1. Which statement best describes a WAN?

A WAN interconnects LANs over long distances.*

A WAN is a public utility that enables access to the Internet.
WAN is another name for the Internet.

A WAN is a LAN that is extended to provide secure remote network access.

2. Connecting offices at different locations using the Internet can be economical for a
business. What are two important business policy issues that should be addressed
when using the Internet for this purpose? (Choose two.)addressingbandwidth
privacy*
security*
WAN technology

3. What is a disadvafntage of a packet-switched network compared to a circuit-

switched network?higher costfixed capacity
less flexibility

higher latency*

4. A company is considering updating the campus WAN connection. Which two WAN
options are examples of the private WAN architecture? (Choose two.)cableleased
line*
Ethernet WAN*
municipal Wi-Fi

digital subscriber line

5. Which statement describes a characteristic of dense wavelength division

multiplexing (DWDM)?It supports the SONET standard, but not the SDH standard.It
enables bidirectional communications over one pair of copper cables.
It can be used in long-range communications, like connections between ISPs.*
It assigns incoming electrical signals to specific frequencies.

6. Which WAN technology can serve as the underlying network to carry multiple
types of network traffic such as IP, ATM, Ethernet, and DSL?ISDNMPLS*
Frame Relay

Ethernet WAN

7. Which two WAN technologies are more likely to be used by a business than by
teleworkers or home users? (Choose two.)cableDSL
Frame Relay*
MetroE*
VPN

8. The security policy in a company specifies that the staff in the sales department
must use a VPN to connect to the corporate network to access the sales data when
they travel to meet customers. What component is needed by the sales staff to
establish a remote VPN connection?VPN gatewayVPN appliance
 VPN concentrator

VPN client software*

9. How many DS0 channels are bundled to produce a 1.544 Mbps T1 line?
21224*
28

10. What function is provided by Multilink PPP?spreading traffic across multiple

physical WAN links*dividing the bandwidth of a single link into separate time slots
enabling traffic from multiple VLANs to travel over a single Layer 2 link

creating one logical link between two LAN switches via the use of multiple physical
links

11. Refer to the exhibit. A network administrator is configuring the PPP link between
the routers R1 and R2. However, the link cannot be established. Based on the
partial output of the show running-config command, what is the cause of the

problem? The
usernames do not match each other.
The usernames do not match the host names.*
The passwords for CHAP should be in lowercase.

The username r1 should be configured on the router R1 and the username r2 should be
configured on the router R2.

12. Refer to the exhibit. A network administrator has configured routers RTA and
RTB, but cannot ping from serial interface to serial interface. Which layer of the
OSI model is the most likely cause of the problem?
 application
transport

network

data link*
physical

13. What advantage does DSL have compared to cable technology?DSL upload and
download speeds are always the same.DSL is faster.
DSL has no distance limitations.

DSL is not a shared medium.*

14. Which broadband technology would be best for a user that needs remote access
when traveling in mountains and at sea?
Wi-Fi Meshmobile broadbandWiMax
satellite*
15. Which technology requires the use of PPPoE to provide PPP connections to
customers?dialup analog modemdialup ISDN modem
DSL*
T1

16. Refer to the exhibit. What is the network administrator verifying when issuing the
show ip interface brief command on R1 in respect to the PPPoE connection to R2?
 that the Dialer1 interface has been manually assigned an IP address
that the Dialer1 interface is up and up

that the Dialer1 interface has been assigned an IP address by the ISP router*
that the IP address on R1 G0/1 is in the same network range as the DSL modem

17. Which technology creates a mapping of public IP addresses for remote tunnel
spokes in a DMVPN configuration?ARPNHRP*
NAT

IPsec

18. What is the purpose of the generic routing encapsulation tunneling protocol?to
provide packet level encryption of IP traffic between remote sitesto manage the
transportation of IP multicast and multiprotocol traffic between remote sites*
to support basic unencrypted IP tunneling using multivendor routers between remote
sites

to provide fixed flow-control mechanisms with IP tunneling between remote sites

19. Refer to the exhibit. What is used to exchange routing information between routers
within each AS?
 static routing
IGP routing protocols*
EGP routing protocols

default routing

20. Which IPv4 address range covers all IP addresses that match the ACL filter
specified by 172.16.2.0 with wildcard mask 0.0.1.255?172.16.2.0 to
172.16.2.255172.16.2.1 to 172.16.3.254
172.16.2.0 to 172.16.3.255*
172.16.2.1 to 172.16.255.255

