Cisco Practice Tests

Questions for review:41

Sorry! You did not pass this test!

Passing score: 850
Your score: 255

Try again after reviewing the following report:

Question: Which command is used to enable IPv6 routing?

A. ipv6 router

B. ipv6 unicast-routing
C. enable ipv6
D. ipv6 eigrp

Correct answer: B
Your answer: A
Explanation:

Question: Which options are true regarding the operation of ROM in a Cisco router?

A. POST brings up the router on start-up

B. The ROM monitor includes a low-level operating system that is used for manufacturing and password recovery
C. Bootstrap tests and troubleshoots the Cisco IOS software
D. Power-on self test or POST tests the basic functionality of the router hardware

Correct answer: B D
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-2/network-management/router-internal-components-overview.html

Question: An enterprise plans to start using a public cloud service, and is considering different WAN options. The answers list four options under consideration.
Which options provide good security by keeping the data private while also providing good QoS services?

A. Using private WAN connections directly to the cloud provider

B. Using an Internet connection without VPN

C. Using an intercloud exchange
D. Using an Internet connection with VPN

Correct answer: A C
Your answer: A
Explanation: Private WAN options use technologies like Ethernet WAN and MPLS, both of which keep data private by their nature and which include QoS services.
An intercloud exchange is a purpose-built WAN service that connects to enterprises as well as most public cloud providers, using the same kinds of private WAN
technology with those same benefits.

For the two incorrect answers, both use the Internet, so both cannot provide QoS services. The Internet VPN option does encrypt the data to keep it private.

Question: What are the two main functions of a router?

A. Determine the optimal path to forward packets and store the decision in a routing table
B. Determine the optimal path to forward frames and store the decision in a MAC address table
C. Forward frames based on entries in a MAC address table
D. Forward packets based on entries in a routing table

Correct answer: A D
Your answer: A
Explanation:

Question: Suppose two APs are located near each other. Which channel use strategy will result in nonoverlapping channels for Wi-Fi use?

A. Use 2.4-GHz channel 1 on AP-A and channel 2 on AP-B.

B. Use 2.4-GHz channel 1 on AP-A and 5-GHz channel 48 on AP-B.
C. Use 5-GHz channel 36 on AP-A and channel 40 on AP-B.
D. Use 5-GHz channel 36 on AP-A and channel 37 on AP-B.

Correct answer: B C
Your answer: -
Explanation: Using 2.4-GHz channel 1 and 5-GHz channel 48 would result in nonoverlapping channels because each is a member of a different frequency band.
Using 5-GHz channels 36 and 40 would also result in nonoverlap because the usable 5-GHz channel numbers are spaced appropriately so that they do not overlap.
However, 5-GHz channels 36 and 37 would overlap, even though channel number 37 is not a valid usable Wi-Fi channel. In the 2.4-GHz band, channels 1 and 2 are
spaced much too closely, causing extensive overlap.

Question: What is needed to have multiple routers functioning as a single virtual router?

A. IP routing must be disabled on the primary router

B. The default gateway must be configured on the routers
C. EtherChannel must be configured between the routers
D. The routers must have the same IP address and MAC

Correct answer: D
Your answer: B
Explanation: http://www.learncisco.net/courses/icnd-2/etherchannel-and-l3-redundancy/gateway-redundancy.html

Question: Using the exhibit as a reference, how many JSON objects are there?

A. 11
B. 1
C. 2
D. 12

Correct answer: C
Your answer: D
Explanation: There are two JSON objects in this output because of the two pairs of curly braces. There is an outer JSON object and then one inner JSON object that
begins just after ”response”:.

Note: This output is directly from a DNA Center RESTful API request called “Get Network Device by IP” and the output is in JSON form.

Question: A Cisco Catalyst switch connects to what should be individual user PCs. Each port has the same port security configuration, configured as follows:
interface range gigabitethernet 0/1 - 24
switchport mode access
switchport port-security
switchport port-security mac-address sticky
Which of the following answers describe the result of the port security configuration created with these commands?

