1. Which statement best describes a WAN?

A WAN interconnects LANs over long distances.*

A WAN is a public utility that enables access to the Internet.
WAN is another name for the Internet.
A WAN is a LAN that is extended to provide secure remote network access.
2. Connecting offices at different locations using the Internet can be economical for a
business. What are two important business policy issues that should be addressed when
using the Internet for this purpose? (Choose two.)
addressing
bandwidth
privacy*
security*
WAN technology
3. What is a disadvafntage of a packet-switched network compared to a circuit-switched
network?
higher cost
fixed capacity
less flexibility
higher latency*
4. A company is considering updating the campus WAN connection. Which two WAN
options are examples of the private WAN architecture? (Choose two.)
cable
leased line*
Ethernet WAN*
municipal Wi-Fi
digital subscriber line
5. Which statement describes a characteristic of dense wavelength division multiplexing
(DWDM)?
It supports the SONET standard, but not the SDH standard.
It enables bidirectional communications over one pair of copper cables.
It can be used in long-range communications, like connections between ISPs.*
It assigns incoming electrical signals to specific frequencies.
6. Which WAN technology can serve as the underlying network to carry multiple types of
network traffic such as IP, ATM, Ethernet, and DSL?
ISDN
MPLS*
Frame Relay
Ethernet WAN
7. Which two WAN technologies are more likely to be used by a business than by
teleworkers or home users? (Choose two.)
cable
DSL
Frame Relay*
MetroE*
VPN
8. The security policy in a company specifies that the staff in the sales department must
use a VPN to connect to the corporate network to access the sales data when they travel
to meet customers. What component is needed by the sales staff to establish a remote
 VPN connection?
VPN gateway
VPN appliance
VPN concentrator
VPN client software*
9. How many DS0 channels are bundled to produce a 1.544 Mbps T1 line?
2
12
24*
28
10. What function is provided by Multilink PPP?
spreading traffic across multiple physical WAN links*
dividing the bandwidth of a single link into separate time slots
enabling traffic from multiple VLANs to travel over a single Layer 2 link
creating one logical link between two LAN switches via the use of multiple physical
links
11. Refer to the exhibit. A network administrator is configuring the PPP link between the
routers R1 and R2. However, the link cannot be established. Based on the partial output
of the show running-config command, what is the cause of the problem?

The usernames do not match each other.

The usernames do not match the host names.*
The passwords for CHAP should be in lowercase.
The username r1 should be configured on the router R1 and the username r2 should
be configured on the router R2.
12. Refer to the exhibit. A network administrator has configured routers RTA and RTB,
but cannot ping from serial interface to serial interface. Which layer of the OSI model is
the most likely cause of the problem?
 application
transport
network
data link*
physical
13. What advantage does DSL have compared to cable technology?
DSL upload and download speeds are always the same.
DSL is faster.
DSL has no distance limitations.
DSL is not a shared medium.*
14. Which broadband technology would be best for a user that needs remote access when
traveling in mountains and at sea?
Wi-Fi Mesh
mobile broadband
WiMax
satellite*
15. Which technology requires the use of PPPoE to provide PPP connections to customers?
dialup analog modem
dialup ISDN modem
DSL*
T1
16. Refer to the exhibit. What is the network administrator verifying when issuing the show
ip interface brief command on R1 in respect to the PPPoE connection to R2?
 that the Dialer1 interface has been manually assigned an IP address
that the Dialer1 interface is up and up
that the Dialer1 interface has been assigned an IP address by the ISP router*
that the IP address on R1 G0/1 is in the same network range as the DSL modem
17. Which technology creates a mapping of public IP addresses for remote tunnel spokes in
a DMVPN configuration?
ARP
NHRP*
NAT
IPsec
18. What is the purpose of the generic routing encapsulation tunneling protocol?
to provide packet level encryption of IP traffic between remote sites
to manage the transportation of IP multicast and multiprotocol traffic between remote
sites*
to support basic unencrypted IP tunneling using multivendor routers between remote
sites
to provide fixed flow-control mechanisms with IP tunneling between remote sites
19. Refer to the exhibit. What is used to exchange routing information between routers
within each AS?
 static routing
IGP routing protocols*
EGP routing protocols
default routing
20. Which IPv4 address range covers all IP addresses that match the ACL filter specified
by 172.16.2.0 with wildcard mask 0.0.1.255?
172.16.2.0 to 172.16.2.255
172.16.2.1 to 172.16.3.254
172.16.2.0 to 172.16.3.255*
172.16.2.1 to 172.16.255.255
21. Refer to the exhibit. A named access list called chemistry_block has been written to
prevent users on the Chemistry Network and public Internet from access to Records
Server. All other users within the school should have access to this server. The list
contains the following statements:
deny 172.16.102.0 0.0.0.255 172.16.104.252 0.0.0.0
permit 172.16.0.0 0.0.255.255 172.16.104.252 0.0.0.0

