Networking Essentials Flashcards

Question

Which of the following commands copies the configuration from RAM into NVRAM (A) copy running-config startup-config (B) copy startup-config running-config (C) copy ram nvram (D) copy nvram ram

Answer 1

(A) copy running-config startup-config

Answer 2

(B) no shutdown

Answer 3

(B) The ip address 175.28.1.150 255.255.255.0 command in interface vlan 2 configuration mode. (C) The ip default-gateway 175.28.1.254 command in global configuration mode.

Answer 4

(A) show startup-config

Answer 5

(A) Examsdigest#(config)# line console 0 Examsdigest#(config-line)# password examsdigest Examsdigest#(config-line)# login Examsdigest#(config-line)# exit

Answer 6

(D) Examsdigest#(config)# live vty 0 15 Examsdigest#(config-line)# password examsdigest Examsdigest#(config-line)# login Examsdigest#(config-line)# end

Answer 7

(A) Examsdigest#(config)# interface vlan 1 Examsdigest#(config-line)# ip address 199.255.240.100 255.255.255.0 Examsdigest#(config-line)# no shutdown Examsdigest#(config-line)# end Examsdigest#(config)# ip default-gateway 199.255.240.1

Answer 8

(A) enable secret “type password“

Answer 9

(C) show interfaces vlan 1

Answer 10

(B) configure terminal interface vlan 5 ip address dhcp no shutdown

Answer 11

(A) show mac address-table dynamic

Answer 12

(A) 1.0.0.0 (B) 5.0.0.0 **(C) 140.0.0.0** **(D) 127.0.0.0** (E) 9.0.0.0 **(F) 195.0.0.0** | C, D and F are the correct answers. Class A networks have the first octe

Answer 13

(A) To reserve two addresses for redundant default gateways (routers) (B) To reserve the two addresses required for DHCP operation **(C) To reserve addresses for the subnet broadcast address and subnet ID** (D) To reserve addresses for the subnet ID and default | By definition, two address values in every IPv4 subnet cannot be used as

Answer 14

**(A) 195.0.0.0** (B) 22.22.3.0 **(C) 222.0.0.0** (D) 191.255.255.0 (E) 127.0.0.0 | Class C networks have the first octet in the range of 192–223, inclusive

Answer 15

(A) 2 (B) 5 **(C) 8 ** (D) 11 | 8 bits are enough to create 200 subnets. You need to follow the formula

Answer 16

(A) TRUE **(B) FALSE** | The addresses in the classful network have a structure with two parts: t

Answer 17

**(A) 188.187.186.185** (B) 204.203.202.201 (C) 55.44.22.11 (D) 10.0.0.56 | Class B networks have the first octet in the range of 128–191.

Answer 18

(A) 188.187.186.185 **(B) 204.203.202.201** (C) 55.44.22.11 (D) 10.0.0.56

Answer 19

**(A) TRUE** (B) FALSE

Answer 20

(A) 188.187.186.185 (B) 204.203.202.201 **(C) 55.44.22.11** **(D) 10.0.0.56 ** **(E) 100.24.5.56 ** (F) 192.168.178.6

Answer 21

**(A) 128.0.0.0 - 191.255.0.0** (B) 1.0.0.0 - 126.0.0.0 (C) 192.0.0.0 - 223.255.255.0 (D) 224.0.0.0 - 254.255.255.0

Answer 22

(A) 128.0.0.0 - 191.255.0.0 (B) 1.0.0.0 - 126.0.0.0 **(C) 192.0.0.0 - 223.255.255.0** (D) 224.0.0.0 - 254.255.255.0

Answer 23

**(A) 255.0.0.0** (B) 255.255.0.0 (C) 255.255.255.0 (D) 255.255.255.255 | Class A networks have the first octet in the range of 1–126.

Answer 24

(A) The network ID is 172.0.0.0. (B) The default mask for the network is 255.255.255.0. **(C) The network is a Class B network. ** **(D) The number of host bits in the unsubnetted network is 16. ** (E) The broadcast address of the network is 172.255.255.255 | The first octet (172) is in the range of values for Class B addresses (1

Answer 25

(A) 4 (B) 5 (C) 6 **(D) 7** | You need to follow the formula of 2S > number of subnets

Answer 26

(A) 172.28.255.254 (B) 172.255.255.255 (C) 172.28.200.255 **(D) 172.28.255.255**

Answer 27

(A) A **(B) B** (C) C (D) D

Answer 28

(A) 255.0.0.0 **(B) 255.255.0.0** (C) 255.255.255.0 (D) 255.255.255.255

Answer 29

(A) A (B) B **(C) C** (D) D

Answer 30

(A) 10.0.0.0 - 140.255.255.0 **(B) 192.0.0.0 - 223.255.255.0** (C) 200.0.0.0 - 223.255.255.0 (D) 224.0.0.0 - 254.255.255.0

Answer 31

**(A) 9.255.255.254** (B) 10.255.255.254 (C) 11.255.255.254 (D) 12.255.255.254

Answer 32

(A) TRUE **(B) FALSE**

Answer 33

(A) 2 **(B) 3** (C) 4 (D) 5

Answer 34

**(A) 172.31.100.0** (B) 164.16.2.0 (C) 192.166.255.0 **(D) 192.168.1.0** (E) 11.11.11.0 **(F) 172.24.0.0**

Answer 35

(A) show ip ospf **(B) show ip ospf interface brief** (C) show ospf brief (D) show ospf interface brief

Answer 36

(A) 1 (B) 5 **(C) 2** (D) 0

Answer 37

(A) show ip ospf neighbor serial 0/1 **(B) show ip ospf neighbor serial 1/0** (C) show ip ospf neighbor fastethernet 0/1 (D) show ip ospf serial 0/1

Answer 38

(A) interior gateway protocol (B) different gateway protocol (C) autonomous gateway protocol **(D) exterior gateway protocol**

Answer 39

**(A) 0.0.255.255** (B) 0.0.0.255 (C) 0.255.255.255 (D) 0.0.0.0

Answer 40

(A) show ip codes **(B) show ip route** (C) show ip interfaces (D) show ip connected

Answer 41

**(A) TRUE** (B) FALSE

Answer 42

**(A) TRUE** (B) FALSE

Answer 43

(A) network 20.0.0.1 0.0.255.255 area 0 (B) network 20.0.0.1 0.0.0.255 area 0 (C) network 20.0.0.0 255.0.0.0 area 0 **(D) network 20.0.0.0 0.255.255.255 area 0**

Answer 44

(A) R2# router ospf 3 R2# network 0.0.0.0 255.255.255.255 area 0 R2# interface GigabitEthernet0/0 R2(config-if)# ip address 158.159.170.2 255.255.255.0 R2# interface GigabitEthernet0/1/0 R2(config-if)# ip address 158.159.160.2 255.255.255.0 **(B) R2# router ospf 2 R2# network 0.0.0.0 255.255.255.255 area 0 R2# interface GigabitEthernet0/0 R2(config-if)# ip address 158.159.170.2 255.255.255.0 R2# interface GigabitEthernet0/1/0 R2(config-if)# ip address 158.159.160.2 255.255.255.0** (C) R2# router ospf 2 R2# network 0.0.0.0 255.255.255.255 area 0 R2# interface GigabitEthernet0/0 R2(config-if)# ip address 158.159.170.2 255.255.0.0 R2# interface GigabitEthernet0/1/0 R2(config-if)# ip address 158.159.160.2 255.255.0.0 (D) R2# router ospf 2 R2# network 0.0.0.0 255.255.255.255 area 1 R2# interface GigabitEthernet0/0 R2(config-if)# ip address 158.159.170.2 255.255.255.0 R2# interface GigabitEthernet0/1/0 R2(config-if)# ip address 158.159.160.2 255.255.255.0

Answer 45

(A) R2 **(B) R4** (C) R7 (D) R5

Answer 46

(A) show ip ospf brief **(B) show ip ospf interface brief** (C) show ip interface brief (D) show ospf interface brief

Answer 47

(A) Both routers’ interface IP addresses are in the same subnet (B) Both routers’ OSPF process uses process ID 3 **(C) Both routers’ OSPF process uses router ID 42.42.42.42 ** (D) Both routers’ interfaces use an OSPF Dead interval of 80

Answer 48

(A) Backbone area (B) Internal router (C) Backbone router **(D) Area Border Router**

Answer 49

(A) IGRP **(B) OSPF** (C) RIP (D) IS-IS

Answer 50

(A) request 145.45.3.2 (B) check 145.45.3.2 **(C) ping 145.45.3.2** (D) ping 145.45.3.2

Answer 51

(A) A different STP cost (spanning-tree cost value) (B) A different access VLAN (switchport access vlan vlanid) **(C) A different speed (speed value) ** **(D) A default setting for switchport (switchport)**

Answer 52

**(A) A shutdown command issued from VLAN 4 configuration mode ** **(B) VTP on the switch removing VLAN 5 from the switch’s VLAN list ** (C) 1 out of 10 working VLAN 4 access ports failing due to physical problems (D) A shutdown command issued from VLAN 6 configuration mode

Answer 53

(A) show interfaces **(B) show protocols** (C) show values (D) show routing

Answer 54

(A) show route (B) show routing table **(C) show ip route** (D) show route table

Answer 55

(A) show route 156.10.2.0 (B) show routing table 156.10.2.0 **(C) show ip route 156.10.2.0** (D) show route table 156.10.2.0

Answer 56

**(A) TRUE ** (B) FALSE

Answer 57

**(A) G0/3/0** (B) G0/2/0 (C) G0/1/0 (D) G0/0/0

Answer 58

**(A) ssh -l userexamsdigest 145.167.2.1 passexamsdigest** (B) ssh -l userexamsdigest 145.167.2.2 passexamsdigest (C) ssh -l userexams 145.167.2.1passexamsdigest (D) ssh -l userexamsdigest 145.167.2.1 examsdigest

Answer 59

**(A) R1# configure terminal R1(config)# interface G0/0 R1(config-if)# ip address 158.159.162.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface G0/1 R1(config-if)# ip address 158.159.161.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface S0/0 R1(config-if)# ip address 158.159.160.1 255.255.255.0 R1(config-if)# no shutdown ** (B) R1# configure terminal R1(config)# interface G0/1 R1(config-if)# ip address 158.159.162.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface G0/0 R1(config-if)# ip address 158.159.161.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface S0/0 R1(config-if)# ip address 158.159.160.1 255.255.255.0 R1(config-if)# no shutdown (C) R1# configure terminal R1(config)# interface G0/0 R1(config-if)# ip address 158.159.162.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface G0/1 R1(config-if)# ip address 158.159.161.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface S0/1 R1(config-if)# ip address 158.159.160.1 255.255.255.0 R1(config-if)# no shutdown (D) R1# configure terminal R1(config)# interface G0/0 R1(config-if)# ip address 158.159.162.1 255.255.0.0 R1(config-if)# no shutdown R1(config-if)# interface G0/1 R1(config-if)# ip address 158.159.161.1 255.255.0.0 R1(config-if)# no shutdown R1(config-if)# interface S0/0 R1(config-if)# ip address 158.159.160.1 255.255.0.0 R1(config-if)# no shutdown

Answer 60

**(A) ip address [address mask] ** (B) interface [address mask] (C) set ip [address mask] (D) add address [address mask]

Answer 61

(A) show ip protocol brief (B) show ip addresses brief **(C) show ip interface brief** (D) show ip status brief

Answer 62

**(A) A connected route for subnet 10.1.1.64 255.255.255.192** (B) A local route for host 10.1.1.64 255.255.255.255 **(C) A local route for host 10.1.1.100 255.255.255.255** (D) A local route for host 10.1.1.100 255.255.255.192 (E) A connected route for subnet 10.1.1.0 255.255.255.0

