Cisco Certified Network Associate ( CCNA )

Number: 200-301
Passing Score: 800
Time Limit: 120 min
File Version: 5.2

Cisco Certified Network Associate ( CCNA 200-301 )

Exam A

QUESTION 1
Which output displays a JSON data representation?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2

Refer to the exhibit. Which path is used by the router for internet traffic?

A. 209.165.200.0/27
B. 0.0.0.0/0
C. 10.10.10.0/28
D. 10.10.13.0/24

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

QUESTION 3

Refer to the exhibit. If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?

A. It is unreachable and discards the traffic

B. It sends packets out of interface Fa0/2
C. lt sends packets out of interface Fa0/1
D. lt load-balances traffic out of Fa0/1 and Fa0/2

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Which statement compares traditional networks and controller-based networks?

A. Traditional and controller-based networks abstract policies from device configurations

B. Only controller-based networks decouple the control plane and the data plane
C. Only traditional networks offer a centralized control plane.
D. Only traditional networks natively support centralized management.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5

Refer to the exhibit. The default-information originate command is configured under the R1 OSPF configuration. After testing, workstations or VLAN 20
at Site B cannot reach a DNS server on the internet. Which action corrects the configuration issue?

A. Add the default-information originate command on R2

B. Add the always keyword to the default-information originate command on R1
C. Configure the ip route 0.0.0.0 0.0.0.0 1010.102 command on R2
D. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 Command on R1

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
Which two encoding methods are supported by REST APls? (Choose two.)

A. XML
B. SGML
C. YAML
D. JSON
E. EBCDIC

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7

Refer to the exhibit.With which metric was the route to host 172.16.0.202 learned?

A. 0
B. 38443
C. 3184439
D. 110

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8

Refer to the exhibit. The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be
performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another? (Choose two.)

A. Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router
B. Configure the ipv6 route 2023:/126 2012::2 command on the Atlanta router.
C. Configure the ipv6 route 2012:/126 2023::1 command on the Washington router.
D. Configure the ipv6 route 2012::/126 s0/0/0 command on the Atlanta router.
E. Configure the ipv6 route 2012::/126 2023::2 command on the Washington router

Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:

QUESTION 9
When OSPF learns multiple paths to a network, how does it select a route?

A. It counts the number of hops between the source router and the destination to determine the route with the lowest metric.
B. It multiplies the active K values by 256 to calculate the route with the lowest metric.
C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the exiting interface to calculate the route with the lowest cost
D. For each exixting interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10

Refer to the exhibit. What does router R1 use as its OSPF router-ID?

A. 10.10.10.20
B. 10.10.1.10
C. 192.168.0.1
D. 172.16.15.10

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
What is the primary effect of the spanning-tree portfast command?

A. It immediately puts the port into the forwarding state when the switch is reloaded.
B. lt minimizes spanning-tree convergence time.
C. It immediately enables the port in the listening state.
D. It enables BPDU messages.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
What makes Cisco DNA Center different from traditional network management applications and their management of networks?

A. It abstracts policy from the actual device configuration.

B. It does not support high availability of management functions when operating in cluster mode.
C. Its modular design allows someone to implement different versions to meet the specific needs of an organization.
D. It only supports auto-discovery of network elements in a greenfield deployment.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
What are two benefits of network automation? (Choose two.)

A. faster changes with more reliable results

B. reduced operational costs
C. fewer network failures
D. increased network security
E. reduced hardware footprint

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
QUESTION 14

Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1. The new circuit uses eBGP arms
the route to VLAN 25 from the BGP path. What is the expected behavior for the traffic flow for route 10.10.13.0/25?

A. Traffic to 10.10.13.0/25 is load balanced out of multiple interfaces.

B. Route 10.10.13.0/25 learned via the Gi0/0 interface remains in the routing table.
C. Traffic to 10.10.13.0/25 is asymmetrical.
D. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15

Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access
the
web server. Which configuration when applied to switch A accomplishes this task?

A.
B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16

Refer to the exhibit. An engineer is configuring the New York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path.
Which two commands must be configured on the New York router so that it can reach the Lol interface of the Atlanta router via Washington when the link between
New York and Atlanta goes down? (Choose two.)

A. ipv6 route 2000::1/128 2012::1

B. ipv6 route 2000::1/128 2023::3 5
C. ipv6 route 2000::1/128 2012::2
D. ipv6 route 2000::1/128 2023::2 5
E. ipv6 route 2000::1/128 2012::1 5

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was
safe, but the link could have contained malicious code. Which type of security program is in place?

A. social engineering attack

B. user awareness
C. brute force attack
D. physical access control

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
Which IPv6 address block forwards packets to a multicast address rather than a unicast address?

A. FF00::/12
B. FE80::/10
C. 2000::/3
D. FC00::/7

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19

Refer to the exhibit. What is the effect of this configuration?

A. The switch port remains administratively down until the interface is connected to another switch
B. Dynamic ARP Inspection is disabled because the ARP ACL is missing
C. The switch port remains down until it is configured to trust or untrust incoming packets
D. The switch port interface trust state becomes untrusted

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 20

Refer to the exhibit. Which route does R1 select for traffic that is destined to 192.168.16.2?

A. 192.168.16.0/27
B. 192.168.16.0/24
C. 192.168.16.0/21
D. 192.168.26.0/26

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 21
What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two.)

A. when one side of the connection is configured for half-duplex

B. when the sending-device waits 15 seconds before sending the frame again
C. when a collision occurs after the 32nd byte of a frame has been transmitted
D. when the cable length limits are exceeded
E. when Carrier Sense Multiple Access/Collision Detection is used

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
QUESTION 22
Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two.)

A. management interface settings

B. QoS settings
C. SSlD
D. profile name
E. IP address of one or more access points

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 23
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two.)

A. hexadecimal
B. base64
C. ASCII
D. binary
E. decimal

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 24
Which API is used in controller-based architectures to interact with edge devices?

A. underlay
B. southbound
C. nonhbound
D. overlay

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 25
How does HSRP provide first hop redundancy?

A. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.
C. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table.
D. It forwards multiple packets to the same destination over different routed links in the data path.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 26
The SW1 interface g0/1 is in the down/down state. What are two reasons for the interface condition? (Choose two.)

A. The interface is error-disabled.

B. There is a protocol mismatch.
C. There is a duplex mismatch.
D. The interface is shut down.
E. There is a speed mismatch.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 27
What event has occurred if a router sends a notice level message to a syslog server?

A. An interface line has changed status.

B. An lCMP connection has been built.
C. A certificate has expired.
D. A TCP connection has been torn down.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 28

Refer to the exhibit. What two conclusions should be made about this configuration? (Choose two.)

A. The spanning-tree mode is PVST+

B. The root port is FastEthernet 2/1.
C. The spanning-tree mode is Rapid PVST+.
D. This is a root bridge.
E. The designated port is FastEthernet 2/1.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 29
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?

A. Cisco DNA Center device management can deploy a network faster than traditional campus device management.
B. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options.
C. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management.
D. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 30

Refer to the exhibit. How does router R1 handle traffic to 192.168.10.16?

A. lt selects the RIP route because it has the longest prefix inclusive of the destination address.
B. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address.
C. It selects the OSPF route because it has the lowest cost.
D. It selects the EIGRP route because it has the lowest administrative distance.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 31
Refer to the exhibit. To which device does Router1 send packets that are destined to host 10.10.13.165?

A. Router5
B. Router3
C. Router2
D. Router4

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 32
What is a characteristic of spine-and-leaf architecture?

A. Each link between leaf switches allows for higher bandwidth.

B. It provides greater predictability on STP blocked ports.
C. It provides variable latency.
D. Each device is separated by the same number of hops.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 33
Which type of IPv6 address is publicly routable in the same way as IPv4 public addresses?

A. multicast
B. unique local
C. global unicast
D. link-local

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 34
A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network
can be mapped?

A. Device(config)# lldp run

B. Device(config)# flow-sampler-map topology
C. Device(config)# cdp run
D. Device(config-if)# cdp enable
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 35
What is a difference between local AP mode and FlexConnect AP mode?

A. Local AP mode creates two CAPWAP tunnels per AP to the WLC.

B. FlexConnect AP mode fails to function if the AP loses connectivity with the WLC.
C. FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured.
D. Local AP mode causes the AP to behave as if it were an autonomous AP.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 36
What is a difference between RADIUS and TACACS+?

A. RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands.
B. TACACS+ encrypts only password information, and RADIUS encrypts the entire payload.
C. RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication.
D. TACACS+ separates authentication and authorization, and RADIUS merges them.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 37
How does Cisco DNA Center gather data from the network?

A. Devices establish an lPsec tunnel to exchange data with the controller.

B. Devices use the call-home protocol to periodically send data to the controller.
C. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
D. The Cisco CLI Analyzer tool gathers data from each licensed network device and streams it to the controller.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 38
Which two command sequences must be configured on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? (Choose two.)

A.

B.

C.

D.

E.

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 39
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface?

A. explicitly assign a link-local address

B. enable SLAAC on an interface
C. disable the EU-64 bit process
D. configure a stateful DHCPv6 server on the network

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

QUESTION 40
The service password-encryption command is entered on a router. What is the effect of this configuration?

A. restricts unauthorized users from viewing clear-text passwords in the running configuration
B. protects the VLAN database from unauthorized PC connections on the switch
C. encrypts the password exchange when a VPN tunnel is established
D. prevents network administrators from configuring clear—text passwords

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 41
How do AAA operations compare regarding user identification, user services, and access control?

A. Authorization Identifies users, and authentication provides access control.

B. Accounting tracks user services, and authentication provides access control.
C. Authentication identifies users, and accounting tracks user services.
D. Authorization provides access control, and authentication tracks user services.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 42
Which goal is achieved by the implementation of private IPv4 addressing on a network?

A. allows servers and workstations to communicate across public network boundaries

B. allows communication across the Internet to other private networks
C. provides an added level of protection against Internet exposure
D. provides a reduction in size of the forwarding table on network routers

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 43
A device detects two stations transmitting frames at the same time. This condition occurs after the first 64 bytes of the frame is received. Which
interface counter increments?

A. Collision
B. CRC
C. Runt
D. late collision

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 44
Refer to the exhibit. Router R2 is configured with multiple routes to reach network 10 1.1.0/24 from router R1. Which path is chosen by router R2 to
reach the destination network 10.1.1.0/24?

A. eBGP
B. EIGRP
C. static
D. OSPF

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 45
When the active router in an HSRP group fails, what router assumes the role and forwards packets?

A. Forwarding
B. Backup
C. Listening
D. Standby

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 46

Refer to the exhibit. A packet is being sent across router R1 to host 172.16.0.14. What is the destination route for the packet?

A. 209.165.200.254 via Serial0/0/1

B. 209.165.200.254 via Serial0/0/0
C. 209.165.200.246 via Serial0/1/0
D. 09.165.200.250 via Serial0/0/0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 47

Refer to the exhibit. A packet is being sent across router R1 to host 172.16.3.14. To which destination does the router send the packet?

A. 207.165.200.254 via Serial0/0/1

B. 207.165.200.250 via SeriaI0/0/0
C. 207.165 200.254 via Serial0/0/0
D. 207.165.200.246 via Serial0/1/0

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 48

Refer to the exhibit An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied
to allow administrators to authenticate directly to enable privilege mode via Telnet using a local username and password?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 49
An engineer must configure an OSPF neighbor relationship between router R1 and R3. The authentication configuration has been configured
and the connecting interfaces are in the same 192.168.1.0/30 subnet. What are the next two steps to complete the configuration? (Choose two.)

A. configure both interfaces with the same area ID

B. configure the hello and dead timers to match on both sides
C. configure the interfaces as OSPF active on both sides
D. configure the same router ID on both routing processes
E. configure the same process ID for the router OSPF process

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 50
What software defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer
3 routing information?
A. control plane
B. policy plane
C. management plane
D. data plane

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 51
A network administrator enabled port security on a switch interface connected to a printer. What is the next configuration action in order to allow the port to learn
the MAC address of the printer and insert it into the table automatically?

A. implement auto MAC address learning

B. implement static MAC addressing
C. enable dynamic MAC address learning
D. enable sticky MAC addressing

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 52

Refer to the exhibit. The Ioopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host router must
be
configured on the New York router? (Choose two.)

A. ipv6 route 2000:3/128 s0/0/0

B. ipv6 route 2000:1/128 s0/0/1
C. ipv6 route 2000:3/128 2023::3
D. ipv6 route 2000:1/128 2012::2
E. ipv6 route 2000:1/128 2012::1

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 53
Refer to the, exhibit. What action establishes the OSPF neighbor relationship without forming an adjacency?

A. modify hello interval

B. modify priority
C. modify network type
D. modify process ID

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 54
What mechanism carries multicast traffic between remote sites and supports encryption?

A. lPsec over ISATAP

B. GRE
C. GRE over lPsec
D. ISATAP

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 55
When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum number of characters that is required in ASCII format?

A. 8
B. 18
C. 6
D. 12

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 56
How do TCP and UDP differ in the way they guarantee packet delivery?

A. TCP uses checksum, acknowledgements, and retransmissions, and UDP uses checksums only.
B. TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks, and UDP uses retransmissions only.
C. TCP uses checksum, parity checks, and retransmissions, and UDP uses acknowledgements only.
D. TCP uses retransmissions, acknowledgement, and parity checks, and UDP uses cyclic redundancy checks only.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 57
Refer to the exhibit. Which route type is configured to reach the internet?

A. network route
B. floating static route
C. default route
D. host route

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 58

Refer to the exhibit. Which command configures a floating static route to provide a backup to the primary link?

A. ip route 0.0.0.0 0.0.0.0 209.165.200.224

B. ip route 0.0.0.0 0.0.0.0 209.165.202.131
C. ip route 209.165.201.0 255.255.255.224 209.155.202.130
D. ip route 209.155.200.224 255.255.255.224 209.165.202.129 254

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 59
What is the same for both copper and fiber interfaces when using SFP modules?

A. They accommodate single-mode and multi-mode in a single module

B. They support an inline optical attenuator to enhance signal strength
C. They provide minimal interruption to services by being hot-swappable
D. They offer reliable bandwidth up to 100 Mbps in half duplex mode

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 60
Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access?

A. RADIUS
B. HTTP
C. HTTPS
D. TACACS+

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 61
An engineer must configure Interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken?

A. configure IEEE 802.1p

B. configure DSCP
C. configure ISL
D. configure IEEE 802.1q

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 62
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured
to increment the security-violation count and forward an SNMP trap?

A. switchport port-security violation shutdown

B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation access

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 63
A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be
configured when using active mode on both sides of the connection?

A. Cisco vPC
B. LACP
C. LLDP
D. 802.1q trunks

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 64
Which network plane is centralized and manages routing decisions?

A. policy plane
B. data plane
C. management plane
D. control plane

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 65
How do servers connect to the network in a virtual environment?

A. a cable connected to a physical switch onthe network

B. a virtual switch that links to an access point that is physically connected to the network
C. wireless to an access point that is physically connected to the network
D. a software switch on a hypervisor that is physically connected to the network

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 66

Refer to the exhibit. An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts. A Telnet attempt from PC-2
gives
this message: "% Connection refused by remote host.“ Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?

A. Add the access-list 10 permit any command to the configuration.

B. Remove the access-class 10 in command from line vty 0 4.
C. Remove the password command from line vty 0 4.
D. Add the ip access-group 10 out command to interface g0/0

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 67
Which advantage does the network assurance capability of Cisco DNA Center provide over traditional campus management?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 68
An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz channels. What must be configured to allow clients to
preferentially use 5GHz access points?

A. Re-Anchor Roamed Clients

B. 11ac MU-MIMO
C. EAP Split Tunnel
D. Client Band Select

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 69
When deploying syslog, which severity level logs informational messages?
A. 2
B. 0
C. 4
D. 6

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 70
Which two QoS tools provide congestion management?

A. PQ
B. CAR
C. FRTS
D. CBWFQ
E. PB

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 71

Referto the exhibit. An administrator received a call from a branch office regarding poor application performance hosted at the headquarters.
Ethernet 1 is connected between Router1 and the LAN switch. What identifies the issue?

A. The QoS policy is dropping traffic.

B. The MTU is not set to the default value.
C. The link is over utilized.
D. There is a duplex mismatch.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 72
Refer to the exhibit. An administrator must turn off the Cisco Discovery Protocol on the port configured with address last usable address in the
10.0.0.0/30 subnet. Which command set meets the requirement?

A. interface gi0/1
no cdp enable
B. interface gi0/0
no cdp advertise-v2
C. interface gi0/1
clear cdp table
D. interface gi0/0
no cdp run

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 73
An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router
and wants to compress it for easier configuration. Which command must be issued on the router interface?

A. ipv6 address 2001:db8:0::700:3:4F:572B

B. ipv6 address 2001::db8:0000::700:3:400F:572B
C. ipv6 address 2001:db8::700:3:400F:572B
D. ipv6 address 2001:0db8::7:3:4F:572B

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 74

Referto the exhibit. What is the result if Gig1/11 receives an STP BPDU?

A. The port transitions to STP blocking.

B. The port immediately transitions to STP forwarding.
C. The port transitions to the root port.
D. The port goes into error-disable state.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 75
Refer to the exhibit. An access-list is required to permit traffic from any host on interface Gi0/0 and deny traffic from interface Gi0/1 .Which
access list must be applied?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 76

Refer to the exhibfiit. The network administrator must prevent switch the Cat9K-2 lP address from being visible in LLDP without disabling the
protocol. Which action must be taken to complete the task?

A. Configure the no lldp mac-phy-cfg command globally on Cat9K-2.

B. Configure the no lldp transmit command on interface G1/0/21 on Cat9K-1.
C. Configure the no lldp tlv-select management-address command globally on Cat9K-2.
D. Configure the no lldp receive command on interface G1/0/21 on Cat9K-1.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 77

Refer to the exhibit. Routers R1 and R3 have the default configuration. The router R2 priority is set to 99. Which commands on R3 configure it
as the DR in the 10.0.4.0/24 network?
A. R3(config)# interface Gig0/1
R3(config-if)# ip ospf priority 0
B. R3(config)# interface Gig0/0
R3(conflg-if)# ip ospf priority 1
C. R3(config)# interface Gig0/0
R3(config-if)# i p ospf priority 100
D. R3(config)# interface Gig0/1
R3(config-if)# ip ospf priority 100

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 78

Refer to the exhibit. Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while
allowing devices on VLAN 100 to use their own IP addresses?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 79
A network administrator is asked to configure VLANS 2, 3, and 4 for a new implementation. Some ports must be assigned to the new VLANS
with unused ports remaining. Which action should be taken for the unused ports?
A. configure ports in a black hole VLAN
B. configure ports as access ports
C. configure in a nondefault native VLAN
D. configure ports in the native VLAN

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 80
What are two similarities between UTP Cat 5e and Cat 6a cabling? (Choose two.)

A. Both support runs of up to 100 meters.

B. Both support speeds up to 10 Gigabit
C. Both support speeds of at least 1 Gigabit
D. Both operate at a frequency of 500 MHz
E. Both support runs of up to 55 meters.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 81
Which two events occur automatically when a device is added to Cisco DNA Center? (Choose two.)

A. The device is placed into the Managed state.

B. The device is placed into the Unmanaged state.
C. The device is assigned to the Global site.
D. The device is placed into the Provisioned state.
E. The device is assigned to the Local site.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 82
Which network action occurs within the data plane?

A. run routing protocols (OSPF, ElGRP, RIP, BGP)

B. make a configuration change from an incoming NETCONF RPC
C. compare the destination IP address to the IP routing table
D. reply to an incoming lCMP echo request

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 83
What is the role of a firewall in an enterprise network?

A. forwards packets based on stateless packet inspection

B. processes unauthorized packets and allows passage to less secure segments of the network
C. explicitly denies all packets from entering an administrative domain
D. determines which packets are allowed to crass from unsecured to secured networks

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 84
Which protocol requires authentication to transfer a backup configuration file from a router to a remote server?

