1. What are two benefits of network automation?

(Choose two)
 A. reduced operational costs
 C. faster changes with more reliable results
2. Which command enables a router to become a DHCP client?
 A. ip address dhcp
3. Which design element is a best practice when deploying an 802.11b
wireless infrastructure?
 C. allocating nonoverlapping channels to access points that are in
close physical proximity to one another
4. When configuring IPv6 on an interface, which two IPv6 multicast
groups are joined? (Choose two)
 D. FF02::1
 E. FF02::2
5. Which option about JSON is true?
 B. used to describe structured data that includes arrays
6. Which IPv6 address type provides communication between subnets and
cannot route on the Internet?
 B. unique local
7. Which command prevents passwords from being stored in the
configuration as plaintext on a router or switch?
 B. service password-encryption
8. What are two southbound APIs? (Choose two )
 A. OpenFlow
 B. NETCONF
9. Which set of action satisfy the requirement for multifactor
authentication?
 B. The user enters a user name and password, and then clicks a
notification in an authentication app on a mobile device.
10. Which two capacities of Cisco DNA Center make it more extensible?
(Choose two)
B. SDKs that support interaction with third-party network equipment
 D. REST APIs that allow for external applications to interact
natively with Cisco DNA Center
11. An email user has been lured into clicking a link in an email sent by their
company’s security organization. The webpage that opens reports that it
was safe but the link could have contained malicious code.
Which type of security program is in place?
 D. user awareness

12. Which type of wireless encryption is used for WPA2 in pre-shared key
mode?
 D. AES-256
 13. Which two must be met before SSH can operate normally on a Cisco IOS
switch? (Choose two)
 A. The switch must be running a k9 (crypto) IOS image.
 B. The ip domain-name command must be configured on the
switch.
14. Which type of address is the public IP address of a NAT device?
 C. inside global
15. Refer to the exhibit. Which prefix does Router 1 use for traffic to Host
A?

 D. 10.10.13.208/29
16. How does HSRP provide first hop redundancy?
 D. It uses a shared virtual MAC and a virtual IP address to a group
of routers that serve as the default gateway for hosts on a LAN.
17. In Which way does a spine-and-leaf architecture allow for scalability in a
network when additional access ports are required?
 D. A leaf switch can be added with connections to every spine
switch.
18. Which two actions are performed by the Weighted Random Early
Detection mechanism? (Choose two)
 A. It drops lower-priority packets before it drops higher-priority
packets.
 D. It can mitigate congestion by preventing the queue from filling
up.
19. A network engineer must back up 20 network router configurations
globally within a customer environment. Which protocol allows the engineer
to perform this function using the Cisco IOS MIB?
 B. SNMP
20. Refer to the exhibit. What is the effect of this configuration?

 A. The switch port interface trust state becomes untrusted.

21. A frame that enters a switch fails the Frame Check Sequence. Which two
interface counters are incremented? (Choose two)
 D. CRC
 E. input errors

22. How do TCP and UDP differ in the way that they establish a connection
between two endpoints?
 D. TCP uses the three-way handshake and UDP does not
guarantee message delivery.
 23. When OSPF learns multiple paths to a network, how does it select a
route?
 C. It divides a reference bandwidth of 100 Mbps by the actual
bandwidth of the existing interface to calculate the router with the
lowest cost.
24. Refer to the exhibit. Which password must an engineer use to enter the
enable mode?
 C. testing1234

25. Which configuration is needed to generate an RSA key for SSH on a

router?
 D. Assign a DNS domain name.
26. Which output displays a JSON data representation?

 C. Option C

27. What is the primary different between AAA authentication and

authorization?
 C. Authentication identifies and verifies a user who is attempting to
access a system, and authorization controls the tasks the user can
perform.
28. A Cisco IP phone receive untagged data traffic from an attached
PC. Which action is taken by the phone?
 A. It allows the traffic to pass through unchanged.
29. An engineer must configure a/30 subnet between two routers. Which
usable IP address and subnet mask combination meets this criteria?
 D. interface e0/0
description to HQ-A370:98968
ip address 209.165.201.2 255.255.255.252
30. What is a benefit of using a Cisco Wireless LAN Controller?
 D. It eliminates the need to configure each access point
individually.
31. What are two characteristics of a controller-based network? (Choose
two)
 B. It uses northbound and southbound APIs to communicate
between architectural layers.
 C. It moves the control plane to a central point.
32. Which attribute does a router use to select the best path when two or
more different routes to the same destination exist from two different
routing protocols?
 C. administrative distance
33. Refer to Exhibit. How does SW2 interact with other switches in this VTP
domain?

 C. It forwards only the

VTP advertisements that
it receives on its trunk
ports.

34. Which unified access point mode continues to serve wireless clients after
losing connectivity to the Cisco Wireless LAN Controller?
 C. flexconnect
35. Which two encoding methods are supported by REST APIs? (Choose
two)
 B. JSON
 E. XML
36. What are two reasons that cause late collisions to increment on an
Ethernet interface? (Choose two)
 B. when the cable length limits are exceeded
 C. when one side of the connection is configured for half-duplex
37. Router A learns the same route from two different neighbors, one of the
neighbor routers is an OSPF neighbor and the other is an EIGRP
neighbor. What is the administrative distance of the route that will be
installed in the routing table?
 B. 90
38. What is the primary effect of the spanning-tree portfast command?
 B. It minimizes spanning-tree convergence time
39. What is the default behavior of a Layer 2 switch when a frame with an
unknown destination MAC address is received?
 B. The Layer 2 switch floods packets to all ports except the
receiving port in the given VLAN.

40. Refer to the exhibit. What is the effect of this configuration?

 D. The switch discard all ingress ARP traffic with invalid MAC-to-IP
address bindings.
41. Refer to the exhibit. An engineer configured NAT translations and has
verified that the configuration is correct. Which IP address is the source IP?

 D. 172.23.104.4
42. Refer to the exhibit. Which route does R1 select for traffic that is
destined to 192 168.16.2?

 D. 192.168.16.0/27
43. Which IPv6 address block sends packets to a group address rather than
a single address?
 D. FF00::/8
44. Which two values or settings must be entered when configuring a new
WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)
 D. SSID
 E. Profile name
45. Which two actions influence the EIGRP route selection process? (Choose
two)
 B. The router calculates the best backup path to the destination
route and assigns it as the feasible successor.
 C. The router calculates the feasible distance of all paths to the
destination route.
 46. Refer to Exhibit. Which action do the switches take on the trunk link?

 B. The trunk forms but the mismatched native VLANs are merged
into a single broadcast domain.
47. Which command is used to specify the delay time in seconds for LLDP to
initialize on any interface?
 C. lldp reinit
48. An engineer configured an OSPF neighbor as a designated router.
Which state verifies the designated router is in the proper mode?
 C. Full
49. Refer to the exhibit. The show ip ospf interface command has been
executed on R1. How is OSPF configured?

 C. The default Hello and Dead timers are in use.

 50. An engineer is asked to protect unused ports that are configured in the
default VLAN on a switch. Which two steps will fulfill the request? (Choose
two)
 B. Administratively shut down the ports.
 C. Configure the port type as access and place in VLAN 99.
51. Which QoS Profile is selected in the GUI when configuring a voice over
WLAN deployment?
 B. Platinum
52. Refer to the exhibit. An engineer is bringing up a new circuit to the
MPLS provider on the Gi0/1 interface of Router1.
The new circuit uses eBGP and teams the route to VLAN25 from the BGP
path. What is the expected behavior for the traffic flow for route
10.10.13.0/25?

 D. Route 10.10.13.0/25 learned via the Gi0/0 interface remains in

the routing table
53. Which statement identifies the functionality of virtual machines?
 B. The hypervisor can virtualize physical components including
CPU, memory, and storage.
54. Refer to the exhibit. Which type of route does R1 use to reach host
10.10.13.10/32?

 D. network
route
 55. Refer to the exhibit. A network engineer must block access for all
computers on VLAN 20 to the web server via HTTP. All other computers
must be able to access the web server. Which configuration when applied to
switch A accomplishes this task?

 B. Option B

56. Two switches are connected

and using Cisco Dynamic Trunking Protocol SW1 is set to Dynamic
Desirable. What is the result of this configuration?
 D. The link becomes a trunk port.
57. Which feature on the Cisco Wireless LAN Controller when enabled
restricts management access from specific networks?
 A. CPU ACL
58. A user configured OSPF in a single area between two routers A serial
interface connecting R1 and R2 is running encapsulation PPP, by default,
which OSPF network type is seen on this interface when the user types show
ip ospf interface on R1 or R2?
 C. point-to-point
 59. Refer to the exhibit. Based on the LACP neighbor status, in which mode
is the SW1 port channel configured?

 D. active
60. A user configured OSPF and advertised the Gigabit Ethernet interface
in OSPF by default, which type of OSPF network does this interface belong
to?
 C. broadcast
61. An organization has decided to start using cloud-provided
services. Which cloud service allows the organization to install its own
operating system on a virtual machine?
 D. infrastructure-as-a-service
62. Which mode allows access points to be managed by Cisco Wireless LAN
Controllers?
 B. lightweight
63. Which command automatically generates an IPv6 address from a
specified IPv6 prefix and MAC address of an interface?
 C. ipv6 address autoconfig

64. Refer to Exhibit. An engineer is configuring the NEW York router to

reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the
primary path. Which two commands must be configured on the New York
router so that it can reach the Lo1 interface of the Atlanta router via
Washington when the link between New York and Atlanta goes down?
(Choose two)

 A. ipv6 router 2000::1/128 2012::1

 E. ipv6 router 2000::1/128 2023::3 5
 65. Refer to the exhibit. Which command provides this output?

 D. show cdp neighbor

66. Which two outcomes are predictable behaviors for HSRP? (Choose two)
 A. The two routers share a virtual IP address that is used as the
default gateway for devices on the LAN.
 B. The two routers negotiate one router as the active router and the
other as the standby router.
67. Which action is taken by a switch port enabled for PoE power
classification override?
 D. If a monitored port exceeds the maximum administrative value
for power, the port is shutdown and err disabled.
68. Which 802.11 frame type is association response?
 A. management
69. Which two tasks must be performed to configure NTP to a trusted server
in client mode on a single network device? (Choose two)
 A. Enable NTP authentication.
 D. Specify the IP address of the NTP server.
70. Refer to the exhibit. The New York router is configured with static
routes pointing to the Atlanta and Washington sites. Which two tasks must
be performed so that the Serial0/0/0
interfaces on the Atlanta and Washington
routers can reach one another? (Choose
two.)
 D. Configure the ipv6 route
2023::/126 2012::2 command on the
Atlanta router.
 E. Configure the ipv6 route
2012::/126 2023::2 command on the Washington router.
71. Which result occurs when PortFast is enabled on an interface that is
connected to another switch?
 A. Spanning tree may fail to detect a switching loop in the network
that causes broadcast storms.

