CCNA 3 Final exam answers

1. Which design resource will limit the size of a failure domain in

a corporate network?
. the purchase of commercial equipment designed for large
traffic volume
. the installation of redundant power supplies
. the use of a collapsed core project
. the use of the construction change block approach
2. What are the two things that a network administrator should modify in
a router to execute password recovery? (Choose two.)
. the system image file
. the NVRAM file system
. the value of the configuration register
. the
boot configuration file
. System ROM
3. What type of network uses a common infrastructure to transport signals
of voice, data, and video?
. withoutborders
. converged
. managed
. switched
4. What are the three advantages of using private IP addresses and
NAT? (Choose three.)
. hides the private LAN addressing of external devices that
are connected to the Internet
. allows the expansion of the LAN without additional public IP addresses
. reduces CPU usage on the customer's routers
. create several public IP addresses
. improves the performance of the router that is connected to the Internet
. preserves registered public IP addresses
5. What are the two example scenarios of remote access VPNs? (Choose)
two.)
. All users in a large branch can access the
company resources through a single VPN connection.
. A small branch with three employees has a Cisco ASA that is
used to create a VPN connection with the headquarters.
. A toy manufacturer has a permanent VPN connection.
with one of your parts suppliers.
. A mobile sales agent is connecting to the company's network via
middle of the connection with the Internet in a hotel.
. Anemployee who is working from home uses the client software.
VPN on a laptop to connect to the company's network.
6. Quais são os três benefícios da computação em nuvem? (Escolha três.)
. He uses end-user clients to make a quantity
substantial data preprocessing and storage.
 . He uses open source software for distributed processing.
of large datasets.
. It streamlines the IT operations of an organization, signing only
the necessary services.
. It allows access to organizational data from anywhere and
anytime.
. He transforms raw data into meaningful information,
discovering patterns and relationships.
. It eliminates or reduces the need for equipment, maintenance and
on-site IT management.
7. What is the characteristic of a single area OSPF network?
. All routers share a database of
common referral.
. All routers have the same neighbor table.
. All the routers are in the backbone area.
. All routers have the same routing table.
What is a WAN?
. a network infrastructure that covers a limited physical area,
like a city
. a network infrastructure that provides access to other networks in a
large geographical area
. a network infrastructure that provides access in a small
geographical area
. a network infrastructure designed to provide
storage, retrieval and replication of data
9. A network administrator has been tasked with creating a plan of
disaster recovery. As part of this plan, the administrator is
looking for a backup site for all the data on the servers of
company. What service or technology would support this requirement?
. Data center
. virtualization
. dedicated servers
. network defined by software
10. What type of OSPF packet is used by a router to discover
neighbor routers and establish neighbor adjacency?
. link-state update
. Hello
. database description
. link-state request
11. What are the two statements that are characteristic of a
virus? (Choose two.)
. A virus has an enabling vulnerability, a mechanism of
propagation and a payload.
. A virus can be inactive and then be activated in one hour.
or specific data.
. A virus provides the attacker with confidential data, such as passwords.
 . A virus replicates by exploiting vulnerabilities in networks of
independent form.
. A virus typically requires end-user activation.
Explanation: The type of interaction required from the end user to initiate
a virus is usually to open an application, open a web page or
turn on the computer. Once activated, a virus can infect others
files located on the computer or other computers on the same
rede.
12. What public WAN access technology uses telephone lines?
copper to provide access to subscribers who are multiplexed into a single
T3 connection?
. ISDN
. DSL
. cabo
. discard
13. A customer needs a metropolitan area WAN connection that
provide high-speed dedicated bandwidth between two locations. What
Which type of WAN connection would best meet this need?
. packet-switched network
. Ethernet WAN
. circuit switched network
. MPLS
A company hired a network security company to help
to identify the vulnerabilities of the corporate network. The company sends a
team to conduct penetration tests on the company's network. Why the
Would the team use purifiers?
. to detect installed tools in files and directories that
provide threat agents with remote access and control
about a computer or network
. to perform reverse engineering of binary files when writing
exploits and analyzing malware
. to obtain specially designed operating systems pre-
loaded with optimized hacking tools
. to detect any evidence of a hack or malware in a
computer or network
15. Consider the following output for an ACL that was applied to a
router through the access-class command. What an administrator of
What can the network determine from the displayed output?

R1 #

Default IP access list 2

10 allow 192.168.10.0, wildcard bits 0.0.0.255 (2

correspondences)

20 deny any (1 match)

 . Two devices connected to the router have IP addresses of
192.168.10.x.
. Two devices were able to use SSH or Telnet to obtain
access to the router.
. The traffic from a device could not enter a port of the
router and being routed to a different port of the router.
. The traffic of two devices was authorized to enter a port.
from the router and being routed out to a port of the router
different.
Explanation: The access-class command is used only on VTY lines. The
VTY ports support Telnet and/or SSH traffic. The ACE for permission of
correspondence is how many attempts were allowed using the ports
VTY. The ACE of denial of correspondence shows that a device
from a different network of 192.168.10.0 did not have permission to access
the router through the VTY ports.
16. What command would be used as part of the NAT or PAT configuration
to clear the dynamic entries before the timeout expires?
. clear dhcp ip
. clear ip nat
. clear access list counters
. clear IP stats
What are the two characteristics of video traffic? (Choose two.)
. Video traffic consumes less network resources than
voice traffic.
. The latency of the video traffic should not exceed 400 ms.
. Video traffic is more resilient to losses than traffic from
voice.
. Video traffic requires a minimum of 30 kbs of bandwidth.
band.
. Video traffic is unpredictable and inconsistent.
18. Check the exhibition. A technician is configuring R2 for NAT
static to allow the client to access the web server. What is the possible
reason why the client PC cannot access the web server?

. The IP NAT instruction is incorrect.

. The interface Fa0/1 must be identified as the NAT interface.
external.
. The interface S0/0/0 must be identified as the NAT interface
external.
. The configuration does not contain a valid access control list.
Explanation: The interface S0 / 0/0 should be identified as the interface
External NAT. The command to do this would be R2 (config-if) # ip nat
outside.
19. When setting up a small office network, the network administrator
decide to dynamically assign private IP addresses to the stations of
work and mobile devices. Which feature should be enabled on the router
from the company so that office devices can access the Internet?
. UPnP
. MAC Filtering
. NAT
. QoS
Explanation: Network Address Translation (NAT) is the process used to
convert private addresses into routable Internet addresses that
allow office devices to access the Internet.
20. A data center recently upgraded a physical server to host
multiple operating systems on a single CPU. The data center can now
provide each customer with a separate web server, without having to allocate one
discrete real server for each client. What is the network trend that is
being implemented by the data center in this situation?
. online collaboration
. BYOD
. virtualization
. maintaining the integrity of communication
21. Check the exhibition. What address or addresses represent the
internal global address?

. 192.168.0.100
. 10.1.1.2
. any address in the network 10.1.1.0
. 209.165.20.25
22. What are the two IPsec protocols used to provide integrity of
data?
. MD5
. DH
. AES
. SHA
. RSA
Explanation: The IPsec structure uses several protocols and algorithms to
provide data confidentiality, data integrity, authentication
and secure key exchange. Two popular algorithms used for
ensure that the data is not intercepted and modified
(data integrity) are MD5 and SHA. AES is a protocol for
cryptography and provides data confidentiality. DH (Diffie-Hellman) is
an algorithm used for key exchange. RSA is an algorithm used
for authentication.
23. If an external host does not have the Cisco AnyConnect client pre-installed,
How will the host gain access to the client's image?
. TheCisco AnyConnect client is installed by default on most of
main operating systems.
. The host initiates a VPN connection without a client using a browser
compatible for downloading the client.
. The host initiates a connection without a client to a TFTP server to
download the client.
. The host starts a connection without a client to an FTP server to
download the client.
Explanation: If an external host does not have the Cisco AnyConnect client pre-
installed, the remote user must start an SSL VPN connection without
client through a compatible browser and then download and
install the AnyConnect client on the remote host.
24. A company is considering upgrading the WAN connection.
campus. What are the two examples of WAN options from the WAN architecture
private? (Choose two.)
 . leased line
. cable
. digitalsubscriber line
. Ethernet WAN
. municipal wi-fi
25. What type of QoS marking is applied to Ethernet frames?
. IP precedence
. DSCP
. For s
. CoS
26. Consult the exhibition. Routers R1 and R2 are connected through
a serial link. One router is set up as the NTP master and the other is a
NTP client. What are the two pieces of information that can be obtained from the output?
partial of the command show ntp transactions detail on R2? (Choose two.)

. Both routers are configured to use NTPv2.