Which command sequence will place this list to meet these requirements?
 Hera(config)# interface fa0/0
Hera(config-if)# ip access-group chemistry_block in

Hera(config)# interface s0/0/0

Hera(config-if)# ip access-group chemistry_block out

Apollo(config)# interface s0/0/0

Apollo(config-if)# ip access-group chemistry_block out

Apollo(config)# interface s0/0/1

Apollo(config-if)# ip access-group chemistry_block in

Athena(config)# interface fa0/0

Athena(config-if)# ip access-group chemistry_block out*
22. What guideline is generally followed about the placement of extended access control
lists?
They should be placed as close as possible to the source of the traffic to be denied.*
They should be placed as close as possible to the destination of the traffic to be
denied.
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
23. In the creation of an IPv6 ACL, what is the purpose of the implicit final command
entries, permit icmp any any nd-na and permit icmp any any nd-ns?
to allow IPv6 to MAC address resolution*
to allow forwarding of IPv6 multicast packets
to allow automatic address configuration
to allow forwarding of ICMPv6 packets
24. A network administrator is testing IPv6 connectivity to a web server. The network
administrator does not want any other host to connect to the web server except for the
one test computer. Which type of IPv6 ACL could be used for this situation?
only a standard ACL
 a standard or extended ACL
only an extended ACL
an extended, named, or numbered ACL
only a named ACL*
25. Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0
interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?

HTTPS packets to PC1

ICMPv6 packets that are destined to PC1*
packets that are destined to PC1 on port 80
neighbor advertisements that are received from the ISP router
26. What is a secure configuration option for remote access to a network device?
Configure SSH.*
Configure Telnet.
Configure 802.1x.
Configure an ACL and apply it to the VTY lines.
27. What protocol should be disabled to help mitigate VLAN attacks?
DTP*
STP
CDP
ARP
28. Which term describes the role of a Cisco switch in the 802.1X port-based access
control?
agent
supplicant
authenticator*
authentication server
29. What two protocols are supported on Cisco devices for AAA communications? (Choose
two.)
VTP
 LLDP
HSRP
RADIUS*
TACACS+*
30. In configuring SNMPv3, what is the purpose of creating an ACL?
to define the source traffic that is allowed to create a VPN tunnel
to define the type of traffic that is allowed on the management network
to specify the source addresses allowed to access the SNMP agent*
to define the protocols allowed to be used for authentication and encryption
31. Refer to the exhibit. What feature does an SNMP manager need in order to be able to
set a parameter on switch ACSw1?