72. Refer to exhibit. Which statement explains the configuration error

message that is received?
 A. It is a broadcast IP address.
73. When a floating static route is configured, which action ensures that the
backup route is used when the primary route fails?
 A. The floating static route must have a higher administrative
distance than the primary route so it is used as a backup.
74. What makes Cisco DNA Center different from traditional network
management applications and their management of networks?
 C. It abstracts policy from the actual device configuration.
75. Which network allows devices to communicate without the need to
access the Internet?
 B. 172.28.0.0/16
76. Refer to the exhibit. What does router R1 use as its OSPF router-ID?

 C. 172.16.15.10
77. Refer to the exhibit. If OSPF is running on this network, how does
Router 2 handle traffic from Site B to 10.10.13.128/25 at Site A?

 C. It cannot send packets to 10.10.13.128/25.

78. When a site-to-site VPN is used, which protocol is responsible for the
transport of user
data?
 C. IPsec

79. Refer to the

exhibit. An
 extended ACL has been configured and applied to router R2 The
configuration started to work as intended.Which two changes stop outbound
traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet
while still allowing all other traffic? (Choose two)
 B. Add a “permit ip any any” statement at the end of ACL 101 for
allowed traffic.
 C. The source and destination IPs must be swapped in ACL 101.
80. Which mode must be used to configure EtherChannel between two
switches without using a negotiation protocol?
 A. on
81. A router running EIGRP has learned the same route from two different
paths. Which parameter does the router use to select the best path?
 C. metric
82. R1 has learned route 192.168.12.0/24 via IS-IS. OSPF, RIP. and Internal
EIGRP Under normal operating conditions, which routing protocol is
installed in the routing table?
 C. Internal EIGRP

83. Which MAC address is recognized as a VRRP virtual address?

 A. 0000.5E00.010a
84. Which statement correctly compares traditional networks and
controller-based networks?
 D. Only controller-based networks decouple the control plane and
the data plane.
85. If a notice-level messaging is sent to a syslog server, which event has
occurred?
 C. A routing instance has flapped.
86. Refer to the exhibit. With which metric was the route to host
172.16.0.202 learned?
 C. 38443
87. Refer to the exhibit. If configuring a static default route on the router
with the ip
route 0.0.0.0
0.0.0.0
10.13.0.1 120
command,
how does the
router
respond?
 A. It ignores the new static route until the existing OSPF default
route is removed.
88. Refer to the Exhibit. After the switch configuration the ping test fails
between PC A and PC B
Based on the output for
switch 1. Which error
must be corrected?
 A. There is a
native VLAN
mismatch.

89. An engineer must configure a WLAN using the strongest encryption type
for WPA2-PSK. Which cipher fulfills the configuration requirement?
 C. AES
90. Which statement about Link Aggregation when implemented on a Cisco
Wireless LAN Controller is true?
 D. One functional physical port is needed to pass client traffic.
91. When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN
Controller GUI, which two formats are available to select? (Choose two)
 A. ASCII
 E. hexadecimal
 92. Which API is used in controller-based architectures to interact with edge
devices?
 D. southbound
93. Refer to the exhibit. A network administrator is configuring an
EtherChannel between
SW1 and SW2. The SW1
configuration is
shown. What is the correct
configuration for SW2?
 C. interface
FastEthernet 0/1
channel-group 1 mode
desirable
switchport trunk
encapsulation dot1q
switchport mode trunk
interface FastEthernet
0/2 channel-group 1 mode desirable
switchport trunk encapsulation dot1q switchport mode trunk

94. Refer to the exhibit. A frame on VLAN 1 on switch S1 is sent to switch

S2 where the frame is
received on VLAN 2. What
causes this behavior?
 C. native VLAN
mismatches

95. What are two

enhancements that OSPFv3 supports over OSPFV2? (Choose two.)
 B. It can support multiple IPv6 subnets on a single link.
 D. It routes over links rather than over networks.
96. Which option is a valid IPv6 address?
 D. 2004:1:25A4:886F::1
97. Which three are characteristics of an IPv6 anycast address? (Choose
three.)
 B. one-to-nearest communication model
 E. the same address for multiple devices in the group
 F. delivery of packets to the group interface that is closest to the
sending device
98. Which two statements describe characteristics of IPv6 unicast
addressing? (Choose two.)
 A. Global addresses start with 2000::/3.
 D. There is only one loopback address and it is ::1.
99. What is the alternative notation for the IPv6 address
B514:82C3:0000:0000:0029:EC7A:0000:EC72?
 D. B514 : 82C3 :: 0029 : EC7A : 0 : EC72
100. Which IPv6 address is valid?
 D. 2031:0:130F::9C0:876A:130B
101. Which two are features of IPv6? (Choose two.)
 A. anycast
 C. multicast
102. Which command enables IPv6 forwarding on a Cisco router?
 C. ipv6 unicast-routing
103. Which IPv6 address is the equivalent of the IPv4 interface loopback
address 127.0.0.1?
 A. : :1
104. In which two formats can the IPv6 address
fd15:0db8:0000:0000:0700:0003:400F:572B be written? (Choose two.)
 A. fd15:0db8:0000:0000:700:3:400F:527B
 E. fd15:db8::700:3:400F:572B
105. Refer to the exhibit. The MAC address table is shown in its entirety.
The Ethernet frame that is shown arrives at
the switch. What two operations will the
switch perform when it receives this frame?
(Choose two.)
 D. The frame will be forwarded out of
all the active switch ports except for port
fa0/0.
 E. The MAC address of
0000.00aa.aaaa will be added to the
MAC Address Table.

106. Refer to the exhibit. Which switch in this configuration becomes the
root bridge?
 C.
SW3
 107. Refer to the exhibit. Which two statements are true about the loopback
address that is configured on RouterB? (Choose two.)

 B. It provides
stability for the
OSPF process on
RouterB.
 C. It specifies
that the router ID
for RouterB
should be
10.0.0.1.

108. Refer to the exhibit. Which two statements about the interface that
generated the output are true? (Choose two.)
 C. The interface is
error-disabled.
 D. The interface
dynamically learned
two secure MAC
addresses.

109. Refer to the exhibit. Which two statements about the interface that
generated the output are true? (Choose two.)

 A. learned MAC
addresses are deleted
after five minutes of
inactivity
 C. it has dynamically
learned two secure MAC
addresses
 110. Refer to the exhibit. Which two events occur on the interface, if packets
from an
unknown Source
address arrive
after the
interface learns
the maximum
number of secure
MAC address?
(Choose two.)
 A. The
security
violation counter dose not increment
 E. The interface drops traffic from unknown MAC address
111. Refer to the exhibit. Which two statements about the network
environment of router R1 must be true? (Choose two.)
 A. there are 20 different network masks within the 10.0.0.0/8
network
 C. Ten routes are equally load-balanced between Te0/1/0.100 and
Te0/2/0.100

112. Refer to the exhibit. Which

statement about the
interface that
generated the output
is true?
 C. One
secure MAC
address is
manually
configured on the
interface.
 113. Refer to the exhibit. When PC 1 sends a packet to PC2,the packet has.
Which source and destination
IP address when it arrives at
interface Gi0/0 on router R2?
 C. source
192.168.10.10 and
destination 192.168.20.10

114. Refer to the exhibit Users in your office are complaining that they
cannot connect to the severs at a remote site. When troubleshooting, you
find that you can successfully reach the severs from router R2. What is the
most likely reason that the other users are experiencing connection failure?

 D. VLSM is misconfigured between the router interface and the

DHCP pool.
115. After you deploy a new WLAN controller on your network, which two
additional tasks should you consider? (Choose two)
 A. deploy load balancers
 E. configure additional security policies
 116. Refer to the exhibit. The default-information originate command is
configured under the R1 OSPF configuration. After testing, workstations on
VLAN 20 at Site B cannot reach a DNS server on the Internet.
Which action corrects the configuration issue?

 C. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on

R1.
117. Which of the following is the JSON encoding of a dictionary or hash?
 A. {“key”:”value”}
118. Which option best describes an API?
 A. A contract that describes how various components communicate
and exchange data with each other.
119. Which command verifies whether any IPv6 ACLs are configured on a
router?
 C. show ipv6 access-list
120. Which command can you enter to allow Telnet to be supported in
addition to SSH?
 A. transport input telnet ssh
121. AAA stands for authentication, authorization, and accounting
 B. True
122. What will happen if you configure the logging trap debug command on
a router?
 C. It causes the router to send all messages to the syslog server
123. Which Cisco IOS command will indicate that interface Gigabit
Ethernet 0/0 is configured via DHCP?
 D. show ip interface GigabitEthernet 0/0
124. Which statement about the nature of NAT overload is true?
 A. applies a one-to-many relationship to internal IP addresses
125. Which command is used to configure an IPv6 static default route?
 A. ipv6 route ::/0 interface next-hop5
126. Which statement about static and dynamic routes is true?
 B. Static routes are manually configured by a network
administrator, while dynamic routes are automatically learned and
adjusted by a routing protocol.
127. What is the purpose of the show ip ospf interface command?
 A. displaying OSPF-related interface information
128. How can the Cisco Discovery Protocol be used?
 D. all of the above
129. How does STP prevent forwarding loops at OSI Layer 2?
 D. Port blocking
130. Which two statements about EtherChannel technology are true?
(Choose two.)
 A. EtherChannel provides increased bandwidth by bundling existing
FastEthernet or Gigabit Ethernet interfaces into a single EtherChannel.
 E. EtherChannel allows redundancy in case one or more links in
the EtherChannel fail.
131. Which three statements about MAC addresses are correct? (Choose
three.)
 A. To communicate with other devices on a network, a network
device must have a unique MAC address.
 D. A MAC address contains two main components, the first of
which identifies the manufacturer of the hardware and the second of
which uniquely identifies the hardware.
 E. An example of a MAC address is 0A:26:B8:D6:65:90.
132. Which three statements about network characteristics are true?
(Choose three.)
 A. Speed is a measure of the data rate in bits per second of a given
link in the network.
 D. Availability is a measure of the probability that the network will
be available for use when it is required.
 E. Reliability indicates the dependability of the components that
make up the network.
133. Which two statements about the purpose of the OSI model are
accurate? (Choose two.)
 A. Defines the network functions that occur at each layer
 B. Facilitates an understanding of how information travels
throughout a network
 134. You have two paths for the 10.10.10.0 network – one that has a feasible
distance of 3072 and the other of 6144. What do you need to do to load
balance your EIGRP routes?
 B. Change the configuration so they both have the same feasible
distance
 C. Change the variance for the path that has a feasible distance of
3072 to 2

135. Which of the following dynamic routing protocols are Distance Vector
routing protocols?
 B. EIGRP
 E. RIP
136. Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to
which IP address does it send the packet? 