Answer 63

(A) routed interface (B) enable interface (C) no switch interface **(D) no switchport**

Answer 64

(A) ip route 156.187.45.0 255.255.0.0 156.187.80.45 (B) ip route 156.187.45.0 255.255.255.0 156.187.80.46 (C) ip route 156.187.0.0 255.255.255.0 156.187.80.45 **(D) ip route 156.187.45.0 255.255.255.0 156.187.80.45**

Answer 65

**(A) Subnet ID: 20.54.23.0 Broadcast Address: 20.54.23.255** (B) Subnet ID: 20.54.0.0 Broadcast Address: 20.54.0.255 (C) Subnet ID: 20.54.0.0 Broadcast Address: 20.54.255.255 (D) Subnet ID: 20.54.23.1 Broadcast Address: 20.54.23.255

Answer 66

(A) 255.255.255.254 **(B) 254.0.0.0** (C) 255.254.0.0 (D) 255.255.254.0

Answer 67

**(A) Prefix length = 24 | Class = C ** (B) Prefix length = 20 | Class = B (C) Prefix length = 15 | Class = C (D) Prefix length = 30 | Class = A

Answer 68

(A) 12.5.1.156 **(B) 12.5.5.200** (C) 12.5.4.254 (D) 12.5.255.200

Answer 69

Answer 70

(A) 11111111.11111111.11111111.11111100 **(B) 11111111.11111111.11111111.11110000** (C) 11111111.11111111.11111111.10000000 (D) 11111111.11111111.11111111.11111110

Answer 71

**(A) 11111111.11000000.00000000.00000000** (B) 11111111.11111111.11111111.00000000 (C) 11111111.11111111.11111111.10000000 (D) 11111111.11111111.11111111.11111110

Answer 72

(A) 10.75.5.0 (B) 10.75.0.0 **(C) 10.75.20.0** (D) 10.0.0.0

Answer 73

(A) 10.75.5.0 **(B) 10.75.0.0** (C) 10.75.20.0 (D) 10.0.0.0

Answer 74

(A) 255.255.192.0 (B) 255.128.0.0 **(C) 255.255.128.0 ** (D) 255.255.224.0

Answer 75

**(A) 255.255.255.240** (B) 255.128.224.0 (C) 255.255.255.224 (D) 255.255.255.248

Answer 76

**(A) TRUE** (B) FALSE

Answer 77

(A) TRUE **(B) FALSE**

Answer 78

(A) /20 (B) /21 (C) /22 **(D) /23**

Answer 79

**(A) /10** (B) /11 (C) /12 (D) /13

Answer 80

Answer 81

(A) Broadcast address: 10.75.255.255 (B) Broadcast address: 10.75.20.255 **(C) Broadcast address: 10.79.255.255** (D) Broadcast address: 10.80.255.255

Answer 82

**(A) Broadcast address: 172.30.127.255** (B) Broadcast address: 172.30.70.255 (C) Broadcast address: 172.30.100.255 (D) Broadcast address: 172.30.87.255

Answer 83

(A) 255.255.255.240 **(B) 255.255.255.252** (C) 255.255.192.0 (D) 255.255.252.0

Answer 84

(A) 255.255.255.192 (B) 255.255.224.0 (C) 255.255.128.0 **(D) 255.255.192.0**

Answer 85

**(A) /24** (B) /21 (C) /19 **(D) 255.255.255.252** (E) 255.255.240.0 (F) 255.255.224.0

Answer 86

(A) /10 **(B) /11** (C) /9 (D) /8

Answer 87

Answer 88

(A) 255.255.255.192 **(B) 255.255.254.0 ** (C) 255.255.252.0 (D) 255.255.255.224

Answer 89

**(A) 11111111.11000000.00000000.00000000** (B) 11111111.11100000.00000000.00000000 (C) 11111111.11110000.00000000.00000000 (D) 11111111.11111000.00000000.00000000

Answer 90

When APs are placed at different geographic locations, they can all be interconnected by a switched infrastructure. The 802.11 standard calls this an extended service set (ESS). **(A) TRUE** (B) FALSE

Answer 91

A lightweight access point in which one of the following architectures participate? (A) Light-MAC (B) Tunnel-MAC (C) Big-MAC **(D) Split-MAC**

Answer 92

Which of the following controller ports is used to connect to a peer controller for high availability (HA) operation? (A) Service port (B) Distribution system port **(C) Redundancy port** (D) Console port

Answer 93

Which of the following wireless security tools is used to protect the integrity of data in a wireless frame? **(A) MIC - message integrity check** (B) WIPS (C) WEP (D) EAP

Answer 94

Wi-Fi is based on ________________ IEEE standards. (A) 802.2 (B) 802.1 (C) 802.12 **(D) 802.11** ## Footnote The IEEE 802.11 standard defines Wi-Fi, while 802.3 standard defines Ethernet.

Answer 95

Which of the following bridges can be used to provide wireless connectivity to a non-wireless device? (A) Wireless repeater **(B) Workgroup bridge** (C) Transparent bridge (D) Adaptive bridge ## Footnote The workgroup bridge associates to an access point on your network

Answer 96

Which controller interface type maps a WLAN to a VLAN? (A) Management interface (B) Redundancy management (C) Virtual interface (D) Service port interface **(E) Dynamic interface**

Answer 97

Which is the most preferred and secure way of connecting to a WLC GUI to configure a new WLAN? (A) SSH (B) HTTP **(C) HTTPS** (D) FTP (E) None of the above

Answer 98

The maximum configurable number of WLANs on a controller is __________________. (A) 5 (B) 152 (C) 251 **(D) 512**

Answer 99

Which of the following IEEE 802.11 Wi-Fi standards use the 5 GHz band? (Choose all that apply) (A) 802.11 (B) 802.11b (C) 802.11g **(D) 802.11a (E) 802.11n (F) 802.11ac (G) 802.11ax**

Answer 100

Wi-Fi commonly uses the 2.5GHz and __________________ GHz bands. **(A) 5** (B) 3 (C) 1 (D) 4

Answer 101

Choose the term that best describes a Cisco wireless access point that operates in a standalone, independent manner. (A) Standalone Access point (AP) **(B) Autonomous Access Point (AP)** (C) Independent Access Point (AP) (D) Cisco Access Point (AP)

Answer 102

You are creating a new WLAN with the controller GUI, which of the following parameters are necessary? (Choose two) (A) VLAN number **(B) SSID (C) Interface ** (D) BSSID (E) IP subnet

Answer 103

Which one of the following is a wireless encryption method that is not recommended for use due to vulnerability issues? (A) Advanced Encryption Standard (AES) (B) Wi-Fi Protected Access (WPA) **(C) Wired Equivalent Privacy (WEP)** (D) Extensible Authentication Protocol (EAP)

Answer 104

Which of the following IEEE 802.11 Wi-Fi standards use the 2.4 GHz band? (Choose all that apply) **(A) 802.11 (B) 802.11b (C) 802.11g ** (D) 802.11a **(E) 802.11n** (F) 802.11ac **(G) 802.11ax**

Answer 105

Given the following URI https://courses.examsdigest.com/ccna, which part is the hostname? (A) https (B) courses **(C) courses.examsdigest.com ** (D) examsdigest.com (E) examsdigest.com/ccna

Answer 106

Which of the following protocols uses the port 443? **(A) HTTPS ** (B) HTTP (C) SMTP (D) SSH

Answer 107

Which of the following protocols uses the port 80? (A) HTTPS **(B) HTTP** (C) SMTP (D) SSH

Answer 108

Which of the following protocols uses the port 25? (A) HTTPS (B) HTTP **(C) SMTP** (D) SSH

Answer 109

Which of the following protocols uses the port 22? (A) HTTPS (B) HTTP (C) SMTP **(D) SSH**

Answer 110

Which of the following port numbers the SNMP protocol uses? (A) 20 (B) 25 (C) 160 **(D) 161**

Answer 111

Which of the following port numbers the POP3 protocol uses? (A) 100 **(B) 110 ** (C) 120 (D) 130

Answer 112

Which of the following port numbers the DNS protocol uses? (A) 50 (B) 51 (C) 52 **(D) 53**

Answer 113

The senior network engineer assigns you a task that requires ACL configuration. He provides the following diagram and the requirements below: 1. Enable the ACL inbound on R2’s G0/1 interface. 2. Permit packets coming from the host with IP 20.2.2.1 3. Deny packets coming from the rest subnet 20.2.2.0/24 4. Permit packets coming from a network with subnet 155.165.0.0/16 Now you are responsible to configure the R2 using the ACL standard number 1. Which of the following commands will you type to complete the task? (A) R2# configure terminal R2(config)# access-list 1 permit 20.2.2.1 R2(config)# access-list 1 deny 20.2.2.0 0.0.0.255 R2(config)# access-list 1 permit 155.165.0.0 0.0.255.255 R2(config)# interface G0/2 R2(config-if)# ip access-group 1 in **(B) R2# configure terminal R2(config)# access-list 1 permit 20.2.2.1 R2(config)# access-list 1 deny 20.2.2.0 0.0.0.255 R2(config)# access-list 1 permit 155.165.0.0 0.0.255.255 R2(config)# interface G0/1 R2(config-if)# ip access-group 1 in ** (C) R2# configure terminal R2(config)# access-list 1 permit 20.2.2.1 R2(config)# access-list 1 deny 20.2.2.0 0.0.0.255 R2(config)# access-list 1 permit 155.165.0.0 0.0.255.255 R2(config)# interface G0/1 (D) R2# configure terminal R2(config)# access-list 1 deny 20.2.2.1 R2(config)# access-list 1 deny 20.2.2.0 0.0.0.255 R2(config)# access-list 1 permit 155.165.0.0 0.0.255.255 R2(config)# interface G0/1 R2(config-if)# ip access-group 1 in

Answer 114

Which of the following options are things that a standard IP ACL could be configured to do? (Choose two answers.) **(A) Match the exact source IP address** **(B) Match all IP addresses in a subnet with one access-list command without matching other IP addresses ** (C) Match IP addresses 20.2.2.2 through 20.2.2.22 with one access-list command without matching other IP addresses (D) Match only the packet’s destination IP address

Answer 115

One of the differences between named and numbered ACLs is that named ACLS using ACL subcommands, not global commands, to define the action and matching parameters. **(A) TRUE** (B) FALSE

Answer 116

Given the following fields, which of those cannot be compared on an extended IP ACL? (A) Application protocol (B) Destination IP address (C) Source IP address **(D) URL** (E) TOS Byte

Answer 117

Your task is to type a one-line standard ACL that matches the following criteria. All access-list commands use the number 1 in the command. Criteria #1: Permit packets from 186.33.2.3 ACL command #1: ______________________ **(A) access-list 1 permit 186.33.2.3** (B) access-list 1 deny 186.33.2.3 (C) access-list 1 permit 186.33.2.0 (D) access-list 1 deny 186.33.0.0

Answer 118

Your task is to type a one-line standard ACL that matches the following criteria. All access-list commands use the number 1 in the command. Criteria #2: Permit packets from hosts with 56.57.2 as the first three octets ACL command #2: ______________________ **(A) access-list 1 permit 56.57.2.0 0.0.0.255** (B) access-list 1 permit 57.57.2.0 0.0.0.255 (C) access-list 1 permit 56.57.2.0 0.0.255.255 (D) access-list 1 deny 56.57.2.0 0.0.0.255

Answer 119

Your task is to type a one-line standard ACL that matches the following criteria. All access-list commands use the number 1 in the command. Criteria #3: Permit packets from hosts with 56.57 as the first two octets ACL command #3: ______________________ (A) access-list 1 permit 56.57.0.0 0.255.255.255 **(B) access-list 1 permit 56.57.0.0 0.0.255.255** C) access-list 1 permit 56.58.0.0 0.0.255.255 (D) access-list 1 permit 56.57.0.0 0.0.0.0