21. Refer to the exhibit. A named access list called chemistry_block has been written to
prevent users on the Chemistry Network and public Internet from access to
Records Server. All other users within the school should have access to this server.
The list contains the following statements:deny 172.16.102.0 0.0.0.255
172.16.104.252 0.0.0.0permit 172.16.0.0 0.0.255.255 172.16.104.252 0.0.0.0Which
command sequence will place this list to meet these requirements?
 Hera(config)# interface fa0/0
Hera(config-if)# ip access-group chemistry_block in

Hera(config)# interface s0/0/0

Hera(config-if)# ip access-group chemistry_block out

Apollo(config)# interface s0/0/0

Apollo(config-if)# ip access-group chemistry_block out

Apollo(config)# interface s0/0/1

Apollo(config-if)# ip access-group chemistry_block in

Athena(config)# interface s0/0/1

Athena(config-if)# ip access-group chemistry_block in

Athena(config)# interface fa0/0

Athena(config-if)# ip access-group chemistry_block out*
22. What guideline is generally followed about the placement of extended access control
lists?They should be placed as close as possible to the source of the traffic to be
denied.*They should be placed as close as possible to the destination of the traffic to be
denied.
They should be placed on the fastest interface available.

They should be placed on the destination WAN link.

23. In the creation of an IPv6 ACL, what is the purpose of the implicit final command
entries, permit icmp any any nd-na and permit icmp any any nd-ns?to allow IPv6 to
MAC address resolution*to allow forwarding of IPv6 multicast packets
to allow automatic address configuration

to allow forwarding of ICMPv6 packets

24. A network administrator is testing IPv6 connectivity to a web server. The network
administrator does not want any other host to connect to the web server except for
the one test computer. Which type of IPv6 ACL could be used for this
situation?only a standard ACLa standard or extended ACLonly an extended ACL
an extended, named, or numbered ACL

only a named ACL*

25. Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the
S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP
will be dropped by the ACL on R1?

HTTPS packets to PC1

ICMPv6 packets that are destined to PC1*
packets that are destined to PC1 on port 80

neighbor advertisements that are received from the ISP router

26. What is a secure configuration option for remote access to a network

device?Configure SSH.*Configure Telnet.
Configure 802.1x.

Configure an ACL and apply it to the VTY lines.

27. What protocol should be disabled to help mitigate VLAN attacks?DTP*STP

CDP

ARP

28. Which term describes the role of a Cisco switch in the 802.1X port-based access
control?agentsupplicant
authenticator*
authentication server
29. What two protocols are supported on Cisco devices for AAA communications?
(Choose two.)
VTPLLDPHSRP
RADIUS*
TACACS+*
30. In configuring SNMPv3, what is the purpose of creating an ACL?to define the
source traffic that is allowed to create a VPN tunnelto define the type of traffic that is
allowed on the management network
to specify the source addresses allowed to access the SNMP agent*
to define the protocols allowed to be used for authentication and encryption

31. Refer to the exhibit. What feature does an SNMP manager need in order to be able
to set a parameter on switch ACSw1?

a
manager who is using an SNMP string of K44p0ut
a manager who is using an Inform Request MIB

a manager who is using host 192.168.0.5*

a manager who is using authPriv

32. Which Cisco feature sends copies of frames entering one port to a different port on
the same switch in order to perform traffic analysis?CSAHIPS
SPAN*
VLAN

33. What are two characteristics of video traffic? (Choose two.)Video traffic is more
resilient to loss than voice traffic is.Video traffic is unpredictable and inconsistent.*
Video traffic latency should not exceed 400 ms.*
Video traffic requires a minimum of 30 kbs of bandwidth.

Video traffic consumes less network resources than voice traffic consumes.

34. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first
before packets in other queues are sent?CBWFQFIFO
LLQ*
FCFS

35. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS
treatment, which congestion avoidance technique is used?
 traffic shaping*
weighted random early detection

classification and marking

traffic policing

36. Which type of QoS marking is applied to Ethernet frames?CoS*ToS

DSCP

IP precedence

37. What is the function of a QoS trust boundary?A trust boundary identifies the location
where traffic cannot be remarked.A trust boundary identifies which devices trust the
marking on packets that enter a network.*
A trust boundary only allows traffic to enter if it has previously been marked.

A trust boundary only allows traffic from trusted endpoints to enter the network.

38. A vibration sensor on an automated production line detects an unusual condition.

The sensor communicates with a controller that automatically shuts down the line
and activates an alarm. What type of communication does this scenario
represent?machine-to-peoplemachine-to-machine*
people-to-people

people-to-machine

39. Which pillar of the Cisco IoT System allows data to be analyzed and managed at
the location where it is generated?data analyticsfog computing*
network connectivity

application enhancement platform

40. Which Cloud computing service would be best for a new organization that cannot
afford physical servers and networking equipment and must purchase network
services on-demand?PaaSSaaS
ITaaS

IaaS*
41. A data center has recently updated a physical server to host multiple operating
systems on a single CPU. The data center can now provide each customer with a
 separate web server without having to allocate an actual discrete server for each
customer. What is the networking trend that is being implemented by the data
center in this situation?BYODvirtualization*
maintaining communication integrity

online collaboration

42. What is used to pre-populate the adjacency table on Cisco devices that use CEF to
process packets?the ARP table*the routing table
the FIB

the DSP

43. Which component of the ACI architecture translates application policies into
network programming?the Nexus 9000 switchthe Application Network Profile
endpoints
the Application Policy Infrastructure Controller*
the hypervisor

44. Which two pieces of information should be included in a logical topology diagram
of a network? (Choose two.)device typeOS/IOS version
connection type*
interface identifier*
cable specification

cable type and identifier

45. Which network performance statistics should be measured in order to verify SLA
compliance?NAT translation statisticsdevice CPU and memory utilization
latency, jitter, and packet loss*
the number of error messages that are logged on the syslog server

46. Which feature sends simulated data across the network and measures performance
between multiple network locations?LLDPIP SLA*
syslog

SPAN

47. Which troubleshooting tool would a network administrator use to check the Layer
2 header of frames that are leaving a particular host?protocol analyzer*baselining
tool
knowledge base

CiscoView

48. Refer to the exhibit. A network administrator is troubleshooting the OSPF network.
The 10.10.0.0/16 network is not showing up in the routing table of Router1. What is
the probable cause of this problem?
 CCNA4 v6.0 Final Exam 011
The serial interface on Router2 is down.

The OSPF process is not running on Router2.

The OSPF process is configured incorrectly on Router1.

There is an incorrect wildcard mask statement for network 10.10.0.0/16 on

Router2.*
49. Refer to the exhibit. A user turns on a PC after it is serviced and calls the help desk
to report that the PC seems unable to reach the Internet. The technician asks the
user to issue the arp –a and ipconfig commands. Based on the output, what are two
possible causes of the problem? (Choose two.)
 The IP
configuration is incorrect.*
The network cable is unplugged.

The DNS server address is not configured.

The subnet mask is configured incorrectly.

The default gateway device cannot be contacted.*

50. Match OoS techniques with the description. (Not all options are used.)Which
circumstance would result in an enterprise deciding to implement a corporate
WAN?when its employees become distributed across many branch locations*
when the network will span multiple buildings

when the number of employees exceeds the capacity of the LAN

when the enterprise decides to secure its corporate LAN

51. What are two types of WAN providers? (Choose two.)DNS serverssatellite service*
web hosting service

telephone company*
Internet search engine service

52. Which two types of devices are specific to WAN environments and are not found on
a LAN? (Choose two.)access layer switchbroadband modem*
core switch

CSU/DSU*
distribution layer router

53. What is a feature of dense wavelength-division multiplexing (DWDM) technology?It

replaces SONET and SDH technologies.It enables bidirectional communications over
one strand of fiber.*
It provides Layer 3 support for long distance data communications.
 It provides a 10 Gb/s multiplexed signal over analog copper telephone lines.

