CCNA 4 v60 Chapters Exam Answers

CCNA 4 v6.
0 Chapter 1 Exam Answers 100%
CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 1 Exam
Answers 100%
1. A small company with 10 employees uses a single LAN to share

information between computers. Which type of connection to the Internet
would be appropriate for this company?
a dialup connection that is supplied by their local telephone service provider
Virtual Private Networks that would enable the company to connect easily and securely
with employees
private dedicated lines through their local service provider
a broadband service, such as DSL, through their local service provider*
2. Which network scenario will require the use of a WAN?

Employee workstations need to obtain dynamically assigned IP addresses.
Employees need to connect to the corporate email server through a VPN while
traveling.*
Employees in the branch office need to share files with the headquarters office that is
located in a separate building on the same campus network.
Employees need to access web pages that are hosted on the corporate web servers in the
DMZ within their building.
3. Which statement describes a characteristic of a WAN?

A WAN operates within the same geographic scope of a LAN, but has serial links.
WAN networks are owned by service providers.*
All serial links are considered WAN connections.
A WAN provides end-user network connectivity to the campus backbone.
4. What are two common types of circuit-switched WAN technologies?

(Choose two.)
Frame Relay
DSL
1/7
PSTN*
ATM
ISDN*
5. Which two devices are needed when a digital leased line is used to
provide a connection between the customer and the service provider?
(Choose two.)
access server
CSU*
Layer 2 switch
DSU*
dialup modem
6. What is a requirement of a connectionless packet-switched network?

Each packet has to carry only an identifier.
The network predetermines the route for a packet.
Full addressing information must be carried in each data packet.*
A virtual circuit is created for the duration of the packet delivery.
7. What is an advantage of packet-switched technology over circuit-

switched technology?
Packet-switched networks are less susceptible to jitter than circuit-switched networks are.
Packet-switched networks can efficiently use multiple routes inside a service

provider network.*
Packet-switched networks do not require an expensive permanent connection to each

endpoint.
Packet-switched networks usually experience lower latency than circuit-switched networks

experience.
8. A new corporation needs a data network that must meet certain

requirements. The network must provide a low cost connection to sales
people dispersed over a large geographical area. Which two types of WAN
infrastructure would meet the requirements? (Choose two.)
public infrastructure*
private infrastructure
2/7
Internet*
dedicated
satellite
9. What is a long distance fiber-optic media technology that supports both

SONET and SDH, and assigns incoming optical signals to specific
wavelengths of light?
ISDN
MPLS
ATM
DWDM*
10. What are two common high-bandwidth fiber-optic media standards?

(Choose two.)
ANSI
ATM
ITU
SDH*
SONET*
11. Which WAN technology is cell-based and well suited to carry voice and
video traffic?
ATM*
ISDN
VSAT
Frame Relay
12. Which two technologies use the PSTN network to provide an Internet
connection? (Choose two.)
ATM
ISDN*
MPLS
dialup*
Frame Relay
3/7
13. A company needs to interconnect several branch offices across a
metropolitan area. The network engineer is seeking a solution that provides
high-speed converged traffic, including voice, video, and data on the same
network infrastructure. The company also wants easy integration to their
existing LAN infrastructure in their office locations. Which technology should
be recommended?
VSAT
ISDN
Frame Relay
Ethernet WAN*
14. Which solution can provide Internet access to remote locations where
no regular WAN services are available?
VSAT*
WiMAX
Ethernet
municipal Wi-Fi
15. Which WAN technology establishes a dedicated constant point-to-point

connection between two sites?
ATM
ISDN
leased lines*
Frame Relay
16. A customer needs a metropolitan area WAN connection that provides

high-speed, dedicated bandwidth between two sites. Which type of WAN
connection would best fulfill this need?
circuit-switched network
Ethernet WAN*
MPLS
packet-switched network
17. Which feature is used when connecting to the Internet using DSL?
DSLAM*
CMTS
4/7
IEEE 802.16
LTE
18. Which connectivity method would be best for a corporate employee who
works from home two days a week, but needs secure access to internal
corporate databases?
cable
DSL
VPN*
WiMAX
19. Which wireless technology provides Internet access through cellular

networks?
satellite
municipal WiFi
LTE*
WiMAX
20. A home user lives within 10 miles (16 kilometers) of the Internet provider
network. Which type of technology provides high-speed broadband service
with wireless access for this home user?
802.11
municipal Wi-Fi
DSL
WiMAX*
21. What is the recommended technology to use over a public WAN

infrastructure when a branch office is connected to the corporate site?
ATM
ISDN
municipal Wi-Fi
VPN*
22. What can cause a reduction in available bandwidth on a cable

broadband connection?
smaller cells
5/7
number of subscribers*
committed information rate
distance from the central office of the provider
23. Which equipment is needed for an ISP to provide Internet connections

through cable service?
CMTS*
DSLAM
CSU/DSU
access server
24. Which geographic scope requirement would be considered a distributed

WAN scope?
local
one-to-one
one-to-many
many-to-many*
regional
global
25. A corporation is looking for a solution to connect multiple, newly

established remote branch offices. Which consideration is important when
selecting a private WAN connection rather than a public WAN connection?
lower cost
higher data transmission rate
website and file exchange service support
data security and confidentiality during transmission*
26. Match the type of WAN device or service to the descriptions. (Not all
options are used.)
6/7
27. Match the connectivity type to the description. (Not all options are used.)
7/7
CCNA 4 v6.0 Chapter 2 Exam Answers 100%
CCNA5.NET
Answers 100%
1. Which three are types of LCP frames used with PPP? (Choose three.)
link-negotiation frames
link-acknowledgment frames
link-maintenance frames*
link-termination frames*
link-control frames
link-establishment frames*
2. Which command can be used to view the cable type that is attached to a
serial interface?
Router(config)# show interfaces
Router(config)# show controllers*
Router(config)# show ip interface
Router(config)# show ip interface brief
3. How does PPP interface with different network layer protocols?

by using separate NCPs*
by negotiating with the network layer handler
by encoding the information field in the PPP frame
by specifying the protocol during link establishment through LCP
4. Which address is used in the Address field of a PPP frame?

a single byte of binary 00000000
a single byte of binary 10101010
a single byte of binary 11111111*
1/7
the IP address of the serial interface
5. Which field marks the beginning and end of an HDLC frame?

Data
FCS
Control
Flag*
6. In which situation would the use of PAP be preferable to the use of

CHAP?
when router resources are limited
when multilink PPP is used
when plain text passwords are needed to simulate login at the remote host*
when a network administrator prefers it because of ease of configuration
7. When configuring Multilink PPP, where is the IP address for the multilink
bundle configured?
on a physical serial interface
on a subinterface
on a multilink interface*
on a physical Ethernet interface
8. Refer to the exhibit.
2/7
Based on the debug command output that is shown, which statement is true
of the operation of PPP.
CHAP authentication failed because of an unknown hostname.
A PPP session was successfully established.*
Both PAP and CHAP authentication were attempted.
The debug output is from router R2.
A network administrator is configuring the PPP link between the two routers.
However, the PPP link cannot be established. Based on the partial output of
the show running-config command, what is the cause of the problem?
The usernames do not match.
The passwords do not match.*
The passwords should be longer than 8 characters.
The interface IP addresses are in different subnets.
10. Which is an advantage of using PPP on a serial link instead of HDLC?

option for authentication*
higher speed transmission
fixed-size frames
3/7
option for session establishment
11. Which protocol will terminate the PPP link after the exchange of data is
complete?
NCP
LCP*
IPCP
IPXCP
12. Which serial 0/0/0 interface state will be shown if no serial cable is
attached to the router, but everything else has been correctly configured
and turned on?
Serial 0/0/0 is up, line protocol is up
Serial 0/0/0 is up, line protocol is down
Serial 0/0/0 is down, line protocol is down*
Serial 0/0/0 is up (looped)
Serial 0/0/0 is up (disabled)
Serial 0/0/0 is administratively down, line protocol is down
13. How much total bandwidth is provided by a T1 line?

1.544 Mb/s*
64 kb/s
128 b/s
43.736 Mb/s
14. A network engineer is monitoring an essential, but poor quality, PPP

WAN link that periodically shuts down. An examination of the interface
configurations shows that the ppp quality 90 command has been issued.
What action could the engineer take to reduce the frequency with which the
link shuts down?
Issue the command ppp quality 70.*
Issue the command ppp quality 100.
Set the DCE interface to a lower clock rate.
Use the bandwidth command to increase the bandwidth of the link.
4/7
15. A network engineer is troubleshooting the loss of MPEG video viewing
quality as MPEG video files cross a PPP WAN link. What could be causing
this loss of quality?
PAP authentication was misconfigured on the link interfaces.
The clock rates configured on each serial interface do not match.
Link Quality Monitoring was not configured correctly on each interface.
The compress command was used when PPP was configured on the interfaces.*
16. Which PPP option can detect links that are in a looped-back condition?
Magic Number*
MRU
Callback
ACCM
17. A network engineer has issued the show interfaces serial 0/0/0
command on a router to examine the open NCPs on a PPP link to another
router. The command output displays that the encapsulation is PPP and
that the LCP is open. However, the IPV6CP NCP is not shown as open.
What does the engineer need to configure to open the IPV6CP NCP on the
link?
Configure CHAP authentication on each router.
Configure PPP multilink interfaces on each router.
Configure an IPv6 address on each interface on the link.*
Issue the compress predictor command on each interface on the link.
18. Which three physical layer interfaces support PPP? (Choose three.)
FastEthernet
GigabitEthernet
Ethernet
asynchronous serial *
synchronous serial*
HSSI*
19. What are three components of PPP? (Choose three.)

authorization
5/7
LCP*
parallel communications
NCP*
support for LAN and WAN
HDLC-like framing*
What type of Layer 2 encapsulation will be used for connection D on the

basis of this configuration on a newly installed router:
RtrA(config)# interface serial0/0/0
RtrA(config-if)# ip address 128.107.0.2 255.255.255.252
RtrA(config-if)# no shutdown
Ethernet
Frame Relay
HDLC*
PPP
21. Which two statements describe a PPP connection between two Cisco
routers? (Choose two.)
LCP tests the quality of the link.*
LCP manages compression on the link.*
Only a single NCP is allowed between the two routers.
NCP terminates the link when data exchange is complete.
With CHAP authentication, the routers exchange plain text passwords.
6/7
22. Match the PPP options with the correct description. (Not all options are
used.)
23. Match the phases of establishing a PPP session in the correct order.
(Not all options are used.)
24. Match the steps to the PPP CHAP authentication process sequence.
(Not all options are used.)
25. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.
Why is the serial link between router R1 and router R2 not operational?
In each case the expected username is not the same as the remote router hostname.*
The passwords are different in both routers.
The encapsulation in both routers does not match.
The authentication type is not the same in both routers.
7/7
CCNA5.NET
Answers 100%
1. Which broadband wireless technology is based on the 802.11 standard?