. Router R1 is the master and R2 is the client.
. The IP address of R2 is 192.168.1.2.
. Router R2 is the master and R1 is the client
. The IP address of R1 is 192.168.1.2
Explanation: With the command show NTP transactions, the IP address of the
NTP master is provided.
27. Check the exhibition. The network administrator who has the IP address
10.0.70.23/25 needs to have access to the corporate FTP server
(10.0.54.5/28). The FTP server is also a web server that can be
accessed by all internal employees on networks within the address
10.xxx. No other traffic should be allowed to this server. Which ACL
extended would be used to filter this traffic and how this ACL would be
applied? (Choose two.)
R1 (config) # interface s0/0/0
R1 (config-if) # ip access-group 105 out
R2 (config) # interface gi0 / 0
R2 (config-if) # ip access-group 105 in
access list 105 permission tcp host 10.0.70.23 host 10.0.54.5 eq 20
access list 105 permission tcp host 10.0.70.23 host 10.0.54.5 eq 21
access list 105 permission tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq
www
access list 105 deny ip any host 10.0.54.5
access list 105 allows any IP any
access list 105 permission IP host 10.0.70.23 host 10.0.54.5
access list 105 tcp permission any host 10.0.54.5 eq www
access list 105 permission any ip any
R1 (config) # interface gi0 / 0
R1 (config-if) # ip access-group 105 out
access list 105 permission tcp host 10.0.54.5 any eq www
access list 105 tcp permission host 10.0.70.23 host 10.0.54.5 eq 20
access list 105 tcp permission host 10.0.70.23 host 10.0.54.5 eq 21
Explanation: The first two lines of the ACL allow FTP access from
host 10.0.70.23 to the server that has the IP address of 10.0.54.5. A
the next line of the ACL allows HTTP access to the server from anyone
host that has an IP address starting with the number 10. The fourth
the ACL line denies any other type of traffic to the server from
any source IP address. The last line of the ACL allows any
another thing in case there are other servers or devices
added to the network 10.0.54.0/28. As traffic is being filtered from
all other locations and for the host device 10.0.70.23, the best place
to place this ACL is closest to the server.
28. Consult the exhibit. If the network administrator created an ACL
standard that allows only devices that connect to the R2 G0 network
0 access the devices on the R1 G0/1 interface, as the ACL must be
applied?

. Entry on interface R2 G0/0

. exit on interface R1 G0 / 1
. entry
in interface R1 G0/1
. output on interface R2 S0/0/1
Explanation: How standard access lists filter only the address
Source IPs are commonly placed closer to the network of
destination. In this example, the source packets will come from the R2 G0 / 0 network. The
the destination is the network R1 G0 / 1. The proper placement of the ACL is
output on interface R1 G0 / 1.
29. What is a characteristic of a Type 2 hypervisor?
. does not require management console software
. has direct access to the server's hardware resources
. more suitable for business environments
. install directly on the hardware
30. What are the two types of VPN connections? (Choose two.)
. PPPoE
. Transfer of frame
. site a site
. remote access
. leased line
Explanation: PPPoE, leased lines, and Frame Relay are types of
WAN technology, not types of VPN connections.
31. Check the exhibition. What are the three conclusions that can be drawn?
from the displayed output? (Choose three.)

. The DR can be reached through the GigabitEthernet 0/0 interface.

. 9 seconds have passed since the last greeting package was sent.
. This interface is using the default priority.
. The router ID values were not the criteria used for
select the DR and the BDR.
. The router ID on router DR is 3.3.3.3
. The BDR has three neighbors.
32. Consult the exposition. A network administrator is configuring a
ACL to limit the connection to R1 vty lines only for the stations of
IT group work on the network 192.168.22.0/28. The administrator checks
the successful Telnet connections from a workstation with IP
192.168.22.5 to R1 before the ACL is applied. However, after that...
ACL is applied to the Fa0/0 interface, Telnet connections are denied. What is the
cause of connection failure?

. The secret activation password is not set on R1.

. The IT group's network is included in the denial statement.
. The ACE license specifies an incorrect port number.
. The ACE license must specify the IP protocol instead of TCP.
. The login command was not entered for vty lines.
Explanation: The source IP range in the denial ACE is 192.168.20.0
0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. A
The IT group network 192.168.22.0/28 is included in the network 192.168.20.
22. Therefore, the connection is denied. To fix this, the order of denial and
allow ACE must be replaced.
33. What functionality does mGRE provide to DMVPN technology?
. It allows the creation of dynamically allocated tunnels through
a permanent tunnel source in the hub and allocated tunnel destinations
dynamically in the spokes.
. It provides secure transport of private information over networks.
public, such as the Internet.
. It is a Cisco software solution to build multiple VPNs from
easy, dynamic, and scalable way.
. He creates a distributed mapping database of
public IP addresses for all the spokes of the VPN tunnel.
Explanation: DMVPN is based on three protocols, NHRP, IPsec and
mGRE. NHRP is the distributed address mapping protocol.
for VPN tunnels. IPsec encrypts communications in VPN tunnels. The
the mGRE protocol allows the dynamic creation of multiple radius tunnels
starting from a permanent VPN hub.
34. What is used to pre-fill the adjacency table in
Cisco devices that use CEF to process packets?
. the FIB
. the routing table
. the ARP table
. the DSP
35. What command would be used as part of the NAT or PAT configuration?
to display information about the configuration parameters of NAT and the
number of addresses in the pool?
. show running-configuration
. show NAT IP statistics
. show IP cache
. show the version
36. What is the purpose of establishing a network baseline?
. It provides a statistical average for network performance.
. It creates a benchmark for future network assessments.
. He manages the performance of network devices.
. He checks the security configuration of the network devices.
Explanation: A baseline is used to establish performance
normal of the network or system. It can be used to compare with the
future performance of the network or system, in order to detect situations
abnormal.
37. Combine the type of WAN device or service with the description. (Neither
all options are used.
CPE -> devices and internal cabling that are located in the
company board and connect to a carrier link
DCE -> devices that provide an interface for customers to
we will connect within the WAN cloud
DTE -> customer devices that transmit data from a network
client for transmission through the
local WAN loop -> a physical connection from the client to the provider
POP services
38. Which statement describes a characteristic of standard IPv4 ACLs?
. They filter traffic based only on source IP addresses.
. They can be created with a number, but not with a name.
. They are configured in interface configuration mode.
. They can be configured to filter traffic based on the
source IP addresses and source ports.
39. Consult the exhibition. R1 is configured for NAT as shown. The
What is wrong with the configuration?

. NAT-POOL2 is not linked to ACL 1.

. The interface Fa0 / 0 must be identified as a NAT interface
external.
. The NAT pool is incorrect.
. Access list 1 is configured incorrectly.
Explanation: R1 must have NAT-POOL2 linked to ACL 1. This is
done with the command R1 (config) #ip nat inside source list 1
NAT-POOL2 pool. This would allow the router to check all the traffic from
interest and, if it corresponds to ACL 1, would be translated by the use of the
addresses in NAT-POOL2.
40. Consult the exhibition. What method can be used to allow a
Does OSPF router announce a default route to neighboring OSPF routers?

. Use a static route pointing to the ISP and redistribute it.

. Use the redistribute static command in R0-A.
. Use the command default-information originate on the ISP.
. Use the command default-information originate in R0-A.
A company hired a network security company to help
to identify the vulnerabilities in the corporate network. The company sends a
team to carry out penetration tests on the company's network. Why the
the team would use applications like John the Ripper, THC Hydra,
RainbowCrack and Medusa?
. to capture and analyze packets within Ethernet LANs
traditional or WLANs
. to probe and test the robustness of a firewall using packets
specially forged created
. make repeated guesses to break a password
42. What are the two syntax rules for writing a matrix?
JSON? (Choose two.)
. Each value in the matrix is separated by a comma.
. The matrix can include only one type of value.
. A space must separate each value in the matrix.
. A semicolon separates the key and the list of values.
. The values are between brackets.
43. What is the characteristic of a Trojan horse in relation to
network security?
. An electronic dictionary is used to obtain a password to be
used to infiltrate a key network device.
. The malware is contained in an apparently executable program.
legitimate.
. Extreme amounts of data are sent to an interface.
of specific network device.
 . A lot
of information is destined for a specific memory block,
causing additional areas of memory to be affected
Explanation: A Trojan horse performs malicious operations disguised
of legitimate program. Denial of service attacks send
extreme amounts of data for a given host or interface
network device. Password attacks use electronic dictionaries
in an attempt to learn passwords. The buffer overflow attacks
they explore the memory buffers, sending a lot of information to a host
to make the system inoperative.
44. An attacker is redirecting traffic to a fake default gateway.
in an attempt to intercept the data traffic of a network
switched. What kind of attack could achieve this?
. TCP SYN flood
. DNS tunneling
. DHCP Spoofing
. ARP Cache Poisoning
Explanation: In DHCP spoofing attacks, an attacker configures
a fake DHCP server on the network to issue DHCP addresses for
customers with the aim of forcing clients to use a gateway
false standard and other false services. DHCP spoofing is a
Cisco switch resource that can mitigate DHCP attacks. The deprivation
The MAC addresses and the spying on MAC addresses are not attacks.
of recognized security. MAC address spoofing is a
threat to network security.
45. A company is developing a security policy for
secure communication. In the exchange of critical messages between a headquarters and
a branch, a hash value should only be recalculated with a pre-code
determined, thus ensuring the validity of the data source. Which aspect
Is secure communications addressed?
. data integrity
. no repudiation
. origin
authentication
. data confidentiality
Explanation: Secure communications consist of four elements:
Data confidentiality - ensures that only authorized users
they can read the message
Data integrity - ensures that the message has not been altered
Origin authentication - ensures that the message is not a
forgery really comes from whoever claims it
Non-repudiation of data - ensures that the sender cannot repudiate or
refute the validity of a sent message
46. A company hired a network security firm to help
to identify the vulnerabilities of the corporate network. The company sends a
team to conduct penetration tests on the company's network. Why the
Would the team use package sniffers?
 . to detect installed tools in files and directories that
they provide threat actors with remote access and control
about a computer or network
. to detect any evidence of a hack or malware in a
computer or network
. to probe and test the robustness of a firewall using packets
specially created forgings
. to capture and analyze packets within Ethernet LANs
traditional or WLANs
47. An administrator is configuring single area OSPF in a
router. One of the networks that should be advertised is 172.20.0.0
255.255.252.0. What wildcard mask would the administrator use in the instruction of
OSPF network?
. 0.0.15.255
. 0.0.3.255
. 0.0.7.255
. 0.0.1.255
48. Combine the HTTP method with the RESTful operation.
POST - >> Create
GET - >> Read
PUT / PATCH - >> Update / Replace? Modify
Delete
49. Check the presentation. What is the cost of OSPF to reach the West
LAN 172.16.2.0/24 to the east?