 A. 192.168.14.4
137. Which two VLAN IDs indicate a default VLAN? (Choose two.)
 B. 1
 C. 1005
 D. 1006
 E. 4096
138. Refer to the exhibit. If RTR01 is configured as shown, which three
addresses will be received by other routers that are running EIGRP on the
network? (Choose three)
 A. 192.168.2.0
 C. 10.0.0.0
 D. 172.16.0.0

139. Which two options are the best reasons to use an IPV4 private IP
space?(choose two)
 A. to enable intra-enterprise communication
 D. to conserve global address space
140. Which technique can you use to route IPv6 traffic over an IPv4
infrastructure?
 B. 6to4 tunneling
141. Which three describe the reasons large OSPF networks use a
hierarchical design? (Choose Three)
 A. to speed up convergence
 B. to reduce routing overhead
 E. to confine network instability to single areas of the network.
142. Which statements describe the routing protocol OSPF? (Choose three.)
 A. It supports VLSM.
 C. It confines network instability to one area of the network.
 E. It allows extensive control of routing updates.
 F. It is simpler to configure than RIP v2.
143. Which command should you enter to view the error log in an EIGRP
for IPv6 environment?
 D. show ipv6 eigrp events
144. Which component of an Ethernet frame is used to notify a host that
traffic is coming?
 C. preamble
145. Which command must you enter to guarantee that an HSRP router
with higher priority becomes the HSRP primary router after it is reloaded?
 A. standby 10 preempt
146. Which configuration command can u apply to a HSRP router so that its
local interface becomes active if all other routers in the group fail?
 A. no additional config is required
147. You are configuring your edge routers interface with a public IP
address for Internet connectivity.
The router needs to obtain the IP address from the service provider
dynamically. Which command is needed on interface FastEthernet 0/0 to
accomplish this?
 D. ip address dhcp
148. Which type does a port become when it receives the best BPDU on a
bridge?
 D. The root port
149. Which two command sequences must you configure on a switch to
establish a Layer 3 EtherChannel with an open-standard protocol? (Choose
two.)
B. interface GigabitEthernet0/0/1
channel-group 10 mode active
E. interface port-channel 10
no switchport
ip address 172.16.0.1.255.255.255.0
150. Which statement about VLAN configuration is true?
 A. The switch must be in VTP server or transparent mode before
you can configure a VLAN
151. Refer to the exhibit. After you apply the given configuration to arouter,
the DHCP clients behind the device connot communicate with hosts outside
of their subnet. Which action is most likely to correct the problem?

 D. configure the default gateway

152. Refer to the exhibit. How will the router handle a packet destined for
192.0.2.156?
 C. The router will forward the packet via Serial2.
153. Which unified access point mode continues to serve wireless clients
after losing connectivity to the Cisco Wireless LAN Controller?
 C. flexconnect

154. Refer to exhibit. What Administrative distance has route to

192.168.10.1 ?

 B. 90
155. Refer to the exhibit. Which command would you use to configure a
static route on Router1 to network 192.168.202.0/24 with a nondefault
administrative distance?
 B. router1(config)#ip route 192.168.202.0 255.255.255.0
192.168.201.2 5
156. Which feature or protocol is required for an IP SLA to measure UDP
jitter?
 D. NTP

157. Which effete does the aaa new-model configuration command have?
 A. It enables AAA services on the device
158. Refer to the exhibit. How will switch SW2 handle traffic from VLAN 10
on SW1?

 B. It sends the traffic to VLAN 100.

159. Which two commands can you use to configure an actively negotiate
EtherChannel? (Choose two)
 D. channel-group 10 mode desirable
 E. channel-group 10 mode active
 160. What is the binary pattern of unique ipv6 unique local address?
 B. 11111100
161. Which two statements about exterior routing protocols are true?
(Choose two.)
 B. They determine the optimal path between autonomous systems.
 C. BGP is the current standard exterior routing protocol.
162. What is the destination MAC address of a broadcast frame?
 B. ff:ff:ff:ff:ff:ff
163. You have configured a router with an OSPF router ID, but its IP
address still reflects the physical interface. Which action can you take to
correct the problem in the least disruptive way?
 A. Reload the OSPF process.
164. Which two statements about VTP are true? (Choose two.)
 A. All switches must be configured with the same VTP domain
name
 E. All switches must use the same VTP version.
165. Which two pieces of information about a Cisco device can Cisco
Discovery Protocol communicate? (Choose two.)
 A. the native VLAN
 C. the VTP domain
166. Refer to the exhibit. On R1 which routing protocol is in use on the route
to 192.168.10.1?

 D. EIGRP
167. Refer to the exhibit. Which VLAN ID is associated with the default
VLAN in the given environment?
 A. VLAN 1
168. Which two circumstances can prevent two routers from establishing an
OSPF neighbor adjacency? (Choose two.)
 D. mismatched hello timers and dead timers
 E. use of the same router ID on both devices

169. Which two statements about eBGP neighbor relationships are true?

(Choose two)
 A. The two devices must reside in different autonomous systems
 B. Neighbors must be specifically declared in the configuration of
each device
170. Which two pieces of information can you determine from the output of
the show ntp status command? (Choose two)
 B. the IP address of the peer to which the clock is synchronized
 D. whether the clock is synchronized

171. Which keyword in a NAT configuration enables the use of one outside
IP address for multiple inside hosts?
 D. overload
172. Which two pieces of information can you learn by viewing the routing
table? (Choose two)
 C. whether the administrative distance was manually or
dynamically configured
 E. the length of time that a route has been known
173. Which NAT term is defined as a group of addresses available for NAT
use?
 A. NAT pool
174. Which command is used to enable LLDP globally on a Cisco IOS ISR?
 A. lldp run

175. Refer to the exhibit. After you apply the give configurations to R1 and
R2 you notice that OSPFv3 fails to start. Which reason for the problem is
most likely true ?

 A. The area numbers on R1 and R2 are mismatched

 176. Which command must be entered when a device is configured as an
NTP server?
 D. ntp master
177. Which feature or protocol determines whether the QOS on the network
is sufficient to support IP services?
 C. IP SLA
178. Refer to the exhibit. Which feature is enabled by this configuration?

 C. a dynamic NAT address pool

179. In a CDP environment, what happens when the CDP interface on an
adjacent device is configured without an IP address?
 C. CDP operates normally,but it cannot provide IP address
information for that neighbor
180. Which two statements about NTP operations are true? (Choose two.)
 A. NTP uses UDP over IP.
 B. Cisco routers can act as both NTP authoritative servers and
NTP clients.
181. Which command should you enter to configure an LLDP delay time of
5 seconds?
 D. lldp reinit 5
182. Which value is used to determine the active router in an HSRP default
configuration?
 B. Router IP address
183. Which statement about Cisco Discovery Protocol is true?
 A. It is a Cisco-proprietary protocol.
184. Which value can you modify to configure a specific interface as the
preferred forwarding interface?
 B. The port priority
185. When configuring an EtherChannel bundle, which mode enables LACP
only if a LACP device is detected?
 A. Passive
186. Which command should you enter to verify the priority of a router in
an HSRP group?
 D. show standby
 187. Refer to the exhibit. Which Command do you enter so that R1
advertises the loopback0 interface to the BGP Peers?

 A. Network 172.16.1.32 mask 255.255.255.224

 188. For what two purposes does the Ethernet protocol use physical
addresses?
 A. to uniquely identify devices at Layer 2
 E. to allow communication between different devices on the same
network
189. Which command is used to display the collection of OSPF link states?
 D. show ip ospf database
190. Refer to the exhibit. C-router is to be used as a “router-on-a-stick” to
route between the VLANs. All the interfaces have been properly configured
and IP routing is operational. The hosts in the VLANs have been configured
with the appropriate default gateway. What is true about this configuration?

 D. No further routing configuration is required.

191. A user configured OSPF in a single area between two routers A serial
interface connecting R1 and R2 is running encapsulation PPP. By default
which OSPF network type is seen on this interface when the user types show
ip ospf interface on R1 or R2?
 C. point-to-point
192. Refer to the exhibit. Which address and mask combination represents a
summary of the routes learned by EIGRP?
 C. 192.168.25.16 255.255.255.240
193. Refer to the exhibit. A network associate has configured OSPF with the
command:
City(config-router)# network 192.168.12.64 0.0.0.63
area 0.

After completing the configuration, the associate discovers that not all the
interfaces are participating in OSPF. Which three of the interfaces shown in
the exhibit will participate in OSPF according to this configuration
statement? (Choose three.)

 B. FastEthernet0 /1
 C. Serial0/0
 D. Serial0/1.102
194. A network administrator is troubleshooting the OSPF configuration of
routers R1 and R2. The routers cannot establish an adjacency relationship
on their common Ethernet link. The graphic shows the output of the show ip
ospf interface e0 command for routers R1 and R2. Based on the information
in the graphic, what is the cause of this problem?
 D. The hello and dead timers are not configured properly.
195. Refer to the graphic. R1 is unable to establish an OSPF neighbor
relationship with R3. What are possible reasons for this problem? (Choose
two.)

 D. The hello and dead interval timers are not set to the same
values on R1 and R3.
 F. R1 and R3 are configured in different areas.

