Which public WAN technology provides security by using encrypted tunnels over Internet connections?

-vpn

Which additional functionality is available on an interface when the encapsulation is changed from HDLC
to PPP?

-aunthentication

A general term for Internet services from a mobile phone or from any device that uses the same
technology.

-Wireless Internet

A site-to-site VPN is created when devices on both sides of the VPN connection are aware of the VPN
configuration in advance.

-true

When a PPPoE configuration is being verified, which command can be used to verify the MTU size and
encapsulation type configured on a Cisco router?

-show interface dialer 1

Satellite Internet services are used in locations where land-based Internet access is not available, or for
temporary installations that are mobile.

-true

Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with
wildcard mask 0.0.1.255?
-b. 172.16.2.0 to 172.16.3.255

External BGP is the routing protocol used between routers in different autonomous systems.

-false

What equipment at the cable service provider office connects the office to the subscriber locations?

-cmts

What TCP port is used by BGP to exchange messages between routers?

-179

Dynamic Multipoint VPN (DMVPN) is a Cisco software solution for building multiple VPNs in an easy,
dynamic, and scalable manner.

-false

Which statement describes a characteristic of standard IPv4 ACLs?

-they filter traffic base on source ip addresses only.

To verify the state of a GRE tunnel, use the show interface tunnel command.

-true
Generic Routing Encapsulation (GRE) is one example of a basic, non-secure, site-to-site VPN tunneling
protocol.

-true

What is an advantage offered by GRE tunnels?

- support for ip multicast tunneling

What is the protocol that provides ISPs the ability to send PPP frames over DSL networks?

-pppoe

A newer and faster technology considered to be part of 4G technology.

-Long-Term Evolution

Internal BGP is the routing protocol used between routers in the same AS.

-false

An administrator has configured an access list on R1 to allow SSH administrative access from host
172.16.1.100. Which command correctly applies the ACL?

-. R1(config-line)# access-class 1 in

Which statement describes a difference between the operation of inbound and outbound ACLs?

-b. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after
the routing is completed.
What range of IP addresses is represented by the network and wildcard mask 192.168.70.0 0.0.0.127?

-b. 192.168.70.0 to 192.168.70.127

The use of BGP is most appropriate when an AS has connections to multiple autonomous systems.

-true

What TCP port is used by BGP to exchange messages between routers?

-179

A type of digital modem used with high-speed DSL or cable Internet service.

-digital subcribeer

Dynamic Multipoint VPN (DMVPN) is a Cisco software solution for building multiple VPNs in an easy,
dynamic, and scalable manner.

-false

Which PPP protocol allows a device to specify an IP address for routing over the PPP link?

-chap

What is a disadvantage of leased lines?

-high cost
What is a characteristic of a WAN?

-b. A WAN operates inside the geographic scope of a LAN.

The use of BGP is most appropriate when an AS has connections to multiple autonomous systems.

-true

A construction firm is building a power plant at a remote and isolated mine site and needs to connect
the data network of the plant to the corporate network. Which public technology is the most suitable to
meet the connection needs?

-satellite internet

When a PPPoE configuration is being verified, which command can be used to verify the MTU size and
encapsulation type configured on a Cisco router?

-d. show interface dialer 1

Which public WAN technology provides security by using encrypted tunnels over Internet connections?

-vpn

What equipment at the cable service provider office connects the office to the subscriber locations?

-cmts
Which one of the WAN technologies is inadequate for video traffic but operates adequately for voice
traffic?

-atm

A newer and faster technology considered to be part of 4G technology.

-Long-Term Evolution

Generic Routing Encapsulation (GRE) is one example of a basic, non-secure, site-to-site VPN tunneling
protocol.

-true

Which statement describes a characteristic of standard IPv4 ACLs?

-b. They filter traffic based on source IP addresses only.

A site-to-site VPN is created when devices on both sides of the VPN connection are aware of the VPN
configuration in advance.

-true

Satellite Internet services are used in locations where land-based Internet access is not available, or for
temporary installations that are mobile.

-true

Which protocol is used by PPP to provide authentication and protection from playback attacks?
-chap

Which public WAN technology provides security by using encrypted tunnels over Internet connections?

-vpn

Which WAN technology uses a fixed payload of 48 bytes and is transported across both switched and
permanent virtual circuits?

-atm

A general term for Internet services from a mobile phone or from any device that uses the same
technology.

-wireless internet

Which additional functionality is available on an interface when the encapsulation is changed from HDLC
to PPP?

-aunthentication

It is a WAN protocol that provides Provides router-to-router and host-to-network connections over
synchronous and asynchronous circuits.