A. FTP
B. DTP
C. TFTP
D. SMTP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 85
How are VLAN hopping attacks mitigated?

A. enable dynamic ARP inspection

B. activate all ports and place in the default VLAN
C. manually implement trunk ports and disable DTP
D. configure extended VLANS

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 86
Why was the RFC 1918 address space defined?

A. reduce instances of overlapping IP addresses

B. conserve public IPv4 addressing
C. preserve public IPv6 address space
D. support the NAT protocol

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 87
Which condition must be met before an NMS handles an SNMP trap from an agent?

A. The NMS software must be loaded with the MIB associated with the trap.
B. The NMS must receive the same trap from two different SNMP agents to verify that it is reliable.
C. The NMS must receive a trap and an inform message from the SNMP agent within a configured interval.
D. The NMS must be configured on the same router as the SNMP agent.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 88
What is a function of a Next-Generation IPS?

A. integrates with a RADIUS server to enforce Layer 2 device authentication rules

B. serves as a controller within a controller-based network
C. makes forwarding decisions based on learned MAC addresses
D. analyzes and mitigates observed vulnerabilities in a network

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 89
Refer to the exhibit. Users need to connect to the wireless network with IEEE 802.11r-compatible devices. The connection must be maintained as
users travel between floors or to other areas in the building. What must be the configuration of the connection?

A. Enable Fast Transition and select the FT PSK option.

B. Select the WPA Policy option with the CCKM option.
C. Disable AES encryption.
D. Enable Fast Transition and select the FT 802.1x option.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 90

How should R1 be configured?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 91
An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001:/64. The next hop must be 2019:C15C:0CAF:E002:1.
The route must be reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 92

Refer to the exhibit Which IPv6 configuration is required for R17 to successfully ping the WAN interface on R18?

A.

B.
C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 93
What prevents a workstation from receiving a DHCP address?

A. VTP
B. STP
C. 802.1Q
D. DTP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 94
Which type of traffic is sent with pure IPsec?

A. broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites
B. unicast messages from a host at a remote site lo a server at headquarters.
C. multicast traffic from a server at one site to hosts at another location
D. spanning-tree updates between switches that-are at two different sites

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 95
Refer to the exhibit. A network engineer must configure R1 so that it sends all packets destined to the 10.0.0.0/24 network to R3, and all packets
destined to PC1 to R2. Which configuration must the engineer implement?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 96

Referto the exhibit. Which command must be issued to enable a floating static default route on router A?

A. ip route 0.0.0.0 0.0.0.0 192.168.1.2

B. ip default-gateway 192.168.2.1
C. ip route 0.0.0.0 0.0.0.0 192.168.1.2 10
D. ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 97

Refer to the exhibit. Router R1 currently is configured to use R3 as the primary route to the Internet, and the route uses the default administrative
distance settings. A network engineer must configure R1 so that it uses R2 as a backup, but only if R3 goes down. Which command must the engineer
configure on R1 so that it correctly uses R2 as a backup route, without changing the administrative distance configuration on the link to R3?

A. ip route 0.0.0.0 0.0.0.0 g0/1 6

B. ip route 0.0.0.0 0.0.0.0 209.165.201.5 10
C. ip route 0.0.0.0.0.0.0.0 209.165.200.226 1
D. ip route 0.0.0.0 0.0.0.0 g0/1 1

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 98
Which WPA mode uses PSK authentication?

A. Personal
B. Client
C. Local
D. Enterprise

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 99

Refer to the exhibit. An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the
management network must be blocked from pinging the default gateway of the new server. Which command must be configured on R1 to
complete the task?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 100

Refer to the exhibit. Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for exchanging
OSPF information between routers?

A.

B.
C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 101
How does TFTP operate in a network?

A. requires two separate connections for control and data traffic

B. relies on the well-known TCP port 20 totransmit data
C. provides secure data transfer
D. uses block numbers to identify and mitigate data-transfer errors

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 102
Which access point mode relies on a centralized controller for management, roaming, and SSID configuration?

A. Autonomous mode
B. Repeater mode
C. Bridge mode
D. Lightweight mode

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 103
An administrator must use the passwords complexity not manufacturer-name command to prevent users from adding "Cisco" as a
password. Which command must be issued before this command?

A. login authentication myauth-Iist

B. password complexity enable
C. service password-encryption
D. confreg 0x2142

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 104

Refer to the exhibit. An IP subnet must be configured on each router that provides enough addresses for the number of assigned hosts and
anticipates no more than 10% growth for new hosts. Which configuration script must be used?

A.
B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 105

Refer to the exhibit. Which action must be taken to ensure that router A is elected as the DR for OSPF area 0?
A. Configure router B and router C as OSPF neighbors of router A
B. Configure the router A interfaces with the highest OSPF priority value within the area.
C. Configure the OSPF priority on router A with the lowest value between the three routers.
D. Configure router A with a fixed OSPF router ID.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 106

Refer to the exhibit. A network engineer must update the configuration on Switch2 so that it sends LLDP packets every minute and the
information sent via LLDP is refreshed every 3 minutes. Which configuration must the engineer apply?

A. Switch2(config)# lldp timer 1

Switch2(config)# lldp tlv-select 3
B. Switch2(config)# lldp timer 60
Switch2(config)# ldp holdtime 180
C. Switch2(config)# lldp timer 1
Switch2(config)# lldp holdtime 3
D. Switch2(config)# lldp timer 60
Switch2(config)# lldp tIv-select 180

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 107
A Cisco engineer is configuring is factory-default router with these three passwords:

Which command sequence must the engineer configure?

A.

B.

C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 108

Refer to the exhibit. Traffic sourced from the loopback0 interface is trying to connect via ssh to the host at 10.0.1.15. What is the next hop to
the destination address?

A. 192.168.3.5
B. 192.168.0.40
C. 192.168.0.7
D. 192.168.0.4

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 109

Refer to the exhibit. Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route is present within the routing
table. Which interface is used to fonNard traffic with a destination IP of 10.10.10.24?

A. F0/13
B. F0/10
C. F0/12
D. F0/11

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 110
What is the purpose of the ip address dhcp command?

A. to configure an interface as a DHCP relay

B. to configure an interface as a DHCP client
C. to configure an interface as a DHCP helper
D. to configure an interface as a DHCP server

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 111
After installing a new Cisco ISE server, which task must the engineer perform on the Cisco WLC to connect wireless clients on a specific VLAN based
on their credentials?

A. Disable the LAG Mode on Next Reboot

B. Enable the Allow AAA Override.
C. Enable the Event Driven RRM
D. Enable the Authorize MIC APs against auth-list or AAA.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 112
What is a requirement when configuring or removing LAG on a WLC?

A. The management interface must be reassigned if LAG is disabled.

B. Multiple untagged interfaces on the same port must be supported.
C. The incoming and outgoing ports for traffic flow must be specified f LAG is enabled.
D. The controller must be rebooted after enabling or reconfiguring LAG.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 113
A network administrator is setting up a new IPv6 network using the 64-bit address 2001:0E88:00C1:2200:0001:0000:0000:0331/64. To simplify the
configuration, the administrator has decided to compress the address. Which IP address must the administrator configure?

A. ipv6 address 2001:EB8:C1:2200:1::331/64

B. ipv6 address 2001:EB8:C1:2200:1:0000:331/64
C. ipv6 address 21:EB8:C1 :2200:1::331/64
D. ipv6 address 2001:EB8:C1:22:1::331/64

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 114
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been
configured. Which configuration enables the traffic on the destination router?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 115
Why is a first-hop redundancy protocol implemented?

A. to protect against default gateway failures

B. to prevent loops in a network
C. to provide load-sharing for a multilink segment
D. to enable muitiple switches to operate as a single unit

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 116
A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a routable locally-unique unicast address that is blocked
from being advertised to the internet. Which configuration must the engineer apply?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 117

Refer to the exhibit. An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0/1 interface
for the router to assign a unique 64-bit IPv6 address to itself?

A. ipv6 address 2001:DB8:0:1:FFFF:C601:420F:7/64

B. ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64
C. ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64
D. ipv6 address 2001:DB8:0:1:FE80:C601:420F:7/64

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 118
Refer to the exhibit. What are the two steps an engineer must take to provide the highest encryption and authentication using domain credentials from LDAP?
(Choose two.)

A. Select PSK under Authentication Key Management

B. Select Static-WEP+802.1X on Layer 2 Security.
C. Select WPA+WPA2 on Layer 2 Security.
D. Select 802.1X from under Authentication Key Management.
E. Select WPA Policy with TKIP Encryption.

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 119

Refer to the exhibit. R5 is the current DR on the network, and R4 is the BDR. Their interfaces are flapping, so a network engineer wants the OSPF network to
elect a different DR and BDR. Which set of configurations must the engineer implement?

A.

B.
C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 120

Refer to the exhibit. What is the next hop for traffic entering R1 with a destination of 10.1.2.126?

A. 10.165.20.226
B. 10.165.20.146
C. 10.165.20.166
D. 10.165.20.126

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 121

Refer to the exhibit. Which prefix did router R1 learn from internal EIGRP?

A. 192.168.3.0/24
B. 172.16.1.0/24
C. 192.168.1.0/24
D. 192.168.2.0/24

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 122

Refer to the exhibit. Which configuration establishes a Layer 2 LACP EtherChannel when applied to both switches?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 123
Which interface mode must be configured to connect the lightweight APs in a centralized architecture?

A. access
B. trunk
C. WLAN dynamic
D. management

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 124
Which encryption method is used by WPA3?

A. SAE
B. PSK
C. TKIP
D. AES

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 125
What is an expected outcome when network management automation is deployed?

A. Custom applications are needed to configure network devices.

B. Software upgrades are performed from a central controller.
C. A distributed management plane must be used.
D. Complexity increases when new device configurations are added.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 126
Refer to the exhibit. A network engineer started to configure two directly-connected routers as shown. Which command sequence must the engineer
configure on R2 so that the two routers become OSPF neighbors?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 127

Refer to the exhibit. Traffic that is flowing over interface TenGigabitEthernet0/0 experiences slow transfer speeds. What is the reason for the issue?

A. a duplex incompatibility
B. queuing drops
C. a speed conflict
D. heavy traffic congestion

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 128
Refer to the exhibit. Clients on the WLAN are required to use 802.11r. What action must be taken to meet the requirement?

A. Under Protected Management Frames, set the PMF option to Required.

B. Set the Fast Transition option to Enable and enable FT 802.1X under Authentication Key Management.
C. Enable CCKM under Authentication Key Management.
D. Set the Fast Transition option and the WPA gtk-randomize State to disable.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 129
Which QoS traffic handling technique retains excess packets in a queue and reschedules these packets for later transmission when the configured
maximum bandwidth has been surpassed?

A. weighted random early detection

B. traffic policing
C. traffic prioritization
D. traffic shaping

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 130

Refer to the exhibit. What is represented beginning with line 1 and ending with line 5?

A. Value
B. Key
C. Array
D. Object

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 131
Refer to the exhibit All trafiic enters the CPE router from interface Serial0/3 with an IP address of 192.168.50.1. Web traffic from the WAN is
destined for a LAN network where servers are load-balanced. An IP packet with a destination address of the HTTP virtual IP of 192.168.1.250
must be forwarded. Which routing table entry does the router use?

A. 192.168.1.0/24 via 192.168.12.2

B. 192.168.1.128/25 via 192.168.13.3
C. 192.168.1.192/26 via 192.168.14.4
D. 192.168.1.224/27 via 192.168.15.5

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 132
Aside from discarding, which two states does the switch port transition through while using RSTP (802.1w)? (Choose two.)

A. speaking
B. blocking
C. forwarding
D. listening
E. learning

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 133
What is the function of a northbound API?

A. It relies on global provisioning and configuration.

B. It supports distributed processing for configuration.
C. It provides orchestration and network automation services
D. It upgrades software and restores files.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 134

Refer to the exhibit. Which two configurations must the engineer apply on this network so that R1 becomes the DR? (Choose two.)

A.

B.

C.

D.

E.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 135

Refer to the exhibit. The network engineer is configuring router R2 as a replacement router on the network. After the initial configuration is
applied, it is determined that R2 failed to show R1 as a neighbor. Which configuration must be applied to R2 to complete the OSPF
configuration and enable it to establish the neighbor relationship with R1?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 136

Refer to the exhibit. Which command configures OSPF on the point-to-point link between routers R1 and R2?

A. neighbor 10.1.2.0 cost 180

B. ip ospf priority 100
C. network 10.0.0.0 0.0.0.255 area 0
D. router-id 10.0.0.1 5

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 137
An engineer just installed network 10.120.10.0/24. Which configuration must be applied to the R14 router to add the new network to its OSPF
routing table?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 138

Refer to the exhibit. What is a reason for poor performance on the network interface?

A. The bandwidth setting of the interface is misconfigured.

B. The interface is receiving excessive broadcast traffic.
C. The cable connection between the two devices is faulty.
D. The interface is operating at a different speed than the connected device.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 139
What is a benefit for external users who consume public cloud resources?

A. all hosted on physical servers

B. accessed over the Internet
C. located in the same data center as the users
D. implemented over a dedicated WAN
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 140

Refer to the exhibit. A packet sourced from 10.10.10.1 is destined for 10.10.8.14. What is the subnet mask of the destination route?

A. 255.255.255.240
B. 255.255.254.0
C. 255.255.255.248
D. 255.255.255.252

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 141

Rafer to the exhibit. Which next-hop IP address has the least desirable metric when sourced from R1?

A. 10.10.10.5
B. 10.10.10.2
C. 10.10.10.4
D. 10.10.10.3

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 142
What is a function of Cisco Advanced Malware Protection for a Next-Generation IPS?

A. inspecting specific files and file types for malware

B. URL filtering
C. authenticating end users
D. authorizing potentially compromised wireless traffic

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 143
Which two practices are recommended for an acceptable security posture in a network? (Choose two.)

A. Use a cryptographic keychain to authenticate to network devices.

B. Disable unused or unnecessary ports, interfaces, and services.
C. Maintain network equipment in a secure location.
D. Back up device configurations to encrypted USB drives for secure retrieval.
E. Place internal email and file servers in a designated DMZ.

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 144

Refer to the exhibit. R1 has taken the DROTHER role in the OSPF DR/BDR election process. Which configuration must an engineer implement so
that R1 is elected as the DR?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 145
What does a switch use to build its MAC address table?

A. VTP
B. ingress traffic
C. egress traffic
D. DTP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 146
An engineer is configuring SSH version 2 exclusively on the R1 router. What is the minimum configuration required to permit remote
management using the cryptographic protocol?
A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 147
Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on the same network at the same time?

A. multicast address
B. global unicast address
C. anycast address
D. link-local address

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 148
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been
configured. Which configuration enables the traffic on the destination router?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 149

Refer to the exhibit. Traffic from R1 to the 10.10.20/24 subnet uses 192.168.1.2 as its next hop. A network engineer wants to update the R1
configuration so that traffic with destination 10.10.2.1 passes through router R3, and all other traffic to the 10.10.2.0/24 subnet passes through R2.
Which command must be used?

A. ip route 10.10.2.1 255.255.255.255 192.168.1.4 100

B. ip route 10.10.2.0 255.255.255.0 192.168.1.4 115
C. ip route 10.10.2.0 255.255.255.0 192.168.1.4 100
D. ip route 10.10.2.1 255.255.255.255 192.168.1.4 115

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 150
What is the collapsed layer in collapsed core architectures?

A. distribution and access

B. core and distribution
C. core and WAN
D. access and WAN

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 151

Refer to the exhibit. How does router R1 handle traffic to the 172.16.1.4/30 subnet?

A. It sends all traffic over the path via 10.0.1.100.

B. It load-balances traffic over 172.16.9.5 and 172.16.4.4.
C. It sends all traffic over the path via 172.16.4.4.
D. It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 152

Refer to the exhibit. A multivendor network exists and the company is implementing VolP over the network for the first time. Which configuration is
needed to implement the neighbor discovery protocol on the interface and allow it to remain off for the remaining interfaces?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 153
How is RFC 1918 addressing used in a network?

A. They are used with NAT to preserve public IPv4 addresses.

B. They are used in place of public addresses for increased security.
C. They are used to access the lnternet from the internal network without conversion.
D. They are used by Internet Service Providers to route over the lnternet

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 154
A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are caused by a legitimate autonomous AP. How must
the alarms be stopped for the MAC address of the AP?

A. Manually remove the AP from Pending state.

B. Place the AP into manual centainment.
C. Set the AP Class Type to Friendly.
D. Remove the AP from WLC management.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 155
What provides connection redundancy, increased bandwidth, and load sharing between a wireless LAN controller and a Layer 2 switch?

A. VLAN trunking
B. tunneling
C. first hop redundancy
D. link aggregation

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 156
By default, how long will the switch continue to know a workstation MAC address after the workstation stops sending traffic?

A. 600 seconds
B. 300 seconds
C. 900 seconds
D. 200 seconds

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 157

Refer to the exhibit. Which configuration enables an EtherChannel to form dynamically between SW1 and SW2 by using an industry-standard protocol,
and to support full lP connectivity between all PCs?

A.
B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 158
Refer to the exhibit. Router R14 is in the process of being configured. Which configuration must be used to establish a host route to PC 10?

A. ip route 10.73.65.65 255.0.0.0 10.80.65.10

B. ip route 10.73.65.66 0.0.0.255 10.80.65.10
C. ip route 10.80.65.10 255.255.255.255 10.73.65.66
D. ip route 10.80.65.10 255.255.255.254 10.80.65.1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 159

Refer to the exhibit. An engineer configures interface fa0/1 on SW1 and SW2 to pass traffic from two different VLANs. For security reasons, company
policy requires the native VLAN to be set to a non-default value. Which configuration must be used?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 160
Refer to the exhibit. An engineer assigns IP addressing to the current VLAN with three PCs. The configuration must also account for the expansion of
30 additional VLANs using the same Class C subnet for subnetting and host count Which command set fulfills the request while reserving address
space for the expected growth?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 161

Refer to the exhibit. An engineer is checking the routing table in the main router to identify the path to a server on the network. Which route
does the router use to reach the server at 192.168.2.2?

A. S 192.168.1.0/30 [1/0] via 10.1.1.1

B. S 192.168.2.0/28 [1/0] via 10.1.1.1
C. S 192.168.0.0/20 [1/0] via 10.1.1.1
D. S 192.168.2.0/29 [1/0] via 10.1.1.1

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 162

Refer to the exhibit. How must OSPF be configured on the GigabitEthernet0/0 interface of the neighbor device to achieve the desired neighbor
relationship?

A.
B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 163
When a site-to-site VPN is configured, which lPsec mode provides encapsulation and encryption of the entire original lP packet?

A. lPsec tunnel mode with ESP

B. lPsec transport mode with AH
C. lPsec transport mode with ESP
D. lPsec tunnel mode with AH

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 164
What are two examples of multifactor authentication? (Choose two.)

A. shared password repository

B. passwords that expire
C. unique user knowledge
D. soft tokens
E. single sign-on

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 165
What is the default port-security behavior on a trunk link?

A. It places the port in the err-disabled state after 10 MAC addresses are statically configured.
B. It places the port in the err-disabled state if it Ieams more than one MAC address
C. It disables the native VLAN configuration as soon as port security is enabled.
D. It causes a network loop when a violation occurs.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 166

Which configuration script meets the requirements?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 167

Refer to the exhibit. A network engineer must provide configured IP addressing details to investigate a firewall rule issue. Which subnet and
mask idenfify what is configured on the en0 interface?

A. 10.8.138.0/24
B. 10.8.0.0/16
C. 10.8.128.0/19
D. 10.8.64.0/18

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 168
Refer to the exhibit. What is the prefix length for the route that router1 will use to reach host A?

A. /25
B. /29
C. /28
D. /27

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 169

Refer to the exhibit. Which two values does router R1 use to identify valid routes for the R3 Ioopback address 1.1.1.3/32? (Choose two.)