54. What is a disadvantage of ATM compared to Frame Relay?less efficient*lacks SVC

support
does not scale well to provide high speed WAN connections

requires multiple interfaces on the edge router to support multiple VCs

55. Which WAN solution uses labels to identify the path in sending packets through a
provider network?cableDSLFrame Relay
MPLS*
VSAT

56. An intercity bus company wants to offer constant Internet connectivity to the users
traveling on the buses. Which two types of WAN infrastructure would meet the
requirements? (Choose two.)private infrastructurepublic infrastructure*
dedicated

circuit-switched

cellular*
57. What device is needed at a central office to aggregate many digital subscriber lines
from customers?CMTSDSLAM*
CSU/DSU

access server

58. A corporation is searching for an easy and low cost solution to provide teleworkers
with a secure connection to headquarters. Which solution should be selected?dial-up
connectionleased line connection
site-to-site VPN over the Internet

remote access VPN over the Internet*

59. What is the maximum number of DS0 channels in a 1.544 Mbps T1 line?212
24*
28

60. Refer to the exhibit. What type of Layer 2 encapsulation will be used for RtrA
connection D if it is left to the default and the router is a Cisco router?
 Ethernet
Frame Relay

HDLC*
PPP

61. Which two functions are provided by the NCP during a PPP connection? (Choose
two.)identifying fault conditions for the PPP linkproviding multilink capabilities over the
PPP linkbringing the network layer protocol or protocols up and down*
enhancing security by providing callback over PPP

negotiating options for the IP protocol*

managing authentication of the peer routers of the PPP link

62. What PPP information will be displayed if a network engineer issues the show ppp
multilink command on Cisco router?the link LCP and NCP statusthe queuing type on
the link
the IP addresses of the link interfaces

the serial interfaces participating in the multilink*

63. Refer to the exhibit. Which statement describes the status of the PPP connection?

Only the
link-establishment phase completed successfully.
Only the network-layer phase completed successfully.

Neither the link-establishment phase nor the network-layer phase completed

successfully.

Both the link-establishment and network-layer phase completed successfully.*

64. A network administrator is configuring a PPP link with the commands:
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70
What is the effect of these commands?The PPP link will be closed down if the link
quality drops below 70 percent.*The NCP will send a message to the sending device if
the link usage reaches 70 percent.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or
more.

The PPP link will not be established if more than 30 percent of options cannot be
accepted.

65. How does virtualization help with disaster recovery within a data center?Power is
always provided.Less energy is consumed.
Server provisioning is faster.

Hardware does not have to be identical.*

66. Which broadband solution is appropriate for a home user who needs a wired
connection not limited by distance?cable*DSL
WiMax

ADSL
67. What is the protocol that provides ISPs the ability to send PPP frames over DSL
networks?PPPoE*CHAP
ADSL

LTE

68. In software defined network architecture, what function is removed from network
devices and performed by an SDN controller?control plane*data plane
security

application policies

69. What would a network administrator expect the routing table of stub router R1 to
look like if connectivity to the ISP was established via a PPPoE
configuration?192.168.1.0/32 is subnetted, 2 subnetted
C 192.168.1.1 is directly connected, Dialer1
C 192.168.1.2 is directly connected, Dialer2S* 0.0.0.0/0 is directly connected,
Dialer1192.168.1.0/32 is subnetted, 2 subnetted
C 192.168.1.1 is directly connected, Dialer
S* 0.0.0.0/0 is directly connected, Dialer1
192.168.1.0/32 is subnetted, 2 subnetted
C 192.168.1.1 is directly connected, Dialer1
C 192.168.1.2 is directly connected, Dialer1*
70. What is a benefit of implementing a Dynamic Multipoint VPN network design?A
DMVPN will use an encrypted session and does not require IPsec.A DMVPN uses a
Layer 3 protocol, NHRP, to dynamically establish tunnels.
A DMVPN will support remote peers by providing a mapping database of public IP
addresses to each one.*
A DMVPN uses mGRE to create multiple GRE interfaces that each support a single
VPN tunnel.