Answer 120

Your task is to type a one-line extended ACL that matches the following criteria. All access-list commands use the number 101 in the command. Criteria #4: Permit packets from web client 65.5.5.5, sent to a web server in subnet 65.5.6.0/24 ACL command #4: ______________________ (A) access-list 101 permit tcp host 65.5.5.5 65.5.6.0 0.0.0.255 eq 23 (B) access-list 101 permit any any **(C) access-list 101 permit tcp host 65.5.5.5 65.5.6.0 0.0.0.255 eq www ** (D) access-list 101 deny tcp host 65.5.5.5 65.5.6.0 0.0.0.255 eq www

Answer 121

Your task is to type a one-line extended ACL that matches the following criteria. All access-list commands use the number 101 in the command. Criteria #5: Permit any and every IPv4 packet ACL command #5: ______________________ (A) access-list 101 permit ip any any (B) access-list 101 deny ip any any (C) access-list 101 permit ip 0.0.0.0 any (D) access-list 101 permit ip any 0.0.0.0

Answer 122

Which of the following commands display the configuration of an IPv4 ACL, including line numbers? (Choose two answers.) (A) show running-config (B) show startup-config **(C) show ip access-lists (D) show access-lists**

Answer 123

Type the access-list command that permits all packets sent from hosts in subnet 14.15.16.0/24. Use the ACL number 50 for the ACL rule. (A) access-list 50 permit 14.15.17.0 0.0.0.255 (B) access-list 50 deny 14.15.16.0 0.0.0.255 (C) access-list 50 permit 14.15.16.0 0.255.255.255 **(D) access-list 50 permit 14.15.16.0 0.0.0.255**

Answer 124

Given the following access-list command access-list 2 permit 192.168.4.0 0.0.0.255, choose the exact range of IP addresses, matched by the command. (A) 192.167.4.0 – 192.168.4.255 (B) 192.168.4.0 – 192.168.5.255 **(C) 192.168.4.0 – 192.168.4.255** (D) 192.0.0.0 – 192.168.4.255

Answer 125

The range of valid ACL numbers for standard numbered IP ACLs is: (A) 1-99 and 1700 - 1999 **(B) 1-99 and 1300 - 1999** (C) 1-101 and 1300 - 1999 (D) 1-49 and 1400 - 1999

Answer 126

The ACL 55 on R1 has four statements, in the following order, with address and wildcard mask values as follows: 1. 20.0.0.0 0.255.255.255 2. 20.20.0.0 0.0.255.255 3. 20.20.20.0 0.0.0.255 4. 2.2.2.0 0.0.0.255 If a router tried to match a packet sourced from IP address 20.20.20.20 using this ACL, which ACL statement does a router consider the packet to have matched? **(A) First statement** (B) Second statement (C) Third statement (D) Forth statement (E) Implied deny at the end of the ACL

Answer 127

Which of the following access-list denies packets with a UDP header, any source IP address with source port greater than 10455, a destination IP address 30.3.3.3 and a destination port equal to 25? (A) access-list 101 deny udp any gt 10455 host 30.3.3.3 eq 28 **(B) access-list 101 deny udp any gt 10455 host 30.3.3.3 eq 25** (C) access-list 101 deny tcp any gt 10455 host 30.3.3.3 eq 25 (D) access-list 101 deny udp any gt 25 host 30.3.3.3 eq 25

Answer 128

Which of the following access-list denies packets with a UDP header, a source IP address 30.3.3.3 and a source port greater than 10455, any destination IP address 30.3.3.3 with destination port equal to 25? (A) access-list 101 deny udp host 30.3.3.3 gt 10455 any eq 30 (B) access-list 101 deny udp host 30.3.3.3 gt 25 any eq 25 (C) access-list 101 deny udp host 30.0.0.0 gt 10455 any eq25 **(D) access-list 101 deny udp host 30.3.3.3 gt 10455 any eq 25**

Answer 129

Choose the wildcard mask that matches all IP packets in the subnet 46.45.44.0, and mask 255.255.255.0. **(A) 0.0.0.255** (B) 0.0.255.255 (C) 0.255.255.255 (D) 255.255.255.255

Answer 130

**(A) Source IP address (B) MAC address ** (C) ARP address (D) Routing table (E) Destination IP address (F) ARP table

Answer 131

(A) DHCP (B) ARP **(C) RADIUS** (D) HTTP

Answer 132

(A) SW-examsD#configure terminal SW-examsD(config)#interface FastEthernet0/2 SW-examsD(config-if)#switchport mode access SW-examsD(config-if)#switchport port-security SW-examsD(config-if)#switchport port-security macaddress 0200.1111.2222 (B) SW-examsD#configure terminal SW-examsD(config)#interface FastEthernet0/1 SW-examsD(config-if)#switchport mode access SW-examsD(config-if)#switchport port-security (C) SW-examsD#configure terminal SW-examsD(config)#interface FastEthernet0/1 SW-examsD(config-if)#switchport mode access SW-examsD(config-if)#switchport port-security SW-examsD(config-if)#switchport port-security macaddress 0200.2222.2222 **(D) SW-examsD#configure terminal SW-examsD(config)#interface FastEthernet0/1 SW-examsD(config-if)#switchport mode access SW-examsD(config-if)#switchport port-security SW-examsD(config-if)#switchport port-security macaddress 0200.1111.2222**

Answer 133

(A) Spoofing (B) Phishing **(C) DoS** (D) SQL injection

Answer 134

(A) Worm (B) Virus (C) Spyware **(D) Trojan**

Answer 135

(A) Hub **(B) Layer 2 switches** (C) Routers **(D) Layer 3 switches** (E) Access Points (F) End users

Answer 136

(A) Security automation (B) Granular application visibility and control **(C) Contextual awareness** (D) Superior effectiveness

Answer 137

**(A) Guess a user’s password** (B) Make a server unavailable (C) Spoof every possible IP address (D) Alter a routing table

Answer 138

**(A) TRUE** (B) FALSE

Answer 139

(A) Social engineering (B) Phishing **(C) Whaling** (D) Pharming

Answer 140

(A) Social engineering **(B) Phishing** (C) Whaling (D) Pharming

Answer 141

(A) DoS **(B) DAI** (C) Packet secure (D) ARP protect

Answer 142

**(A) TRUE ** (B) FALSE

Answer 143

(A) recovery cause psecure-violation (B) errdisable recovery psecure-violation (C) errdisable recovery **(D) errdisable recovery cause psecure-violation**

Answer 144

(A) Match message destination well-known port 23 **(B) Match message application data** (C) Match message IP protocol 23 (D) Match message source TCP ports lower than 5400 ## Footnote next-generation firewalls are being able to also check application data beyond the Transport layer header.

Answer 145

**(A) Acknowledgment ** (B) Request **(C) Offer** (D) Discover

Answer 146

A. The network ID is 172.16.140.0, the directed broadcast is 172.16.148.255, the first host is 172.16.140.1, and the last host is 172.16.148.254 B. The network ID is 172.16.96.0, the directed broadcast is 172.16.168.255, the first host is 172.16.96.1, and the last host is 172.16.168.254 C. The network ID is 172.16.128.0, the directed broadcast is 172.16.163.255, the first host is 172.16.128.1, and the last host is 172.16.163.254 D. The network ID is 172.16.136.0, the directed broadcast is 172.16.143.255, the first host is 172.16.136.1, and the last host is 172.16.143.254

Answer 147

A. Version control B. Centralized configuration C. Configuration drift D. Configuration monitoring

Answer 148

A. Cisco IOS debug messages B. The diagnostic console menu C. A graphical picture showing the real-time status of the LED D. Cisco IOS software setup mode

Answer 149

A. The [ip ospf area] command can be used to enable OSPF directly on an interface. B. The [ip ospf cost] command specifies the OSPF cost of directing a packet across the network to the destination. C. The [network area] command defines the network boundary and ospf routing process number. D. The [router ospf] command configures an OSPF routing process.

Answer 150

A. TKIP B. CCMP C. GCMP D. EAP

Answer 151

A. show ipv6 cef B. show ipv6 mroute C. show ipv6 neighbors D. show ipv6 route

Answer 152

A. There will be 254 possible hosts in each subnet B. There will be 510 possible hosts in each subnet C. /23 is the new subnet mask D. 7 bits will be borrowed E. 8 bits will be borrowed F. /24 is the new subnet mask

Answer 153

A. This is a normal message that appears each time the device boots and should be disabled B. There is no configuration in FLASH C. There is no start-up configuration in NVRAM D. There is no configuration in RAM

Answer 154

A. Network Access B. Transport C. Internet D. Application

Answer 155

A. enable B. ? C. init D. login

Answer 156

A. Cloud B. Switch C. Router D. NAT server E. Source PC F. Destination PC

Answer 157

A. bootstrap B. ROM monitor C. ROM D. POST E. RAM F. NVRAM

Answer 158

A. AWS1 (config)#interface range fa 0/1 AWS1 (config-if-range)#spanning-tree portfast B. AWS1 (config)# spanning-tree portfast C. AWS1 (config)#interface range fa 0/1-24 AWS1 (config-if-range)#spanning-tree portfast D. AWS1 (config)# spanning-tree portfast default

Answer 159

A. It has more than one interface that is connected to the root network segment. B. It is running RSTP while the elected root bridge is running 802.1d spanning tree. C. It has a higher MAC address than the elected root bridge. D. It has a higher bridge ID than the elected root bridge.

Answer 160

A. Shaping B. Policing C. Priority scheduling D. Round-robin scheduling

Answer 161

A. Client B. Off C. Transparent D. Server

Answer 162

A. Show running-config B. Show ip ospf interface C. Show ip ospf neighbors D. Show ip route ospf E. Show ip ospf database

Answer 163

A. It will automatically assign MAC addresses to clients in accordance to VLAN settings B. It is a favourable solution when mobile clients exist in the network C. It provides host-based security including anti-virus and anti-malware D. It will discover the MAC address to IPv4 address mappings for clients E. It will automatically assign IPv4 addresses to clients in accordance to VLAN settings

Answer 164

A. Area ID B. Router ID C. Neighbors D. Hello and dead intervals

Answer 165

A. All routers share a view of the topology B. The reference bandwidth can be adjusted to match the environment C. The most efficient path through a network can be determine using the highest cost D. Cost is calculated using interface and reference bandwidth

Answer 166

A. show monitor B. route print C. show ip route D. traceroute

Answer 167

A. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 10, int gi0/12, ip dhcp snooping trust B. Configure the following on SW 1: ip dhcp snooping, ip dhcp snooping vlan 10, int gi0/24, ip dhcp snooping trust C. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 10, int gi0/24, ip dhcp snooping trust D. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 20, int gi0/24, ip dhcp snooping trust E. Configure the following on SW 2: ip dhcp snooping, ip dhcp snooping vlan 20, int gi0/12, ip dhcp snooping trust F. Configure the following on SW 1: ip dhcp snooping, ip dhcp snooping vlan 20, int gi0/24, ip dhcp snooping trust

Answer 168

A. /52 B. /56 C. /64 D. /32 E. /48 F. /60

Answer 169

A. 802.1, 802.3 B. 802.1, 802.3 C. 802.3, 802.11 D. 802.11, 802.3

Answer 170

A. Maintenance B. Physical C. Environmental D. Remote Access E. Local Access F. Electrical

Answer 171

Which of the following configuration management tools uses agentless architecture for managing network devices? **(A) Ansible** (B) Puppet (C) Chef (D) Ansible and Puppet (E) Puppet and Chef

Answer 172

Given the following JSON object, how many object keys found in the sample below? { “response”: { “id”: “3”, “name”: “Cisco Catalyst”, “ipAddress”: { “private”: “192.168.1.1”, “public”: “156.157.1.1” } } } (A) 3 (B) 4 (C) 5 **(D) 6** ## Footnote JSON defines variables as key:value pairs, with the key on the left of the colon (:) and always enclosed in double quotation marks, with the value on the right.