A. lowest metric
B. lowest cost to reach the next hop
C. highest metric
D. highest administrative distance
E. lowest administrative distance
Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 170

Refer to the exhibit. Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A network engineer must configure R1 with a floating
static route to serve as a backup route to network 192.168.23. Which command must the engineer configure on R1?

A.

B.
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 171
A client experiences slow throughput from a server that is directly connected to the core switch in a data center. A network engineer
finds minimal latency on connections to the server, but data transfers are unreliable, and the output of the show interfaces counters
errors command shows a high FCS-Err count on the interface that is connected to the server. What is the cause of the throughput issue?

A. high bandwidth usage

B. a physical cable fault
C. a cable that is too long
D. a speed mismatch

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 172
Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access
circuits fail?

A. SLB
B. FHRP
C. VRRP
D. HSRP

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 173
Which syslog severity level is considered the most severe and results in the system being considered unusable?

A. Alert
B. Critical
C. Emergency
D. Error

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 174
Which two HTTP methods are suitable for actions performed by REST-based APls? (Choose two.)

A. REMOVE
B. REDIRECT
C. GET
D. POP
E. POST

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 175
An application in the network is being scaled up from 300 servers to 600. Each server requires 3 network connections to support
production, backup, and management traffic. Each connection resides on a different subnet. The router configuration for the
production network must be configured first using a subnet in the 10.0.0.0/8 network. Which command must be configured on the
interface of the router to accommodate the requirements and limit wasted IP address space?

A. ip address 10.10.10.1 255.255.240.0

B. ip address 10.10.10.1 255.255.255.240
C. ip address 10.10.10.1 255.255.252.0
D. ip address 10.10.10.1 255.255.254.0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 176
What is an enhancement implemented in WPA3?

A. defends against deauthentication and disassociation attacks

B. uses TKIP and per-packet keying
C. employs PKI and RADIUS to identify access points
D. applies 802.1x authentication and AES-128 encryption

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 177

Refer to the exhibit. Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?

A. It queues the packets waiting for the route to be learned.

B. It discards the packets.
C. It uses a route that is similar to the destination address.
D. It floods packets to all learned next hops.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 178
Refer to the exhibit. Which entry is the longest prefix match for host IP address 192.168.10.5?

A. 3
B. 4
C. 2
D. 1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 179
Which WLC port connects to a switch to pass normal access-point traffic?

A. redundancy
B. console
C. service
D. distribution system

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 180
Which remote access protocol provides unsecured remote CLI access?

A. Console
B. Telnet
C. SSH
D. Bash

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 181
How do TCP and UDP fit into a query-response model?

A. TCP encourages out-of-order packet delivery, and UDP prevents re-ordering

B. TCP establishes a connection prior to sending data,and UDP sends immediately.
C. TCP uses error detection for packets, and UDP uses error recovery.
D. TCP avoids using sequencing, and UDP avoids using acknowledgments.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 182
Which function forwards frames to ports that have a matching destination MAC address?

A. frame filtering
B. frame switching
C. frame pusing
D. frame flooding

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 183
Refer to the exhibit. IPv6 is being implemented within the enterprise. The command ipv6 unicast-routing is configured. Interface Gig0/0 on R1 must be
configured to provide a dynamic assignment using the assigned IPv6 block. Which command accomplishes this task?

A. ipv6 address 2001 :DB8:FFFF:FCF3::/64 link-local

B. ipv6 address 2001:DB8:FFFF:FCF32:/64 eui-64
C. ipv6 address autoconfig 2001:DB8:FFFF:FCF2::/64
D. ipv6 address 2001:DB8:FFFF:FCF3::1/64

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 184

Refer to the exhibit. A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interface Serial0. What is the effect of the
configuration as the administrator applies the command?

A. The sourced traffic from IP range 10.0.0.0-10.0.0.255 is allowed on Serial0.

B. The permit command fails and returns an error code.
C. The router accepts all incoming traffic to Serial0 with the last octet of the source IP set to 0.
D. The router fails to apply the access list to the interface.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 185

Refer to the exhibit. An engineer must configure the interface that connects to PC1 and secure it in a way that only PC1 is allowed to use the port No
VLAN tagging can be used except for a voice VLAN. Which command sequence must be entered to configure the switch?

A.

B.
C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 186
A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet cable. The neighbors are taking too long to become fully
adjacent. Which command must be issued under the interface configuration on each router to reduce the time required for the adjacency to reach the
FULL state?

A. ip ospf dead-interval 40
B. ip ospf priority 0
C. ip ospf network broadcast
D. ip ospf network point-to-point

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 187
What does the implementation of a first-hop redundancy protocol protect against on a network?

A. spanning-tree loops
B. default gateway failure
C. BGP neigthr flapping
D. root-bridge loss

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 188

Refer to the exhibit. The primary route across Gi0/0 is configured on both routers. A secondary route must be configured to establish connectivity
between the workstation networks. Which command set must be configured to complete this task?

A.

B.

C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 189

Refer to the exhibit. The network engineer is configuring a new WLAN and is told to use a setup password for authentication instead of the RADIUS
servers. Which additional set of tasks must the engineer perform to complete the configuration?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 190
Why would a network administrator choose to implement automation in a network environment?

A. to deploy the management plane separately from the rest of the network
B. to centralize device information storage
C. to implement centralized user account management
D. to simplify the process of maintaining a consistent configuration state across all devices

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 191
What must a network administrator consider when deciding whether to configure a new wireless network with APs in autonomous
mode or APs running in cloud-based mode?

A. Cloud-based mode APs rely on underlays and are more complex to maintain than APs in autonomous mode.
B. Autonomous mode APs are easy to deployand automate than APs in cloud-based mode.
C. Autonomous mode APs are less dependent on an underlay but more complex to maintain than APs in cloud-based mode.
D. Cloud-based mode APs are easy to deploy but harder to automate than APs in autonomous mode.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 192
Which benefit does Cisco DNA Center provide over traditional campus management?

A. Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.
B. Cisco DNA Center leverages SNMPv3 for encrypted management, and traditional campus management uses SNMPv2.
C. Cisco DNA Center automates SSH access for encrypted entry, and SSH is absent from traditional campus management.
D. Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 193
What is the role of community strings in SNMP operations?

A. It serves as a sequence tag on SNMP traffic messages.

B. It translates alphanumeric MIB output values to numeric values.
C. It passes the Active Directory username and password that are required for device access.
D. It serves as a password to protect access to MIB objects.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 194
Which WLC management connection type is vulnerable to man-in-the-middle attacks?

A. Telnet
B. SSH
C. HTTPS
D. Console

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 195
What is the definition of backdoor malware?

A. malicious program that is used to launch other malicious programs

B. malicious code that infects a user machine and then uses that machine to send spam
C. malicious code with the main purpose of downloading other malicious code
D. malicious code that is installed onto a computer to allow access by an unauthorized user

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 196
How will Link Aggregation be implemented on a Cisco Wireless LAN Controller?

A. To pass client traffic, two or more ports must be configured.

B. One functional physical port is needed to pass client traffic.
C. When enabled, the WLC bandwidth drops to 500 Mbps.
D. The EtherChannel must be configured in "mode active".

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 197
Refer to the exhibit. The New York router must be configured so that traffic to 2000::1 is sent primarily via the Atlanta site, with a secondary path via
Washington that has an administrative distance of 2. Which two commands must be configured on the New York router? (Choose two.)

A. ipv6 route 2000::1/128 2012::1

B. ipv6 route 2000::1/128 2023::3 2
C. ipv6 route 2000::1/128 2023::2 5
D. ipv6 route 2000::1/128 2012:1 5
E. ipv6 route 2000::1/128 2012::2

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 198

What does the switch do when it receives the frame from host D?

A. It creates a broadcast storm.

B. It shuts down the source port and places it in err-disable mode.
C. It floods the frame out of every port except the source port
D. It drops the frame from the MAC table of the switch.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 199
Refer to the exhibit. A Cisco engineer creates a new WLAN called lantest. Which two actions must be performed so that only high-speed 2.4-Ghz
clients connect? (Choose two.)

A. Set the Interface/interface Group(G) to an interface other than guest.

B. Enable the Status option.
C. Enable the Broadcast SSlD option.
D. Set the Radio Policy option to 802.11g Only.
E. Set the Radio Policy option to 802.11a Only.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 200

Refer to the exhibit .What does route 10.0.1.3/32 represent in the routing table?

A. all hosts in the 10.0.1.0 subnet

B. the 10.0.0.0 network
C. the source 10.0.1.100
D. a single destination address

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 201
A router has two static routes to the same destination network under the same OSPF process. How does the router forward packets to the destination
if the next-hop devices are different?

A. The router chooses the route with the oldest age.

B. The router chooses the next hop with the lowest IP address.
C. The router load-balances traffic over all routes to the destination.
D. The router chooses the next hop with the lowest MAC address.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 202
What are two characteristics of a small office /home office connection environment? (Choose two.)

A. It supports between 50 and 100 users.

B. It requires 10Gb ports on all uplinks.
C. It requires a core, distribution, and access layer architecture.
D. A router port connects to a broadband connection.
E. It supports between 1 and 50 users.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 203
Which property is shared by 10GBase-SR and 10GBase-LR interfaces?

A. Both require UTP cable media for transmission.

B. Both require fiber cable media for transmission.
C. Both use the single-mode fiber type.
D. Both use the multimode fiber type.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 204
Which functionality is provided by the console connection on a Cisco WLC?

A. unencrypted in-band connectivity for file transfers

B. HTTP-based GUI connectivity
C. out-of-band management
D. secure in-band connectivity for device administration

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 205
A network engineer is upgrading a small data center to host several new applications, including server backups that are expected to account for up to
90% of the bandwidth during peak times. The data center connects to the MPLS network provider via a primary circuit and a secondary circuit. How
does the engineer inexpensively update the data center to avoid saturation of the primary circuit by traffic associated with the backups?

A. Assign traffic from the backup servers to a dedicated switch.

B. Advertise a more specific route for the backup traffic via the secondary circuit
C. Place the backup servers in a dedicated VLAN
D. Configure a dedicated circuit for the backup traffic.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 206
Which technology allows for multiple operating systems to be run on a single host computer?

A. virtual device contexts

B. network port ID virtualization
C. server virtualization
D. virtual routing and forwarding

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 207
When a switch receives a frame for an unknown destination MAC address, how is the frame handled?

A. forwarded to the first available port

B. broadcast to all pons on the switch
C. inspected and dropped by the switch
D. flooded to all ports except the origination port
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 208
The clients and rent subnets. Which command must be used to forward requests and replies between clients on the 10.10.0.1/24 subnet and the
DHCP server at 192.168.10.1?

A. ip default-gateway 192.168.10.1
B. ip helper-address 192.168.10.1
C. ip route 192.168.10.1
D. ip dhcp address 192.168.10.1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 209

Refer to the exhibit. VLAN 23 is being implemented between SW1 and SW2.The command show interface ethernet0/0 switchport has
been issued on SW1. Ethernet0/0 on SW1 is the uplink to SW2. Which command when entered on the uplink interface allows PC 1
and PC2 to communicate without impact to the communication between PC 11 and PC 12?

A. switchport trunk allowed vlan 23

B. switchport trunk allowed vlan add 23
C. switchport trunk allowed vlan 22-23
D. switchport trunk allowed vlan 2-1001

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 210
Refer to the exhibit. An engineer is building a new Layer 2 LACP EtherChannel between SW1 and SW2, and they executed the given
show commands to verify the work. Which additional task must be performed so that the switches successfully bundle the second
member in the LACP port-channel?

A. Configure the switchport trunk allowed vlan 300 command on interface Fa0/2 on SW1.
B. Configure the switchport trunk allowed vlan add 300 command on SW1 port-channel 1.
C. Configure the switchport trunk allowed vlan 300 command on SW1 port-channel 1.
D. Configure the switchport trunk allowed vlan add 300 command on interface Fa0/2 oh SW2.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 211
Which protocol must be implemented to support separate authorization and authentication solutions for wireless APs?

A. IEEE 802.1X
B. TACACS+
C. RADIUS
D. Kerberos

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 212
What is an Ansible inventory?

A. device with Ansible installed that manages target devices

B. unit of Python code to be executed within Ansible
C. file that defines the target devices upon which commands and tasks are executed
D. collection of actions to perform on target devices, expressed in YAML format

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 213
What is the purpose of an SSlD?

A. It identifies an individual access point on a WLAN.

B. It provides network security.
C. lt differentiates traffic entering access points.
D. It identifies a WLAN.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
QUESTION 214
What are two benefits for using private IPv4 addressing? (Choose two.)

A. They allow for Internet access from IoT devices.

B. They supply redundancy in the case of failure.
C. They offer Internet connectivity to endpoints on private networks.
D. They alleviate the shortage of public IPv4 addresses.
E. They provide a layer of security from Internet threats.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 215
When the LAG configuration is updated on a Cisco WLC, which additional task must be performed when changes are complete?

A. Re-enable the WLC interfaces.

B. Re-associate the WLC with the access point.
C. Flush all MAC addresses from the WLC.
D. Reboot the WLC.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 216
Under which condition is TCP preferred over UDP?

A. UDP is used when data is highly interactive, and TCP is used when data is time-sensitive.
B. UDP is used when low latency is optimal, and TCP is used when latency is tolerable.
C. TCP is used when dropped data is more acceptable, and UDP is used when data is accepted out-of-order.
D. TCP is used when data reliability is critical, and UDP is used when missing packets are acceptable.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 217
What are two behaviors of a point-to-point WAN topology? (Choose two.)

A. It uses a single router to route traffic between sites.

B. It delivers redundancy between the central office and branch offices.
C. It provides direct connections between each router in the topology.
D. It connects remote networks through a single line.
E. It leverages a dedicated connection.

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 218

Refer to the exhibit The router R1 is in the process of being configured. Routers R2 and R3 are configured correctly for the new environment. Which
two commands must be configured on R1 for PC1 to communicate to all PCs on the 10.10.10.0/24 network?
A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 219

Which configuration on the NewSwitch side of the link meets these requirements?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 220
Refer to the exhibit. Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 221
What is the benefit of using FHRP?

A. higher degree of availability

B. reduced management overhead on network routers
C. balancing traffic across multiple gateways in proportion to their loads
D. reduced ARP traffic on the network

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 222
What are two disadvantages of a full-mesh topology? (Choose two.)

A. It has a high implementation cost.

B. It requires complex configuration.
C. It must have point-to-point communication.
D. It works only with BGP between sites.
E. It needs a high MTU between sites.
Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 223

Refer to the exhibit. A static route must be configured on R14 to forward traffic for the 172.21.34.0/25 network that resides on R86. Which command
must be used to fulfill the request? .

A. ip route 172.21.34.0 255.55.255.128 10.73.65.66

B. ip route 172.21.34.0 255.255.128.0 10.73.65.64
C. ip route 172.21.34.0 255.255.255.0 10.73.65.65
D. ip route 172.21.34.0 255.255.255.192 10.73.65.65

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 224

Refer to the exhibit. The image server and client A are running an application that transfers an extremely high volume of data between the two. An
engineer is configuring a dedicated circuit between routers R1 and R2. Which set of commands must the engineer apply to the two routers so that only
traffic between the image server and client A is forced to use the new circuit?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 225
What is used as a solution for protecting an individual network endpoint from attack?

A. wireless controller
B. router
C. antivirus software
D. Cisco DNA Center

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 226
A network engineer starts to implement a new wireless LAN by configuring the authentication server and creating the dynamic interface. What must be
performed next to complete the basic configuration?

A. Enable Telnet and RADIUS access on the management interface.

B. Install the management interface and add the management IP
C. Create the new WLAN and bind the dynamic interface to it.
D. Configure high availability and redundancy for the access points.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 227

Refer to the exhibit. A network engineer configures the CCNA WLAN so that clients must reauthenticate hourly and to limit the number of simultaneous
connections to the WLAN to 10. Which two actions complete this configuration? (Choose two.)

A. Enable the Enable Session Timeout option and set the value to 3600.
B. Set the Maximum Allowed Clients Per AP Radio value to 10.
C. Enable the Wi-Fi Direct Clients Policy option.
D. Set the Maximum Allowed Clients value to 10.
E. Enable the Client Exclusion option and set the value to 3600.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 228
Which protocol uses the SSL?

A. HTTPS
B. Telnet
C. SSH
D. HTTP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 229
What must be considered before deploying virtual machines?
A. whether to leverage VSM to map multiple virtual processors to two or more virtual machines
B. resource limitations, such as the number of CPU cores and the amount of memory
C. support for physical peripherals, such as monitors, keyboards, and mice
D. location of the virtual machines within the data center environment

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 230
What is a function of the core and distribution layers in a collapsed-core architecture?

A. The core and distribution layers are deployed on two different devices to enable failover.
B. The router operates on a single device or a redundant pair.
C. The router can support HSRP for Layer 2 redundancy in an IPv6 network.
D. The router must use IPv4and IPv6 addresses at Layer 3.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 231

Refer to the exhibit. The ntp server 192.163.0.3 command has been configured on router 1 to make it an NTP client of router 2. Which command
must be configured on router 2 so that it operates in server-only mode and relies only on its internal clock?

A. Router2(config)#ntp passive
B. Router2(config)#ntp server 192.168.0.2
C. Router2(config)#ntp server 172.17.0.1
D. Router2(config)#ntp master 4

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 232
Which two types of attack are categorized as social engineering? (Choose two.)

A. Pharming
B. Malvertising
C. Phishing
D. Phoning
E. Probing

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 233
What is the maximum number of concurrent Telnet sessions that a Cisco WLC supports?

A. 3
B. 5
C. 15
D. 6

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 234
What are two features of PortFast? (Choose two.)

A. Convergence is fast after a link falure.

B. Ports transition directly from the blocking state to the forwarding state.
C. Ports that connect to the backbone automatically detect indirect link failures.
D. STP loops are mitigated for uplinks to other switches.
E. Ports operate normally without receiving BPDUs.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 235
A network engineer must configure an interface with IP address 10.10.10.145 and a subnet mask equivalent to 1111111 1.1111111 1.
11111111.11111000. Which subnet mask must the engineer use?

A. /29
B. /28
C. /30
D. /27

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 236
What describes the functionality of southbound APls?

A. They enable communication between the controller and the network device.
B. They use HTTP messages to communicate.
C. They convey information from the controller to the SDN applications.
D. They communicate with the management plane.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 237
An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any one of three addresses:192.168.3.1, 192.168.3.2, or 192.168.3.3.
Which configuration should be used?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 238

Refer to the exhibit. An engineer has started to configure replacement switch SW1. To verify part of the configuration, the engineer
issued the commands as shown and noticed that the entry for PC2 is missing. Which change must be applied to SW1 so that PC1
and PC2 communicate normally? .

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 239

Refer to the exhibit. Router OldR is replacing another router on the network with the intention of hatring OldR and R2 exchange routes.
After the engineer applied the initial OSPF configuration, the routes were still missing on both devices. Which command sequence
must be issued before the clear IP ospf process command is entered to enable the neighbor relationship?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 240

Refer to the exhibit. Router R1 Fa0/0 is unable to ping router R3 Fa0/1. Which action must be taken in router R1 to help resolve the configuration issue?
A. set the default gateway as 20.20.20.2
B. configure a static route with Fa0/1 as the egress interface to reach the 20.20.20.0/24 network
C. set the default network as 20.20.20.0/24
D. configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 network

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 241
Which set of actions satisfy the requirement for multifactor authentication?

A. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
B. The user swipes a key fob, then clicks through an email link
C. The user enters a user name and password, and then re-enters the credentials on a second screen.
D. The user enters a user name and password, and then clicks a notification an authentication app on a mobile device.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 242

Refer to the exhibit. If the network environment is operating normally, which type of device must be connected to interface fastethernet0/1?

A. router
B. PC
C. DHCP client
D. access point

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 243
A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, which type of OSPF network does this interface belong to?

A. point-to multipoint
B. broadcast
C. point-to-point
D. nonbroadcast

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 244

Refer to the exhibit. Which two commands must be configured on router R1 to enable the router to accept secure remote-access
connections? (Choose two.)

