Вы находитесь на странице: 1из 111

CCNA 4 v6.

0 Chapter 1 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 1 Exam
Answers 100%

1. A small company with 10 employees uses a single LAN to share


information between computers. Which type of connection to the Internet
would be appropriate for this company?
a dialup connection that is supplied by their local telephone service provider

Virtual Private Networks that would enable the company to connect easily and securely
with employees

private dedicated lines through their local service provider

a broadband service, such as DSL, through their local service provider*

2. Which network scenario will require the use of a WAN?


Employee workstations need to obtain dynamically assigned IP addresses.

Employees need to connect to the corporate email server through a VPN while
traveling.*

Employees in the branch office need to share files with the headquarters office that is
located in a separate building on the same campus network.

Employees need to access web pages that are hosted on the corporate web servers in the
DMZ within their building.

3. Which statement describes a characteristic of a WAN?


A WAN operates within the same geographic scope of a LAN, but has serial links.

WAN networks are owned by service providers.*

All serial links are considered WAN connections.

A WAN provides end-user network connectivity to the campus backbone.

4. What are two common types of circuit-switched WAN technologies?


(Choose two.)
Frame Relay

DSL
1/7
PSTN*

ATM

ISDN*

5. Which two devices are needed when a digital leased line is used to
provide a connection between the customer and the service provider?
(Choose two.)
access server

CSU*

Layer 2 switch

DSU*

dialup modem

6. What is a requirement of a connectionless packet-switched network?


Each packet has to carry only an identifier.

The network predetermines the route for a packet.

Full addressing information must be carried in each data packet.*

A virtual circuit is created for the duration of the packet delivery.

7. What is an advantage of packet-switched technology over circuit-


switched technology?
Packet-switched networks are less susceptible to jitter than circuit-switched networks are.

Packet-switched networks can efficiently use multiple routes inside a service


provider network.*

Packet-switched networks do not require an expensive permanent connection to each


endpoint.

Packet-switched networks usually experience lower latency than circuit-switched networks


experience.

8. A new corporation needs a data network that must meet certain


requirements. The network must provide a low cost connection to sales
people dispersed over a large geographical area. Which two types of WAN
infrastructure would meet the requirements? (Choose two.)
public infrastructure*

private infrastructure

2/7
Internet*

dedicated

satellite

9. What is a long distance fiber-optic media technology that supports both


SONET and SDH, and assigns incoming optical signals to specific
wavelengths of light?
ISDN

MPLS

ATM

DWDM*

10. What are two common high-bandwidth fiber-optic media standards?


(Choose two.)
ANSI

ATM

ITU

SDH*

SONET*

11. Which WAN technology is cell-based and well suited to carry voice and
video traffic?
ATM*

ISDN

VSAT

Frame Relay

12. Which two technologies use the PSTN network to provide an Internet
connection? (Choose two.)
ATM

ISDN*

MPLS

dialup*

Frame Relay

3/7
13. A company needs to interconnect several branch offices across a
metropolitan area. The network engineer is seeking a solution that provides
high-speed converged traffic, including voice, video, and data on the same
network infrastructure. The company also wants easy integration to their
existing LAN infrastructure in their office locations. Which technology should
be recommended?
VSAT

ISDN

Frame Relay

Ethernet WAN*

14. Which solution can provide Internet access to remote locations where
no regular WAN services are available?
VSAT*

WiMAX

Ethernet

municipal Wi-Fi

15. Which WAN technology establishes a dedicated constant point-to-point


connection between two sites?
ATM

ISDN

leased lines*

Frame Relay

16. A customer needs a metropolitan area WAN connection that provides


high-speed, dedicated bandwidth between two sites. Which type of WAN
connection would best fulfill this need?
circuit-switched network

Ethernet WAN*

MPLS

packet-switched network

17. Which feature is used when connecting to the Internet using DSL?
DSLAM*

CMTS
4/7
IEEE 802.16

LTE

18. Which connectivity method would be best for a corporate employee who
works from home two days a week, but needs secure access to internal
corporate databases?
cable

DSL

VPN*

WiMAX

19. Which wireless technology provides Internet access through cellular


networks?
satellite

municipal WiFi

LTE*

WiMAX

20. A home user lives within 10 miles (16 kilometers) of the Internet provider
network. Which type of technology provides high-speed broadband service
with wireless access for this home user?
802.11

municipal Wi-Fi

DSL

WiMAX*

21. What is the recommended technology to use over a public WAN


infrastructure when a branch office is connected to the corporate site?
ATM

ISDN

municipal Wi-Fi

VPN*

22. What can cause a reduction in available bandwidth on a cable


broadband connection?
smaller cells
5/7
number of subscribers*

committed information rate

distance from the central office of the provider

23. Which equipment is needed for an ISP to provide Internet connections


through cable service?
CMTS*

DSLAM

CSU/DSU

access server

24. Which geographic scope requirement would be considered a distributed


WAN scope?
local

one-to-one

one-to-many

many-to-many*

regional

global

25. A corporation is looking for a solution to connect multiple, newly


established remote branch offices. Which consideration is important when
selecting a private WAN connection rather than a public WAN connection?
lower cost

higher data transmission rate

website and file exchange service support

data security and confidentiality during transmission*

26. Match the type of WAN device or service to the descriptions. (Not all
options are used.)

6/7
27. Match the connectivity type to the description. (Not all options are used.)

7/7
CCNA 4 v6.0 Chapter 2 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 2 Exam
Answers 100%

1. Which three are types of LCP frames used with PPP? (Choose three.)
link-negotiation frames

link-acknowledgment frames

link-maintenance frames*

link-termination frames*

link-control frames

link-establishment frames*

2. Which command can be used to view the cable type that is attached to a
serial interface?
Router(config)# show interfaces

Router(config)# show controllers*

Router(config)# show ip interface

Router(config)# show ip interface brief

3. How does PPP interface with different network layer protocols?


by using separate NCPs*

by negotiating with the network layer handler

by encoding the information field in the PPP frame

by specifying the protocol during link establishment through LCP

4. Which address is used in the Address field of a PPP frame?


a single byte of binary 00000000

a single byte of binary 10101010

a single byte of binary 11111111*

1/7
the IP address of the serial interface

5. Which field marks the beginning and end of an HDLC frame?


Data

FCS

Control

Flag*

6. In which situation would the use of PAP be preferable to the use of


CHAP?
when router resources are limited

when multilink PPP is used

when plain text passwords are needed to simulate login at the remote host*

when a network administrator prefers it because of ease of configuration

7. When configuring Multilink PPP, where is the IP address for the multilink
bundle configured?
on a physical serial interface

on a subinterface

on a multilink interface*

on a physical Ethernet interface

8. Refer to the exhibit.

2/7
Based on the debug command output that is shown, which statement is true
of the operation of PPP.
CHAP authentication failed because of an unknown hostname.

A PPP session was successfully established.*

Both PAP and CHAP authentication were attempted.

The debug output is from router R2.

9. Refer to the exhibit.

A network administrator is configuring the PPP link between the two routers.
However, the PPP link cannot be established. Based on the partial output of
the show running-config command, what is the cause of the problem?​
The usernames do not match.

The passwords do not match.*

The passwords should be longer than 8 characters.

The interface IP addresses are in different subnets.

10. Which is an advantage of using PPP on a serial link instead of HDLC?


option for authentication*

higher speed transmission

fixed-size frames
3/7
option for session establishment

11. Which protocol will terminate the PPP link after the exchange of data is
complete?
NCP

LCP*

IPCP

IPXCP

12. Which serial 0/0/0 interface state will be shown if no serial cable is
attached to the router, but everything else has been correctly configured
and turned on?
Serial 0/0/0 is up, line protocol is up

Serial 0/0/0 is up, line protocol is down

Serial 0/0/0 is down, line protocol is down*

Serial 0/0/0 is up (looped)

Serial 0/0/0 is up (disabled)

Serial 0/0/0 is administratively down, line protocol is down

13. How much total bandwidth is provided by a T1 line?


1.544 Mb/s*

64 kb/s

128 b/s

43.736 Mb/s

14. A network engineer is monitoring an essential, but poor quality, PPP


WAN link that periodically shuts down. An examination of the interface
configurations shows that the ppp quality 90 command has been issued.
What action could the engineer take to reduce the frequency with which the
link shuts down?
Issue the command ppp quality 70.*

Issue the command ppp quality 100.

Set the DCE interface to a lower clock rate.

Use the bandwidth command to increase the bandwidth of the link.

4/7
15. A network engineer is troubleshooting the loss of MPEG video viewing
quality as MPEG video files cross a PPP WAN link. What could be causing
this loss of quality?
PAP authentication was misconfigured on the link interfaces.

The clock rates configured on each serial interface do not match.

Link Quality Monitoring was not configured correctly on each interface.

The compress command was used when PPP was configured on the interfaces.*

16. Which PPP option can detect links that are in a looped-back condition?
Magic Number*

MRU

Callback

ACCM

17. A network engineer has issued the show interfaces serial 0/0/0
command on a router to examine the open NCPs on a PPP link to another
router. The command output displays that the encapsulation is PPP and
that the LCP is open. However, the IPV6CP NCP is not shown as open.
What does the engineer need to configure to open the IPV6CP NCP on the
link?
Configure CHAP authentication on each router.

Configure PPP multilink interfaces on each router.

Configure an IPv6 address on each interface on the link.*

Issue the compress predictor command on each interface on the link.

18. Which three physical layer interfaces support PPP? (Choose three.)
FastEthernet

GigabitEthernet

Ethernet

asynchronous serial *

synchronous serial*

HSSI*

19. What are three components of PPP? (Choose three.)


authorization
5/7
LCP*

parallel communications

NCP*

support for LAN and WAN

HDLC-like framing*

20. Refer to the exhibit.

What type of Layer 2 encapsulation will be used for connection D on the


basis of this configuration on a newly installed router:
RtrA(config)# interface serial0/0/0
RtrA(config-if)# ip address 128.107.0.2 255.255.255.252
RtrA(config-if)# no shutdown

Ethernet

Frame Relay

HDLC*

PPP

21. Which two statements describe a PPP connection between two Cisco
routers? (Choose two.)
LCP tests the quality of the link.*

LCP manages compression on the link.*

Only a single NCP is allowed between the two routers.

NCP terminates the link when data exchange is complete.

With CHAP authentication, the routers exchange plain text passwords.

6/7
22. Match the PPP options with the correct description. (Not all options are
used.)

23. Match the phases of establishing a PPP session in the correct order.
(Not all options are used.)

24. Match the steps to the PPP CHAP authentication process sequence.
(Not all options are used.)

25. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.
Why is the serial link between router R1 and router R2 not operational?
In each case the expected username is not the same as the remote router hostname.*

The passwords are different in both routers.

The encapsulation in both routers does not match.

The authentication type is not the same in both routers.