A. Prevents unknown devices with unknown MAC addresses from sending data through the switch ports.
B. If a user connects a switch to the cable, prevents multiple devices from sending data through the port.
C. Will allow any one device to connect to each port, and will save that device’s MAC address into the startup-config
D. Will allow any one device to connect to each port, but will not save that device’s MAC address into the startup-config

Correct answer: B D
Your answer: -
Explanation: First, about the sticky parameter, this command causes the switch to learn the source MAC, and to add it to a switchport port-security mac-address
address interface subcommand. However, port security adds that command to the running-config file; the network engineer must also issue a copy running-config
startup-config EXEC command to save that configuration.

About the other correct answer, users can connect a switch to the end of the cable, with multiple devices connected to that switch. That happens in real networks
when users decide they need more ports at their desk. However, the default setting of switchport port-security maximum 1 means that a frame from the second
unique source MAC address would cause a violation, and with the default violation action, to err-disable the port.

For the other incorrect answer, the configuration does not prevent unknown MAC addresses from accessing the port, because the configuration does not predefine
any MAC address.

Question: __________ means that the QoS tool changes one or more header fields, setting a value in the header.

A. Marking
B. Classifying
C. Insertion

D. Qualifying

Correct answer: A
Your answer: -
Explanation: Marking means that the QoS tool changes one or more header fields, setting a value in the header.

Question: What are the benefits of using Cisco IOS NetFlow?

A. It provides network planning information

B. It provides usage-based network billing
C. It provides connectivity negotiation

D. It provides DHCP services

Correct answer: A B
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-2/network-management/netflow-overview-and-configuration.html

Question: What is the destination address of a router solicitation packet?

A. FF02::2
B. FF02::A
C. FF02::9

D. FF02::6
E. FF02::1
F. FF02::5

Correct answer: A
Your answer: -
Explanation:

Question: From the following options, what are the required REST API attributes?

A. JSON-formatted data

B. Unlayered systems
C. Layered systems
D. Client-server architecture

Correct answer: C D
Your answer: A
Explanation: There are six required attributes for REST APIs, including these two attributes:

Client/server architecture: REST APIs operate in the client/server model. This means that an application is built with RESTful APIs that act as the server. A client
computer or device would make a RESTful API call to the application.
Layered system: With REST APIs, you can leverage the single URI to complete any task at hand. In the background you have no idea that the URI you used actually
ended up utilizing several servers/services in the back end.
Additionally, note that while JSON data can be transferred over a REST API, REST does not require the use of JSON.

Question: What is the name of the Cisco product that offers a number of rack-mountable server configurations intended to be used in data centers?

A. ASA
B. KVM
C. CRC
D. UCS

Correct answer: D
Your answer: -
Explanation: A few years ago Cisco got into the server hardware market with its Unified Computing System (UCS) that offers a number of different server
configuration options that are intended to compete directly with existing server hardware providers.

Question: Which application(s) would Jitter and Delay not be a concern for the users experience?

A. Online Gaming.
B. VoIP.
C. Web browsers.
D. videoconferencing.

Correct answer: C
Your answer: -
Explanation: Jitter and Delay are necessary for any application that runs in Real-Time. If the delay is too high, the application may become unusable, the same goes
with jitter as the quality will decline dramatically. For web browsers, on the other hand, the user will send a packet to a web server and wait for the response to
come back with all the data. The web browser does not mind if there was a lot of jitter or delay as long as it receives its data.

Question: When planning a greenfield SDA design, what traditional LAN design points should be included?