196. Refer to the exhibit. Given the output for this command, if the router
ID has not been manually set, what router ID will OSPF use for this router?

 C. 172.16.5.1
197. Refer to the exhibit. When running EIGRP, what is required for
RouterA to exchange routing updates with RouterC?
 A. AS numbers must be changed to match on all the routers
198. Refer to the exhibit. Which rule does the DHCP server use when there
is an IP address conflict?

 A. The address is removed from the pool until the conflict is

resolved.

199. Refer to the exhibit. A network technician is asked to design a small

network with redundancy. The exhibit represents this design, with all hosts
configured in the same VLAN. What conclusions can be made about this
design?
 C. The router will not accept the addressing scheme.
200. What benefit does controller-based networking provide versus
traditional networking?
 C. allows configuration and monitoring of the network from one
centralized point
201. A network engineer must create a diagram of a multivendor network.
Which command must be configured on the Cisco devices so that the
topology of the network can be mapped?
 A. Device(Config)#lldp run
202. What are two descriptions of three-tier network topologies? (Choose
two)
 C. The network core is designed to maintain continuous
connectivity when devices fail.
 E. The distribution layer runs Layer 2 and Layer 3 technologies
203. What is the expected outcome when an EUI-64 address is generated?
 A. The seventh bit of the original MAC address of the interface is
inverted
204. Which function does an SNMP agent perform?
 A. it sends information about MIB variables in response to requests
from the NMS
205. R1 has learned route 10.10.10.0/24 via numerous routing protocols.
Which route is installed?
 D. route with the lowest administrative distance
206. What is a characteristic of spine-and-leaf architecture?
 A. Each device is separated by the same number of hops
207. Which action must be taken to assign a global unicast IPv6 address on
an interface that is derived from the MAC address of that interface?
 B. enable SLAAC on an interface
208. Refer to the exhibit. Router R1 is running three different routing
protocols. Which route characteristic is used by the router to forward the
 packet that it receives for destination IP 172.16.32.1?

 A. longest prefix
209. Router R1 must send all traffic without a matching routing-table entry
to 192.168.1.1. Which configuration accomplishes this task?
C. R1# config t
R1(config)# ip routing
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
210. Which WPA3 enhancement protects against hackers viewing traffic on
the Wi-Fi network?
 D. SAE encryption

211. Refer to the exhibit. An engineer is bringing up a new circuit to the

MPLS provider on the Gi0/1 interface of Router1.The new circuit uses
eBGP and teams the route to VLAN25 from the BGP path. What is the
expected behavior for the traffic flow for route 10.10.13.0/25?
 B. Route 10.10.13.0/25 is updated in the routing table as being
learned from interface Gi0/1.
212. Refer to the exhibit. How does router R1 handle traffic to
192.168.10.16?

 D. It selects the RIP route because it has the longest prefix

inclusive of the destination address.

213. Refer to the exhibit.

 Which two commands were used to create port channel 10? (Choose two )

 A. Option A
 C. Option C
214. What is a difference between RADIUS and TACACS+?
 C. TACACS+ separates authentication and authorization, and
RADIUS merges them
215. Refer to the exhibit. How does the router manage traffic to
192.168.12.16?

 A. It selects the RIP route because it has the longest prefix

inclusive of the destination address.

216. What is an advantage of Cisco DNA Center versus traditional campus

device management?
 A. It supports numerous extensibility options including cross-
domain adapters and third-party SDKs.
 217. While examining excessive traffic on the network, it is noted that all
incoming packets on an interface appear to be allowed even though an IPv4
ACL is applied to the interface. Which two misconfigurations cause this
behavior? (Choose two)
 B. A matching permit statement is too high in the access test
 C. A matching permit statement is too broadly defined
218. How do traditional campus device management and Cisco DNA Center
device management differ in regards to deployment?
 A. Cisco DNA Center device management can deploy a network
more quickly than traditional campus device management
219. How do AAA operations compare regarding user identification, user
services and access control?
 B. Authentication identifies users and accounting tracks user
services
220. What is a difference between local AP mode and FlexConnect AP
mode?
 A. Local AP mode creates two CAPWAP tunnels per AP to the
WLC
221. Which function does the range of private IPv4 addresses perform?
 A. allows multiple companies to each use the same addresses
without conflicts
222. What event has occurred if a router sends a notice level message to a
syslog server?
 C. An interface line has changed status
223. Refer to the exhibit. An administrator configures four switches for local
authentication using passwords that are stored in a cryptographic hash. The
four switches must also support SSH access for administrators to manage
the network infrastructure. Which switch is configured correctly to meet
these requirements?

 C. SW3
224. What are two fundamentals of virtualization? (choose two)
 B. It allows logical network devices to move traffic between virtual
machines and the rest of the physical network
 C. It allows multiple operating systems and applications to run
independently on one physical server.
225. Refer to the exhibit. What two conclusions should be made about this
configuration? (Choose two )

 C. The spanning-tree mode is Rapid PVST+

 E. The root port is FastEthernet 2/1
226. Refer to the exhibit. A router reserved these five routes from different
routing information sources. Which two routes does the router install in its
routing table? (Choose two)

 C. OSPF route 10.0.0.0/30

 D. EIGRP route 10.0.0.1/32

227. Refer to the exhibit. The network administrator wants VLAN 67 traffic
to be untagged between Switch 1 and Switch 2 while all other VLANs are to
remain tagged. Which command accomplishes this task?
 D. switchport trunk native vlan 67
228. What are two differences between optical-fiber cabling and copper
cabling? (Choose two)
 A. Light is transmitted through the core of the fiber
 C. The glass core component is encased in a cladding
229. Which two minimum parameters must be configured on an active
interface to enable OSPFv2 to operate? (Choose two)
 A. OSPF area
 D. OSPf process ID

230. Refer to the exhibit. Refer to the exhibit. After the configuration is
applied, the two routers fail to establish an OSPF neighbor relationship.
what is the reason for the problem?
 B. Router2 is using the default hello timer.
231. How do TCP and UDP differ in the way they provide reliability for
delivery of packets?
 C. TCP provides flow control to avoid overwhelming a receiver by
sending too many packets at once, UDP sends packets to the receiver
in a continuous stream without checking for sequencing
232. A packet is destined for 10.10.1.22. Which static route does the router
choose to forward the packet?
 C. ip route 10.10.1.20 255.255.255.252 10.10.255.1

233. Refer to the exhibit. Router R1 Fa0/0 cannot ping router R3 Fa0/1.
Which action must be taken in router R1 to help resolve the configuration
issue?
 D. configure a static route with 10.10.10.2 as the next hop to reach
the 20.20.20.0/24 network
234. Refer to the exhibit. Refer to the exhibit. An engineer must add a
subnet for a new office that will add 20 users to the network. Which IPv4
network and subnet mask combination does the engineer assign to minimize
wasting addresses?

 D. 10.10.225.32 255.255.255.224
235. A corporate office uses four floors in a building
* Floor 1 has 24 users
* Floor 2 has 29 users
* Floor 3 has 28 users
* Floor 4 has 22 users
Which subnet summarizes and gives the most efficient distribution of IP
addresses for the router configuration?
 D. 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor
236. By default, how Does EIGRP determine the metric of a route for the
routing table?
 A. it uses the bandwidth and delay values of the path to calculate
the route metric
237. Refer to the exhibit. Which configuration issue is preventing the OSPF
neighbor relationship from being established between the two routers?
 D. R1 interface Gi1/0 has a larger MTU size
238. What are two roles of the Dynamic Host Configuration Protocol
(DHCP)? (Choose two)
 A. The DHCP server offers the ability to exclude specific IP
addresses from a pool of IP addresses
 D. The DHCP server leases client IP addresses dynamically.
239. How does CAPWAP communicate between an access point in local
mode and a WLC?
 D. The access point has the ability to link to any switch in the
network, assuming connectivity to the WLC

240. Refer to the exhibit. Which action is expected from SW1 when the
untagged frame is received on the GigabitEthernet0/1 interface?
 A. The frame is processed in VLAN 5.
241. What are two reasons for an engineer to configure a floating state
route? (Choose two)
 A. to automatically route traffic on a secondary path when the
primary path goes down
 C. to enable fallback static routing when the dynamic routing
protocol fails
242. Refer to the exhibit. Which route type is configured to reach the
internet?

 C. default route
243. How does Cisco DNA Center gather data from the network?
 A. Network devices use different services like SNMP, syslog, and
streaming telemetry to send data to the controller
244. What is the difference regarding reliability and communication type
between TCP and UDP?
 A. TCP is reliable and is a connection-oriented protocol; UDP is not
reliable and is a connectionless protocol
 245. Several new coverage cells are required to improve the Wi-Fi network
of an organization. Which two standard designs are recommended? (Choose
two.)
 C. Cells that overlap one another are configured to use
nonoverlapping channels.
 E. For maximum throughput, the WLC is configured to dynamically
set adjacent access points to the channel.
246. The service password-encryption command is entered on a router.
What is the effect of this configuration?
 A. restricts unauthorized users from viewing clear-text passwords in
the running configuration
247. Which type of ipv6 address is publicly routable in the same way as ipv4
public addresses?
 D. global unicast
248. Which two statements are true about the command ip route 172.16.3.0
255.255.255.0 192.168.2.4? (Choose two.)
 A. It establishes a static route to the 172.16.3.0 network.
 E. It uses the default administrative distance.
249. Which three statements are typical characteristics of VLAN
arrangements? (Choose three.)
 B. Connectivity between VLANs requires a Layer 3 device.
 D. Each VLAN uses a separate address space.
 E. A switch maintains a separate bridging table for each VLAN.
250. Refer to the exhibit. To which device does Router1 send packets that
are destined to host 10.10.13.165?
 B. Router3
251. Refer to the exhibit. Which two commands were used to create port
channel 10? (Choose two.)