A. transport input telnet

B. crypto key generate rsa
C. username cisco password 0 cisco
D. ip ssh pubkey-chain
E. login console
Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 245

Refer to the exhibit .Which configuration enables DHCP addressing for hosts connected to interface FastEtherrnet0/1 on router R4?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 246
Which device separates networks by security domains?

A. access point
B. firewall
C. wireless controller
D. intrusion protection system

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 247
Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)
A. GETVPN
B. site-to-site VPN
C. lPSec remote access
D. clientless VPN
E. DMVPN

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 248
Which command must be entered so that the default gateway is automatically distributed when DHCP is configured on a router?

A. ip helper-address
B. default-router
C. default-gateway
D. dns-server

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 249
Which function is performed by the collapsed core layer in a two-tier architecture?

A. applying security policies

B. marking interesting traffic for data polices
C. attaching users to the edge of the network
D. enforcing routing policies

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 250
How must a switch interface be configured when an AP is in FlexConnect mode?

A. EtherChannel
B. PoE port
C. trunk port
D. access port

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 251
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?

A. flexconnect
B. sniffer
C. local
D. mesh

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 252
Which command entered on a switch configured with Rapid PVST+ listens and learns for a specific time period?

A. switch(config)#spanning-tree vlan 1 forward-time 20

B. switch(config)#spanning-tree vlan 1 max-age 6
C. switcht(config)#spanning-tree vlan 1 priority 4096
D. switch(config)#spanning-tree vlan 1 hello-time 10

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 253
Which two IP addressing schemes provide internet access to users on the network while preserving the public IPv4 address space? (Choose two.)

A. private networks only

B. IPv6 addressing
C. PAT with private internal addressing
D. custom addresses from ARIN
E. single public Class A network

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 254

Refer to the exhibit. A network engineer is verifying the settings on a new OSPF network. All OSPF configurations use the default
values unless otherwise indicated. Which router does the engineer expect will be elected as the DR when all devices boot up
simultaneously?

A. R3
B. R4
C. R2
D. R1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 255

Which command must the engineer configure on the router?

A. R1 (config)# username engineer2 secret 4 XXXXXXXXXX

B. R1(config)# username engineer2 secret 5 password XXXXXXXXX
C. R1(config)# username engineer2 algorithm-type scrypt secret test2021
D. R1(config)# username engineer2 privilege1 paissword 7 test2021

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 256
Refer to the exhibit. Load-balanced traffic is coming in from the WAN destined to a host at 172.16.1.190. Which next-hop is used by
the router to forward the request?

A. 192.168.7.35
B. 192.168.7.40
C. 192.168.7.7
D. 192.168.7.4

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 257

Refer to the exhibit. Switch AccSw2 has just been added to the network along with PC2. All VLANs have been implemented on
AccSw2. How must the ports on AccSw2 be configured to establish Layer 2 connectivity between PC1 and PC2?

A.

B.

C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 258
What are two functions of a firewall within an enterprise? (Choose two.)

A. It serves as an endpoint for a site-to-site VPN in standalone mode.

B. It provides support as an endpoint for a remote access VPN in multiple context mode.
C. It offers Layer 2 services between hosts.
D. It enables wireless devices to connect to the network.
E. It enables traffic filtering based on URLs.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 259
What is a reason to implement LAG on a Cisco WLC?

A. Increase security by encrypting management frames

B. Enable the connected switch ports to use different Layer 2 configurations
C. Allow for stater failover between WLCs
D. Increase the available throughput on the link

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 260
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?

A. metric
B. administrative distance
C. as-path
D. cost

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 261

Refer to the exhibit. All switches are configured with the default STP priorities. During STP elections, which switch becomes the root bridge if at
interfaces are in the same VLAN?

A. MDF-DC-2: 0d:0E:18:1B:05:97
B. MDF-DC-4: 0d:E0:19:A1:B3:19
C. MDF-DC-1: 0d:E0:00:00:00:00
D. MDF-DC-3: 0d:0E:18:2A:3C:9D

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 262

Refer to the exhibit. An extended ACL has been configured and applied to router R2 The configuration failed to work as intended. Which two changes
stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two)

A. Add a "permit ip any any" statement to the beginning of ACL 101 for allowed traffic.
B. The ACL must be moved to the Gi0/1 interface outbound on R2.
C. Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic.
D. The source and destination lPs must be swapped in ACL 101.
E. The ACL must be configured the Gi0/2 interface inbound on R1.

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 263

SW1 supports connectivity for a lobby conference room and must be secured. The engineer must limit the connectivity from PC1 to
the SW1 and SW2 network. The MAC addresses allowed must be limited to two. Which configuration secures the conference room
connectivity?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 264

Refer to the exhibit. Which type of JSON data is shown?

A. array
B. Object
C. Boolean
D. Key

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 265
Which 802.11 management frame type is sent when a client roams between access points on the same SSlD?

A. Authentication Request
B. Reassociation Request
C. Probe Request
D. Association Request

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 266
What is a functionality of the control plane in the network?

A. It provides CLI access to the network device.

B. It looks up an egress interface in the forwarding information base.
C. It exchanges topology information with other routers.
D. It forwards traffic to the next hop.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 267
What is a function of TFTP in network operations?

A. transfers files between file systems on a router

B. transfers a backup configuration file from a server to a switch using a username and password
C. transfers IOS images from a server to a roUter for firmware upgrades
D. transfers a configuration files from a server to a router on a congested link

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 268
An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network. Which feature must be enabled and configured to prevent
connection issues with the printer?

A. client exclusion
B. passive client
C. static IP tunneling
D. DHCP address assignment

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 269
An engineer needs to configure LLDP to send the port description type length value (TLV). What command sequence must be implemented?

A. switch(config-Iine)#lldp port-description
B. switch#lldp port-description
C. switch(config)#lldp port-description
D. switch(config-if)#lldp port description

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 270

Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is OSPF configured?

A. The interface is not participating in OSPF

B. The default Hello and Dead timers are in use.
C. There are six OSPF neighbors on this interface
D. A point-to-point network type is configured

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 271

Refer to the exhibit. An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11. PC-1 and PC-2 must be placed in the Data
VLAN, and Phone-1 must be placed in the Voice VLAN. Which configuration meets these requirements?
A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 272

Refer to the exhibit. An engineer executed the script and added commands that were not necessary for SSH and now must remove the commands.
Which two commands must be executed to correct the configuration? (Choose two.)

A. no hostname CPE
B. no ip domain name ccna.cisco.com
C. no ip name-server 198.51.100.210
D. no service password-encryption
E. no login local

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 273
What happens when a switch receives a frame with a destination MAC address that recently aged out?

A. The switch drops the frame and learns the destination MAC address again from the port that received the frame.
B. The switch references the MAC address aging table for historical addresses on the port that received the frame.
C. The switch floods the frame to all ports in the VLAN except the port that received the frame.
D. The switch floods the frame to all ports in all VLANs except the port that received the frame.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 274

Refer to the exhibit. Router R1 is running three different routing protocols. Which route characteristic is used by the router to forward the packet
that destination IP 172.16.32.1?

A. longest prefix
B. administrative distance
C. cost
D. metric

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 275
What are two purposes of HSRP? (Choose two.)

A. It provides a mechanism for diskless clients to autoconfigure their lP parameters during boot.
B. It helps hosts on the network to reach remote subnets without a default gateway.
C. It passes configuration information to hosts in a TCP/IP network
D. lt groups two or more routers to operate as one virtual router.
E. It improves network availability by providing redundant gateways.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 276
What are two fundamentals of virtualization? (Choose two.)

A. It allows logical network devices to move traffic between virtual machines and the rest of the physical network.
B. The environment must be configured with one hypervisor that servers solely as a network manager to monitor SNMP traffic.
C. It allows a physical router to directly connect NICs from each virtual machine into the network.
D. It requires that some servers, virtual machines, and network gear reside on the Internet.
E. It allows multiple operating systems and applications to run independently on one physical server.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 277
Which lPsec transport mode encrypts the IP header and the payload?

A. pipe
B. transport
C. tunnel
D. control

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 278
Which two conditions must be met before SSH operates normally on a Cisco IOS switch? (Choose two.)

A. The switch must be running a k9 (crypto) IOS image.

B. IP routing must be enabled on the switch.
C. A console password must be configured on the switch.
D. The ip domain-name command must be configured on the switch.
E. Telnet must be disabled on the switch.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 279
Refer to the exhibit. Which configuration on RTR-1 denies SSH access from PC-1 to any RTR-1 interface and allows all other traffic?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 280
A packet from a company's branch office is destined to host 172.31.0.1 at headquarters. The sending router has three possible matches in its routing
table for the packet prefixes 172.31.0.0/16,172.31.0.0/24, and 172.31.0.0/25. How does the router handle the packet?

A. It sends the traffic via prefix 172.31.0.0/25.

B. It sends the traffic via the default gateway 0.0.0.0/0.
C. It sends the traffic via prefix 172.31.0.0/24.
D. It sends the traffic via prefix 172.31.0.0/16.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 281
Refer to the exhibit. Which configuration issue is preventing the OSPF neighbor relationship from being established between the two routers?

A. R1 interface Gi1/0 has a larger MTU size.

B. R1 has an incorrect network command for interface Gi1/0.
C. R2 is using the passive-interface default command.
D. R2 should have its network command in area 1.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 282
An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer
configure to achieve the desired result?

A. logging trap 3
B. logging trap 5
C. logging trap 4
D. logging trap 2

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 283
An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?

A. 2-way
B. lnit
C. Full
D. Exchange

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 284
Refer to the exhibit. A newly configured PC fails to connect to the Internet by using TCP port 80 to www.cisco.com. Which setting must be modified for
the connection to work?

A. Default Gateway
B. DHCP Servers
C. Subnet Mask
D. DNS Servers

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 285

Refer to the exhibit. Which route must be configured on R1 so that OSPF routing is used when OSPF is up, but the server is still reachable when
OSPF goes down?

A. ip route 10.1.1.0 255.255.255.0 172.16.2.2 100

B. ip route 10.1.1.10 255.255.255.255 gi0/0 125
C. ip route 10.1.1.0 255.255.255.0 gi0/1 125
D. ip route 10.1.1.10 255.255.255.255 172.16.2.2 100

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 286
Refer to the exhibit. Wireless LAN access must be set up to force all clients from the NA WLAN to authenticate against the local database.
The WLAN is configured for local EAP authentication. The time that users access the network must not be limited. Which action completes this configuration?

A. Check the Guest User Role check box

B. Set the Lifetime(seconds) value to 0.
C. Clear the Lifetime(seconds) value.
D. Uncheck the Guest User check box.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 287

Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router. Which access-list entry accomplishes this task?

A. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet

B. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq scp
C. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq https
D. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq ssh

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 288
Refer to the exhibit. Site A was recently connected to site B over a new single-mode fiber path. Users at site A report intermittent
connectivity issues with applications hosted at site B. What is the reason for the problem?

A. The wrong cable type was used to make the connection.

B. Heavy usage is causing high latency.
C. Physical network errors are being transmitted between the two sites.
D. An incorrect type of transceiver has been inserted into a device on the link.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 289
What are two benefits of controller-based networking compared to traditional networking? (Choose two.)

A. controller-based inflates software costs, while traditional decreases individual licensing costs
B. controller-based reduces network configuration complexity, while traditional increases the potential for errors
C. controller-based increases network bandwidth usage, while traditional lightens the load on the network
D. controller-based allows for fewer network failures, while traditional increases failure rates
E. controller-based provides centralization of key IT functions, while traditional requires distributed management functions

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 290
Which port type supports the spanning-tree portfast command without additional configuration?

A. Layer 3 subinterfaces
B. trunk ports
C. Layer 3 main Interfaces
D. access ports

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 291
Which two commands must be configured to complete this task? (Choose two.)

A. SW(config-if)#switchport port-security violation shutdown

B. SW(config-if)#switchport port-security mac-address 0010.XXXX.XXXX
C. SW(config-if)#switchport port-security maximum 2
D. SW(config-if)#switchport port-security mac-address sticky
E. SW(config-if)#switchport port-security violation restrict

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 292
What is the effect when loopback interfaces and the configured router ID are absent during the OSPF Process configuration?

A. The lowest IP address is incremented by 1 and selected as the router ID.

B. The highest up/up physical interface lP address is selected as the router ID.
C. The router ID 0.0.0.0. is selected and placed in OSPF process
D. No router ID is set, and the OSPF protocol does not run.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 293

Refer to the exhibit. A packet sourced from 10.10.10.32 is destined for the Internet. What is the administrative distance for the destination route?

A. 0
B. 32
C. 2
D. 1

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 294
When is the PUT method used within HTTP?

A. It replaces data at the destination.

B. when a read-only operation is required
C. when a nonidempotent operation is needed
D. to display a web site

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 295
Which function does an SNMP agent perform?

A. It coordinates user authentication between a network device and a TACACS+ or RADIUS server.
B. It requests information from remote network nodes about catastrophic system events.
C. It manages routing between Layer 3 devices in a network.
D. It sends information about MIB variables in response to requests from the NMS.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 296
Why is TCP desired over UDP for applications that require extensive error checking, such as HTTPS?

A. UDP uses flow control mechanisms for the delivery of packets, and TCP uses congestion control for efficient packet delivery.
B. UDP operates without acknowledgments, and TCP sends an acknowledgment for every packet received.
C. UDP reliably guarantees delivery of all packets, and TCP drops packets under heavy load.
D. UDP uses sequencing data for packets to arrive in order, and TCP offers the capability to receive packets in random order.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 297

Refer to the exhibit. A network engineer configures the Cisco WLC to authenticate local wireless clients against a RADIUS server. Which action
completes this contfiguration?

A. Enable the Support for CoA option.

B. Disable the Server Status option.
C. Enable the Management option.
D. Enable the Network User option.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 298
Which action must be taken when password protection is implemented?

A. Include special characters and make passwords as long as allowed.

B. Use less than eight characters in length when passwords are complex.
C. Store passwords as contacts on a mobile device with single-factor authentication.
D. Share passwords with senior IT management to ensure proper oversight

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 299
What is a characteristic of private IPv4 addressing?

A. used without tracking or registration

B. composed of up to 65,536 available addresses
C. issued by IANA in conjunction with an autonomous system number
D. traverse the Internet when an outbound ACL is applied

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 300
When deploying a new network that includes both Cisco and third-party network devices, which redundancy protocol avoids the interruption of
network traffic if the default gateway router fails?

A. VRRP
B. HSRP
C. FHRP
D. GLBP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 301

Refer to the exhibit. Routers R1 and R2 have been configured with their respective LAN interfaces. The two circuits are operational and
reachable across WAN. Which command set establishes failover redundancy if the primary circuit goes down?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 302
Which cipher is supported for wireless encryption only with the WPA2 standard?

A. AES256
B. RC4
C. SHA
D. AES

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
QUESTION 303

Refer to the exhibit. Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish connectivity to
the Internet for users in VLAN 200?

A. Configure static NAT translations for VLAN 200.

B. Update the NAT_INSIDE_RANGES ACL.
C. Define a NAT pool on the router.
D. Configure the ip nat outside command on another interface for VLAN 200.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 304
Which JSON data type is an unordered set of attribute-value pairs?

A. String
B. Boolean
C. Object
D. Array

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 305
Which two features introduced in SNMPv2 provide the ability to retrieve large amounts of data in one request and acknowledge a trap using PDUs?(Choose two.)

A. GetNext
B. Set
C. Get
D. Inform
E. GetBulk

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 306
Refer to the exhibit.All interfaces are configured with duplex auto and ip ospf network broadcast. Which configuration allows routers R14 and R86 to form an
OSPFv2 adjacency
while acting as a central point for exchanging OSPF information between routers?

A.

B.
C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 307
What is a characteristic of a collapsed-core network topology?

A. It enables all workstations in a SOHO environment to connect on a single switch with internet access.
B. It allows the core and distribution layers to run as a single combined layer.
C. It enables the core and access layers to connect to one logical distribution device over an EtherChannel.
D. It allows wireless devices to connect directly to the core layer, which enables faster data transmission.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 308
Refer to the exhibit. Which network prefix was learned via ElGRP?

A. 207.165.200.0/24
B. 172.16.0.0/16
C. 192.168.2.0/24
D. 192/168.1.0/24

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 309
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?

A. auto
B. on
C. active
D. desirable

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 310
What is the primary purpose of private address space?

A. reduce network complexity

B. simplify the addressing in the network
C. conserve globally unique address space
D. limit the number of nodes reachable via the Internet

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 311
A network analyst is tasked with configuring the date and time on a router using EXEC mode. The date must be set to January 1,2020 and the time must be set to
12:00 am. What command should be used?

A. clock summer-time date

B. clock timezone
C. clock summer-time recurring
D. clock set

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 312
Which type of address is shared by routers in a HSRP implementation and used by hosts on the subnet as their default gateway address?

A. multicast address
B. Ioopback IP address
C. virtual IP address
D. broadcast address

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 313
Which security method is used to prevent man-in-the-middle attacks?

A. Accounting
B. Anti-replay
C. Authorization
D. Authentication

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 314
To improve corporate security, an organization is planning to implement badge authentication to limit access to the data center. Which element of a
security program is being deployed?

A. user training
B. physical access control
C. user awareness
D. vulnerability verification

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 315
A network engineer is installing an IPv6-only capable device. The client has requested that the device IP address be reachable only from the internal
network. Which type of IPv6 address must the engineer assign?

A. unique local address

B. IPv4-compatible IPv6 address
C. link-local address
D. aggregatable global address

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 316
Which IPv6 address range is suitable for anycast addresses for distributed services such as DHCP or DNS?

A. 2002:db8::XXXX::1/64
B. FF00::1/12
C. FE80::1/10
D. 2001:db8:0234:ca3e::1/128

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 317
Which interface enables communication between a program on the controller and a program on the networking device?

A. southbound interface
B. northbound interface
C. tunnel Interface
D. software virtual interface

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 318
An engineer is configuring a switch port that is connected to a VolP handset. Which command must the engineer configure to enable port security with
a manually assigned MAC address of abcd.abcd.abcd on voice VLAN 4?

A. switchport port-security mac-address abcd.abcd.abcd vlan voice

B. switchport port-security mac-address abcd.abcd.abcd
C. switchport port-security mac-address abcd.abcd.abcd vlan 4
D. switchport port-security mac-address sticky abcd.abcd.abcd vlan 4
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 319

Refer to the exhibit. R1 has just received a packet from host A that is destined to host B. Which route in the routing table is used by R1 to reach host B?

A. 10.10.13.0/25 [110/2] via 1010.10.2

B. 10.10.13.0/25 [1/0] via 10.10.10.2
C. 10.10.13.0/25 [108/0] via 10.10.10.10
D. 10.10.13.0/25 [110/2] via 10.10.10.6

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 320
What is one reason to configure a trunk port that connects to a WLC distribution port?

A. allow multiple VLANs to be used in the data path

B. permit multiple VLANs to provide out-of-band management
C. eliminate redundancy with a link failure in the data path
D. provide redundancy in the event of a link failure for out-of-band management

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 321
What is a purpose of traffic shaping?

A. It provides best-effort service.

B. It enables dynamic flow identification.
C. It limits bandwidth usage.
D. It enables policy-based routing.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 322

Refer to the exhibit. An engineer deploys a topology in which R1 obtains its IP configuration from DHCP. If the switch and DHCP server configurations
are complete and correct, which two sets of commands must be configured on R1 and R2 to complete the task? (Choose two.)
A.

B.

C.

D.

E.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 323
What does a switch do when it receives a frame whose destination MAC address is missing from the MAC address table?

A. It updates the CAM table with the destination MAC address of the frame.
B. It appends the table with a static entry for the MAC and shuts down the port.
C. It floods the frame unchanged across all remaining ports in the incoming VLAN.
D. It changes the checksum of the frame to a value that indicates an invalid frame.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 324
Which port security violation mode allows traffic from valid MAC addresses to pass but blocks traffic from invalid MAC addresses?

A. shutdown VLAN
B. restrict
C. protect
D. shutdown

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 325
What differentiates device management enabled by Cisco DNA Center from traditional campus device management?