a manager who is using an SNMP string of K44p0ut

a manager who is using an Inform Request MIB
a manager who is using host 192.168.0.5*
a manager who is using authPriv
32. Which Cisco feature sends copies of frames entering one port to a different port on the
same switch in order to perform traffic analysis?
CSA
HIPS
SPAN*
VLAN
33. What are two characteristics of video traffic? (Choose two.)
Video traffic is more resilient to loss than voice traffic is.
Video traffic is unpredictable and inconsistent.*
Video traffic latency should not exceed 400 ms.*
Video traffic requires a minimum of 30 kbs of bandwidth.
Video traffic consumes less network resources than voice traffic consumes.
34. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before
packets in other queues are sent?
CBWFQ
FIFO
LLQ*
FCFS
35. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment,
which congestion avoidance technique is used?
 traffic shaping*
weighted random early detection
classification and marking
traffic policing
36. Which type of QoS marking is applied to Ethernet frames?
CoS*
ToS
DSCP
IP precedence
37. What is the function of a QoS trust boundary?
A trust boundary identifies the location where traffic cannot be remarked.
A trust boundary identifies which devices trust the marking on packets that enter a
network.*
A trust boundary only allows traffic to enter if it has previously been marked.
A trust boundary only allows traffic from trusted endpoints to enter the network.
38. A vibration sensor on an automated production line detects an unusual condition. The
sensor communicates with a controller that automatically shuts down the line and
activates an alarm. What type of communication does this scenario represent?
machine-to-people
machine-to-machine*
people-to-people
people-to-machine
39. Which pillar of the Cisco IoT System allows data to be analyzed and managed at the
location where it is generated?
data analytics
fog computing*
network connectivity
application enhancement platform
40. Which Cloud computing service would be best for a new organization that cannot
afford physical servers and networking equipment and must purchase network services
on-demand?
PaaS
SaaS
ITaaS
IaaS*
41. A data center has recently updated a physical server to host multiple operating systems
on a single CPU. The data center can now provide each customer with a separate web
server without having to allocate an actual discrete server for each customer. What is the
 networking trend that is being implemented by the data center in this situation?
BYOD
virtualization*
maintaining communication integrity
online collaboration
42. What is used to pre-populate the adjacency table on Cisco devices that use CEF to
process packets?
the ARP table*
the routing table
the FIB
the DSP
43. What is the wildcard mask that is associated with the network 128.165.216.0/23?
0.0.0.255
0.0.1.254
0.0.1.255*
0.0.1.0
0.0.0.254
44. What two features are added in SNMPv3 to address the weaknesses of previous
versions of SNMP? (Choose two.)
encryption*
authentication*
authorization with community string priority
ACL management filtering
bulk MIB objects retrieval
45. Which component of the ACI architecture translates application policies into network
programming?
the Nexus 9000 switch
the Application Network Profile endpoints
the Application Policy Infrastructure Controller*
the hypervisor
46. Which two pieces of information should be included in a logical topology diagram of a
network? (Choose two.)
device type
OS/IOS version
connection type*
interface identifier*
cable specification
cable type and identifier
47. Which network performance statistics should be measured in order to verify SLA
compliance?
NAT translation statistics
device CPU and memory utilization
latency, jitter, and packet loss*
the number of error messages that are logged on the syslog server
48. Which feature sends simulated data across the network and measures performance
between multiple network locations?
LLDP
IP SLA*
 syslog
SPAN
49. Which troubleshooting tool would a network administrator use to check the Layer 2
header of frames that are leaving a particular host?
protocol analyzer*
baselining tool
knowledge base
CiscoView
50. Refer to the exhibit. A network administrator is troubleshooting the OSPF network.
The 10.10.0.0/16 network is not showing up in the routing table of Router1. What is the
probable cause of this problem?

The serial interface on Router2 is down.

The OSPF process is not running on Router2.
The OSPF process is configured incorrectly on Router1.
There is an incorrect wildcard mask statement for network 10.10.0.0/16 on Router2.*
51. Refer to the exhibit. A user turns on a PC after it is serviced and calls the help desk to
report that the PC seems unable to reach the Internet. The technician asks the user to
issue the arp –a and ipconfig commands. Based on the output, what are two possible
causes of the problem? (Choose two.)
 The IP configuration is incorrect.*
The network cable is unplugged.
The DNS server address is not configured.
The subnet mask is configured incorrectly.
The default gateway device cannot be contacted.*
52. Match OoS techniques with the description. (Not all options are used.)
Which circumstance would result in an enterprise deciding to implement a corporate
WAN?
when its employees become distributed across many branch locations*
when the network will span multiple buildings
when the number of employees exceeds the capacity of the LAN
when the enterprise decides to secure its corporate LAN
53. What are two types of WAN providers? (Choose two.)
DNS servers
satellite service*
web hosting service
telephone company*
Internet search engine service
54. Which two types of devices are specific to WAN environments and are not found on a
LAN? (Choose two.)
access layer switch
broadband modem*
core switch
CSU/DSU*
distribution layer router
55. What is a feature of dense wavelength-division multiplexing (DWDM) technology?
It replaces SONET and SDH technologies.
It enables bidirectional communications over one strand of fiber.*
It provides Layer 3 support for long distance data communications.
It provides a 10 Gb/s multiplexed signal over analog copper telephone lines.
56. What is a disadvantage of ATM compared to Frame Relay?
less efficient*
 lacks SVC support
does not scale well to provide high speed WAN connections
requires multiple interfaces on the edge router to support multiple VCs
57. Which WAN solution uses labels to identify the path in sending packets through a
provider network?
cable
DSL
Frame Relay
MPLS*
VSAT
58. An intercity bus company wants to offer constant Internet connectivity to the users
traveling on the buses. Which two types of WAN infrastructure would meet the
requirements? (Choose two.)
private infrastructure
public infrastructure*
dedicated
circuit-switched
cellular*
59. What device is needed at a central office to aggregate many digital subscriber lines from
customers?
CMTS
DSLAM*
CSU/DSU
access server
60. A corporation is searching for an easy and low cost solution to provide teleworkers with
a secure connection to headquarters. Which solution should be selected?
dial-up connection
leased line connection
site-to-site VPN over the Internet
remote access VPN over the Internet*
61. What is the maximum number of DS0 channels in a 1.544 Mbps T1 line?
2
12
24*
28
62. Refer to the exhibit. What type of Layer 2 encapsulation will be used for RtrA
connection D if it is left to the default and the router is a Cisco router?
 Ethernet
Frame Relay
HDLC*
PPP
63. Which two functions are provided by the NCP during a PPP connection? (Choose two.)
identifying fault conditions for the PPP link
providing multilink capabilities over the PPP link
bringing the network layer protocol or protocols up and down*
enhancing security by providing callback over PPP
negotiating options for the IP protocol*
managing authentication of the peer routers of the PPP link
64. What PPP information will be displayed if a network engineer issues the show ppp
multilink command on Cisco router?
the link LCP and NCP status
the queuing type on the link
the IP addresses of the link interfaces
the serial interfaces participating in the multilink*
65. Refer to the exhibit. Which statement describes the status of the PPP connection?

Only the link-establishment phase completed successfully.

Only the network-layer phase completed successfully.
Neither the link-establishment phase nor the network-layer phase completed
successfully.
Both the link-establishment and network-layer phase completed successfully.*
66. A network administrator is configuring a PPP link with the commands:
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70
What is the effect of these commands?
The PPP link will be closed down if the link quality drops below 70 percent.*
The NCP will send a message to the sending device if the link usage reaches 70
percent.
 The LCP establishment phase will not start until the bandwidth reaches 70 percent or
more.
The PPP link will not be established if more than 30 percent of options cannot be
accepted.
67. How does virtualization help with disaster recovery within a data center?
Power is always provided.
Less energy is consumed.
Server provisioning is faster.
Hardware does not have to be identical.*
68. Which broadband solution is appropriate for a home user who needs a wired
connection not limited by distance?
cable*
DSL
WiMax
ADSL
69. What is the protocol that provides ISPs the ability to send PPP frames over DSL
networks?
PPPoE*
CHAP
ADSL
LTE
70. In software defined network architecture, what function is removed from network
devices and performed by an SDN controller?
control plane*
data plane
security
application policies
71. What would a network administrator expect the routing table of stub router R1 to look
like if connectivity to the ISP was established via a PPPoE configuration?

192.168.1.0/32 is subnetted, 2 subnetted

C 192.168.1.1 is directly connected, Dialer1
C 192.168.1.2 is directly connected, Dialer2
S* 0.0.0.0/0 is directly connected, Dialer1

192.168.1.0/32 is subnetted, 2 subnetted

C 192.168.1.1 is directly connected, Dialer

S* 0.0.0.0/0 is directly connected, Dialer1

192.168.1.0/32 is subnetted, 2 subnetted
C 192.168.1.1 is directly connected, Dialer1
C 192.168.1.2 is directly connected, Dialer1*
72. What is a benefit of implementing a Dynamic Multipoint VPN network design?
A DMVPN will use an encrypted session and does not require IPsec.
A DMVPN uses a Layer 3 protocol, NHRP, to dynamically establish tunnels.
A DMVPN will support remote peers by providing a mapping database of public IP
addresses to each one.*
A DMVPN uses mGRE to create multiple GRE interfaces that each support a single
VPN tunnel.
73. Which remote access implementation scenario will support the use of generic routing
encapsulation tunneling?
a mobile user who connects to a router ata central site
a branch office that connects securely to a central site
a mobile user who connects to a SOHO site
a central site that connects to a SOHO site without encryption*
74. Refer to the exhibit. All routers are successfully running the BGP routing protocol.
How many routers must use EBGP in order to share routing information across the
autonomous systems?

2
3
4*
5
75. Which statement describes a characteristic of standard IPv4 ACLs?
They are configured in the interface configuration mode.
They filter traffic based on source IP addresses only.*
They can be created with a number but not with a name.
They can be configured to filter traffic based on both source IP addresses and source
ports.
76. Which three values or sets of values are included when creating an extended access
control list entry? (Choose three.)
access list number between 1 and 99
access list number between 100 and 199*
default gateway address and wildcard mask
destination address and wildcard mask*
source address and wildcard mask*
source subnet mask and wildcard mask
destination subnet mask and wildcard mask
77. Refer to the exhibit. A router has an existing ACL that permits all traffic from the
172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is shown in the
exhibit. What action can the administrator take to block packets from host 172.16.0.1
while still permitting all other traffic from the 172.16.0.0 network?
 Manually add the new deny ACE with a sequence number of 5.*
Manually add the new deny ACE with a sequence number of 15.
Create a second access list denying the host and apply it to the same interface.
Add a deny any any ACE to access-list 1.
78. Which three implicit access control entries are automatically added to the end of an
IPv6 ACL? (Choose three.)
deny ip any any
deny ipv6 any any*
permit ipv6 any any
deny icmp any any
permit icmp any any nd-ns*
permit icmp any any nd-na*
79. The computers used by the network administrators for a school are on the 10.7.0.0/27
network. Which two commands are needed at a minimum to apply an ACL that will
ensure that only devices that are used by the network administrators will be allowed
Telnet access to the routers? (Choose two.)
access-class 5 in*
access-list 5 deny any
access-list standard VTY
permit 10.7.0.0 0.0.0.127
access-list 5 permit 10.7.0.0 0.0.0.31*
ip access-group 5 out
ip access-group 5 in
80. A network administrator is adding ACLs to a new IPv6 multirouter environment.
Which IPv6 ACE is automatically added implicitly at the end of an ACL so that two
adjacent routers can discover each other?
permit ip any any
permit ip any host ip_address
permit icmp any any nd-na*
deny ip any any
81. What would be the primary reason an attacker would launch a MAC address overflow
attack?
so that the switch stops forwarding traffic
so that legitimate hosts cannot obtain a MAC address
so that the attacker can see frames that are destined for other hosts*
so that the attacker can execute arbitrary code on the switch
82. What are three of the six core components in the Cisco IoT system? (Choose three.)
fog computing*
wearable technologies
 data analytics*
robot guides
cyber and physical security*
smart bandages
83. What security countermeasure is effective for preventing CAM table overflow attacks?
port security*
DHCP snooping
IP source guard
Dynamic ARP Inspection
84. Which SNMP feature provides a solution to the main disadvantage of SNMP polling?
SNMP set messages
SNMP trap messages*
SNMP get messages
SNMP community strings
85. When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB
objects?
packet encryption
message integrity
community strings*
source validationfeatures
86. What two are added in SNMPv3 to address the weaknesses of previous versions of
SNMP? (Choose two.)
bulk MIB objects retrieval
encryption*
authorization with community string priority
authentication*
ACL management filtering
87. Which queuing mechanism supports user-defined traffic classes?
FIFO
CBWFQ*
WFQ
FCFS
88. Which field is used to mark Layer 2 Ethernet frames for QoS treatment?
Type of Service field
Traffic Class field
Priority field*
Version field
89. What is an example of cloud computing?
a continuous interaction between people, processes, data, and things
a service that offers on-demand access to shared resources*
a network infrastructure that spans a large geographic area
an architectural style of the World Wide Web
90. Which type of resources are required for a Type 1 hypervisor?
a host operating system
a server running VMware Fusion
a management console*
a dedicated VLAN
91. A network technician made a configuration change on the core router in order to solve
a problem. However, the problem is not solved. Which step should the technician take
next?
Gather symptoms.
Isolate the problem.
Restore the previous configuration.*
Implement the next possible corrective action.
92. A user reports that when the corporate web page URL is entered on a web browser, an
error message indicates that the page cannot be displayed. The help-desk technician asks
the user to enter the IP address of the web server to see if the page can be displayed.
Which troubleshooting method is being used by the technician?
top-down
bottom-up
substitution
divide-and-conquer*
93. What is a primary function of the Cisco IOS IP Service Level Agreements feature?
to detect potential network attacks
to provide network connectivity for customers
to adjust network device configurations to avoid congestion
to measure network performance and discover a network failure as early as possible*
94. Which IOS log message level indicates the highest severity level?
level 0*
level 1
level 4
level 7
95. Which symptom is an example of network issues at the network layer?
A misconfigured firewall blocks traffic to a file server.
There are too many invalid frames transmitted in the network.
Neighbor adjacency is formed with some routers, but not all routers.*
A web server cannot be reached by its domain name, but can be reached via its IP
address.
96. Refer to the exhibit. H1 can only ping H2, H3, and the Fa0/0 interface of router R1. H2
and H3 can ping H4 and H5. Why might H1 not be able to successfully ping H4 and H5?
 Router R1 does not have a route to the destination network.
Switch S1 does not have an IP address configured.
The link between router R1 and switch S2 has failed.
Host H1 does not have a default gateway configured.*
Hosts H4 and H5 are members of a different VLAN than host H1.
97. Refer to the exhibit. On the basis of the output, which two statements about network
connectivity are correct? (Choose two.)

There is connectivity between this device and the device at 192.168.100.1.*

The connectivity between these two hosts allows for videoconferencing calls.
There are 4 hops between this device and the device at 192.168.100.1.*
The average transmission time between the two hosts is 2 milliseconds.
This host does not have a default gateway configured.
98. Fill in the blanks. Use dotted decimal format.
The wildcard mask that is associated with 128.165.216.0/23 is 0.0.1.255
99. Match the characteristic to the appropriate authentication protocol. (Not all options are
used.)
100. Match the term to the description. (Not all options are used.)
101. What is a primary difference between a company LAN and the WAN services that it
uses?
The company must subscribe to an external WAN service provider.*
The company has direct control over its WAN links but not over its LAN.
Each LAN has a specified demarcation point to clearly separate access layer and
distribution layer equipment.
The LAN may use a number of different network access layer standards whereas the
WAN will use only one standard.
102. To which two layers of the OSI model do WAN technologies provide services? (Choose
two.)
network layer
session layer
physical layer*
transport layer
data link layer*
presentation layer
103. Which two technologies are private WAN technologies? (Choose two.)
cable
Frame Relay*
DSL
ATM*
cellular
104. Which WAN technology can switch any type of payload based on labels?
PSTN
DSL
MPLS*
T1/E1
105. What technology can be used to create a private WAN via satellite communications?
VPN
3G/4G cellular
dialup
VSAT*
WiMAX
106. Which public WAN access technology utilizes copper telephone lines to provide access
to subscribers that are multiplexed into a single T3 link connection?
 ISDN
DSL*
dialup
cable
107. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?
2
12
24*
28
108. Refer to the exhibit. Communication between two peers has failed. Based on the output
that is shown, what is the most likely cause?

interface reset
unplugged cable
improper cable type
PPP issue*
109. Refer to the exhibit. Which type of Layer 2 encapsulation used for connection D
requires Cisco routers?

Ethernet
PPPoE
HDLC*
PPP
110. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*
 PPP can only be used between two Cisco devices.
PPP carries packets from several network layer protocols in LCPs.
PPP uses LCPs to establish, configure, and test the data-link connection.*
PPP uses LCPs to agree on format options such as authentication, compression, and
error detection.*
111. A network administrator is evaluating authentication protocols for a PPP link. Which
three factors might lead to the selection of CHAP over PAP as the authentication
protocol? (Choose three.)
establishes identities with a two-way handshake
uses a three-way authentication periodically during the session to reconfirm identities*
control by the remote host of the frequency and timing of login events
transmits login information in encrypted format*
uses an unpredictable variable challenge value to prevent playback attacks*
makes authorized network administrator intervention a requirement to establish each
session
112. Which cellular or mobile wireless standard is considered a fourth generation
technology?
LTE*
GSM
CDMA
UMTS
113. A company is looking for the least expensive broadband solution that provides at least
10 Mb/s download speed. The company is located 5 miles from the nearest provider.
Which broadband solution would be appropriate?
satellite
DSL
WiMax
cable*
114. Which technology can ISPs use to periodically challenge broadband customers over
DSL networks with PPPoE?
PAP
CHAP*
HDLC
Frame
Relay
115. What are the three core components of the Cisco ACI architecture? (Choose three.)
Application Network Profile*
Application Policy Infrastructure Controller*
Cisco Nexus Switches*
Microsoft hypervisor
Cisco Information Server
Virtual Security Gateway
116. Which statement describes a feature of site-to-site VPNs?
The VPN connection is not statically defined.
VPN client software is installed on each host.
Internal hosts send normal, unencapsulated packets.*
Individual hosts can enable and disable the VPN connection.
117. What are three features of a GRE tunnel? (Choose three.)
creates nonsecure tunnels between remote sites*
transports multiple Layer 3 protocols*
creates additional packet overhead*
uses RSA signatures to authenticate peeers
provides encryption to keep VPN traffic confidential
supports hosts as GRE tunnel endpoints by installing Cisco VPN client software
118. Refer to the exhibit. What two commands are needed to complete the GRE tunnel
configuration on router R1? (Choose two.)

R1(config-if)# tunnel source 209.165.202.129*

R1(config-if)# tunnel source 172.16.2.1
R1(config-if)# tunnel destination 206.165.202.130*
R1(config-if)# tunnel destination 172.16.2.2
R1(config-if)# tunnel source 209.165.202.130
R1(config-if)# tunnel destination 206.165.202.129
119. What does BGP use to exchange routing updates with neighbors?
TCP connections*
area numbers
group identification numbers
hellos
120. Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25
needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a
web server that is accessible to all internal employees on networks within the 10.x.x.x
address. No other traffic should be allowed to this server. Which extended ACL would be
used to filter this traffic, and how would this ACL be applied? (Choose two.)
 access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any anyaccess-list 105 permit tcp host 10.0.54.5 any eq
www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any*
R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in

R1(config)# interface gi0/0

R1(config-if)# ip access-group 105 out*
R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out

121. Refer to the exhibit. A router has an existing ACL that permits all traffic from the
172.16.0.0 network. The administrator attempts to add a new statement to the ACL that
denies packets from host 172.16.0.1 and receives the error message that is shown in the
exhibit. What action can the administrator take to block packets from host 172.16.0.1
while still permitting all other traffic from the 172.16.0.0 network?
 Manually add the new deny statement with a sequence number of 5.*
Manually add the new deny statement with a sequence number of 15.
Create a second access list denying the host and apply it to the same interface.
Add a deny any any statement to access-list 1.
122. Refer to the exhibit. What can be determined from this output?

The ACL is missing the deny ip any any ACE.

Because there are no matches for line 10, the ACL is not working.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
The router has not had any Telnet packets from 10.35.80.22 that are destined for
10.23.77.101.*
123. What is the only type of ACL available for IPv6?
named standard
named extended*
numbered standard
numbered extended
124. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server
on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*
permit tcp host 2001:DB8:10:10::100 any eq 25
permit tcp any host 2001:DB8:10:10::100 eq 23
permit tcp host 2001:DB8:10:10::100 any eq 23
125. Refer to the exhibit. Considering how packets are processed on a router that is
configured with ACLs, what is the correct order of the statements?
 C-B-A-D
A-B-C-D
C-B-D-A*
B-A-D-C
D-A-C-B
126. Which two hypervisors are suitable to support virtual machines in a data center?
(Choose two.)
Virtual PCVMware Fusion
VMware ESX/ESXi*
Oracle VM VirtualBox
Microsoft Hyper-V 2012
127. How can DHCP spoofing attacks be mitigated?
by disabling DTP negotiations on nontrunking ports
by implementing DHCP snooping on trusted ports*
by implementing port security
by the application of the ip verify source command to untrusted ports
128. What action can a network administrator take to help mitigate the threat of VLAN
attacks?
Disable VTP.
Configure all switch ports to be members of VLAN 1.
Disable automatic trunking negotiation.*
Enable PortFast on all switch ports.
129. Which SNMP message type informs the network management system (NMS)
immediately of certain specified events?
GET request
SET request
GET response
Trap*
130. Refer to the exhibit. A SNMP manager is using the community string of snmpenable
and is configured with the IP address 172.16.10.1. The SNMP manager is unable to read
configuration variables on the R1 SNMP agent. What could be the problem?
 The SNMP agent is not configured for read-only access.
The community of snmpenable2 is incorrectly configured on the SNMP agent.
The ACL is not permitting access by the SNMP manager.*
The incorrect community string is configured on the SNMP manager.
131. Refer to the exhibit. Which SNMP authentication password must be used by the
member of the ADMIN group that is configured on router R1?

cisco54321
cisco98765
cisco123456*
cisco654321
132. A network administrator has noticed an unusual amount of traffic being received on a
switch port that is connected to a college classroom computer. Which tool would the
administrator use to make the suspicious traffic available for analysis at the college data
center?
RSPAN*
TACACS+
802.1X
 DHCP snooping
SNMP
133. What network monitoring tool copies traffic moving through one switch port, and sends
the copied traffic to another switch port for analysis?
802.1
XSNMP
SPAN*
syslog
134. Voice packets are being received in a continuous stream by an IP phone, but because of
network congestion the delay between each packet varies and is causing broken
conversations. What term describes the cause of this condition?
buffering
latency
queuing
jitter*
135. What mechanism compensates for jitter in an audio stream by buffering packets and
then replaying them outbound in a steady stream?
digital
signal
processor
playout delay buffer*
voice codecWFQ
136. Which type of network traffic cannot be managed using congestion avoidance tools?
TCP
UDP*
IP
ICMP
137. A network administrator has moved the company intranet web server from a switch
port to a dedicated router interface. How can the administrator determine how this
change has affected performance and availability on the company intranet?
Conduct a performance test and compare with the baseline that was established
previously.*
Determine performance on the intranet by monitoring load times of company web
pages from remote sites.
Interview departmental administrative assistants to determine if web pages are
loading more quickly.
Compare the hit counts on the company web server for the current week to the values
that were recorded in previous weeks.
138. In which stage of the troubleshooting process would ownership be researched and
documented?
Gather symptoms.*
Implement corrective action.
Isolate the problem.
Update the user and document the problem.
139. Which troubleshooting approach is more appropriate for a seasoned network
administrator rather than a less-experienced network administrator?
a less-structured approach based on an educated guess*
an approach comparing working and nonworking components to spot significant
 differences
a structured approach starting with the physical layer and moving up through the
layers of the OSI model until the cause of the problem is identified
an approach that starts with the end-user applications and moves down through the
layers of the OSI model until the cause of the problem has been identified
140. A router has been configured to use simulated network traffic in order to monitor the
network performance between the router and a distant network device. Which command
would display the results of this analysis?
show ip route
showip protocols
show ip sla statistics*
show monitor
141. Which type of tool would an administrator use to capture packets that are going to and
from a particular device?
NMS tool
knowledge base
baselining tool
protocol analyzer*
142. Refer to the exhibit. Which two statements describe the results of entering these
commands? (Choose two.)

R1 will send system messages of levels 0 (emergencies) to level 4 (warnings) to a server.*

R1 will not send critical system messages to the server until the command debug all is
entered.
R1 will reset all the warnings to clear the log.R1 will output the system messages to
the local RAM.
The syslog server has the IPv4 address 192.168.10.10.*
143. Refer to the exhibit. A network administrator discovers that host A is having trouble
with Internet connectivity, but the server farm has full connectivity. In addition, host A
has full connectivity to the server farm. What is a possible cause of this problem?
The router has an incorrect gateway.
Host A has an overlapping network address.
Host A has an incorrect default gateway configured.
Host A has an incorrect subnet mask.
NAT is required for the host A network.*