7/7
CCNA 4 v6.0 Chapter 3 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 3 Exam
Answers 100%

1. Which broadband wireless technology is based on the 802.11 standard?


municipal Wi-Fi*

WiMAX

CDMA

UMTS

2. What is the approximate distance limitation for providing a satisfactory


ADSL service from the central office to a customer?
3.39 miles or 5.46 kilometers*

2.11 miles or 3.39 kilometers

6.21 miles or 10 kilometers

11.18 miles or 18 kilometers

3. What is a component of an ADSL connection that is located at the


customer site?
CO

CPE*

SOHO

DSLAM

4. What is the function of the DSLAM in a broadband DSL network?


multiplexes individual customer DSL connections into a single upstream link*

communicates directly with customer cable modems to provide Internet services to


customers

communicates directly with customer cable modems to provide Internet services to


customers

1/9
separates POTS traffic from ADSL traffic

5. Which broadband technology would be best for a small office that


requires fast upstream connections?
DSL

fiber-to-the-home*

cable

WiMax

6. What are two WAN connection enhancements that are achieved by


implementing PPPoE? (Choose two.)
Encapsulating Ethernet frames within PPP frames is an efficient use of bandwidth.

DSL CHAP features are included in PPPoE.

PPP enables the ISP to assign an IP address to the customer WAN interface.*

An Ethernet link supports a number of data link protocols.

CHAP enables customer authentication and accounting.*

7. When PPPoE is configured on a customer router, which two commands


must have the same value for the configuration to work? (Choose two.)
dialer pool 2*

interface dialer 2

ppp chap password 2

interface gigabitethernet 0/2

pppoe-client dial-pool-number 2*

ppp chap hostname 2

8. Why is the MTU for a PPPoE DSL configuration reduced from 1500 bytes
to 1492?
to enable CHAP authentication

to reduce congestion on the DSL link

to accommodate the PPPoE headers*

to establish a secure tunnel with less overhead

9. What are two characteristics of a PPPoE configuration on a Cisco


customer router? (Choose two.)
2/9
The PPP configuration is on the dialer interface.*

An MTU size of 1492 bytes is configured on the Ethernet interface.

The Ethernet interface does not have an IP address.*

The customer router CHAP username and password are independent of what is configured
on the ISP router.

The dialer pool command is applied to the Ethernet interface to link it to the dialer interface.

10. Where is PPPoE configured on a Cisco router?


on an Ethernet interface

on the dialer interface*

on a serial interface

on any physical interface

11. How can the use of VPNs in the workplace contribute to lower operating
costs?
High-speed broadband technology can be replaced with leased lines.

VPNs can be used across broadband connections rather than dedicated WAN links.*

VPNs prevents connectivity to SOHO users.

VPNs require a subscription from a specific Internet service provider that specializes in
secure connections.

12. How is “tunneling” accomplished in a VPN?


New headers from one or more VPN protocols encapsulate the original packets.*

All packets between two hosts are assigned to a single physical medium to ensure that the
packets are kept private.

Packets are disguised to look like other types of traffic so that they will be ignored by
potential attackers.

A dedicated circuit is established between the source and destination devices for the
duration of the connection.

13. Which two statements describe a remote access VPN? (Choose two.)
It connects entire networks to each other.

It requires hosts to send TCP/IP traffic through a VPN gateway.

It is used to connect individual hosts securely to a company network over the


Internet.*
3/9
It may require VPN client software on hosts.*

It requires static configuration of the VPN tunnel.

14. Which is a requirement of a site-to-site VPN?


It requires a client/server architecture.

It requires the placement of a VPN server at the edge of the company network.

It requires hosts to use VPN client software to encapsulate traffic.

It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.*

15. What functionality does mGRE provide to the DMVPN technology?


It allows the creation of dynamically allocated tunnels through a permanent tunnel
source at the hub and dynamically allocated tunnel destinations at the spokes.*

It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.

It provides secure transport of private information over public networks, such as the
Internet.

It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable
manner.

16. Which two scenarios are examples of remote access VPNs? (Choose
two.)
A toy manufacturer has a permanent VPN connection to one of its parts suppliers.

All users at a large branch office can access company resources through a single VPN
connection.

A mobile sales agent is connecting to the company network via the Internet
connection at a hotel.*

A small branch office with three employees has a Cisco ASA that is used to create a VPN
connection to the HQ.

An employee who is working from home uses VPN client software on a laptop in
order to connect to the company network.*

17. Refer to the exhibit.

4/9
What solution can provide a VPN between site A and site B to support
encapsulation of any Layer 3 protocol between the internal networks at
each site?
a GRE tunnel*

an IPsec tunnel

a remote access tunnel

Cisco SSL VPN

18. Which three statements are characteristics of generic routing


encapsulation (GRE)? (Choose three.)
GRE encapsulation supports any OSI Layer 3 protocol.*

GRE is stateless.*

GRE does not have strong security mechanisms.*

The GRE header alone adds at least 24 bytes of overhead.

GRE provides flow control by default.

GRE is the most secure tunneling protocol.

19. Refer to the exhibit.

5/9
Which IP address is configured on the physical interface of the CORP
router?
10.1.1.1

10.1.1.2

209.165.202.133*

209.165.202.134

20. Refer to the exhibit.

Which IP address would be configured on the tunnel interface of the


destination router?
172.16.1.1

172.16.1.2*
6/9
209.165.200.225

209.165.200.226

21. Refer to the exhibit.

A tunnel was implemented between routers R1 and R2. Which two


conclusions can be drawn from the R1 command output? (Choose two.)
This tunnel mode is not the default tunnel interface mode for Cisco IOS software.

This tunnel mode provides encryption.

The data that is sent across this tunnel is not secure.*

This tunnel mode does not support IP multicast tunneling.

A GRE tunnel is being used.*

22. What is used by BGP to determine the best path to a destination?


cost

hop count

attributes*

administrative distance

23. What command specifies a BGP neighbor that has an IP address of


5.5.5.5/24 and that is in AS 500?
(config-router)# neighbor 5.5.5.5 remote-as 500*

(config-router)# router bgp 500

(config-router)# neighbor 500 remote-as 5.5.5.5

7/9
(config-router)# network 5.0.0.0 0.0.0.255

24. True or False?


Multiple BGP processes can run on a router.
true

false*

25. Refer to the exhibit.

Which two configurations will allow router R1 to establish a neighbor


relationship with router R2? (Choose two.)
R1(config)# router bgp 65001
R1(config-router)# network 192.168.20.0

R1(config)# router bgp 65001


R1(config-router)# network 192.168.10.0
R1(config-router)# neighbor 209.165.200.226 remote-as 65002*

R1(config)# router bgp 65002


R1(config-router)# network 192.168.20.0
R1(config-router)# neighbor 209.165.200.225 remote-as 65001

R2(config)# router bgp 65002


R2(config-router)# network 192.168.10.0

R2(config)# router bgp 65002


R2(config-router)# network 192.168.10.0
R2(config-router)# neighbor 209.165.200.226 remote-as 65002

R2(config)# router bgp 65002


R2(config-router)# network 192.168.20.0
R2(config-router)# neighbor 209.165.200.225 remote-as 65001*

26. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.

8/9
What is the code displayed on the web page?
Welldone!

BGP is running!*

BGP is configured!

Configuration is correct!

9/9
CCNA 4 v6.0 Chapter 4 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 4 Exam
Answers 100%

1. Which range represents all the IP addresses that are affected when
network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.127.255.255

10.120.160.0 to 10.120.167.255*

10.120.160.0 to 10.120.168.0

10.120.160.0 to 10.120.191.255

2. What two functions describe uses of an access control list? (Choose


two.)
ACLs assist the router in determining the best path to a destination.

Standard ACLs can restrict access to specific applications and ports.

ACLs provide a basic level of security for network access.*

ACLs can permit or deny traffic based upon the MAC address originating on the router.

ACLs can control which areas a host can access on a network.*

3. Which two statements describe the effect of the access control list
wildcard mask 0.0.0.15? (Choose two.)
The first 28 bits of a supplied IP address will be ignored.

The last four bits of a supplied IP address will be ignored.*

The first 32 bits of a supplied IP address will be matched.

The first 28 bits of a supplied IP address will be matched.*

The last five bits of a supplied IP address will be ignored.

The last four bits of a supplied IP address will be matched.

4. Refer to the exhibit.

1/8
A network administrator is configuring an ACL to limit the connection to R1
vty lines to only the IT group workstations in the network 192.168.22.0/28.
The administrator verifies the successful Telnet connections from a
workstation with IP 192.168.22.5 to R1 before the ACL is applied. However,
after the ACL is applied to the interface Fa0/0, Telnet connections are
denied. What is the cause of the connection failure?
The permit ACE specifies a wrong port number.

The enable secret password is not configured on R1.

The login command has not been entered for vty lines.

The IT group network is included in the deny statement.*

The permit ACE should specify protocol ip instead of tcp.

5. Refer to the exhibit.

2/8
The network administrator that has the IP address of 10.0.70.23/25 needs
to have access to the corporate FTP server (10.0.54.5/28). The FTP server
is also a web server that is accessible to all internal employees on networks
within the 10.x.x.x address. No other traffic should be allowed to this server.
Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any

access-list 105 permit tcp host 10.0.54.5 any eq www


access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20


access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any**

R2(config)# interface gi0/0


R2(config-if)# ip access-group 105 in

R1(config)# interface gi0/0


R1(config-if)# ip access-group 105 out**

R1(config)# interface s0/0/0


R1(config-if)# ip access-group 105 out

6. A network administrator is designing an ACL. The networks


192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and
192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is
the most efficient to use when specifying all of these networks in a single
ACL permit entry?
0.0.0.127

0.0.0.255

0.0.1.255*

0.0.255.255

A single ACL command and wildcard mask should not be used to specify these particular
networks or other traffic will be permitted or denied and present a security risk.

7. Refer to the exhibit.

3/8
A network administrator wants to permit only host 192.168.1.1 /24 to be
able to access the server 192.168.2.1 /24. Which three commands will
achieve this using best ACL placement practices? (Choose three.)
R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1*

R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0


255.255.255.0

R2(config)# interface fastethernet 0/0*

R2(config-if)# ip access-group 101 out

R2(config)# access-list 101 permit ip any any

R2(config)# interface fastethernet 0/1

R2(config-if)# ip access-group 101 in*

8. Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs use a number range from 1-99.

Extended ACLs end with an implicit permit statement.

Extended ACLs evaluate the source and destination addresses.*

Port numbers can be used to add greater definition to an ACL.*

Multiple ACLs can be placed on the same interface as long as they are in the same
direction.