. 782
. 74
. 128
. 65
50. What is a reason to use the ip ospf priority command when the
Is the OSPF routing protocol in use?
. to activate the neighboring OSPF process
. to influence the DR / BDR election process
. to provide a backdoor for connectivity during the
convergence process
. to streamline and accelerate the convergence process
51. An ACL is applied on the inbound interface of the router. The ACL
consists of a single entry:
access list license 210 tcp 172.18.20.0
0.0.0.31 172.18.20.32 0.0.0.31 equals ftp.

If a packet with source address 172.18.20.14, destination address

172.18.20.40 and protocol 21 received on the interface, the packet is allowed
you denied?
. allowed
52. What is a characteristic of the two-sided leaf topology?
layers of the Cisco ACI mesh architecture?
. The column and leaf switches are always connected via
of core switches.
. The column switches connect to the leaf switches.
and connect to each other for redundancy.
. Leaf switches always get stuck to the spines and are
interconnected by a trunk line.
. Leaf switches always get stuck to the spines, but never
they cling to each other.
53. What are the two scenarios that would result in an incompatibility?
duplex? (Choose two.)
. connect a device with automatic negotiation to another that is
manually configured for full-duplex
. start and stop a router interface during an operation
normal
. connect a device with an interface running at 100 Mbps to
another with an interface running at 1000 Mbps
. configure dynamic routing incorrectly
. manually configure the two connected devices to
different duplex modes
54. A network technician is configuring SNMPv3 and has set a level of
security authentication. What is the effect of this configuration?
. authenticate a package by a string match of the name
user or community string
. authenticate a package using the HMAC method with MD5 or the method
SHA
. authenticate a package using the HMAC MD5 or 3.HMAC algorithms
SHA encrypts the package with the DES, 3DES, or algorithms
AES
 . authenticate a package using only the SHA algorithm
Explanation: To activate SNMPv3, one of the three security levels can be
to be configured:
noAuth
2) auth
3) priv
The configured security level determines which algorithms for
security is executed in SNMP packets. The security level of
authentication uses HMAC with MD5 or SHA.
55. What are the two types of attacks used in open resolvers?
DNS? (Choose two.)
. amplification and reflection
. use of resources
. fast flow
. ARP poisoning
. damping
Explanation: Three types of attacks used in open resolvers
DNS are as follows: DNS cache poisoning - the attacker
send falsified information to redirect users from
legitimate sites for malicious sites
DNS amplification and reflection attacks - the attacker sends a volume
greater attacks to mask the truth origin of the attack
DNS resource utilization attacks - a denial of service attack
service (DoS) that consumes server resources
56. An ACL is applied inbound on a router interface. The ACL
consists of a single entry:
access list permission 101 udp 192.168.100.0
0.0.2.255 64.100.40.0 0.0.0.15 eq telnet.

If a packet with source address 192.168.101.45, destination address

64.100.40.4 and protocol 23 received on the interface, is the packet allowed or
denied?
. denied
. allowed
Case 2:
access list permission 101 udp 192.168.100.0
0.0.2.255 64.100.40.0 0.0.0.0.15 eq telnet.

If a packet has a source address of 192.168.100.219, an address

The destination of 64.100.40.10 and a protocol of 54 is received on the interface.
is the package allowed or denied?
. denied
. allowed
57. What types of resources are needed for a Type 1 hypervisor?
 . a dedicated VLAN
. a management console
.a host operating system
58. In JSON, what is kept within square brackets []?
. nested values
. key / value pairs
. an object
. a matrix
59. What are the three components used in the query part of a
solicitação RESTful API típica? (Escolha três.)
. Resources
. protocol
. API server
. format
. key
. parameters
60. A user reports that when the corporate website URL is
inserted in a web browser, an error message indicates that the
page cannot be displayed. The help desk technician asks the user to
insert the IP address of the web server to see if the page can be
displayed. Which problem-solving method is being used by
technician?
. Bald
. bottom up
. divide and conquer
. substitution
61. Which protocol provides authentication, integrity, and services?
confidentiality and is it a type of VPN?
. MD5
. AES
. IPsec
. ESP
62. Which statement describes a characteristic of Cisco Catalyst switches?
2960?
. They are mainly used as layer distribution switches.
. The new Cisco Catalyst 2960-C switches support PoE passthrough.
. They are modular switches.
. They do not support an active switched virtual interface (SVI) with
iOS versions prior to 15.x.
63. Which component of the ACI architecture translates application policies
in network programming?
. the hypervisor
. the application policy infrastructure controller
. the key of the Nexus 9000
. the endpoints of the application network profile
64. What are the two pieces of information that must be included in a diagram?
of the logical topology of a network? (Choose two.)
. type of device
. cable specification
. interface identifier
. OS / IOS version
. Type of connection
. cable
type and identifier
65. Check the exhibition. A PC at the address 10.1.1.45 cannot access
the Internet. What is the most likely cause of the problem?

. The NAT pool is exhausted.

. The wrong subnet mask was used in the NAT pool.
. The access list 1 has not been configured correctly.
. The internal and external interfaces were configured incorrectly.
Explanation: The output of the statistics show ip nat shows that there are 2
a total of addresses and 2 addresses were allocated (100%). This indicates
the NAT pool is out of global addresses to provide new ones
clients. Based on the translations show ip nat, the PCs at 10.1.1.33 and
10.1.1.123 used both available addresses to send
ICMP messages to a host on the external network.

66. What are the two benefits of using SNMP traps? (Choose two.)
. They eliminate the need for some search requests.
periodic.
. They reduce the load on the network and the agent resources.
. They limit access only to management systems.
 . They can provide statistics on TCP/IP packets flowing
through Cisco devices.
. They can passively listen to NetFlow datagrams
exported.
67. Which statement accurately describes a characteristic of IPsec?
. IPsec operates at the application layer and protects all
app data.
. IPsec is a standards framework developed by Cisco that
based on OSI algorithms.
. IPsec is a framework of proprietary standards that rely on
of specific algorithms from Cisco.
. IPsec operates at the transport layer and protects data in
network layer.
. IPsec is a framework of open standards based on
existing algorithms.
Explanation: OIPsec can protect a path between two devices.
network. IPsec can provide the following security functions:
Confidentiality - IPsec ensures confidentiality by using
cryptography.
Integrity - IPsec ensures that the data arrives unaltered to
destination using a hash algorithm, such as MD5 or SHA.
Authentication - IPsec uses Internet Key Exchange (IKE) for authentication
users and devices that can communicate effectively
independent. The IKE uses various types of authentication, including name of
user and password, one-time password, biometrics, pre-keys
shared (PSKs) and digital certificates.
Secure key exchange - IPsec uses the Diffie-Hellman (DH) algorithm
to provide a public key exchange method for two pairs
establish a shared secret key.
68. In a large corporate network, what two functions are performed by
routers in the distribution layer? (Choose two.)
. connect users to the network
. provide a high-speed network backbone
. connect remote networks
. provide Power over Ethernet for devices
. provide data traffic security
69. What are the two statements that describe the use of algorithms
asymmetrical? (Choose two.)
. Public and private keys can be used alternately.
. If a public key is used to encrypt the data, a
Public key must be used to decrypt the data.
. If a private key is used to encrypt the data, a
The public key must be used to decrypt the data.
. If a public key is used to encrypt the data, a
the private key must be used to decrypt the data.
 . If
a private key is used to encrypt the data, a
private key must be used to decrypt the data.
Explanation: Asymmetric algorithms use two keys: one key
public and a private key. Both keys can perform the
encryption process, but the corresponding complementary key is
necessary for decryption. If a public key encrypts the
data, the corresponding private key decrypts the data. The
the opposite is also true. If a private key encrypts the data,
the corresponding public key decrypts them.
70. Consult the presentation. A network administrator implemented QoS and
configured the network to mark traffic on VoIP phones, as well as on
Layer 2 and Layer 3 switches. Where the initial marking should occur.
to establish the confidence limit?

. Confidence limit 4
. Confidence limit 3
. Confidence limit 1
. Confidence limit 2
Explanation: The traffic must be classified and marked as closely as possible.
possible from its origin. The confidence limit identifies in which
marked device or traffic must be reliable. The marked traffic in
VoIP phones would be considered reliable as it moved towards the
corporate network.
71. What are the two benefits of extending layer connectivity?
access to users through a wireless means? (Choose two.)
. reduced costs
. decrease in the number of critical failure points
. greater flexibility
. greater bandwidth availability
. enhanced network management options
72. What are the two purposes of launching a reconnaissance attack on
a network? (Choose two.)
. to seek accessibility
. to retrieve and modify data
. to collect information about the network and devices
. to prevent other users from accessing the system
. to escalate access privileges
A group of users on the same network is complaining about the slowness.
from their computers. After investigating, the technician determines that these
computers are part of a zombie network. What type of malware is used?
to control these computers?
. botnet
. spyware
. virus
. rootkit
74. An ACL is applied at the entry on a router interface. The ACL
consists of a single entry:
access list permission 101 tcp 10.1.1.0
0.0.0.255 host 192.31.7.45 eq dns.