A. The number of switchports needed in each switch

B. The required speed of the switchports
C. A security firewall to properly segment traffic
D. The Spanning Tree mode of operation to use

Correct answer: A B
Your answer: -
Explanation: When planning a greenfield SDA design, the traditional LAN design points are:

The number of switchports needed in each switch

The required speed of the switchports
The benefits of a switch stack in each location
The current cable lengths and types already used
The requirement to support power to endpoint devices
The current power available in each new switch
Link capacity for links between switches
For the incorrect options, a security firewall to properly segment traffic is actually something that does not help within the LAN portion of SDA.
Also, note that neither the underlay or overlay requires the use of Spanning Tree, so the STP mode need not be considered.

Question: Which command enables IPv6 forwarding on a Cisco router?

A. ipv6 local
B. ipv6 host
C. ipv6 unicast-routing
D. ipv6 neighbor

Correct answer: C
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/introducing-ipv6/ipv6-connectivity.html

Question: When comparing next-generation IPS to traditional IPS, what additional capabilities can be leveraged to more efficiently block traffic?

A. AVC
B. Signature-based filtering
C. Contextual awareness
D. Event impact level

Correct answer: A C D
Your answer: -
Explanation: With an NGIPS you get the additional capabilities of application visibility and control (AVC), contextual awareness, and event impact level. Each of
these capabilities makes it easier and more efficient to block malicious traffic.

Both a traditional IPS as well as an NGIPS will filter based on a signature database downloaded by the IPS, so it is not a difference between the older IPS and newer
NGIPS.

Question: Which of the following behaviors are applied to a low latency queue in a Cisco router or switch?

A. Shaping
B. Policing
C. Priority scheduling
D. Round-robin scheduling

Correct answer: B C
Your answer: -
Explanation: Low Latency Queuing (LLQ) applies priority queue scheduling, always taking the next packet from the LLQ if a packet is in that queue. To prevent
queue starvation of the other queues, IOS also applies policing to the LLQ. However, applying shaping to an LLQ slows the traffic, which makes no sense with the
presence of a policing function already.

Question: You have HRSP configured on your network with R1 as the active default gateway and R2 as the standby default gateway.
What is the best way to configure PC1 to ensure that it is using a redundant default gateway?

A. Create a default route to R2, in case R1 goes down

B. Ensure that the same priority is assigned to R1 and R2
C. Ensure that it is assigned the virtual default gateway
D. Ensure that it is configured with two default gateways

Correct answer: C
Your answer: -
Explanation:

Question: Which of the following four TCP/IP layers represents the core of the TCP/IP architecture?

A. Network Access
B. Transport
C. Internet
D. Application

Correct answer: B
Your answer: A
Explanation: http://www.learncisco.net/courses/icnd-1/building-a-network/host-to-host-communications.html

Question: Which are valid modes for a switch port used as a VLAN trunk?

A. transparent
B. auto
C. on
D. desirable
E. blocking
F. forwarding

Correct answer: B C D
Your answer: B D F
Explanation: http://www.learncisco.net/courses/icnd-2/vlans-and-spanning-tree/trunk-operations.html

Question: With IEEE 802.1x, which role does a LAN switch typically play?

A. Authentication server
B. Supplicant
C. Translator
D. Authenticator

Correct answer: D
Your answer: -
Explanation: Of the four answers, the answer “translator” is not an 802.1x role, but the other three are 802.1x roles. The device that is connecting to the network
and would like to gain access is the supplicant. The AAA server that can check its list of usernames and passwords is called the authentication server. The switch,
which does in some way translate between message formats for this process, plays the role that 802.1x defines as authenticator.

Question: In a split-MAC architecture, real-time functions such as encryption are handled in which of the following network entities?

A. An access layer switch

B. A distribution layer switch
C. A wireless LAN controller
D. A lightweight AP

Correct answer: D
Your answer: -
Explanation: A split-MAC architecture splits up traditional AP functions such that a WLC handles non-real-time management functions, while a lightweight AP
handles real-time functions like encryption. Network switches are not involved in the split-MAC architecture unless they contain an embedded WLC module or
functionality.

Question: Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?