A. device-by-device hands-on
B. per-device
C. centralized
D. CLl-oriented device

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 326

Refer to the exhibit. Router R1 must be configured to reach the 10.0.3.0/24 network from the 10.0.1.0/24
segment. Which command must be used to configure the route?
A. ip route 10.0.3.0 0.255.255.255 10.0.4.2
B. route add 10.0.3.0 0.255.255.255 10.0.4.2
C. route add 10.0.3.0 mask 255.255.255.0 10.0.4.3
D. ip route 10.0.3.0 255.255.255.0 10.0.4.3

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 327
What is a similarity between OM3 and OM4 fiber optic cable?

A. Both have a 50 micron core diameter.

B. Both have a 9 micron core diameter.
C. Both have a 100 micron core diameter.
D. Both have a 62.5 micron core diameter.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 328
What is a specification for SSIDs?

A. They define the VLAN on a switch.

B. They are case sensitive.
C. They must include one number and one letter.
D. They are a Cisco proprietary security feature.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 329
What is a role of access points in an enterprise network?

A. connect wireless devices to a wired network

B. support secure user logins to devices on the network
C. serve as a first line of defense in an enterprise network
D. integrate with SNMP in preventing DDoS attacks

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 330
In which two ways does a password manager reduce the chance of a hacker stealing a user's password? (Choose two.)

A. It encourages users to create stronger passwords.

B. It uses an internal firewall to protect the password repository from unauthorized access
C. It protects against keystroke logging on a compromised device or web site.
D. It stores the password repository on the local workstation with built in antivirus and anti-malware functionality.
E. It automatically provides a second authentication factor that is unknown to the original user.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 331
What device segregates a network into separate zones that have their own security policies?

A. firewall
B. access poin
C. IPS
D. Switch

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 332
Which two protocols are used by an administrator for authentication and configuration on access points? (Choose two.)

A. 802.1Q
B. Kerberos
C. 802.1X
D. RADIUS
E. TACACS+

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 333
An engineer must configure a core router with a floating static default route to the backup router at 10.200.0.2. Which command meets the requirements?

A. ip route 0.0.0.0 0.0.0.0 10.200.0.2

B. ip route 0.0.0.0 0.0.0.0 10.200.0.2
C. ip route 0.0.0.0.0.0.0.0 10.200.0.2 floating
D. ip route 0.0.0.0.0.0.0.0 10.200.0.2 10

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 334
What is a function of FTP?

A. always operates without user connection validation

B. uses two separate connections for control and data traffic
C. relies on the well-known UDP port 69 for data transfer
D. uses block numbers to identify and mitigate data-transfer errors

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 335
Which field within the access-request packet is encrypted by RADIUS?

A. authorized services
B. authenticator
C. username
D. Password

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 336

Refer to the exhibit. The router has been configured with a supernet to accommodate the requirement for 380 users on a subnet. The
requirement already considers 30% future growth. Which configuration verifies the IP subnet on router R4?

A.

B.

C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 337

Refer to the exhibit. A network administrator configures the CPE to provide internet access to the company headquarters. Traffic must be
load-balanced via ISP1 and ISP2 to ensure redundancy. Which two command sets must be configured on the CPE router? (Choose two.)

A.

B.

C.

D.

E.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 338
Which IPv6 address type provides communication between subnets and is unable to route on the Internet?

A. global unicast
B. multicast
C. unique local
D. link-local

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 339
An engineer must establish a trunk link between two switches. The neighboring switch is set to trunk or desirable mode. Which action should be taken?

A. configure switchport mode dynamic auto

B. configure switchport nonegotiate
C. configure switchport mode dynamic desirable
D. configure switchport trunk dynamic desirable

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 340
Which QoS feature drops traffic that exceeds the committed access rate?
A. policing
B. FIFO
C. Weighted fair queuing
D. shaping

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 341

Refer to the exhibit. The EtherChannel is configured with a speed of 1000 and duplex as full on both ends of channel group 1. What is the next
step to configure the channel on switch A to respond to but not initiate LACP communication?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 342

Refer to the exhibit The IPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address must be used?

A. ipv6 address 2001:DB8:D8D2:1009:12A0:AB34:FFCC:1 eui-64

B. ipv6 address 2001:DB8:D8D2:1009:10A0:ABFF:FECC:1 eui-64
C. ipv6 address 2001:DB8:D8D2:1009:1230:AB34:FFCC:1 eui-64
D. ipv6 address 2001:DB8:D8D2:1009:1230:ABFF:FECC:1 eui-64
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 343
Which CRUD operation corresponds to the HTTP GET method?

A. Update
B. Read
C. Create
D. Delete

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 344

How must the interconnecting ports be configured?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 345
What is a feature of WPA?

A. TKIP/lMC encryption
B. 802.1x authentication
C. small Wi-Fi application
D. preshared key

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 346
Refer to the exhibit. SW2 is replaced due to a hardware failure. A network engineer starts to configure SW2 by copying the Fa0/1 interface
configuration from SW1.Which command must be configured on the Fa0/1 interface of SW2 to enable PC1 to connect to PC2?

A. switchport mode access

B. switchport mode trunk
C. switchport trunk allowed remove 10
D. switchport trunk native vlan 10

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 347
What is the role of disaggregation in controller-based networking?

A. It divides the control-plane and data-plane functions.

B. It streamlines traffic handling by assigning individual devices to perform either Layer 2 or Layer 3 functions
C. It enables a network topology to quickly adjust from a ring network to a star network.
D. It summarizes the routes between the core and distribution layers of the network topology.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 348
Which interface or port on the WLC is the default for in-band device administration and communications between the controller and access points?

A. virtual interface
B. console port
C. service port
D. management interface

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 349
Refer to the exhibit. Which two commands, when configured on router R1, fulfill these requirements? (Choose two.)
1. Packets toward the entire network 2001:db8:23::/64 must be forwarded through router R2.
2. Packets toward host 2001:db8:23::14 preferably must be forwarded through R3.

A. ipv6 route 2001:db8:23::14/64 fd00:12::2 200

B. ipv6 route 2001:db8:23::14/64 fd00:12::2
C. ipv6 route 2001:db8:23::14/128 fd00:13::3
D. ipv6 route 2001:db8:23::/128 fd00:12::2
E. ipv6 route 2001:db8:23::/64 fd00:12::2

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 350
What is the purpose of using First Hop Redundancy Protocol on a specific subnet?

A. filters traffic based on destination IP addressing

B. sends the default route to the hosts on a network
C. ensures a loop-free physical topology
D. forwards multicast hello messages between routers

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 351
What is the benefit of using private IPv4 addressing?

A. to be routable over an external network

B. to shield internal network devices from external access
C. to provide reliable connectivity between like devices
D. to enable secure connectivity over the Internet

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 352
What are two differences between optical-fiber cabling and copper cabling? (Choose two.)

A. The data can pass through the cladding.

B. Light is transmitted through the core of the fiber.
C. A BNC connector is used for fiber connections.
D. Fiber connects to physical interfaces using RJ-45 connections.
E. The glass core component is encased in a cladding.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 353
Refer to the exhibit. What is the subnet mask for route 172.16.4.0?

A. 255.255.248.0
B. 255.255.255.192
C. 255.255.254.0
D. 255.255.240.0

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 354

Refer to the exhibit. What is represented by "R1" and "SW1" within the JSON output?

A. Object
B. Key
C. Array
D. Value

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 355
Which security program element involves installing badge readers on data-center doors to allow workers to enter and exit based on their job roles?

A. biometrics
B. role-based access control
C. multifactor authentication
D. physical access control

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 356
Which two capabilities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two.)

A. SDKs that support interaction with third-party network equipment

B. customized versions for small, medium, and large enterprises
C. REST APIS that allow for external applications to interact natively with Cisco DNA Center
D. modular design that is upgradable as needed
E. adapters that support all families of Cisco IOS software

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 357
What is a function of a Next-Generation IPS?

A. integrates with a RADIUS server to enforce Layer 2 device authentication rules

B. serves as a controller within a controller-based network
C. makes forwarding decisions based on learned MAC addresses
D. analyzes and mitigates observed vulnerabilities in a network

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:

QUESTION 358

Refer to the exhibit. The network engineer is configuring router R2 as a replacement router on the network. After the initial configuration is
applied, it is determined that R2 failed to show R1 as a neighbor. Which configuration must be applied to R2 to complete the OSPF
configuration and enable it to establish the neighbor relationship with R1?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 359

Refer to the exhibit. An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence must be
configured?
A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 360

Refer to the exhibit. An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work.
Which additional task allows the two switches to establish an LACP port channel?

A. Configure the interface port-channel 1 command on both switches.

B. Change the channel-group mode on SW1 to active or passive.
C. Change the channel-group mode on SW2 to auto.
D. Change the channel-group mode on SW1 to desirable.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 361
Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two.)

A. listening
B. blocking
C. forwarding
D. disabled
E. learning

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 362
Which interface is used to send traffic to the destination network?

A. G0/22
B. G0/5
C. G0/13
D. G0/11

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 363
Which interface is used to send traffic to the destination network?

A. F0/4
B. F0/20
C. F0/6
D. F0/24

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 364
Which interface is used to send traffic to the destination network?

A. F0/17
B. F0/18
C. F0/22
D. F0/1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 365
Which interface is used to send traffic to the destination network?

A. F0/15
B. F0/4
C. F0/7
D. F0/11

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 366
Which interface is used to send traffic to the destination network?
A. G0/18
B. G0/22
C. G0/19
D. G0/8

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 367
Which interface is used to send traffic to the destination network?

A. F0/19
B. F0/17
C. F0/16
D. F0/10

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 368
Which interface is used to send traffic to the destination network?

A. G0/2
B. G0/14
C. G0/4
D. G0/11

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 369

Refer to the exhibit. How does the router manage traffic to 192.168.12.16?

A. It load-balances traffic between all three routes.

B. It chooses the EIGRP route because it has the lowest administrative distance.
C. It chooses the OSPF route because it has the longest prefix inclusive of the destination address.
D. It selects the RIP route because it has the longest prefix inclusive of the destination address.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 370
Refer to the exhibit. Which switch becomes the root bridge?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 371
What is a characteristic of encryption in wireless networks?

A. eliminates network piggybacking

B. uses the password to connect to an access point
C. uses integrity checks to identify forgery attacks in the frame
D. prevents the interception of data as it transits a network

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 372
What is a characteristic of encryption in wireless networks?

A. identifies an access point on a WLAN

B. uses integrity checks to identify forgery attacks in the frame
C. uses authentication protocols to secure a network
D. uses the password to connect to an access point

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 373
What is a characteristic of encryption in wireless networks?

A. provides increased protection against spyware

B. prevents the interception of data asit transits a network
C. prompts a user for a login ID
D. uses ciphers to detect and prevent zero-day network attacks

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 374
What is a characteristic of private IPv4 addressing?

A. reduces network maintenance costs

B. simplifies the addressing in the network
C. is used on hosts that communicate only with other internal hosts
D. reduces network complexity

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 375
What is a characteristic of private IPv4 addressing?

A. resources reduces network complexity

B. is used on internal hosts that stream data solely to external
C. provides an added level of protection against internet threats
D. complies with PCI regulations

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 376
What is a characteristic of private IPv4 addressing?

A. traverses the internet when an outbound ACL is applied

B. allows multiple companies to use the same address without conflict
C. complies with PCI regulations
D. is used on internal hosts that stream data solely to external resources

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 377
How does MAC learning function on a switch?

A. populates the ARP table with the egress port

B. inspects and drops frames from unknown destinations
C. adds unknown source MAC addresses to the address table
D. sends frames with unknown destinations to a multicast group

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 378
How does MAC learning function on a switch?

A. sends a retransmission request when a new frame is received

B. broadcasts frames to all ports without queueing
C. adds unknown source MAC addresses to the address table
D. sends frames with unknown destinations to a multicast group

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 379
How does frame switching function on a switch?

A. modifies frames that contain a known source VLAN

B. forwards known destinations to the destination port
C. forwards frames to a neighbor port using CDP
D. inspects and drops frames from unknown destinations

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 380
How does frame switching function on a switch?

A. increases security on the management VLAN

B. buffers and forwards frames with less than 5 CRCs
C. drops received MAC addresses not listed in the address table
D. floods unknown destinations to all ports except the receiving port

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 381
What is represented by the word "LB20" within this JSON schema?

A. array
B. object
C. key
D. value

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 382
What is represented in line 4 within this JSON schema?

A. array
B. key
C. object
D. value

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 383
What is represented in line 2 within this JSON schema?

A. key
B. value
C. array
D. object

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 384
What is represented in line 2 within this JSON schema?

A. value
B. array
C. object
D. key

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 385

Refer to the exhibit. Which two values does router R1 use to determine the best path to reach destinations in network 1.0.0.0/8?
(Choose two.)

A. highest metric
B. lowest cost to reach the next hop
C. highest administrative distance
D. lowest metric
E. lowest administrative distance

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 386

Refer to the exhibit. Packets received by the router from BGP enter via a serial interface at 209.165.201.1. Each route is present
within the routing table. Which interface is used to forward traffic with a destination IP of 10.1.1.19?

A. F0/3
B. F0/0
C. F0/4
D. F0/1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 387
Refer to the exhibit. What is identified by the word "switch" within line 2 of the JSON Schema?

A. Object
B. Key
C. Value
D. Array

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 388
What is the primary purpose of a console port on a Cisco WLC?

A. in-band management via an asynchronous transport

B. out-of-band management via an asynchronous transport
C. in-band management via an IP transport
D. out-of-band management via an IP transport

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 389
Which 802.11 frame type is indicated by a probe response after a client sends a probe request?

A. Action
B. Data
C. Control
D. Management

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 390
What is a zero-day exploit?

A. It is when the network is saturated with malicious traffic that overloads resources and bandwidth.
B. It is when the perpetrator inserts itself in a conversation between two parties and captures or alters data.
C. It is when a new network vulnerability is discovered before a fix is available.
D. It is when an attacker inserts malicious code into a SQL server.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 391
A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which encryption cipher must be
configured?s

A. CCMP128
B. GCMP128
C. CCMP256
D. GCMP256

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 392
A network engineer must migrate a router loopback interface to the IPv6 address space. If the current IPv4 address of the interface is 10.54.73.1/32,
and the engineer configures IPv6 address 0:0:0:0:0.ffff:a00:0000, which prefix length must be used?

A. /128
B. /64
C. /96
D. /124

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 393

Refer to the exhibit. A network administrator configures an interface on a new switch so that it connects to interface Gi1/0/1 on switch Cat9300-1.
Which configuration must be applied to the new interface?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 394

Refer to the exhibit. A network engineer is updating the configuration on router R1 to connect a new branch office to the company network. R2 has
been configured correctly. Which command must the engineer configure so that devices at the new site communicate with the main office?

A.
B.

C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 395
Refer to the exhibit. A network engineer is in the process of establishing lP connectivity between two sites. Routers R1 and R2 are partially configured
with IP addressing. Both routers have the ability to access devices on their respective LANs. Which command set configures the IP connectivity
between devices located on both LANs in each site?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 396
What is the function of a controller in a software-defined network?

A. fragmenting and reassembling packets

B. forwarding packets
C. setting packet-handling policies
D. multicast replication at the hardware level

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 397
Refer to the exhibit. A network engineer must configure communication between PC A and the File Server. To prevent interruption for any
other communication swhich command must be configured?

A. switchport trunk allowed vlan add 13

B. switchport trunk allowed vlan 12
C. switchport trunk allowed vlan none
D. switchport trunk allowed vlan remove 10-11

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 398
What is a characteristic of RSA?

A. It requires both sides to have identical keys for encryption.

B. It is a symmetric decryption algorithm.
C. It is an asymmetric encryption algorithm.
D. It uses preshared keys for encryption.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 399

Refer to the exhibit. Which type of configuration is represented in the output?

A. Ansible
B. Puppet
C. JSON
D. Chef

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 400
What is an appropriate use for private IPv4 addressing?

A. on the public-facing interface of a firewall

B. on hosts that communicates only with other internal hosts
C. on internal hosts that stream data solely to external resources
D. to allow hosts inside to communicate in both directions with hosts outside the organization
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 401

Refer to the exhibit. How many objects, keys, and JSON list values are present?

A. one object, three keys, and two JSON list values

B. three objects, three keys, and two JSON list values
C. three objects, two keys, and three JSON list values
D. one object, three keys, and three JSON list values

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 402
What describes a northbound REST API for SDN?

A. application-facing interface for GET, POST, PUT, and DELETE methods

B. network-element-facing interface for the control and data planes
C. application-facing interface for SNMP GET requests
D. network-element-facing interface for GET, POST, PUT, and DELETE methods

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 403

Refer to the exhibit. An engineer configured the New York router with State routes that point to the Atlanta and Washington sites. Which command must
be configured on the Atlanta and Washington routers so that both sites are able to reach the loopback2 interface on the New York router?

A. ipv6 route ::/0 Serial 0/0/1

B. ipv6 route ::/0 2000::2
C. ipv6 route ::/0 Serial 0/0/0
D. ipv6 route 0/0 Serial 0/0/0
E. ip route 0.0.0.0.0.0.0.0 Serial 0/0/0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 404
An administrator must secure the WLC from receiving spoofed association requests. Which steps must be taken to configure the WLC to restrict the
requests and force the user to wait 10 ms to retry an association request?

A. Enable Security Association Teardown Protection and set the SA Query timeout to 10.
B. Enable the Protected Management Frame service and set the Comeback timer to 10.
C. Enable 802.1x Layer 2 security and set the Comeback timer to 10.
D. Enable MAC filtering and set the SA Query timeout to 10.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 405
In which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?

A. A spine switch and a leaf switch are added with redundant connections between them.
B. A leaf switch is added with connections to every spine switch.
C. A leaf switch is added with a single cennection to a core spine switch.
D. A spine switch is added with at least 40 GB uplinks.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 406
What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two.)

A. The DHCP server leases client IP addresses dynamically.

B. The DHCP client maintains a pool of IP addresses it can assign.
C. The DHCP server assigns IP addresses without requiring the client to renew them.
D. The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses.
E. The DHCP client can request up to four DNS server addresses.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 407
What is a function of an endpoint on a network?

A. provides wireless services to users in a building

B. connects server and client devices to a network
C. allows users to record data and transmit to a file server
D. forwards traffic between VLANs on a network

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 408
Which command enables HTTP access to the Cisco WLC?

A. config network telnet enable

B. config network secureweb enable
C. config certificate generate webadmin
D. config network webmode enable

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 409
Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two.)

A. It drops lower-priority packets before it drops higher-priority packets.

B. It supports protocol discovery.
C. lt guarantees the delivery of high-priority packets.
D. It can mitigate congestion by preventing the queue from filing up.
E. It can identity different flows with a high level of granularity.

Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:

QUESTION 410

Refer to the exhibit. Each router must be configured with the last usable IP address in the subnet. Which configuration fulfills this requirement?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 411

Refer to the exhibit. Router R1 is added to the network and configured with the 10.0.0.64/26 and 10.0.20.0/24 subnets. However, traffic destined for the
LAN on R3 is not accessible. Which command when executed on R1 defines a static route to reach the R3 LAN?

A. ip route 10.0.15.0 255.255.255.192 10.0.20.1

B. ip route 10.0.15.0 255.255.255.0 10.0.20.3
C. ip route 10.0.15.0 255.255.255.0 10.0.20.1
D. ip route 10.0.0.64 255.255.255.192 10.0.20.3

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 412
Which component controls and distributes physical resources for each virtual machine?

A. CPU
B. Hypervisor
C. OS
D. physical enclosure

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 413
What are two differences between WPA2 and WPA3 wireless security?

A. WPA3 uses SAE for stronger protection than WPA2, which uses AES.
B. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption.
C. WPA3 uses AES for stronger protection than WPA2, which uses TKIP.
D. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption.
E. WPA3 uses AES for stronger protection than WPA2, which uses SAE.

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 414

Which configuration must be used?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 415
Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol?