71. Which remote access implementation scenario will support the use of generic
routing encapsulation tunneling?a mobile user who connects to a router ata central
sitea branch office that connects securely to a central site
a mobile user who connects to a SOHO site

a central site that connects to a SOHO site without encryption*

72. Refer to the exhibit. All routers are successfully running the BGP routing protocol.
How many routers must use EBGP in order to share routing information across the
autonomous systems?
 2
3

4*
5

73. Which statement describes a characteristic of standard IPv4 ACLs?They are

configured in the interface configuration mode.They filter traffic based on source IP
addresses only.*
They can be created with a number but not with a name.

They can be configured to filter traffic based on both source IP addresses and source
ports.

74. Which three values or sets of values are included when creating an extended access
control list entry? (Choose three.)access list number between 1 and 99access list
number between 100 and 199*
default gateway address and wildcard mask

destination address and wildcard mask*

source address and wildcard mask*
source subnet mask and wildcard mask

destination subnet mask and wildcard mask

75. Refer to the exhibit. A router has an existing ACL that permits all traffic from the
172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is shown in
the exhibit. What action can the administrator take to block packets from host
172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
 Manually add the new deny ACE with a sequence number of 5.*
Manually add the new deny ACE with a sequence number of 15.

Create a second access list denying the host and apply it to the same interface.

Add a deny any any ACE to access-list 1.

76. Which three implicit access control entries are automatically added to the end of an
IPv6 ACL? (Choose three.)deny ip any anydeny ipv6 any any*
permit ipv6 any any

deny icmp any any

permit icmp any any nd-ns*

permit icmp any any nd-na*
77. The computers used by the network administrators for a school are on the
10.7.0.0/27 network. Which two commands are needed at a minimum to apply an
ACL that will ensure that only devices that are used by the network administrators
will be allowed Telnet access to the routers? (Choose two.)access-class 5 in*access-
list 5 deny any
access-list standard VTY

permit 10.7.0.0 0.0.0.127

access-list 5 permit 10.7.0.0 0.0.0.31*

ip access-group 5 out

ip access-group 5 in

78. A network administrator is adding ACLs to a new IPv6 multirouter environment.

Which IPv6 ACE is automatically added implicitly at the end of an ACL so that two
adjacent routers can discover each other?permit ip any anypermit ip any host
ip_addresspermit icmp any any nd-na*
deny ip any any

79. What would be the primary reason an attacker would launch a MAC address
overflow attack?so that the switch stops forwarding trafficso that legitimate hosts
cannot obtain a MAC address
so that the attacker can see frames that are destined for other hosts*
so that the attacker can execute arbitrary code on the switch
80. What are three of the six core components in the Cisco IoT system? (Choose
three.)fog computing*wearable technologies
data analytics*
robot guides

cyber and physical security*

smart bandages

81. What security countermeasure is effective for preventing CAM table overflow
attacks?
port security*DHCP snoopingIP source guard
Dynamic ARP Inspection

82. Which SNMP feature provides a solution to the main disadvantage of SNMP
polling?SNMP set messagesSNMP trap messages*
SNMP get messages

SNMP community strings

83. When SNMPv1 or SNMPv2 is being used, which feature provides secure access to
MIB objects?packet encryptionmessage integrity
community strings*
source validation

features

84. What two are added in SNMPv3 to address the weaknesses of previous versions of
SNMP? (Choose two.)bulk MIB objects retrievalencryption*
authorization with community string priority

authentication*
ACL management filtering

85. Which queuing mechanism supports user-defined traffic classes?FIFOCBWFQ*

WFQ

FCFS

86. Which field is used to mark Layer 2 Ethernet frames for QoS treatment?Type of
Service fieldTraffic Class field
Priority field*
Version field

87. What is an example of cloud computing?a continuous interaction between people,

processes, data, and thingsa service that offers on-demand access to shared
resources*
a network infrastructure that spans a large geographic area

an architectural style of the World Wide Web

88. Which type of resources are required for a Type 1 hypervisor?a host operating
systema server running VMware Fusion
a management console*
a dedicated VLAN

89. A network technician made a configuration change on the core router in order to
solve a problem. However, the problem is not solved. Which step should the
technician take next?Gather symptoms.Isolate the problem.
Restore the previous configuration.*
Implement the next possible corrective action.