Answer 173

CRUD is the acronym of the four primary actions performed by an application. What does CRUD stand for? **(A) Create, Read, Update, Delete ** (B) Create, Read, Update, Done (C) Create, Resolve, Update, Delete (D) Create, Resolve, Update, Done

Answer 174

A Layer 2 switch examines a frame’s destination MAC address and forwards that frame out of the port G0/2. That action occurs as part of which plane of the switch? **(A) Data plane ** (B) Management plane (C) Control Plane (D) None of the above

Answer 175

Which answer correctly describes the format of the JSON text below? (Choose two answers) (A) One JSON object that has one key:value pair **(B) One JSON object that has two key:value pairs** (C) One JSON object that has three key:value pair (D) Two JSON objects that have two key:value pair **(E) A JSON object whose value is a second JSON object**

Answer 176

Identify the hostname part from the given URI: https://cluster.cisco.com/dna/intent/api/v1/business/sda/fabric? ipaddress=10.1.2.3. (A) https:// (B) cluster.cisco **(C) cluster.cisco.com** (D) dna/intent/api/v1/business/sda/fabric (E) ?ipaddress=10.1.2.3

Answer 177

Which of the following features of Cisco DNA Center discovers the actual path the packets will take from the source to the destination based on the current forwarding tables? (A) Encrypted traffic analysis (B) Device 360 and Client 360 (C) Network time travel **(D) Path trace** ## Footnote Path trace – Discovers the actual path packets would take from source to destination based on current forwarding tables.

Answer 178

Which of the following features of Cisco DNA Center shows past client performance in a timeline for compar- ison to current behavior? (A) Encrypted traffic analysis (B) Device 360 and Client 360 **(C) Network time travel** (D) Path trace ## Footnote Network time travel – Shows past client performance in a timeline for comparison to current behavior.

Answer 179

Which of the following features of Cisco DNA Center gives a comprehensive view of the health of the device? (A) Encrypted traffic analysis **(B) Device 360 and Client 360** (C) Network time travel (D) Path trace

Answer 180

Which of the following features of Cisco DNA Center enables Cisco DNA to use algorithms to recognize security threats even in encrypted traffic? **(A) Encrypted traffic analysis** (B) Device 360 and Client 360 (C) Network time travel (D) Path trace

Answer 181

Your company decides to move away from manual configuration methods, making changes by editing centralized configuration files. The issues you are facing with non-centralized configuration files are: 1) You don’t know who engineer made the changes in the configuration file. 2) You don’t know the changes in the configuration file over time. Which tool your company will use in order to solve these issues? **(A) Version Control System** (B) Version Control Configuration (C) Version Control Change (D) Version Control Edit

Answer 182

One of the benefits of controller-based networks over traditional networks is that the configuration on the devices have fewer errors, and you spent less time troubleshooting the network. **(A) TRUE** (B) FALSE

Answer 183

The customer edge device is typically a router, that sits at a customer site on MPLS networks and connects to a provider edge router (PE router) to take communications from a customer site to a provider side. **(A) TRUE ** (B) FALSE

Answer 184

____________________ is a network design that connects a link between each pair of nodes. **(A) Full Mesh** (B) Star (C) Hybrid (D) Partial Mesh

Answer 185

With PoE, a LAN switch can act as the Power Sourcing Equipment (PSE). **(A) TRUE** (B) FALSE

Answer 186

Which of the following protocols or technologies do you use each time you connect remotely through VPN? **(A) TLS** (B) IPsec (C) SSH (D) Telnet (E) FTPS ## Footnote The term remote access VPN, or client VPN, typically refers to a VPN for which one endpoint is a user device, such as a phone, tablet, or PC. In those cases, Transport Layer Security (TLS) is the more likely protocol to use. TLS is included in browsers and is commonly used to connect securely to websites.

Answer 187

Which of the following roles of campus switches provides a connection point for end-user devices? **(A) Access ** (B) Distribution (C) Core (D) Campus

Answer 188

Which of the following roles of campus switches provides an aggregation point for access switches? (A) Access **(B) Distribution** (C) Core (D) Campus

Answer 189

Which of the following roles of campus switches aggregates distribution switches in very large campus LANs? (A) Access (B) Distribution **(C) Core** (D) Campus

Answer 190

Your company plans to start using public cloud service and now you are considering different WAN options. Your main concern is security by keeping the data private while also providing good QoS services. Which of the following options are under consideration? (Choose two answers.) **(A) Using private WAN connections directly to the cloud provider** (B) Using an Internet connection without VPN (C) Using an Internet connection with VPN **(D) Using an intercloud exchange**

Answer 191

One of the differences between Public Cloud and Private Cloud (On-Premise) is that on the Public Cloud solution you are responsible for all management, maintenance, and updating of data centers. (A) TRUE **(B) FALSE**

Answer 192

A company uses a Metro Ethernet WAN with an Ethernet LAN (E-LAN) service, with the company headquarters plus 20 remote sites connected to the service. The enterprise uses OSPF at all sites, with one router connected to the service from each site. Which of the following are true about the Layer 3 details most likely used with this service and design? (Choose all that apply) **(A) The WAN uses one IP subnet** (B) The WAN uses 20 or more IP subnets (C) A remote site router would have one OSPF neighbor **(D) A remote site router would have 20 OSPF neighbors**

Answer 193

The process of dividing a physical server into multiple unique and isolated virtual servers by means of a software application is called server _________________. (A) Integration (B) Isolation **(C) Virtualization** (D) Segmentation ## Footnote Key Benefits of Server Virtualization: 1. Higher server ability 2. Cheaper operating costs 3. Eliminate server complexity 4. Increased application performance 5. Deploy workload quicker

Answer 194

Which cloud “As a Service” model is a form of cloud computing that delivers fundamental compute, network, and storage resources to consumers on-demand, over the internet, and on a pay-as-you-go basis? (A) Software as a Service (B) Platform as a Service **(C) Infrastructure as a Service** (D) Database as a Service

Answer 195

Which cloud “As a Service” model is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet? **(A) Software as a Service ** (B) Platform as a Service (C) Infrastructure as a Service (D) Database as a Service ## Footnote SaaS examples: Google Apps, Salesforce, Dropbox, Slack.

Answer 196

Which cloud “As a Service” model is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications? (A) Software as a Service **(B) Platform as a Service** (C) Infrastructure as a Service (D) Database as a Service ## Footnote PaaS examples: Heroku, Apache Stratos, Magento Commerce Cloud.

Answer 197

Examine the following show command output on a router configured for dynamic NAT: — Inside Source access-list 1 pool examsdigest pool examsdigest: netmask 255.255.255.240 start 190.1.1.1 end 190.1.1.10 type generic, total addresses 10, allocated 10 (100%), misses 595 You are responsible to find out why users are not being able to reach the Internet. (A) The cause is not related to dynamic NAT (B) The command output does not provide any clue to identify the problem (C) Dynamic NAT can't use Standard ACLs **(D) The NAT pool does not have enough entries to fulfill the user's requests**

Answer 198

Log messages may tell you about some events, either critical or not. To help you make sense of the importance of each message, IOS assigns each message a severity level. Which of the following severity level means Warning - Warning condition? (A) 2 (B) 3 **(C) 4 ** (D) 5

Answer 199

Log messages may tell you about some events, either critical or not. To help you make sense of the importance of each message, IOS assigns each message a severity level. Which of the following severity level means Informational: Informational message only? (A) 1 **(B) 6** (C) 4 (D) 5

Answer 200

Given the diagram below, complete the missing configuration command in order to make the static NAT functional. Configuration snippet R1# show running-config ! Lines omitted for brevity! interface FastEthernet0/0 ip address 192.168.1.3 255.255.255.0 ip nat inside interface GigabitEthernet0/0 ip address 190.2.2.21 255.255.255.0 ip ____________________ (missing command) ip nat inside source static 192.168.1.2 200.1.1. 2 ip nat inside source static 192.168.1.1 200.1.1.1 (A) nat source (B) nat enable (C) nat address **(D) nat outside**

Answer 201

One of the features of SNMPv3 is called message integrity. **(A) TRUE ** (B) FALSE

Answer 202

You have been tasked to find out whether the Cisco Discovery Protocol (CDP) is enabled globally. Which command will you type? (A) show protocols **(B) show cdp ** (C) show running-config (D) show interface brief

Answer 203

Which of the following protocols synchronize the time of different systems? **(A) NTP ** (B) SMTP (C) UDP (D) CDP

Answer 204

R1 and R2 are attached to the same Ethernet VLAN, with subnet 192.168.1.0/24, and addresses 192.168.1.1, 192.168.2 respectively. The routers use an FHRP. Host A and host B attach to the same LAN and have correct default router settings per the FHRP configuration. Which of the followingstatements is true for this LAN? (A) You can't connect two routers to the same LAN subnet. (B) If one router fails, hosts can't send packets off-subnet **(C) If one router fails, both hosts will use the one remaining router as a default router ** (D) if one router fails, only one of the two hosts will still be able to send packets off-subnet ## Footnote The three FHRP protocols are: 1) Hot Standby Router Protocol (HSRP) 2) Virtual Router Redundancy Protocol (VRRP) 3) Gateway Load Balancing Protocol (GLBP)

Answer 205

The snippet below is a Dynamic NAT configuration command? ExamsDigestR1# show running-config interface GigabitEthernet0/0 ip address 192.168.1.3 255.255.255.0 ip nat inside interface Serial0/0/0 ip address 100.1.1.249 255.255.255.252 ip nat outside ip nat inside source list 1 interface Serial0/0/0 overload access-list 1 permit 192.168.1.2 access-list 1 permit 192.168.1.1 (A) TRUE **(B) FALSE** ## Footnote The configuration above is a PAT configuration not Dynamic NAT. Port Address Translation (PAT) is another type of dynamic NAT that can map multiple private IP addresses to a single public IP address by using a technology known as Port Address Translation.

Answer 206

Which of the following characteristics of network traffic can be managed by Quality of Service (QoS)? (Choose all that apply) **(A) Bandwidth** (B) LLQ **(C) Loss** **(D) Delay ** (E) CoS **(F) Jitter**

Answer 207

This is a server where the operating system is running directly on the hardware. It's not running a hypervisor.

Answer 208

Hidden layers ## Footnote Neural Networks have an input and output layer with hidden layers in between.

Answer 209

With Platform as a Service, the operating system is managed by the provider and it's the applications and data that are managed by the customer.

Answer 210

The recommended DSCP value to mark scavenger traffic is DSCP 8 (CS1).

Answer 211

This MQC section defines the action to take on classified traffic.

Answer 212

This message is generated when something happens on the device, such as an interface going down or an OSPF neighbour adjacency coming up.

Answer 213

This JSON data type is an unordered collection of key/value pairs which are surrounded by curly braces {}.

Answer 214

WPA Enterprise uses a AAA server.

Answer 215

Traffic shaping and policing can be used to control traffic rate. They both measure the rate of traffic going through an interface and take an action if the rate is above a configured limit.

Answer 216

It is a Cisco SDN controller which is designed to manage enterprise environments – campus, branch and WAN.

Answer 217

The device is configured and monitored in this router/switch plane. For example at the CLI through Telnet or SSH, via a GUI using HTTPS, or via SNMP or an API.

Answer 218

With a hybrid SDN the majority of the control plane intelligence is provided by an SDN controller, but the network devices retain some control plane intelligence as well as the data plane operations.

Answer 219

Security Information and Event Management (SIEM) system provides a centralised location for all logging messages and will typically provide advanced analysis and correlation of events.