A. route
B. bridge
C. lightweight
D. autonomous

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 416
Refer to the exhibit. An engineer is configuring an EtherChannel using LACP between Switches 1 and 2. Which configuration must be applied so that
only Switch 1 sends LACP initiation packets?

A. Switch1(config-if)#channel-group 1 mode passive

Switch2(config-if)#channel-group 1 mode active
B. Switch1(config-if)#channeI-group 1 mode on
Switch2(config-if)#channel-group 1 mode active
C. Switch1(config-if)#channeI-group 1 mode on
Switch2(config-if)#channel-group 1 mode passive
D. Switch1(config-if)#channel-group1 mode active
Switch2(config-if)#channel-group 1 mode passive

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 417
How does WPA3 improve security?

A. It uses a 4-way handshake for authentication.

B. It uses RC4 for encryption.
C. It uses TKIP for encryption.
D. It uses SAE for authentication

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 418
Which two transport layer protocols carry syslog messages? (Choose two.)

A. TCP
B. RTP
C. UDP
D. IP
E. ARP

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 419
Refer to the exhibit. PC A is communicating with another device at IP address 10.227.226.255. Through which router does router Y route the traffic?

A. Router C
B. Router A
C. Router B
D. Router D

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 420
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

A. route with the lowest administrative distance

B. route with the next hop that has the highest IP
C. route with the shortest prefix length
D. route with the lowest cost

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 421
What is the benefit of configuring PortFast on an interface?

A. Real-time voice and video frames entering the interface are processed faster
B. After the cable is connected, the interface uses the fastest speed setting available for that cable type.
C. After the cable is connected, the interface is available faster to send and receive user data.
D. The frames entering the interface are marked with higher priority and then processed faster by a switch

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 422
SIP-based Call Admission Control must be configured in the Cisco WLC GUI. SIP call-snooping ports are configured. Which two actions must be
completed next? (Choose two.)

A. Enable traffic shaping for the LAN interface of the WLC.

B. Set the QoS level to silver or greater for voice traffic.
C. Configure two different QoS roles for data and voice traffic.
D. Set the QoS level to platinum for voice traffic.
E. Enable Media Session Snooping on the WLAN.
Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 423
Which type of port is used to connect to the wired network when an autonomous AP maps two VLANs to its WLANs?

A. EtherChannel
B. Trunk
C. Access
D. LAG

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 424
What is a benefit of a point-to-point leased line?

A. simplicity of configuration
B. flexibility of design
C. full-mesh capability
D. low cost

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 425
A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router R2 GigabitEthernet1/1 interface. For the
configuration to be applied, the engineer must compress the address 2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be issued
on the interface?

A. ipv6 address 2001:db8:0::500:a:4F:583B

B. ipv6 address 2001:0db8::5:a:4F:583B
C. ipv6 address 2001::db8:0000::500:a:400F:583B
D. ipv6 address 2001:db8::500:a:400F:583B

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 426

Which two configurations must be used to configure the new subnets and meet a requirement to use the first available address in each subnet for the
router interfaces? (Choose two.)

A.

B.

C.

D.

E.

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 427
What is the difference between 1000BASE-LX/LH and 1000BASE-ZX interfaces?

A.
B.

C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 428

Refer to the exhibit. Which interface is chosen to forward traffic to the host at 192.168.0.55?

A. GigabitEthernel0/2
B. Null0
C. GigabitEthernet0/3
D. GigabitEthernet0/1

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 429

Refer to the exhibit. Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to direct traffic, an
engineer verified that each of the four Gigabit interfaces has the same route to 10.10.0.0/16. Which interface will R1 choose to send traffic to reach the route?

A. GigabitEtherhet0/1
B. GigabitEthernet0/2
C. GigabitEthernet0/0
D. GigabitEthernet0/3

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 430
What is the difference between IPv6 unicast and anycast addressing?

A. Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes.
B. An individual IPv6 unicast address is supported on a single interface on one node, but an IPv6 anycast address is assigned to a group of
interfaces on multiple nodes.
C. IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration.
D. IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 431
A switch is forwarding a frame out of all interfaces except the interface that received the frame. What is the technical term for this process?

A. Flooding
B. CDP
C. Multicast
D. ARP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 432
Which signal frequency appears 60 times per minute?

A. 60 GHz signal
B. 60 Hz signal
C. 1 Hz signal
D. 1 GHz signal

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 433

Refer to the exhibit. An engineer is configuring a Layer 3 port-channel interface with LACP. The configuration on the first device is complete, and it is
verified that both interfaces have registered the neighbor device in the CDP table. Which task on the neighbor device enables the new port channel to
come up without negotiating the channel?

A. Change the EtherChannel mode on the neighboring interfaces to auto.

B. Modify the static EtherChannel configuration of the device to passive mode
C. Bring up the neighboring interfaces using the no shutdown command.
D. Configure the IP address of the neighboring device.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 434
What are two characteristics of a controller-based network? (Choose two.)

A. It moves the control plane to a central point.

B. The administrator can make configuration updates from the CLI
C. It uses northbound and southbound APIs to communicate between architectural layers.
D. It decentralizes the control plane, which allows each device to make its own forwarding decisions
E. It uses Telnet to report system issues.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 435
Refer to the exhibit. SW_1 and SW_12 represent two companies that are merging. They use separate network vendors. The VLANs on both sides
have been migrated to share lP subnets. Which command sequence must be issued on both sides tojoin the two companies and pass all VLANs
between the companies?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 436
The clients and rent subnets. Which command must be used to forward requests and replies between clients on the
10.10.0.1/24 subnet and the DHCP server at 192.168.10.1?

A. ip default-gateway 192.168.10.1
B. ip helper-address 192.168.10.1
C. ip route 192.168.10.1
D. ip dhcp address 192.168.10.1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 437
What is the difference in data transmission delivery and reliability between TCP and UDP?

A. UDP is used for multicast and broadcast communication. TCP is used for unicast communication and transmits data at a higher rate with error checking.
B. TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to ensure applications receive the data on the remote end.
C. UDP sets up a connection between both devices before transmitting data. TCP uses the three-way handshake to transmit data with a reliable connection.
D. TCP requires the connection to be established before transmitting data. UDP transmits data at a higher rate without ensuring packet delivery.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 438
Which two server types support domain name to IP address resolution? (Choose two.)

A. resolver
B. web
C. ESX host
D. authoritative
E. file transfer

Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:

QUESTION 439
What are two protocols within the lPsec suite? (Choose two.)

A. ESP
B. AES
C. TLS
D. 3DES
E. AH

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 440
Which channel-group mode must be configured when multiple distribution switch interfaces connected to a WLC are bundled?

A. channel-group mode on
B. channel-group mode active
C. channel-group mode passive
D. channel-group mode desirable

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 441
What is a requirement for nonoverlapping Wi-Fi channels

A. discontinuous frequency ranges

B. unique SSIDs
C. different transmission speeds
D. different security settings

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 442
When an access point is seeking to join a wireless LAN controller, which message is sent to the AP-Manager interface?

A. discovery request
B. discovery response
C. DHCP request
D. DHCP discover

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 443
Which two northbound APls are found in a software-defined network? (Choose two.)

A. SOAP
B. OpenFlow
C. NETCONF
D. REST
E. OpFlex

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 444
Refer to the exhibit. A static route must be configured on R86 to forward traffic for the 172.16.34.0/29 network, which resides on R14. Which command
must be used to fulfill the request?

A. ip route 172.16.34.0 0.0.0.7 10.73.65.64

B. ip route 10.73.65.65 255.255.255.248 172.16.34.0
C. ip route 172.16.34.0 255.255.255.224 10.73.65.66
D. ip route 172.16.34.0 255.255.255.248 10.73.65.65

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 445
Which WPA3 enhancement protects aoainst hackers viewino traffic on the Wi-Fi network?

A. TKIP encryption
B. AES encryption
C. SAE encryption
D. scrambled encryption key

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 446
What uses HTTP messages to transfer data to applications residing on different hosts?

A. OpenFlow
B. REST
C. OpenStack
D. OpFlex

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 447

Refer to the exhibit. R1 learns all routes via OSPF. Which command configures a backup static route on R1 to reach the 192.168.20.0/24 network via R3?

A. R1(config)# ip route 192.168.20.0 255.255.255.0 192.168.30.2

B. R1(config)# ip route 192.168.20.0 255.255.255.0 192.168.30.2 90
C. R1(config)# ip route 192.168.20.0 255.255.0.0192.168.30.2.
D. R1 (config)# ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 448
While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is
applied to the interface. Which two misconfigurations cause this behavior? (Choose two.)

A. A matching permit statement is too broadly defined.

B. A matching permit statement is too high in the access list.
C. The packets fail to match any permit statement.
D. The ACL is empty.
E. A matching deny statement is too high in the access list.

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 449

Refer to the exhibit. Which next-hop IP address does Router1 use for packets destined to host 10.10.13.158?

A. 10.10.10.5
B. 10.10.11.2
C. 10.10.12.2
D. 10.10.10.9

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 450
Which type of security program is violated when a group of employees enters a building using the ID badge of only one person?

A. physical access control

B. user awareness
C. network authorization
D. intrusion detection

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 451
Refer to the exhibit. An IPv6 address must be obtained automatically on the LAN interface on R1. Which command must be
implemented to accomplish the task?

A. ipv6 address autoconfig

B. ipv6 address dhcp
C. ipv6 address 2001:db8:d8d:1008:1234:56:7890:/64
D. ipv6 address fe80:/10

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 452
Which lP header field is changed by a Cisco device when QoS marking is enabled?

A. Header Checksum
B. ECN
C. Type of Service
D. DSCP

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 453
What is an advantage of Cisco DNA Center versus traditional campus device management?

A. It is designed primarily to provide network assurance.

B. It enables easy autodiscovery of network elements in a brownfield deployment.
C. It supports numerous extensibility options, including cross-domain adapters and third-party SDKs.
D. It supports high availability for management functions when operating in cluster mode.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 454

Refer to the exhibit. Which two commands when used together create poitchannel 10? (Choose two.)

A.

B.
C.

D.

E.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 455

Refer to the exhibit. An engineer must configure a floating static route on an external EIGRP network. The destination subnet is the /29
on the LAN interface of R86. Which command must be executed on R14?

A. Ip route 10.73.65.66 0.0.0.224 10.80.65.0 255

B. lp route 10.80.65.0 255.255.255.240 fa0/1 89
C. Ip route 10.80.65.0 255.255.255.248 10.73.65.66 171
D. Ip route 10.80.65.0 255.255.248.0 10.73.65.66 1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 456

Which two commands must be configured to complete this task? (Choose two.)

A. SW(config-if)#switchport port-security violation restrict

B. SW(config-if)#switchport port-security maximum 2
C. SW(config-if)#switchport port-security mac-address sticky
D. SW(config-if)#switchport port-security violation shutdown
E. SW(config-if)#switchport port-security mac-address 0010.XXXX.XXXX

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 457

Refer to the exhibit. An engineer assumes a configuration task from a peer. Router A must establish an OSPF neighbor relationship
with neighbor 172.1.1.1. The output displays the status of the adjacency after 2 hours. What is the next step in the configuration
process for the routers to establish an adjacency?
A. Set the router B OSPF lD to a nonhost address.
B. Set the router B OSPF ID to the same value as its lP address.
C. Configure router A to use the same MTU size as router B.
D. Configure a point-to-point link between router A and router B.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 458
A wireless administrator has configured a WLAN, however, the clients need access to a less congested 5-GHz network for their voice
quality. What action must be taken to meet the requirement?

A. enable DTIM
B. enable AAA override
C. enable Band Select
D. enable RX-SOP

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 459

Refer to the exhibit. An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote
configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two.)

A.

B.

C.

D.
E.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 460
What are two benefits of FHRPs? (Choose two.)

A. They enable automatic failover of the default gateway.

B. They allow encrypted traffic.
C. They are able to bundle muftlple ports to increase bandwidth.
D. They allow multiple devices to serve as a single virtual gateway for clients in the network.
E. They prevent loops in the Layer 2 network.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 461
In software defined architectures, which plane is distributed and responsible for traffic forwarding?

A. management plane
B. control plane
C. policy plane
D. data plane

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 462
What is a capability of FTP in network management operations?

A. offers proprietary support at the session layer when transferring data

B. encrypts data before sending between data resources
C. devices are directly connected and use UDP to pass file information
D. uses separate control and data connections to move files between server and client

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 463

Which configuration must be used?

A.

B.

C.

D.
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 464
What is a characteristic of cloud-based network topology?

A. wireless connections provide the sole access method to services

B. onsite network services are provided with physical Layer 2 and Layer 3 components
C. services are provided by a public, private, or hybrid deployment
D. physical workstations are configured to share resources

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 465

What must be configured to meet the requirements?

A. username CCUser privilege 10 password NAI2Scc

B. username CCUser secret NAI2Scc
C. username CCUser privilege 15 password NAI2Scc
enable secret 0 NAI2Scc
D. username CCUser password NAIZScc
enable password level 5 NAI2Scc

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 466
R1 has learned route 192.168.12.0/24 via lS-IS, OSPF, RlP, and lntemal EIGRP. Under normal operating conditions, which routing
protocol is installed in the routing table?

A. RIP
B. OSPF
C. lS-IS
D. Internal EIGRP

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 467
Refer to the exhibit. Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent
connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?

A. The sites were connected with the wrong cable type.

B. An incorrect SFP media type was used at SiteA
C. Interface errors are incrementing.
D. High usage is causing high latency.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 468
How does the dynamically-learned MAC address feature function?

A. Switches dynamically learn MAC addresses of each connecting CAM table.

B. The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses
C. It requires a minimum number of secure MAC addresses to be filled dynamically
D. The CAM table is empty until ingress traffic arrives at each port

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 469
What are two features of the DHCP relay agent? (Choose two.)

A. minimizes the necessary number of DHCP servers

B. is configured under the Layer 3 interface of a routerion the client subnet
C. assigns DNS locally and then forwards request to DHCP server
D. permits one IP helper command under an individual Layer 3 interface
E. allows only MAC-to-IP reservations to determine the local subnet of a client

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 470
Refer to the exhibit. Web traffic is comingin from the WAN interface. Which route takes precedence wheh the router is processing
traffic destined for the LAN network at 10.0.10.0/24?

A. via next-hop 10.0.1.50

B. via next-hop 10.0.1.100
C. via next-hop 10.0.1.5
D. via next-hop 10.0.1.4

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 471
What is a benefit of VRRP?

A. It provides traffic load balancing to destinations that are more than two hops from the source.
B. It allows neighbors to share routing table information between each other.
C. It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision
D. It provides the default gateway redundancy on a LAN using two or more routers

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 472

Refer to the exhibit. The link between PC1 and the switch is up, but it is performing poorly. Which interface condition is causing the
performance problem?

A. There is an issue with the fiber on the switch interface.

B. There is a duplex mismatch on the interface.
C. There is a speed mismatch on the interface.
D. There is an interface type mismatch.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 473
In which situation is private IPv4 addressing appropriate for a new subnet on the network of an organization?

A. There is limited unique address space, and traffic on the new subnet will stay local within the organization.
B. The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.
C. The ISP requires the new subnet to be advertised to the internet for web services.
D. Traffic on the subnet must traverse a site-to-site VPN to an outside organization.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 474
What are two functions of a server on a network? (Choose two)

A. runs the same operating system in order to communicate with other servers
B. achieves redundancy by exclusively using virtual server clustering
C. runs applications that send and retrieve data for workstations that make requests
D. handles requests from multiple workstations at the same time
E. housed solely in a data center that is dedicated to a single client

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 475
Which cable type must be used to interconnect one switch using 1000 BASE-SX GBIC modules and another switch using 1000
BASE-SX SFP modules?

A. LC to SC
B. SC to SC
C. LC to LC
D. SC to ST

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 476
What is the maximum bandwidth of a T1 point-to-point connection?

A. 43.7 Mbps
B. 2.048 Mbps
C. 34.368 Mbps
D. 1.544 Mbps

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 477

Refer to the exhibit. User traffic originating within site B is failing to reach an application hosted on IP address 192.168.0.10, which is
located within site A. What is determined by the routing table?

A. The traffic is blocked by an implicit deny in an ACL on router2.

B. The lack of a default route prevents delivery of the traffic.
C. The default gateway for site B is configured incorrectly.
D. The traffic to 192.168.0.10 requires a static route to be configured in router1.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 478

Refer to the exhibit. An engineer must translate the PC1 IP address to 10.199.77.100 and permit PC1 to ping the loopback 0 interface
on router R2. What command set must be used?

A.

B.
C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 479
What is the functionality of the Cisco DNA Center?

A. software-defined controller for automation of devices and services

B. console server that permits secure access to all network devices
C. data center network policy controller
D. IP address pool distribution scheduler

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 480
What is a characteristic of encryption in wireless networks?

A. encodes and decodes data for authorized users

B. allows easy file sharing between endpoints
C. intercepts data threats before they attack a network
D. uses ciphers to detect and prevent zero-day network attacks

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 481
What is a characteristic of encryption in wireless networks?
A. uses policies to prevent unauthorized users
B. must include a combination of letters and numbers
C. creates a secure identity-protected tunnel between devices
D. encodes and decodes data for authorized users

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 482
What is a DHCP client?

A. a server that dynamically assigns IP addresses to hosts.

B. a host that is configured to request an IP address automatically
C. a router that statically assigns IP addresses to hosts.
D. a workstation that requests a domain name associated with its IP address

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 483

Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?

A. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

B. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor
C. 192.168.0.0/24 as summary and 192.168.0.0/28 for each floor
D. 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 484
What is a feature of TFTP?

A. provides secure data transfer

B. relies on the well-known TCP port 20 to transmit data
C. offers anonymous user login ability
D. uses two separate connections for control and data traffic

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 485
What is the function of a controller in controller-based networking?

A. It is a pair of core routers that maintain all routing decisions for a campus.
B. lt centralizes the data plane for the network.
C. It serves as the centralized management point of an SDN architecture.
D. It is the card on a core router that maintains all routing decisions for a campus.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 486
Refer to the exhibit. A network engineer updates the existing configuration on interface FastEthernet1/1 switch SW1. It must establish
an EtherChannel by using the same group designation with another vendor switch. Which configuration must be performed to
complete the process?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 487

Refer to the exhibit. According to the output, which parameter set is validated using the routing table of R7?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 488
Refer to the exhibit. The administrator must configure a floating static default route that points to 2001:db8:1234:2::1 and replaces the
current default route only if it fails. Which command must the engineer configure on the CPE?

A. ipv6 route ::/0 2001:db8:1234:2::1 1

B. ipv6 route ::/0 2001:db8:1234:2::1 2
C. ipv6 route ::/128 2001:db8:1234:2::1 3
D. ipv6 route ::/0 2001:db8:1234:2::1 3

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 489
Which WAN access technology is preferred for a small office/home office architecture?

A. Integrated Services Digital Network switching

B. broadband cable access
C. frame-relay packet switching
D. dedicated point-to-point leased line

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 490
Which two characteristics are representative of virtual machines (VMs)? (Choose two.)

A. A VM on a hypervisor is automatically interconnected to other VMs.

B. A VM on an individual hypervisor shares resources equally
C. Each VM runs independently of any other VM in the same hypervisor.
D. multiple VMs operate on the same underlying hardware.
E. Each VMs operating system depends on its hypervisor.

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 491
Which two protocols are supported on service-port interfaces? (Choose two.)

A. SCP
B. Telnet
C. SSH
D. TACACS+
E. RADIUS

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
QUESTION 492
What is a characteristic of private IPv4 addressing?

A. allows endpoints to communicate across public network boundaries

B. is used on the external interface of a firewall
C. is used when the ISP requires the new subnet to be advertised to the internet for web services
D. allows multiple companies to use the same address without conflict

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 493
What is a characteristic of private IPv4 addressing?

A. is used without allocation from a regional internet authority

B. provides unlimited address ranges
C. reduces the forwarding table on network routers
D. is used when traffic on the subnet must traverse a site-to-site VPN to an outside organization

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 494
What is a characteristic of private IPv4 addressing?