A. int range g0/0-1

channel-group 10 mode active
C. int range g0/0-1
channel-group 10 mode passive
252. What are two requirements for an HSRP group? (Choose two.)
 A. exactly one active router
 B. one or more standby routers

253. What occurs to frames during the process of frame flooding?

 C. Frames are sent to every port on the switch in the same VLAN
except from the originating port.
254. If all OSPF routers in a single area are configured with the same
priority value, what value does a router use for the OSPF router ID in the
absence of a loopback interface?
 C. the highest IP address among its active interfaces
255. Which IPv6 address block forwards packets to a multicast address
rather than a unicast address?
 D. FF00::/12
256. The OSPF Hello protocol performs which of the following tasks?
(Choose two.)
 C. It provides dynamic neighbor discovery.
 F. It maintains neighbor relationships
Correct Answer: CF
257. What are two benefits of using VTP in a switching environment?
(Choose two.)
 C. It maintains VLAN consistency across a switched network.
 E. It allows VLAN information to be automatically propagated
throughout the switching environment.
258. Which purpose does a northbound API serve in a controller-based
networking architecture?
 D. facilitates communication between the controller and the
applications
 Correct Answer: D
259. The OSPF Hello protocol performs which of the following tasks?
(Choose two.)
 A. It provides dynamic neighbor discovery.
 C. It maintains neighbor relationships.
260. What are two reasons a network administrator would use CDP?
(Choose two.)
 D. to verify Layer 2 connectivity between two devices when Layer 3
fails
 E. to obtain the IP address of a connected device in order to telnet
to the Device

261. Refer to the exhibit. An administrator is tasked with configuring a voice

VLAN. What is the expected outcome when a Cisco phone is connected to
the GigabitEthernet 3/1/4 port on a switch?

 B. The phone sends and receives data in VLAN 50, but a

workstation connected to the phone sends and receives data in VLAN
1.
262. Refer to the exhibit. An engineer deploys a topology in which R1
obtains its IP configuration from DHCP. If the switch and DHCP server
configurations are complete and correct. Which two sets of commands must
be configured on R1 and R2 to complete the task? (Choose two)

B.
R2(config)# interface gi0/0
R2(config-if)# ip helper-address 198.51.100.100
 C.
R1(config)# interface fa0/0
R1(config-if)# ip address dhcp
R1(config-if)# no shutdown
263. Refer to the exhibit. What commands are needed to add a subinterface
to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?

B.
R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
264. On a corporate network, hosts on the same VLAN can communicate
with each other, but they are unable to communicate with hosts on different
VLANs. What is needed to allow communication between the VLANs?
 A. a router with subinterfaces configured on the physical interface
that is connected to the switch
265. Which command can you enter to determine the addresses that have
been assigned on a DHCP Server?
 C. Show ip DHCP binding.
266. Refer to the exhibit. If the network environment is operating normally,
which type of device must be connected to interface FastEthernet 0/1?

 C. router
267. Refer to the exhibit. Which configuration on RTR-1 denies SSH access
from PC-1 to any RTR-1 interface and allows all other traffic?
 B.
access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
line vty 0 15
access-class 100 in
268. Which function dose the range of private IPv4 addresses perform?
 A. allow multiple companies to each use the same address without
conflicts
269. Which type of API would be used to allow authorized salespeople of an
organization access to internal sales data from their mobile devices?
 D. private
270. What is a characteristic of the REST API?
 D. most widely used API for web services
271. What is the name of the layer in the Cisco borderless switched network
design that is considered to be the backbone used for high-speed
connectivity and fault isolation?
 C. core
272. Refer to the exhibit. An administrator configures the following ACL in
order to prevent devices on the 192.168.1.0 subnet from accessing the server
at 10.1.1.5:
access-list 100 deny ip 192.168.1.0 0.0.0.255 host
10.1.1.5

access-list 100 permit ip any any

 Where should the administrator place this ACL for the most efficient use of
network resources?
 A. inbound on router A Fa0/0
273. Which step in the link-state routing process is described by a router
sending Hello packets out all of the OSPF-enabled interfaces?
 B. establishing neighbor adjacencies

274. Refer to the exhibit. Router R1 is configured with static NAT.

Addressing on the router and the web server are correctly configured, but
there is no connectivity between the web server and users on the Internet.
What is a possible reason for this lack of connectivity?
 A. The router NAT configuration has an incorrect inside local
address.
275. Anycompany has decided to reduce its environmental footprint by
reducing energy costs, moving to a smaller facility, and promoting
telecommuting. What service or technology would support this
requirement?
 B. cloud services
276. A company needs to interconnect several branch offices across a
metropolitan area. The network engineer is seeking a solution that provides
high-speed converged traffic, including voice, video, and data on the same
network infrastructure. The company also wants easy integration to their
existing LAN infrastructure in their office locations. Which technology
should be recommended?
 D. Ethernet WAN

277. Refer to the exhibit. Which two configurations would be used to create
and apply a standard access list on R1, so that only the 10.0.70.0/25 network
 devices are allowed to access the internal database server? (Choose two.)

 A.
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip access-group 5 out
 D.
R1(config)# access-list 5 permit 10.0.70.0 0.0.0.127
278. Which type of VPN uses a hub-and-spoke configuration to establish a
full mesh topology?
 B. dynamic multipoint VPN
279. What are two purposes of launching a reconnaissance attack on a
network? (Choose two.)
 C. to gather information about the network and devices
 D. to scan for accessibility
280. Refer to the exhibit. If the switch reboots and all routers have to re-
establish OSPF adjacencies, which routers will become the new DR and
BDR?

 A. Router R3 will become the DR and router R1 will become the

BDR.
281. The SW1 interface g0/1 is in the down/down state. Which two
configurations are valid reasons for the interface conditions?(choose two)
 B. There is a speed mismatch
 E. The interface is error-disabled
 282. In which two ways does a password manager reduce the chance of a
hacker stealing a users password? (Choose two.)
 C. It protects against keystroke logging on a compromised device
or web site.
 E. It encourages users to create stronger passwords.
283. What is the primary purpose of a First Hop Redundancy Protocol?
 .
 D. It reduces routing failures by allowing more than one router to
represent itself, as the default gateway of a network.
Correct Answer: D
284. Refer to the exhibit. Which path is used by the router for internet
traffic?

 C. 0.0.0.0/0

285. Refer to Exhibit. The loopback1 interface of the Atlanta router must
reach the loopback3 interface of the Washington router. Which two static
 host routes must be configured on the NEW York router? (Choose two)

 A. ipv6 route 2000::1/128 2012::1

 B. ipv6 route 2000::3/128 2023::3
286. Refer to the exhibit. A packet is being sent across router R1 to host
172.16.3.14. To which destination does the router send the packet?

 C. 207.165.200.254 via Serial0/0/1

287. Which goal is achieved by the implementation of private IPv4
addressing on a network?
 D. provides an added level of protection against Internet exposure

288. Refer to the exhibit. A network administrator assumes a task to

complete the connectivity between PC A and the File Server Switch A and
Switch B have been partially configured with VLANs 10, 11, 12, and 13
What is the next step in the configuration?
 B. Add VLAN 13 to the trunk links on Switch A and Switch B for
VLAN propagation
289. When a WPA2-PSK WLAN is configured in the Wireless LAN
Controller, what is the minimum number of characters that is required in
ASCII formar?
 B. 8

290. Refer to the exhibit Which outcome is expected when PC_A sends data
to PC_B?
 B. The source and destination MAC addresses remain the same
291. An engineer needs to configure LLDP to send the port description time
length value (TLV). What command sequence must be implemented?
 B. switch(config)#lldp port-description

292. Refer to the exhibit. Which switch becomes the root bridge?
 B. S2
293. Refer to the exhibit. What is the next hop address for traffic that is
destined to host 10.0.1.5?

 C. 10.0.1.50
294. When the active router in an HSRP group fails, what router assumes
the role and forwards packets?
 C. standby

295. An organization secures its network with multi-factor authentication

using an authenticator app on employee smartphones. How is the applic
secured in the case of a user’s smartphone being lost or stolen?
 A. The application requires the user to enter a PIN before it
provides the second factor

296. Refer to the exhibit. What action establishes the OSPF neighbor
relationship without forming an adjacency?

 C. modify hello interval

297. Refer to the exhibit. An engineer booted a new switch and applied this
configuration via the console port. Which additional configuration must be
applied to allow administrators to authenticate directly to enable privilege
mode via Telnet using a local username and password?

D.
R1(config)#username admin privilege 15 secret p@ss1234
R1(config-if)#line vty 0 4
R1(config-line)#login local

298. Refer to the exhibit. Which switch in this configuration will be elected
as the root bridge?
 SW1: 0C:E0:38:00:36:75
SW2: 0C:0E:15:22:05:97
SW3: 0C:0E:15:1A:3C:9D
SW4: 0C:E0:18:A1:B3:19
 C. SW3
299. An engineer is configuring NAT to translate the source subnet of
10.10.0.0/24 to any of three addresses 192.168.3.1, 192.168.3.2, 192.168.3.3 .
Which configuration should be used?
C.
enable
configure terminal
ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30
access-list 1 permit 10.10.0.0 0.0.0.255
ip nat inside source list 1 pool mypool
interface g1/1
ip nat inside
interface g1/2
ip nat outside
300. An office has 8 floors with approximately 30-40 users per floor .What
command must be configured on the router Switched Virtual Interface to
use address space efficiently?
 B. ip address 192.168.0.0 255.255.254.0
301. Which device performs stateful inspection of traffic?
 A. firewall
302. What criteria is used first during the root port selection process?
 B. lowest path cost to the root bridge

303. Router R2 is configured with multiple routes to reach network 10

1.1.0/24 from router R1. What protocol is chosen by router R2 to reach the
destination network 10.1.1.0/24?
 B. static
304. A network administrator enabled port security on a switch interface
connected to a printer. What is the next configuration action in order to
allow the port to learn the MAC address of the printer and insert it into the
table automatically?
 C. enable sticky MAC addressing
305. Which configuration ensures that the switch is always the root for
VLAN 750?
 D. Switch(config)#spanning-tree vlan 750 priority 0
Correct Answer: D
306. An engineer must configure an OSPF neighbor relationship between
router R1 and R3 The authentication configuration has been configured and
the connecting interfaces are in the same 192.168 1.0/30 sublet. What are the
next two steps to complete the configuration? (Choose two.)
 A. configure the hello and dead timers to match on both sides
 E. configure both interfaces with the same area ID
307. What protocol allows an engineer to back up 20 network router
configurations globally while using the copy function?
 B. SNMP
308. Which state does the switch port move to when PortFast is enabled?
 B. forwarding
309. What are two roles of Domain Name Services (DNS)? (Choose Two)
 D. enables applications to identify resources by name instead of IP
address
 E. allows a single host name to be shared across more than one IP
address
310. How do TCP and UDP differ in the way they guarantee packet
delivery?
 A. TCP uses checksum, acknowledgement, and retransmissions,
and UDP uses checksums only.
311. A device detects two stations transmitting frames at the same time. This
condition occurs after the first 64 bytes of the frame is received interface
counter increments?
 D. late collision
312. Which technology is used to improve web traffic performance by proxy
caching?
 A. WSA
313. Using direct sequence spread spectrum, which three 2.4-GHz channels
are used to limit collisions?
 A. 1,6,11
314. Which type of attack can be mitigated by dynamic ARP inspection?
 D. man-in-the-middle
315. What are two benefits of controller-based networking compared to
traditional networking?
 C. Controller-based reduces network configuration complexity,
while traditional increases the potential for errors
 D. Controller-based provides centralization of key IT functions.
While traditional requires distributes management function
316. What software defined architecture plane assists network devices with
making packet-forwarding decisions by providing Layer 2 reachability and
Layer 3 routing information?
 B. control plane
317. Which WAN access technology is preferred for a small office / home
office architecture?
 A. broadband cable access
318. Refer to the exhibit. Which route type does the routing protocol Code D
represent in the output?

