200-301: Cisco Certified Network Associate (CCNA) Part 16
Question #: 921
Topic #: 1
What is a similarity between global and unique local IPv6 addresses?
A. They use the same process for subnetting.
B. They are part of the multicast IPv6 group type.
C. They are routable on the global internet.
D. They are allocated by the same organization.
Selected Answer: A
Question #: 922
Topic #: 1
An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router and wants to compress it for easier configuration. Which command must be issued on the router interface?
A. ipv6 address 2001:db8::700:3:400F:572B
B. ipv6 address 2001:db8:0::700:3:4F:572B
C. ipv6 address 2001::db8:0000::700:3:400F:572B
D. ipv6 address 2001:0db8::7:3:4F:572B
Selected Answer: A
Question #: 923
Topic #: 1
Refer to the exhibit. A packet that is sourced from 172.16.3.254 is destined for the IP address of GigabitEthernet0/0/0. What is the subnet mask of the destination route?
A. 0.0.0.0
B. 255.255.254.0
C. 255.255.255.0
D. 255.255.255.255
Selected Answer: D
Question #: 924
Topic #: 1
Refer to the exhibit. The iPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address must be used?
A. ipv6 address 2001:DB8:D8D2:1009:10A0:ABFF:FECC:1 eui-64
B. ipv6 address 2001:DB8:D8D2:1009:1230:ABFF:FECC:1 eui-64
C. ipv6 address 2001:DB8:D8D2:1009:4331:89FF:FF23:9 eui-64
D. ipv6 address 2001:DB8:D8D2:1009:12A0:AB34:FFCC:1 eui-64
Selected Answer: A
Question #: 925
Topic #: 1
Refer to the exhibit. According to the output, which parameter set is validated using the routing table of R7?
A. R7 is missing a gateway of last resort.
R7 is receiving routes that were redistributed in EIGRP.
R7 will forward traffic destined to 10.90.8.0/24.
B. R7 has a gateway of last resort available.
R7 is receiving routes that were redistributed from BGP.
R7 will drop traffic destined to 10.90.8.0/24.
C. R7 is missing a gateway of last resort.
R7 is receiving routes that were redistributed from BGP.
R7 will forward traffic destined to 10.90.8.0/24.
D. R7 has a gateway of last resort available.
R7 is receiving routes that were redistributed in EIGRP.
R7 will drop traffic destined to 10.90.8.0/24.
Selected Answer: D
Question #: 926
Topic #: 1
Which type of IPv4 address type helps to conserve the globally unique address classes?
A. loopback
B. multicast
C. private
D. public
Selected Answer: A
Question #: 927
Topic #: 1
What are two purposes of HSRP? (Choose two.)
A. It provides a mechanism for diskless clients to autoconfigure their IP parameters during boot.
B. It improves network availability by providing redundant gateways.
C. It groups two or more routers to operate as one virtual router.
D. It passes configuration information to hosts in a TCP/IP network.
E. It helps hosts on the network to reach remote subnets without a default gateway.
Selected Answer: BC
Question #: 928
Topic #: 1
What are two benefits for using private IPv4 addressing? (Choose two.)
A. They allow for Internet access from IoT devices.
B. They alleviate the shortage of public IPv4 addresses.
C. They provide a layer of security from internet threats.
D. They supply redundancy in the case of failure.
E. They offer Internet connectivity to endpoints on private networks.
Selected Answer: BC
Question #: 929
Topic #: 1
DRAG DROP
–
Refer to the exhibit. OSPF is running between site A and site B. Drag and drop the destination IPs from the left onto the network segments used to reach the destination on the right.
Suggestion Answer:
Question #: 930
Topic #: 1
Refer to the exhibit. Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A network engineer must configure R1 with a floating static route to service as a backup route to network 192.168.23. which command must the engineer configure on R1?
A. ip route 192.168.23.0 255.255.255.0 192.168,13.3 100
B. ip route 192.168.23.0 255.255.255.255 192.168.13.3 121
C. ip route 192.168.23.0 255.255.255.0 192.168.13.3 121
D. ip route 192.168.23.0 255.255.255.0 192.168.13.3
Selected Answer: C
Question #: 931
Topic #: 1
When deploying a new network that includes both Cisco and third-party network devices, which redundancy protocol avoids the interruption of network traffic if the default gateway router fails?
A. VRRP
B. FHRP
C. GLBP
D. HSRP
Selected Answer: A
Question #: 932
Topic #: 1
What are two benefits of private IPv4 addressing? (Choose two.)
A. propagates routing information to WAN links
B. provides unlimited address ranges
C. reuses addresses at multiple sites
D. conserves globally unique address space
E. provides external internet network connectivity
Selected Answer: CD
Question #: 933
Topic #: 1
Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access circuits fail?
A. FHRP
B. VRRP
C. HSRP
D. SLB
Selected Answer: C
Question #: 934
Topic #: 1
Refer to the exhibit. Which entry is the longest prefix match for host IP address 192.168.10.5?
A. 1
B. 2
C. 3
D. 4
Selected Answer: A
Question #: 935
Topic #: 1
Refer to the exhibit. How does router R1 handle traffic to 172.16.1.4 /30 subnet?
A. It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup.
B. It sends all traffic over the path via 10.0.1.100.
C. It sends all traffic over the path via 172.16.4.4.
D. It load-balances traffic over 172.16.9.5 and 172.16.4.4
Selected Answer: D
Question #: 936
Topic #: 1
Which two IPv6 addresses are used to provide connectivity between two routers on a shared link? (Choose two.)