-point to point protocol

What is an advantage offered by GRE tunnels?

-support for ip multicast tunneling

To verify the state of a GRE tunnel, use the show interface tunnel command.

-false

Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with
wildcard mask 0.0.1.255?

-b. 172.16.2.0 to 172.16.3.255

What range of IP addresses is represented by the network and wildcard mask 192.168.70.0 0.0.0.127?

-b. 192.168.70.0 to 192.168.70.127

External BGP is the routing protocol used between routers in different autonomous systems.

-false

Which statement describes a difference between the operation of inbound and outbound ACLs?

-a. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after
the routing is completed.

It is a networking device that provides internetworking and WAN access interface ports that are used to
connect to the service provider network.

-wan

What is the protocol that provides ISPs the ability to send PPP frames over DSL networks?
-pppoe

A network engineer is troubleshooting an unsuccessful PPP multilink connection between two routers.
The multilink interface has been created and assigned a number, the interface has been enabled for
multilink PPP, and the interface has been assigned a multilink group number that matches the group
assigned to the member physical serial interfaces. The physical serial interfaces have also been enabled
for PPP multilink. Which additional command should to be issued on the multilink interface?

-d. ip address 192.168.10.1 255.255.255.252

a type of network that establishes a dedicated circuit (or channel) between nodes and terminals before
the users may communicate.

-circuit-switched network

What function does NCP perform in the establishment of a PPP session?

-a. It completes the specific configuration of the network layer protocol that is being used.

This is a point established in a building or complex to separate customer equipment from service
provider equipment.

-Demarcation point

PPP authentication is performed at which OSI layer?

-layer 2
It is the default encapsulation type on point-to-point connections, dedicated links, and circuit-switched
connections when the link uses two Cisco devices.

-ppp

Which statement correctly describes a WAN technology?

-d. MPLS can be used to deliver any type of packet between sites.

Which PPP option enables load balancing on PPP-enabled interfaces that connect to a single destination?

-multilink

With which layers of the OSI model do the PPP control protocols interface?

-b. NCP interfaces with Layer 3; LCP interfaces with Layer 1

A construction firm is building a power plant at a remote and isolated mine site and needs to connect
the data network of the plant to the corporate network. Which public technology is the most suitable to
meet the connection needs?

-b. satellite Internet

Simple Network Management Protocol (SNMP) was developed to allow administrators to manage nodes
such as servers, workstations, routers, switches, and security appliances, on an IP network.

-true
Which service is enabled on a Cisco router by default that can reveal significant information about the
router and potentially make it more vulnerable to attack?

-cdp

is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration
parameters.

-snooping

MAC address table flooding attacks are addressed with port security.

-false

Simple Network Management Protocol (SNMP) was developed to allow administrators to manage nodes
such as servers, workstations, routers, switches, and security appliances, on an IP network.

-true

Which service is enabled on a Cisco router by default that can reveal significant information about the
router and potentially make it more vulnerable to attack?

-cdp

is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration
parameters.

-snooping

MAC address table flooding attacks are addressed with port security.
-false

What is an SNMP management agent?

-c. software that is installed on devices managed by SNMP

It is a type of DHCP where the attacker floods the DHCP server with bogus DHCP requests and eventually
leases all of the available IP addresses in the DHCP server pool.

-DHCP starvation attack

The show monitor command is used to verify the SPAN session.

-true

In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

-brute force attack or true

It is a type of telnet attack where the attacker continuously requests Telnet connections in an attempt to
render the Telnet service unavailable and preventing an administrator from remotely accessing a switch.

-IEEE 802.1X standard

VLAN attacks are controlled by disabling DTP and following basic guidelines for configuring trunk ports.

-true
DHCP is the protocol that automatically assigns a host a valid IP address out of a DHCP pool.

-true

The Cisco Discovery Protocol (CDP) is a proprietary Layer 2 link discovery protocol.

-true

SNMP is an application layer protocol that provides a message format for communication between
managers and agents

-true

It is a type of DHCP attack where the attacker configures a fake DHCP server on the network to issue IP
addresses to clients.

-dos attack

Which mode is used to configure SNMP?

-b. global configuration mode

allows source and destination ports to be in different switches.

-Remote SPAN

What mitigation plan is best for thwarting a DoS attack that is creating a switch buffer overflow?
-enable port security

QoS model specifies a simple and scalable mechanism for classifying and managing network traffic and
providing QoS guarantees on modern IP networks.

-Differentiated Services

Network traffic can be marked at both Layer 2 and Layer 3 for QoS..

-true

Packets are assigned to user-defined classes based on matches to criteria such as protocols, ACLs, and
input interfaces.

-cbwfq

Delay-sensitive data such as voice is added to a priority queue so that it can be sent first (before packets
in other queues).

-llq

How many levels of priority are possible when using class of service (CoS) marking on frames?

-8

Which type of traffic does Cisco recommend be placed in the strict priority queue (PQ) when low latency
queuing (LLQ) is being used?

-video
CBWFQ extends the standard WFQ functionality to provide support for user-defined traffic classes.

-true

Packets are classified into different flows based on header information including the ToS value.

-wfq

Which model is the only QoS model with no mechanism to classify packets?

-best effort

IntServ provides a way to deliver the end-to-end QoS that real-time applications require by explicitly
managing network resources to provide QoS to specific user packet streams, sometimes called
microflows.

-false

Packets are forwarded in the order in which they are received.

-fifo

What happens when the memory queue of a device fills up and new network traffic is received?

-c. he network device will drop the arriving packets.

What is the default queuing method used on the LAN interfaces of Cisco devices?
-fifo

What happens when an edge router using IntServ QoS determines that the data pathway cannot support
the level of QoS requested?

-c. Data is not forwarded along the pathway.

Which queuing method provides user-defined traffic classes where each traffic class has a FIFO queue?

-c. CBWFQ

What does the WFQ automated scheduling method stands for?

-Weighted fair queueing

The LLQ feature brings strict priority queuing (PQ) to CBWFQ.

-true

Under which condition does congestion occur on a converged network with voice, video, and data
traffic?

-b. if the request for bandwidth exceeds the amount of bandwidth available

Which statement describes the QoS classification and marking tools?

-b. Marking is the adding of a value to a packet header.

It is a SPAN Terminology which refers to the traffic that leaves the switch.

-Catalyst

feature on Cisco switches is a type of port mirroring that sends copies of the frame entering a port, out
another port on the same switch.

-Switched Port Analyzer

It is a queuing algorithm which extends the standard WFQ functionality to provide support for user-
defined traffic classes.

-Class-based weighted fair queuing

It SPAN Terminology which refers to the traffic that enters the switch.

-Ingress traffic

It is a queuing algorithm which feature brings strict priority queuing (PQ) to CBWFQ.

-Low-latency queuing

It is a queuing algorithm also known as first-come, first-served (FCFS) queuing, involves buffering and
forwarding of packets in the order of arrival.

-fifo

MAC address table flooding attacks are addressed with port security.
-false

It is an ever increasing requirement of networks today

-a. Quality of Service

It is a type of telnet attack where the attacker may use a list of common passwords, dictionary words,
and variations of words to discover the administrative password

-brute force attack

How can SNMP access be restricted to a specific SNMP manager?

-c. Define an ACL and reference it by using the snmp-server community command.

It is a queuing algorithm which is an automated scheduling method that provides fair bandwidth
allocation to all network traffic.

-Queueing Algorithms

The IoT refers to the network of billons of physical objects accessible through the Internet as we
continue to connect the unconnected.

-true

Cloud computing and virtualization are different terms that refer to the same thing.

-true
This is typically regarded as the brains of a device.

-Central Processing Unit

Which Cloud computing service would be best for an organization that needs to collaboratively create
applications and deliver them over the web?

-PaaS

A network architecture that virtualizes the network.

-Software Defined Networking

This type of SDN uses a centralized controller that has knowledge of all devices in the network.

-Controller-based SDN

Today, over __% of things in the physical world are still not connected to the Internet. Select the answer
that will complete the statement.

-99

Which network traffic management technology is a basic element in SDN implementations?

-openflow

is a collection of end-point groups (EPG), their connections, and the policies that define those
connections.

-Application Network Profile

What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture??

-b. The leaf switches always attach to the spines, but they never attach to each other.

These switches provide an application-aware switching fabric and work with an APIC to manage the
virtual and physical network infrastructure.

-Cisco Nexus 9000 Series switches

Simple Network Management Protocol (SNMP) was developed to allow administrators to manage nodes
such as servers, workstations, routers, switches, and security appliances, on an IP network.

-true

Which service is enabled on a Cisco router by default that can reveal significant information about the
router and potentially make it more vulnerable to attack?

-cdp

is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration
parameters.

-snooping

MAC address table flooding attacks are addressed with port security.

-false
What is an SNMP management agent?

-c. software that is installed on devices managed by SNMP

It is a type of DHCP where the attacker floods the DHCP server with bogus DHCP requests and eventually
leases all of the available IP addresses in the DHCP server pool.

-DHCP starvation attack

The show monitor command is used to verify the SPAN session.

-true

In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

-brute force attack or true

It is a type of telnet attack where the attacker continuously requests Telnet connections in an attempt to
render the Telnet service unavailable and preventing an administrator from remotely accessing a switch.

-IEEE 802.1X standard

VLAN attacks are controlled by disabling DTP and following basic guidelines for configuring trunk ports.

-true

DHCP is the protocol that automatically assigns a host a valid IP address out of a DHCP pool.
-true

The Cisco Discovery Protocol (CDP) is a proprietary Layer 2 link discovery protocol.

-true

SNMP is an application layer protocol that provides a message format for communication between
managers and agents

-true

It is a type of DHCP attack where the attacker configures a fake DHCP server on the network to issue IP
addresses to clients.

-dos attack

Which mode is used to configure SNMP?

-b. global configuration mode

allows source and destination ports to be in different switches.

-Remote SPAN

What mitigation plan is best for thwarting a DoS attack that is creating a switch buffer overflow?

-enable port security

QoS model specifies a simple and scalable mechanism for classifying and managing network traffic and
providing QoS guarantees on modern IP networks.
-Differentiated Services

Network traffic can be marked at both Layer 2 and Layer 3 for QoS..

-true

Packets are assigned to user-defined classes based on matches to criteria such as protocols, ACLs, and
input interfaces.

-cbwfq

Delay-sensitive data such as voice is added to a priority queue so that it can be sent first (before packets
in other queues).

-llq

How many levels of priority are possible when using class of service (CoS) marking on frames?

-8

Which type of traffic does Cisco recommend be placed in the strict priority queue (PQ) when low latency
queuing (LLQ) is being used?

-video

CBWFQ extends the standard WFQ functionality to provide support for user-defined traffic classes.

-true
Packets are classified into different flows based on header information including the ToS value.

-wfq

Which model is the only QoS model with no mechanism to classify packets?

-best effort

IntServ provides a way to deliver the end-to-end QoS that real-time applications require by explicitly
managing network resources to provide QoS to specific user packet streams, sometimes called
microflows.

-false

Packets are forwarded in the order in which they are received.

-fifo

What happens when the memory queue of a device fills up and new network traffic is received?

-c. he network device will drop the arriving packets.

What is the default queuing method used on the LAN interfaces of Cisco devices?

-fifo

What happens when an edge router using IntServ QoS determines that the data pathway cannot support
the level of QoS requested?
-c. Data is not forwarded along the pathway.

Which queuing method provides user-defined traffic classes where each traffic class has a FIFO queue?

-c. CBWFQ

What does the WFQ automated scheduling method stands for?

-Weighted fair queueing

The LLQ feature brings strict priority queuing (PQ) to CBWFQ.

-true

Under which condition does congestion occur on a converged network with voice, video, and data
traffic?

-b. if the request for bandwidth exceeds the amount of bandwidth available

Which statement describes the QoS classification and marking tools?

-b. Marking is the adding of a value to a packet header.

It is a SPAN Terminology which refers to the traffic that leaves the switch.

-Catalyst
feature on Cisco switches is a type of port mirroring that sends copies of the frame entering a port, out
another port on the same switch.

-Switched Port Analyzer

It is a queuing algorithm which extends the standard WFQ functionality to provide support for user-
defined traffic classes.

-Class-based weighted fair queuing

It SPAN Terminology which refers to the traffic that enters the switch.

-Ingress traffic

It is a queuing algorithm which feature brings strict priority queuing (PQ) to CBWFQ.

-Low-latency queuing

It is a queuing algorithm also known as first-come, first-served (FCFS) queuing, involves buffering and
forwarding of packets in the order of arrival.

-fifo

MAC address table flooding attacks are addressed with port security.

-false

It is an ever increasing requirement of networks today

-a. Quality of Service

It is a type of telnet attack where the attacker may use a list of common passwords, dictionary words,
and variations of words to discover the administrative password

-brute force attack

How can SNMP access be restricted to a specific SNMP manager?

-c. Define an ACL and reference it by using the snmp-server community command.

It is a queuing algorithm which is an automated scheduling method that provides fair bandwidth
allocation to all network traffic.

-Queueing Algorithms

The IoT refers to the network of billons of physical objects accessible through the Internet as we
continue to connect the unconnected.

-true

Cloud computing and virtualization are different terms that refer to the same thing.

-true

This is typically regarded as the brains of a device.

-Central Processing Unit

Which Cloud computing service would be best for an organization that needs to collaboratively create
applications and deliver them over the web?

-PaaS

A network architecture that virtualizes the network.

-Software Defined Networking

This type of SDN uses a centralized controller that has knowledge of all devices in the network.