90. A user reports that when the corporate web page URL is entered on a web browser,
an error message indicates that the page cannot be displayed. The help-desk
technician asks the user to enter the IP address of the web server to see if the page
can be displayed. Which troubleshooting method is being used by the
technician?top-downbottom-up
substitution

divide-and-conquer*
91. What is a primary function of the Cisco IOS IP Service Level Agreements feature?
to detect potential network attacksto provide network connectivity for customersto adjust
network device configurations to avoid congestion
to measure network performance and discover a network failure as early as
possible*
92. Which IOS log message level indicates the highest severity level?level 0*level 1
level 4

level 7

93. Which symptom is an example of network issues at the network layer?A

misconfigured firewall blocks traffic to a file server.There are too many invalid frames
transmitted in the network.
Neighbor adjacency is formed with some routers, but not all routers.*
A web server cannot be reached by its domain name, but can be reached via its IP
address.

94. Refer to the exhibit. H1 can only ping H2, H3, and the Fa0/0 interface of router R1.
H2 and H3 can ping H4 and H5. Why might H1 not be able to successfully ping H4
and H5?
 Router R1 does not have a route to the destination network.
Switch S1 does not have an IP address configured.

The link between router R1 and switch S2 has failed.

Host H1 does not have a default gateway configured.*

Hosts H4 and H5 are members of a different VLAN than host H1.

95. Refer to the exhibit. On the basis of the output, which two statements about
network connectivity are correct? (Choose two.)

There is
connectivity between this device and the device at 192.168.100.1.*
The connectivity between these two hosts allows for videoconferencing calls.

There are 4 hops between this device and the device at 192.168.100.1.*
The average transmission time between the two hosts is 2 milliseconds.

This host does not have a default gateway configured.

96. Fill in the blanks. Use dotted decimal format.The wildcard mask that is associated
with 128.165.216.0/23 is 0.0.1.255
97. Match the characteristic to the appropriate authentication protocol. (Not all options
are used.)
98. Match the term to the description. (Not all options are used.)

99. What is a primary difference between a company LAN and the WAN services that
it uses?The company must subscribe to an external WAN service provider.*The
company has direct control over its WAN links but not over its LAN.
Each LAN has a specified demarcation point to clearly separate access layer and
distribution layer equipment.

The LAN may use a number of different network access layer standards whereas the
WAN will use only one standard.

100. To which two layers of the OSI model do WAN technologies provide services?
(Choose two.)network layersession layerphysical layer*
transport layer

data link layer*

presentation layer

101. Which two technologies are private WAN technologies? (Choose two.)cableFrame
Relay*
DSL

ATM*

cellular

102. Which WAN technology can switch any type of payload based on labels?PSTNDSL
MPLS*
 T1/E1

103. What technology can be used to create a private WAN via satellite
communications?VPN3G/4G cellular
dialup

VSAT*
WiMAX

104. Which public WAN access technology utilizes copper telephone lines to provide
access to subscribers that are multiplexed into a single T3 link
connection?ISDNDSL*
dialup

cable

105. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?
21224*
28

106. Refer to the exhibit. Communication between two peers has failed. Based on the
output that is shown, what is the most likely cause?

interface reset
unplugged cable

improper cable type

PPP issue*
107. Refer to the exhibit. Which type of Layer 2 encapsulation used for connection D
requires Cisco routers?
 Ethernet
PPPoE

HDLC*
PPP

108. Which three statements are true about PPP? (Choose three.)PPP can use
synchronous and asynchronous circuits.*PPP can only be used between two Cisco
devices.
PPP carries packets from several network layer protocols in LCPs.