If a packet with a source address of 10.1.1.201, a destination address of

the destination of 192.31.7.45 and a protocol of 23 is received on the interface, the packet
Is it allowed or denied?
. allowed
. denied
75. Check the exhibit. From which location did this router load the IOS?
 . flashmemory
. NVRAM?
. RAM
. ROM
. a TFTP server?
76. Check the exhibit. What data format is used to represent
the data for network automation applications?

. XML
. YAML
. HTML
. JSON
Explanation: The common data formats used in many applications,
including network automation and programming capability, are the
following:
. JavaScript Object Notation (JSON) - In JSON, the data
known as an object are one or more key/value pairs
value between braces {}. The keys must be strings in quotes.
pairs "". Keys and values are separated by colons.
. Extensible Markup Language (XML) - In XML, the data is
included in a related set of tags <tag> data </tag>.
. YAML Ain't Markup Language (YAML) - In YAML, the data
known as an object are one or more pairs of values-
key. The key-value pairs are separated by two
points, without the use of quotes. YAML uses indentation to define its
structure without the use of brackets or commas
77. What QoS stage must occur before the packets can be
marked?
. classifying
. to model
. row
. policing
78. What is the main function of a hypervisor?
. It is used to create and manage multiple VM instances in a
host machine.
. It is a device that filters and verifies security credentials.
. It is a device that synchronizes a group of sensors.
 . It is software used to coordinate and prepare data for
analysis.
. It is used by ISPs to monitor computing resources in
cloud.
79. A company needs to interconnect several branches in an area
subway. The network engineer is looking for a solution that
provide high-speed convergent traffic, including voice, video, and data
on the same network infrastructure. The company also wants an integration
easy with your existing LAN infrastructure in your offices. Which
Should technology be recommended?
. Transfer of frame
. Ethernet WAN
. VSAT
. ISDN
80. Consult the exhibition. How is the traffic directed outside of a
output interface with QoS treatment, what prevention technique
Is congestion used?

. trafficmodeling
. weighted random early detection
. classification and marking
. traffic policing
Explanation: Traffic modeling buffers the packets in
excess in a queue and then directs the traffic in increments of
time, which creates a smoothed packet output rate. The
Traffic policing eliminates the traffic when the amount of traffic
reaches a configured maximum rate, which creates an exit rate that
it appears like a sawtooth with ridges and valleys.
81. An ACL is applied inbound on a router interface. The ACL
consists of a single entry:
access list permission 101 tcp 10.1.1.0
0.0.0.255 host 10.1.3.8 eq dns.

If a packet with a source address of 10.1.3.8, an address of

destination of 10.10.3.8 and a protocol of 53 is received on the interface, the packet is
allowed or denied?
. denied
. allowed
82. Check the exhibit. What is the purpose of the command marked with a
setting shown in the partial configuration output of a band router
long Cisco?

. define which addresses are allowed on the router

. define which addresses can be translated
. define which addresses are assigned to a NAT pool
. define which addresses are allowed outside the router
83. If a router has two interfaces and is routing IPv4 traffic and
IPv6, how many ACLs can be created and applied to it?
. 12
.4
.8
. 16
.6
84. Consult the exhibition. An administrator first configured an ACL
extended as shown by the output of the show access-lists command. The
the administrator then edited this access list by issuing the commands
below.

Router (config) # extended IP access list 101

Router (config-ext-nacl) # no 20

Router (config-ext-nacl) # 5 allows any tcp

any eq 22
Router (config-ext-nacl) # 20 deny udp any
any

What are the two conclusions that can be drawn from this new one?
configuration? (Choose two.)
. TFTP packets will be allowed.
. Ping packets will be allowed.
. Telnet packets will be allowed.
. SSH packages will be allowed.
. All TCP and UDP packets will be denied.
Explanation: After the editing, the final configuration is as follows:
Router #shows lists of
extended IP access list 101
5 allows tcp any any eq ssh
10 any tcp any any
20 any udp any any
30 allows icmp any any
So, only SSH packets and ICMP packets will be allowed.
85. Which problem-solving approach is most appropriate for a
experienced network administrator instead of a network administrator
less experienced?
. a less structured approach based on an assumption
polite
. an approach that compares functional and non-functional components
functional to detect significant differences
. a structured approach starting with the physical layer and
climbing up the layers of the OSI model until the cause of
problem be identified
. an approach that starts with the end-user applications and
descend through the layers of the OSI model until the cause of
the problem should be identified
86. Check the exhibition. Many employees are wasting time on the
company accessing social media on their work computers. A
the company wants to prevent this access. What is the best type and positioning of
ACL to be used in this situation?

. Extended ACL outbound on the R2 WAN interface to the Internet

. default ACL output on the WAN interface R2 to the Internet
. default ACLoutput on R2 S0 / 0/0
. Extended incoming ACLs on R1 G0/0 and G0/1
87. Check the exhibition. An administrator is trying to set up the PAT.
in R1, but PC-A cannot access the Internet. The administrator tries
ping a server on the Internet from PC-A and collect the
purifications that are shown in the exhibition. Based on this output, what is the
most likely cause of the problem?
 . The internal and external NAT interconnections have been configured.
back
. The internal global address is not in the same subnet as the ISP.
. The address on Fa0 / 0 should be 64.100.0.1.
. The access list for the NAT source corresponds to the range of
incorrect address.
Explanation: The debug ip nat output shows each packet that is translated.
through the router. The "s" is the source IP address of the packet and the "d" is the
destination. The address after the arrow (->) shows the address
translated. In this case, the translated address is in the subnet
209.165.201.0, but the interface facing the ISP is on the subnet
209.165.200.224/27. The ISP may discard the incoming packets or
it may be unable to route the return packets back to the host because
The address is in an unknown subnet.
88. Why is QoS an important issue in a converged network that
does it combine voice, video, and data communications?
. Data communications should have the highest priority.
. Voice and video communications are more sensitive to latency.
. The legacy equipment is unable to transmit voice and video without
QoS.
. Data communications are sensitive to jitter.
89. Which statement describes a VPN?
. VPNs use logical connections to create public networks through
from the Internet.
. VPNs use open-source virtualization software to create the
tunnel through the Internet.
. VPNs use dedicated physical connections to transfer data between
remote users.
. VPNs use virtual connections to create a private network through
from a public network.
90. In which OSPF state is the election of DR / BDR conducted?
. ExStart
. Start
. Double hand
. Exchange
91. Two companies have just completed a merger. The network engineer was
requested to connect the two corporate networks without the expense of lines
rented. What solution would be the most economical method of providing a
adequate and secure connection between the two corporate networks?
. Cisco Secure Mobility Clientless SSL VPN
. Transfer of frame
. Remote access VPN using IPsec
. Cisco AnyConnect Secure Mobility Client with SSL
. site-to-site VPN
Explanation: A site-to-site VPN is an extension of a classic WAN network.
that provides a static interconnection of entire networks. Frame Relay
it would be a better choice than leased lines, but it would be more expensive
to implementing site-to-site VPNs. The other options refer to
Remote access VPNs that are best suited for connecting users
to corporate network than to interconnect two or more networks.
92. What is the final operational state that will form between an OSPF DR and
a BROTHER as soon as the routers reach convergence?
. Loading
. established
. full
. double-handed
93. Consult the exhibition. If the switch is restarted and all the routers
if they have to restore OSPF adjacencies, which routers will become
the new DR and BDR?

. Router R3 will become the DR and router R1 will become the BDR.
. Router R4 will become the DR and router R3 will become the BDR.
. Router R1 will become the DR and router R2 will become the BDR.
. Router R3 will become the DR and router R2 will become the BDR.
Explanation: OSPF selections of a DR are based on the following
order of precedence:
. highest priority from 1 to 255 (0 = never a DR)
. largest router ID
. highest IP address of a loopback or active interface on
absence of a manually configured router ID. The
Loopback IP addresses take precedence over others.
interfaces.
In this case, routers R3 and R1 have the highest router priority.
high. Among the two, R3 has the highest router ID. Therefore, R3 is
will turn the DR and R1 will become the BDR.

94. What type of server would be used to maintain a historical record of

messages from monitored network devices?
. DNS
. print
. DHCP
. syslog
. authentication
95. When QoS is implemented in a converged network, what are the two
factors can be controlled to improve network performance for
real-time traffic? (Choose two.)
. package addressing
. delay
. tremor
. packet routing
. link speed
Explanation: Delay is the latency between a sending device and
receiving. Jitter is the variation in the delay of received packets. Both the
delay and jitter need to be controlled to support the
real-time voice and video traffic.
96. At which stage of symptom collection does the network engineer determine if the
Is the problem in the core, in the distribution, or in the access layer of the network?
. Determine the property.
. Determine the symptoms.
. Limit the scope.
. Document the symptoms.
. Gather information.
97. Which protocol sends periodic announcements between Cisco devices
connected to learn the device name, the IOS version and the
number and type of interfaces?
. CDP
. SNMP
. NTP
. LLDP
98. An administrator is configuring single area OSPF in a
router. One of the networks that must be announced is 192.168.0.0
255.255.252.0. What wildcard mask would the administrator use in the instruction of
OSPF network?
. 0.0.0.127
. 0.0.0.31
. 0.0.3.255
. 0.0.0.63
99. Consult the exhibition. An administrator configures the following ACL for
prevent devices on the subnet 192.168.1.0 from accessing the server at
10.1.1.5:
access list 100 deny ip 192.168.1.0 0.0.0.255 host
10.1.1.5

access list 100 allows any IP any

Where should the administrator place this ACL for the most efficient use of
network resources?
. input on router A Fa0/0
. output on the router B Fa0/0
. output on router A Fa0/1
. entry on router B Fa0 / 1
100. What type of OSPFv2 packet is used to forward information about
change of OSPF link?
. link-state recognition
. link-state update
. Hello
. database description
101. Which protocol synchronizes with a private master clock or with a
publicly available server on the Internet?
. MPLS
. CBWFQ
. TFTP
. NTP
102. What type of VPN allows multicast and broadcast traffic in a
Is a site-to-site VPN secure?
. Dynamic multipoint VPN
. VPN SSL
. IPsec virtual tunnel interface
. GRE over IPsec
103. An OSPF router has three directly connected networks; 10.0.0.0/16,
10.1.0.0/16 and 10.2.0.0/16. Which OSPF network command would announce only the
network 10.1.0.0 to the neighbors?
. router (router-config)# network 10.1.0.0 0.0.255.255 area 0
. router (router-config) # network 10.1.0.0 0.0.15.255 area 0
. router (router-config) # network 10.1.0.0 255.255.255.0 area 0
. router (router-config) # network 10.1.0.0 0.0.0.0 area 0
104. Consult the exhibition. What sequence of commands should be used to
configure router A for OSPF?

i386046n1v2.gif
ospf router 1
network 192.168.10.0 area 0
router ospf 1
network 192.168.10.0
router ospf 1
network 192.168.10.64 255.255.255.192
network 192.168.10.192 255.255.255.252
OSPF router 1
network 192.168.10.64 0.0.0.63 area 0
network 192.168.10.192 0.0.0.3 area 0
105. An administrator is configuring single-area OSPF on a
router. One of the networks that should be announced is 192.168.0.0
255.255.254.0. What wildcard mask would the administrator use in the instruction of
OSPF network?
. 0.0.7.255
. 0.0.1.255
. 0.0.3.255
. 0.0.15.255
106. How virtualization helps in disaster recovery in a data center
center?
. improvement of business practices
 . consistent airflow supply
. live migration support
. guarantee of power
Explanation: Live migration allows moving from one virtual server to
another virtual server that may be in a different location, at some
distance from the original data center.
107. How virtualization helps in disaster recovery in a data center
center?
. The hardware does not need to be identical.
. (Another case) The hardware at the recovery site does not need to be
identical to the production equipment.
. Power is always provided.
. Less energy is consumed.
. The server provisioning is faster.
Explanation: Disaster recovery is how a company accesses
applications, data and the hardware that may be affected during a
disaster. Virtualization provides hardware independence, which
it means that the disaster recovery site does not need to have the
exact equipment as the equipment in production. The
server provisioning is relevant when a server is built
for the first time. Although data centers have backup generators,
the entire data center was designed for disaster recovery. A data
the center in particular could never guarantee that the data center itself
I would never run out of energy.
108. Check the exhibition. What devices exist in the failure domain?
When does the switch S3 lose power?

. S4 and PC_2
. PC_3 and AP_2
. AP_2 and AP_1
. PC_3 and PC_2
. S1 and S4
A failure domain is the area of a network that is affected when a
a critical device, such as the S3 switch, fails or presents
problems.
109. What set of access control entries would allow everyone to
users on the network 192.168.10.0/24 access a web server located in
172.17.80.1, but I wouldn't allow them to use Telnet?
access list 103 deny host tcp 192.168.10.0 any eq 23
access list 103 allows tcp host 192.168.10.1 eq 80
access list 103 tcp permission 192.168.10.0 0.0.0.255 host 172.17.80.1 eq
80
access list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access list 103 tcp permission 192.168.10.0 0.0.0.255 any eq 80
access list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
access list permission 103 192.168.10.0 0.0.0.255 host
172.17.80.1
access list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
For an extended ACL to meet these requirements, the following must be
to be included in access control entries:
identification number in the range of 100-199 or 2000-2699
permission or denial parameter source address of
protocol
e
wildcard destination address and
wildcard port number or name
110. Consult the display. A network administrator needs to add a
ACE to ACL TRAFFIC-CONTROL that will deny IP traffic from the subnet
172.23.16.0/20. Which ACE will meet this requirement?

.5 deny 172.23.16.0 0.0.15.255

. Deny 172.23.16.0 0.0.255.255
. Deny 172.23.16.0 0.0.15.255
. 30 deny 172.23.16.0 0.0.15.255
111. Which stage of the link-state routing process is described by a
router that builds a link-state database based on LSAs
received?
. executing the SPF algorithm
. building the topology table
. selecting the router ID
. declare an inaccessible neighbor
112. Which protocol uses agents that reside on managed devices,
to collect and store information about the device and its operation?
. SYSLOG
. TFTP
. CBWFQ
. SNMP
113. An administrator is configuring single area OSPF on a
router. One of the networks that must be announced is 10.27.27.0
255.255.255.0. What wildcard mask would the administrator use in the instruction of
OSPF network?
. 0.0.0.63
. 0.0.0.255
. 0.0.0.31
. 0.0.0.15
114. When will an OSPF-enabled router transition from the state
Down to the Init state?
. when an OSPF-enabled interface becomes active
. as soon as the router starts
 . when the router receives a hello packet from a neighboring router
. as soon as the election process of DR / BDR is concluded
115. What type of traffic is described as having a high volume of data for
package?
. data
. video
. voice
116. Which protocol is a vendor-neutral Layer 2 protocol that
announces the identity and resources of the host device to others
connected network devices?
. LLDP
. NTP
. TFTP
. SNMP
117. Which stage of the link-state routing process is described by a
router executing an algorithm to determine the best path for
each destination?
. building the topology table
. selecting the router ID
. declare a neighbor inaccessible
. executing the SPF algorithm
118. Consult the exhibition. What conclusion can be drawn from this network?
multiaccess OSPF?

. Ifthe DR stops producing Hello packets, a BDR will be elected and,

So, he will promote himself to take on the role of Dr.
. With the election of DR, the number of adjacencies is reduced from 6 to
3. *
. When a DR is elected, all other non-DR routers
they become DROTHER.
. All DROTHER routers will send LSAs to the DR and BDR.
for multicast 224.0.0.5.
In OSPF multi-access networks, a DR is elected to be the point of
collection and distribution of LSAs sent and received. A BDR is also
elected in case the DR fails. All other routers are neither DR nor BDR.
they become DROTHER. Instead of flooding LSAs to all routers
on the network, the DROTHERs send only their LSAs to the DR and BDR
using the multicast address 224.0.0.6. If there is no DR election /
BDR, the number of necessary adjacencies is n (n-1) / 2 => 4 (4-1) / 2 =
With the election, this number is reduced to 3.
119. Consult the exhibition. The network administrator has an IP address of
192.168.11.10 needs access to manage R1. What is the best type and
ACL positioning to be used in this situation?

. Extended ACL output on the R2 WAN interface to the Internet

. Standard ACL for incoming on R1 vty
. Extended inbound ACLs on R1 G0/0 and G0/1
. Extended ACL out on R2 S0/0/1
Explanation: Standard ACLs allow or deny packets based solely on
in the source IPv4 address. As all types of traffic are
allowed or denied, the default ACLs should be located as close as possible
next possible destination.
Extended ACLs allow or deny packets based on the address
Source IPv4 and destination IPv4 address, protocol type, ports
TCP or UDP source and destination and much more. How filtering of
Extended ACLs are very specific, extended ACLs must be
located as close as possible to the origin of the traffic to be filtered. The
unwanted traffic is denied near the source network without crossing the
network infrastructure.
120. What type of VPN connects using the Transport Layer Security feature?
(TLS)?
. VPN SSL
. IPsec virtual tunnel interface
. GRE over IPsec
. Dynamic multipoint VPN
121. Which group of APIs are used by an SDN controller to
communicate with various apps?
. APIs to the east
. APIs to the west
. APIs for the north
. APIs for the south
122. A company has consolidated several servers and is looking for a
program or firmware to create and control virtual machines that have
access to all the hardware of the consolidated servers. Which service or
Would technology support this requirement?
. Cisco ACI
. software-defined network
. Type 1 hypervisor
. APIC-EM
123. What command would be used as part of the NAT or PAT configuration?
to identify internal local addresses that need to be translated?
. ip nat inside source list 24 interface serial 0/1/0 overload
. ip nat inside source list 14 overload POOL-STAT
. access list license 10 172.19.89.0 0.0.0.255
. ip nat inside of the source list ACCTNG pool POOL-STAT
124. Any company decided to reduce its environmental footprint by reducing the
energy costs, moving to a smaller facility and promoting the
telework, which service or technology would meet the requirements?
. Cloud services
. Data center
. APIC-EM
. Cisco ACI
125. Check the exhibit. An administrator is trying to back up the
current router configuration running on a USB drive and inserts the
commandcopy usbflash0:/R1-config running-configon the command line
from the router. After removing the USB unit and connecting it to a PC, the
administrator discovers that the running configuration backup was not
done correctly in the R1-config file. What is the problem?