Answer 220

Wireless is half duplex, meaning only one device can communicate at a time.

Answer 221

With SNMPv2c, the read only (ro) community is used by the Manager to read information.

Answer 222

The SD-WAN Validator authenticates all SD-WAN controllers, SD-WAN Manager NMS, and WAN Edge routers that join the SD-WAN.

Answer 223

The command ntp master configures a router to become an NTP server, even if it is not synchronized with other NTP sources.

Answer 224

With SOAP, the transport is typically HTTP(S), and the data format is always XML.

Answer 225

ThousandEyes

Answer 226

CAPWAP uses UDP ports 5246 and 5247.

Answer 227

Vector database ## Footnote During the RAG process, the embedding model in the background continuously updates the vector database as the knowledge base is updated.

Answer 228

Privileged (level 15) provides complete control over the router. When you enter Privileged Exec Mode with the ‘enable’ command, you’re at this level by default.

Answer 229

Wi-Fi services are defined in the IEEE 802.11 standard series.

Answer 230

This REST response code means 'Internal Server Error'.

Answer 231

It is the process of converting structured data to a standardized format that allows sharing or storage of the data in a form that allows recovery of its original structure.

Answer 232

An administrator will be logged out after 10 minutes of inactivity by default.

Answer 233

Privilege level 0 allows only five commands: logout, enable, disable, help, and exit.

Answer 234

Cisco Catalyst Center ## Footnote Cisco Catalyst Center features AI Network Analytics, which continuously collects and analyzes network data.

Answer 235

Large Language Models

Answer 236

It is a version control system for tracking changes in source code and files.

Answer 237

The cloud deployment model where the cloud infrastructure is composed of two or more distinct cloud infrastructures that remain unique entities, bound together by standardized technology.

Answer 238

It buffers any excess traffic so the overall traffic stays within the desired rate limit.

Answer 239

This transforms a traditional manual network into a controller led network that translates the business needs into policies that can be automated and applied consistently across the network.

Answer 240

With a pure SDN, the control plane runs purely on an SDN controller, and the data plane runs purely on the network devices.

Answer 241

DSCP stands for Differentiated Services Code Point.

Answer 242

Only one administrator can connect over a console cable at a time so the line number is always 0.

Answer 243

CI in CI/CD stands for Continuous Integration.

Answer 244

VTY lines are used for both Telnet and SSH connections.

Answer 245

SD-WAN controllers run the control plane.

Answer 246

It is a set of operating principles and practices that enable application development teams to deliver code changes more frequently and reliably.

Answer 247

CBWFQ stands for Class Based Weighted Fair Queuing.

Answer 248

This device provides connectivity between wireless stations and between the wireless and wired networks.

Answer 249

This SD-Access network is the underlying physical network. It provides the underlying physical connections which the overlay network is built on top of.

Answer 250

Notify view

Answer 251

The command to generate a digital certificate is crypto key generate rsa.

Answer 252

2.4 GHz channels are 22 MHz (older standards) or 20 MHz (current standards) wide, and 5 GHz channels are 20 MHz wide but can be bundled.

Answer 253

The command to enter is enable secret FlackboxPass0!.

Answer 254

CoS values 6 and 7 are reserved for network use.

Answer 255

The administrator can stay inactive for 15 minutes 30 seconds before getting logged out.

Answer 256

This MQC section defines the traffic to take an action on.

Answer 257

The cloud deployment model where the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.

Answer 258

It is the main component of the Cisco ACI solution and it is designed to manage data center environments with Nexus switches.

Answer 259

Network Management System

Answer 260

Using this WLAN network, two or more wireless stations communicate directly with each other.

Answer 261

Rest response code 404 means 'Not Found'.

Answer 262

Standalone Access Points are known as Autonomous Access Points.

Answer 263

The command to configure a banner shown before logging in is banner login.

Answer 264

Management Information Base (MIB)

Answer 265

Clustering supports combining multiple physical systems into a single virtual system.

Answer 266

AAA stands for Authentication, Authorization, and Accounting.

Answer 267

User (level 1) provides very limited read-only access to the router. When you enter User Exec Mode you’re at this level by default.

Answer 268

Virtualization supports running multiple virtual systems on a single physical system.

Answer 269

no logging console

Answer 270

The command enable password secures the user exec mode with a password, that can be viewed in plain text in the running configuration by default.

Answer 271

Simple Object Access Protocol.

Answer 272

Artificial Intelligence (AI)

Answer 273

WPA Personal uses pre-shared keys (PSKs).

Answer 274

Accounting keeps track of the options that a user has carried out. This can be used as an audit trail to check what commands an administrator entered.

Answer 275

It is a model for enabling ubiquitous, convenient On-Demand Network access to a shared pool of configurable computing resources.

Answer 276

RSA stands for Rivest, Shamir, Adleman.

Answer 277

Type 1 (Bare Metal) Hypervisor

Answer 278

There are 16 privilege levels of admin access available.

Answer 279

Wireless stations work in either Ad-Hoc or Infrastructure mode. They cannot operate in both at the same time.

Answer 280

Generative AI ## Footnote Generative AI utilizes patterns and relationships learned from past data to create new outputs such as text, images, audio and video.

Answer 281

Devices within the Basic Service Set are identified by Basic Service Set Identifier (BSSID) and that is based on their MAC address.

Answer 282

The 'C' in CRUD stands for Create.

Answer 283

Weight ## Footnote The path data takes across the Neural Network and the final output is influenced by the weight of connections.

Answer 284

Access Points that rely on a WLC are known as Lightweight Access Points.

Answer 285

The REST 201 response code means 'Created'.

Answer 286

The command service password-encryption shows all passwords in the running configuration in an encrypted form.

Answer 287

This can be experienced whenever packets come in quicker than they can be sent out.

Answer 288

NTP stands for Network Time Protocol.

Answer 289

Control And Provisioning of Wireless Access Points.

Answer 290

Embedding Mode ## Footnote In the RAG process, when users enter a query, the Embedding Mode converts it into numeric format which is compared to the vector database.

Answer 291

Type 2 Hypervisor

Answer 292

Cisco Nexus Dashboard

Answer 293

Generative Adversarial Networks (GANs)

Answer 294

Authorization specifies what a particular user is allowed to do, such as whether they are allowed to run a particular command or not.

Answer 295

seq no: time stamp: %facility-severity-MNEMONIC: description.

Answer 296

Cisco Secure Network Analytics ## Footnote Cisco Secure Network Analytics is a Cisco security software which analyzes network traffic to create a baseline of normal network behavior.

Answer 297

Wi-Fi services operate in the 2.4 GHz and 5 GHz frequency spectrum. Wi-Fi 6 also added the 6 GHz frequency spectrum in 2021.

Answer 298

Predictive AI ## Footnote Predictive AI analyses past and current data which can be used in Network Operations for proactive maintenance and performance optimisation.

Answer 299

Type 2 Hypervisor

Answer 300

With SNMPv2c, the read write (rw) community is used by the Manager to set information.

Answer 301

AuthNoPriv

Answer 302

With Software as a Service, the provider is managing everything from the facility, all the way up to the data.

Answer 303

This can reduce latency, jitter and loss for particular traffic by giving each type of traffic the service it requires.

Answer 304

Discriminator ## Footnote With GAN model, the discriminator learns to distinguish between the generated data and the real data.

Answer 305

NBAR (Network Based Application Recognition)

Answer 306

This markup language was standardized in 1998 and it was designed to describe and transfer data.

Answer 307

Retrieval-Augmented Generation (RAG)

Answer 308

This JSON data type is an ordered list of values which are surrounded by square brackets [].

Answer 309

It is an architecture that gives guidelines for the structure and organization of an API. It also supports any transport and data format.

Answer 310

It is an XML-based standard communication protocol system that permits processes using different operating systems like Linux and Windows to communicate via HTTP.

Answer 311

This is a unique identifier that names a wireless network (WLAN).

Answer 312

noAuthNoPriv

Answer 313

The cloud deployment model where the cloud infrastructure is provisioned for exclusive use by a specific group of consumers from organizations that have shared concerns.

Answer 314

Machine Learning

Answer 315

It drops or re-marks excess traffic to enforce the specified rate limit.

Answer 316

Application Policy Infrastructure Controller.

Answer 317

The cloud deployment model where the cloud infrastructure is provisioned for open use by the general public.

Answer 318

The protocols which are used for AAA services are RADIUS and TACACS+.

Answer 319

Unimodal models ## Footnote Unimodal models take instructions from the same input type as their output.

Answer 320

1. Users are authenticated by the ISE Identity Services Engine. 2. The security policy is configured on the Catalyst Center.

Answer 321

CD in CI/CD stands for Continuous Delivery or Continuous Deployment.

Answer 322

With this, Lightweight Access Points can discover the Wireless LAN Controller and then download their configurations from there.

Answer 323

Multimodal models ## Footnote Multimodal models can take input from different sources and generate output in various forms.

Answer 324

Deep Learning

Answer 325

With IaaS, the customer gets access at the operating system level.

Answer 326

SSH gives you command line access to the router or switch just like Telnet, but all of the traffic is encrypted.

Answer 327

Fine tuning

Answer 328

The Type of Service (ToS) byte in the Layer 3 IP header is used to carry the DSCP QoS marking.

Answer 329

Private Cloud works the same way as Public Cloud, but the services are provided to internal business units instead of to external public enterprises.

Answer 330

This protocol is a standardized protocol that enables a Wireless LAN Controller to manage a collection of Wireless Access Points.

Answer 331

Backpropagation

Answer 332

terminal monitor

Answer 333

This SNMP version uses plain text Community strings and it supports bulk retrieval.

Answer 334

Encoder ## Footnote With VAE, the encoder compresses the input data, optimizing to retain only the most important information.

Answer 335

It is the router/switch plane that makes decisions about how to forward traffic. Its packets are destined to or locally originated on the device itself.

Answer 336

Logging Buffer

Answer 337

IBSS stands for Independent Basic Service Set.

Answer 338

This wireless network type provides access to a campus network, without the need for a cable. The devices are within 100m of a Wireless Access Point.

Answer 339

In infrastructure mode, rather than the devices communicating directly with each other over wireless, they communicate via a wireless Access Point.

Answer 340

To allow only SSH on the VTY lines, the command to enter is transport input ssh.

Answer 341

This SD-Access network is a logical topology used to virtually connect devices. It is built over the physical underlay network.

Answer 342

Nodes ## Footnote Neural Networks contain artificial neurons called nodes which are arranged in a series of layers.

Answer 343

logging synchronous

Answer 344

This is a wireless coverage area of an Access Point. It is also known as a wireless cell.

Answer 345

This MQC section applies the policy map to an interface.

Answer 346

'enable secret' performs the same function as 'enable password', but it is always stored in a hashed format in the running configuration.

Answer 347

A digital key with a length of at least 768 bits must be generated to enable SSHv2 login.

Answer 348

It allows devices to be connected to an Access Point and also be part of a peer-to-peer wireless network.

Answer 349

This SNMP version supports strong authentication and encryption with the use of usernames and passwords.

Answer 350

This wireless network type has devices that are within 10 meters of each other, and Bluetooth is often used.

Answer 351

Natural Language Processing (NLP)

Answer 352

This wireless security standard came out in 2018. It supports AES encryption, CCMP, and protection against KRACK attack.

Answer 353

Input Layer

Answer 354

Transformer model

Answer 355

LLQ (Low Latency Queuing) is CBWFQ with a priority queue.

Answer 356

Authentication verifies somebody is who they say they are and it is most commonly achieved with a username and password.

Answer 357

An SNMP Manager (the SNMP server) can collect and organize information from an SNMP Agent, which is SNMP software that runs on managed devices such as routers and switches.

