CCNA 4 v6.0 Final Exam Answers 100% Option C

1. What is a primary difference between a company LAN and the WAN services that it uses?

The company must subscribe to an external WAN service provider.*

The company has direct control over its WAN links but not over its LAN.

Each LAN has a specified demarcation point to clearly separate access layer and distribution layer equipment.

The LAN may use a number of different network access layer standards whereas the WAN will use only one standard.

2. Which circumstance would result in an enterprise deciding to implement a corporate WAN?

when its employees become distributed across many branch locations*

when the network will span multiple buildings

when the number of employees exceeds the capacity of the LAN

when the enterprise decides to secure its corporate LAN

3.To which two layers of the OSI model do WAN technologies provide services? (Choose two.)

network layer

session layer

physical layer*

transport layer

data link layer*

presentation layer

4. Which two technologies are private WAN technologies? (Choose two.)


Frame Relay*




5. Which WAN technology can switch any type of payload based on labels?





6. What technology can be used to create a private WAN via satellite communications?


3G/4G cellular




7. Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?





8. A corporation is searching for an easy and low cost solution to provide teleworkers with a secure connection to headquarters. Which solution should be selected?

dial-up connection

leased line connection

site-to-site VPN over the Internet

remote access VPN over the Internet*

9. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?





10. Refer to the exhibit.

Communication between two peers has failed. Based on the output that is shown, what is the most likely cause?

interface reset

unplugged cable

improper cable type

PPP issue*

11. Refer to the exhibit.

Which type of Layer 2 encapsulation used for connection D requires Cisco routers?





12. Which three statements are true about PPP? (Choose three.)

PPP can use synchronous and asynchronous circuits.*

PPP can only be used between two Cisco devices.

PPP carries packets from several network layer protocols in LCPs.

PPP uses LCPs to establish, configure, and test the data-link connection.*

PPP uses LCPs to agree on format options such as authentication, compression, and error detection.*

13. A network administrator is configuring a PPP link with the commands:

R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70

What is the effect of these commands?

The PPP link will be closed down if the link quality drops below 70 percent.*

The NCP will send a message to the sending device if the link usage reaches 70 percent.

The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.

The PPP link will not be established if more than 30 percent of options cannot be accepted.

14. A network administrator is evaluating authentication protocols for a PPP link. Which three factors might lead to the selection of CHAP over PAP as the authentication protocol? (Choose three.)

establishes identities with a two-way handshake

uses a three-way authentication periodically during the session to reconfirm identities*

control by the remote host of the frequency and timing of login events

transmits login information in encrypted format*

uses an unpredictable variable challenge value to prevent playback attacks*

makes authorized network administrator intervention a requirement to establish each session

15. Which cellular or mobile wireless standard is considered a fourth generation technology?





16. A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?





17. Which technology can ISPs use to periodically challenge broadband customers over DSL networks with PPPoE?




Frame Relay

18. What are the three core components of the Cisco ACI architecture? (Choose three.)

Application Network Profile*

Application Policy Infrastructure Controller*

Cisco Nexus Switches*

Microsoft hypervisor

Cisco Information Server

Virtual Security Gateway

19. Which statement describes a feature of site-to-site VPNs?

The VPN connection is not statically defined.

VPN client software is installed on each host.

Internal hosts send normal, unencapsulated packets.*

Individual hosts can enable and disable the VPN connection.

20. What are three features of a GRE tunnel? (Choose three.)

creates nonsecure tunnels between remote sites*

transports multiple Layer 3 protocols*

creates additional packet overhead*

uses RSA signatures to authenticate peeers

provides encryption to keep VPN traffic confidential

supports hosts as GRE tunnel endpoints by installing Cisco VPN client software

21. Refer to the exhibit.

What two commands are needed to complete the GRE tunnel configuration on router R1? (Choose two.)

R1(config-if)# tunnel source*

R1(config-if)# tunnel source

R1(config-if)# tunnel destination*

R1(config-if)# tunnel destination

R1(config-if)# tunnel source

R1(config-if)# tunnel destination

22. What does BGP use to exchange routing updates with neighbors?

TCP connections*

area numbers

group identification numbers


23. Refer to the exhibit.

The network administrator that has the IP address of needs to have access to the corporate FTP server ( The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)

access-list 105 permit ip host host
access-list 105 permit tcp any host eq www
access-list 105 permit ip any any

access-list 105 permit tcp host any eq www
access-list 105 permit tcp host host eq 20
access-list 105 permit tcp host host eq 21

access-list 105 permit tcp host host eq 20
access-list 105 permit tcp host host eq 21
access-list 105 permit tcp host eq www
access-list 105 deny ip any host
access-list 105 permit ip any any***

R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in

R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out*

R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out

24. Refer to the exhibit.

A router has an existing ACL that permits all traffic from the network. The administrator attempts to add a new statement to the ACL that denies packets from host and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host while still permitting all other traffic from the network?

Manually add the new deny statement with a sequence number of 5.*

Manually add the new deny statement with a sequence number of 15.

Create a second access list denying the host and apply it to the same interface.

Add a deny any any statement to access-list 1.

25. Refer to the exhibit.

What can be determined from this output?