municipal Wi-Fi*
WiMAX
CDMA
UMTS
2. What is the approximate distance limitation for providing a satisfactory

ADSL service from the central office to a customer?
3.39 miles or 5.46 kilometers*
2.11 miles or 3.39 kilometers
6.21 miles or 10 kilometers
11.18 miles or 18 kilometers
3. What is a component of an ADSL connection that is located at the

customer site?
CO
CPE*
SOHO
DSLAM
4. What is the function of the DSLAM in a broadband DSL network?

multiplexes individual customer DSL connections into a single upstream link*
communicates directly with customer cable modems to provide Internet services to

customers
communicates directly with customer cable modems to provide Internet services to

customers
1/9
separates POTS traffic from ADSL traffic
5. Which broadband technology would be best for a small office that

requires fast upstream connections?
DSL
fiber-to-the-home*
cable
WiMax
6. What are two WAN connection enhancements that are achieved by

implementing PPPoE? (Choose two.)
Encapsulating Ethernet frames within PPP frames is an efficient use of bandwidth.
DSL CHAP features are included in PPPoE.
PPP enables the ISP to assign an IP address to the customer WAN interface.*
An Ethernet link supports a number of data link protocols.
CHAP enables customer authentication and accounting.*
7. When PPPoE is configured on a customer router, which two commands

must have the same value for the configuration to work? (Choose two.)
dialer pool 2*
interface dialer 2
ppp chap password 2
interface gigabitethernet 0/2
pppoe-client dial-pool-number 2*
ppp chap hostname 2
8. Why is the MTU for a PPPoE DSL configuration reduced from 1500 bytes
to 1492?
to enable CHAP authentication
to reduce congestion on the DSL link
to accommodate the PPPoE headers*
to establish a secure tunnel with less overhead
9. What are two characteristics of a PPPoE configuration on a Cisco

customer router? (Choose two.)
2/9
The PPP configuration is on the dialer interface.*
An MTU size of 1492 bytes is configured on the Ethernet interface.
The Ethernet interface does not have an IP address.*
The customer router CHAP username and password are independent of what is configured
on the ISP router.
The dialer pool command is applied to the Ethernet interface to link it to the dialer interface.
10. Where is PPPoE configured on a Cisco router?

on an Ethernet interface
on the dialer interface*
on a serial interface
on any physical interface
11. How can the use of VPNs in the workplace contribute to lower operating
costs?
High-speed broadband technology can be replaced with leased lines.
VPNs can be used across broadband connections rather than dedicated WAN links.*
VPNs prevents connectivity to SOHO users.
VPNs require a subscription from a specific Internet service provider that specializes in
secure connections.
12. How is “tunneling” accomplished in a VPN?

New headers from one or more VPN protocols encapsulate the original packets.*
All packets between two hosts are assigned to a single physical medium to ensure that the
packets are kept private.
Packets are disguised to look like other types of traffic so that they will be ignored by
potential attackers.
A dedicated circuit is established between the source and destination devices for the
duration of the connection.
13. Which two statements describe a remote access VPN? (Choose two.)
It connects entire networks to each other.
It requires hosts to send TCP/IP traffic through a VPN gateway.
It is used to connect individual hosts securely to a company network over the

Internet.*
3/9
It may require VPN client software on hosts.*
It requires static configuration of the VPN tunnel.
14. Which is a requirement of a site-to-site VPN?

It requires a client/server architecture.
It requires the placement of a VPN server at the edge of the company network.
It requires hosts to use VPN client software to encapsulate traffic.
It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.*
15. What functionality does mGRE provide to the DMVPN technology?

It allows the creation of dynamically allocated tunnels through a permanent tunnel
source at the hub and dynamically allocated tunnel destinations at the spokes.*
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
It provides secure transport of private information over public networks, such as the
Internet.
It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable
manner.
16. Which two scenarios are examples of remote access VPNs? (Choose
two.)
A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
All users at a large branch office can access company resources through a single VPN
connection.
A mobile sales agent is connecting to the company network via the Internet
connection at a hotel.*
A small branch office with three employees has a Cisco ASA that is used to create a VPN
connection to the HQ.
An employee who is working from home uses VPN client software on a laptop in
order to connect to the company network.*
4/9
What solution can provide a VPN between site A and site B to support
encapsulation of any Layer 3 protocol between the internal networks at
each site?
a GRE tunnel*
an IPsec tunnel
a remote access tunnel
Cisco SSL VPN
18. Which three statements are characteristics of generic routing

encapsulation (GRE)? (Choose three.)
GRE encapsulation supports any OSI Layer 3 protocol.*
GRE is stateless.*
GRE does not have strong security mechanisms.*
The GRE header alone adds at least 24 bytes of overhead.
GRE provides flow control by default.
GRE is the most secure tunneling protocol.
5/9
Which IP address is configured on the physical interface of the CORP
router?
10.1.1.1
10.1.1.2
209.165.202.133*
209.165.202.134
Which IP address would be configured on the tunnel interface of the

destination router?
172.16.1.1
172.16.1.2*
6/9
209.165.200.225
209.165.200.226
A tunnel was implemented between routers R1 and R2. Which two

conclusions can be drawn from the R1 command output? (Choose two.)
This tunnel mode is not the default tunnel interface mode for Cisco IOS software.
This tunnel mode provides encryption.
The data that is sent across this tunnel is not secure.*
This tunnel mode does not support IP multicast tunneling.
A GRE tunnel is being used.*
22. What is used by BGP to determine the best path to a destination?

cost
hop count
attributes*
administrative distance
23. What command specifies a BGP neighbor that has an IP address of

5.5.5.5/24 and that is in AS 500?
(config-router)# neighbor 5.5.5.5 remote-as 500*
(config-router)# router bgp 500
(config-router)# neighbor 500 remote-as 5.5.5.5
7/9
(config-router)# network 5.0.0.0 0.0.0.255
24. True or False?

Multiple BGP processes can run on a router.
true
false*
Which two configurations will allow router R1 to establish a neighbor

relationship with router R2? (Choose two.)
R1(config)# router bgp 65001
R1(config-router)# network 192.168.20.0

R1(config-router)# neighbor 209.165.200.226 remote-as 65002*

R1(config-router)# neighbor 209.165.200.225 remote-as 65001


R2(config-router)# neighbor 209.165.200.226 remote-as 65002

R2(config-router)# neighbor 209.165.200.225 remote-as 65001*
8/9
What is the code displayed on the web page?
Welldone!
BGP is running!*
BGP is configured!
Configuration is correct!
9/9
CCNA5.NET
Answers 100%
1. Which range represents all the IP addresses that are affected when
network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.127.255.255
10.120.160.0 to 10.120.167.255*
10.120.160.0 to 10.120.168.0
10.120.160.0 to 10.120.191.255
2. What two functions describe uses of an access control list? (Choose

two.)
ACLs assist the router in determining the best path to a destination.
Standard ACLs can restrict access to specific applications and ports.
ACLs provide a basic level of security for network access.*
ACLs can permit or deny traffic based upon the MAC address originating on the router.
ACLs can control which areas a host can access on a network.*
3. Which two statements describe the effect of the access control list
wildcard mask 0.0.0.15? (Choose two.)
The first 28 bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be ignored.*
The first 32 bits of a supplied IP address will be matched.
The first 28 bits of a supplied IP address will be matched.*
The last five bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be matched.
1/8
A network administrator is configuring an ACL to limit the connection to R1
vty lines to only the IT group workstations in the network 192.168.22.0/28.
The administrator verifies the successful Telnet connections from a
workstation with IP 192.168.22.5 to R1 before the ACL is applied. However,
after the ACL is applied to the interface Fa0/0, Telnet connections are
denied. What is the cause of the connection failure?
The permit ACE specifies a wrong port number.
The enable secret password is not configured on R1.
The login command has not been entered for vty lines.
The IT group network is included in the deny statement.*
The permit ACE should specify protocol ip instead of tcp.
2/8
The network administrator that has the IP address of 10.0.70.23/25 needs
to have access to the corporate FTP server (10.0.54.5/28). The FTP server
is also a web server that is accessible to all internal employees on networks
within the 10.x.x.x address. No other traffic should be allowed to this server.
Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
access-list 105 permit tcp host 10.0.54.5 any eq www

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20

access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any**
R2(config)# interface gi0/0

R2(config-if)# ip access-group 105 in

R1(config-if)# ip access-group 105 out**
R1(config)# interface s0/0/0

R1(config-if)# ip access-group 105 out
6. A network administrator is designing an ACL. The networks

192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and
192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is
the most efficient to use when specifying all of these networks in a single
ACL permit entry?
0.0.0.127
0.0.0.255
0.0.1.255*
0.0.255.255
A single ACL command and wildcard mask should not be used to specify these particular
networks or other traffic will be permitted or denied and present a security risk.
3/8
A network administrator wants to permit only host 192.168.1.1 /24 to be
able to access the server 192.168.2.1 /24. Which three commands will
achieve this using best ACL placement practices? (Choose three.)
R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1*
R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0

255.255.255.0
R2(config)# interface fastethernet 0/0*
R2(config)# access-list 101 permit ip any any
R2(config)# interface fastethernet 0/1
R2(config-if)# ip access-group 101 in*
8. Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs use a number range from 1-99.
Extended ACLs end with an implicit permit statement.
Extended ACLs evaluate the source and destination addresses.*
Port numbers can be used to add greater definition to an ACL.*
Multiple ACLs can be placed on the same interface as long as they are in the same
direction.
9. Which three values or sets of values are included when creating an

extended access control list entry? (Choose three.)
access list number between 1 and 99
access list number between 100 and 199*
default gateway address and wildcard mask