. The file already exists on the USB drive and cannot be replaced.
. The unit was not formatted correctly with the system of
FAT16 files.
. There is no more space on the USB drive.
. The USB unit is not recognized by the router.
. The command that the administrator used was incorrect.
126. What are the three types of VPNs examples of site-to-site VPNs?
managed by a company? (Choose three.)
. MPLS Layer 3 VPN
. VPN IPsec
. Cisco Dynamic Multipoint VPN
. GRE over IPsec VPN
. VPN SSL without client
. Client-based IPsec VPN
127. Consult the display. The employees at 192.168.11.0/24 are working
with critical information and are not allowed to access outside of their
network. What is the best type and positioning of ACL to be used in this
situation?

. Standard inbound ACL on R1 vty

. Extended ACL entry on R1 G0/0
. Standard inbound ACL on R1 G0/1
. Extended ACL entry in R3 S0/0/1
128. In an OSPF network, what are the two statements that describe the
link-state database (LSDB)? (Choose two.)
. It can be viewed using theshow ip ospf databasecommand.
. A neighbor table is created based on the LSDB.
. It contains a list of only the best routes for a network.
specific.
. It contains a list of all neighboring routers with which
a router established bidirectional communication.
. All routers in an area have a state database.
the identical link.
129. In an OSPF network, which OSPF structure is used to create the table
of neighbors in a router?
. adjacency database
. link-state database
. routing table
. referral database
130. What protocol is used in a system that consists of three elements -
a manager, agents, and a database of information?
. MPLS
 . SYSLOG
. SNMP
. TFTP
131. What type of traffic is described as non-resilient to losses?
. given
. video
. voice
Explanation: Video traffic tends to be unpredictable, inconsistent and
with bursts compared to voice traffic. In comparison with
the voice, the video is less resilient to loss and has a larger volume of
data per package.
132. Consult the exhibition. The router R1 is configured with NAT.
static. The addresses on the router and on the web server are configured
correctly, but there is no connectivity between the web server and the
Internet users. What could be the possible reason for this lack of
connectivity?

. The interface Fa0/0 must be configured with the ip nat command.

outside.
. The internal global address is incorrect.
. The NAT router configuration has an internal local address.
incorrect.
. The NAT configuration on interface S0/0/1 is incorrect.
133. What type of API would be used to allow authorized sellers
from an organization access internal sales data of their devices
furniture?
. to open
 . partner
. public
. private
134. Check the exhibition. What data format is used to represent
data for network automation applications?

. XML
. HTML
. YAML
. JSON
135. An ACL is applied inbound on a router interface. The ACL
consists of a single entry:
access list permission 101 udp 192.168.100.32
0.0.0.7 host 198.133.219.76 eq telnet.

If a packet has a source address of 198.133.219.100, an address

Destination of 198.133.219.170 and a protocol of 23 is received on the interface,
Is the package allowed or denied?
. denied
. allowed
136. Check the exhibition. If no router ID has been configured
manually, what would the router R1 use as its OSPF router ID?

. 10.0.0.1
. 10.1.0.1
 . 192.168.1.100
. 209.165.201.1
137. What protocol is a vendor-neutral Layer 2 protocol that
announces the identity and resources of the host device to others
connected network devices?
. NTP
. LLDP
. SNMP
. MPLS
138. What type of VPN uses a hub-and-spoke configuration for
establish a complete mesh topology?
. VPN MPLS
. GRE over IPsec
. IPsec virtual tunnel interface
. dynamic multipoint VPN
139. What is a characteristic of the REST API?
. A. evolved into what became SOAP
. B. used to exchange structured XML information over HTTP
or SMTP
. C. considered slow, complex and rigid
. D. Most widely used API for web services
140. At which stage of symptom collection does the network engineer determine if
Is the problem in the core, in the distribution, or in the access layer of the network?
. Determine the symptoms.
. Determine the property.
. Gather information.
. Limit the scope.
. Document the symptoms.
141. A student, studying abroad for a summer semester,
took hundreds of photos on a smartphone and wants to save them in case of
loss. What service or technology would support this requirement?
. Cisco ACI
. cloud services
. software-defined network
. dedicated servers
142. Consider the following access list that allows for the transfer of
configuration files of the IP phone of a certain host for a
TFTP server:
R1 (config) # access-list 105 allows udp host
10.0.70.23

R1 (config) # access-list 105 deny any ip

any

R1 (config) # interface gi0 / 0

R1 (config-if) # ip access-group 105 out

What method would allow the network administrator to modify the ACL and include
FTP transfers from any source IP address?
R1 (config) # interface gi0 / 0
R1 (config-if) # no ip access-group 105 out
R1 (config) # access-list 105 permit tcp any host 10.0.54.5 eq 20
R1 (config) # access-list 105 permit tcp any host 10.0.54.5 eq 21
R1 (config) # interface gi0 / 0
R1 (config-if) # ip access-group 105 out
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq
20
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq
21
R1 (config) # interface gi0 / 0
R1 (config-if) # apply ip access-group 105 out
R1 (config) # sem access-list 105
R1 (config) # access-list 105 permit udp host 10.0.70.23 host 10.0.54.5
interval 1024 5000
R1 (config) # access list 105 permit tcp any host 10.0.54.5 eq
20
R1 (config) # access-list 105 allow tcp any host 10.0.54.5 eq
21
R1 (config) # access-list 105 deny ip any any
R1 (config) # interface gi0 / 0
R1 (config-if) # ip access-group 105 out
R1 (config) # access-list 105 permit host udp 10.0.70.23 host
10.0.54.5 interval 1024 5000
R1 (config) # access list 105 permit tcp any host 10.0.54.5 eq
20
R1 (config) # access list 105 permit tcp any host 10.0.54.5 eq
21
R1 (config) # access list 105 deny ip any any
143. What are the three statements generally considered the best
practices in setting up ACLs? (Choose three.)
. Filter unwanted traffic before it travels to a low link
bandwidth.
. Place standard ACLs near the destination IP address of the traffic.
. Place standard ACLs near the source IP address of the traffic.
. Place extended ACLs near the destination IP address of
traffic.
. Place extended ACLs near the source IP address of the traffic.
. For each inbound ACL placed on an interface, there must be
an outgoing ACL corresponding.
144. Match the term to the web link
http://www.buycarsfromus.com/2020models/ford/suv.html#Escape
component. (Not all options are used.)

Http -> Protocol

buycarsfromus.com/2020models/ford/suv.html#Escape—-> URN
http://www.buycarsfromus.com/2020models/ford/suv.html—-> URL
http://www.buycarsfromus.com/2020models/ford/suv.html#Escape—->
URI
#Escape—- Fragment
145. What command would be used as part of the NAT or PAT configuration?
to display all the static translations that have been configured?
. show nat ip translations
. show ip pat translations
. show IP cache
 . show running-config
146. A network administrator modified a router enabled for
OSPF to have a hello timer configuration of 20 seconds. What is the
new default dead time interval configuration?
. 40 seconds
. 60 seconds
. 80 seconds
. 100 seconds
147. What type of VPN is the preferred choice for support and ease of use?
implementation for remote access?
. VPN SSL
. GRE over IPsec
. Dynamic multipoint VPN
. IPsec virtual tunnel interface
148. What type of traffic is described as predictable and regular?
. video
. data
. voice
149. Which queuing mechanism has no provision for prioritization
or buffering, but simply forwards the packets on the
order in which they arrive?
. FIFO
. LLQ
. CBWFQ
. WFQ
150. Consult the exposition. A network administrator configured OSPFv2
on both Cisco routers. The routers cannot form a
neighbor adjacency. What should be done to fix the problem in
router R2?

. Implement the command no passive-interface Serial0/1.

. Implement the command network 192.168.2.6 0.0.0.0 area 0
router R2.
 . Change the router ID of router R2 to 2.2.2.2.
. Implement the command network 192.168.3.1 0.0.0.0 area 0 in
router R2.
A network administrator is troubleshooting an OSPF problem.
What involves neighbor adjacency. What should the administrator do?
. Ensure that the router priority is unique in
each router.
. Ensure that the DR / BDR election is completed.
. Make sure that the router ID is included in the package
hello.
. Make sure that the hello and dead interval timers are
the same on all routers.
152. Check the exhibition. The internet privileges for an employee
were revoked due to abuse, but the employee still needs to access the
company resources. What is the best type and positioning of ACL to be
used in this situation?

Modules 3 - 5 of CCNA 3 v7: Network security exam answers 49

. standard ACL entry on the WAN interface R2 connecting to
internet
. default ACL output on the WAN interface R2 to the Internet
. Standard ACL entry on R1 G0/0
. default ACL output on R1 G0 / 0
Explanation: Standard ACLs allow or deny packets based on
only at the source IPv4 address. As all types of traffic are
allowed or denied, standard ACLs should be located as close as
next possible to the destination.
Extended ACLs allow or deny packets based on the
source IPv4 address and destination IPv4 address, protocol type,
source and destination TCP or UDP ports and much more. Like filtering
extended ACLs are very specific, extended ACLs must be
located as close as possible to the origin of the traffic to be filtered. The
unwanted traffic is denied close to the source network without crossing the
network infrastructure.
153. An ACL is applied inbound on a router interface. The ACL
consists of a single entry:
access list permission 100 tcp 192.168.10.0
0.0.0.255 172.17.200.0 0.0.0.255 eq www.