The ACL is missing the deny ip any any ACE.

Because there are no matches for line 10, the ACL is not working.

The ACL is only monitoring traffic destined for from three specific hosts.

The router has not had any Telnet packets from that are destined for*

26. What is the only type of ACL available for IPv6?

named standard

named extended*

numbered standard

numbered extended

27. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?

permit tcp any host 2001:DB8:10:10::100 eq 25*

permit tcp host 2001:DB8:10:10::100 any eq 25

permit tcp any host 2001:DB8:10:10::100 eq 23

permit tcp host 2001:DB8:10:10::100 any eq 23

28. Refer to the exhibit.

Considering how packets are processed on a router that is configured with ACLs, what is the correct order of the statements?






29. Which two hypervisors are suitable to support virtual machines in a data center? (Choose two.)

Virtual PC

VMware Fusion

VMware ESX/ESXi*

Oracle VM VirtualBox

Microsoft Hyper-V 2012*

30. How can DHCP spoofing attacks be mitigated?

by disabling DTP negotiations on nontrunking ports

by implementing DHCP snooping on trusted ports*

by implementing port security

by the application of the ip verify source command to untrusted ports​

31. What is a secure configuration option for remote access to a network device?

Configure SSH.*

Configure Telnet.

Configure 802.1x.

Configure an ACL and apply it to the VTY lines.

32. What action can a network administrator take to help mitigate the threat of VLAN attacks?

Disable VTP.

Configure all switch ports to be members of VLAN 1.

Disable automatic trunking negotiation.*

Enable PortFast on all switch ports.

33. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)






34. Which SNMP message type informs the network management system (NMS) immediately of certain specified events?

GET request

SET request

GET response


35. Refer to the exhibit.

A SNMP manager is using the community string of snmpenable and is configured with the IP address The SNMP manager is unable to read configuration variables on the R1 SNMP agent. What could be the problem?​

The SNMP agent is not configured for read-only access.

The community of snmpenable2 is incorrectly configured on the SNMP agent.

The ACL is not permitting access by the SNMP manager.*

The incorrect community string is configured on the SNMP manager.

36. Refer to the exhibit.

Which SNMP authentication password must be used by the member of the ADMIN group that is configured on router R1?





37. A network administrator has noticed an unusual amount of traffic being received on a switch port that is connected to a college classroom computer. Which tool would the administrator use to make the suspicious traffic available for analysis at the college data center?




DHCP snooping


38. What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?





39. Voice packets are being received in a continuous stream by an IP phone, but because of network congestion the delay between each packet varies and is causing broken conversations. What term describes the cause of this condition?





40. What mechanism compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream?

digital signal processor

playout delay buffer*

voice codec


41. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?





42. Which type of network traffic cannot be managed using congestion avoidance tools?





43. Refer to the exhibit.

As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?

traffic shaping*

weighted random early detection

classification and marking

traffic policing

44. What is the function of a QoS trust boundary?

A trust boundary identifies the location where traffic cannot be remarked.

A trust boundary identifies which devices trust the marking on packets that enter a network.*

A trust boundary only allows traffic to enter if it has previously been marked.

A trust boundary only allows traffic from trusted endpoints to enter the network.

45. Which type of QoS marking is applied to Ethernet frames?




IP precedence

46. Which pillar of the Cisco IoT System allows data to be analyzed and managed at the location where it is generated?

data analytics

fog computing*

network connectivity

application enhancement platform

47. A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?

Conduct a performance test and compare with the baseline that was established previously.*

Determine performance on the intranet by monitoring load times of company web pages from remote sites.

Interview departmental administrative assistants to determine if web pages are loading more quickly.

Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.

48. In which stage of the troubleshooting process would ownership be researched and documented?

Gather symptoms.*

Implement corrective action.

Isolate the problem.

Update the user and document the problem.

49. Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?

a less-structured approach based on an educated guess*

an approach comparing working and nonworking components to spot significant differences

a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified

an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified

50. A router has been configured to use simulated network traffic in order to monitor the network performance between the router and a distant network device. Which command would display the results of this analysis?

show ip route

show ip protocols

show ip sla statistics*

show monitor

51. Which type of tool would an administrator use to capture packets that are going to and from a particular device?

NMS tool

knowledge base

baselining tool

protocol analyzer*

52. Refer to the exhibit.

Which two statements describe the results of entering these commands? (Choose two.)

R1 will send system messages of levels 0 (emergencies) to level 4 (warnings) to a server.*

R1 will not send critical system messages to the server until the command debug all is entered.

R1 will reset all the warnings to clear the log.

R1 will output the system messages to the local RAM.

The syslog server has the IPv4 address*

53. Refer to the exhibit.

A network administrator discovers that host A is having trouble with Internet connectivity, but the server farm has full connectivity. In addition, host A has full connectivity to the server farm. What is a possible cause of this problem?

The router has an incorrect gateway.

Host A has an overlapping network address.

Host A has an incorrect default gateway configured.

Host A has an incorrect subnet mask.

NAT is required for the host A network.*

54. Match the operation to the appropriate QoS model.

55. Match the cloud model with the description.

One Response

  1. Andrey 7 May, 2018

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.