CCNA 3 v7.0 Final Exam Answers Full - Enterprise Networking, Security, and Automation

Which design feature will limit the size of a failure domain in an enterprise network?

the use of the building switch block approach

Which two things should a network administrator modify on a router to perform password recovery? (Choose two.)

the configuration register value

the startup configuration file

What type of network uses one common infrastructure to carry voice, data, and video signals?

converged

What are three advantages of using private IP addresses and NAT? (Choose three.)

hides private LAN addressing from outside devices that are connected to the Internet

permits LAN expansion without additional public IP addresses

conserves registered public IP addresses

Which two scenarios are examples of remote access VPNs? (Choose two.)

A mobile sales agent is connecting to the company network via the Internet connection at a hotel.

An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.

What are three benefits of cloud computing? (Choose three.)

It streamlines the IT operations of an organization by subscribing only to needed services.

It enables access to organizational data anywhere and at any time.

It eliminates or reduces the need for onsite IT equipment, maintenance, and management.

What is a characteristic of a single-area OSPF network?

All routers are in the backbone area.

A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?

data center

Which type of OSPF packet is used by a router to discover neighbor routers and establish neighbor adjacency?

hello

Which two statements are characteristics of a virus? (Choose two.)

A virus can be dormant and then activate at a specific time or date.

A virus typically requires end-user activation

The type of end user interaction required to launch a virus is typically opening an application, opening a web page, or powering on the computer. Once activated, a virus may infect other files located on the computer or other computers on the same network.

Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?

DSL

A customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?

Ethernet WAN

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use debuggers?

to reverse engineer binary files when writing exploits and when analyzing malware

What command would be used as part of configuring NAT or PAT to clear dynamic entries before the timeout has expired?

clear ip nat translation

What are two characteristics of video traffic? (Choose two.)

Video traffic latency should not exceed 400 ms.

Video traffic is unpredictable and inconsistent.

In setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?

NAT

A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?

virtualization

Which two IPsec protocols are used to provide data integrity?

MD5

SHA

If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?

The host initiates a clientless VPN connection using a compliant web browser to download the client.

A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)

leased line

Ethernet WAN

Which type of QoS marking is applied to Ethernet frames?

CoS

Which is a characteristic of a Type 2 hypervisor?​

does not require management console software

What are the two types of VPN connections? (Choose two.)

site-to-site

remote access

What functionality does mGRE provide to the DMVPN technology?

It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.

DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub.

What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?

the ARP table

What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?

show ip nat statistics

What is a purpose of establishing a network baseline?

It creates a point of reference for future network evaluations.

A baseline is used to establish normal network or system performance. It can be used to compare with future network or system performances in order to detect abnormal situations.

CPE

devices and inside wiring that are located on the enterprise edge and connect to a carrier link

local loop

a physical connection from the customer to the service provider POP

DTE

customer devices that pass the data from a customer network for transmission over the WAN

DCE

devices that provide an interface for customers to connect to within the WAN cloud.

Which statement describes a characteristic of standard IPv4 ACLs?

They filter traffic based on source IP addresses only.

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?

to make repeated guesses in order to crack a password

What are two syntax rules for writing a JSON array? (Choose two.)

Each value in the array is separated by a comma.

Values are enclosed in square brackets.

An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?

DHCP spoofing

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

origin authentication

Secure communications consists of four elements:Data confidentiality - guarantees that only authorized users can read the messageData integrity - guarantees that the message was not alteredOrigin authentication - guarantees that the message is not a forgery and does actually come from whom it statesData nonrepudiation - guarantees that the sender cannot repudiate, or refute, the validity of a message sent

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?

to capture and analyze packets within traditional Ethernet LANs or WLANs

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.3.255

What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?

to influence the DR/BDR election process

An ACL is applied inbound on a router interface. The ACL consists of a single entry:

access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .

If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied?

permitted

What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?​

The leaf switches always attach to the spines, but they never attach to each other.

Which two scenarios would result in a duplex mismatch? (Choose two.)

connecting a device with autonegotiation to another that is manually set to full-duplex

manually setting the two connected devices to different duplex modes

A network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting?

authenticates a packet by using either the HMAC with MD5 method or the SHA method

What are two types of attacks used on DNS open resolvers? (Choose two.)

amplification and reflection

resource utilization

Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning - attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sitesDNS amplification and reflection attacks - attacker sends an increased volume of attacks to mask the true source of the attackDNS resource utilization attacks - a denial of service (DoS) attack that consumes server resources

An ACL is applied inbound on a router interface. The ACL consists of a single entry:

access-list 101 permit udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .

If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4, and a protocol of 23 is received on the interface, is the packet permitted or denied?

denied

Which type of resources are required for a Type 1 hypervisor?

a management console

What are three components used in the query portion of a typical RESTful API request? (Choose three.)

format

key

parameters

A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?

divide and conquer

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

IPsec

Which statement describes a characteristic of Cisco Catalyst 2960 switches?

New Cisco Catalyst 2960-C switches support PoE pass-through.

Which component of the ACI architecture translates application policies into network programming?

the Application Policy Infrastructure Controller

Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)

interface identifier

connection type

What are two benefits of using SNMP traps? (Choose two.)

They eliminate the need for some periodic polling requests.

They reduce the load on network and agent resources.

Which statement accurately describes a characteristic of IPsec?

IPsec is a framework of open standards that relies on existing algorithms.

In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)

connect remote networks

provide data traffic security

Which two statements describe the use of asymmetric algorithms? (Choose two.)

If a private key is used to encrypt the data, a public key must be used to decrypt the data.

If a public key is used to encrypt the data, a private key must be used to decrypt the data.

Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but the complementary matched key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key encrypts the data, the corresponding public key decrypts the data.

What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)

reduced costs

increased flexibility

What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

to gather information about the network and devices

to scan for accessibility

A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

botnet

An ACL is applied inbound on a router interface. The ACL consists of a single entry:

access-list 101 permit tcp 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .

If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45, and a protocol of 23 is received on the interface, is the packet permitted or denied?

denied

What QoS step must occur before packets can be marked?

It is used to create and manage multiple VM instances on a host machine.

A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?

Ethernet WAN

If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

8

Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?

a less-structured approach based on an educated guess

Why is QoS an important issue in a converged network that combines voice, video, and data communications?

Voice and video communications are more sensitive to latency.

In which OSPF state is the DR/BDR election conducted?

two-way

Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?

site-to-site VPN

What is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?

full

Which type of server would be used to keep a historical record of messages from monitored network devices?

syslog

When QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)

delay

jitter

In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?

narrow the scope

What protocol sends periodic advertisements between connected Cisco devices in order to learn device name, IOS version, and the number and type of interfaces?

CDP

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.3.255

Which type of OSPFv2 packet is used to forward OSPF link change information?

link-state update

Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?

dynamic multipoint VPN

What protocol synchronizes with a private master clock or with a publicly available server on the internet?

NTP

An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16, and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0 network to neighbors?

router(config-router)# network 10.1.0.0 0.0.255.255 area 0

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.1.255

How does virtualization help with disaster recovery within a data center?

support of live migration

Live migration allows moving of one virtual server to another virtual server that could be in a different location that is some distance from the original data center.

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

For an extended ACL to meet these requirements the following need to be included in the access control entries:identification number in the range 100-199 or 2000-2699permit or deny parameterprotocolsource address and wildcarddestination address and wildcardport number or name

Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?

building the topology table

What protocol uses agents, that reside on managed devices, to collect and store information about the device and its operation?

SNMP

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.0.255

When will an OSPF-enabled router transition from the Down state to the Init state?

when the router receives a hello packet from a neighbor router

What type of traffic is described as having a high volume of data per packet?

video

What protocol is a vendor-neutral Layer 2 protocol that advertises the identity and capabilities of the host device to other connected network devices?

LLDP

Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?

executing the SPF algorithm

Which type of VPN connects using the Transport Layer Security (TLS) feature?

SSL VPN

Which group of APIs are used by an SDN controller to communicate with various applications?

northbound APIs

A company has consolidated a number of servers and it is looking for a program or firmware to create and control virtual machines which have access to all the hardware of the consolidated servers. What service or technology would support this requirement?

Type-1 hypervisor

What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation?

• ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 netmask 255.255.255.240

Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting, what service or technology would support requirement?

Cloud services

Which three types of VPNs are examples of enterprise-managed site-to-site VPNs? (Choose three.)

IPsec VPN

Cisco Dynamic Multipoint VPN

GRE over IPsec VPN

In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)

It can be viewed by using the show ip ospf database command.

All routers within an area have an identical link-state database.

In an OSPF network which OSPF structure is used to create the neighbor table on a router?

adjacency database

What protocol is used in a system that consists of three elements-a manager, agents, and an information database?

SNMP

What type of traffic is described as not resilient to loss?

data

Which type of API would be used to allow authorized salespeople of an organization access to internal sales data from their mobile devices?

private

Which type of VPN uses a hub-and-spoke configuration to establish a full mesh topology?

dynamic multipoint VPN

What is a characteristic of the REST API?

most widely used API for web services