explanation:

    The show ip ospf interface serial 0/0/0 command will display the configured hello and dead timer intervals on a point-to-point serial WAN link between two OSPFv2 routers. The show ipv6 ospf interface serial 0/0/0 command will display the configured hello and dead timer intervals on a point-to-point serial link between two OSPFv3 routers. The show ip ospf interface fastethernet 0/1 command will display the configured hello and dead timer intervals on a multiaccess link between two (or more) OSPFv2 routers. The show ip ospf neighbor command will display the dead interval elapsed time since the last hello message was received, but does not show the configured value of the timer.


    Q(46). An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 128.107.0.0 255.255.255.192. What wildcard mask would the administrator use in the OSPF network statement?

    (a)    0.0.63.255

    (b)   0.0.0.63

    (c)     0.0.0.3

    (d)    0.0.0.7

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(47). Match each OSPF packet type to how it is used by a router. (Not all options are used.)

    Correct Answer:

    CCNA 3 v7 Modules 1 - 2: OSPF Concepts and Configuration Exam Answers 12

    Explanation:

    No answer description available for this question


    Q(48). Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?

    (a)    selecting the router ID

    (b)    declaring a neighbor to be inaccessible

    (c)     executing the SPF algorithm

    (d)   building the topology table

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(49). An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 198.19.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?

    (a)    0.0.63.255

    (b)   0.0.3.255

    (c)     0.0.31.255

    (d)    0.0.0.255

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(50). An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 128.107.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?

    (a)    0.0.3.255

    (b)    0.0.0.7

    (c)     0.0.0.3

    (d)    0.0.63.255

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


    Q(51). Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link?

    (a)    building the topology table

    (b)    selecting the router ID

    (c)    exchanging link-state advertisements

    (d)    injecting the default route

     

    Correct Answer: (c)

    Explanation:

    No answer description available for this question


    Q(52). Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces?

    (a)    electing the designated router

    (b)   establishing neighbor adjacencies

    (c)     injecting the default route

    (d)    exchanging link-state advertisements

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(53). An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 64.100.0.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?

    (a)    0.0.0.31

    (b)   0.0.0.255

    (c)     0.0.0.63

    (d)    0.0.0.127

     

    Correct Answer: (b)

    Explanation:

    No answer description available for this question


    Q(54). Which step in the link-state routing process is described by a router inserting best paths into the routing table?

    (a)    declaring a neighbor to be inaccessible

    (b)    executing the SPF algorithm

    (c)     load balancing equal-cost paths

    (d)   choosing the best route

     

    Correct Answer: (d)

    Explanation:

    No answer description available for this question


    Q(55). What type of address is 64.101.198.197?

    (a)    public

    (b)    private

     

    Correct Answer: (a)

    Explanation:

    No answer description available for this question


Back to top button
error: Content is protected !!

Adblock Detected

Please consider supporting us by disabling your ad blocker