If a packet with source address 192.168.10.244, destination address

172.17.200.56 and protocol 80 received on the interface, the packet is allowed
Are you denied?
. denied
. allowed
154. A company hired a network security company to
help identify the vulnerabilities of the corporate network. The company
send a team to perform penetration testing on the network of
company. Why would the team use applications like Nmap, SuperScan and
Angry IP Scanner?
. to detect installed tools in files and directories that
they provide threat agents with remote access and control
about a computer or network
. to detect any evidence of a hack or malware in a
computer or network
. to reverse engineer binary files when writing
exploits and analyzing malware
. to scan network devices, servers, and hosts for TCP ports
open UDP
155. What command would be used as part of the NAT or PAT configuration
to display any dynamic PAT translations that have been created by
traffic?
. show ip address translations
. show IP cache
. show running-config
. show nat ip translations
156. An administrator is configuring OSPF single area on a
router. One of the networks that should be advertised is 172.16.91.0
255.255.255.192. What wildcard mask would the administrator use in the instruction?
of the OSPF network?
. 0.0.31.255
 . 0.0.0.63
. 0.0.15.255
. 0.0.7.255
157. What type of traffic is described as requiring that latency not be
> 400 milliseconds (ms)?
. video
. data
. voice
158. Consult the exhibition. What two settings would be used for
create and apply a standard access list on R1, so that only the
network devices 10.0.70.0/25 are permitted to access the server
from the internal database? (Choose two.)

. A.
R1 (config) # interface GigabitEthernet0 / 0
R1 (config-if) # ip access-group 5 out
. B.
R1 (config) # access-list 5 permit 10.0.54.0 0.0.1.255
. C.
R1 (config) # interface Serial0 / 0/0
R1 (config-if) # ip access-group 5 in
. D.
R1 (config) # access list 5 permit 10.0.70.0 0.0.0.127
. E.
R1 (config) # access list 5 allows any
159. A network administrator is writing a standard ACL that
will deny any traffic from the network 172.16.0.0/16, but will allow all other
traffic. What are the two commands that should be used? (Choose two.)
. Router (config) # access-list 95 deny 172.16.0.0 255.255.0.0
. Router (config) # access-list 95 allows any
. Router (config) # access-list 95 host 172.16.0.0
. Router (config) # access-list 95 deny 172.16.0.0 0.0.255.255
. Router (config) # access-list 95 172.16.0.0 255.255.255.255
. Router (config) # access-list 95 negates any
Explanation: To deny traffic from the network 172.16.0.0/16,
the command access-list 95 deny 172.16.0.0 0.0.255.255 is used. To allow
all other traffic, access list 95 allows any instruction
be added.
160. Check the exhibition. The company decided that no initiated traffic
from any other existing or future network can be transmitted to the network
of Research and Development. Furthermore, no traffic originating from the
The Research and Development network can be transmitted to anyone.
another existing or future network of the company. The network administrator decided
that extended ACLs are more suitable for these requirements. Based on
Based on the information provided, what will the network administrator do?

. An ACL will be placed on the R1 Gi0 / 0 interface and an ACL will be

located on the R2 Gi0 / 0 interface.
. Only a numbered ACL will work for this situation.
. An ACL will be placed on the R2 Gi0/0 interface and an ACL will be
placed on interface R2 S0 / 0/0.
. Two ACLs (one in each direction) will be placed on the R2 interface.
Gi0 / 0.
161. Which protocol uses lower stratum numbers to indicate that the
server is closer to the authorized time source than numbers
higher strata?
. TFTP
. SYSLOG
. NTP
. MPLS
162. Check the exhibition. If no router ID has been configured.
manually, what the Branch1 router would use as its router ID
OSPF?

. 10.0.0.1
. 10.1.0.1
. 192.168.1.100
. 209.165.201.1
Explanation: In OSPFv2, a Cisco router uses a three-step method.
layers to derive your router ID. The first choice is the ID of
router manually configured with the router-id command. If the ID of
if the router is not configured manually, the router will choose the
highest IPv4 address of loopback interfaces
configured. Finally, if no loopback interface is
configured, the router will choose the highest active IPv4 address of
its physical interfaces.
163. Combine the HTTP method with the RESTful operation.

164. Check the exhibition. A web designer calls to report that the server
web web-s1.cisco.com cannot be accessed through a browser. The
the technician uses command line utilities to check the problem and
start the problem-solving process. What are the two things that
Can they be determined about the problem? (Choose two.)
 . Theweb server at 192.168.0.10 can be accessed from the host of
origin.
. The default gateway between the source host and the server in
192.168.0.10 is inactive.
. There is a problem with the web server software on web-
s1.cisco.com.
. A router is inactive between the source host and the web server.
s1.cisco.com.
. The DNS cannot resolve the IP address of the web server.
s1.cisco.com.
165. What type of traffic is described as tending to be unpredictable,
inconsistent and with bursts?
. video
. voice
. data
166. Match the functions to the corresponding layers. (Not all the
options are used.)

167. What type of traffic is described as consisting of traffic that requires

a higher priority if it is interactive?
. voice
. data
. video
168. What type of VPN offers a flexible option to connect a site
central to branch sites?
. VPN IPsec
. Client-based IPsec VPN
. Layer 3 MPLS VPN
 . VPN SSL without client
. Cisco Dynamic Multipoint VPN
. GRE on IPsec VPN
169. A company hired a network security company to
help identify the vulnerabilities of the corporate network. The company
send a team to conduct penetration testing on the network of
company. Why would the team use fuzzers?
. to discover security vulnerabilities of a computer
. to detect any evidence of a hack or malware in a
computer or network
. to perform reverse engineering of binary files when writing
exploits and analyzing malware
. to detect tools installed in files and directories that
provide threat agents with remote access and control
about a computer or network
170. Refer to the exhibition. A network administrator configured an ACL.
standard to allow only the two LAN networks connected to R1
access the network that connects to the interface R2 G0 / 1, but not to the interface G0 /
0. By following best practices, where should the default ACL be?
applied?

. R1 S0 / 0/0 output
. Output R2 G0 / 0
. R2 S0 / 0/1 output
. R1 S0 / 0/0 input
. R2 G0 / 1 input
171. Two routers enabled for OSPF are connected on a link
point to point. During the ExStart state, which router will be chosen as
Who was the first to send DBD packets?
. the router with the highest router ID
. the router with the lowest IP address on the connection interface
. the router with the highest IP address on the connection interface
. the router with the smallest router ID
Explain: In the ExStart state, both routers decide which router
will send the DBD packets first. The router with the highest router ID
it will be the first router to send DBD packets during the exchange state
172. Which stage of the link-state routing process is described by a
router sending Hello packets through all enabled interfaces to
OSPF?
. link-state advertisement exchange
. choosing the designated router
. injecting the default route
. establishing neighboring adjacencies
173. A company hired a network security company to
help to identify the vulnerabilities of the corporate network. The company
send a team to conduct penetration tests on the network of
company. Why would the team use forensic tools?
. to obtain specially designed operating systems pre-
loaded with optimized hacking tools
. to detect any evidence of a hack or malware in a
computer or network
. to detect installed tools in files and directories that
they provide threat agents with remote access and control
about a computer or network
. to perform reverse engineering of binary files when writing
exploits and analyzing malware
174. Refer to the exhibition. A network administrator configured OSPFv2.
on both Cisco routers, but PC1 cannot connect to PC2. What
What is the most likely problem?
 . The Fa0 / 0 interface has not been activated for OSPFv2 on router R2.
. The interface Fa0/0 is configured as a passive interface in
router R2.
. The S0 / 0 interface is configured as a passive interface in
router R2.
. The interface s0 / 0 has not been activated for OSPFv2 on router R2.
Explanation: If a LAN network is not advertised using OSPFv2, a
the remote network will not be reachable. The output shows an adjacency of
successful neighbor between router R1 and R2 on interface S0/0
both routers.
175. ABCTech is investigating the use of automation for some of its
products. To control and test these products, the programmers
require Windows, Linux, and MAC OS on their computers. What service
Which technology would support this requirement?
. dedicated servers
. software-defined network
. virtualization
. Cisco ACI
176. A network engineer observed that some network route entries
expected are not displayed in the routing table. What are the two
commands that will provide additional information about the state of
router adjacencies, the timer intervals, and the ID of the
area? (Choose two.)
. show IP protocols
. show OSPF neighbor IP
. show execution configuration
. show OSPF IP interface
. show ip route ospf
Explanation: The command show ip ospf interface will display information about the
routing table that are already known. The show commands
running-configuration and show ip access lists will display aspects of the configuration
OSPF on the router, but will not display details of the adjacency state
or details of the timer interval.
177. What type of VPN involves routing traffic through the backbone?
through the use of labels distributed among the core routers?
. VPN MPLS
. GRE over IPsec
. IPsec virtual tunnel interface
. Dynamic multipoint VPN
178. What type of VPN involves an insecure encapsulation protocol
being encapsulated by IPsec?
. VPN SSL
. Dynamic multipoint VPN
. GRE over IPsec
. IPsec virtual tunnel interface
179. A company hired a network security company to
help to identify the vulnerabilities of the corporate network. The company
send a team to conduct penetration testing on the network of
company. Why would the team use hacking operating systems?
. to detect any evidence of a hack or malware in a
computer or network
. to obtain specially designed operating systems pre-
loaded with optimized hacking tools
. to encode data, using algorithm schemes, to avoid the
unauthorized access to encrypted data
. to reverse engineer binary files when writing
exploits and analyzing malware
180. What command would be used as part of the NAT or PAT configuration?
to identify an interface as part of the global external network?
. IP was inside
. access list license 10 172.19.89.0 0.0.0.255
. ip nat inside
. ip nat outside
181. To avoid the purchase of new hardware, a company wants
take advantage of the idle resources of the system and consolidate the
number of servers, while allowing multiple systems
operational on a single hardware platform. Which service or
Would technology support this requirement?
. Data center
. cloud services
. virtualization
. dedicated servers
Explain: Server virtualization takes advantage of idle resources and
consolidates the number of required employees. This also allows for
multiple operating systems exist on a single platform of
hardware.
182. What type of VPN routes packets through virtual tunnel interfaces?
for encryption and forwarding?
. VPN MPLS
. IPsec virtual tunnel interface
. Dynamic multipoint VPN
. GRE over IPsec
183. Which stage of the link-state routing process is described by a
router flooding the link-state and the cost information about each link
directly connected?
. building the topology table
. selecting the router ID
. link-state advertisement exchange
. injecting the standard route
184. What type of traffic is described as using TCP or UDP, depending
of the need for error recovery?
 . video
. voice
. data
185. Consult the exhibition. The CEO of the company demands that an ACL be
created to allow email traffic to the Internet and deny access to
FTP. What is the best type and positioning of ACL to be used in this?
situation?