 D. route learned through EIGRP

319. Which two WAN architecture options help a business scalability and
reliability for the network? (Choose two)
 A. asychronous routing
 C. dual-homed branches
320. A wireless administrator has configured a WLAN; however, the clients
need access to a less congested 5-GHz network for their voice quality. What
action must be taken to meet the requirement?
 D. enable Band Select
 321. What mechanism carries multicast traffic between remote sites and
supports encryption?
 B. GRE over iPsec
322. An engineer must establish a trunk link between two switches. The
neighboring switch is set to trunk or desirable mode. What action should be
taken?
 C. configure switchport mode dynamic auto
323. Which type of information resides on a DHCP server?
 A. a list of the available IP addresses in a pool
324. What is a function of Wireless LAN Controller?
 C. send LWAPP packets to access points.

325. What role does a hypervisor provide for each virtual machine in server
virtualization?
 C. control and distribution of physical resources
326. Which technology must be implemented to configure network device
monitoring with the highest security?
 D. SNMPv3
327. What is the function of a server?
 B. It provides shared applications to end users.
 328. Refer to the exhibit. Which type of configuration is represented in the
output?

 D. Puppet
329. A port security violation has occurred on a switch port due to the
maximum MAC address count being exceeded Which command must be
configured to increment the security-violation count and forward an SNMP
trap?
 C. switchport port-security violation restrict
330. Which spanning-tree enhancement avoids the learning and listening
states and immediately places ports in the forwarding state?
 B. PortFast
331. What are two functions of a Layer 2 switch? (Choose two)
 C. moves packets within a VLAN
 E. makes forwarding decisions based on the MAC address of a
packet
Correct Answer: C, E
332. A manager asks a network engineer to advise which cloud service
models are used so employees do not have to waste their time installing,
managing, and updating software which is only used occasionally Which
cloud service model does the engineer recommend?
 D. software-as-a-service
Correct Answer: D
333. Which two functions are performed by the core layer in a three-tier
architecture? (Choose two)
 A. Provide uninterrupted forwarding service.
 D. Ensure timely data transfer between layers.
334. When using Rapid PVST+, which command guarantees the switch is
always the root bridge for VLAN 200?
 B. spanning -tree vlan 200 priority 0
335. What are two functions of a server on a network? (Choose two)
 B. runs applications that send and retrieve data for workstations
that make requests
 C. handles requests from multiple workstations at the same time
336. What is the primary function of a Layer 3 device?
 C. to pass traffic between different networks
 337. Refer to the exhibit. After the election process what is the root bridge in
the HQ LAN?

 C. Switch 3
338. An engineer requires a scratch interface to actively attempt to establish
a trunk link with a neighbor switch. What command must be configured?
 B. switchport mode dynamic desirable
339. What is a function of TFTP in network operations?
 D. transfers IOS images from a server to a router for firmware
upgrades
340. What are two recommendations for protecting network ports from
being exploited when located in an office space outside of an IT closet?
(Choose two)
 C. implement port-based authentication
 E. shut down unused ports
341. What is a recommended approach to avoid co-channel congestion while
installing access points that use the 2.4 GHz frequency?
 A. different nonoverlapping channels
 342. Refer to the exhibit. An engineer configured the New York router with
state routes that point to the Atlanta and Washington sites. When command
must be configured on the Atlanta and Washington routers so that both sites
are able to reach the loopback2 interface on the New York router?

 C. ipv6 route ::/0 Serial 0/0/0

343. What is a function of a remote access VPN?
 D. allows the users to access company internal network resources
through a secure tunnel
344. Which CRUD operation modifies an existing table or view?
 D. update
345. What is a DHCP client?
 B. a host that is configured to request an IP address automatically
346. What is the same for both copper and fiber interfaces when using SFP
modules?
 B. They provide minimal interruption to services by being hot-
swappable
347. When using Rapid PVST+, which command guarantees the switch is
always the root bridge for VLAN 200?
 C. spanning -tree vlan 200 priority 0
348. An engineer must configure Interswitch VLAN communication between
a Cisco switch and a third-party switch. Which action should be taken?
 B. configure IEEE 802.1q
349. Which protocol prompts the Wireless LAN Controller to generate its
own local web administration SSL certificate for GUI access?
 A. HTTPS
350. In software defined architectures, which plane is distributed and
responsible for traffic forwarding?
 D. data plane
351. Which function is performed by the collapsed core layer in a two-tier
architecture?
 A. enforcing routing policies
352. Where does the configuration reside when a helper address Is
configured to support DHCP?
 B. on the router closest to the client
353. Refer to the exhibit. A network administrator must permit SSH access
to remotely manage routers in a network. The operations team resides on
 the 10.20.1.0/25 network. Which command will accomplish this task?

 D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255

354. What is the purpose of traffic shaping?
 B. to provide fair queuing for buffered flows
355. Which configuration management mechanism uses TCP port 22 by
default when communicating with managed nodes?
 A. Ansible
356. Refer to the exhibit. If OSPF Is running on this network, how does
Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?

 B. It is unreachable and discards the traffic.

357. Refer to the exhibit. Which command configures a floating static route
to provide a backup to the primary link?

 D. ip route 209.165.200.224 255.255.255.224 209.165.202.129 254

 358. What is a practice that protects a network from VLAN hopping
attacks?
 C. Change native VLAN to an unused VLAN ID
359. Which technology can prevent client devices from arbitrarily
connecting to the network without state remediation?
 A. 802.1x
360. What facilitates a Telnet connection between devices by entering the
device name?
 B. DNS lookup
361. How does the dynamically-learned MAC address feature function?
 A. The CAM table is empty until ingress traffic arrives at each port
362. When implementing a router as a DHCP server, which two features
must be configured? (Choose two)
 A. relay agent information
 B. database agent
 C. address pool
363. Which command must be entered to configure a DHCP relay?
 A. ip helper-address
364. Where does a switch maintain DHCP snooping information?
 C. in the binding database
365. Which type of security program is violated when a group of employees
enters a building using the ID badge of only one person?
 C. physical access control
366. A network administrator needs to aggregate 4 ports into a single logical
link which must negotiate layer 2 connectivity to ports on another switch
What must be configured when using active mode on both sides of the
connection?
 D. LACP

367. In which situation is private IPv4 addressing appropriate for a new

subnet on the network of an organization?
 A. There is limited unique address space, and traffic on the new
subnet will stay local within the organization.
368. Aside from discarding, which two states does the switch port transition
through while using RSTP (802.1w)? (Choose two)
 C. forwarding
 D. learning
369. Which state does the switch port move to when PortFast is enabled?
 A. forwarding
370. Refer to the exhibit. An access list is created to deny Telnet access from
host PC-1 to RTR-1 and allow access from all other hosts A Telnet attempt
from PC-2 gives this message:”% Connection refused by remote host”
Without allowing Telnet access from PC-1, which action must be taken to
 permit the traffic?

 A. Add the access-list 10 permit any command to the configuration

371. What is a role of wireless controllers in an enterprise network?
 A. centralize the management of access points in an enterprise
network
372. What is the effect when loopback interfaces and the configured router
ID are absent during the OSPF Process configuration?.
 B. The highest up/up physical interface IP address is selected as the
router ID.

373. What is recommended for the wireless infrastructure design of an

organization?
 B. configure the first three access points are configured to use
Channels 1, 6, and 11
374. Which 802.11 frame type is indicated by a probe response after a client
sends a probe request?
 B. management
375. How do servers connect to the network in a virtual environment?
 D. a software switch on a hypervisor that is physically connected to
the network
376. Which CRUD operation corresponds to the HTTP GET method?
 A. read
377. With REST API, which standard HTTP header tells a server which
media type is expected by the client?
 D. Accept: application/json
 378. Which device tracks the state of active connections in order to make a
decision to forward a packet through?
 B. firewall
379. Refer to the exhibit. PC1 is trying to ping PC3 for the first time and
sends out an ARP to S1. Which action is taken by S1?

 B. It is flooded out every port except G0/0.

380. Refer to the exhibit. A network administrator has been tasked with
securing VTY access to a router. Which access-list entry accomplishes this
task?

 A. access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq

ssh
 381. A network administrator must enable DHCP services between two sites.
What must be configured for the router to pass DHCPDISCOVER messages
on to the server?
 A. a DHCP Relay Agent
382. Which device controls the forwarding of authentication requests for
users when connecting to the network using a lightweight access point?
 D. wireless LAN controller
383. Refer to the exhibit. What is the result if Gig1/11 receives an STP
BPDU?