-Controller-based SDN

Today, over __% of things in the physical world are still not connected to the Internet. Select the answer
that will complete the statement.

-99

Which network traffic management technology is a basic element in SDN implementations?

-openflow

is a collection of end-point groups (EPG), their connections, and the policies that define those
connections.

-Application Network Profile

What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture??

-b. The leaf switches always attach to the spines, but they never attach to each other.
These switches provide an application-aware switching fabric and work with an APIC to manage the
virtual and physical network infrastructure.

-Cisco Nexus 9000 Series switches

What is an example of an M2M connection?

-b. a sensor in a garbage can signaling that it is full and delivering the data to a GPS mapping system for
the sanitation truck to adjust its route for pickups

Which term describes the data exchanges between virtual servers in a data center?

-a. east-west traffic

is considered to be the brains of the ACI architecture.

-APIC

How many "things" are predicted to be interconnected on the Internet by 2020?

-c. 50 billion

A purpose-built hardware solution for integrating cloud computing and data center management.

-Cisco Application Centric Infrastructure

What is a characteristic of data flow processing in SDN?

-a. Each data flow through the network must be approved by the SDN controller first.

Also called the forwarding plane, this plane is typically the switch fabric connecting the various network
ports on a device.

-Data plane

SDN is a network architecture that has been developed to virtualize the network.

-true

topology illustrates how devices are logically connected to the network, meaning how devices actually
transfer data across the network when communicating with other devices.

-Logical Topology

topology shows the physical layout of the devices connected to the network.

-Physical Topology

transmits bits from one computer to another and regulates the transmission of a stream of bits over the
physical medium.

-physical layer

Which command runs several other show commands in order to generate many pages of detailed
troubleshooting information?

-a. show tech-support

Use the show ip sla configuration operation-number command to display configuration values including
all defaults for IP SLA operations or for a specific operation.

-true

Which troubleshooting tool can be used to pinpoint the distance to a break in a network cable?

-b. cable tester

The show ip interface brief and show ipv6 interface brief commands are used to display the up or down
status and IP address of all interfaces on a device.

-true

A network engineer is investigating an access issue to a web server. The web server can access the
Internet and the local clients can open the web pages. However, outside clients cannot access the web
pages. What is the most likely cause of the problem?

-a. An ACL is blocking incoming connections.

Which statement describes the physical topology for a LAN?

-b. It defines how hosts and network devices connect to the LAN.

diagrams keep track of the location, function, and status of devices on the network.

-Network topology
When is the most appropriate time to measure network operations to establish a network performance
baseline?

-b. at the same time each day across a set period of average working days, so that typical traffic patterns
can be established

Which feature sends simulated data across the network and measures performance between multiple
network locations?

-b. IP SLA

The OSI reference model describes how information from a software application in one computer moves
through a network medium to a software application in another computer.

-true

A network administrator issues the telnet www.cisco.com 25 command on the workstation. What is the
purpose of this command?

-b. to probe the server that provides the web service to determine if it is also running an email service

The show cdp neighbors detail command is used to obtain detailed information about directly connected
Cisco neighbor devices.

-true

The show ip route and show ipv6 route commands are used to display the routing table in a router to
learn the directly connected neighbors, more remote devices (through learned routes), and the routing
protocols that have been configured.

-true
are specialized, handheld devices designed for testing the various types of data communication cabling.

-Cable Testers

After gathering symptoms, if the troubleshooter determines that the problem is located outside the
control of the organization, what is the next step?

-c. Contact the administrator of the external system.

A network engineer is troubleshooting a network that has recently been updated with a new routing
protocol, but the network is not working as expected. The engineer is comparing the running
configuration from before and after the change was made. Which approach to troubleshooting the
problem is the engineer using?

-b. divide-and-conquer

A client calls the support desk and says this to a technician: "I have just started my computer and
attempted to check e-mail. The error 0x800ccc0d was displayed. However, I was able to connect to
network drives and access the Internet." Which statement would describe the status of this issue?

-b. The helpdesk has enough information to begin finding a resolution.

is software that creates and runs VM instances and can be installed directly on hardware or run as an
application on an OS.

-Hypervisors

Which component in a traditional infrastructure device provides Layer 2 and Layer 3 functions to create
data paths within a network?
-b. control plane

For a data center, what is the difference in the server virtualization data traffic compared with the
traditional client-server model?

-c. There are significant data exchanges between virtual servers.

Cloud computing and virtualization are different terms that refer to the same thing.

-false

An attack has been launched within a company and a host name has been identified as the source. What
command can a network technician use to determine the IP address assigned to the host name?

d. nslookup