Answer 358

Type 1 Hypervisor

Answer 359

Transformer architecture ## Footnote The Transformer architecture is composed of encoder and decoder neural networks.

Answer 360

An enterprise can configure classification and marking to recognize bad traffic known as scavenger traffic.

Answer 361

Machine Learning ## Footnote Machine Learning is a subset of AI.

Answer 362

With DHCP snooping, you configure the ports that your DHCP server is connected to as a trusted port.

Answer 363

Switch(config)# ip dhcp snooping Switch(config)# ip dhcp snooping vlan 20

Answer 364

Switch(config-if)# ip dhcp snooping trust

Answer 365

This access layer switch security mechanism can prevent attacks from rogue DHCP servers by dropping DHCP server traffic that comes in a port that is not trusted.

Answer 366

Dynamic ARP Inspection

Answer 367

It is an ARP update which is not in response to an actual request.

Answer 368

To configure DAI, you need to have enabled DHCP snooping already.

Answer 369

DAI is not performed on trusted ports.

Answer 370

Switch(config)# ip arp inspection vlan 100

Answer 371

When 802.1x is enabled, only authentication traffic is allowed on switch ports until the host and user are authenticated.

Answer 372

The PC is the supplicant in the 802.1x terminology.

Answer 373

The access switch where the user is connected to is the authenticator in the 802.1x terminology.

Answer 374

With 802.1x, when the user enters the username and password, the authenticator passes that information onto the authentication server and the authentication server will check if it's valid.

Answer 375

It is used to authenticate users on the network. They don't get access to the network at all until they put in a valid username and password which is checked by the authentication server.

Answer 376

This enables an administrator to specify which MAC address or addresses can send traffic into an individual switch port.

Answer 377

show port-security address

Answer 378

This port security violation action places the interfaces into error-disabled state, blocking all traffic.

Answer 379

With this port security violation action, the traffic from unauthorized addresses is dropped, logged, and the violation counter is incremented.

Answer 380

Switch(config-if)# switchport port-security maximum 5

Answer 381

Access Control Lists are made up of Access Control Entries which are a series of permit or deny rules.

Answer 382

Named ACLs begin with the command ‘ip access-list’ instead of ‘access-list’.

Answer 383

ACLs are applied at the interface level with the command ip access-group.

Answer 384

You can have a maximum of one ACL per interface per direction.

Answer 385

Extended ACLs check based on the protocol, source address, destination address, and port number.

Answer 386

Standard ACLs reference the source address only.

Answer 387

The standard ACL range is 1-99. Expanded: 1300-1999.

Answer 388

The extended ACL range is 100-199. Expanded: 2000-2699.

Answer 389

access-list 10 permit 192.168.10.0 0.0.0.255

Answer 390

access-list 1 permit any

Answer 391

Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Router(config)# access-list 1 deny host 192.168.1.1 The configuration above will permit/allow traffic from 192.168.1.1.

Answer 392

Router(config)# access-list 1 deny host 192.168.1.1 Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255 The configuration above will deny/block traffic from 192.168.1.1.

Answer 393

ACEs are automatically numbered in increments of 10.

Answer 394

ip access-list extended FlackboxACL

Answer 395

NAT (Network Address Translation)

Answer 396

RFC 1918 specifies private IP address ranges which are not routable on the public Internet.

Answer 397

Static NAT

Answer 398

Dynamic NAT

Answer 399

Dynamic NAT with overload, also known as PAT (Port Address Translation)

Answer 400

clear ip nat translation

Answer 401

Dynamic NAT with Overload uses PAT to allow more clients to be translated than IP addresses are available in the NAT pool.

Answer 402

It is the IP address actually configured on the inside host’s Operating System.

Answer 403

The NAT’d address of the inside host as it will be reached by the outside network.

Answer 404

The IP address of the outside host as it appears to the inside network.

Answer 405

It is the IP address assigned to the host on the outside network by the host’s owner.

Answer 406

For one-way NAT, the Outside Local and Outside Global addresses will be reported as being the same.

Answer 407

ip nat pool FlackboxNAT 100.1.2.3 100.1.2.10 netmask 255.255.255.224

Answer 408

interface G0/2

Answer 409

interface G0/1

Answer 410

show ip nat translations

Answer 411

With standard dynamic NAT, you need a public IP address for every inside host which needs to communicate with the outside.

Answer 412

show ip nat statistics

Answer 413

In a dual stack implementation, a network interface can have both an IPv4 and an IPv6 address at the same time, and it can be used as an IPv4 to IPv6 transition strategy.

Answer 414

IPv6 uses a 128 bit address compared to IPv4’s 32 bit address.

Answer 415

ipv6 unicast-routing

Answer 416

IPv6 does not support broadcast traffic, but it does support multicast to all hosts on the local subnet which is functionally equivalent.

Answer 417

Using /64 everywhere simplifies the IPv6 addressing and enables the use of EUI-64 addresses.

Answer 418

With EUI-64, FF:FE is injected in the middle of the 48 bits MAC address to bring the host portion of the IPv6 address up to 64 bits. Also, the 7th bit in the MAC address is inverted.

Answer 419

Neighbor Solicitation

Answer 420

Neighbor Discovery Protocol

Answer 421

These IPv6 addresses are similar to IPv4 RFC 1918 private addresses. They are not publicly reachable.

Answer 422

These IPv6 addresses are valid for communications on that link only.

Answer 423

C004:7B01:09F0:1C01

Answer 424

2001:26CC:0F1D:C001

Answer 425

2001:000F:0012:0000:0000:0034:0000:00A3

Answer 426

Link local addresses

Answer 427

Neighbor Discovery uses ICMPv6 neighbor solicitation messages and neighbor advertisement messages.

Answer 428

This means 'Unspecified address' or 'Unknown address' in IPv6. It is also used as the source when an interface is trying to acquire an address.

Answer 429

With SLAAC, the hosts can send a Router Solicitation message to request information from the router.

Answer 430

1000:B8:0:F:50::B001

Answer 431

FE80::/10 – FEB0::/10

Answer 432

This provides a virtual tunnel between private networks across a shared public network such as the Internet.

Answer 433

VPN connections are between a router or firewall in the office and VPN software installed on an individual user’s device.

Answer 434

VPN connections are terminated on a router or firewall in each office. Software does not need to be installed on user desktops.

Answer 435

This Site-to-Site VPN configuration option is open standard and it does not support multicast.

Answer 436

By using GRE over IPsec, you get the encryption from IPsec, and you also get the multicast support from GRE.

Answer 437

This is a Cisco proprietary Site-to-Site VPN configuration option, which provides scalable, simple, hub and spoke style configuration, and enables direct full mesh connectivity between all offices.

Answer 438

This Site-to-Site IPsec VPN configuration option is Cisco proprietary. It enables a scalable, centralised policy for VPN over a non-public infrastructure.

Answer 439

This WAN connectivity option uses a shared core infrastructure at the service provider. It can be used for connectivity to the Internet and/or connectivity between offices over VPN.

Answer 440

Multi Protocol Label Switching

Answer 441

It combines or ‘multiplexes' multiple optical signals into one optical signal transmitted over a single fiber strand.

Answer 442

T1 leased lines offer a bandwidth of 1.544 Mbps.

Answer 443

VPWS stands for Virtual PseudoWire Service and that is a point-to-point Layer 2 VPN.

Answer 444

VPLS stands for Virtual Private LAN Service and it is a multipoint Layer 2 MPLS VPN.

Answer 445

MPLS runs across the provider's core on the PE and P routers.

Answer 446

These routers do not run MPLS but they peer at Layer 3 with the provider PE routers.

Answer 447

Digital Subscriber Line

Answer 448

PPPoE stands for Point-to-Point Protocol over Ethernet.

Answer 449

The topology option below is a Full Mesh topology.

Answer 450

These attacks are directed against a particular individual or organisation. Skilled attackers will typically start off with low impact reconnaissance.

Answer 451

It is a derogatory term for low skilled attackers who download and use off-the-shelf hacking software to launch exploits.

Answer 452

This type of malware encrypts data with an attacker’s key, and asks the victim to pay money to obtain that key.

Answer 453

A vulnerability is a weakness that compromises the security or functionality of a system.

Answer 454

An exploit uses a weakness to compromise the security or functionality of a system.

Answer 455

It is a Social Engineering attack where the victim is often directed to enter their personal details into the attacker’s website which looks like the reputable company’s legitimate website.

Answer 456

It sits alongside the traffic flow and informs security administrators of any potential concerns.

Answer 457

It sits inline with the traffic flow and can also block attacks.

Answer 458

Firewalls block or permit traffic based on rules such as destination IP address and port number.

Answer 459

Stateful firewalls maintain a connection table which tracks the two-way ‘state’ of traffic passing through the firewall.

Answer 460

Next Generation Firewalls move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and user-based security.

Answer 461

It transforms readable messages into an unintelligible form and then later reverses the process.

Answer 462

With symmetric encryption, the same shared key both encrypts and decrypts the data.

Answer 463

This type of encryption uses private and public key pairs where in the data encrypted with the public key can only be decrypted with the private key, and vice versa.

Answer 464

RSA and ECDSA are Asymmetric encryption algorithms.

Answer 465

DES and AES are examples of Symmetric encryption algorithms.

Answer 466

Hash-Based Message Authentication Code

Answer 467

This solves the secure key distribution problem and it uses a Certificate Authority for the parties who need secure communication.

Answer 468

This is the successor to SSL.

Answer 469

This type of VPN uses symmetric encryption algorithms such to send encrypted traffic between locations over an untrusted network such as the Internet.

Answer 470

Internet Key Exchange (IKE) handles negotiation of protocols and algorithms, and generates the encryption and authentication keys.

Answer 471

It defines the procedures for authenticating and communicating, peer creation, and management of Security Associations. It typically uses IKE for key exchange.

Answer 472

Encapsulating Security Payload

Answer 473

This IPsec mode protects the internal routing information by encrypting the IP header of the original packet.

Answer 474

This IPsec mode encrypts only the payload and the ESP trailer, so the IP header of the original packet is not encrypted.

Answer 475

Its seven-layered approach to data transmission divides the operations into specific related groups of actions at each layer.

Answer 476

The OSI Layer organizes data transmission into seven distinct layers.

Answer 477

The first layer is responsible for the physical transmission of data.

Answer 478

The second layer handles data link protocols and error detection.

Answer 479

The third layer is responsible for network routing and addressing.

Answer 480

The fourth layer manages transport protocols and ensures reliable data transfer.

Answer 481

The fifth layer is concerned with session management and control.

Answer 482

The sixth layer handles data representation and encryption.

Answer 483

The seventh layer provides application services for user processes.

Answer 484

It is a protocol stack that consists of multiple protocols including TCP (Transmission Control Protocol) and IP (Internet Protocol).

Answer 485

Application Layer

Answer 486

The OSI presentation layer ensures that the information that is sent at the application layer of one system is readable by the application layer of another system.

Answer 487

The OSI session layer establishes, manages, and terminates sessions between two communicating hosts.

Answer 488

Physical Layer

Answer 489

The OSI data link layer defines how data is formatted for transmission and how access to physical media is controlled.

Answer 490

This OSI layer defines services to segment, transfer and reassemble the data for individual communications between the end devices.

Answer 491

This OSI layer provides connectivity and path selection between two host systems that may be located on geographically separated networks.

Answer 492

The mask prevents the original image from loading before the overlay image is fully loaded.

Answer 493

Clicking the mask toggles the display of the answer mask.

Answer 494

The 'loaded' function sets the visibility of the original image to 'visible' once the mask is loaded.

Answer 495

The variable 'mask' represents the overlay image element in the DOM.

Answer 496

The 'toggle' function changes the display property of the answer mask between 'block' and 'none'.

Answer 497

The initial display state of the answer mask is 'block' or empty, which means it is visible.