A. alleviates the shortage of IPv4 addresses

B. is used when the ISP requires the new subnet to be advertised to the internet for web services
C. is used when the network has multiple endpoint listeners
D. provides unlimited address ranges

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 495
What is the purpose of a southbound API in a controller-based networking architecture?

A. allows application developers to interact with the network

B. facilitates communication between the controller andthe applications
C. integrates a controller with other automation and orchestration tools
D. facilitates communication between the controller and the networking hardware

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 496
What does WPA3 provide in wireless networking?

A. backward compatibility with WPA and WPA2

B. safeguards against brute force attacks with SAE
C. optional Protected Management Frame negotiation
D. increased security and requirement of a complex configuration

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 497

Which set of configurations must be applied?

A.
B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 498
What is a function of Layer 3 switches?

A. They transmit broadcast trafic when operating in Layer 3 mode exclusively

B. They forward Ethernet frames between VLANs using only MAC addresses.
C. They route trafic between devices in diferent VLANs.
D. They move frames between endpoints limited to IP addresses.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 499
Which two outcomes are predictable behaviors for HSRP? (Choose two.)

A. The two routers negotiate one router as the active router and the other as the standby router.
B. Each router has a different IP address, both routers act as the default gateway on the LAN, and traffic is toad-balanced between them.
C. The two routers share the same interface IP address, and default gateway traffic is load-balanced between them.
D. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.
E. The two routers synchronize configurations to provide consistent packet forwarding.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 500
Which interface type enables an application running on a client to send data over an IP network to a server?

A. southbound interface
B. Representational State Transfer application programming interface
C. northbound interface
D. application programming interface

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 501
Which interface type enables an application running on a client to send data over an IP network to a server?

A. southbound interface
B. Representational State Transfer application programming interface
C. northbound interface
D. application programming interface

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 502
Which global command encrypts all passwords in the running configuration?

A. password-encrypt
B. enable password-encryption
C. service password-encryption
D. enable secret

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 503

Refer to the exhibit. All VLANs are present in the VLAN database. Which command sequence must be applied to complete the
configuration?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 504
A network engineer is replacing the switches that belong to a managed-services client with new Cisco Catalyst switches. The new
switches will be configured for updated security standards, including replacing Telnet services with encrypted connections and
doubling the modulus size from 1024. Which two commands must the engineer configure on the new switches? (Choose two.)

A. transport input ssh

B. crypto key generate rsa general-keys modulus 1024
C. crypto key generate rsa usage-keys
D. crypto key generate rsa modulus 2048
E. transport input all

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 505
Refer to the exhibit. An engineer is asked to configure router R1 so that it forms an OSPF single-area neighbor relationship with R2.
Which command sequence must be implemented to configure the router?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 506
Which WLC interface provides out-of-band management in the Cisco Unified Wireless Network Architecture?

A. AP-Manager
B. virtual
C. service port
D. Dynamic

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 507
Refer to the exhibit. Which change to the configuration on Switch2 allows the two switches to establish an EtherChannel?

A. Change the protocol to PAgP and use auto mode.

B. Change the LACP mode to desirable.
C. Change the LACP mode to active.
D. Change the protocol to EtherChannel mode on.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 508

Refer to the exhibit. Configurations for the switch and PCs are complete. Which configuration must be applied so that VLANs 2 and 3
communicate back and forth?

A.

B.

C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 509
What is the purpose of classifying network traffic in QoS?

A. configures traffic-matching rules on network devices

B. services traffic according to its class
C. writes the class identifier of a packet to a dedicated field in the packet header
D. identifies the type of traffic that will receive a particular treatment

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 510

Refer to the exhibit Which format matches the Modified EUI-64 IPv6 interface address for the network 2001:db8::/64?

A. 2001:db8:5200:00ff:fe04:0000/64
B. 2001:db8:5000:00ff:fe04:0000/64
C. 2001:db8:5000:0004:5678:0090/64
D. 2001:db8:5000:0000:00ff:fe00:/64

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 511
What must be considered when using 802.11a?

A. It is chosen over 802.11b/g when a lower-cost solution is necessary

B. It is used in place of 802.11b/g when many nonoverlapping channels are required
C. It is susceptible to interference from 2-4 GHz devices such as microwave ovens.
D. It is compatible with 802.11b and 802.11g-compliant wireless devices

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 512
Refer to the exhibit. The given Windows PC is requesting the IP address of the host at www.cisco.com. To which IP address is the
request sent?

A. 192.168.1.226
B. 192.168.1.100
C. 192.168.1.254
D. 192.168.1.253

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 513

Refer to the exhibit. What must be configured to enable 802.11w on the WLAN?

A. Set Fast Transition to Enabled.

B. Set PMF to Required.
C. Enable MAC Filtering.
D. Enable WPA Policy.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 514
Which command must be entered to configure a DHCP relay?

A. ip dhcp relay
B. ip helper-address
C. ip dhcp pool
D. ip address dhcp

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

QUESTION 515

Refer to the exhibit. A network engineer-must configure router R1 with a host route to the server. Which command must the engineer configure?

A. R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.0.2

B. R1(config)# ip route 10.10.10.0 255.255.255.0 192.168.0.2
C. R1(config)# ip route 192.168.0.2 255.255.255.255 10.10.10.10
D. R1(config)# ip route 10.10.10.10 255.255.255.255 192.168.0.2

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 516
What is the advantage of separating the control plane from the data plane within an SDN network?

A. limits data queries to the control plane

B. reduces cost
C. offloads the creation of virtual machines to the data plane
D. decreases overall network complexity

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 517

Refer to the exhibit. A packet that is sourced from 172.16.3.254 is destined for the IP address of GigabitEthermet0/0/0.What is the
subnet mask of the destination route?

A. 255.255.255.255
B. 0.0.0.0
C. 255.255.254.0
D. 255.255.255.0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 518
What are two advantages of implementing a controller-based architecture instead of a traditional network architecture? (Choose two.)

A. It supports complex and high-scale IP addressing schemes.

B. It allows for seamless connectivity to virtual machines.
C. It provides increased scalability and management options.
D. It increases security against denial-of-service attacks.
E. It enables configuration task automation.
Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 519
Which is a fact related to FTP?

A. It relies on the well-known UDP port 69.

B. It always operates without user authentication.
C. It uses two separate connections for control and data traffic.
D. It uses block numbers to identify and mitigate data-transfer errors.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 520

Refer to the exhibit. An engineer is asked to insert the new VLAN into the existing trunk without modifying anything previously
configured. Which command accomplishes this tasks?

A. switchport trunk allowed vlan 104

B. switchport trunk allowed vlan all
C. switchport trunk allowed vlan 100-104
D. switchport trunk allowed vlan add 104

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 521
Which action implements physical access control as part of the security program of an organization?

A. configuring enable passwords on network device

B. setting up lP cameras to monitor key infrastructure
C. configuring a password for the console port
D. backing up syslogs at a remote location

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 522

Refer to the exhibit. When router R1 is sending traffic to IP address 10.56.192.1, which interface or next hop address does it use to
route the packet?

A. 10.56.0.1
B. 0.0.0.0/0
C. 10.56.128.19
D. Vlan57
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 523
OSPF must be configured between routers R1 and R2. Which OSPF configuration must be applied to router R1 to avoid a DR/BDR election?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 524

Refer to the exhibit. Which switch becomes the root bridge?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 525
How do UTP and STP cables compare?

A. UTP cables provide faster and more reliable data transfer rates and STP cables are slower and less reliable.
B. STP cables are shielded and protect against electromagnetic interference and UTP tacks thesame prbtection against electromagnetic interference.
C. STP cables are cheaper to procure and easier to install and UTP cables are more expensive and harder to install.
D. UTP cables are less prone to crosstalk and interference and STP cables are more prone to crosstalk and interference.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 526
What is a characteristic of an SSID in wireless networks?

A. uses policies to prevent unauthorized users

B. uses a case-sensitive text string
C. uses the password to connect to an access point
D. identifies an access point on a WLAN

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 527
What is a characteristic of an SSID in wireless networks?

A. eliminates network piggybacking

B. must include a combination of letters and numbers
C. broadcasts a beacon signal to announce its presence by default
D. prompts a user for a login ID

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 528
What is a characteristic of an SSID in wireless networks?

A. intercepts data threats before they attack a network

B. broadcasts a beacon signal to announce its presence by default
C. encodes connections at the sending and receiving ends
D. identifies an access point on a WLAN

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 529
Which interface condition is occurring in this output?

A. duplex mismatch
B. high throughput
C. collisions
D. queueing

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 530
Which interface condition is occurring in this output?

A. duplex mismatch
B. queueing
C. high throughput
D. collisions

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 531
Which interface condition is occurring in this output?

A. collisions
B. queueing
C. high throughput
D. duplex mismatch

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 532
Which interface condition is occurring in this output?

A. duplex mismatch
B. high throughput
C. queueing
D. collisions

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 533
Which interface condition is occurring in this output?

A. queueing
B. collisions
C. high throughput
D. duplex mismatch

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 534
How does frame switching function on a switch?

A. overwrites the known source MAC address in the address table

B. broadcasts frames to all ports without queueing
C. protects against denial of service attacks
D. performs a Iookup to learn the destination interface

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 535
How does MAC learning function on a switch?

A. broadcasts frames to all ports without queueing

B. is enabled by default on all VLANs and interfaces
C. inspects and drops frames from unknown destinations
D. forwards frames to a neighbor port using CDP
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 536
How does MAC learning function on a switch?

A. increases security on the management VLAN

B. rewrites the source and destination MAC address
C. overwrites the known source MAC address in the address table
D. is enabled by default on all VLANs and interfaces

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 537
What is a reason to implement LAG on a Cisco WLC?

A. Provide link redundancy and load balancing.

B. Increase security and encrypt management frames.
C. Allow for stateful and link-state failover.
D. Enable connected switch ports to fail over and use different VLANs.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 538

Refer to the exhibit. What is the next-hop IP address for R2 so that PC2 reaches the application server via EIGRP?

A. 192.168.30.1
B. 10.10.10.6
C. 192.168.20.1
D. 10.10.10.5

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 539
What is represented beginning with line 1 and ending with line 5 within this JSON schema?

A. key
B. array
C. value
D. object

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 540
What is represented by the word "ge3/28" within this JSON schema?

A. key
B. object
C. array
D. valure

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 541
What is represented by the word "port" within this JSON schema?

A. value
B. object
C. array
D. key

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 542
What is a characteristic of private IPv4 addressing?

A. traverses the internet when an outbound ACL is applied

B. reduces the forwarding table on network routers
C. is used when the ISP requires the new subnet to be advertised to the internet for web services
D. allows multiple companies to use the same address without conflict

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 543
What is a characteristic of private IPv4 addressing?

A. supplies redundancy in the case of failure

B. traverses the internet when an outbound ACL is applied
C. allows multiple companies to use the same address without conflict
D. provides unlimited address ranges

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 544
How does MAC learning function on a switch?

A. protects against denial of service attacks

B. inserts MAC addresses dynamically into the address table
C. buffers and forwards fames with less than 5 CRCs
D. increases security on the management VLAN

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

QUESTION 545
What is a characteristic of encryption in wireless networks?

A. uses policies to prevent unauthorized users

B. prevents the interception of data as it transits a network
C. converts electrical current to radio waves
D. uses the password to connect to an access point

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 546
How does frame switching function on a switch?

A. increases security on the management VLAN

B. forwards frames to a neighbor port using CDP
C. drops received MAC addresses not listed in the address table
D. stores and forwards frames in a buffer and uses error checking

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 547
Which two protocols must be disabled to increase security for management connections to a WireIess LAN Controller? (Choose two)

A. SSH
B. TFTP
C. HTTPS
D. Telnet
E. HTTP

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 548
Which protocol does an access point use to draw power from a connected switch?

A. Cisco Discovery Protocol

B. Neighbor Discovery Protocol
C. Internet Group Management Protocol
D. Adaptive Wireless Path Protocol

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 549
A network architect is considering whether to implement Cisco DNA Center to deploy devices on a new network. The organization is focused
on reducing the time it currently takes to deploy devices in a traditional campus design .For which reason would Cisco DNA Center be more
appropriate than traditional management options?

A. Cisco DNA Center minimizes the level of syslog output when reporting on Cisco devices.
B. Cisco DNA Center supports deployment with a single pane of glass.
C. Cisco DNA Center reduces the need for analytics on third-party access points and devices.
D. Cisco DNA Center provides zero-touch provisioning to third-party devices.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 550
Refer to the exhibit. After applying this configuration to router R1, a network engineer is verifying the implementation. If all links are operating
normally, and the engineer sends a series of packets from PC1 to PC3, how are the packets routed?

A. They are distributed sent round robin to interfaces S0/0/0 and S0/0/1.
B. They are routed to 192.168.100.2.
C. They are routed to 172.16.20.2.
D. They are routed to 1.0.0.0.2.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 551
A network administrator plans an update to the Wi-Fi networks in multiple branch offices. Each location is configured with an SSID called "Office". The
administrator wants every user who connects to the SSID at any location to have the same access level. What must be set the same on each network
to meet the requirement?

A. NAS-ID configuration
B. radio policy
C. profile name
D. security policies

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 552
What is a characteristic of encryption in wireless networks?

A. converts electrical current to radio waves

B. uses a 4-way handshake for authentication
C. uses an algorithm to change data for AP and client communication
D. creates a secure identity-protected tunnel between devices

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 553
How does frame switching function on a switch?

A. modifies frames that contain a known source VLAN

B. sends the frame back to the source to verify availability
C. overwrites the known source MAC address in the address table
D. forwards known destinations to the destination port

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:

QUESTION 554
An organization secures its network with multi-factor authentication using an authenticator app on employee smartphones. How is the application
secured in the case of a user's smartphone being lost or stolen?

A. The application verifies that the user is in a specific location before it provides the second factor.
B. The application requires the user to enter a PlN before it provides the second factor.
C. The application requires an administrator password to reactivate after a configured interval.
D. The application challenges a user by requiring an administrator password to reactivate when the smartphone is rebooted.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 555
Which set of 2.4 GHz nonoverlapping wireless channels is standard in the United States?

A. channels 2,7,9, and 11

B. channels 2,7, and 11
C. channels 16,11, and 14
D. channels 1,6, and 11

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 556
What is a service that is provided by a wireless controller?

A. It provides Layer 3 routing between wired and wireless devices.

B. It mitigates threats from the internet.
C. It manages interference in a dense network.
D. It issues IP addresses to wired devices.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 557
Which IPv6 address block sends packets to a group address rather than a single address?

A. FE80::/10
B. FF00::/8
C. FC00::/7
D. 2000::/3

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 558
What is a function of store-and-forward switching?

A. It reduces latency by eliminating error checking within the frame.

B. It produces an effective level of error-free network traffic using CRCs.
C. It buffers frames and forwards regardless of errors within the frames.
D. It forwards a frame by checking only the destination MAC address.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 559
Refer to the exhibit. Two new switches are being installed. The remote monitoring team uses the support network to monitor both switches. Which
configuration is the next step to establish a Layer 2 connection between the two PCs?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 560
An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual
machine?

A. infrastructure-as-a service
B. platforms-a service
C. software-as-a-service
D. network-as-a-service

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 561
Why is UDP more suitable than TCP for applications that require low latency, such as VolP?

A. UDP reliably guarantees delivery of all packets, and TCP drops packets under heavy load.
B. TCP sends an acknowledgment for every packet that is received, and UDP operates without acknowledgments.
C. UDP uses sequencing data for packets to arrive in order, and TCP offers the capability to receive packets in random order.
D. TCP uses congestion control for efficient packet delivery, and UDP uses flow control mechanisms for the delivery of packets.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 562
Which characteristic differentiates the concept of authentication from authorization and accounting?

A. service limitations
B. identity verification
C. consumption-based billing
D. user-activity logging

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 563
Which address is an example of an IPv6 global unicast address?

A. 2001:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
B. ::1234:XXXX:XXXX:XXXX
C. FC00:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
D. FE80:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 564

Refer to the exhibit. Which address will the client contact to renew their IP address when the current lease expires?

A. 192.168.25.1
B. 192.168.25.254
C. 192.168.25.103
D. 192.168.25.100

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 565

Refer to the exhibit. What is the effect of this configuration?

A. All ARP packets are dropped by the switch.

B. Egress traffic is passed only if the destination is a DHCP server.
C. All ingress and egress traffic is dropped because the interface is untrusted.
D. The switch discards all ingress ARP traffic with invalid MAC-to-lP address bindings

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
QUESTION 566
Which level of severity must be set to get informational syslogs?

A. Critical
B. Debug
C. Notice
D. Alert

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 567
How is a configuration change made to a wireless AP in lightweight mode?

A. HTTPS connection directly to the out-of-band address of the AP

B. CAPWAP/LWAPP connection via the parent WLC
C. SSH connection to the management IP of the AP
D. EolP connection via the parent WLC

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 568
When more than one AP-Manager interface is provisioned on a wireless LAN controller, how is the request handled by the AP?

A. The discovery response from the AP to the AP-Manager interface disables the WLAN port.
B. The AP-Manager with the fewest number of APs is used by the AP to join.
C. The AP join request fails and must be configured statically on the AP-Manager interface:
D. The first AP-Manager interface to respond is chosen by the AP.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 569
A project objective is to minimize the association time to the different access points as mobile devices move around the office. The ideal
solution must cover numerous devices and device types, including laptops, mobile phones, tablets, and wireless printers. What must be configured?

A. 802.11k Neighbor List Dual Band

B. 802.11v BSS Max ldIe Service
C. 802.11ax BSS Configuration
D. 802.1 1v Disassociation Imminent

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 570
Which plane is centralized in software-defined networking?

A. services
B. application
C. data
D. control

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 571
Which two cable types must be used to connect an access point to the WLC when 2.5-Gbps and 5-Gbps upload speeds are required?(Choose two.)

A. Cat3
B. Cat5
C. 10GBASE-T
D. Cat5e
E. 1000BASE-LX/LH

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 572

Refer to the exhibit. With which metric does router R1 learn the route to host 172.16.0.202?

A. 3184439
B. 32445
C. 110
D. 90

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 573
How does Rapid PVST+ create a fast loop-free network topology?

A. It maps multiple VLANs into the same spanning-tree instance.

B. It requires multiple links between core switches.
C. It generates one spanning-tree instance for each VLAN.
D. It uses multiple active paths between end stations.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 574
What is a similarity between 1000BASE-LX and 1000BASE-T standards?

A. Both use the same data-link header and trailer formats.

B. Both cable types support LR connectors.
C. Both cable types support RJ-45 connectors.
D. Both support up to 550 meters between nodes.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 575
What causes a port to be placed in the err-disabled state?

A. nothing plugged into the port

B. link flapping
C. shutdown command issued on the port
D. latency

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 576
What are two reasons to implement IPv4 private addressing on a network? (Choose two.)

A. to facilitate renumbering when merging networks

B. to expand the routing table on the router
C. to conserve global unique IPv4 addresses
D. to provide protection from external denial-of-service attacks
E. to enable internal applications to treat the private IPv4 addresses as unique

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 577

Refer to the exhibit. Siwitch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on Gi0/1 must be configured for
the appropriate VLANs to establish connectivity between the PCs Which command set fulfills the requirement? .

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 578
Which two actions are taken as the result of traffic policing?

A. fragmentation
B. buffering
C. bursting
D. remarking
E. dropping

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 579
Refer to the exhibit. After the configuration is applied, the two routers fail to establish an OSPF neighbor relationship. What is the reason for the problem?

A. The OSPF process IDs are mismatched.

B. The network statement on Router1 is misconfigured.
C. Router2 is using the default hello timer.
D. The OSPF router IDs are mismatched.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 580
What is a characteristic of a SOHO network?

A. connects each switch to every other switch in the network

B. provides high throughput access for 1000 or more users
C. enables multiple users to share a single broadband connection
D. includes at least three tiers of devices to provide load balancing and redundancy

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 581
Which two functions does a WLC perform in the lightweight access-point architecture that an AP performs independently in an autonomous architecture? (Choose
two.)