9. Which three values or sets of values are included when creating an


extended access control list entry? (Choose three.)
access list number between 1 and 99

access list number between 100 and 199*

default gateway address and wildcard mask


4/8
destination address and wildcard mask*

source address and wildcard mask*

source subnet mask and wildcard mask

destination subnet mask and wildcard mask

10. Refer to the exhibit.

This ACL is applied on traffic outbound from the router on the interface that
directly connects to the 10.0.70.5 server. A request for information from a
secure web page is sent from host 10.0.55.23 and is destined for the
10.0.70.5 server. Which line of the access list will cause the router to take
action (forward the packet onward or drop the packet)?
1

3*

the deny ip any any that is at the end of every ACL

11. Which set of access control entries would allow all users on the
192.168.10.0/24 network to access a web server that is located at
172.17.80.1, but would not allow them to use Telnet?
access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80

access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1


access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80


access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23*

access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80


access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

5/8
12. Which two packet filters could a network administrator use on an IPv4
extended ACL? (Choose two.)
destination MAC address

ICMP message type*

computer type

source TCP hello address

destination UDP port number*

13. Which two ACE commands will block traffic that is destined for a web
server which is listening to default ports? (Choose two.)
access-list 110 deny tcp any any eq 21

access-list 110 deny tcp any any eq https*

access-list 110 deny tcp any any gt 443

access-list 110 deny tcp any any gt 75*

access-list 110 deny tcp any any lt 80

14. Which feature is unique to IPv6 ACLs when compared to those of IPv4
ACLs?
the use of wildcard masks

an implicit deny any any ACE

the use of named ACL ACE

an implicit permit of neighbor discovery packets*

15. What two ACEs could be used to deny IP traffic from a single source
host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255*

access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1

access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255

access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255*

access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255

access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0

16. Refer to the exhibit.

6/8
The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface
of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?
HTTPS packets to PC1

ICMPv6 packets that are destined to PC1*

packets that are destined to PC1 on port 80

neighbor advertisements that are received from the ISP router

17. Which command is used to activate an IPv6 ACL named ENG_ACL on


an interface so that the router filters traffic prior to accessing the routing
table?
ipv6 access-class ENG_ACL in

ipv6 access-class ENG_ACL out

ipv6 traffic-filter ENG_ACL in*

ipv6 traffic-filter ENG_ACL out

18. Which IPv6 ACL command entry will permit traffic from any host to an
SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*

permit tcp host 2001:DB8:10:10::100 any eq 25

permit tcp any host 2001:DB8:10:10::100 eq 23

permit tcp host 2001:DB8:10:10::100 any eq 23

7/8
19. In applying an ACL to a router interface, which traffic is designated as
outbound?
traffic that is coming from the source IP address into the router

traffic that is leaving the router and going toward the destination host*

traffic that is going from the destination IP address into the router

traffic for which the router can find no routing table entry

20. Fill in the blanks. Use dotted decimal format.


The wildcard mask that is associated with the network 192.168.12.0/24 is “0.0.0.255”

21. An access list has been applied to a router LAN interface in the inbound
direction. The IP address of the LAN segment is 192.168.83.64/26. The
entire ACL appears below:
access-list 101 deny tcp 192.168.83.64 0.0.0.63 any eq 23

access-list 101 permit ip 192.168.83.64 0.0.0.63 192.168.83.128 0.0.0.63

Drag the descriptions of the packets on the left to the action that the router
will perform on the right.

22. Match each statement with the example subnet and wildcard that it
describes. (Not all options are used.)

8/8
CCNA 4 v6.0 Chapter 5 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 5 Exam
Answers 100%

1. What is the behavior of a switch as a result of a successful CAM table


attack?
The switch will forward all received frames to all other ports.*

The switch will shut down.

The switch will drop all received frames.

The switch interfaces will transition to the error-disabled state.

2. What network attack seeks to create a DoS for clients by preventing them
from being able to obtain a DHCP lease?
DHCP starvation*

DHCP spoofing

IP address spoofing

CAM table attack

3. Refer to the exhibit.

1/9
Which interface on switch S1 should be configured as a DHCP snooping
trusted port to help mitigate DHCP spoofing attacks?
G0/23*

G0/1

G0/24

G0/22

4. When using 802.1X authentication, what device controls physical access


to the network, based on the authentication status of the client?
the switch that the client is connected to*

the authentication server

the supplicant

the router that is serving as the default gateway

5. What device is considered a supplicant during the 802.1X authentication


process?
the client that is requesting authentication*

the switch that is controlling network access

the authentication server that is performing client authentication

the router that is serving as the default gateway

6. What is a drawback of the local database method of securing device


access that can be solved by using AAA with centralized servers?
There is no ability to provide accountability.

It is very susceptible to brute-force attacks because there is no username.

The passwords can only be stored in plain text in the running configuration.

User accounts must be configured locally on each device, which is an unscalable


authentication solution.*

7. Refer to the exhibit.

2/9
PC1 and PC2 should be able to obtain IP address assignments from the
DHCP server. How many ports among switches should be assigned as
trusted ports as part of the DHCP snooping configuration?
1

7*

8. What protocol is used to encapsulate the EAP data between the


authenticator and authentication server performing 802.1X authentication?
RADIUS*

TACACS+

SSH

MD5

9. Which two protocols are used to provide server-based AAA


authentication? (Choose two.)
SSH

TACACS+*

RADIUS*
3/9
802.1x

SNMP

10. Which protocol defines port-based authentication to restrict


unauthorized hosts from connecting to the LAN through publicly accessible
switch ports?
802.1x*

RADIUS

TACACS+

SSH

11. What are three techniques for mitigating VLAN attacks? (Choose three.)
Disable DTP.*

Enable trunking manually.*

Set the native VLAN to an unused VLAN.*

Enable BPDU guard.

Enable Source Guard.

Use private VLANs.

12. Which statement describes SNMP operation?


An NMS periodically polls the SNMP agents that are residing on managed devices by using
traps to query the devices for data.​

A get request is used by the SNMP agent to query the device for data.​

An SNMP agent that resides on a managed device collects information about the device
and stores that information remotely in the MIB that is located on the NMS.​

A set request is used by the NMS to change configuration variables in the agent
device.*

13. A network administrator is analyzing the features supported by the


multiple versions of SNMP. What are two features that are supported by
SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.)
bulk retrieval of MIB information

message source validation*

community-based security

message encryption*
4/9
SNMP trap mechanism

14. Which protocol or service can be configured to send unsolicited


messages to alert the network administrator about a network event such as
an extremely high CPU utilization on a router?
SNMP*

syslog

NTP

NetFlow

15. What is the function of the MIB element as part of a network


management system?
to store data about a device*

to collect data from SNMP agents

to change configurations on SNMP agents

to send and retrieve network management information

16. Which SNMP version uses weak community string-based access control
and supports bulk retrieval?
SNMPv2c*

SNMPv1

SNMPv2Classic​

SNMPv3​

17. What are SNMP trap messages?


messages that are used by the NMS to query the device for data

unsolicited messages that are sent by the SNMP agent and alert the NMS to a
condition on the network*

messages that are used by the NMS to change configuration variables in the agent device

messages that are sent periodically by the NMS to the SNMP agents that reside on
managed devices to query the device for data

18. A network administrator issues two commands on a router:


R1(config)# snmp-server host 10.10.50.25 version 2c campus
R1(config)# snmp-server enable traps

What can be concluded after the commands are entered?


5/9
No traps are sent, because the notification-types argument was not specified yet.

Traps are sent with the source IP address as 10.10.50.25.

If an interface comes up, a trap is sent to the server.*

The snmp-server enable traps command needs to be used repeatedly if a particular subset
of trap types is desired.

19. Refer to the exhibit.

What can be concluded from the produced output?


An ACL was configured to restrict SNMP access to an SNMP manager.*

This is the output of the show snmp command without any parameters.

The system contact was not configured with the snmp-server contact command.

The location of the device was not configured with the snmp-server location command.

20. Refer to the exhibit.

A SNMP manager has IP address 172.16.1.120. The SNMP manager is


unable to change configuration variables on the R1 SNMP agent. What
could be the problem?
The ACL of ACL_SNMP has not been implemented on an interface yet.

6/9
The IP address of the SNMP manager must be 172.16.1.1.

The SNMP agent should have traps disabled.

The SNMP agent is not configured for write access.*

21. Refer to the exhibit.

Router R1 was configured by a network administrator to use SNMP version


2. The following commands were issued:
R1(config)# snmp-server community batonaug ro SNMP_ACL
R1(config)# snmp-server contact Wayne World
R1(config)# snmp-server host 192.168.1.3 version 2c batonaug
R1(config)# ip access-list standard SNMP_ACL
R1(config-std-nacl)# permit 192.168.10.3

Why is the administrator not able to get any information from R1?
The snmp-server enable traps command is missing.​

The snmp-server community command needs to include the rw keyword.​

There is a problem with the ACL configuration.*

The snmp-server location command is missing.​

22. A network administrator has issued the snmp-server user admin1 admin
v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two
features of this command? (Choose two.)
It adds a new user to the SNMP group.*

It restricts SNMP access to defined SNMP managers.

7/9
It forces the network manager to log into the agent to retrieve the SNMP messages.

It uses the MD5 authentication of the SNMP messages.*

It allows a network administrator to configure a secret encrypted password on the SNMP


server.

23. Which statement describes the RSPAN VLAN?


The RSPAN VLAN must be the same as the native VLAN.

The RSPAN VLAN can be used to carry secure traffic between switches.

The RSPAN VLAN can be used for remote management of network switches.

The RSPAN VLAN must be the same on both the source and destination switch.*

24. Which statement describes the function of the SPAN tool used in a
Cisco switch?
It supports the SNMP trap operation on a switch.

It provides interconnection between VLANs over multiple switches.

It is a secure channel for a switch to send logging to a syslog server.

It copies the traffic from one switch port and sends it to another switch port that is
connected to a monitoring device.*

25. Refer to the exhibit.

Based on the output generated by the show monitor session 1 command,


how will SPAN operate on the switch?
All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet
0/1.

8/9
All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to
FastEthernet 0/1.*

Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to


FastEthernet 0/1.

Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to


FastEthernet 0/1.

26. Refer to the exhibit.

Which command or set of commands will configure SW_A to copy all traffic
for the server to the packet analyzer?
Sw_A(config)# monitor session 5 source interface gi0/1
Sw_A(config)# monitor session 6 destination interface fa0/7

Sw_A(config)# monitor session 5 source interface gi0/1


Sw_A(config)# monitor session 5 destination interface fa0/7*

Sw_A(config)# monitor session 1 destination interface fa0/7

Sw_A(config)# monitor session 1 destination interface gi0/1


Sw_A(config)# monitor session 1 source interface fa0/1

Sw_A(config)# monitor session 1 source interface fa0/7

9/9
CCNA 4 v6.0 Chapter 6 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 6 Exam
Answers 100%

1. When QoS is implemented in a converged network, which two factors


can be controlled to improve network performance for real-time traffic?
(Choose two.)
link speed

delay*

packet routing

jitter*

packet addressing

2. A network engineer performs a ping test and receives a value that shows
the time it takes for a packet to travel from a source to a destination device
and return. Which term describes the value?
jitter

latency*

priority

bandwidth

3. What are two characteristics of voice traffic? (Choose two.)


Dropped voice packets are not retransmitted. *

Voice traffic requires at least 384 kbs of bandwidth.

Voice traffic consumes lots of network resources.

Voice traffic is unpredictable and inconsistent.

Voice traffic latency should not exceed 150 ms.*

4. How does a Cisco router using tail drop handle congestion when a traffic
queue becomes full?
The router will only drop non delay-sensitive data that is close to the end of the queue.
1/6
The router will drop any packet that arrives at the end of the queue.*

The router will remove the most recent data placed in the queue to make space for an
arriving packet.

The router will remove the packet in the front of the queue, move all other packets forward,
and insert the just arrived packet at the end.

5. For classifying packets into classes with CBWFQ, what is the purpose of
configuring a maximum packet limit for a class?
to control the maximum number of packets allowed in a single queue*

to control the maximum number of packets allowed to be discarded

to control the maximum number of packets that can be forwarded each second on an
egress interface

to control the maximum number of packets that can be received each second on an ingress
interface

6. A network engineer is selecting a QoS method to control congestion on a


VPN tunnel link between the headquarters site and a branch office. Which
queuing method cannot be used to classify and control VPN traffic?
FIFO

WFQ*

CBWFQ

LLQ

7. An administrator has mastered the use of access control lists (ACLs) and
wants to deploy QoS by defining different traffic classes through the use of
ACLs. Which queuing method provides this functionality?
FIFO

WFQ

FCFS

CBWFQ*

8. Which queuing algorithm has only a single queue and treats all packets
equally?
FIFO*

CBWFQ

WFQ
2/6
LLQ

9. A network administrator is deploying QoS with the ability to provide a


special queue for voice traffic so that voice traffic is forwarded before
network traffic in other queues. Which queuing method would be the best
choice?
FIFO

WFQ

CBWFQ

LLQ*

10. What are two characteristics of DiffServ QoS model? (Choose two.)
the easiest QoS model to deploy

groups all TCP flows into a single class*

delivers end to end QoS

uses the Resource Reservation Protocol (RSVP) to signal QoS requirements

can divide network traffic into classes based on business requirements*

11. What are two characteristics of the best-effort QoS model? (Choose
two.)
It does not provide a delivery guarantee for packets.*

It uses a connection-oriented approach with QoS.

It treats all network packets in the same way.*

It allows end hosts to signal their QoS needs to the network.

It provides preferential treatment for voice packets.

12. What role do network devices play in the IntServ QoS model?
Network devices ensure that resources are available before traffic is allowed to be
sent by a host through the network.*

Network devices provide a best-effort approach to forwarding traffic.

Network devices are configured to service multiple classes of traffic and handle traffic as it
may arrive.

Network devices use QoS on a hop-by-hop basis to provide excellent scalability.

3/6
13. Which QoS model is very resource intensive and provides the highest
guarantee of QoS?
DiffServ

best-effort

IntServ*

soft QoS

14. In QoS models, which type of traffic is commonly provided the most
preferential treatment over all other application traffic?
voice traffic*

email

web traffic

file transfers

15. What are two approaches to prevent packet loss due to congestion on
an interface? (Choose two.)
Prevent bursts of traffic.
Drop lower-priority packets.*

Decrease buffer space.

Disable queuing mechanisms.

Increase link capacity.*

16. What two fields are available in IPv4 and IPv6 headers to mark packets
for QoS? (Choose two.)
Class of Service

Traffic Class*

Type of Service*

Priority

VLAN ID

17. What is the benefit of deploying Layer 3 QoS marking across an


enterprise network?
Layer 3 marking can carry QoS information on switches that are not IP aware.

Layer 3 marking can be used to carry non-IP traffic.

4/6
Layer 3 marking can be carried in the 802.1Q fields.

Layer 3 marking can carry the QoS information end-to-end.*

18. Which QoS technology provides congestion avoidance by allowing TCP


traffic to be throttled before buffers become full and tail drops occur?
traffic policing

weighted random early detection*

best-effort

first-in, first-out

19. Refer to the exhibit.

As traffic is forwarded out an egress interface with QoS treatment, which


congestion avoidance technique is used?
traffic shaping

weighted random early detection

classification and marking

traffic policing*

20. Which QoS model uses the DSCP bits to mark packets and provides 64
possible classes of service?
IntServ

best-effort

DiffServ*

FIFO

21. Which QoS technique retains excess packets in a separate queue for
later transmission?
classifying
5/6
marking

queuing

shaping*

6/6
CCNA 4 v6.0 Chapter 7 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 7 Exam
Answers 100%

1. What is an example of an M2M connection in the IoT?


A user sends an email over the Internet to a friend.

An automated alarm system in a campus sends fire alarm messages to all students and
staff.

Sensors in a warehouse communicate with each other and send data to a server
block in the cloud.*

Redundant servers communicate with each other to determine which server should be
active or standby.

2. What is the term for the extension of the existing Internet structure to
billions of connected devices?
SCADA

digitization

IoT*

M2M

3. Which statement describes the Cisco IoT System?


It is an advanced routing protocol for cloud computing.

It is a switch operating system to integrate many Layer 2 security features.

It is a router operating system combining IOS and Linux for fog computing.

It is an infrastructure to manage large scale systems of very different endpoints and


platforms.*

4. Which three network models are described in the fog computing pillar of
the Cisco IoT System? (Choose three.)
P2P

peer-to-peer

1/6
client/server*

fog computing*

enterprise WAN

cloud computing*

5. Which IoT pillar extends cloud connectivity closer to the network edge?
management and automation pillar

application enablement platform pillar

network connectivity pillar

fog computing pillar*

6. Which cybersecurity solution is described in the security pillar of the


Cisco IoT System to address the security of power plants and factory
process lines?
IoT physical security

IoT network security

cloud computing security

operational technology specific security*

7. Which cloud computing opportunity would provide the use of network


hardware such as routers and switches for a particular company?
browser as a service (BaaS)

infrastructure as a service (IaaS)*

software as a service (SaaS)

wireless as a service (WaaS)

8. What technology allows users to access data anywhere and at any time?
data analytics

Cloud computing*

virtualization

micromarketing

9. What statement describes Fog computing?

2/6
It supports larger networks than Cloud
computing does.

It creates a distributed computing


infrastructure that provides services
close to the network edge.*

It requires Cloud computing services to


support non-IP enabled sensors and
controllers.

It utilizes a centralized computing


infrastructure that stores and
manipulates big data in one very secure data center.

10. Which Cloud computing service would be best for a new organization
that cannot afford physical servers and networking equipment and must
purchase network services on-demand?
PaaS

SaaS

ITaaS

IaaS*

11. Which cloud model provides services for a specific organization or


entity?
a hybrid cloud

a community cloud

a public cloud

a private cloud*

12. How does virtualization help with disaster recovery within a data center?
guarantee of power

support of live migration*

supply of consistent air flow

improvement of business practices

13. What is a difference between the functions of Cloud computing and


virtualization?
Cloud computing utilizes data center technology whereas virtualization is not used in data
centers.
3/6
Cloud computing requires hypervisor technology whereas virtualization is a fault tolerance
technology.

Cloud computing separates the application from the hardware whereas virtualization
separates the OS from the underlying hardware.*

Cloud computing provides services on web-based access whereas virtualization provides


services on data access through virtualized Internet connections.

14. Which two business and technical challenges does implementing


virtualization within a data center help businesses to overcome? (Choose
two.)
server hardware needs

physical footprint*

power and air conditioning*

operating system license requirements

virus and spyware attacks

15. Which statement describes the concept of cloud computing?


separation of application from hardware*

separation of operating system from hardware

separation of control plane from data plane

separation of management plane from control plane

16. Which is a characteristic of a Type 2 hypervisor?​


best suited for enterprise environments

installs directly on hardware

has direct access to server hardware resources

does not require management console software*

17. Which is a characteristic of a Type 1 hypervisor?​


does not require management console software

installed directly on a server​*

installed on an existing operating system​

best suited for consumers and not for an enterprise environment

18. How is the control plane modified to operate with network virtualization?
4/6
Control plane redundancy is added to each network device.

The control plane function is consolidated into a centralized controller.*

A hypervisor is installed in each device to allow multiple instances of the control plane.

The control plane on each device is interconnected to a dedicated high-speed network.

19. Which technology virtualizes the network control plane and moves it to a
centralized controller?​
SDN*

IaaS

cloud computing

fog computing

20. Which two layers of the OSI model are associated with SDN network
control plane functions that make forwarding decisions? (Choose two.)​
Layer 1

Layer 2*

Layer 3*

Layer 4

Layer 5

21. What pre-populates the FIB on Cisco devices that use CEF to process
packets?
the routing table*

the ARP table

the DSP

the adjacency table

22. Which type of hypervisor would most likely be used in a data center?
Type 1*

Type 2

Nexus

Hadoop

5/6
23. What component is considered the brains of the ACI architecture and
translates application policies​?
the Nexus 9000 switch

the Application Policy Infrastructure Controller*

the Application Network Profile endpoints

the hypervisor​

24. Fill in the blank.


In an IoT implementation, devices will be connected to a “converged” network to share the
same infrastructure and to facilitate communications, analytics, and management.

25. Fill in the blank.


In a scenario where a user with a laptop running the Mac OS installs a Windows virtual OS
instance, the user is implementing a Type “2” hypervisor.

6/6
CCNA 4 v6.0 Chapter 8 Exam Answers 100%

CCNA5.NET
CCNA 4 Connecting Networks v6.0 Chapter 8 Exam
Answers 100%

1. When should a network performance baseline be measured?


during normal work hours of an organization*

immediately after the main network devices restarted

after normal work hours to reduce possible interruptions

when a denial of service attack to the network is detected and blocked

2. What is a purpose of establishing a network baseline?


It provides a statistical average for network performance.

It manages the performance of network devices.

It creates a point of reference for future network evaluations.*

It checks the security configuration of network devices.

3. Which three pieces of information are typically recorded in a logical


topology diagram? (Choose three.)
IP address and prefix lengths*

routing protocols*

static routes*

device models and manufacturers

cable specifications

device locations

4. In which step of gathering symptoms does the network engineer


determine if the problem is at the core, distribution, or access layer of the
network?
Document the symptoms.

Determine the symptoms.


1/8
Gather information.

Determine ownership.

Narrow the scope.*

5. A team of engineers has identified a solution to a significant network


problem. The proposed solution is likely to affect critical network
infrastructure components. What should the team follow while implementing
the solution to avoid interfering with other processes and infrastructure?
change-control procedures*

one of the layered troubleshooting approaches

knowledge base guidelines

syslog messages and reports

6. Refer to the exhibit.

What action occurs at stage 3 of the general troubleshooting process?


Correct the problem.*

Narrow the scope.

Question end users.

Document symptoms.

7. After which step in the network troubleshooting process would one of the
layered troubleshooting methods be used?
After which step in the network troubleshooting process would one of the layered
troubleshooting methods be used?

2/8
determining ownership

narrowing the scope

gathering symptoms from suspect devices*

8. A network technician is troubleshooting an email connection problem.


Which question to the end-user will provide clear information to better define
the problem?
Is your email working now?

How big are the emails you tried to send?

What kind of equipment are you using to send emails?

When did you first notice your email problem?*

9. A network engineer is troubleshooting a network problem and can


successfully ping between two devices. However, Telnet between the same
two devices does not work. Which OSI layers should the administrator
investigate next?
all of the layers

from the network layer to the application layer*

from the network layer to the physical layer

only the network layer

10. A network administrator is having issues with a newly installed network


not appearing in other routers. At which layer of the OSI model is the
network administrator going to start the troubleshooting process when using
a top-down approach?
application

internet

network*

session

transport

11. Which troubleshooting method begins by examining cable connections


and wiring issues?
top-down

bottom-up*

substitution
3/8
divide-and-conquer

12. Refer to the exhibit.

On the basis of the information presented, which two IP SLA related


statements are true? (Choose two.)
IP SLA 99 is measuring jitter.

IP SLA 99 is scheduled to begin in 2 hours.

IP SLA 99 is sending echo requests every 10 seconds.*

IP SLA 99 is sending echo requests from IP address 192.168.2.1.

IP SLA 99 is configured with the type dns target-addr 192.168.2.1 command.

IP SLA 99 will run forever unless explicitly disabled.*

13. A company is setting up a web site with SSL technology to protect the
authentication credentials required to access the web site. A network
engineer needs to verify that the setup is correct and that the authentication
is indeed encrypted. Which tool should be used?
fault-management tool

protocol analyzer*

baselining tool

cable analyzer

4/8
14. Which category of software troubleshooting tools provides device-level
monitoring, configuration, and fault-management?
knowledge bases

baselining tools

host-based protocol analyzers

network management system tools*

15. Which two specialized troubleshooting tools can monitor the amount of
traffic that passes through a switch? (Choose two.)
TDR

digital multimeter

NAM*

portable network analyzer*

DTX cable analyzer

16. Which number represents the most severe level of syslog logging?
0*

17. A user in a large office calls technical support to complain that a PC has
suddenly lost connectivity to the network. The technician asks the caller to
talk to nearby users to see if other machines are affected. The caller reports
that several immediate neighbors in the same department have a similar
problem and that they cannot ping each other. Those who are seated in
other departments have connectivity. What should the technician check as
the first step in troubleshooting the issue?
the power outlet to the PC that is used by the caller

the trunks between switches in the wiring closet

the status of the departmental workgroup switch in the wiring closet*

the cable that connects the PC of the caller to the network jack

the cable connection between a PC and a network outlet that is used by a neighbor

5/8
18. A user reports that after an OS patch of the networking subsystem has
been applied to a workstation, it performs very slowly when connecting to
network resources. A network technician tests the link with a cable analyzer
and notices that the workstation sends an excessive number of frames
smaller than 64 bytes and also other meaningless frames. What is the
possible cause of the problem?
cabling faults

corrupted NIC driver*

Ethernet signal attenuation

corrupted application installation

19. An administrator is troubleshooting an Internet connectivity problem on


a router. The output of the show interfaces gigabitethernet 0/0 command
reveals higher than normal framing errors on the interface that connects to
the Internet. At what layer of the OSI model is the problem likely occurring?
Layer 1

Layer 2*

Layer 3

Layer 4

Layer 7

20. A group of Windows PCs in a new subnet has been added to an


Ethernet network. When testing the connectivity, a technician finds that
these PCs can access local network resources but not the Internet
resources. To troubleshoot the problem, the technician wants to initially
confirm the IP address and DNS configurations on the PCs, and also verify
connectivity to the local router. Which three Windows CLI commands and
utilities will provide the necessary information? (Choose three.)
arp -a

ipconfig*

nslookup*

ping*

telnet

tracert

netsh interface ipv6 show neighbor

6/8
21. Users report that the new web site http://www.company1.biz cannot be
accessed. The helpdesk technician checks and verifies that the web site
can be accessed with http://www.company1.biz:90. Which layer in the
TCP/IP model is involved in troubleshooting this issue?
application

transport*

internet

network access

22. A networked PC is having trouble accessing the Internet, but can print to
a local printer and ping other computers in the area. Other computers on the
same network are not having any issues. What is the problem?
The PC has a missing or incorrect default gateway.*

The default gateway router does not have a default route.

The switch port to which the PC connects has an incorrect VLAN configured.

The link between the switch to which the PC connects and the default gateway router is
down.

23. The newly configured ASBR that connects a company to the Internet
has a default route configured and has the default-information originate
command entered. Devices connected through this router can access the
Internet. The problem is that no other OSPF routers have a default route in
the routing table and no other users throughout the organization can access
the Internet. What could be the problem?
The ASBR does not have OSPF configured.

The ASBR does not have an OSPF neighbor.*

The other routers are not configured to accept LSA type 4s.

The ASBR should use the exit_interface argument instead of next-hop on the default route.

24. An internal corporate server can be accessed by internal PCs, but not
by external Internet users that should have access. What could be the
issue?
Static NAT has not been configured properly or at all.*

The server does not have a private IP address assigned.

The default gateway router for the server does not have a default route.

The switch port to which the server connects has an incorrect VLAN configured.

7/8
25. Fill in the blank.
Use the “ARP​​” cache to verify IPv4 address to Layer 2 Ethernet address mappings on a
host computer.

26. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.

A user reports that PC0 cannot visit the web server http://www.server.com.
Troubleshoot the network configuration to identify the problem.

What is the cause of the problem?


A default route on HQ is not configured.

A serial interface encapsulation is configured incorrectly.*

The DNS server address on PC0 is configured incorrectly.

The clock rate on Branch S0/0/0 is configured incorrectly.

8/8
CCNA 4 v6.0 Final Exam Answers Option A 100%

CCNA5.NET
CCNA 4 v6.0 Connecting Networks Final Exam Answers
Option A

1. Which statement best describes a WAN?


A WAN interconnects LANs over long distances.*

A WAN is a public utility that enables access to the Internet.

WAN is another name for the Internet.

A WAN is a LAN that is extended to provide secure remote network access.

2. Connecting offices at different locations using the Internet can be


economical for a business. What are two important business policy issues
that should be addressed when using the Internet for this purpose? (Choose
two.)
addressing

bandwidth

privacy*

security*

WAN technology

3. What is a disadvantage of a packet-switched network compared to a


circuit-switched network?
higher cost

fixed capacity

less flexibility

higher latency*

4. A company is considering updating the campus WAN connection. Which


two WAN options are examples of the private WAN architecture? (Choose
two.)
cable

1/19
leased line*

Ethernet WAN*

municipal Wi-Fi

digital subscriber line

5. Which statement describes a characteristic of dense wavelength division


multiplexing (DWDM)?​
It supports the SONET standard, but not the SDH standard​.

It enables bidirectional communications over one pair of copper cables.

It can be used in long-range communications, like connections between ISPs.*

It assigns incoming electrical signals to specific frequencies.

6. Which WAN technology can serve as the underlying network to carry


multiple types of network traffic such as IP, ATM, Ethernet, and DSL?
ISDN

MPLS*

Frame Relay

Ethernet WAN

7. Which two WAN technologies are more likely to be used by a business


than by teleworkers or home users? (Choose two.)
cable

DSL

Frame Relay*

MetroE*

VPN

8. The security policy in a company specifies that the staff in the sales
department must use a VPN to connect to the corporate network to access
the sales data when they travel to meet customers. What component is
needed by the sales staff to establish a remote VPN connection?
VPN gateway

VPN appliance

VPN concentrator

2/19
VPN client software*

9. A corporation is searching for an easy and low cost solution to provide


teleworkers with a secure connection to headquarters. Which solution
should be selected?
dial-up connection

leased line connection

site-to-site VPN over the Internet

remote access VPN over the Internet*

10. How many DS0 channels are bundled to produce a 1.544 Mbps T1 line?
2

12

24*

28

11. Refer to the exhibit.

Which type of Layer 2 encapsulation used for connection D requires Cisco


routers?
Ethernet

PPPoE

HDLC*

PPP

12. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*

3/19
PPP can only be used between two Cisco devices.

PPP carries packets from several network layer protocols in LCPs.

PPP uses LCPs to establish, configure, and test the data-link connection.*

PPP uses LCPs to agree on format options such as authentication, compression,


and error detection.*

13. A network administrator is configuring a PPP link with the commands:

R1(config-if)# encapsulation ppp


R1(config-if)# ppp quality 70

What is the effect of these commands?


The PPP link will be closed down if the link quality drops below 70 percent.*

The NCP will send a message to the sending device if the link usage reaches 70 percent.

The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.

The PPP link will not be established if more than 30 percent of options cannot be accepted.

14. What function is provided by Multilink PPP?


spreading traffic across multiple physical WAN links*

dividing the bandwidth of a single link into separate time slots

enabling traffic from multiple VLANs to travel over a single Layer 2 link

creating one logical link between two LAN switches via the use of multiple physical links

15. The graphic shows two boxes. The first box has the following
output:R1(config)# show running-config
<output omitted>
username r2 password 0 Cisco
!
interface Serial0/0/0
ip address 209.165.200.225 255.255.255.252
encapsulation ppp
ppp authentication chapThe second box has this output:R2(config)# show
running-config
<output omitted>
username r1 password 0 Cisco
!
interface Serial0/0/0
ip address 209.165.200.226 255.255.255.252

4/19
encapsulation ppp
ppp authentication chap
Refer to the exhibit.

A network administrator is configuring the PPP link between the routers R1


and R2. However, the link cannot be established. Based on the partial
output of the show running-config command, what is the cause of the
problem?
The usernames do not match each other.

The usernames do not match the host names.*

The passwords for CHAP should be in lowercase.

The username r1 should be configured on the router R1 and the username r2 should be
configured on the router R2.

16. Refer to the exhibit.

5/19
A network administrator has configured routers RTA and RTB, but cannot
ping from serial interface to serial interface. Which layer of the OSI model is
the most likely cause of the problem?
application

transport

network

data link*

physical

17. What advantage does DSL have compared to cable technology?


DSL upload and download speeds are always the same.

DSL is faster.

DSL has no distance limitations.

DSL is not a shared medium.*

18. Which broadband technology would be best for a user that needs
remote access when traveling in mountains and at sea?
Wi-Fi Mesh

mobile broadband

WiMax

satellite*

19. Which technology requires the use of PPPoE to provide PPP


connections to customers?