Answer 498

The 'aFade' and 'qFade' variables are used to control the fading effects, although their specific implementation is not detailed in the provided text.

Answer 499

Ping verifies two-way connectivity, meaning it sends a packet from the source to the destination and the destination will send a ping reply back.

Answer 500

ICMP (Internet Control Message Protocol)

Answer 501

Traceroute

Answer 502

Top Down Approach

Answer 503

Bottom Up Approach

Answer 504

TTL stands for Time to Live.

Answer 505

The traceroute command sends the ping with increasing Time To Live (TTL) values.

Answer 506

Ping and traceroute commands troubleshoot Layer 3 problems.

Answer 507

The telnet command is usually used to access the CLI of a device via port 23 but it also helps with troubleshooting layer 4 and above problems by being able to telnet to a particular port.

Answer 508

Switched Virtual Interface

Answer 509

The switch Management IP address and subnet mask.

Answer 510

A Cisco proprietary Layer 2 protocol used to share information with other directly connected Cisco equipment.

Answer 511

Link Layer Discovery Protocol, an open standard protocol that provides similar information to CDP.

Answer 512

The cable getting disconnected on either or both ends.

Answer 513

ip address 10.128.254.254 255.255.255.252

Answer 514

ip default-gateway

Answer 515

duplex full

Answer 516

duplex auto

Answer 517

show running-config

Answer 518

The interface is not issued with the ‘no shutdown’ command.

Answer 519

show version

Answer 520

Cisco Discovery Protocol

Answer 521

'no cdp run'

Answer 522

no cdp enable

Answer 523

Link Layer Discovery Protocol

Answer 524

A Layer 2 issue or a speed mismatch on serial interfaces.

Answer 525

None. 10.128.254.255 is the broadcast address in the /30 network and will not be accepted.

Answer 526

The device will show the ROMMON prompt at the command line.

Answer 527

The device will first load from ROM (Read Only Memory).

Answer 528

The system will load the first IOS image found in Flash by default.

Answer 529

The system will load the startup-config configuration file from NVRAM.

Answer 530

The device will load the Setup Wizard.

Answer 531

The IOS system image and startup-config are loaded from Flash and NVRAM into RAM during bootup.

Answer 532

TFTP stands for Trivial File Transfer Protocol.

Answer 533

Factory reset the device and then copy the new configuration into the startup-config.

Answer 534

It will be merged with the current configuration.

Answer 535

copy running-config tftp

Answer 536

copy tftp flash

Answer 537

boot system

Answer 538

It takes effect immediately and goes into the running-config.

Answer 539

Use 'config-register' command in global configuration mode or 'confreg' at the ROMMON prompt.

Answer 540

Power On Self Test

Answer 541

It consists of directly connected networks and routes configured statically by the administrator or dynamically learned through a routing protocol.

Answer 542

Local routes always have a /32 mask and show the IP address configured on the interface.

Answer 543

Connected Route

Answer 544

Local Route

Answer 545

For static routing, summary routes lessen the administrative overhead because there are less routes to configure. It also lessens the memory usage on the routers.

Answer 546

192.168.10.0/28

Answer 547

The router will add them all to the routing table and load balance between them.

Answer 548

This is a route going out to everywhere else that we haven't specifically had a route for elsewhere.

Answer 549

Default Route

Answer 550

An administrator can manually add a static route to the destination, or the router can learn it via a routing protocol.

Answer 551

The best available next hop or next hops to a destination network are listed in a router’s routing table and will be used for forwarding traffic.

Answer 552

show ip route

Answer 553

10.10.20.1

Answer 554

ip route 172.16.0.0 255.255.0.0 172.17.1.1

Answer 555

Each possible path will be assigned a metric value by the routing protocol which indicates how preferred the path is.

Answer 556

OSPF uses Cost as the metric, which is automatically derived from interface bandwidth by default.

Answer 557

Equal Cost Multi Path will load balance the outbound traffic to the destination over the different paths.

Answer 558

Administrative Distance

Answer 559

Floating static routes allow us to change the Administrative Distance of a static route to make it act as the backup route.

Answer 560

192.168.1.0/28 RIP route (longest prefix match)

Answer 561

10.10.1.0/24 EIGRP route

Answer 562

These interfaces allow you to include an IP subnet in the routing protocol without sending updates out of the interface.

Answer 563

It is best practice to configure loopback interfaces as passive interfaces.

Answer 564

The router will look for other devices on the link running the routing protocol and form an adjacency with matching peers.

Answer 565

Interior Gateway Protocols are used for routing within an organisation.

Answer 566

Exterior Gateway Protocols are used for routing between organisations over the Internet.

Answer 567

R1>R6>R7>R5

Answer 568

R1>R2>R3>R4>R5

Answer 569

Dynamic routing protocols allow routers to automatically advertise available subnets to each other.

Answer 570

Distance Vector routing protocols are often called ‘Routing by rumour’.

Answer 571

ICMP echo reply

Answer 572

You will see exclamation marks.

Answer 573

A dot in ping result indicates failure.

Answer 574

Unreachable

Answer 575

U (Unreachable)

Answer 576

To invoke an extended ping, input the command 'ping' and then hit Enter.

Answer 577

Maximum Transmission Unit

Answer 578

Traceroute

Answer 579

ICMP (Windows) or UDP (Linux and Cisco IOS)

Answer 580

TTL (Time to Live)

Answer 581

We can ping by the FQDN to see if a DNS server is able to resolve that name.

Answer 582

To troubleshoot at Layer 4, we can telnet to the destination IP address and the port number.

Answer 583

The process of adjusting the flow of data from the sender to ensure that the receiving host can handle all of it.

Answer 584

The process by which a host is able to support multiple sessions simultaneously and manage the individual traffic streams over a single link.

Answer 585

The combination of source and destination port numbers can be used to track sessions.

Answer 586

This OSI layer provides transparent transfer of data between hosts and is responsible for end-to-end error recovery and flow control.

Answer 587

The most common Layer 4 protocols are TCP and UDP.

Answer 588

HTTP uses port 80.

Answer 589

SMTP email uses port 25.

Answer 590

User Datagram Protocol

Answer 591

This transport layer protocol carries out sequencing to ensure segments are processed in the correct order and none are missing.

Answer 592

This transport layer protocol does not carry out sequencing to ensure segments are processed in the correct order and none are missing.

Answer 593

The process of adjusting the flow of data from the sender to ensure that the receiving host can handle all of it.

Answer 594

The process by which a host is able to support multiple sessions simultaneously and manage the individual traffic streams over a single link.

Answer 595

The combination of source and destination port numbers can be used to track sessions.

Answer 596

This OSI layer provides transparent transfer of data between hosts and is responsible for end-to-end error recovery and flow control.

Answer 597

The most common Layer 4 protocols are TCP and UDP.

Answer 598

HTTP uses port 80.

Answer 599

SMTP email uses port 25.

Answer 600

User Datagram Protocol

Answer 601

This transport layer protocol carries out sequencing to ensure segments are processed in the correct order and none are missing.

Answer 602

This transport layer protocol does not carry out sequencing to ensure segments are processed in the correct order and none are missing.

Answer 603

Network Layer

Answer 604

IP stands for Internet Protocol.

Answer 605

Electrical impulses are either off or on, so there are only two binary choices, 0 or 1.

Answer 606

159 is 1001 1111 in binary.

Answer 607

An IPv4 address is 32 bits long.

Answer 608

255.255.255.224

Answer 609

255.248.0.0 is /13 in slash notation.

Answer 610

The host portion of the IP address specifies the individual host and must be unique on that subnet.

Answer 611

A host’s IP address is divided into a network portion and a host portion.

Answer 612

The subnet mask is 32 bits long, and can be written in dotted decimal or slash notation.

Answer 613

Subnet Mask

Answer 614

Traffic with this as destination address will be sent to all hosts in the subnet.

Answer 615

All '0's in the host portion designates the network address which is not allowed to be allocated to a host.

Answer 616

Internet Assigned Numbers Authority

Answer 617

Class A valid network addresses range from 1.0.0.0 to 126.0.0.0 /8 ## Footnote 0.0.0.0/8 and 127.0.0.0/8 are reserved (RFC 870).

Answer 618

The network 127.0.0.0 /8

Answer 619

128.0.0.0 to 191.255.0.0 /16

Answer 620

The valid network address of Class C range from 192.0.0.0 to 223.255.255.0 /24

Answer 621

These addresses are valid to be assigned to hosts but they are not routable on the public internet. ## Footnote (RFC 1918)

Answer 622

10.0.0.0 to 10.255.255.255

Answer 623

172.16.0.0 to 172.31.255.255

Answer 624

192.168.0.0 to 192.168.255.255

Answer 625

240.0.0.0 to 255.255.255.255

Answer 626

Class D IP addresses range from 224.0.0.0 to 239.255.255.255

Answer 627

Classless Inter-Domain Routing

Answer 628

CIDR removed the fixed /8, /16, and /24 requirements for the address classes, and allowed them to be split or ‘subnetted’ into smaller networks.

Answer 629

To calculate the number of available subnets, the formula is 2^subnet bits.

Answer 630

To calculate the number of available hosts, the formula is (2^host bits) - 2.

Answer 631

Variable Length Subnet Masking (VLSM)

Answer 632

Early routing protocols only supported Fixed Length Subnet Masking where all subnets had to be the same size.

Answer 633

192.123.45.64 /26

Answer 634

30 ## Footnote The network IP address or broadcast IP address cannot be assigned to hosts.

Answer 635

Management Office ## Footnote Start with the subnet with the most hosts.

Answer 636

172.80.224.1 - 172.80.255.254

Answer 637

10.127.255.255

Answer 638

126.12.16.1 - 126.12.17.254

Answer 639

The loaded function sets the visibility of the original image to visible.

Answer 640

It calls the loaded function.

Answer 641

The loaded function is triggered.

Answer 642

The toggle function shows or hides the answer mask when the image is clicked.

Answer 643

12 ## Footnote 100.1.16.0 is within a class A network with 8 network bits. The subnet mask 255.255.240.0 has 20 '1's. So, you have 12 (=20-8) subnet bits.

Answer 644

The formula to get the number of usable IP addresses is (2^host bits) - 2. We subtract 2 for the Network address and Broadcast address.

Answer 645

This OSI layer puts the actual bits onto the wire.

Answer 646

This OSI layer provides the hardware means of sending and receiving data, including defining cables, interface cards and physical aspects.

Answer 647

Unshielded Twisted Pair

Answer 648

The receive and transmit wires in a UTP cable can be wired to the RJ-45 connector as either straight-through or crossover.

Answer 649

The OSI Layer 1 conveys the bitstream, which could be electrical impulse, light or radio signals.

Answer 650

These Ethernet cables are used to connect devices of different types together, such as a PC or router to a switch or hub.

Answer 651

These cables are most often used to connect two devices of the same type directly, like two switches to each other.

Answer 652

Modern switches support Auto MDI-X where the receive and transmit signals are reconfigured automatically to yield the expected result.

Answer 653

The two types of fiber optic cables are Single Mode and Multi Mode.

Answer 654

This fiber cable type is more expensive and supports higher bandwidth and longer distances.

Answer 655

Power over Ethernet

Answer 656

It delivers power to the devices over the standard network cable. This saves you from using a separate power supply for all connected devices.

Answer 657

100 meters

Answer 658

Crossover cable

Answer 659

Straight-through

Answer 660

This fiber cable type supports a few hundred meters maximum distance.

Answer 661

With fiber optical cables, the connector typically plugs into a transceiver, which then plugs into the switch or router.

Answer 662

Half-duplex

Answer 663

Physical Layer (Layer 1)

Answer 664

They can either send or receive data, but not both at the same time.