4/8
destination address and wildcard mask*
source address and wildcard mask*
source subnet mask and wildcard mask
destination subnet mask and wildcard mask
This ACL is applied on traffic outbound from the router on the interface that
directly connects to the 10.0.70.5 server. A request for information from a
secure web page is sent from host 10.0.55.23 and is destined for the
10.0.70.5 server. Which line of the access list will cause the router to take
action (forward the packet onward or drop the packet)?
1
3*
the deny ip any any that is at the end of every ACL
11. Which set of access control entries would allow all users on the
192.168.10.0/24 network to access a web server that is located at
172.17.80.1, but would not allow them to use Telnet?
access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80
access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1

access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80

access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23*
access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80

access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
5/8
12. Which two packet filters could a network administrator use on an IPv4
extended ACL? (Choose two.)
destination MAC address
ICMP message type*
computer type
source TCP hello address
destination UDP port number*
13. Which two ACE commands will block traffic that is destined for a web
server which is listening to default ports? (Choose two.)
access-list 110 deny tcp any any eq 21
access-list 110 deny tcp any any eq https*
access-list 110 deny tcp any any gt 443
access-list 110 deny tcp any any gt 75*
access-list 110 deny tcp any any lt 80
14. Which feature is unique to IPv6 ACLs when compared to those of IPv4
ACLs?
the use of wildcard masks
an implicit deny any any ACE
the use of named ACL ACE
an implicit permit of neighbor discovery packets*
15. What two ACEs could be used to deny IP traffic from a single source
host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255*
access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1
access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255
access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255*
6/8
The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface
of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?
HTTPS packets to PC1
ICMPv6 packets that are destined to PC1*
packets that are destined to PC1 on port 80
neighbor advertisements that are received from the ISP router
17. Which command is used to activate an IPv6 ACL named ENG_ACL on

an interface so that the router filters traffic prior to accessing the routing
table?
ipv6 access-class ENG_ACL in
ipv6 access-class ENG_ACL out
ipv6 traffic-filter ENG_ACL in*
ipv6 traffic-filter ENG_ACL out
18. Which IPv6 ACL command entry will permit traffic from any host to an
SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*
permit tcp host 2001:DB8:10:10::100 any eq 25
permit tcp any host 2001:DB8:10:10::100 eq 23
7/8
19. In applying an ACL to a router interface, which traffic is designated as
outbound?
traffic that is coming from the source IP address into the router
traffic that is leaving the router and going toward the destination host*
traffic that is going from the destination IP address into the router
traffic for which the router can find no routing table entry
20. Fill in the blanks. Use dotted decimal format.

The wildcard mask that is associated with the network 192.168.12.0/24 is “0.0.0.255”
21. An access list has been applied to a router LAN interface in the inbound
direction. The IP address of the LAN segment is 192.168.83.64/26. The
entire ACL appears below:
access-list 101 deny tcp 192.168.83.64 0.0.0.63 any eq 23
access-list 101 permit ip 192.168.83.64 0.0.0.63 192.168.83.128 0.0.0.63
Drag the descriptions of the packets on the left to the action that the router
will perform on the right.
22. Match each statement with the example subnet and wildcard that it
describes. (Not all options are used.)
8/8
CCNA5.NET
Answers 100%
1. What is the behavior of a switch as a result of a successful CAM table

attack?
The switch will forward all received frames to all other ports.*
The switch will shut down.
The switch will drop all received frames.
The switch interfaces will transition to the error-disabled state.
2. What network attack seeks to create a DoS for clients by preventing them
from being able to obtain a DHCP lease?
DHCP starvation*
DHCP spoofing
IP address spoofing
CAM table attack
1/9
Which interface on switch S1 should be configured as a DHCP snooping
trusted port to help mitigate DHCP spoofing attacks?
G0/23*
G0/1
G0/24
G0/22
4. When using 802.1X authentication, what device controls physical access

to the network, based on the authentication status of the client?
the switch that the client is connected to*
the authentication server
the supplicant
the router that is serving as the default gateway
5. What device is considered a supplicant during the 802.1X authentication

process?
the client that is requesting authentication*
the switch that is controlling network access
the authentication server that is performing client authentication
the router that is serving as the default gateway
6. What is a drawback of the local database method of securing device

access that can be solved by using AAA with centralized servers?
There is no ability to provide accountability.
It is very susceptible to brute-force attacks because there is no username.
The passwords can only be stored in plain text in the running configuration.
User accounts must be configured locally on each device, which is an unscalable

authentication solution.*
2/9
PC1 and PC2 should be able to obtain IP address assignments from the
DHCP server. How many ports among switches should be assigned as
trusted ports as part of the DHCP snooping configuration?
1
7*
8. What protocol is used to encapsulate the EAP data between the

authenticator and authentication server performing 802.1X authentication?
RADIUS*
TACACS+
SSH
MD5
9. Which two protocols are used to provide server-based AAA

authentication? (Choose two.)
SSH
TACACS+*
RADIUS*
3/9
802.1x
SNMP
10. Which protocol defines port-based authentication to restrict

unauthorized hosts from connecting to the LAN through publicly accessible
switch ports?
802.1x*
RADIUS
TACACS+
SSH
11. What are three techniques for mitigating VLAN attacks? (Choose three.)
Disable DTP.*
Enable trunking manually.*
Set the native VLAN to an unused VLAN.*
Enable BPDU guard.
Enable Source Guard.
Use private VLANs.
12. Which statement describes SNMP operation?

An NMS periodically polls the SNMP agents that are residing on managed devices by using
traps to query the devices for data.
A get request is used by the SNMP agent to query the device for data.
An SNMP agent that resides on a managed device collects information about the device
and stores that information remotely in the MIB that is located on the NMS.
A set request is used by the NMS to change configuration variables in the agent
device.*
13. A network administrator is analyzing the features supported by the

multiple versions of SNMP. What are two features that are supported by
SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.)
bulk retrieval of MIB information
message source validation*
community-based security
message encryption*
4/9
SNMP trap mechanism
14. Which protocol or service can be configured to send unsolicited

messages to alert the network administrator about a network event such as
an extremely high CPU utilization on a router?
SNMP*
syslog
NTP
NetFlow
15. What is the function of the MIB element as part of a network

management system?
to store data about a device*
to collect data from SNMP agents
to change configurations on SNMP agents
to send and retrieve network management information
16. Which SNMP version uses weak community string-based access control
and supports bulk retrieval?
SNMPv2c*
SNMPv1
SNMPv2Classic
SNMPv3
17. What are SNMP trap messages?

messages that are used by the NMS to query the device for data
unsolicited messages that are sent by the SNMP agent and alert the NMS to a
condition on the network*
messages that are used by the NMS to change configuration variables in the agent device
messages that are sent periodically by the NMS to the SNMP agents that reside on
managed devices to query the device for data
18. A network administrator issues two commands on a router:

R1(config)# snmp-server host 10.10.50.25 version 2c campus
R1(config)# snmp-server enable traps
What can be concluded after the commands are entered?

5/9
No traps are sent, because the notification-types argument was not specified yet.
Traps are sent with the source IP address as 10.10.50.25.
If an interface comes up, a trap is sent to the server.*
The snmp-server enable traps command needs to be used repeatedly if a particular subset
of trap types is desired.
What can be concluded from the produced output?

An ACL was configured to restrict SNMP access to an SNMP manager.*
This is the output of the show snmp command without any parameters.
The system contact was not configured with the snmp-server contact command.
The location of the device was not configured with the snmp-server location command.
A SNMP manager has IP address 172.16.1.120. The SNMP manager is

unable to change configuration variables on the R1 SNMP agent. What
could be the problem?
The ACL of ACL_SNMP has not been implemented on an interface yet.
6/9
The IP address of the SNMP manager must be 172.16.1.1.
The SNMP agent should have traps disabled.
The SNMP agent is not configured for write access.*
Router R1 was configured by a network administrator to use SNMP version

2. The following commands were issued:
R1(config)# snmp-server community batonaug ro SNMP_ACL
R1(config)# snmp-server contact Wayne World
R1(config)# snmp-server host 192.168.1.3 version 2c batonaug
R1(config)# ip access-list standard SNMP_ACL
R1(config-std-nacl)# permit 192.168.10.3
Why is the administrator not able to get any information from R1?
The snmp-server enable traps command is missing.
The snmp-server community command needs to include the rw keyword.
There is a problem with the ACL configuration.*
The snmp-server location command is missing.
22. A network administrator has issued the snmp-server user admin1 admin
v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two
features of this command? (Choose two.)
It adds a new user to the SNMP group.*
It restricts SNMP access to defined SNMP managers.
7/9
It forces the network manager to log into the agent to retrieve the SNMP messages.
It uses the MD5 authentication of the SNMP messages.*
It allows a network administrator to configure a secret encrypted password on the SNMP

server.
23. Which statement describes the RSPAN VLAN?

The RSPAN VLAN must be the same as the native VLAN.
The RSPAN VLAN can be used to carry secure traffic between switches.
The RSPAN VLAN can be used for remote management of network switches.
The RSPAN VLAN must be the same on both the source and destination switch.*
24. Which statement describes the function of the SPAN tool used in a
Cisco switch?
It supports the SNMP trap operation on a switch.
It provides interconnection between VLANs over multiple switches.
It is a secure channel for a switch to send logging to a syslog server.
It copies the traffic from one switch port and sends it to another switch port that is
connected to a monitoring device.*
Based on the output generated by the show monitor session 1 command,

how will SPAN operate on the switch?
All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet
0/1.
8/9
All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to
FastEthernet 0/1.*
Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to

FastEthernet 0/1.
Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to

FastEthernet 0/1.
Which command or set of commands will configure SW_A to copy all traffic
for the server to the packet analyzer?
Sw_A(config)# monitor session 5 source interface gi0/1
Sw_A(config)# monitor session 6 destination interface fa0/7
Sw_A(config)# monitor session 5 source interface gi0/1

Sw_A(config)# monitor session 5 destination interface fa0/7*
Sw_A(config)# monitor session 1 destination interface fa0/7
Sw_A(config)# monitor session 1 destination interface gi0/1

Sw_A(config)# monitor session 1 source interface fa0/1
Sw_A(config)# monitor session 1 source interface fa0/7
9/9
CCNA5.NET
Answers 100%
1. When QoS is implemented in a converged network, which two factors

can be controlled to improve network performance for real-time traffic?
(Choose two.)
link speed
delay*
packet routing
jitter*
packet addressing
2. A network engineer performs a ping test and receives a value that shows
the time it takes for a packet to travel from a source to a destination device
and return. Which term describes the value?
jitter
latency*
priority
bandwidth
3. What are two characteristics of voice traffic? (Choose two.)