A. handling the association, authentication, and roaming of wireless clients

B. sending and processing beacon frames
C. managing RF channels, including transmission power
D. encrypting and decrypting traffic that uses the WAP protocol family
E. preventing collisions between wireless clients on the same RF channel

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 582
Rafer to the exhibit. Which route or group are NTP clients?

A. R2 and R3
B. R1, R2, and R3
C. R1
D. R1, R3, and R4

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 583

Refer to the exhibit. In which structure does the word "warning" directly reside?

A. Boolean
B. String
C. Object
D. Array

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 584
Which script paradigm does Puppet use?

A. playbooks and roles

B. recipes and cookbooks
C. manifests and modules
D. strings and marionettes

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 585
Refer to the exhibit. Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet while
using 209.165.202.129 for Port Address Translation?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 586

Refer to the exhibit. A public IPv6 address must be configured for intemet access. Which command must be configured on the R2
WAN interface to the service provider?

A. ipv6 address 2001:db8:XXXX:XXXX:XXXX:ffff:ffff:ffff/64 anycast

B. ipv6 address 2001:db8:123:45::4/64
C. ipv6 address fe80:/10
D. ipv6 address fe80:260:3EFF:FE11:6770 link-local

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 587
What are two functions of a Layer 2 switch? (Choose two)

A. moves packets between different VLANs

B. acts as a central point for association and authentication servers
C. selects the best route between networks on a WAN
D. makes forwarding decisions based on the MAC address of a packet
E. moves packets within a VLAN

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 588
Which two functions are performed by the core layer in a three-tier architecture? (Choose two)

A. Police traffic that is sent to the edge of the network.

B. Inspect packets for malicious activity.
C. Ensure timely data transfer between layers.
D. Provide direct connectivity for end user devices.
E. Provide uninterrupted forwarding service.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 589
After a recent security breach and a RADIUS failure, an engineer must secure the console port of each enterprise router with a local
username and password. Which configuration must the engineer apply to accomplish this task?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 590
Which enhancement is implemented in WPA3?

A. employs PKI to identify access points

B. uses TKIP
C. applies 802.1x authentication
D. protects against brute force attacks

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 591
What must be considered for a locally switched FlexConnect AP if the VLANs that are used by the AP and client access are different?

A. IEEE 802.1Q trunking must be disabled on the switch port.

B. Switch port mode must be set to trunk.
C. Native VLAN must match the management VLAN of the AP.
D. APs must be connected to the switch with multiple links in LAG mode.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 592
Which role does a hypervisor provide for each virtual machine in server virtualization?

A. control and distribution of physical resources

B. infrastructure-as-a-service
C. software-as-a-service
D. services as a hardware controller

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 593
Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being automatically logged out?

A. config sessions maxsessions 0

B. config serial timeout 9600
C. config serial timeout 0
D. config sessions timeout 0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 594

Refer to the exhibit. How must router A be configured so that it only sends Cisco Discovery Protocol information to router C?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 595

Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which lP address does it send the packet?

A. 192.168.14.4
B. 192.168.12.2
C. 192.168.15.5
D. 192.168.13.3

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 596
Which HTTP status code is returned after a successful REST API request?

A. 500
B. 404
C. 200
D. 301

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 597
An engineer is configuring data and voice services to pass through the same port. The designated switch interface fastethemet0/1
must transmit packets using the same priority for data when they are received from the access port of the IP phone. Which configuration must be used?

A. interface fastethernet0/1
switchport voice vlan dot1p
B. interface fastethernet0/1
switchport voice vlan untagged
C. interface fastethernet0/1
switchport priority extend trust
D. interface fastethernet0/1
switchport priority extend cos7

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 598
Why implement VRRP?

A. to provide end users with a virtual gateway in a multivendor network

B. to leverage a weighting scheme to provide uninterupted service
C. to hand over to end users the autodiscovery of virtual gateways
D. to detect link failures without the overhead of Bidirectional Forwarding Detection

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 599

Refer to the exhibit. When router R1 receives a packet with destination IP address 10.56.0.62, through which interface does it route the packet?

A. Vlan60
B. NulI0
C. Vlan58
D. Vlan59

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 600

Which configuration must be applied?

A.

B.

C.

D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 601
A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer has already configured the host
name on the router. Which additional command must the engineer configure before entering the command to generate the RSA key?

A. password password
B. crypto key generate rsa modulus 1024
C. ip ssh authentication-rabies 2
D. ip domain-name domain

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 602
Which two components comprise part of a PKI? (Choose two.)

A. preshared key that authenticates connections

B. RSA token
C. CA that grants certificates
D. one or more CRLs
E. clear-text password that authenticates connections

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 603
What is a practice that protects a network from VLAN hopping attacks?

A. Configure an ACL to prevent traffic from changing VLANs.

B. Assign all access ports to VLANs other than the native VLAN.
C. Implement port security on internet-facing VLANs.
D. Enable dynamic ARP inspection

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 604
What occurs when overlapping Wi-Fi channels are implemented?

A. Network cemmunications are open to eavesdropping.

B. Users experience poor wireless network performance.
C. Wireless devices are unable to distinguish between different SSIDs.
D. The wireless network becomes vulnerable to unauthorized access.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 605

Refer to the exhibit. An engineer must configure GigabitEthermet1/1 to accommodate voice and data traffic. Which configuration accomplishes this

A.

B.
C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 606
Which type of API allows SDN controllers to dynamically make changes to the network?

A. SOAP API
B. REST API
C. southbound API
D. northbound API

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 607

Refer to the exhibit. Which prefix does Router1 use for traffic to Host A?

A. 10.10.13.208/29
B. 10.10.30.0/25
C. 10.10.10.0/28
D. 10.10.13.144/28

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 608
Which 802.11 frame type is Association Response?

A. action
B. control
C. protected frame
D. management

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 609
What is a function of MAC address learning?

A. It is disabled by default on all interfaces connected to trunks.

B. It is enabled by default on all VLANs and interfaces.
C. It increases security on the management VLAN.
D. It increases the potential for MAC address flooding.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 610
An engineer is configuring switch SW1 to act as an NTP server when all upstream NTP server connectivity fails. Which configuration must be used?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 611
What is the purpose of the Cisco DNA Center controller?

A. to securely manage and deploy network devices

B. to provide Layer 3 services to autonomous access paints
C. to scan a network and generate a Layer 2 network diagram
D. to secure physical access to a data center

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 612

Refer to the exhibit. How many JSON objects are represented?

A. 3
B. 1
C. 4
D. 2

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 613

Which configuration must be applied to the interface?

A.

B.

C.

D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 614

Refer to the exhibit. After configuring a new static route on the CPE, the engineer entered this series of commands to verify that the
new configuration is operating normally. When is the static default route installed into the routing table?

A. when a route to 203.0.113.1 is learned via BGP

B. when 203.0.113.1 is no longer reachable as a next hop
C. when the default route learned over external BGP becomes invalid
D. when the default route learned over external BGP changes its next hop

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 615
Refer to the exhibit. What is the subnet mask of the route to the 10.10.13.160 prefix?

A. 255.255.255.128
B. 255.255.255.248
C. 255.255.248.0
D. 255.255.255.240

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 616

Refer to the exhibit. What is the next step to complete the implementation for the partial NAT configuration shown?

A. Configure the NAT outside interface.

B. Modify the access list for the internal network on e0/1.
C. Reconfigure the static NAT entries that overlap the NAT pool.
D. Apply the ACL to the pool configuration.
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 617
In a cloud-computing environment, what is rapid elasticity?

A. control and monitoring of resource consumption by the tenant

B. self-service of computing resources by the tenant
C. automatic adjustment of capacity based on need
D. pooling resources in a multitenant model based on need

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 618
Which WAN topology has the highest degree of reliability?

A. hub-and-spoke
B. point-to-point
C. full mesh
D. router-on-a-stick

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 619
What is an advantage of using auto mode versus static mode for power allocation when an access point is connected to a PoE switch port?

A. It detects the device is a powered device.

B. The default level is used for the access point.
C. Power policing is enabled at the same time.
D. All four pairs of the cable are used.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 620
Which technology is appropriate for communication between an SDN controller and applications running over the network?

A. Southbound API
B. NETCONF
C. OpenFlow
D. RESTAPI

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 621
What is a function of an endpoint?

A. It provides security between trusted and untrusted sections of the network

B. It transmits broadcast traffic between devices in the same VLAN.
C. It passes unicast communication between hosts in a network.
D. It is used directly by an individual user to access network services.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 622
What is the primary difference between AAA authentication and authorization?

A. Authentication verifies a username and password, and authorization handles the communication betWeen the authentication agent and the user database.
B. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
C. Authentication identifies a user who is attempting to access a system, and authorization validates the user‘s password.
D. Authentication controls the system processes a user can access, and authorization logs the activities the user initiates.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 623
What is represented by the word "IPS38" within this JSON schema?

A. array
B. key
C. object
D. value

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 624
What is represented by the word "R29" within this JSON schema?

A. value
B. key
C. array
D. object

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 625
What is represented by the word "VPN11" within this JSON schema?

A. array
B. value
C. object
D. key

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 626
Which two IPv6 addresses are used to provide connectivity between two routers on a shared link? (Choose two.)

A. 2002:XXXX:XXXX:XXXX::1/64
B. ff06:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
C. 2001:XXXX:XXXX:XXXX::1/64
D. ::ffff:10.14.101.1/96
E. FF02:0001 :FF00:0000/104

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 627
Which value is the unique identifier that an access point used to establish and maintain wireless connectivity to wireless network devices?

A. SSID
B. RFlD
C. WLAN ID
D. VLAN ID

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 628

Refer to the exhibit. The switches are connected via 8 Cat5 Ethemet cable that was successfully tested. The interfaces are configured
as access ports and are both in a "down" status. What is the cause of this issue?

A. The switches are configured with incompatible duplex settings.

B. The portfast command is missing from the configuration.
C. The distance between the two switches is not supported by Cat5.
D. The speed settings on the switches are mismatched.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 629

Refer to the exhibit. The DHCP server is configured with a DHCP pool for each of the subnets represented. Which command must be
configured on switch SW1 to allow DHCP clients on VLAN 10 to receive dynamic IP addresses from the DHCP server?

A. SW1(config-if)# ip helper-address 192.168.20.1

B. SW1(config-if)# ip helper-address 192.168.20.2
C. SW1(config-if)# ip helper-address 192.168.10.1
D. SW1(config-if)# ip helper-address 192.168.10.2

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 630
What are two facts that differentiate optical-fiber cabling from copper cabling? (Choose two.)

A. It carries electrical current further distances for PoE devices.

B. It is less expensive when purchasing patch cables.
C. It provides greater throughput options.
D. It has a greater sensitivity to changes in temperature and moisture.
E. It carries signals for longer distances.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 631
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

A. Flex ACL
B. CPU ACL
C. RADIUS
D. TACACS

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 632

Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.01 120 command, how does the router respond?

A. It starts sending traffic without a specific matching entry in the routing table to GigabitEthermet0/1.
B. It ignores the new static route until the existing OSPF default route is removed.
C. It immediately replaces the existing OSPF route in the routing table with the newly configured static route.
D. It starts load-balancing traffic between the two default routes.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 633
A router received three destination prefixes: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. When the show ip route command is executed, which output does it return?

A.

B.

C.

D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 634
Which state is bypassed in Rapid PVST+ when PortFast is enabled on a port?

A. Discarding
B. Blocking
C. Forwarding
D. Learning

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 635
Refer to the exhibit. All routers in the network are configured. R2 must be the DR. After the engineer connected the devices, R1 was
elected as the DR. Which command sequence must be configured on R2 to be elected as the DR in the network?

A.

B.

C.

D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 636

Refer to the exhibit. A network administrator must permit SSH access to remotely manage routers in a network The operations team resides on the
10.20.1.0/25 network. Which command will accomplish this task?

A. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22

B. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
C. no-access-list 2699 deny ip any 10.20.1.0 0.0.0.255
D. access-list 2599 permit udp 10.20.1.0 0.0.0.255

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 637
How are the switches in a spine-and-leaf topology interconnected?

A. Each leaf switch is connected to one of the spine switches.

B. Each leaf switch is connected to two spine switches, marking a loop.
C. Each leaf switch is connected to a central leaf switch, then uplinked to a core spine switch.
D. Each leaf switch is connected to each spine switch.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 638
In QoS, which prioritization method is appropriate for interactive voice and video?
A. traffic policing
B. low-latency queuing
C. round-robin scheduling
D. expedited forwarding

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 639
What is a function of a southbound API?

A. Facilitate the information exchange between an SDN controller and application.

B. Automate configuration changes between a server and a switching fabric.
C. Use orchestration to provision a virtual server configuration from a web server.
D. Manage flow control between an SDN controller and a switching fabric.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 640

A technician receives a report of network slowness and the issue has been isolated to the interface FastEthernet0/13. What is the root cause of the issue?

A. local buffer overload

B. err-disabled port on the far and
C. physical errors
D. duplicate IP addressing

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 641
Under the CRUD model, which two HTTP methods support the UPDATE operation? (Choose two.)

A. GET
B. PATCH
C. POST
D. PUT
E. DELETE

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 642
What are two descriptions of thre-tier network topologies? (Choose two.)

A. The core and distribution layers perform the same functions.

B. The network core is designed to maintain continuous connectivity when devices fail.
C. The distribution layer runs Layer 2 and Layer 3 technologies.
D. The access layer manages routing between devices in different domains.
E. The core layer maintains wired connections for each host.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Exam B

QUESTION 1
Drag and drop the descriptions from the left onto the configuration-management technologies on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Drag and drop the characteristics of networking from the left onto the networking types on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Refer to the exhibit. An engineer is tasked with verifying network configuration parameters on a client workstation to report back to the team
lead. Drag and drop the node identifiers from the left onto the network parameters on the right. Not all values are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Drag and drop the application protocols from the left onto the transport protocols that it uses on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
Drag and drop the commands from the left onto the destination interfaces on the right. Not all commands are used

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
Drag and drop the functions of AAA supporting protocols from the left onto the protocols on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Drag and drop the statements about networking from the left onto the corresponding networking types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Drag and drop the IPv6 address descriptions from the left onto the IPv6 address types on me right. Not all option are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Drag and drop the management connection types from the left onto the definitions on the right

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
Drag and drop the use cases for device-management technologies from the left onto the type that is represented on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
QUESTION 11
Drag and drop the characteristics of northbound APls from the left onto any position on the right. Not all characteristics are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
Drag and drop the characteristics of transport layer protocols from the left onto the corresponding protocols on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
Drag and drop the statements about networking from the left onto the corresponding networking types on the right. Not all statements are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
Drag and drop the statements about AAA services from the left to the corresponding AAA services on the right. Not all options are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
QUESTION 16
Drag and drop the IPv6 DNS record types from the left onto the description on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
Drag and drop the IPv6 address type characteristics from the left to the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured.
Drag and drop the configuration commands from the left into the correct sequence on the right. Not all commands are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 19
Drag and drop the statements about access-point modes from the left onto the corresponding modes on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 20
Drag and drop the configuration management terms from the left onto the descriptions on the right. Not all terms are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 21

Refer to the exhibit. Drag and drop the destination lPs from the left onto the paths to reach those destinations on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 22
Drag and drop the statements about AAA from the left onto the corresponding AAA services on the right. Not all options are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 23
Drag and drop the AAA features from the left onto the corresponding AAA security services on the right. Not all options are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation
Explanation/Reference:

QUESTION 24
Drag and drop the statements about device management from the left onto the corresponding device-management types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 25
Drag and drop the IPv6 address type characteristics from the left to the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 26
Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 27
Drag and drop the Ansible terms from the left onto the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 28
Drag and drop the descriptions of AAA services from the left onto the corresponding services on the right
Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 29
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 30
Drag and drop the QoS features from the left onto the corresponding statements on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 31

Refer to the exhibit. Drag and drop the learned prefixes from the left onto the preferred route methods from which they were learned on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 32
Drag and drop the SNMP components from the left onto the descriptions on the right.
Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 33
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 34
Drag and drop the characteristics of device-management technologies from the left onto the corresponding deployment types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 35
Refer to the exhibit. OSPF is running between site A and site B. Drag and drop the destination lPs from the left onto the network segments
used to reach the destination on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 36
Drag and drop the statements about networking from the left onto the corresponding networking types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 37
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 38
Drag and drop the REST API call methods for HTTP from the left onto the actions they perform on the right. Not all methods are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 39
Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 40
Drag and drop the wireless architecture benefits from the left onto the architecture types on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 41
Drag and drop the DNS commands from the left onto their effects on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 42
Drag and drop the WLAN components from the left onto the component details on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 43

Refer to the exhibit. The Router1 routing table has multiple methods to reach 10.10.10.0/24 as shown. The default Administrative Distance is
used. Drag and drop the network conditions from the left onto the routing methods that Router1 uses on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 44
Drag and drop the wireless standards from the left onto the number of nonoverlapping channels they support on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 45
Drag and drop the DHCP snooping terms from the left onto the descriptions on the right

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 46

Refer to the exhibit. An engineer must configure a static network route between two networks so that host A communicates with host B. Drag
and drop the commands from the left onto the routers where they must be configured on the right. Not all commands are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 47
Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 48
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 49
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 50
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 51
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 52
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 53
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 54
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 55
Drag and drop the Wi-Fi terms from the left onto the descriptions on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 56
Drag and drop the device behaviors from the left onto the matching HSRP state on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 57
Drag and drop the elements of a security program from the left onto the corresponding descriptions on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 58
Drag and drop the IPv6 address from the left onto the type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation
Explanation/Reference:

QUESTION 59

Refer to the exhibit. Drag and drop the prefix lengths from the left onto the corresponding prefixes on the right. Not all prefixes are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 60
Drag and drop the IPv6 address types from the left onto their descriptions on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 61
Drag and drop the AAA terms from the left onto the descriptions on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 62
Drag and drop the descriptions of IP protocol transmissions from the left onto the IP traffic types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 63
Drag the descriptions of device management from the left onto the types of device management on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 64
Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 65
Drag and drop the Rapid PVST+ forwarding state actions from the left to the right. Not all actions are used.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 66
Drag and drop the SNMP components from the left onto the descriptions on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 67
Drag and drop the attack-mitigation techniques from the left onto the types of attack that they mitigate on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 68
Drag and drop the statements about device management from the left onto the corresponding types on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 69
Drag and drop the virtualization concepts from the left onto the matching statements on the right

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 70
Drag and drop the VLAN port modes from the left onto the descriptions on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 71
Drag and drop the cloud-computing components from the left onto the correct descriptions on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 72
Drag and drop the functions of DHCP from the left onto any of the positions on the right. Not all functions are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 73

Refer to the exhibit. Drag and drop the subnet masks from the left onto the corresponding subnets on the right. Not all subnet masks are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 74
Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network attack they mitigate on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 75
Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 76
Drag and drop the RF terms from the left onto the corresponding statements on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 77
Refer to the exhibit. An engineer is required to verify that the network parameters are valid for the users wireless LAN connectivity on
a /24 subnet. Drag and drop the values from the left onto the network parameters on the right. Not all values are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 78
Drag and drop the Ansible features from the left to the right. Not all features are used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 79
Drag and drop the steps in a standard DNS lookup operation from the left into the order on the right

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 80
Drag and drop the functions of SNMP fault-management from the left onto the definitions on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 81

Refer to the exhibit. Drag and drop the learned prefixes from the left onto the subnet masks on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 82
Drag and drop the IPv6 address details from the left onto the corresponding types on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 83
Drag and drop the characteristic from the left onto the cable type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation
Explanation/Reference:

QUESTION 84
Drag and drop the characteristic from the left onto the cable type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 85
Drag and drop the characteristic from the left onto the cable type on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 86
Drag and drop the characteristic from the left onto the cable type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 87
Drag and drop the characteristic from the left onto the cable type on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Exam C

QUESTION 1

A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3

A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 4

A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
A.

B.
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
A.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference: