1. What is a primary difference between a company LAN and the WAN services that it uses?
The company must subscribe to an external WAN service provider.*
The company has direct control over its WAN links but not over its LAN.
Each LAN has a specified demarcation point to clearly separate access layer and distribution layer equipment.
The LAN may use a number of different network access layer standards whereas the WAN will use only one standard.
2. Which circumstance would result in an enterprise deciding to implement a corporate WAN?
when its employees become distributed across many branch locations*
when the network will span multiple buildings
when the number of employees exceeds the capacity of the LAN
when the enterprise decides to secure its corporate LAN
3.To which two layers of the OSI model do WAN technologies provide services? (Choose two.)
data link layer*
4. Which two technologies are private WAN technologies? (Choose two.)
5. Which WAN technology can switch any type of payload based on labels?
6. What technology can be used to create a private WAN via satellite communications?
7. Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?
8. A corporation is searching for an easy and low cost solution to provide teleworkers with a secure connection to headquarters. Which solution should be selected?
leased line connection
site-to-site VPN over the Internet
remote access VPN over the Internet*
9. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?
10. Refer to the exhibit.
Communication between two peers has failed. Based on the output that is shown, what is the most likely cause?
improper cable type
11. Refer to the exhibit.
Which type of Layer 2 encapsulation used for connection D requires Cisco routers?
12. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*
PPP can only be used between two Cisco devices.
PPP carries packets from several network layer protocols in LCPs.
PPP uses LCPs to establish, configure, and test the data-link connection.*
PPP uses LCPs to agree on format options such as authentication, compression, and error detection.*
13. A network administrator is configuring a PPP link with the commands:
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70
What is the effect of these commands?
The PPP link will be closed down if the link quality drops below 70 percent.*
The NCP will send a message to the sending device if the link usage reaches 70 percent.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.
The PPP link will not be established if more than 30 percent of options cannot be accepted.
14. A network administrator is evaluating authentication protocols for a PPP link. Which three factors might lead to the selection of CHAP over PAP as the authentication protocol? (Choose three.)
establishes identities with a two-way handshake
uses a three-way authentication periodically during the session to reconfirm identities*
control by the remote host of the frequency and timing of login events
transmits login information in encrypted format*
uses an unpredictable variable challenge value to prevent playback attacks*
makes authorized network administrator intervention a requirement to establish each session
15. Which cellular or mobile wireless standard is considered a fourth generation technology?
16. A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?
17. Which technology can ISPs use to periodically challenge broadband customers over DSL networks with PPPoE?
18. What are the three core components of the Cisco ACI architecture? (Choose three.)
Application Network Profile*
Application Policy Infrastructure Controller*
Cisco Nexus Switches*
Cisco Information Server
Virtual Security Gateway
19. Which statement describes a feature of site-to-site VPNs?
The VPN connection is not statically defined.
VPN client software is installed on each host.
Internal hosts send normal, unencapsulated packets.*
Individual hosts can enable and disable the VPN connection.
20. What are three features of a GRE tunnel? (Choose three.)
creates nonsecure tunnels between remote sites*
transports multiple Layer 3 protocols*
creates additional packet overhead*
uses RSA signatures to authenticate peeers
provides encryption to keep VPN traffic confidential
supports hosts as GRE tunnel endpoints by installing Cisco VPN client software
21. Refer to the exhibit.
What two commands are needed to complete the GRE tunnel configuration on router R1? (Choose two.)
R1(config-if)# tunnel source 126.96.36.199*
R1(config-if)# tunnel source 172.16.2.1
R1(config-if)# tunnel destination 188.8.131.52*
R1(config-if)# tunnel destination 172.16.2.2
R1(config-if)# tunnel source 184.108.40.206
R1(config-if)# tunnel destination 220.127.116.11
22. What does BGP use to exchange routing updates with neighbors?
group identification numbers
23. Refer to the exhibit.
The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any***
R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out*
R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out
24. Refer to the exhibit.
A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new statement to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
Manually add the new deny statement with a sequence number of 5.*
Manually add the new deny statement with a sequence number of 15.
Create a second access list denying the host and apply it to the same interface.
Add a deny any any statement to access-list 1.
25. Refer to the exhibit.
What can be determined from this output?
The ACL is missing the deny ip any any ACE.