Dropped voice packets are not retransmitted. *
Voice traffic requires at least 384 kbs of bandwidth.
Voice traffic consumes lots of network resources.
Voice traffic is unpredictable and inconsistent.
Voice traffic latency should not exceed 150 ms.*
4. How does a Cisco router using tail drop handle congestion when a traffic
queue becomes full?
The router will only drop non delay-sensitive data that is close to the end of the queue.
1/6
The router will drop any packet that arrives at the end of the queue.*
The router will remove the most recent data placed in the queue to make space for an
arriving packet.
The router will remove the packet in the front of the queue, move all other packets forward,
and insert the just arrived packet at the end.
5. For classifying packets into classes with CBWFQ, what is the purpose of
configuring a maximum packet limit for a class?
to control the maximum number of packets allowed in a single queue*
to control the maximum number of packets allowed to be discarded
to control the maximum number of packets that can be forwarded each second on an
egress interface
to control the maximum number of packets that can be received each second on an ingress
interface
6. A network engineer is selecting a QoS method to control congestion on a

VPN tunnel link between the headquarters site and a branch office. Which
queuing method cannot be used to classify and control VPN traffic?
FIFO
WFQ*
CBWFQ
LLQ
7. An administrator has mastered the use of access control lists (ACLs) and
wants to deploy QoS by defining different traffic classes through the use of
ACLs. Which queuing method provides this functionality?
FIFO
WFQ
FCFS
CBWFQ*
8. Which queuing algorithm has only a single queue and treats all packets
equally?
FIFO*
CBWFQ
WFQ
2/6
LLQ
9. A network administrator is deploying QoS with the ability to provide a

special queue for voice traffic so that voice traffic is forwarded before
network traffic in other queues. Which queuing method would be the best
choice?
FIFO
WFQ
CBWFQ
LLQ*
10. What are two characteristics of DiffServ QoS model? (Choose two.)
the easiest QoS model to deploy
groups all TCP flows into a single class*
delivers end to end QoS
uses the Resource Reservation Protocol (RSVP) to signal QoS requirements
can divide network traffic into classes based on business requirements*
11. What are two characteristics of the best-effort QoS model? (Choose
two.)
It does not provide a delivery guarantee for packets.*
It uses a connection-oriented approach with QoS.
It treats all network packets in the same way.*
It allows end hosts to signal their QoS needs to the network.
It provides preferential treatment for voice packets.
12. What role do network devices play in the IntServ QoS model?
Network devices ensure that resources are available before traffic is allowed to be
sent by a host through the network.*
Network devices provide a best-effort approach to forwarding traffic.
Network devices are configured to service multiple classes of traffic and handle traffic as it
may arrive.
Network devices use QoS on a hop-by-hop basis to provide excellent scalability.
3/6
13. Which QoS model is very resource intensive and provides the highest
guarantee of QoS?
DiffServ
best-effort
IntServ*
soft QoS
14. In QoS models, which type of traffic is commonly provided the most
preferential treatment over all other application traffic?
voice traffic*
email
web traffic
file transfers
15. What are two approaches to prevent packet loss due to congestion on
an interface? (Choose two.)
Prevent bursts of traffic.
Drop lower-priority packets.*
Decrease buffer space.
Disable queuing mechanisms.
Increase link capacity.*
16. What two fields are available in IPv4 and IPv6 headers to mark packets
for QoS? (Choose two.)
Class of Service
Traffic Class*
Type of Service*
Priority
VLAN ID
17. What is the benefit of deploying Layer 3 QoS marking across an

enterprise network?
Layer 3 marking can carry QoS information on switches that are not IP aware.
Layer 3 marking can be used to carry non-IP traffic.
4/6
Layer 3 marking can be carried in the 802.1Q fields.
Layer 3 marking can carry the QoS information end-to-end.*
18. Which QoS technology provides congestion avoidance by allowing TCP

traffic to be throttled before buffers become full and tail drops occur?
traffic policing
weighted random early detection*
best-effort
first-in, first-out
As traffic is forwarded out an egress interface with QoS treatment, which

congestion avoidance technique is used?
traffic shaping
weighted random early detection
classification and marking
traffic policing*
20. Which QoS model uses the DSCP bits to mark packets and provides 64
possible classes of service?
IntServ
best-effort
DiffServ*
FIFO
21. Which QoS technique retains excess packets in a separate queue for
later transmission?
classifying
5/6
marking
queuing
shaping*
6/6
CCNA5.NET
Answers 100%
1. What is an example of an M2M connection in the IoT?

A user sends an email over the Internet to a friend.
An automated alarm system in a campus sends fire alarm messages to all students and
staff.
Sensors in a warehouse communicate with each other and send data to a server
block in the cloud.*
Redundant servers communicate with each other to determine which server should be
active or standby.
2. What is the term for the extension of the existing Internet structure to
billions of connected devices?
SCADA
digitization
IoT*
M2M
3. Which statement describes the Cisco IoT System?

It is an advanced routing protocol for cloud computing.
It is a switch operating system to integrate many Layer 2 security features.
It is a router operating system combining IOS and Linux for fog computing.
It is an infrastructure to manage large scale systems of very different endpoints and

platforms.*
4. Which three network models are described in the fog computing pillar of
the Cisco IoT System? (Choose three.)
P2P
peer-to-peer
1/6
client/server*
fog computing*
enterprise WAN
cloud computing*
5. Which IoT pillar extends cloud connectivity closer to the network edge?
management and automation pillar
application enablement platform pillar
network connectivity pillar
fog computing pillar*
6. Which cybersecurity solution is described in the security pillar of the

Cisco IoT System to address the security of power plants and factory
process lines?
IoT physical security
IoT network security
cloud computing security
operational technology specific security*
7. Which cloud computing opportunity would provide the use of network

hardware such as routers and switches for a particular company?
browser as a service (BaaS)
infrastructure as a service (IaaS)*
software as a service (SaaS)
wireless as a service (WaaS)
8. What technology allows users to access data anywhere and at any time?
data analytics
Cloud computing*
virtualization
micromarketing
9. What statement describes Fog computing?
2/6
It supports larger networks than Cloud
computing does.
It creates a distributed computing

infrastructure that provides services
close to the network edge.*
It requires Cloud computing services to

support non-IP enabled sensors and
controllers.
It utilizes a centralized computing

infrastructure that stores and
manipulates big data in one very secure data center.
10. Which Cloud computing service would be best for a new organization
that cannot afford physical servers and networking equipment and must
purchase network services on-demand?
PaaS
SaaS
ITaaS
IaaS*
11. Which cloud model provides services for a specific organization or

entity?
a hybrid cloud
a community cloud
a public cloud
a private cloud*
12. How does virtualization help with disaster recovery within a data center?
guarantee of power
support of live migration*
supply of consistent air flow
improvement of business practices
13. What is a difference between the functions of Cloud computing and

virtualization?
Cloud computing utilizes data center technology whereas virtualization is not used in data
centers.
3/6
Cloud computing requires hypervisor technology whereas virtualization is a fault tolerance
technology.
Cloud computing separates the application from the hardware whereas virtualization
separates the OS from the underlying hardware.*
Cloud computing provides services on web-based access whereas virtualization provides

services on data access through virtualized Internet connections.
14. Which two business and technical challenges does implementing

virtualization within a data center help businesses to overcome? (Choose
two.)
server hardware needs
physical footprint*
power and air conditioning*
operating system license requirements
virus and spyware attacks
15. Which statement describes the concept of cloud computing?

separation of application from hardware*
separation of operating system from hardware
separation of control plane from data plane
separation of management plane from control plane
16. Which is a characteristic of a Type 2 hypervisor?

best suited for enterprise environments
installs directly on hardware
has direct access to server hardware resources
does not require management console software*
17. Which is a characteristic of a Type 1 hypervisor?

does not require management console software
installed directly on a server*
installed on an existing operating system
best suited for consumers and not for an enterprise environment
18. How is the control plane modified to operate with network virtualization?
4/6
Control plane redundancy is added to each network device.
The control plane function is consolidated into a centralized controller.*
A hypervisor is installed in each device to allow multiple instances of the control plane.
The control plane on each device is interconnected to a dedicated high-speed network.
19. Which technology virtualizes the network control plane and moves it to a
centralized controller?
SDN*
IaaS
cloud computing
fog computing
20. Which two layers of the OSI model are associated with SDN network
control plane functions that make forwarding decisions? (Choose two.)
Layer 1
Layer 2*
Layer 3*
Layer 4
Layer 5
21. What pre-populates the FIB on Cisco devices that use CEF to process
packets?
the routing table*
the ARP table
the DSP
the adjacency table
22. Which type of hypervisor would most likely be used in a data center?
Type 1*
Type 2
Nexus
Hadoop
5/6
23. What component is considered the brains of the ACI architecture and
translates application policies?
the Nexus 9000 switch
the Application Policy Infrastructure Controller*
the Application Network Profile endpoints
the hypervisor
24. Fill in the blank.

In an IoT implementation, devices will be connected to a “converged” network to share the
same infrastructure and to facilitate communications, analytics, and management.

In a scenario where a user with a laptop running the Mac OS installs a Windows virtual OS
instance, the user is implementing a Type “2” hypervisor.
6/6
CCNA5.NET
Answers 100%
1. When should a network performance baseline be measured?

during normal work hours of an organization*
immediately after the main network devices restarted
after normal work hours to reduce possible interruptions
when a denial of service attack to the network is detected and blocked
2. What is a purpose of establishing a network baseline?

It provides a statistical average for network performance.
It manages the performance of network devices.
It creates a point of reference for future network evaluations.*
It checks the security configuration of network devices.
3. Which three pieces of information are typically recorded in a logical

topology diagram? (Choose three.)
IP address and prefix lengths*
routing protocols*
static routes*
device models and manufacturers
cable specifications
device locations
4. In which step of gathering symptoms does the network engineer

determine if the problem is at the core, distribution, or access layer of the
network?
Document the symptoms.
Determine the symptoms.

1/8
Gather information.
Determine ownership.
Narrow the scope.*
5. A team of engineers has identified a solution to a significant network

problem. The proposed solution is likely to affect critical network
infrastructure components. What should the team follow while implementing
the solution to avoid interfering with other processes and infrastructure?
change-control procedures*
one of the layered troubleshooting approaches
knowledge base guidelines
syslog messages and reports
What action occurs at stage 3 of the general troubleshooting process?

Correct the problem.*
Narrow the scope.
Question end users.
Document symptoms.
7. After which step in the network troubleshooting process would one of the
layered troubleshooting methods be used?
After which step in the network troubleshooting process would one of the layered
troubleshooting methods be used?
2/8
determining ownership
narrowing the scope
gathering symptoms from suspect devices*
8. A network technician is troubleshooting an email connection problem.

