Download CCNA Practice Examinations with Marking Schemes and more Exams Computer Science in PDF only on Docsity!
CCNA Practice Examinations with correct
marking schemes
Which three types of booting are supported on servers? (Choose three.) booting from internal storage booting from LAN booting from SAN booting from WAN booting from wireless - Correct Answer booting from internal storage booting from LAN booting from SAN Which two characteristics apply to small office/home office (SOHO) routers? (Choose two.) They are more expensive than enterprise routers. They are more reliable than enterprise routers. They have a web-based administration interface. They have integrated security functionality. They perform intensive routing tasks. - Correct Answer They have a web-based administration interface. They have integrated security functionality.
- SOHO routers usually route between a small number of subnets, thereby freeing resources to perform other networking tasks. SOHO routers integrate functionalities
provided by other networking devices, such as switches, firewalls and DNS servers. Enterprise-grade routers are designed for very high reliability and are more reliable than SOHO routers. Which two parameters can be used for metric calculations? (Choose two.) IP Address Hop count Link Up/Downtime Bandwidth Default Route Local Routes - Correct Answer Hop count Bandwidth
The metric calculation is a critical component of any routing protocol. The routing protocol uses multiple factors to calculate the metric for a path, such as Hop Count, Bandwidth, Delay, and Cost. What is the network ID of the IPv6 address 2001:db8:deca:abce:45eb:27ff:feba:fa38/48? 2001:: 2001:db8:: 2001:db8:deca:: 2001:db8:deca:abce:: - Correct Answer 2001:db8:deca::
Each hexadecimal character represents 4 binary bits. The first 12 characters correspond to 48 bits. 2001:db8:deca:abce:: would have the /64 prefix, 2001:db8:: would have the / prefix, and 2001: would have the /16 prefix. In a wireless IEEE 802.11 implementation, what is the most secure option to protect user traffic? WEP WPA WPA WPA3 - Correct Answer WPA
When connecting data center switches to the network core, high bandwidth is required. Because data centers are typically at the same location as the network core, multimode fiber cables are used to connect the switches instead of single-mode fiber cables. Which two types of cables can be used to connect to the console port of a Cisco router? (Choose two.) crossover rollover serial straight-through USB - Correct Answer rollover USB
Cisco devices traditionally used rollover cables to connect to the console port. Today, Cisco devices also offer a USB mini console port on the device. Which three fields are included in a TCP header? (Choose three.) destination address destination port flags frame check sequence window size - Correct Answer destination port flags window size
The destination port is the sequence of the called port (16 bits), window size is the sequence of the data amount the destination can accept (16 bits), and flags are control bits (9 bits). Which group of devices in a network receive IPv6 packets with the destination address of ff05::2? all IPv6 nodes on all the network segments within a site all IPv6 nodes on the local network segments all IPv6 routers on all the network segments within a site all IPv6 routers on the local network segments
all OSPFv3 routers on all the network segments within a site all OSPFv3 routers on the local network segments - Correct Answer all IPv6 routers on all the network segments within a site
The hexadecimal digits "ff" in the IPv6 address prefix are an indication of a multicast address. The fourth hexadecimal digit indicates the scope, with the number five representing a site-local scope. The group ID of ::2 represents all IPv6 routers. What are two characteristics of an anycast IPv6 address? (Choose two.) - Correct Answer It can be assigned to multiple nodes. It is assigned from the unicast IPv6 address space.
Anycast IPv6 addresses are syntactically indistinguishable from unicast IPv6 addresses, and they do not have a dedicated prefix assigned. Anycast IPv6 addresses cannot be used by hosts, and they must not be used as the source address of an IPv6 packet. On a Cisco switch, which two commands would you use to identify ports that are configured as trunks? (Choose two.) show interfaces status show interfaces summary show interfaces trunk show ip interface brief show vlan brief - Correct Answer show interfaces status show interfaces trunk Which fields does the 802.1Q header add to an Ethernet frame? CRC EtherType preamble VLAN ID - Correct Answer VLAN ID
The 802.1Q header is a tag which includes VLAN ID. This header does not include CRC, EtherType or preamble.