Because there are no matches for line 10, the ACL is not working.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.*
26. What is the only type of ACL available for IPv6?
27. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*
permit tcp host 2001:DB8:10:10::100 any eq 25
permit tcp any host 2001:DB8:10:10::100 eq 23
permit tcp host 2001:DB8:10:10::100 any eq 23
28. Refer to the exhibit.
Considering how packets are processed on a router that is configured with ACLs, what is the correct order of the statements?
29. Which two hypervisors are suitable to support virtual machines in a data center? (Choose two.)
Oracle VM VirtualBox
Microsoft Hyper-V 2012*
30. How can DHCP spoofing attacks be mitigated?
by disabling DTP negotiations on nontrunking ports
by implementing DHCP snooping on trusted ports*
by implementing port security
by the application of the ip verify source command to untrusted ports
31. What is a secure configuration option for remote access to a network device?
Configure an ACL and apply it to the VTY lines.
32. What action can a network administrator take to help mitigate the threat of VLAN attacks?
Configure all switch ports to be members of VLAN 1.
Disable automatic trunking negotiation.*
Enable PortFast on all switch ports.
33. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
34. Which SNMP message type informs the network management system (NMS) immediately of certain specified events?
35. Refer to the exhibit.
A SNMP manager is using the community string of snmpenable and is configured with the IP address 172.16.10.1. The SNMP manager is unable to read configuration variables on the R1 SNMP agent. What could be the problem?
The SNMP agent is not configured for read-only access.
The community of snmpenable2 is incorrectly configured on the SNMP agent.
The ACL is not permitting access by the SNMP manager.*
The incorrect community string is configured on the SNMP manager.
36. Refer to the exhibit.
Which SNMP authentication password must be used by the member of the ADMIN group that is configured on router R1?
37. A network administrator has noticed an unusual amount of traffic being received on a switch port that is connected to a college classroom computer. Which tool would the administrator use to make the suspicious traffic available for analysis at the college data center?
38. What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?
39. Voice packets are being received in a continuous stream by an IP phone, but because of network congestion the delay between each packet varies and is causing broken conversations. What term describes the cause of this condition?
40. What mechanism compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream?
digital signal processor
playout delay buffer*
41. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?
42. Which type of network traffic cannot be managed using congestion avoidance tools?
43. Refer to the exhibit.
As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?
weighted random early detection
classification and marking
44. What is the function of a QoS trust boundary?
A trust boundary identifies the location where traffic cannot be remarked.
A trust boundary identifies which devices trust the marking on packets that enter a network.*
A trust boundary only allows traffic to enter if it has previously been marked.
A trust boundary only allows traffic from trusted endpoints to enter the network.
45. Which type of QoS marking is applied to Ethernet frames?
46. Which pillar of the Cisco IoT System allows data to be analyzed and managed at the location where it is generated?
application enhancement platform
47. A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?
Conduct a performance test and compare with the baseline that was established previously.*
Determine performance on the intranet by monitoring load times of company web pages from remote sites.
Interview departmental administrative assistants to determine if web pages are loading more quickly.
Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.
48. In which stage of the troubleshooting process would ownership be researched and documented?
Implement corrective action.
Isolate the problem.
Update the user and document the problem.
49. Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
a less-structured approach based on an educated guess*
an approach comparing working and nonworking components to spot significant differences
a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
50. A router has been configured to use simulated network traffic in order to monitor the network performance between the router and a distant network device. Which command would display the results of this analysis?
show ip route
show ip protocols
show ip sla statistics*
51. Which type of tool would an administrator use to capture packets that are going to and from a particular device?
52. Refer to the exhibit.
Which two statements describe the results of entering these commands? (Choose two.)
R1 will send system messages of levels 0 (emergencies) to level 4 (warnings) to a server.*
R1 will not send critical system messages to the server until the command debug all is entered.
R1 will reset all the warnings to clear the log.
R1 will output the system messages to the local RAM.
The syslog server has the IPv4 address 192.168.10.10.*
53. Refer to the exhibit.
A network administrator discovers that host A is having trouble with Internet connectivity, but the server farm has full connectivity. In addition, host A has full connectivity to the server farm. What is a possible cause of this problem?
The router has an incorrect gateway.
Host A has an overlapping network address.
Host A has an incorrect default gateway configured.
Host A has an incorrect subnet mask.
NAT is required for the host A network.*
54. Match the operation to the appropriate QoS model.
55. Match the cloud model with the description.