6/19
dialup analog modem

dialup ISDN modem

DSL*

T1

20. Refer to the exhibit.

What is the network administrator verifying when issuing the show ip


interface brief command on R1 in respect to the PPPoE connection to R2?
that the Dialer1 interface has been manually assigned an IP address

that the Dialer1 interface is up and up

that the Dialer1 interface has been assigned an IP address by the ISP router*

that the IP address on R1 G0/1 is in the same network range as the DSL modem

21. Which technology creates a mapping of public IP addresses for remote


tunnel spokes in a DMVPN configuration?
ARP

NHRP*

NAT

IPsec

22. What is the purpose of the generic routing encapsulation tunneling


protocol?
to provide packet level encryption of IP traffic between remote sites
7/19
to manage the transportation of IP multicast and multiprotocol traffic between
remote sites*

to support basic unencrypted IP tunneling using multivendor routers between remote sites

to provide fixed flow-control mechanisms with IP tunneling between remote sites

23. Refer to the exhibit.

What is used to exchange routing information between routers within each


AS?
static routing

IGP routing protocols*

EGP routing protocols

default routing

24. Refer to the exhibit.

8/19
All routers are successfully running the BGP routing protocol. How many
routers must use EBGP in order to share routing information across the
autonomous systems?
2

4*

25. Which IPv4 address range covers all IP addresses that match the ACL
filter specified by 172.16.2.0 with wildcard mask 0.0.1.255?
172.16.2.0 to 172.16.2.255

172.16.2.1 to 172.16.3.254

172.16.2.0 to 172.16.3.255*

172.16.2.1 to 172.16.255.255

26. Refer to the exhibit.

9/19
A named access list called chemistry_block has been written to prevent
users on the Chemistry Network and public Internet from access to Records
Server. All other users within the school should have access to this server.
The list contains the following statements:

deny 172.16.102.0 0.0.0.255 172.16.104.252 0.0.0.0


permit 172.16.0.0 0.0.255.255 172.16.104.252 0.0.0.0

Which command sequence will place this list to meet these requirements?
Hera(config)# interface fa0/0
Hera(config-if)# ip access-group chemistry_block in

Hera(config)# interface s0/0/0


Hera(config-if)# ip access-group chemistry_block out

Apollo(config)# interface s0/0/0


Apollo(config-if)# ip access-group chemistry_block out

Apollo(config)# interface s0/0/1


Apollo(config-if)# ip access-group chemistry_block in

Athena(config)# interface s0/0/1


Athena(config-if)# ip access-group chemistry_block in

Athena(config)# interface fa0/0


Athena(config-if)# ip access-group chemistry_block out*

27. What guideline is generally followed about the placement of extended


access control lists?
They should be placed as close as possible to the source of the traffic to be denied.*

They should be placed as close as possible to the destination of the traffic to be denied.
10/19
They should be placed on the fastest interface available.

They should be placed on the destination WAN link.

28. In the creation of an IPv6 ACL, what is the purpose of the implicit final
command entries, permit icmp any any nd-na and permit icmp any any nd-
ns?
to allow IPv6 to MAC address resolution*

to allow forwarding of IPv6 multicast packets

to allow automatic address configuration

to allow forwarding of ICMPv6 packets

29. A network administrator is testing IPv6 connectivity to a web server. The


network administrator does not want any other host to connect to the web
server except for the one test computer. Which type of IPv6 ACL could be
used for this situation?
only a standard ACL

a standard or extended ACL

only an extended ACL

an extended, named, or numbered ACL

only a named ACL*

30. Refer to the exhibit.

11/19
The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface
of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?
HTTPS packets to PC1

ICMPv6 packets that are destined to PC1*

packets that are destined to PC1 on port 80

neighbor advertisements that are received from the ISP router

31. What is a secure configuration option for remote access to a network


device?
Configure SSH.*

Configure Telnet.

Configure 802.1x.

Configure an ACL and apply it to the VTY lines.

32. What protocol should be disabled to help mitigate VLAN attacks?


DTP*

STP

CDP

ARP

33. Which term describes the role of a Cisco switch in the 802.1X port-
based access control?
agent

supplicant

authenticator*

authentication server

34. What two protocols are supported on Cisco devices for AAA
communications? (Choose two.)
VTP

LLDP

HSRP

RADIUS*

12/19
TACACS+*

35. In configuring SNMPv3, what is the purpose of creating an ACL?


to define the source traffic that is allowed to create a VPN tunnel

to define the type of traffic that is allowed on the management network

to specify the source addresses allowed to access the SNMP agent*

to define the protocols allowed to be used for authentication and encryption

36. Refer to the exhibit.

What feature does an SNMP manager need in order to be able to set a


parameter on switch ACSw1?
a manager who is using an SNMP string of K44p0ut

a manager who is using an Inform Request MIB

a manager who is using host 192.168.0.5*

a manager who is using authPriv

37. Which Cisco feature sends copies of frames entering one port to a
different port on the same switch in order to perform traffic analysis?
CSA

HIPS

SPAN*

VLAN

38. What are two characteristics of video traffic? (Choose two.)


Video traffic is more resilient to loss than voice traffic is.

Video traffic is unpredictable and inconsistent.*

Video traffic latency should not exceed 400 ms.*

Video traffic requires a minimum of 30 kbs of bandwidth.

Video traffic consumes less network resources than voice traffic consumes.
13/19
39. Which QoS mechanism allows delay-sensitive data, such as voice, to be
sent first before packets in other queues are sent?
CBWFQ

FIFO

LLQ*

FCFS

40. Refer to the exhibit. As traffic is forwarded out an egress interface with
QoS treatment, which congestion avoidance technique is used?
traffic shaping*

weighted random early detection

classification and marking

traffic policing

41. Which type of QoS marking is applied to Ethernet frames?


CoS*

ToS

DSCP

IP precedence

42. What is the function of a QoS trust boundary?


A trust boundary identifies the location where traffic cannot be remarked.

A trust boundary identifies which devices trust the marking on packets that enter a
network.*

A trust boundary only allows traffic to enter if it has previously been marked.

A trust boundary only allows traffic from trusted endpoints to enter the network.

43. A vibration sensor on an automated production line detects an unusual


condition. The sensor communicates with a controller that automatically
shuts down the line and activates an alarm. What type of communication
does this scenario represent?

14/19
machine-to-people

machine-to-machine*

people-to-people

people-to-machine

44. Which pillar of the Cisco IoT System allows data to be analyzed and
managed at the location where it is generated?
data analytics

fog computing*

network connectivity

application enhancement platform

45. Which Cloud computing service would be best for a new organization
that cannot afford physical servers and networking equipment and must
purchase network services on-demand?
PaaS

SaaS

ITaaS

IaaS*

46. A data center has recently updated a physical server to host multiple
operating systems on a single CPU. The data center can now provide each
customer with a separate web server without having to allocate an actual
discrete server for each customer. What is the networking trend that is
being implemented by the data center in this situation?
BYOD

virtualization*

maintaining communication integrity

online collaboration

15/19
47. What is used to pre-populate the adjacency table on Cisco devices that
use CEF to process packets? ​
the ARP table*

the routing table

the FIB

the DSP

48. Which component of the ACI architecture translates application policies


into network programming?
the Nexus 9000 switch

the Application Network Profile endpoints

the Application Policy Infrastructure Controller*

the hypervisor​

49. Which two pieces of information should be included in a logical topology


diagram of a network? (Choose two.)
device type

OS/IOS version

connection type*

interface identifier*

cable specification

cable type and identifier

50. Which network performance statistics should be measured in order to


verify SLA compliance?
NAT translation statistics

device CPU and memory utilization

latency, jitter, and packet loss*

the number of error messages that are logged on the syslog server

51. Which feature sends simulated data across the network and measures
performance between multiple network locations?
LLDP
16/19
IP SLA*

syslog

SPAN

52. Which troubleshooting tool would a network administrator use to check


the Layer 2 header of frames that are leaving a particular host?
protocol analyzer*

baselining tool

knowledge base

CiscoView

53. Refer to the exhibit.

A network administrator is troubleshooting the OSPF network. The


10.10.0.0/16 network is not showing up in the routing table of Router1. What
is the probable cause of this problem?
The serial interface on Router2 is down.

The OSPF process is not running on Router2.

The OSPF process is configured incorrectly on Router1.

There is an incorrect wildcard mask statement for network 10.10.0.0/16 on Router2.*


17/19
54. Refer to the exhibit.

A user turns on a PC after it is serviced and calls the help desk to report
that the PC seems unable to reach the Internet. The technician asks the
user to issue the arp –a and ipconfig commands. Based on the output, what
are two possible causes of the problem? (Choose two.)
The IP configuration is incorrect.*

The network cable is unplugged.

The DNS server address is not configured.

The subnet mask is configured incorrectly.

The default gateway device cannot be contacted.*

55. Match OoS techniques with the description. (Not all options are used.)

18/19
19/19
CCNA 4 v6.0 Final Exam Answers Option B 100%

CCNA5.NET
CCNA 4 v6.0 Connecting Networks Final Exam Answers
Option B

1. Which circumstance would result in an enterprise deciding to implement a


corporate WAN?
when its employees become distributed across many branch locations*

when the network will span multiple buildings

when the number of employees exceeds the capacity of the LAN

when the enterprise decides to secure its corporate LAN

2. What are two types of WAN providers? (Choose two.)


DNS servers

satellite service*

web hosting service

telephone company*

Internet search engine service

3. Which two types of devices are specific to WAN environments and are
not found on a LAN? (Choose two.)
access layer switch

broadband modem*

core switch

CSU/DSU​*

distribution layer router

4. What is a feature of dense wavelength-division multiplexing (DWDM)


technology?
It replaces SONET and SDH technologies.

It enables bidirectional communications over one strand of fiber.*


1/15
It provides Layer 3 support for long distance data communications.

It provides a 10 Gb/s multiplexed signal over analog copper telephone lines.

5. What is a disadvantage of ATM compared to Frame Relay?


less efficient*

lacks SVC support

does not scale well to provide high speed WAN connections

requires multiple interfaces on the edge router to support multiple VCs

6. Which WAN solution uses labels to identify the path in sending packets
through a provider network?
cable

DSL

Frame Relay

MPLS*

VSAT

7. An intercity bus company wants to offer constant Internet connectivity to


the users traveling on the buses. Which two types of WAN infrastructure
would meet the requirements? (Choose two.)
private infrastructure

public infrastructure*

dedicated

circuit-switched

cellular*

8. What device is needed at a central office to aggregate many digital


subscriber lines from customers?
CMTS

DSLAM*

CSU/DSU

access server

2/15
9. A corporation is searching for an easy and low cost solution to provide
teleworkers with a secure connection to headquarters. Which solution
should be selected?
dial-up connection

leased line connection

site-to-site VPN over the Internet

remote access VPN over the Internet*

10. What is the maximum number of DS0 channels in a 1.544 Mbps T1


line?
2

12

24*

28

11. Refer to the exhibit.

What type of Layer 2 encapsulation will be used for RtrA connection D if it is


left to the default and the router is a Cisco router?
Ethernet

Frame Relay

HDLC*

PPP

12. Which two functions are provided by the NCP during a PPP connection?
(Choose two.)
identifying fault conditions for the PPP link

3/15
providing multilink capabilities over the PPP link

bringing the network layer protocol or protocols up and down*

enhancing security by providing callback over PPP

negotiating options for the IP protocol*

managing authentication of the peer routers of the PPP link

13. What PPP information will be displayed if a network engineer issues the
show ppp multilink command on Cisco router?
the link LCP and NCP status

the queuing type on the link

the IP addresses of the link interfaces

the serial interfaces participating in the multilink*

14. Refer to the exhibit.

Which statement describes the status of the PPP connection?


Only the link-establishment phase completed successfully.

Only the network-layer phase completed successfully.

Neither the link-establishment phase nor the network-layer phase completed successfully.

Both the link-establishment and network-layer phase completed successfully.*

15. A network administrator is configuring a PPP link with the commands:

4/15
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70

What is the effect of these commands?


The PPP link will be closed down if the link quality drops below 70 percent.*

The NCP will send a message to the sending device if the link usage reaches 70 percent.

The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.

The PPP link will not be established if more than 30 percent of options cannot be accepted.