PPP uses LCPs to establish, configure, and test the data-link connection.*
PPP uses LCPs to agree on format options such as authentication, compression, and
error detection.*
109. A network administrator is evaluating authentication protocols for a PPP link.
Which three factors might lead to the selection of CHAP over PAP as the
authentication protocol? (Choose three.)establishes identities with a two-way
handshakeuses a three-way authentication periodically during the session to
reconfirm identities*
control by the remote host of the frequency and timing of login events

transmits login information in encrypted format*

uses an unpredictable variable challenge value to prevent playback attacks*
makes authorized network administrator intervention a requirement to establish each
session

110. Which cellular or mobile wireless standard is considered a fourth generation

technology?LTE*GSM
CDMA

UMTS

111. A company is looking for the least expensive broadband solution that provides at
least 10 Mb/s download speed. The company is located 5 miles from the nearest
provider. Which broadband solution would be appropriate?satelliteDSL
WiMax

cable*
112. Which technology can ISPs use to periodically challenge broadband customers
over DSL networks with PPPoE?PAPCHAP*
HDLC

Frame Relay

113. What are the three core components of the Cisco ACI architecture? (Choose
three.)Application Network Profile*Application Policy Infrastructure Controller*
Cisco Nexus Switches*
Microsoft hypervisor

Cisco Information Server

Virtual Security Gateway

114. Which statement describes a feature of site-to-site VPNs?The VPN connection is

not statically defined.VPN client software is installed on each host.
Internal hosts send normal, unencapsulated packets.*
Individual hosts can enable and disable the VPN connection.

115. What are three features of a GRE tunnel? (Choose three.)creates nonsecure
tunnels between remote sites*transports multiple Layer 3 protocols*
creates additional packet overhead*
uses RSA signatures to authenticate peeers

provides encryption to keep VPN traffic confidential

supports hosts as GRE tunnel endpoints by installing Cisco VPN client software

116. Refer to the exhibit. What two commands are needed to complete the GRE tunnel
configuration on router R1? (Choose two.)

R1(config-if)# tunnel source 209.165.202.129*

R1(config-if)# tunnel source 172.16.2.1
 R1(config-if)# tunnel destination 206.165.202.130*
R1(config-if)# tunnel destination 172.16.2.2

R1(config-if)# tunnel source 209.165.202.130

R1(config-if)# tunnel destination 206.165.202.129

117. What does BGP use to exchange routing updates with neighbors?TCP
connections*area numbers
group identification numbers

hellos

118. Refer to the exhibit. The network administrator that has the IP address of
10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The
FTP server is also a web server that is accessible to all internal employees on
networks within the 10.x.x.x address. No other traffic should be allowed to this
server. Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)

access-list 105 permit

ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any*
R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in

R1(config)# interface gi0/0

R1(config-if)# ip access-group 105 out*
 R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out

119. Refer to the exhibit. A router has an existing ACL that permits all traffic from the
172.16.0.0 network. The administrator attempts to add a new statement to the ACL
that denies packets from host 172.16.0.1 and receives the error message that is
shown in the exhibit. What action can the administrator take to block packets from
host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?

Manually add the

new deny statement with a sequence number of 5.*
Manually add the new deny statement with a sequence number of 15.

Create a second access list denying the host and apply it to the same interface.

Add a deny any any statement to access-list 1.

120. Refer to the exhibit. What can be determined from this output?

The ACL is missing the deny ip any any ACE.

Because there are no matches for line 10, the ACL is not working.

The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.

The router has not had any Telnet packets from 10.35.80.22 that are destined for
10.23.77.101.*
121. What is the only type of ACL available for IPv6?named standardnamed extended*
numbered standard

numbered extended

122. Which IPv6 ACL command entry will permit traffic from any host to an SMTP
server on network 2001:DB8:10:10::/64?permit tcp any host 2001:DB8:10:10::100
eq 25*permit tcp host 2001:DB8:10:10::100 any eq 25
 permit tcp any host 2001:DB8:10:10::100 eq 23

permit tcp host 2001:DB8:10:10::100 any eq 23

123. Refer to the exhibit. Considering how packets are processed on a router that is
configured with ACLs, what is the correct order of the statements?

C-B-A-
D
A-B-C-D

C-B-D-A*
B-A-D-C

D-A-C-B

124. Which two hypervisors are suitable to support virtual machines in a data center?
(Choose two.)Virtual PCVMware FusionVMware ESX/ESXi*
Oracle VM VirtualBox

Microsoft Hyper-V 2012

125. How can DHCP spoofing attacks be mitigated?by disabling DTP negotiations on
nontrunking portsby implementing DHCP snooping on trusted ports*
by implementing port security

by the application of the ip verify source command to untrusted ports

126. What action can a network administrator take to help mitigate the threat of
VLAN attacks?Disable VTP.Configure all switch ports to be members of VLAN 1.
Disable automatic trunking negotiation.*
Enable PortFast on all switch ports.

127. Which SNMP message type informs the network management system (NMS)
immediately of certain specified events?
GET requestSET requestGET response
Trap*
128. Refer to the exhibit. A SNMP manager is using the community string of
snmpenable and is configured with the IP address 172.16.10.1. The SNMP manager
is unable to read configuration variables on the R1 SNMP agent. What could be the
 problem?

The SNMP agent is not configured for read-only access.

The community of snmpenable2 is incorrectly configured on the SNMP agent.

The ACL is not permitting access by the SNMP manager.*

The incorrect community string is configured on the SNMP manager.

129. Refer to the exhibit. Which SNMP authentication password must be used by the
member of the ADMIN group that is configured on router R1?

cisco54321
cisco98765

cisco123456*
cisco654321

130. A network administrator has noticed an unusual amount of traffic being received
on a switch port that is connected to a college classroom computer. Which tool
would the administrator use to make the suspicious traffic available for analysis at
the college data center?RSPAN*TACACS+
 802.1X

DHCP snooping

SNMP

131. What network monitoring tool copies traffic moving through one switch port, and
sends the copied traffic to another switch port for analysis?802.1XSNMP
SPAN*
syslog

132. Voice packets are being received in a continuous stream by an IP phone, but
because of network congestion the delay between each packet varies and is causing
broken conversations. What term describes the cause of this condition?
bufferinglatencyqueuing
jitter*
133. What mechanism compensates for jitter in an audio stream by buffering packets
and then replaying them outbound in a steady stream?digital signal
processorplayout delay buffer*
voice codec

WFQ

134. Which type of network traffic cannot be managed using congestion avoidance
tools?TCPUDP*
IP

ICMP

135. A network administrator has moved the company intranet web server from a
switch port to a dedicated router interface. How can the administrator determine
how this change has affected performance and availability on the company
intranet?Conduct a performance test and compare with the baseline that was
established previously.*Determine performance on the intranet by monitoring load
times of company web pages from remote sites.
Interview departmental administrative assistants to determine if web pages are loading
more quickly.

Compare the hit counts on the company web server for the current week to the values
that were recorded in previous weeks.

136. In which stage of the troubleshooting process would ownership be researched and
documented?Gather symptoms.*Implement corrective action.
Isolate the problem.

Update the user and document the problem.

137. Which troubleshooting approach is more appropriate for a seasoned network

administrator rather than a less-experienced network administrator?a less-
 structured approach based on an educated guess*an approach comparing working
and nonworking components to spot significant differences
a structured approach starting with the physical layer and moving up through the layers
of the OSI model until the cause of the problem is identified

an approach that starts with the end-user applications and moves down through the layers
of the OSI model until the cause of the problem has been identified

138. A router has been configured to use simulated network traffic in order to monitor
the network performance between the router and a distant network device. Which
command would display the results of this analysis?show ip routeshowip protocols
show ip sla statistics*
show monitor

139. Which type of tool would an administrator use to capture packets that are going to
and from a particular device?NMS toolknowledge base
baselining tool

protocol analyzer*
140. Refer to the exhibit. Which two statements describe the results of entering these

commands? (Choose two.) R1

will send system messages of levels 0 (emergencies) to level 4 (warnings) to a
server.*
R1 will not send critical system messages to the server until the command debug all is
entered.

R1 will reset all the warnings to clear the log.

R1 will output the system messages to the local RAM.

The syslog server has the IPv4 address 192.168.10.10.*

141. Refer to the exhibit. A network administrator discovers that host A is having
trouble with Internet connectivity, but the server farm has full connectivity. In
addition, host A has full connectivity to the server farm. What is a possible cause of
this problem?
The router has an incorrect gateway.
Host A has an overlapping network address.

Host A has an incorrect default gateway configured.

Host A has an incorrect subnet mask.

NAT is required for the host A network.*

142. Match the operation to the appropriate QoS model.

143. Match the cloud model with the description.

144. Match the cloud model with the description.