Answer 665

Carrier-Sense Multiple Access with Collision Detection

Answer 666

Full-duplex

Answer 667

All hosts have their own dedicated collision domain.

Answer 668

These are advanced switches that are Layer 3 aware and can route traffic between different IP subnets.

Answer 669

MAC address

Answer 670

A Layer 3 device

Answer 671

0002.2222.000B

Answer 672

The switch will send it out all ports, except port F0/4.

Answer 673

Discard/Drop the frame

Answer 674

0004.4444.000D

Answer 675

1001.00A5.30A9

Answer 676

Devices connected to a Hub are in the same collision domain.

Answer 677

It will be flooded out all ports apart from the one it was received on.

Answer 678

DNS stands for Domain Name System.

Answer 679

Fully Qualified Domain Name

Answer 680

Domain Name System (DNS)

Answer 681

Address Resolution Protocol

Answer 682

Address Resolution Protocol (ARP)

Answer 683

ARP messages (replies and requests from neighboring hosts) are saved in a host's ARP cache, so it doesn’t need to send an ARP request every time it wants to communicate.

Answer 684

DNS requests are sent using UDP port 53.

Answer 685

ip domain-lookup

Answer 686

ip domain-name flackbox.com

Answer 687

ip dns server

Answer 688

ip name-server 172.16.1.1

Answer 689

ARP uses two message types, which are ARP Request and ARP Reply.

Answer 690

FFFF.FFFF.FFFF

Answer 691

PC2 sends an ARP Reply with Source MAC address of 00B2.2000.000B and Destination MAC address of 00A1.1000.000A.

Answer 692

When sending a packet to another subnet, the end host will send an ARP request to its own default gateway first.

Answer 693

192.168.1.1

Answer 694

192.168.1.10

Answer 695

192.168.1.20

Answer 696

The broadcast MAC address is FFFF.FFFF.FFFF.

Answer 697

PC1 sends a DNS request to the IP address 10.10.48.25.

Answer 698

PC1 sends a DNS request to the IP address 10.10.48.25.

Answer 699

With DHCP snooping, you configure the ports that your DHCP server is connected to as a trusted port.

Answer 700

Switch(config)# ip dhcp snooping Switch(config)# ip dhcp snooping vlan 20

Answer 701

Switch(config-if)# ip dhcp snooping trust

Answer 702

This access layer switch security mechanism can prevent attacks from rogue DHCP servers by dropping DHCP server traffic that comes in a port that is not trusted.

Answer 703

Dynamic ARP Inspection

Answer 704

It is an ARP update which is not in response to an actual request.

Answer 705

To configure DAI, you need to have enabled DHCP snooping already.

Answer 706

DAI is not performed on trusted ports.

Answer 707

Switch(config)# ip arp inspection vlan 100

Answer 708

When 802.1x is enabled, only authentication traffic is allowed on switch ports until the host and user are authenticated.

Answer 709

The PC is the supplicant in the 802.1x terminology.

Answer 710

The access switch where the user is connected to is the authenticator in the 802.1x terminology.

Answer 711

With 802.1x, when the user enters the username and password, the authenticator passes that information onto the authentication server and the authentication server will check if it's valid.

Answer 712

It is used to authenticate users on the network. They don't get access to the network at all until they put in a valid username and password which is checked by the authentication server.

Answer 713

This enables an administrator to specify which MAC address or addresses can send traffic into an individual switch port.

Answer 714

show port-security address

Answer 715

This port security violation action places the interfaces into error-disabled state, blocking all traffic.

Answer 716

With this port security violation action, the traffic from unauthorized addresses is dropped, logged, and the violation counter is incremented.

Answer 717

Switch(config-if)# switchport port-security maximum 5

Answer 718

Access Control Lists are made up of Access Control Entries which are a series of permit or deny rules.

Answer 719

Named ACLs begin with the command ‘ip access-list’ instead of ‘access-list’.

Answer 720

ACLs are applied at the interface level with the command ip access-group.

Answer 721

You can have a maximum of one ACL per interface per direction.

Answer 722

Extended ACLs check based on the protocol, source address, destination address, and port number.

Answer 723

Standard ACLs reference the source address only.

Answer 724

The standard ACL range is 1-99. Expanded: 1300-1999.

Answer 725

The extended ACL range is 100-199. Expanded: 2000-2699.

Answer 726

access-list 10 permit 192.168.10.0 0.0.0.255

Answer 727

access-list 1 permit any

Answer 728

Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Router(config)# access-list 1 deny host 192.168.1.1 The configuration above will permit/allow traffic from 192.168.1.1.

Answer 729

Router(config)# access-list 1 deny host 192.168.1.1 Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255 The configuration above will deny/block traffic from 192.168.1.1.

Answer 730

ACEs are automatically numbered in increments of 10.

Answer 731

ip access-list extended FlackboxACL

Answer 732

NAT (Network Address Translation)

Answer 733

RFC 1918 specifies private IP address ranges which are not routable on the public Internet.

Answer 734

Static NAT

Answer 735

Dynamic NAT

Answer 736

Dynamic NAT with overload, also known as PAT (Port Address Translation)

Answer 737

clear ip nat translation

Answer 738

Dynamic NAT with Overload uses PAT to allow more clients to be translated than IP addresses are available in the NAT pool.

Answer 739

It is the IP address actually configured on the inside host’s Operating System.

Answer 740

The NAT’d address of the inside host as it will be reached by the outside network.

Answer 741

The IP address of the outside host as it appears to the inside network.

Answer 742

It is the IP address assigned to the host on the outside network by the host’s owner.

Answer 743

For one-way NAT, the Outside Local and Outside Global addresses will be reported as being the same.

Answer 744

ip nat pool FlackboxNAT 100.1.2.3 100.1.2.10 netmask 255.255.255.224

Answer 745

interface G0/2

Answer 746

interface G0/1

Answer 747

show ip nat translations

Answer 748

With standard dynamic NAT, you need a public IP address for every inside host which needs to communicate with the outside.

Answer 749

show ip nat statistics

Answer 750

In a dual stack implementation, a network interface can have both an IPv4 and an IPv6 address at the same time, and it can be used as an IPv4 to IPv6 transition strategy.

Answer 751

IPv6 uses a 128 bit address compared to IPv4’s 32 bit address.

Answer 752

ipv6 unicast-routing

Answer 753

IPv6 does not support broadcast traffic, but it does support multicast to all hosts on the local subnet which is functionally equivalent.

Answer 754

Using /64 everywhere simplifies the IPv6 addressing and enables the use of EUI-64 addresses.

Answer 755

With EUI-64, FF:FE is injected in the middle of the 48 bits MAC address to bring the host portion of the IPv6 address up to 64 bits. Also, the 7th bit in the MAC address is inverted.

Answer 756

Neighbor Solicitation

Answer 757

Neighbor Discovery Protocol

Answer 758

These IPv6 addresses are similar to IPv4 RFC 1918 private addresses. They are not publicly reachable.

Answer 759

These IPv6 addresses are valid for communications on that link only.

Answer 760

C004:7B01:09F0:1C01

Answer 761

2001:26CC:0F1D:C001

Answer 762

2001:000F:0012:0000:0000:0034:0000:00A3

Answer 763

Link local addresses

Answer 764

Neighbor Discovery uses ICMPv6 neighbor solicitation messages and neighbor advertisement messages.

Answer 765

This means 'Unspecified address' or 'Unknown address' in IPv6. It is also used as the source when an interface is trying to acquire an address.

Answer 766

With SLAAC, the hosts can send a Router Solicitation message to request information from the router.

Answer 767

1000:B8:0:F:50::B001

Answer 768

FE80::/10 – FEB0::/10

Answer 769

This provides a virtual tunnel between private networks across a shared public network such as the Internet.

Answer 770

VPN connections are between a router or firewall in the office and VPN software installed on an individual user’s device.

Answer 771

VPN connections are terminated on a router or firewall in each office. Software does not need to be installed on user desktops.

Answer 772

This Site-to-Site VPN configuration option is open standard and it does not support multicast.

Answer 773

By using GRE over IPsec, you get the encryption from IPsec, and you also get the multicast support from GRE.

Answer 774

This is a Cisco proprietary Site-to-Site VPN configuration option, which provides scalable, simple, hub and spoke style configuration, and enables direct full mesh connectivity between all offices.

Answer 775

This Site-to-Site IPsec VPN configuration option is Cisco proprietary. It enables a scalable, centralised policy for VPN over a non-public infrastructure.

Answer 776

This WAN connectivity option uses a shared core infrastructure at the service provider. It can be used for connectivity to the Internet and/or connectivity between offices over VPN.

Answer 777

Multi Protocol Label Switching

Answer 778

It combines or ‘multiplexes' multiple optical signals into one optical signal transmitted over a single fiber strand.

Answer 779

T1 leased lines offer a bandwidth of 1.544 Mbps.

Answer 780

VPWS stands for Virtual PseudoWire Service and that is a point-to-point Layer 2 VPN.

Answer 781

VPLS stands for Virtual Private LAN Service and it is a multipoint Layer 2 MPLS VPN.

Answer 782

MPLS runs across the provider's core on the PE and P routers.

Answer 783

These routers do not run MPLS but they peer at Layer 3 with the provider PE routers.

Answer 784

Digital Subscriber Line

Answer 785

PPPoE stands for Point-to-Point Protocol over Ethernet.

Answer 786

The topology option below is a Full Mesh topology.

Answer 787

These attacks are directed against a particular individual or organisation. Skilled attackers will typically start off with low impact reconnaissance.

Answer 788

It is a derogatory term for low skilled attackers who download and use off-the-shelf hacking software to launch exploits.

Answer 789

This type of malware encrypts data with an attacker’s key, and asks the victim to pay money to obtain that key.

Answer 790

A vulnerability is a weakness that compromises the security or functionality of a system.

Answer 791

An exploit uses a weakness to compromise the security or functionality of a system.

Answer 792

It is a Social Engineering attack where the victim is often directed to enter their personal details into the attacker’s website which looks like the reputable company’s legitimate website.

Answer 793

It sits alongside the traffic flow and informs security administrators of any potential concerns.

Answer 794

It sits inline with the traffic flow and can also block attacks.

Answer 795

Firewalls block or permit traffic based on rules such as destination IP address and port number.

Answer 796

Stateful firewalls maintain a connection table which tracks the two-way ‘state’ of traffic passing through the firewall.

Answer 797

Next Generation Firewalls move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and user-based security.

Answer 798

It transforms readable messages into an unintelligible form and then later reverses the process.

Answer 799

With symmetric encryption, the same shared key both encrypts and decrypts the data.

Answer 800

This type of encryption uses private and public key pairs where in the data encrypted with the public key can only be decrypted with the private key, and vice versa.

Answer 801

RSA and ECDSA are Asymmetric encryption algorithms.

Answer 802

DES and AES are examples of Symmetric encryption algorithms.

Answer 803

Hash-Based Message Authentication Code

Answer 804

This solves the secure key distribution problem and it uses a Certificate Authority for the parties who need secure communication.

Answer 805

This is the successor to SSL.

Answer 806

This type of VPN uses symmetric encryption algorithms such to send encrypted traffic between locations over an untrusted network such as the Internet.

Answer 807

Internet Key Exchange (IKE) handles negotiation of protocols and algorithms, and generates the encryption and authentication keys.

Answer 808

It defines the procedures for authenticating and communicating, peer creation, and management of Security Associations. It typically uses IKE for key exchange.

Answer 809

Encapsulating Security Payload

Answer 810

This IPsec mode protects the internal routing information by encrypting the IP header of the original packet.

Answer 811

This IPsec mode encrypts only the payload and the ESP trailer, so the IP header of the original packet is not encrypted.

Networking Essentials Flashcards

Explore key networking concepts and protocols with these engaging flashcards, perfect for mastering essential IT knowledge. (909 cards)