16. How does virtualization help with disaster recovery within a data center?
Power is always provided.

Less energy is consumed.

Server provisioning is faster.

Hardware does not have to be identical.*

17. Which broadband solution is appropriate for a home user who needs a
wired connection not limited by distance?
cable*

DSL

WiMax

ADSL

18. What is the protocol that provides ISPs the ability to send PPP frames
over DSL networks?
PPPoE*

CHAP

ADSL

LTE

19. In software defined network architecture, what function is removed from


network devices and performed by an SDN controller?
control plane*

data plane

security
application policies
5/15
20. What would a network administrator expect the routing table of stub
router R1 to look like if connectivity to the ISP was established via a PPPoE
configuration?

192.168.1.0/32 is subnetted, 2 subnetted


C 192.168.1.1 is directly connected, Dialer1​
C 192.168.1.2 is directly connected, Dialer2​

S* 0.0.0.0/0 is directly connected, Dialer1​​

192.168.1.0/32 is subnetted, 2 subnetted


C 192.168.1.1 is directly connected, Dialer

S* 0.0.0.0/0 is directly connected, Dialer1


​ 192.168.1.0/32 is subnetted, 2 subnetted
C 192.168.1.1 is directly connected, Dialer1​
C 192.168.1.2 is directly connected, Dialer1*****

21. What is a benefit of implementing a Dynamic Multipoint VPN network


design?
A DMVPN will use an encrypted session and does not require IPsec.

A DMVPN uses a Layer 3 protocol, NHRP, to dynamically establish tunnels.

A DMVPN will support remote peers by providing a mapping database of public IP


addresses to each one.*

A DMVPN uses mGRE to create multiple GRE interfaces that each support a single VPN
tunnel.

22. Which remote access implementation scenario will support the use of
generic routing encapsulation tunneling?
a mobile user who connects to a router at a central site

a branch office that connects securely to a central site

a mobile user who connects to a SOHO site

a central site that connects to a SOHO site without encryption*

6/15
23. Refer to the exhibit.

All routers are successfully running the BGP routing protocol. How many
routers must use EBGP in order to share routing information across the
autonomous systems?
2

4*

24. Which statement describes a characteristic of standard IPv4 ACLs?


They are configured in the interface configuration mode.

They filter traffic based on source IP addresses only.*

They can be created with a number but not with a name.

They can be configured to filter traffic based on both source IP addresses and source ports.

25. Which three values or sets of values are included when creating an
extended access control list entry? (Choose three.)
access list number between 1 and 99

access list number between 100 and 199*

default gateway address and wildcard mask

destination address and wildcard mask*

source address and wildcard mask*

source subnet mask and wildcard mask

destination subnet mask and wildcard mask


7/15
26. Refer to the exhibit.

A router has an existing ACL that permits all traffic from the 172.16.0.0
network. The administrator attempts to add a new ACE to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is
shown in the exhibit. What action can the administrator take to block
packets from host 172.16.0.1 while still permitting all other traffic from the
172.16.0.0 network?
Manually add the new deny ACE with a sequence number of 5.*

Manually add the new deny ACE with a sequence number of 15.

Create a second access list denying the host and apply it to the same interface.

Add a deny any any ACE to access-list 1.

27. Which three implicit access control entries are automatically added to
the end of an IPv6 ACL? (Choose three.)
deny ip any any

deny ipv6 any any*

permit ipv6 any any

deny icmp any any

permit icmp any any nd-ns*

permit icmp any any nd-na*

28. The computers used by the network administrators for a school are on
the 10.7.0.0/27 network. Which two commands are needed at a minimum to
apply an ACL that will ensure that only devices that are used by the network
administrators will be allowed Telnet access to the routers? (Choose two.)
access-class 5 in*

access-list 5 deny any

8/15
access-list standard VTY
permit 10.7.0.0 0.0.0.127

access-list 5 permit 10.7.0.0 0.0.0.31*

ip access-group 5 out

ip access-group 5 in

29. A network administrator is adding ACLs to a new IPv6 multirouter


environment. Which IPv6 ACE is automatically added implicitly at the end of
an ACL so that two adjacent routers can discover each other?
permit ip any any

permit ip any host ip_address

permit icmp any any nd-na*

deny ip any any

30. What would be the primary reason an attacker would launch a MAC
address overflow attack?
so that the switch stops forwarding traffic

so that legitimate hosts cannot obtain a MAC address

so that the attacker can see frames that are destined for other hosts*

so that the attacker can execute arbitrary code on the switch

31. What are three of the six core components in the Cisco IoT system?
(Choose three.)
fog computing*

wearable technologies

data analytics*

robot guides

cyber and physical security*

smart bandages

32. What security countermeasure is effective for preventing CAM table


overflow attacks?
port security*

DHCP snooping

9/15
IP source guard

Dynamic ARP Inspection

33. What two protocols are supported on Cisco devices for AAA
communications? (Choose two.)
VTP

LLDP

HSRP

RADIUS*

TACACS+*

34. Which SNMP feature provides a solution to the main disadvantage of


SNMP polling?
SNMP set messages

SNMP trap messages*

SNMP get messages

SNMP community strings

35. When SNMPv1 or SNMPv2 is being used, which feature provides


secure access to MIB objects?
packet encryption

message integrity

community strings*

source validation

36. What two features are added in SNMPv3 to address the weaknesses of
previous versions of SNMP? (Choose two.)
bulk MIB objects retrieval

encryption*

authorization with community string priority

authentication*

ACL management filtering

37. Refer to the exhibit.

10/15
What feature does an SNMP manager need in order to be able to set a
parameter on switch ACSw1?
a manager who is using an SNMP string of K44p0ut

a manager who is using an Inform Request MIB

a manager who is using host 192.168.0.5*

a manager who is using authPriv

38. Which queuing mechanism supports user-defined traffic classes?


FIFO

CBWFQ*

WFQ

FCFS

39. Which QoS mechanism allows delay-sensitive data, such as voice, to be


sent first before packets in other queues are sent?
CBWFQ

FIFO

LLQ*

FCFS

40. Refer to the exhibit.

As traffic is forwarded out an egress interface with QoS treatment, which


congestion avoidance technique is used?
11/15
traffic shaping*

weighted random early detection

classification and marking

traffic policing

41. Which field is used to mark Layer 2 Ethernet frames for QoS treatment?
Type of Service field

Traffic Class field

Priority field*

Version field

42. What is the function of a QoS trust boundary?


A trust boundary identifies the location where traffic cannot be remarked.

A trust boundary identifies which devices trust the marking on packets that enter a
network.*

A trust boundary only allows traffic to enter if it has previously been marked.

A trust boundary only allows traffic from trusted endpoints to enter the network.

43. Which pillar of the Cisco IoT System allows data to be analyzed and
managed at the location where it is generated?
data analytics

fog computing*

network connectivity

application enhancement platform

44. What is an example of cloud computing?


a continuous interaction between people, processes, data, and things

a service that offers on-demand access to shared resources*

a network infrastructure that spans a large geographic area

an architectural style of the World Wide Web

45. Which type of resources are required for a Type 1 hypervisor?


a host operating system

a server running VMware Fusion


12/15
a management console*

a dedicated VLAN

46. A network technician made a configuration change on the core router in


order to solve a problem. However, the problem is not solved. Which step
should the technician take next?
Gather symptoms.

Isolate the problem.

Restore the previous configuration.*

Implement the next possible corrective action.

47. A user reports that when the corporate web page URL is entered on a
web browser, an error message indicates that the page cannot be
displayed. The help-desk technician asks the user to enter the IP address of
the web server to see if the page can be displayed. Which troubleshooting
method is being used by the technician?
top-down

bottom-up

substitution

divide-and-conquer*

48. What is a primary function of the Cisco IOS IP Service Level


Agreements feature?
to detect potential network attacks

to provide network connectivity for customers

to adjust network device configurations to avoid congestion

to measure network performance and discover a network failure as early as


possible*

49. Which IOS log message level indicates the highest severity level?
level 0*

level 1

level 4

level 7

50. Which symptom is an example of network issues at the network layer?


13/15
A misconfigured firewall blocks traffic to a file server.

There are too many invalid frames transmitted in the network.

Neighbor adjacency is formed with some routers, but not all routers.*

A web server cannot be reached by its domain name, but can be reached via its IP
address.

51. Refer to the exhibit.

H1 can only ping H2, H3, and the Fa0/0 interface of router R1. H2 and H3
can ping H4 and H5. Why might H1 not be able to successfully ping H4 and
H5?
Router R1 does not have a route to the destination network.

Switch S1 does not have an IP address configured.

The link between router R1 and switch S2 has failed.

Host H1 does not have a default gateway configured.*

Hosts H4 and H5 are members of a different VLAN than host H1.

52. Refer to the exhibit.

14/15
On the basis of the output, which two statements about network connectivity
are correct? (Choose two.)
There is connectivity between this device and the device at 192.168.100.1.*

The connectivity between these two hosts allows for videoconferencing calls.

There are 4 hops between this device and the device at 192.168.100.1.*

The average transmission time between the two hosts is 2 milliseconds.

This host does not have a default gateway configured.

53. Fill in the blanks. Use dotted decimal format.


The wildcard mask that is associated with 128.165.216.0/23 is “0.0.1.255” .

54. Match the characteristic to the appropriate authentication protocol. (Not


all options are used.)

55. Match the term to the description. (Not all options are used.)

15/15
CCNA 4 v6.0 Final Exam Answers Option C 100%

CCNA5.NET
CCNA 4 v6.0 Connecting Networks Final Exam Answers
Option C

1. What is a primary difference between a company LAN and the WAN


services that it uses?
The company must subscribe to an external WAN service provider.*

The company has direct control over its WAN links but not over its LAN.

Each LAN has a specified demarcation point to clearly separate access layer and
distribution layer equipment.

The LAN may use a number of different network access layer standards whereas the WAN
will use only one standard.

2. Which circumstance would result in an enterprise deciding to implement a


corporate WAN?
when its employees become distributed across many branch locations*

when the network will span multiple buildings

when the number of employees exceeds the capacity of the LAN

when the enterprise decides to secure its corporate LAN

3.To which two layers of the OSI model do WAN technologies provide
services? (Choose two.)
network layer

session layer

physical layer*

transport layer

data link layer*

presentation layer

4. Which two technologies are private WAN technologies? (Choose two.)


cable
1/17
Frame Relay*

DSL

ATM*

cellular

5. Which WAN technology can switch any type of payload based on labels?
PSTN

DSL

MPLS*

T1/E1

6. What technology can be used to create a private WAN via satellite


communications?
VPN

3G/4G cellular

dialup

VSAT*

WiMAX

7. Which public WAN access technology utilizes copper telephone lines to


provide access to subscribers that are multiplexed into a single T3 link
connection?
ISDN

DSL*

dialup

cable

8. A corporation is searching for an easy and low cost solution to provide


teleworkers with a secure connection to headquarters. Which solution
should be selected?
dial-up connection

leased line connection

site-to-site VPN over the Internet

remote access VPN over the Internet*

2/17
9. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1
line?
2

12

24*

28

10. Refer to the exhibit.

Communication between two peers has failed. Based on the output that is
shown, what is the most likely cause?
interface reset

unplugged cable

improper cable type

PPP issue*

11. Refer to the exhibit.

3/17
Which type of Layer 2 encapsulation used for connection D requires Cisco
routers?
Ethernet

PPPoE

HDLC*

PPP

12. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*

PPP can only be used between two Cisco devices.

PPP carries packets from several network layer protocols in LCPs.

PPP uses LCPs to establish, configure, and test the data-link connection.*

PPP uses LCPs to agree on format options such as authentication, compression,


and error detection.*

13. A network administrator is configuring a PPP link with the commands:

R1(config-if)# encapsulation ppp


R1(config-if)# ppp quality 70

What is the effect of these commands?


The PPP link will be closed down if the link quality drops below 70 percent.*

The NCP will send a message to the sending device if the link usage reaches 70 percent.

The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.

The PPP link will not be established if more than 30 percent of options cannot be accepted.

14. A network administrator is evaluating authentication protocols for a PPP


link. Which three factors might lead to the selection of CHAP over PAP as
the authentication protocol? (Choose three.)
establishes identities with a two-way handshake

uses a three-way authentication periodically during the session to reconfirm


identities*

control by the remote host of the frequency and timing of login events

transmits login information in encrypted format*

uses an unpredictable variable challenge value to prevent playback attacks*


4/17
makes authorized network administrator intervention a requirement to establish each
session

15. Which cellular or mobile wireless standard is considered a fourth


generation technology?
LTE*

GSM

CDMA

UMTS

16. A company is looking for the least expensive broadband solution that
provides at least 10 Mb/s download speed. The company is located 5 miles
from the nearest provider. Which broadband solution would be appropriate?
satellite

DSL

WiMax

cable*

17. Which technology can ISPs use to periodically challenge broadband


customers over DSL networks with PPPoE?
PAP

CHAP*

HDLC

Frame Relay

18. What are the three core components of the Cisco ACI architecture?
(Choose three.)
Application Network Profile*

Application Policy Infrastructure Controller*

Cisco Nexus Switches*

Microsoft hypervisor

Cisco Information Server

Virtual Security Gateway

19. Which statement describes a feature of site-to-site VPNs?

5/17
The VPN connection is not statically defined.

VPN client software is installed on each host.

Internal hosts send normal, unencapsulated packets.*

Individual hosts can enable and disable the VPN connection.

20. What are three features of a GRE tunnel? (Choose three.)


creates nonsecure tunnels between remote sites*

transports multiple Layer 3 protocols*

creates additional packet overhead*

uses RSA signatures to authenticate peeers

provides encryption to keep VPN traffic confidential

supports hosts as GRE tunnel endpoints by installing Cisco VPN client software

21. Refer to the exhibit.

What two commands are needed to complete the GRE tunnel configuration
on router R1? (Choose two.)
R1(config-if)# tunnel source 209.165.202.129*

R1(config-if)# tunnel source 172.16.2.1

R1(config-if)# tunnel destination 206.165.202.130*

R1(config-if)# tunnel destination 172.16.2.2

R1(config-if)# tunnel source 209.165.202.130

6/17
R1(config-if)# tunnel destination 206.165.202.129

22. What does BGP use to exchange routing updates with neighbors?
TCP connections*

area numbers

group identification numbers

hellos

23. Refer to the exhibit.

The network administrator that has the IP address of 10.0.70.23/25 needs


to have access to the corporate FTP server (10.0.54.5/28). The FTP server
is also a web server that is accessible to all internal employees on networks
within the 10.x.x.x address. No other traffic should be allowed to this server.
Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any

access-list 105 permit tcp host 10.0.54.5 any eq www


access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20


access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any***

R2(config)# interface gi0/0


R2(config-if)# ip access-group 105 in
7/17
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out*

R1(config)# interface s0/0/0


R1(config-if)# ip access-group 105 out

24. Refer to the exhibit.

A router has an existing ACL that permits all traffic from the 172.16.0.0
network. The administrator attempts to add a new statement to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is
shown in the exhibit. What action can the administrator take to block
packets from host 172.16.0.1 while still permitting all other traffic from the
172.16.0.0 network?
Manually add the new deny statement with a sequence number of 5.*

Manually add the new deny statement with a sequence number of 15.

Create a second access list denying the host and apply it to the same interface.

Add a deny any any statement to access-list 1.

25. Refer to the exhibit.

What can be determined from this output?


The ACL is missing the deny ip any any ACE.

Because there are no matches for line 10, the ACL is not working.

The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.

The router has not had any Telnet packets from 10.35.80.22 that are destined for
10.23.77.101.*
8/17
26. What is the only type of ACL available for IPv6?
named standard

named extended*

numbered standard

numbered extended

27. Which IPv6 ACL command entry will permit traffic from any host to an
SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*

permit tcp host 2001:DB8:10:10::100 any eq 25

permit tcp any host 2001:DB8:10:10::100 eq 23

permit tcp host 2001:DB8:10:10::100 any eq 23

28. Refer to the exhibit.

Considering how packets are processed on a router that is configured with


ACLs, what is the correct order of the statements?
C-B-A-D

A-B-C-D

C-B-D-A*

B-A-D-C

D-A-C-B

9/17
29. Which two hypervisors are suitable to support virtual machines in a data
center? (Choose two.)
Virtual PC

VMware Fusion

VMware ESX/ESXi*

Oracle VM VirtualBox

Microsoft Hyper-V 2012*

30. How can DHCP spoofing attacks be mitigated?


by disabling DTP negotiations on nontrunking ports

by implementing DHCP snooping on trusted ports*

by implementing port security

by the application of the ip verify source command to untrusted ports​

31. What is a secure configuration option for remote access to a network


device?
Configure SSH.*

Configure Telnet.

Configure 802.1x.

Configure an ACL and apply it to the VTY lines.

32. What action can a network administrator take to help mitigate the threat
of VLAN attacks?
Disable VTP.

Configure all switch ports to be members of VLAN 1.

Disable automatic trunking negotiation.*

Enable PortFast on all switch ports.

33. What two protocols are supported on Cisco devices for AAA
communications? (Choose two.)
VTP

LLDP

HSRP

RADIUS*
10/17
TACACS+*

34. Which SNMP message type informs the network management system
(NMS) immediately of certain specified events?
GET request

SET request

GET response

Trap*

35. Refer to the exhibit.

A SNMP manager is using the community string of snmpenable and is


configured with the IP address 172.16.10.1. The SNMP manager is unable
to read configuration variables on the R1 SNMP agent. What could be the
problem?​
The SNMP agent is not configured for read-only access.

The community of snmpenable2 is incorrectly configured on the SNMP agent.

The ACL is not permitting access by the SNMP manager.*

The incorrect community string is configured on the SNMP manager.

36. Refer to the exhibit.

11/17
Which SNMP authentication password must be used by the member of the
ADMIN group that is configured on router R1?
cisco54321

cisco98765

cisco123456*

cisco654321

37. A network administrator has noticed an unusual amount of traffic being


received on a switch port that is connected to a college classroom
computer. Which tool would the administrator use to make the suspicious
traffic available for analysis at the college data center?
RSPAN*

TACACS+

802.1X

DHCP snooping

SNMP

38. What network monitoring tool copies traffic moving through one switch
port, and sends the copied traffic to another switch port for analysis?
802.1X

SNMP

SPAN*

syslog

12/17
39. Voice packets are being received in a continuous stream by an IP
phone, but because of network congestion the delay between each packet
varies and is causing broken conversations. What term describes the cause
of this condition?
buffering

latency

queuing

jitter*

40. What mechanism compensates for jitter in an audio stream by buffering


packets and then replaying them outbound in a steady stream?
digital signal processor

playout delay buffer*

voice codec

WFQ

41. Which QoS mechanism allows delay-sensitive data, such as voice, to be


sent first before packets in other queues are sent?
CBWFQ

FIFO

LLQ*

FCFS

42. Which type of network traffic cannot be managed using congestion


avoidance tools?
TCP

UDP*

IP

ICMP

43. Refer to the exhibit.

13/17
As traffic is forwarded out an egress interface with QoS treatment, which
congestion avoidance technique is used?
traffic shaping*

weighted random early detection

classification and marking

traffic policing

44. What is the function of a QoS trust boundary?


A trust boundary identifies the location where traffic cannot be remarked.

A trust boundary identifies which devices trust the marking on packets that enter a
network.*

A trust boundary only allows traffic to enter if it has previously been marked.

A trust boundary only allows traffic from trusted endpoints to enter the network.

45. Which type of QoS marking is applied to Ethernet frames?


CoS*

ToS

DSCP

IP precedence

46. Which pillar of the Cisco IoT System allows data to be analyzed and
managed at the location where it is generated?
data analytics

fog computing*

network connectivity

application enhancement platform

47. A network administrator has moved the company intranet web server
14/17
from a switch port to a dedicated router interface. How can the administrator
determine how this change has affected performance and availability on the
company intranet?
Conduct a performance test and compare with the baseline that was established
previously.*

Determine performance on the intranet by monitoring load times of company web pages
from remote sites.

Interview departmental administrative assistants to determine if web pages are loading


more quickly.

Compare the hit counts on the company web server for the current week to the values that
were recorded in previous weeks.

48. In which stage of the troubleshooting process would ownership be


researched and documented?
Gather symptoms.*

Implement corrective action.

Isolate the problem.

Update the user and document the problem.

49. Which troubleshooting approach is more appropriate for a seasoned


network administrator rather than a less-experienced network
administrator?
a less-structured approach based on an educated guess*

an approach comparing working and nonworking components to spot significant


differences

a structured approach starting with the physical layer and moving up through the layers of
the OSI model until the cause of the problem is identified

an approach that starts with the end-user applications and moves down through the layers
of the OSI model until the cause of the problem has been identified

50. A router has been configured to use simulated network traffic in order to
monitor the network performance between the router and a distant network
device. Which command would display the results of this analysis?
show ip route

show ip protocols

show ip sla statistics*

show monitor
15/17
51. Which type of tool would an administrator use to capture packets that
are going to and from a particular device?
NMS tool

knowledge base

baselining tool

protocol analyzer*

52. Refer to the exhibit.

Which two statements describe the results of entering these commands?


(Choose two.)
R1 will send system messages of levels 0 (emergencies) to level 4 (warnings) to a
server.*

R1 will not send critical system messages to the server until the command debug all is
entered.

R1 will reset all the warnings to clear the log.

R1 will output the system messages to the local RAM.

The syslog server has the IPv4 address 192.168.10.10.*

53. Refer to the exhibit.

16/17
A network administrator discovers that host A is having trouble with Internet
connectivity, but the server farm has full connectivity. In addition, host A has
full connectivity to the server farm. What is a possible cause of this
problem?
The router has an incorrect gateway.

Host A has an overlapping network address.

Host A has an incorrect default gateway configured.

Host A has an incorrect subnet mask.

NAT is required for the host A network.*

54. Match the operation to the appropriate QoS model.

55. Match the cloud model with the description.

17/17