 D. The port goes into error-disable state

384. Which configuration is needed to generate an RSA key for SSH on a
router?.
 D. Assign a DNS domain name
385. What is the maximum bandwidth of a T1 point-to-point connection?
 A. 1.544 Mbps

386. An engineer must configure traffic for a VLAN that is untagged by the
switch as it crosses a trunk link. Which command should be used?
 B. switchport trunk native vlan 10
387. How does a Cisco Unified Wireless network respond to Wi-Fi channel
overlap?
 A. It alternates automatically between 2.4 GHz and 5 GHz on
adjacent access points
388. What does a switch use to build its MAC address table?
 D. ingress traffic
Answer: D
389. Which network plane is centralized and manages routing decisions?
 C. control plane
390. What does a router do when configured with the default DNS lookup
settings, and a URL is entered on the CLI?
 D. sends a broadcast message in an attempt to resolve the URL
391. What is a DNS lookup operation?
 D. responds to a request for IP address to domain name resolution to
the DNS server
392. Refer to the exhibit. A network engineer must configured
communication between PC A and the File Server. To prevent interruption
 for any other communications, which command must be configured?

 C. Switchport trunk allowed vlan add 13

393. What is a characteristic of a SOHO network?
 B. enables multiple users to share a single broadband connection
394. Which resource is able to be shared among virtual machines deployed
on the same physical server?
 A. disk
395. Which implementation provides the strongest encryption combination
for the wireless environment?
 A. WPA2 + AES
396. Refer to the exhibit. After running the code in the exhibit, which step
reduces the amount of data that the NETCONF server returns to the
NETCONF client, to only the interface’s configuration?

 D. Use the JSON library to parse the data returned by the NETCONF
server for the interface’s configuration.
397. What is an appropriate use for private IPv4 addressing?
 D. on hosts that communicates only with other internal hosts
398. What are two functions of an SDN controller? (Choose two)
 B. coordinating VTNs
 D. managing the topology
399. If a switch port receives a new frame while it is actively transmitting a
previous frame, how does it process the frames?
 C. The new frame is placed in a queue for transmission after the
previous frame.
400. Refer to the exhibit. The ntp server 192.168.0.3 command has been
configured on router 1 to make it an NTP client of router 2. Which
command must be configured on router 2 so that it operates in server-only
 mode and relies only on its internal clock?

 C. Router2(config)#ntp master 4
401. Which WAN topology provides a combination of simplicity quality, and
availability?
 C. point-to-point
402. Why does a switch flood a frame to all ports?
 D. The destination MAC address of the frame is unknown.
403. When DHCP is configured on a router, which command must be
entered so the default gateway is automatically distributed?
 A. default-router
404. What is a network appliance that checks the state of a packet to
determine whether the packet is legitimate?
 C. firewall
405. How is the native VLAN secured in a network?
 A. separate from other VLANs within the administrative domain
406. Which command on a port enters the forwarding state immediately
when a PC is connected to it?
 C. switch(config-if)#spanning-tree portfast trunk
407. Refer to Exhibit. Which configuration must be applied to the router
that configures PAT to translate all addresses in VLAN 200 while allowing
devices on VLAN 100 to use their own IP addresses?
 D. Option D

408. Refer to the exhibit. An administrator must configure interfaces Gi1/1

and Gi1/3 on switch SW11 PC-1 and PC-2 must be placed in the Data VLAN
and Phone-1 must be placed in the Voice VLAN Which configuration meets
these requirements?
 C. Option C
 409. Refer to the exhibit. Which switch becomes the root of the spanning
tree for VLAN 110?

 B. Switch 2
410. What is a benefit of VRRP?
 B. It provides the default gateway redundancy on a LAN using two or
more routers.
411. Which protocol does an IPv4 host use to obtain a dynamically assigned
IP address?
 B. DHCP
 412. Refer to the exhibit. An access list is required to permit traffic from any
host on interface G0/0 and deny traffic from interface G/0/1. Which access
list must be applied?

 A. Option A
413. How does a switch process a frame received on Fa0/1 with the
destination MAC address of 0e38.7363.657b when the table is missing the
address?
 C. It floods the frame to all interfaces except Fa0/1.
414. Which condition must be met before an NMS handles an SNMP trap
from an agent?
 A. The NMS software must be loaded with the MIB associated with
the trap.

415. What is the purpose of a southbound API in a control based networking

architecture?
 B. Facilities communication between the controller and the
networking hardware
416. Which switch technology establishes a network connection immediately
when it is plugged in?
 C. UplinkFast
417. What causes a port to be placed in the err-disabled state?
 B. port security violation
418. An engineer needs to add an old switch back into a network. To prevent
the switch from corrupting the VLAN database which action must be taken?
 A. Add the switch in the VTP domain with a lower revision number
419. Which JSON data type is an unordered set of attribute- value pairs?
 C. object
420. What occurs when overlapping Wi-Fi channels are implemented?
 C. Users experience poor wireless network performance.
421. Which technology allows for multiple operating systems to be run on a
single host computer?
 D. Server Virtualization
422. Which two QoS tools provides congestion management? (Choose two)
 B. CBWFQ
 C. PQ

423. Refer to the exhibit. An administrator must turn off the Cisco
Discovery Protocol on the port configured with address last usable address
 in the 10.0.0.0/30 subnet. Which command set meets the requirement?

A. interface gi0/1
no cdp enable
424. What is a role of access points in an enterprise network?
 A. connect wireless devices to a wired network
425. What is a similarity between OM3 and OM4 fiber optic cable?
 A. Both have a 50 micron core diameter
426. Refer to the exhibit.

The entire contents of the MAC address table are shown. Sales-4 sends a
data frame to Sales-1.

What does the switch do as it receives the frame from Sales-4?

 B. Insert the source MAC address and port into the forwarding table
and forward the frame to Sales-1.
427. What describes the operation of virtual machines?
 D. Virtual machines are operating system instances that are
decoupled from server hardware
428. Refer to the exhibit. Only four switches are participating in the VLAN
spanning-tree process.

Branch-1 priority 614440

Branch-2: priority 39082416
Branch-3: priority 0
Branch-4: root primary
Which switch becomes the permanent root bridge for VLAN 5?
 C. Branch-3
429. When deploying syslog, which severity level logs informational
message?
 D. 6

430. Refer to the exhibit. Shortly after SiteA was connected to SiteB over a
new single-mode fiber path users at SiteA report intermittent connectivity
issues with applications hosted at SiteB What is the cause of the intermittent
 connectivity issue?

 A. Interface errors are incrementing

431. Refer to the exhibit. An engineer must configure GigabitEthernet1/1 to

accommodate voice and data traffic Which configuration accomplishes this
 task?

 A. Option A
432. Which technology is appropriate for communication between an SDN
controller and applications running over the network?
 B. REST API
433. Which security program element involves installing badge readers on
data-center doors to allow workers to enter and exit based on their job
roles?
 D. physical access control
434. Which network action occurs within the data plane?
 A. compare the destination IP address to the IP routing table.
435. Which networking function occurs on the data plane?
 A. forwarding remote client/server traffic
 436. A network administrator must to configure SSH for remote access to
router R1 The requirement is to use a public and private key pair to encrypt
management traffic to and from the connecting client. Which configuration,
when applied, meets the requirements?

 B. Option B
437. Which protocol does an access point use to draw power from a
connected switch?
 C. Cisco Discovery Protocol
438. What is the benefit of using FHRP?
 C. higher degree of availability
439. An administrator must secure the WLC from receiving spoofed
association requests. Which steps must be taken to configure the WLC to
restrict the requests and force the user to wait 10 ms to retry an association
request?
 D. Enable the Protected Management Frame service and set the
Comeback timer to 10
440. A network engineer must configure the router R1 GigabitEthernet1/1
interface to connect to the router R2 GigabitEthernet1/1 interface. For the
configuration to be applied the engineer must compress the address
2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be
issued on the interface?
 B. ipv6 address 2001:db8::500:a:400F:583B
 C. ipv6 address 2001 db8:0::500:a:4F:583B
441. What does an SDN controller use as a communication protocol to relay
forwarding changes to a southbound API?
 A. OpenFlow
 442. What uses HTTP messages to transfer data to applications residing on
different hosts?
 D. REST
443. When a WLAN with WPA2 PSK is configured in the Wireless LAN
Controller GUI which format is supported?
 D. ASCII
444. Which 802.11 management frame type is sent when a client roams
between access points on the same SSID?
 A. Reassociation Request
445. An engineer observes high usage on the 2.4GHz channels and lower
usage on the 5GHz channels. What must be configured to allow clients to
preferentially use 5GHz access points?
 D. Client Band Select
446. What is a characteristic of private IPv4 addressing?
 D. used without tracking or registration
447. Refer to the exhibit. Which command must be executed for Gi1.1 on
SW1 to become a trunk port if Gi1/1 on SW2 is configured in desirable or
trunk mode?

 C. switchport mode dynamic auto

448. What are two improvements provided by automation for network
management in an SDN environment? (Choose two)
 B. Artificial intelligence identifies and prevents potential design
failures.
 E. Proprietary Cisco APIs leverage multiple network management
tools.
449. An engineer must configure the IPv6 address
2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the
HQ router and wants to compress it for easier configuration. Which
command must be issued on the router interface?
 A. ipv6 address 2001:db8::700:3:400F:572B
450. Which WLC port connects to a switch to pass normal access-point
traffic?
 C. distribution system
451. An engineering team asks an implementer to configure syslog for
warning conditions and error conditions. Which command does the
implementer configure to achieve the desired result?
 C. logging trap 4
452. Which two protocols are supported on service-port interfaces? (Choose
two.)
 D. Telnet
 E. SSH
453. Refer to the exhibit. How must router A be configured so that it only
sends Cisco Discovery Protocol Information to router C?

 A. Option A
454. Which global command encrypt all passwords in the running
configuration?
 D. service password-encryption
455. What is the function of a hub-and-spoke WAN topology?
 B. provides direct connections between subscribers
 456. An implementer is preparing hardware for virtualization to create
virtual machines on a host. What is needed to provide communication
between hardware and virtual machines?
 A. hypervisor
457. Which two components are needed to create an Ansible script that
configures a VLAN on a switch? (Choose two.)
 A. cookbook
 B. task
 C. playbook
458. Refer to the exhibit. Which two prefixes are included in this routing
table entry? (Choose two.)

 A. 192.168.1.17
 B. 192.168.1.61
459. Which two primary drivers support the need for network automation?
(Choose two.)
 C. Policy-derived provisioning of resources
 D. Providing a ship entry point for resource provisioning
460. What is a characteristic of cloud-based network topology?
 C. services are provided by a public, private, or hybrid deployment
461. A network analyst is tasked with configured the date and time on a
router using EXEC mode. The date must be set to 12:00am. Which
command should be used?
 D. Clock set
462. Which HTTP status code is returned after a successful REST API
request?
 A. 200

463. Refer to the exhibit. When PC-A sends traffic to PC-B, which network
component is in charge of receiving the packet from PC-A verifying the IP
 addresses, and forwarding the packet to PC-B?

 B. Router
464. What is the function of a controller in controller-based networking?
 A. It serves as the centralized management point of an SDN
architecture.
465. Refer to me exhibit. Which action is taken by the router when a packet
is sourced from 10.10.10.2 and destined for 10.10.10.16?


 B. It discards the packets.
466. When a switch receives a frame for a known destination MAC address,
how is the frame handed?
 A. sent to the port identified for the known MAC address
467. Why was the RFC 1918 address space defined?
 A. conserve public IPv4 addressing

468. Refer to the exhibit. R5 is the current DR on the network, and R4 is the
BDR. Their interfaces are flapping, so a network engineer wants the OSPF
network to elect a different DR and BDR. Which set of configurations must
 the engineer implement?

 D. Option
469. After installing a new Cisco ISE server, which task must the engineer
perform on the Cisco WLC to connect wireless clients on a specific VLAN
based on their credentials?
 A. Enable the allow AAA Override
470. Which level of severity must be set to get informational syslogs?
 D. debug

471. Refer to the exhibit. Router R4 is dynamically learning the path to the
server. If R4 is connected to R1 via OSPF Area 20, to R2 via R2 BGP, and to
 R3 via EIGRP 777, which path is installed in the routing table of R4?

 C. the path through R2 because the EBGP administrative distance

is 20
472. What is a function of the Cisco DNA Center Overall Health
Dashboard?
 A. It provides a summary of the top 10 global issues.
473. Which protocol requires authentication to transfer a backup
configuration file from a router to a remote server?
 B. FTP
474. Where is the interface between the control plane and data plane within
the softwaredefined architecture?
 A. control layer and the infrastructure layer
475. Which action does the router take as rt forwards a packet through the
network?
 C. The router replaces the original source and destination MAC
addresses with the sending router MAC address as the source and
neighbor MAC address as the destination
476. When a site-to-site VPN is configured, which IPsec mode provides
encapsulation and encryption of the entire original P packet?
 C. IPsec tunnel mode with ESP

477. Refer to the exhibit. Which two commands, when configured on router
R1, fulfill these requirements? (Choose two.)
Packets towards the entire network 2001:db8:2::/64 must be forwarded
through router R2.
 Packets toward host 2001:db8:23::14 preferably must be forwarded through
R3.

 B. Ipv6 route 2001:db8:23::14/128 fd00:13::3

 D. Ipv6 route 2001:db8:23::/64 fd00:12::2
478. What is the role of a firewall in an enterprise network?
 C. determines which packets are allowed to cross from unsecured
to secured networks
479. What is the benefit of configuring PortFast on an interface?
 B. After the cable is connected, the interface is available faster to
send and receive user data
480. How are VLAN hopping attacks mitigated?
 B. manually implement trunk ports and disable DTP
481. Which two protocols must be disabled to increase security for
management connections to a Wireless LAN Controller? (Choose two)
 A. Telnet
 C. HTTP
482. When a client and server are not on the same physical network, which
device is used to forward requests and replies between client and server for
DHCP?
 A. DHCP relay agent
483. Which QoS tool is used to optimize voice traffic on a network that is
primarily intended for data traffic?
 C. PQ
484. On workstations running Microsoft Windows, which protocol provides
the default gateway for the device?
 A. DHCP
485. What is the purpose of using First Hop Redundancy Protocol in a
specific subnet?
 D. forwards multicast hello messages between routers
486. What is the difference in data transmission delivery and reliability
between TCP and UDP?
 D. TCP requires the connection to be established before
transmitting data. UDP transmits data at a higher rate without ensuring
packet delivery.
487. How does QoS optimize voice traffic?
 C. by differentiating voice and video traffic
488. What are network endpoints?
 B. a threat to the network if they are compromised
489. What does physical access control regulate?
 D. access to networking equipment and facilities
490. What must be considered when using 802.11a?
 A. It is compatible with 802 lib- and 802 11-compliant wireless
devices
 B. It is used in place of 802 11b/g when many nonoverlapping
channels are required
491. An engineer configures interface Gi1/0 on the company PE router to
connect to an ISP Neighbor discovery is disabled. Which action is necessary
to complete the configuration if the ISP uses third-party network devices?

 A. Enable LLDP globally

492. Which two events occur automatically when a device Is added to Cisco
DNA Center? (Choose two.)
 A. The device Is assigned to the Global site.
 D. The device Is placed into the Managed state.
493. What are two benefits of using the PortFast feature? (Choose two)
 A. Enabled interfaces are automatically placed in listening state
 B. Enabled interfaces come up and move to the forwarding state
immediately
 C. Enabled interfaces never generate topology change
notifications.
 494. A network administrator is asked to configure VLANS 2, 3 and 4 for a
new implementation. Some ports must be assigned to the new VLANS with
unused remaining. Which action should be taken for the unused ports?
 B. configure ports in a black hole VLAN
495. Which function is performed by DHCP snooping?
 D. rate-limits certain traffic
496. Which plane is centralized by an SON controller?
 B. control-plane
497. Which access layer threat-mitigation technique provides security based
on identity?
 C. 802.1x
498. What are two similarities between UTP Cat 5e and Cat 6a cabling?
(Choose two.)
 C. Both support runs of up to 100 meters.
 D. Both support speeds of at least 1 Gigabit.
499. Refer to the exhibit. What is the metric of the route to the
192.168.10.33/28 subnet?

 E. 193
500. What are two characteristics of the distribution layer in a three-tier
network architecture? (Choose two.)
 A. serves as the network aggregation point
 B. provides a boundary between Layer 2 and Layer 3
communications
501. What prevents a workstation from receiving a DHCP address?
 B. STP
502. What Is a syslog facility?
 D. set of values that represent the processes that can generate a log
message
 503. Which communication interaction takes place when a southbound API
Is used?
 B. between the SON controller and switches and routers on the
network
504. Which port type supports the spanning-tree portfast command without
additional configuration?
 A. access ports
505. An engineer is configuring data and voice services to pass through the
same port. The designated switch interface fastethernet0/1 must transmit
packets using the same priority for data when they are received from the
access port of the IP phone. Which configuration must be used?
A)
interface fastethernet0/1
switchport priority extend cos 7
506. Which mode must be set for APs to communicate to a Wireless LAN
Controller using the Control and Provisioning of Wireless Access Points
(CAPWAP) protocol?
 D. lightweight
507. What are two benefits of FHRPs? (Choose two.)
 D. They enable automatic failover of the default gateway.
 E. They allow multiple devices lo serve as a single virtual gateway for
clients in the network
508. What are two characteristics of an SSID? (Choose Two)
 A. It can be hidden or broadcast in a WLAN
 D. It is at most 32 characters long.
509. In QoS, which prioritization method is appropriate for interactive voice
and video?
 D. low-latency queuing
 510. Refer to the exhibit. Which change to the configuration on Switch
allows the two switches to establish an GtherChannel?

 B. Change the LACP mode to active

511. What Is the path for traffic sent from one user workstation to another
workstation on a separate switch In a Ihree-lter architecture model?
 D. access -distribution – core – distribution – access
512. How does WPA3 improve security?
 A. It uses SAE for authentication.
513. Where does wireless authentication happen?
 D. Layer 2
514. How are the switches in a spine-and-leaf topology interconnected?
 C. Each leaf switch is connected to each spine switch.
515. What are two characteristics of a public cloud Implementation?
(Choose two.)
 C. It provides services that are accessed over the Internet.
 E. It supports network resources from a centralized third-party
provider and privately-owned virtual resources
516. Which virtual MAC address is used by VRRP group 1?
 C. 0000.5E00.0101
517. Which type of traffic Is sent with pure iPsec?
 D. unicast messages from a host at a remote site lo a server at
headquarters
518. What is the purpose of an SSID?
 D. It identifies a WLAN

519. What is a similarly between 1000BASE-LX and 1000BASE-T

standards?
 A. Both use the same data-link header and trailer formats
520. What is a capability of FTP in network management operations?
 C. uses separate control and data connections to move files between
server and client
521. Refer to the exhibit. A network engineer is in the process of establishing
IP connectivity between two sites. Routers R1 and R2 are partially
configured with IP addressing. Both routers have the ability to access
devices on their respective LANs. Which command set configures the IP
connectivity between devices located on both LANs in each site?

 C. Option C
522. Which type of organization should use a collapsed-core architecture?
 C. small and needs to reduce networking costs currently
523. In software-defined architecture, which place handles switching for
traffic through a Cisco router?
 C. Data

524. Refer to the exhibit. Which IPv6 configuration is required for R17 to
successfully ping the WAN interface on R18?
 B. Option B
525. Refer to the exhibit. Between which zones do wireless users expect to
experience intermittent connectivity?

 C. between zones 3 and 4

526. Which device permits or denies network traffic based on a set of rules?
 B. firewall
 527. Refer to the exhibit. The entire MAC address table for SW1 is shown
here:
SW1#show mac-address-table

Mac Address Table

Vlan Mac Address Type Ports

000c.8590.bb7d DYNAMIC Fa0/1

010a.7a17.45bc DYNAMIC FaO/3

7aa7.4037.8935 DYNAMIC FaO/4

SW1#

What does SW1 do when Br-4 sends a frame to Br-2?

 A. It inserts the source MAC address and port into the forwarding
table and forwards the frame to Br-2.

528. Refer to Exhibit. An engineer is configuring the NEW York router to reach
the Lot interface of the Atlanta router using interface Se0/0/0 as the primary
path. Which two commands must be configured on the New York router so that
it can reach the Lo1 interface of the Atlanta router via Washington when the link
between New York and Atlanta goes down? (Choose two)
 E. ipv6 router 2000::1/128 2023::3 5
 A. ipv6 router 2000::1/128 2012::1

529. Refer to the exhibit. An extended ACL has been configured and applied
to router R2 The configuration started to work as intended.Which two
changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from
the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two)

 B. Add a “permit ip any any” statement at the end of ACL 101 for allowed traffic.
 C. The source and destination IPs must be swapped in ACL 101.