A. Switch1
B. Switch2
C. Switch3
D. Switch4

Correct answer: C
Your answer: -
Explanation:

Question: What command should you configure globally to enable a 15-minute recovery time for the port security errdisable state?

A. errdisable recovery interval 15

B. errdisable recovery timer 15
C. errdisable recovery timer 900
D. errdisable recovery interval 900

Correct answer: D
Your answer: -
Explanation: This question is testing you understanding of the errdisable recovery interval seconds command. The duration value should be in total seconds and not
minutes, for 15 minutes you would need to supply 900 seconds. The correct command is errdisable recovery interval 900.

The errdisable recovery timer option is not a valid command.

Question: Refer to the exhibit. Which three statements correctly describe Network Device A?

A. With a network wide mask of 255.255.255.128, each interface does not require an IP address.
B. With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP subnet.
C. With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with each other.
D. With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with each other.
E. With a network wide mask of 255.255.254.0, each interface does not require an IP address.

Correct answer: B D E
Your answer: B
Explanation:

Question: Which of the following attributes do QoS tools manage?

A. Bandwidth
B. Delay
C. Load
D. MTU
E. Loss

Correct answer: A B E
Your answer: A B C
Explanation: QoS tools manage bandwidth, delay, jitter, and loss.

Question: What OSPF features have been updated for IPv6?

A. It uses a 64-bit number instead of an Internet Protocol version 4, or IPv4 address for the router ID
B. Enabled per-link, not per-network
C. Adjacencies and next-hop attributes use the router ID as global addresses
D. IPv6 is used for transport of the link-state advertisement, or LSA

Correct answer: B D
Your answer: -
Explanation: http://www.learncisco.net/courses/icnd-1/introducing-ipv6/configuring-ospfv3.html

Question: Which cloud service is owned and operated by a third party and allows people from a variety of different companies to request and use its resources?

A. Hybrid cloud
B. Internet cloud
C. Private cloud
D. Public cloud

Correct answer: D
Your answer: -
Explanation: A private cloud is defined as a service that is private to a single company that owns and operates the infrastructure and includes the people that will
be requesting and using the services offered. A public cloud, on the other hand, is a service that is owned and operated by a third party and the people that request
and use the service can be from a number of different companies.

Question: How does creating an access list differ in IPv6 from IPv4?

A. Prefix length can be used

B. It is automatically applied to an interface
C. Operator ports can be used
D. Wildcard masks are not used

Correct answer: A D
Your answer: -
Explanation:

Question: An engineer connects to Router R1 and issues a show ip ospf neighbor command. The status of neighbor 2.2.2.2 lists FULL/BDR. What does the BDR
mean?

A. R1 is an Area Border Router.

B. R1 is a backup designated router.
C. Router 2.2.2.2 is an Area Border Router.
D. Router 2.2.2.2 is a backup designated router.

Correct answer: D
Your answer: -
Explanation: The BDR designation on this line is for backup designated router (BDR). On this command, this notation means that the neighbor (2.2.2.2) is the BDR,
not the local router on which the command was issued (R1 in this case).

Question: Four OSPF routers connect to the same LAN. In a new election after all routers have been rebooted, which router wins the DR election?

A. R4, router-id 4.4.4.4, priority 1

B. R3, router-id 3.3.3.3, priority 2
C. R1, router-id 1.1.1.1, priority 4
D. R2, router-id 2.2.2.2, priority 3

Correct answer: C
Your answer: -
Explanation: First, the DR election always chooses the BDR to become the DR if a BDR exists. However, the question states that all the routers just rebooted, so
there should be no BDR to take over for the DR. As worded, the question creates a scenario where all routers compete equally to become DR.

The routers choose the router with the highest OSPF interface priority, and if a tie, they then use the router with the highest router ID. In this case, the answers
show routers with different priorities, so no ties exist based on priority. As a result, R1, with the highest priority (4), becomes the DR.

Question: What are the considerations when determining the best administrative distance of route sources?

A. Routers choose the routing source with the lowest administrative distance

B. Multiple routing protocols and static routes cannot be used at the same time
C. Multiple routing protocols and static routes can be used at the same time

D. Routers choose the routing source with the highest administrative distance

Correct answer: A C
Your answer: -
Explanation:

Question: Which command is used to enable port security on an interface?

A. switchport port-security violation mode

B. switchport port-security
C. switchport access vlan vlan-number

D. switchport mode access

E. switchport port-security maximum number

F. switchport port-security mac-address mac_address

Correct answer: B
Your answer: D
Explanation:

Question: Which statements correctly define VLANs?

A. VLANs can span many different Layer 3 routers

B. VLANs can span many different Layer 2 switches

C. VLANs divide a single physical collision domain into multiple logical collision domains

D. VLANs divide a single physical LAN into multiple logical LANs

Correct answer: B D
Your answer: -
Explanation:

Question: The show port-security interface f0/1 command lists a port status of Secure-shutdown. Which of the following answer must be true about this interface at
this time?

A. The show interface status command lists the interface status as connected.
B. The show interface status command lists the interface status as err-disabled.

C. The show port-security interface command could list a mode of shutdown or restrict, but not protect.
D. The show port-security interface command could list a violation counter value of 10.

Correct answer: B
Your answer: -
Explanation: The question states that the port security status is secure-shutdown. This state is only used by the shutdown port security mode, and when used, it
means that the interface has been placed into an err-disabled state. Those facts give the facts as to why the correct answer is correct, and why two of the incorrect
answers are incorrect.

The incorrect answer that mentions the violation counter is incorrect because in shutdown mode, the counter no longer increments once the interface is placed into
secure-shutdown mode, and resets to 0 once the interface is reset with the shutdown and then no shutdown commands.

Question: Which address type is not supported by IPv6?

A. Multicast

B. Broadcast
C. Anycast

D. Unicast

Correct answer: B
Your answer: C
Explanation:

Question: Refer to the exhibit. A new subnet with 60 hosts has been added to the network. Which subnet address should this network use to provide enough
usable addresses while wasting the fewest addresses?

A. 192.168.1.56/26
B. 192.168.1.56/27

C. 192.168.1.64/26
D. 192.168.1.64/27

Correct answer: C
Your answer: -
Explanation:

Question: Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true?

A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
B. Router C will use ICMP to inform Router B that Host 2 cannot be reached.

C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.
D. Router C will send a Destination Unreachable message type.

E. Router C will send a Router Selection message type.

F. Router C will send a Source Quench message type.

Correct answer: A D
Your answer: -
Explanation:

Question: What is the result of issuing the command “no service password-encryption“ on a Cisco IOS router?

A. All future passwords will be stored as plain text in the running configuration
B. All current encrypted passwords and future passwords will be encrypted in the running configuration

C. All current encrypted passwords and future passwords will be stored as plain text in the running configuration

D. All future passwords will be encrypted in the running configuration

Correct answer: A
Your answer: -
Explanation:

Question: Which of the following controllers (if any) from Cisco uses a mostly centralized control plane model?

A. Cisco Open SDN Controller

B. Cisco Application Policy Infrastructure Controller (APIC)

C. Cisco APIC Enterprise Module (APIC-EM)

D. None of these controllers uses a mostly centralized control plane.

Correct answer: A
Your answer: -
Explanation: The Cisco Open SDN Controller uses an Open SDN model with an OpenFlow Southbound Interface as defined by the Open Networking Foundation
(ONF). The ONF SDN model centralizes most control plane functions. The APIC model for data centers partially centralizes control plane functions. The APIC-EM
controller (as of time of publication) makes no changes to the control plane of routers and switches, leaving those to run with a completely distributed control
plane.

Please email [email protected] if you find any issues with your score report.