When an access point (AP) is operating in local mode, on which network device is wireless client traffic switched? on a network switch on a wireless access controller (WLC) on the egress AP on the ingress AP - Correct Answer on a wireless access controller (WLC)
In local mode, the AP sends all the client traffic to the WLC. The network switch would switch the traffic between two stand-alone APs. The egress and ingress points have no influence on the switching decision. When an enterprise has to comply with strict data security regulations, which cloud deployment model should they use for their services? community hybrid private public - Correct Answer private
The main characteristic of a private cloud is lack of public access. It is a type of deployment where the infrastructure is owned, managed and operated by the user. It provides the benefits of cloud computing while maintaining control over corporate data, security and performance. Community, hybrid, and public cloud deployments do not provide full control over infrastructure and, as such, do not comply with the necessary regulations. Refer to the exhibit. PC1 does not have a default gateway configured. The R1 router has a proxy ARP feature enabled on all its Ethernet interfaces. When PC1 sends a frame to the File Server, what is the destination MAC address in the outgoing frame? aa:aa:aa:11:11:11 - R1 interface to PC aa:aa:aa:22:22: bb:bb:bb:11:11: bb:bb:bb:22:22:22 - Correct Answer aa:aa:aa:11:11:11 - R1 interface to PC Refer to the exhibit. PC_A wants to communicate with PC_B, which resides on a different network. The hosts are connected via a router that acts as the default gateway for both. The ARP tables on all three devices are empty.
When PC_A sends the first frame, which two things happen in the process? (Choose two.) PC_A broadcasts the frame intended for PC_B. PC_A sends a broadcast ARP request looking for the MAC address of the router. The router adds an IPv4 address to the MAC address's mapping for PC_A to its ARP table. The router drops the packet after checking for the mapping of PC_B's IP address. The router receives a frame with its own MAC and mismatched IP address, and drops it. - Correct Answer PC_A sends a broadcast ARP request looking for the MAC address of the router. The router adds an IPv4 address to the MAC address's mapping for PC_A to its ARP table.
Since PC_A does not have a destination MAC address for the IP address of host B, it first acquires this information using ARP. The ARP request is broadcast, and the router and all other devices on the same network segment receive the ARP request. Only the router responds to it with its own MAC address. Examine the configurations of the devices in segment A. Which two address configuration mistakes were made? (Choose two.) The IPv4 address was incorrect on R1. The IPv4 address was incorrect on R2. The IPv4 address was incorrect on R3. The subnet mask was incorrect on R1. The subnet mask was incorrect on R3. - Correct Answer The IPv4 address was incorrect on R1. The subnet mask was incorrect on R3.
The R1 router had an IP address of 172.16.31.9 set, which is not part of the first VLSM network (172.16.31.0/29). The subnet mask on R3 was 255.255.255.240, which sets a bigger network (14 hosts) than is necessary. On PC1, which address did you configure as the default gateway? 172.16.31. 172.16.31.
The address is automatically configured by the device itself. The device is reachable via the internet. The IP address is used to communicate with the default gateway. The IP address is a loopback address. - Correct Answer The address is automatically configured by the device itself.
The address space 169.254.0.0/16 is reserved for link-local IPv4 addresses. An end- device that supports IPv4 link-local addresses self-assigns an IPv4 address from the 169.254.0.0/16 range, when the address is not specified otherwise. The link-local IPv address can be used only for local network connectivity and will not be routed. Which three statements about IPv4 addresses are true? (Choose three.) 8.0.0.0 is a public address. 10.8.0.0 is a private address. 127.0.0.1 is a reserved address. 172.30.0.0 is a public address. 192.170.0.0 is a private address. - Correct Answer 8.0.0.0 is a public address. 10.8.0.0 is a private address. 127.0.0.1 is a reserved address.
192.170.0.0 is a public IPv4 address, and 172.30.0.0 is a private IPv4 address. You are tasked with installing and configuring a new PoE-supported IP camera with a power consumption of 20 W. After connecting it to a PoE-enabled switch, the camera does not turn on. What is the likely cause of the problem? The cable connecting the switch and the camera is too long. The camera requires additional configuration to work with PoE. The switch does not support the PoE Plus standard. The switch requires additional configuration to enable PoE on the interface. - Correct Answer The switch does not support the PoE Plus standard.
The switch does not support the PoE Plus standard. Normal PoE can only provide up to 15.4 W of power, while PoE Plus provides up to 30 W. Devices that support PoE do not
need to be configured to use it, as they will power on when connected to the Ethernet. PoE is enabled on all ports. Supplied PoE power decreases with range, but the drop is minimal. Which two symptoms are characteristic of a duplex mismatch? (Choose two.) The full-duplex side of the link will experience increased collision rates. The half-duplex side of the link will experience increased collision rates. TCP data transfer will perform better than UDP data transfer. The connection will not be operational. The full-duplex side of the link will have a large number of CRC errors. - Correct Answer The half-duplex side of the link will experience increased collision rates. The full-duplex side of the link will have a large number of CRC errors.
The full-duplex side of the link does not detect any collisions, since Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is disabled on the full-duplex side of the link. The connections with a duplex mismatch are typically operational, but they operate poorly. When used to send a larger amount of data, the TCP data transfer would provoke collisions and trigger TCP retransmissions, which slows down the transfer. What is the default aging timer value on Cisco switches? 180 seconds 240 seconds 300 seconds 360 seconds - Correct Answer 300 seconds After receiving an Ethernet frame, a switch examines the destination MAC address, and forwards the frame out of all ports except the incoming port. In which communication types can this behavior occur? in broadcast and multicast communication in broadcast communication in broadcast, multicast, and unicast communication in unicast communication - Correct Answer in broadcast, multicast, and unicast communication
The subnet mask consists of 32 bits, just as the address does. It uses ones and zeros to indicate which bits of the address are network and subnet bits, and which bits are host bits. What are two differences between the RADIUS and TACACS+ protocols? (Choose two.) RADIUS combines authentication and authorization, while TACACS+ implements two separate processes. RADIUS encrypts the entire payload, while TACACS+ encrypts only the password. RADIUS is a TCP-based protocol, while TACACS+ is a UDP-based protocol. RADIUS is a UDP based protocol. TACACS+ is a TCP based protocol. RADIUS supports bidirectional authentication, while TACACS+ supports only unidirectional authentication. - Correct Answer RADIUS combines authentication and authorization, while TACACS+ implements two separate processes. RADIUS is a UDP based protocol. TACACS+ is a TCP based protocol.
RADIUS is an open standard that combines authentication and authorization services into a single process. TACACS+ is a Cisco proprietary security mechanism that can be used only for authorization and accounting while using another method of authentication. TACACS+ uses the Transmission Control Protocol (TCP) for all three services. Refer to the exhibit. In an 802.1X implementation, what are the roles of the devices shown? A: authenticator, B: supplicant, C: authentication server A: client device, B: supplicant, C: authentication server A: supplicant, B: authenticator, C: authentication server A: supplicant, B: client device, C: authentication server - Correct Answer A: client device, B: supplicant, C: authentication server
A supplicant is a workstation with 802.1X-compliant client software. An authenticator acts as a proxy between the supplicant and an authentication server. An authentication server authenticates supplicants connecting to a switch port. Which feature of PVST+ is not available in RSTP? fast convergence on topology changes
per-port STP per-VLAN STP instance edge ports - Correct Answer per-VLAN STP instance
PVST+ is used on VLANs, while RSTP is used in LANs. Convergence is the state of a set of routers that have the same topological information about the internetwork where they are connected. Per-port STP is available in both PVST+ and RSTP, and PVST+ PortFast corresponds with the RSTP edge port concept. If a port is still a designated or root port at the end of the learning state, which state will it enter? blocking disabled forwarding learning listening - Correct Answer forwarding
This port sends and receives all data frames on the bridged port. A blocked port only listens to BPDUs (Bridge Protocol Data Units), and it does not forward any frames. Disabled ports do not participate in frame forwarding. A port changes to a learning state after a listening state. After a blocking state, the designated port moves to a listening state. Examine the configurations of the switches SW1 and SW2. SW2 cannot obtain Layer 2 information from SW1 using CDP. Why? because CDP is disabled on the interface connecting to SW because CDP is globally disabled on SW because the interface connecting to SW1 is down because the interface connecting to SW1 is in the wrong VLAN because STP is blocking the interface connecting to SW1 - Correct Answer because CDP is globally disabled on SW
The Cisco Discovery Protocol works as long it is globally enabled and not disabled on specific interfaces connecting two devices, and the two devices have L1 and L connectivity.
PC1 > R1 > R2 > R3 > SW3 > SRV
PC1 > R1 > R3 > SW2 > SRV
PC1 > SW1 > R1 > R2 > R3 > SRV1 - Correct Answer PC1 > R1 > R2 > R3 > SRV
SW1 and SW3 do not participate in Layer 3 processing of either ICMP or UDP messages that are generated by the traceroute tool. Therefore, switches do not respond with ICMP replies. If the static routing was correctly configured as instructed, the traceroute traffic should flow from PC1 through R1 to R2, and terminate at SRV1. On R3, shut down the interface toward R2. On PC1, issue the ping command toward the IPv4 address of SRV1. What is the result? an "unreachable network" error is returned ping is only partly successful (20-30%) ping is successful (80-100%) ping is unsuccessful (0%) - Correct Answer ping is unsuccessful (0%)
If static routing was correctly configured and connection between R2 and R3 disabled, the ping is unsuccessful, because no traffic can pass between R2 and R3. The unreachable network error is returned if no route (default or otherwise) exists on PC1 to the network of SRV1. Trace the path that IPv4 packets take from PC1 to SRV1. What is the hop sequence that the packets follow? PC1 > R1 > R2 > R3 > SRV PC1 > R1 > R2 > R3 > SW3 > SRV PC1 > R1 > R3 > SW2 > SRV PC1 > SW1 > R1 > R2 > R3 > SRV1 - Correct Answer PC1 > R1 > R2 > R3 > SRV Refer to the exhibit. You must ensure full connectivity in the network. When configuring trunking on SW3, which configuration would you use? - Correct Answer SW3(config)# interface range GigabitEthernet0/1- 2 SW3(config-if-range)# switchport mode trunk SW3(config-if-range)# switchport trunk allowed vlan 10,20,30 SW3(config-if-range)# switchport trunk native vlan 39 SW3(config-if-range)# end SW3# configure terminal
SW3(config)# vlan 10,20, SW3(config-vlan)# end In order to allow SNMP traffic to flow throughout the network, which two communication scenarios must be allowed? (Choose two.) TCP to port 161 TCP to port 162 UDP and TCP to port 161 UDP and TCP to port 162 UDP to port 161 UDP to port 162 - Correct Answer UDP to port 161 UDP to port 162
SNMP uses the UDP transport mechanism to retrieve and send management information. The SNMP manager polls the SNMP agents and queries the MIB via SNMP agents on UDP port 161. The SNMP agent can also send triggered messages called traps to the SNMP manager, on UDP port 162. Which three SNMP messages are sent from an SNMP agent to an SNMP manager? (Choose three.) GetRequest GetNextRequest InformRequest Response SetRequest Trap - Correct Answer InformRequest Response Trap
GetRequest, GetNextRequest and SetRequest are SNMP messages that an SNMP manager sends to an SNMP agent. Which command would you use to verify the number of excluded addresses on a router configured as a DHCP server? show ip dhcp bindings
Two routers, A and B, are part of the Hot Standby Router Protocol (HSRP) standby group. There was no priority configured, and router A with the highest IP address for this HSRP group. Which statement is correct? Router A will be in the ACTIVE state and router B will be in the ACTIVE state. Router A will be in the ACTIVE state and router B will be in the STANDBY state. Router A will be in the LISTEN state and router B will be in the STANDBY state Router A will be in the STANDBY state and router B will be in the STANDBY state. - Correct Answer Router A will be in the ACTIVE state and router B will be in the STANDBY state.
In normal operation, one router is always active and the other on standby, waiting to take over if the active router fails. Which command would you use to configure a router ID on a Cisco router? R1 (config-router)# ip router-id ip-address R1 (config-router)# router-id ip-address R1 (config)# ip router-id ip-address R1 (config)# router-id ip-address - Correct Answer R1 (config-router)# router-id ip- address
For the network device administrator to configure a router ID on a router, the router-id ip- address command is used. The ip router-id ip-address, ip router-id ip-address, and router- id ip-address commands do not configure router IDs. When determining the OSPF router ID, what is the last action that the router will perform? Choosing the highest IPv4 address on a loopback interface. Choosing the highest IPv4 address on an active interface. Choosing the lowest IPv4 address on a loopback interface. Choosing the lowest IPv4 address on an active interface. - Correct Answer Choosing the highest IPv4 address on an active interface.
The router will set the OSPF router ID to the manually configured value. If the OSPF router ID is not configured, then the router will use the highest IPv4 address on a loopback
interface for the OSPF router ID. When neither the manual nor loopback-based router ID is determined, the last action the router performs is to use the highest IPv4 address of an active interface. Which two statements describe examples of social engineering attacks? (Choose two.) Cracking a user password using personal data related to the victim. Defacing a website and explaining the political ideology behind the attack. Delivering a DoS attack from a server trusted by all company users. Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine. - Correct Answer Sending an email from a seemingly legitimate address with writing that adopts typical sender language. Sending an infected USB with a magazine.
Social engineering is the process of manipulating people in order to capitalize on expected behaviors. Social engineering often involves utilizing social skills, relationships, or understanding of cultural norms to manipulate people inside a network to provide the information that is needed to access the network. Sending a USB with the right magazine or sending an email from a known address are methods of manipulating people. DoS attacks, password cracking, and website defacing are not based on manipulation, even if the information is related to specific users. What is a way of mitigating social engineering attacks? Avoiding making copies of files on external memory devices. Avoiding using personal data to create a password. Assigning administration privileges only to people with technical knowledge. Training users about correct security behaviors. - Correct Answer Training users about correct security behaviors.
Social engineering attacks are based on manipulating people. The usual goal of these attacks is to trick a user into launching malware or sharing certain information. The most important aspect of mitigating social engineering attacks is to make users aware of the existence of such attacks and advise them regarding appropriate behavior in case of anomalous requests.