Which question to the end-user will provide clear information to better define
the problem?
Is your email working now?
How big are the emails you tried to send?
What kind of equipment are you using to send emails?
When did you first notice your email problem?*
9. A network engineer is troubleshooting a network problem and can

successfully ping between two devices. However, Telnet between the same
two devices does not work. Which OSI layers should the administrator
investigate next?
all of the layers
from the network layer to the application layer*
from the network layer to the physical layer
only the network layer
10. A network administrator is having issues with a newly installed network

not appearing in other routers. At which layer of the OSI model is the
network administrator going to start the troubleshooting process when using
a top-down approach?
application
internet
network*
session
transport
11. Which troubleshooting method begins by examining cable connections

and wiring issues?
top-down
bottom-up*
substitution
3/8
divide-and-conquer
On the basis of the information presented, which two IP SLA related

statements are true? (Choose two.)
IP SLA 99 is measuring jitter.
IP SLA 99 is scheduled to begin in 2 hours.
IP SLA 99 is sending echo requests every 10 seconds.*
IP SLA 99 is sending echo requests from IP address 192.168.2.1.
IP SLA 99 is configured with the type dns target-addr 192.168.2.1 command.
IP SLA 99 will run forever unless explicitly disabled.*
13. A company is setting up a web site with SSL technology to protect the
authentication credentials required to access the web site. A network
engineer needs to verify that the setup is correct and that the authentication
is indeed encrypted. Which tool should be used?
fault-management tool
protocol analyzer*
baselining tool
cable analyzer
4/8
14. Which category of software troubleshooting tools provides device-level
monitoring, configuration, and fault-management?
knowledge bases
baselining tools
host-based protocol analyzers
network management system tools*
15. Which two specialized troubleshooting tools can monitor the amount of
traffic that passes through a switch? (Choose two.)
TDR
digital multimeter
NAM*
portable network analyzer*
DTX cable analyzer
16. Which number represents the most severe level of syslog logging?
0*
17. A user in a large office calls technical support to complain that a PC has
suddenly lost connectivity to the network. The technician asks the caller to
talk to nearby users to see if other machines are affected. The caller reports
that several immediate neighbors in the same department have a similar
problem and that they cannot ping each other. Those who are seated in
other departments have connectivity. What should the technician check as
the first step in troubleshooting the issue?
the power outlet to the PC that is used by the caller
the trunks between switches in the wiring closet
the status of the departmental workgroup switch in the wiring closet*
the cable that connects the PC of the caller to the network jack
the cable connection between a PC and a network outlet that is used by a neighbor
5/8
18. A user reports that after an OS patch of the networking subsystem has
been applied to a workstation, it performs very slowly when connecting to
network resources. A network technician tests the link with a cable analyzer
and notices that the workstation sends an excessive number of frames
smaller than 64 bytes and also other meaningless frames. What is the
possible cause of the problem?
cabling faults
corrupted NIC driver*
Ethernet signal attenuation
corrupted application installation
19. An administrator is troubleshooting an Internet connectivity problem on

a router. The output of the show interfaces gigabitethernet 0/0 command
reveals higher than normal framing errors on the interface that connects to
the Internet. At what layer of the OSI model is the problem likely occurring?
Layer 1
Layer 2*
Layer 3
Layer 4
Layer 7
20. A group of Windows PCs in a new subnet has been added to an

Ethernet network. When testing the connectivity, a technician finds that
these PCs can access local network resources but not the Internet
resources. To troubleshoot the problem, the technician wants to initially
confirm the IP address and DNS configurations on the PCs, and also verify
connectivity to the local router. Which three Windows CLI commands and
utilities will provide the necessary information? (Choose three.)
arp -a
ipconfig*
nslookup*
ping*
telnet
tracert
netsh interface ipv6 show neighbor
6/8
21. Users report that the new web site http://www.company1.biz cannot be
accessed. The helpdesk technician checks and verifies that the web site
can be accessed with http://www.company1.biz:90. Which layer in the
TCP/IP model is involved in troubleshooting this issue?
application
transport*
internet
network access
22. A networked PC is having trouble accessing the Internet, but can print to
a local printer and ping other computers in the area. Other computers on the
same network are not having any issues. What is the problem?
The PC has a missing or incorrect default gateway.*
The default gateway router does not have a default route.
The switch port to which the PC connects has an incorrect VLAN configured.
The link between the switch to which the PC connects and the default gateway router is
down.
23. The newly configured ASBR that connects a company to the Internet
has a default route configured and has the default-information originate
command entered. Devices connected through this router can access the
Internet. The problem is that no other OSPF routers have a default route in
the routing table and no other users throughout the organization can access
the Internet. What could be the problem?
The ASBR does not have OSPF configured.
The ASBR does not have an OSPF neighbor.*
The other routers are not configured to accept LSA type 4s.
The ASBR should use the exit_interface argument instead of next-hop on the default route.
24. An internal corporate server can be accessed by internal PCs, but not
by external Internet users that should have access. What could be the
issue?
Static NAT has not been configured properly or at all.*
The server does not have a private IP address assigned.
The default gateway router for the server does not have a default route.
The switch port to which the server connects has an incorrect VLAN configured.
7/8
Use the “ARP” cache to verify IPv4 address to Layer 2 Ethernet address mappings on a
host computer.
A user reports that PC0 cannot visit the web server http://www.server.com.
Troubleshoot the network configuration to identify the problem.
What is the cause of the problem?

A default route on HQ is not configured.
A serial interface encapsulation is configured incorrectly.*
The DNS server address on PC0 is configured incorrectly.
The clock rate on Branch S0/0/0 is configured incorrectly.
8/8
CCNA 4 v6.0 Final Exam Answers Option A 100%
CCNA5.NET
CCNA 4 v6.0 Connecting Networks Final Exam Answers
Option A
1. Which statement best describes a WAN?

A WAN interconnects LANs over long distances.*
A WAN is a public utility that enables access to the Internet.
WAN is another name for the Internet.
A WAN is a LAN that is extended to provide secure remote network access.
2. Connecting offices at different locations using the Internet can be

economical for a business. What are two important business policy issues
that should be addressed when using the Internet for this purpose? (Choose
two.)
addressing
bandwidth
privacy*
security*
WAN technology
3. What is a disadvantage of a packet-switched network compared to a

circuit-switched network?
higher cost
fixed capacity
less flexibility
higher latency*
4. A company is considering updating the campus WAN connection. Which

two WAN options are examples of the private WAN architecture? (Choose
two.)
cable
1/19
leased line*
Ethernet WAN*
municipal Wi-Fi
digital subscriber line
5. Which statement describes a characteristic of dense wavelength division

multiplexing (DWDM)?
It supports the SONET standard, but not the SDH standard.
It enables bidirectional communications over one pair of copper cables.
It can be used in long-range communications, like connections between ISPs.*
It assigns incoming electrical signals to specific frequencies.
6. Which WAN technology can serve as the underlying network to carry

multiple types of network traffic such as IP, ATM, Ethernet, and DSL?
ISDN
MPLS*
Frame Relay
Ethernet WAN
7. Which two WAN technologies are more likely to be used by a business

than by teleworkers or home users? (Choose two.)
cable
DSL
Frame Relay*
MetroE*
VPN
8. The security policy in a company specifies that the staff in the sales
department must use a VPN to connect to the corporate network to access
the sales data when they travel to meet customers. What component is
needed by the sales staff to establish a remote VPN connection?
VPN gateway
VPN appliance
VPN concentrator
2/19
VPN client software*
9. A corporation is searching for an easy and low cost solution to provide

teleworkers with a secure connection to headquarters. Which solution
should be selected?
dial-up connection
leased line connection
site-to-site VPN over the Internet
remote access VPN over the Internet*
10. How many DS0 channels are bundled to produce a 1.544 Mbps T1 line?
2
12
24*
28
Which type of Layer 2 encapsulation used for connection D requires Cisco

routers?
Ethernet
PPPoE
HDLC*
PPP
12. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*
3/19
PPP can only be used between two Cisco devices.
PPP carries packets from several network layer protocols in LCPs.
PPP uses LCPs to establish, configure, and test the data-link connection.*
PPP uses LCPs to agree on format options such as authentication, compression,

and error detection.*
13. A network administrator is configuring a PPP link with the commands:
R1(config-if)# encapsulation ppp

R1(config-if)# ppp quality 70
What is the effect of these commands?

The PPP link will be closed down if the link quality drops below 70 percent.*
The NCP will send a message to the sending device if the link usage reaches 70 percent.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.
The PPP link will not be established if more than 30 percent of options cannot be accepted.
14. What function is provided by Multilink PPP?

spreading traffic across multiple physical WAN links*
dividing the bandwidth of a single link into separate time slots
enabling traffic from multiple VLANs to travel over a single Layer 2 link
creating one logical link between two LAN switches via the use of multiple physical links
15. The graphic shows two boxes. The first box has the following
output:R1(config)# show running-config
<output omitted>
username r2 password 0 Cisco
!
interface Serial0/0/0
ip address 209.165.200.225 255.255.255.252
encapsulation ppp
ppp authentication chapThe second box has this output:R2(config)# show
running-config
<output omitted>
username r1 password 0 Cisco
!
interface Serial0/0/0
ip address 209.165.200.226 255.255.255.252
4/19
encapsulation ppp
ppp authentication chap
Refer to the exhibit.
A network administrator is configuring the PPP link between the routers R1

and R2. However, the link cannot be established. Based on the partial
output of the show running-config command, what is the cause of the
problem?
The usernames do not match each other.
The usernames do not match the host names.*
The passwords for CHAP should be in lowercase.
The username r1 should be configured on the router R1 and the username r2 should be
configured on the router R2.
5/19
A network administrator has configured routers RTA and RTB, but cannot
ping from serial interface to serial interface. Which layer of the OSI model is
the most likely cause of the problem?
application
transport
network
data link*
physical
17. What advantage does DSL have compared to cable technology?

DSL upload and download speeds are always the same.
DSL is faster.
DSL has no distance limitations.
DSL is not a shared medium.*
18. Which broadband technology would be best for a user that needs
remote access when traveling in mountains and at sea?
Wi-Fi Mesh
mobile broadband
WiMax
satellite*
19. Which technology requires the use of PPPoE to provide PPP

connections to customers?
6/19
dialup analog modem
dialup ISDN modem
DSL*
T1
What is the network administrator verifying when issuing the show ip

interface brief command on R1 in respect to the PPPoE connection to R2?
that the Dialer1 interface has been manually assigned an IP address
that the Dialer1 interface is up and up
that the Dialer1 interface has been assigned an IP address by the ISP router*
that the IP address on R1 G0/1 is in the same network range as the DSL modem
21. Which technology creates a mapping of public IP addresses for remote

tunnel spokes in a DMVPN configuration?
ARP
NHRP*
NAT
IPsec
22. What is the purpose of the generic routing encapsulation tunneling

protocol?
to provide packet level encryption of IP traffic between remote sites
7/19
to manage the transportation of IP multicast and multiprotocol traffic between
remote sites*
to support basic unencrypted IP tunneling using multivendor routers between remote sites
to provide fixed flow-control mechanisms with IP tunneling between remote sites
What is used to exchange routing information between routers within each

AS?
static routing
IGP routing protocols*
EGP routing protocols
default routing
8/19
All routers are successfully running the BGP routing protocol. How many
routers must use EBGP in order to share routing information across the
autonomous systems?
2
4*
25. Which IPv4 address range covers all IP addresses that match the ACL
filter specified by 172.16.2.0 with wildcard mask 0.0.1.255?
172.16.2.0 to 172.16.2.255
172.16.2.1 to 172.16.3.254
172.16.2.0 to 172.16.3.255*
172.16.2.1 to 172.16.255.255
9/19
A named access list called chemistry_block has been written to prevent
users on the Chemistry Network and public Internet from access to Records
Server. All other users within the school should have access to this server.
The list contains the following statements:
deny 172.16.102.0 0.0.0.255 172.16.104.252 0.0.0.0

permit 172.16.0.0 0.0.255.255 172.16.104.252 0.0.0.0
Which command sequence will place this list to meet these requirements?
Hera(config)# interface fa0/0
Hera(config-if)# ip access-group chemistry_block in
Hera(config)# interface s0/0/0

Hera(config-if)# ip access-group chemistry_block out
Apollo(config)# interface s0/0/0

Apollo(config-if)# ip access-group chemistry_block out
Apollo(config)# interface s0/0/1

Apollo(config-if)# ip access-group chemistry_block in
Athena(config)# interface s0/0/1

Athena(config-if)# ip access-group chemistry_block in
Athena(config)# interface fa0/0

Athena(config-if)# ip access-group chemistry_block out*
27. What guideline is generally followed about the placement of extended

access control lists?
They should be placed as close as possible to the source of the traffic to be denied.*
They should be placed as close as possible to the destination of the traffic to be denied.
10/19
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
28. In the creation of an IPv6 ACL, what is the purpose of the implicit final
command entries, permit icmp any any nd-na and permit icmp any any nd-
ns?
to allow IPv6 to MAC address resolution*
to allow forwarding of IPv6 multicast packets
to allow automatic address configuration
to allow forwarding of ICMPv6 packets
29. A network administrator is testing IPv6 connectivity to a web server. The

network administrator does not want any other host to connect to the web
server except for the one test computer. Which type of IPv6 ACL could be
used for this situation?
only a standard ACL
a standard or extended ACL
only an extended ACL
an extended, named, or numbered ACL
only a named ACL*
11/19
The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface
of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?
HTTPS packets to PC1
ICMPv6 packets that are destined to PC1*
packets that are destined to PC1 on port 80
neighbor advertisements that are received from the ISP router
31. What is a secure configuration option for remote access to a network

device?
Configure SSH.*
Configure Telnet.
Configure 802.1x.
Configure an ACL and apply it to the VTY lines.
32. What protocol should be disabled to help mitigate VLAN attacks?

DTP*
STP
CDP
ARP
33. Which term describes the role of a Cisco switch in the 802.1X port-
based access control?
agent
supplicant
authenticator*
authentication server
34. What two protocols are supported on Cisco devices for AAA
communications? (Choose two.)
VTP
LLDP
HSRP
RADIUS*
12/19
TACACS+*
35. In configuring SNMPv3, what is the purpose of creating an ACL?

to define the source traffic that is allowed to create a VPN tunnel
to define the type of traffic that is allowed on the management network
to specify the source addresses allowed to access the SNMP agent*
to define the protocols allowed to be used for authentication and encryption
What feature does an SNMP manager need in order to be able to set a

parameter on switch ACSw1?
a manager who is using an SNMP string of K44p0ut
a manager who is using an Inform Request MIB
a manager who is using host 192.168.0.5*
a manager who is using authPriv
37. Which Cisco feature sends copies of frames entering one port to a
different port on the same switch in order to perform traffic analysis?
CSA
HIPS
SPAN*
VLAN
38. What are two characteristics of video traffic? (Choose two.)

Video traffic is more resilient to loss than voice traffic is.
Video traffic is unpredictable and inconsistent.*
Video traffic latency should not exceed 400 ms.*
Video traffic requires a minimum of 30 kbs of bandwidth.
Video traffic consumes less network resources than voice traffic consumes.
13/19
39. Which QoS mechanism allows delay-sensitive data, such as voice, to be
sent first before packets in other queues are sent?
CBWFQ
FIFO
LLQ*
FCFS
40. Refer to the exhibit. As traffic is forwarded out an egress interface with
QoS treatment, which congestion avoidance technique is used?
traffic shaping*
traffic policing
41. Which type of QoS marking is applied to Ethernet frames?

CoS*
ToS
DSCP
IP precedence
42. What is the function of a QoS trust boundary?

A trust boundary identifies the location where traffic cannot be remarked.
A trust boundary identifies which devices trust the marking on packets that enter a
network.*
A trust boundary only allows traffic to enter if it has previously been marked.
A trust boundary only allows traffic from trusted endpoints to enter the network.
43. A vibration sensor on an automated production line detects an unusual

condition. The sensor communicates with a controller that automatically
shuts down the line and activates an alarm. What type of communication
does this scenario represent?
14/19
machine-to-people
machine-to-machine*
people-to-people
people-to-machine
44. Which pillar of the Cisco IoT System allows data to be analyzed and
managed at the location where it is generated?
data analytics
fog computing*
network connectivity
application enhancement platform
45. Which Cloud computing service would be best for a new organization
that cannot afford physical servers and networking equipment and must
purchase network services on-demand?
PaaS
SaaS
ITaaS
IaaS*
46. A data center has recently updated a physical server to host multiple
operating systems on a single CPU. The data center can now provide each
customer with a separate web server without having to allocate an actual
discrete server for each customer. What is the networking trend that is
being implemented by the data center in this situation?
BYOD
virtualization*
maintaining communication integrity
online collaboration
15/19
47. What is used to pre-populate the adjacency table on Cisco devices that
use CEF to process packets?
the ARP table*
the routing table
the FIB
the DSP
48. Which component of the ACI architecture translates application policies

into network programming?
the Nexus 9000 switch
the Application Network Profile endpoints
the Application Policy Infrastructure Controller*
the hypervisor
49. Which two pieces of information should be included in a logical topology

diagram of a network? (Choose two.)
device type
OS/IOS version
connection type*
interface identifier*
cable specification
cable type and identifier
50. Which network performance statistics should be measured in order to

verify SLA compliance?
NAT translation statistics
device CPU and memory utilization
latency, jitter, and packet loss*
the number of error messages that are logged on the syslog server
51. Which feature sends simulated data across the network and measures
performance between multiple network locations?
LLDP
16/19
IP SLA*
syslog
SPAN
52. Which troubleshooting tool would a network administrator use to check

the Layer 2 header of frames that are leaving a particular host?
protocol analyzer*
baselining tool
knowledge base
CiscoView
A network administrator is troubleshooting the OSPF network. The

10.10.0.0/16 network is not showing up in the routing table of Router1. What
is the probable cause of this problem?
The serial interface on Router2 is down.
The OSPF process is not running on Router2.
The OSPF process is configured incorrectly on Router1.
There is an incorrect wildcard mask statement for network 10.10.0.0/16 on Router2.*

17/19
A user turns on a PC after it is serviced and calls the help desk to report
that the PC seems unable to reach the Internet. The technician asks the
user to issue the arp –a and ipconfig commands. Based on the output, what
are two possible causes of the problem? (Choose two.)
The IP configuration is incorrect.*
The network cable is unplugged.
The DNS server address is not configured.
The subnet mask is configured incorrectly.
The default gateway device cannot be contacted.*
55. Match OoS techniques with the description. (Not all options are used.)
18/19
19/19
CCNA 4 v6.0 Final Exam Answers Option B 100%
CCNA5.NET
Option B
1. Which circumstance would result in an enterprise deciding to implement a

corporate WAN?
when its employees become distributed across many branch locations*
when the network will span multiple buildings
when the number of employees exceeds the capacity of the LAN
when the enterprise decides to secure its corporate LAN
2. What are two types of WAN providers? (Choose two.)

DNS servers
satellite service*
web hosting service
telephone company*
Internet search engine service
3. Which two types of devices are specific to WAN environments and are
not found on a LAN? (Choose two.)
access layer switch
broadband modem*
core switch
CSU/DSU*
distribution layer router
4. What is a feature of dense wavelength-division multiplexing (DWDM)

technology?
It replaces SONET and SDH technologies.
It enables bidirectional communications over one strand of fiber.*

1/15
It provides Layer 3 support for long distance data communications.
It provides a 10 Gb/s multiplexed signal over analog copper telephone lines.
5. What is a disadvantage of ATM compared to Frame Relay?

less efficient*
lacks SVC support
does not scale well to provide high speed WAN connections
requires multiple interfaces on the edge router to support multiple VCs
6. Which WAN solution uses labels to identify the path in sending packets
through a provider network?
cable
DSL
Frame Relay
MPLS*
VSAT
7. An intercity bus company wants to offer constant Internet connectivity to

the users traveling on the buses. Which two types of WAN infrastructure
would meet the requirements? (Choose two.)
private infrastructure
public infrastructure*
dedicated
circuit-switched
cellular*
8. What device is needed at a central office to aggregate many digital

subscriber lines from customers?
CMTS
DSLAM*
CSU/DSU
access server
2/15
should be selected?
dial-up connection
10. What is the maximum number of DS0 channels in a 1.544 Mbps T1

line?
2
12
24*
28
What type of Layer 2 encapsulation will be used for RtrA connection D if it is

left to the default and the router is a Cisco router?
Ethernet
Frame Relay
HDLC*
PPP
12. Which two functions are provided by the NCP during a PPP connection?
(Choose two.)
identifying fault conditions for the PPP link
3/15
providing multilink capabilities over the PPP link
bringing the network layer protocol or protocols up and down*
enhancing security by providing callback over PPP
negotiating options for the IP protocol*
managing authentication of the peer routers of the PPP link
13. What PPP information will be displayed if a network engineer issues the
show ppp multilink command on Cisco router?
the link LCP and NCP status
the queuing type on the link
the IP addresses of the link interfaces
the serial interfaces participating in the multilink*
Which statement describes the status of the PPP connection?

Only the link-establishment phase completed successfully.
Only the network-layer phase completed successfully.
Neither the link-establishment phase nor the network-layer phase completed successfully.
Both the link-establishment and network-layer phase completed successfully.*
4/15

16. How does virtualization help with disaster recovery within a data center?
Power is always provided.
Less energy is consumed.
Server provisioning is faster.
Hardware does not have to be identical.*
17. Which broadband solution is appropriate for a home user who needs a
wired connection not limited by distance?
cable*
DSL
WiMax
ADSL
18. What is the protocol that provides ISPs the ability to send PPP frames
over DSL networks?
PPPoE*
CHAP
ADSL
LTE
19. In software defined network architecture, what function is removed from

network devices and performed by an SDN controller?
control plane*
data plane
security
application policies
5/15
20. What would a network administrator expect the routing table of stub
router R1 to look like if connectivity to the ISP was established via a PPPoE
configuration?
192.168.1.0/32 is subnetted, 2 subnetted

C 192.168.1.1 is directly connected, Dialer1
S* 0.0.0.0/0 is directly connected, Dialer1

C 192.168.1.1 is directly connected, Dialer
S* 0.0.0.0/0 is directly connected, Dialer1

C 192.168.1.2 is directly connected, Dialer1*****
21. What is a benefit of implementing a Dynamic Multipoint VPN network

design?
A DMVPN will use an encrypted session and does not require IPsec.
A DMVPN uses a Layer 3 protocol, NHRP, to dynamically establish tunnels.
A DMVPN will support remote peers by providing a mapping database of public IP

addresses to each one.*
A DMVPN uses mGRE to create multiple GRE interfaces that each support a single VPN
tunnel.
22. Which remote access implementation scenario will support the use of
generic routing encapsulation tunneling?
a mobile user who connects to a router at a central site
a branch office that connects securely to a central site
a mobile user who connects to a SOHO site
a central site that connects to a SOHO site without encryption*
6/15
All routers are successfully running the BGP routing protocol. How many
routers must use EBGP in order to share routing information across the
autonomous systems?
2
4*
24. Which statement describes a characteristic of standard IPv4 ACLs?

They are configured in the interface configuration mode.
They filter traffic based on source IP addresses only.*
They can be created with a number but not with a name.
They can be configured to filter traffic based on both source IP addresses and source ports.
25. Which three values or sets of values are included when creating an
extended access control list entry? (Choose three.)
access list number between 1 and 99
access list number between 100 and 199*
default gateway address and wildcard mask
destination address and wildcard mask*
source address and wildcard mask*
source subnet mask and wildcard mask
destination subnet mask and wildcard mask

7/15
A router has an existing ACL that permits all traffic from the 172.16.0.0
network. The administrator attempts to add a new ACE to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is
shown in the exhibit. What action can the administrator take to block
packets from host 172.16.0.1 while still permitting all other traffic from the
172.16.0.0 network?
Manually add the new deny ACE with a sequence number of 5.*
Manually add the new deny ACE with a sequence number of 15.
Create a second access list denying the host and apply it to the same interface.
Add a deny any any ACE to access-list 1.
27. Which three implicit access control entries are automatically added to
the end of an IPv6 ACL? (Choose three.)
deny ip any any
deny ipv6 any any*
permit ipv6 any any
deny icmp any any
permit icmp any any nd-ns*
permit icmp any any nd-na*
28. The computers used by the network administrators for a school are on
the 10.7.0.0/27 network. Which two commands are needed at a minimum to
apply an ACL that will ensure that only devices that are used by the network
administrators will be allowed Telnet access to the routers? (Choose two.)
access-class 5 in*
access-list 5 deny any
8/15
access-list standard VTY
permit 10.7.0.0 0.0.0.127
access-list 5 permit 10.7.0.0 0.0.0.31*
ip access-group 5 out
ip access-group 5 in
29. A network administrator is adding ACLs to a new IPv6 multirouter

environment. Which IPv6 ACE is automatically added implicitly at the end of
an ACL so that two adjacent routers can discover each other?
permit ip any any
permit ip any host ip_address
permit icmp any any nd-na*
deny ip any any
30. What would be the primary reason an attacker would launch a MAC
address overflow attack?
so that the switch stops forwarding traffic
so that legitimate hosts cannot obtain a MAC address
so that the attacker can see frames that are destined for other hosts*
so that the attacker can execute arbitrary code on the switch
31. What are three of the six core components in the Cisco IoT system?
(Choose three.)
fog computing*
wearable technologies
data analytics*
robot guides
cyber and physical security*
smart bandages
32. What security countermeasure is effective for preventing CAM table

overflow attacks?
port security*
DHCP snooping
9/15
IP source guard
Dynamic ARP Inspection
VTP
LLDP
HSRP
RADIUS*
TACACS+*
34. Which SNMP feature provides a solution to the main disadvantage of

SNMP polling?
SNMP set messages
SNMP trap messages*
SNMP get messages
SNMP community strings
35. When SNMPv1 or SNMPv2 is being used, which feature provides

secure access to MIB objects?
packet encryption
message integrity
community strings*
source validation
36. What two features are added in SNMPv3 to address the weaknesses of
previous versions of SNMP? (Choose two.)
bulk MIB objects retrieval
encryption*
authorization with community string priority
authentication*
ACL management filtering
10/15
What feature does an SNMP manager need in order to be able to set a
parameter on switch ACSw1?
a manager who is using an SNMP string of K44p0ut
a manager who is using an Inform Request MIB
a manager who is using host 192.168.0.5*
a manager who is using authPriv
38. Which queuing mechanism supports user-defined traffic classes?

FIFO
CBWFQ*
WFQ
FCFS

CBWFQ
FIFO
LLQ*
FCFS

11/15
traffic shaping*
traffic policing
41. Which field is used to mark Layer 2 Ethernet frames for QoS treatment?
Type of Service field
Traffic Class field
Priority field*
Version field

network.*
data analytics
fog computing*
44. What is an example of cloud computing?

a continuous interaction between people, processes, data, and things
a service that offers on-demand access to shared resources*
a network infrastructure that spans a large geographic area
an architectural style of the World Wide Web
45. Which type of resources are required for a Type 1 hypervisor?

a host operating system
a server running VMware Fusion

12/15
a management console*
a dedicated VLAN
46. A network technician made a configuration change on the core router in

order to solve a problem. However, the problem is not solved. Which step
should the technician take next?
Gather symptoms.
Isolate the problem.
Restore the previous configuration.*
Implement the next possible corrective action.
47. A user reports that when the corporate web page URL is entered on a
web browser, an error message indicates that the page cannot be
displayed. The help-desk technician asks the user to enter the IP address of
the web server to see if the page can be displayed. Which troubleshooting
method is being used by the technician?
top-down
bottom-up
substitution
divide-and-conquer*
48. What is a primary function of the Cisco IOS IP Service Level

Agreements feature?
to detect potential network attacks
to provide network connectivity for customers
to adjust network device configurations to avoid congestion
to measure network performance and discover a network failure as early as

possible*
49. Which IOS log message level indicates the highest severity level?
level 0*
level 1
level 4
level 7
50. Which symptom is an example of network issues at the network layer?

13/15
A misconfigured firewall blocks traffic to a file server.
There are too many invalid frames transmitted in the network.
Neighbor adjacency is formed with some routers, but not all routers.*
A web server cannot be reached by its domain name, but can be reached via its IP
address.
H1 can only ping H2, H3, and the Fa0/0 interface of router R1. H2 and H3
can ping H4 and H5. Why might H1 not be able to successfully ping H4 and
H5?
Router R1 does not have a route to the destination network.
Switch S1 does not have an IP address configured.
The link between router R1 and switch S2 has failed.
Host H1 does not have a default gateway configured.*
Hosts H4 and H5 are members of a different VLAN than host H1.
14/15
On the basis of the output, which two statements about network connectivity
are correct? (Choose two.)
There is connectivity between this device and the device at 192.168.100.1.*
The connectivity between these two hosts allows for videoconferencing calls.
There are 4 hops between this device and the device at 192.168.100.1.*
The average transmission time between the two hosts is 2 milliseconds.
This host does not have a default gateway configured.
53. Fill in the blanks. Use dotted decimal format.

The wildcard mask that is associated with 128.165.216.0/23 is “0.0.1.255” .
54. Match the characteristic to the appropriate authentication protocol. (Not

all options are used.)
55. Match the term to the description. (Not all options are used.)
15/15
CCNA 4 v6.0 Final Exam Answers Option C 100%
CCNA5.NET
Option C
1. What is a primary difference between a company LAN and the WAN

services that it uses?
The company must subscribe to an external WAN service provider.*
The company has direct control over its WAN links but not over its LAN.
Each LAN has a specified demarcation point to clearly separate access layer and
distribution layer equipment.
The LAN may use a number of different network access layer standards whereas the WAN
will use only one standard.
2. Which circumstance would result in an enterprise deciding to implement a

corporate WAN?
when its employees become distributed across many branch locations*
when the network will span multiple buildings
when the number of employees exceeds the capacity of the LAN
when the enterprise decides to secure its corporate LAN
3.To which two layers of the OSI model do WAN technologies provide
services? (Choose two.)
network layer
session layer
physical layer*
transport layer
data link layer*
presentation layer
4. Which two technologies are private WAN technologies? (Choose two.)

cable
1/17
Frame Relay*
DSL
ATM*
cellular
5. Which WAN technology can switch any type of payload based on labels?
PSTN
DSL
MPLS*
T1/E1
6. What technology can be used to create a private WAN via satellite

communications?
VPN
3G/4G cellular
dialup
VSAT*
WiMAX
7. Which public WAN access technology utilizes copper telephone lines to

provide access to subscribers that are multiplexed into a single T3 link
connection?
ISDN
DSL*
dialup
cable

should be selected?
dial-up connection
2/17
9. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1
line?
2
12
24*
28
Communication between two peers has failed. Based on the output that is
shown, what is the most likely cause?
interface reset
unplugged cable
improper cable type
PPP issue*
3/17
Which type of Layer 2 encapsulation used for connection D requires Cisco
routers?
Ethernet
PPPoE
HDLC*
PPP
12. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*
PPP can only be used between two Cisco devices.
PPP carries packets from several network layer protocols in LCPs.
PPP uses LCPs to establish, configure, and test the data-link connection.*
PPP uses LCPs to agree on format options such as authentication, compression,

and error detection.*


14. A network administrator is evaluating authentication protocols for a PPP

link. Which three factors might lead to the selection of CHAP over PAP as
the authentication protocol? (Choose three.)
establishes identities with a two-way handshake
uses a three-way authentication periodically during the session to reconfirm

identities*
control by the remote host of the frequency and timing of login events
transmits login information in encrypted format*
uses an unpredictable variable challenge value to prevent playback attacks*

4/17
makes authorized network administrator intervention a requirement to establish each
session
15. Which cellular or mobile wireless standard is considered a fourth

generation technology?
LTE*
GSM
CDMA
UMTS
16. A company is looking for the least expensive broadband solution that
provides at least 10 Mb/s download speed. The company is located 5 miles
from the nearest provider. Which broadband solution would be appropriate?
satellite
DSL
WiMax
cable*
17. Which technology can ISPs use to periodically challenge broadband

customers over DSL networks with PPPoE?
PAP
CHAP*
HDLC
Frame Relay
18. What are the three core components of the Cisco ACI architecture?
(Choose three.)
Application Network Profile*
Application Policy Infrastructure Controller*
Cisco Nexus Switches*
Microsoft hypervisor
Cisco Information Server
Virtual Security Gateway
19. Which statement describes a feature of site-to-site VPNs?
5/17
The VPN connection is not statically defined.
VPN client software is installed on each host.
Internal hosts send normal, unencapsulated packets.*
Individual hosts can enable and disable the VPN connection.
20. What are three features of a GRE tunnel? (Choose three.)

creates nonsecure tunnels between remote sites*
transports multiple Layer 3 protocols*
creates additional packet overhead*
uses RSA signatures to authenticate peeers
provides encryption to keep VPN traffic confidential
supports hosts as GRE tunnel endpoints by installing Cisco VPN client software
What two commands are needed to complete the GRE tunnel configuration
on router R1? (Choose two.)
R1(config-if)# tunnel source 209.165.202.129*
R1(config-if)# tunnel source 172.16.2.1
R1(config-if)# tunnel destination 206.165.202.130*
R1(config-if)# tunnel destination 172.16.2.2
R1(config-if)# tunnel source 209.165.202.130
6/17
R1(config-if)# tunnel destination 206.165.202.129
22. What does BGP use to exchange routing updates with neighbors?
TCP connections*
area numbers
group identification numbers
hellos
The network administrator that has the IP address of 10.0.70.23/25 needs

to have access to the corporate FTP server (10.0.54.5/28). The FTP server
is also a web server that is accessible to all internal employees on networks
within the 10.x.x.x address. No other traffic should be allowed to this server.
Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
access-list 105 permit tcp host 10.0.54.5 any eq www


access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any***

R2(config-if)# ip access-group 105 in
7/17
R1(config-if)# ip access-group 105 out*
R1(config)# interface s0/0/0

A router has an existing ACL that permits all traffic from the 172.16.0.0
network. The administrator attempts to add a new statement to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is
shown in the exhibit. What action can the administrator take to block
packets from host 172.16.0.1 while still permitting all other traffic from the
172.16.0.0 network?
Manually add the new deny statement with a sequence number of 5.*
Manually add the new deny statement with a sequence number of 15.
Create a second access list denying the host and apply it to the same interface.
Add a deny any any statement to access-list 1.
What can be determined from this output?

The ACL is missing the deny ip any any ACE.
Because there are no matches for line 10, the ACL is not working.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
The router has not had any Telnet packets from 10.35.80.22 that are destined for
10.23.77.101.*
8/17
26. What is the only type of ACL available for IPv6?
named standard
named extended*
numbered standard
numbered extended
27. Which IPv6 ACL command entry will permit traffic from any host to an
SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*
permit tcp any host 2001:DB8:10:10::100 eq 23
Considering how packets are processed on a router that is configured with

ACLs, what is the correct order of the statements?
C-B-A-D
A-B-C-D
C-B-D-A*
B-A-D-C
D-A-C-B
9/17
29. Which two hypervisors are suitable to support virtual machines in a data
center? (Choose two.)
Virtual PC
VMware Fusion
VMware ESX/ESXi*
Oracle VM VirtualBox
Microsoft Hyper-V 2012*
30. How can DHCP spoofing attacks be mitigated?

by disabling DTP negotiations on nontrunking ports
by implementing DHCP snooping on trusted ports*
by implementing port security
by the application of the ip verify source command to untrusted ports
31. What is a secure configuration option for remote access to a network

device?
Configure SSH.*
Configure Telnet.
Configure 802.1x.
Configure an ACL and apply it to the VTY lines.
32. What action can a network administrator take to help mitigate the threat
of VLAN attacks?
Disable VTP.
Configure all switch ports to be members of VLAN 1.
Disable automatic trunking negotiation.*
Enable PortFast on all switch ports.
VTP
LLDP
HSRP
RADIUS*
10/17
TACACS+*
34. Which SNMP message type informs the network management system
(NMS) immediately of certain specified events?
GET request
SET request
GET response
Trap*
A SNMP manager is using the community string of snmpenable and is

configured with the IP address 172.16.10.1. The SNMP manager is unable
to read configuration variables on the R1 SNMP agent. What could be the
problem?
The SNMP agent is not configured for read-only access.
The community of snmpenable2 is incorrectly configured on the SNMP agent.
The ACL is not permitting access by the SNMP manager.*
The incorrect community string is configured on the SNMP manager.
11/17
Which SNMP authentication password must be used by the member of the
ADMIN group that is configured on router R1?
cisco54321
cisco98765
cisco123456*
cisco654321
37. A network administrator has noticed an unusual amount of traffic being

received on a switch port that is connected to a college classroom
computer. Which tool would the administrator use to make the suspicious
traffic available for analysis at the college data center?
RSPAN*
TACACS+
802.1X
DHCP snooping
SNMP
38. What network monitoring tool copies traffic moving through one switch
port, and sends the copied traffic to another switch port for analysis?
802.1X
SNMP
SPAN*
syslog
12/17
39. Voice packets are being received in a continuous stream by an IP
phone, but because of network congestion the delay between each packet
varies and is causing broken conversations. What term describes the cause
of this condition?
buffering
latency
queuing
jitter*
40. What mechanism compensates for jitter in an audio stream by buffering

packets and then replaying them outbound in a steady stream?
digital signal processor
playout delay buffer*
voice codec
WFQ

CBWFQ
FIFO
LLQ*
FCFS
42. Which type of network traffic cannot be managed using congestion

avoidance tools?
TCP
UDP*
IP
ICMP
13/17
traffic shaping*
traffic policing

network.*
45. Which type of QoS marking is applied to Ethernet frames?

CoS*
ToS
DSCP
IP precedence
data analytics
fog computing*
47. A network administrator has moved the company intranet web server
14/17
from a switch port to a dedicated router interface. How can the administrator
determine how this change has affected performance and availability on the
company intranet?
Conduct a performance test and compare with the baseline that was established
previously.*
Determine performance on the intranet by monitoring load times of company web pages
from remote sites.
Interview departmental administrative assistants to determine if web pages are loading

more quickly.
Compare the hit counts on the company web server for the current week to the values that
were recorded in previous weeks.
48. In which stage of the troubleshooting process would ownership be

researched and documented?
Gather symptoms.*
Implement corrective action.
Isolate the problem.
Update the user and document the problem.
49. Which troubleshooting approach is more appropriate for a seasoned

network administrator rather than a less-experienced network
administrator?
a less-structured approach based on an educated guess*
an approach comparing working and nonworking components to spot significant

differences
a structured approach starting with the physical layer and moving up through the layers of
the OSI model until the cause of the problem is identified
an approach that starts with the end-user applications and moves down through the layers
of the OSI model until the cause of the problem has been identified
50. A router has been configured to use simulated network traffic in order to
monitor the network performance between the router and a distant network
device. Which command would display the results of this analysis?
show ip route
show ip protocols
show ip sla statistics*
show monitor
15/17
51. Which type of tool would an administrator use to capture packets that
are going to and from a particular device?
NMS tool
knowledge base
baselining tool
protocol analyzer*
Which two statements describe the results of entering these commands?

(Choose two.)
R1 will send system messages of levels 0 (emergencies) to level 4 (warnings) to a
server.*
R1 will not send critical system messages to the server until the command debug all is
entered.
R1 will reset all the warnings to clear the log.
R1 will output the system messages to the local RAM.
The syslog server has the IPv4 address 192.168.10.10.*
16/17
A network administrator discovers that host A is having trouble with Internet
connectivity, but the server farm has full connectivity. In addition, host A has
full connectivity to the server farm. What is a possible cause of this
problem?
The router has an incorrect gateway.
Host A has an overlapping network address.
Host A has an incorrect default gateway configured.
Host A has an incorrect subnet mask.
NAT is required for the host A network.*
54. Match the operation to the appropriate QoS model.
55. Match the cloud model with the description.
17/17

CCNA 4 v60 Chapters Exam Answers

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

CCNA 4 v60 Chapters Exam Answers

Загружено:

Авторское право:

Доступные форматы

CCNA 4 v6.

0 Chapter 1 Exam Answers 100%

1. A small company with 10 employees uses a single LAN to share

private dedicated lines through their local service provider

a broadband service, such as DSL, through their local service provider*

2. Which network scenario will require the use of a WAN?

3. Which statement describes a characteristic of a WAN?

WAN networks are owned by service providers.*

All serial links are considered WAN connections.

A WAN provides end-user network connectivity to the campus backbone.

4. What are two common types of circuit-switched WAN technologies?

6. What is a requirement of a connectionless packet-switched network?

The network predetermines the route for a packet.

Full addressing information must be carried in each data packet.*

A virtual circuit is created for the duration of the packet delivery.

7. What is an advantage of packet-switched technology over circuit-

Packet-switched networks can efficiently use multiple routes inside a service

Packet-switched networks do not require an expensive permanent connection to each

Packet-switched networks usually experience lower latency than circuit-switched networks

8. A new corporation needs a data network that must meet certain

9. What is a long distance fiber-optic media technology that supports both

10. What are two common high-bandwidth fiber-optic media standards?

15. Which WAN technology establishes a dedicated constant point-to-point

16. A customer needs a metropolitan area WAN connection that provides

19. Which wireless technology provides Internet access through cellular

21. What is the recommended technology to use over a public WAN

22. What can cause a reduction in available bandwidth on a cable

committed information rate

distance from the central office of the provider

23. Which equipment is needed for an ISP to provide Internet connections

24. Which geographic scope requirement would be considered a distributed

25. A corporation is looking for a solution to connect multiple, newly

higher data transmission rate

website and file exchange service support

data security and confidentiality during transmission*

Router(config)# show controllers*

Router(config)# show ip interface

Router(config)# show ip interface brief

3. How does PPP interface with different network layer protocols?

by negotiating with the network layer handler

by encoding the information field in the PPP frame

by specifying the protocol during link establishment through LCP

4. Which address is used in the Address field of a PPP frame?

a single byte of binary 10101010

a single byte of binary 11111111*

5. Which field marks the beginning and end of an HDLC frame?

6. In which situation would the use of PAP be preferable to the use of

when multilink PPP is used

when a network administrator prefers it because of ease of configuration

on a physical Ethernet interface

8. Refer to the exhibit.

A PPP session was successfully established.*

Both PAP and CHAP authentication were attempted.

The debug output is from router R2.

9. Refer to the exhibit.

The passwords do not match.*

The passwords should be longer than 8 characters.

The interface IP addresses are in different subnets.

10. Which is an advantage of using PPP on a serial link instead of HDLC?

higher speed transmission

Serial 0/0/0 is up, line protocol is down

Serial 0/0/0 is down, line protocol is down*

Serial 0/0/0 is up (looped)

Serial 0/0/0 is up (disabled)