. Extended ACL out on the WAN interface R2 to the Internet

. default ACL output on R2 S0 / 0/0
. Extended ACL entry on R2 S0 / 0/0
. default ACL entry on the WAN interface R2 connecting to
internet
186. What command would be used as part of the NAT or PAT configuration?
to define a pool of addresses for translation?
. ip nat inside static source 172.19.89.13 198.133.219.65
. ip nat inside source list 24 interface serial 0/1/0 overload
. NAT pool statistics 64.100.14.17 64.100.14.30 mask of
network 255.255.255.240
. ip nat outside
187. What is the name of the layer in the borderless switched network project
from Cisco which is considered the backbone used for high connectivity
speed and fault isolation?
. data link
. Access
. essential
. speech
. network access
Explanation: The three layers of the Cisco switch network design
Borderless means access, distribution, and core. The layer switches of
access are used to connect end devices to the network. The switches
the distribution layer accepts connections from the layer switches
access and provide switching, routing, and policy functions
access. The central layer is called the backbone and the switches
data centers generally have high-speed redundant connections.
188. An ACL is applied inbound on the router's interface. The ACL
consists of a single entry:
access list 210 tcp license 172.18.20.0 0.0.0.47
any eq ftp

If a packet with a source address of 172.18.20.40, an address of

destination of 10.33.19.2 and a protocol of 21 is received on the interface, the packet is
allowed or denied?
. allowed
. denied
189. What type of traffic is described as consisting of traffic that obtains
a lower priority if it is not mission critical?
. video
. data
. voice
190. Which OSPF table is identical on all converging routers in
same OSPF area?
. routing
. neighbor
. adjacency
. topology
191. An ACL is applied at the entry on a router interface. The ACL
consists of a single entry:
access list 100 allow tcp 192.168.10.0 0.0.0.255 any eq www.
If a packet has a source address of 192.168.10.45, a
destination address of 10.10.3.27 and a protocol of 80 is received in
interface, is the package allowed or denied?
. allowed
. denied
192. Which protocol allows the manager to poll the agents for access
agent MIB information?
. CBWFQ
. SYSLOG
. TFTP
. SNMP
193. Combine each component of a WAN connection with its
description. (Not all options are used.)
194. What type of traffic is described as being able to tolerate a certain
amount of latency, jitter, and loss without any perceptible effects?
. voice
. video
. data
195. What term describes the addition of a value to the packet header, the
as close as possible to the source, so that the package matches a
defined policy?
. policing
. traffic marking
. weighted random early detection (WRED)
. traffic modeling
. tail fall
196. What are the three traffic-related factors that influence the
selection of a specific type of WAN link? (Choose three.)
. cost of the link
. amount of traffic
. distance between sites
. reliability
. security needs
. type of traffic
Explanation: The traffic-related factors that influence the selection
of a certain type of WAN link include the type of traffic,
amount of traffic, quality requirements and requirements of
security. The quality requirements include ensuring that the traffic that
cannot tolerate delays receive priority treatment, as well as traffic
important business transaction.

197. Which command would be used as part of the NAT configuration

or PAT to link the local internal addresses to the set of
available addresses for PAT translation?
. ip nat inside the source list ACCTNG pool POOL-STAT
. translation time limit ip nat 36000
. ip nat inside source list 14 overload POOL-STAT
. ip nat inside static source 172.19.89.13 198.133.219.65
198. What protocol is a neutral layer 2 discovery protocol?
supplier that must be configured separately to transmit and
receive information packages?
. SNMP
. MPLS
. LLDP
. NTP
199. An ACL is applied inbound on a router interface. The ACL
consists of a single entry:
access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31
eq ftp .
If a packet with source address 172.18.20.55, destination address
172.18.20.3 and protocol 21 received on the interface, the packet is allowed or
denied?
. permitted
. denied
200. Consult the exhibition. Corporate policy requires that access to the network
The server should be restricted only to internal employees. What is the best
What type and positioning of ACL should be used in this situation?

Corporate policy requires that access to the server network be restricted to only
to the internal employees. What is the best type of ACL and positioning for
use in this situation
. Extended ACL outgoing on R2 S0 / 0/1
. default ACL output on R2 S0 / 0/0
. standard ACL entry on the WAN interface R2 connecting to
internet
. Extended ACL for input on R2 S0/0/0
A technician is working on a Layer 2 switch and notices that
a message % CDP-4-DUPLEX_MISMATCH keeps appearing
for port G0 / 5. What command should the technician issue on the switch to
start the problem-solving process?
. show cdp neighbors
. show brief ip interface
. show interface g0 / 5
. show cdp
202. What virtual resource would be installed on a network server to
provide direct access to hardware resources?
. VMware Fusion
. a management console
. a dedicated VLAN
. a type 1 hypervisor
Explanation: Type 1 hypervisors are installed directly onto the hardware.
server or network hardware. Then, the instances of a system
operational are installed on the hypervisor, as shown in the
figure. Type 1 hypervisors have direct access to resources of
hardware. Therefore, they are more efficient than architectures
hosted. Type 1 hypervisors improve scalability, the
performance and robustness.
203. Check the exhibition. A network administrator configured an ACL
standard to allow only the two LAN networks connected to R1
access the network that connects to the interface R2 G0 / 1. By following best practices
practices, where should the default ACL be applied?

Corporate networking, security and automation (version 7.00) - Final exam ENSA
. R2 G0 / 1 input
. R2 S0 / 0/1 output
. R1 S0 / 0/0 output
. R2 G0 / 1 output
. Output R2 G0 / 0
204. Which OSPF database is identical on all routers?
converging in the same OSPF area?
. neighbor
. referral
. link-state
. adjacency
Explanation: Regardless of the OSPF area in which the router resides,
the adjacency database, the routing table, and the database of
Forwarding data is unique to each router. The bank
link-state data lists information about all other routers
in an area and is identical on all OSPF routers that participate
of this area.
205. What are the two resources to be considered when creating an ACL
nominated? (Choose two.)
. Use alphanumeric characters if necessary.
. Use special characters, such as ! or * to show importance
do ACL.
. Modify the ACL using a text editor.
. Be descriptive when creating the ACL name.
. Use a space to make reading easier to separate the name from the
description
Explanation: The following summarizes the rules for named ACLs:
. Assign a name to identify the purpose of the ACL.
. Names can contain alphanumeric characters.
. Names cannot contain spaces or punctuation.
. It is suggested that the name be written in UPPERCASE.
. Entries can be added or removed in the ACL.
206. Combine the RESTful API method with the CRUD function.

Match the RESTful API method to the CRUD function.

207. What type of traffic is described as requiring at least 384 Kbps?
bandwidth?
. voice
 . data
. video
208. Which stage of the link-state routing process is described by a
router inserting the best paths into the routing table?
. declare a neighbor inaccessible
. running the SPF algorithm
. equal cost load balancing paths
. choosing the best route
209. Any company has decided to reduce its environmental footprint by reducing the
energy costs, moving to a smaller facility and promoting the
remote work. What service or technology would support this requirement?
. Data center
. virtualization
. cloud services
. dedicated servers
210. Which QoS technique smooths the packet output rate?
. policing
. to model
. weighted random early detection
. Integrated services (IntServ)
. marking
211. Check the exhibition. The company provided IP phones for
employees on the network 192.168.10.0/24 and voice traffic will have priority over
the data traffic. What is the best type and positioning of ACL to be
used in this situation?

. Extended ACL entry on R1 G0/0

. Extended ACL outbound on the WAN interface R2 to the Internet
. Extended ACL out on R2 S0/0/1
. Extended access lists inbound on R1 G0/0 and G0/1
Explanation: Standard ACLs allow or deny packets based only on
in the source IPv4 address. As all types of traffic are
allowed or denied, standard ACLs should be located as close as
next possible to the destination.
Extended ACLs allow or deny packets based on the address
Source IPv4 and destination IPv4 address, protocol type, ports
TCP or UDP source and destination and much more. How filtering of
Extended ACLs are very specific, extended ACLs must be
located as close as possible to the source of the traffic to be filtered. The
unwanted traffic is denied near the source network without crossing the
network infrastructure.
212. A network technician is configuring SNMPv3 and has set a level of
SNMPv3 authPriv security. What is the benefit of using this level?
. authenticate a package using only the SHA algorithm
. authenticates a package by a string match of the name
user or community string
. authenticate a package using the HMAC method with MD5 or the
SHA method
. authenticate
a package using the HMAC MD5 or HMAC algorithms
SHA is a username