A. FF02::0001:FF00:0000/104
B. ff06:bb43:cc13:dd16:1bb:ff14:7545:234d
C. 2002::512:1204b:1111::1/64
D. 2001:701:104b:1111::1/64
E. ::ffff:10.14.101.1/96
Selected Answer: DE
Question #: 937
Topic #: 1
DRAG DROP
–
Refer to the exhibit. Drag and drop the learned prefixes from the left onto the subnet masks on the right.
Suggestion Answer:
Question #: 938
Topic #: 1
Refer to the exhibit. Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?
A. It floods packets to all learned next hops.
B. It uses a route that is similar to the destination address.
C. It queues the packets waiting for the route to be learned.
D. It discards the packets.
Selected Answer: D
Question #: 939
Topic #: 1
DRAG DROP
–
Refer to the exhibit. The Router1 routing table has multiple methods to reach 10.10.10.0/24 as shown. The default Administrative Distance is used. Drag and drop the network conditions from the left onto the routing methods that Router1 uses on the right.
Suggestion Answer:
Question #: 940
Topic #: 1
An engineer must configure a core router with a floating static default route to the backup router at 10.200.0.2. Which command meets the requirements?
A. ip route 0.0.0.0 0.0.0.0 10.200.0.2 1
B. ip route 0.0.0.0 0.0.0.0 10.200.0.2 10
C. ip route 0.0.0.0 0.0.0.0 10.200.0.2
D. ip route 0.0.0.0 0.0.0.0 10.200.0.2 floating
Selected Answer: B
Question #: 941
Topic #: 1
Refer to the exhibit. After configuring a new static route on the CPE, the engineer entered this series of commands to verify that the new configuration is operating normally. When is the static default route installed into the routing table?
A. when a route to 203.0.113.1 is learned via BGP
B. when 203.0.113.1 is no longer reachable as a next hop
C. when the default route learned over external BGP becomes invalid
D. when the default route learned over external BGP changes its next hop
Selected Answer: C
Question #: 942
Topic #: 1
Refer to the exhibit. Packets are flowing from 192.168.10.1 to the destination at IP address 192.168.20.75. Which next hop will the router select for the packet?
A. 10.10.10.1
B. 10.10.10.11
C. 10.10.10.12
D. 10.10.10.14
Selected Answer: B
Question #: 943
Topic #: 1
A router received three destination prefixes: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. When the show ip route command is executed, which output does it return?
A. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
o E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0
o E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1
o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2
B. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
o E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0
C. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2
D. Gateway of last resort is 172.16.1.1 to network 0.0.0.0
o E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1
o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2
Selected Answer: A
Question #: 944
Topic #: 1
Refer to the exhibit. User traffic originating within site B is failing to reach an application hosted on IP address 192.168.0.10, which is located within site A. What is determined by the routing table?
A. The traffic is blocked by an implicit deny in an ACL on router2.
B. The lack of a default route prevents delivery of the traffic.
C. The traffic to 192.168.0.10 requires a static route to be configured in router1.
D. The default gateway for site B is configured incorrectly.
Selected Answer: B
Question #: 945
Topic #: 1
Refer to the exhibit. Which two values does router R1 use to identify valid routes for the R3 loopback address 1.1.1.3/32? (Choose two.)
A. lowest cost to reach the next hop
B. highest administrative distance
C. lowest metric
D. highest metric
E. lowest administrative distance
Selected Answer: CE
Question #: 946
Topic #: 1
What is the role of community strings in SNMP operations?
A. It translates alphanumeric MIB output values to numeric values.
B. It passes the Active Directory username and password that are required for device access.
C. It serves as a sequence tag on SNMP traffic messages.
D. It serves as a password to protect access to MIB objects.
Selected Answer: D
Question #: 947
Topic #: 1
Which syslog severity level is considered the most severe and results in the system being considered unusable?
A. Error
B. Emergency
C. Alert
D. Critical
Selected Answer: B
Question #: 948
Topic #: 1
The clients and DHCP server reside on different subnets. Which command must be used to forward requests and replies between clients on the 10.10.0.1/24 subnet and the DHCP server at 192.168.10.1?
A. ip route 192.168.10.1
B. ip dhcp address 192.168.10.1
C. ip default-gateway 192.168.10.1
D. ip helper-address 192.168.10.1
Selected Answer: D
Question #: 949
Topic #: 1
Refer to the exhibit. Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet while using 209.165.202.129 for Port Address Translation?
A. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0
access-list 10 permit 192.168.0.0 0.0.0.255
ip nat inside source list 10 pool CCNA overload
B. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255
access-list 10 permit 192.168.1.0 255.255.255.0
ip nat inside source list 10 pool CCNA overload
C. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0
access-list 10 permit 192.168.0.0 255.255.255.0
ip nat inside source list 10 pool CCNA overload
D. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255
access-list 10 permit 192.168.1.0 0.0.0.255
ip nat inside source list 10 pool CCNA overload
Selected Answer: D
Question #: 950
Topic #: 1
Which IP header field is changed by a Cisco device when QoS marking is enabled?
A. ECN
B. Header Checksum
C. Type of Service
D. DSCP
Selected Answer: C
Question #: 951
Topic #: 1
DRAG DROP
–
Drag and drop the SNMP components from the left onto the descriptions on the right.
Suggestion Answer:
Question #: 952
Topic #: 1
Which DSCP per-hop forwarding behavior is divided into subclasses based on drop probability?
A. expedited
B. default
C. assured
D. class-selector
Selected Answer: C
Question #: 953
Topic #: 1
What are two features of the DHCP relay agent? (Choose two.)
A. assigns DNS locally and then forwards request to DHCP server
B. minimizes the necessary number of DHCP servers
C. permits one IP helper command under an individual Layer 3 interface
D. is configured under the Layer 3 interface of a router on the client subnet
E. allows only MAC-to-IP reservations to determine the local subnet of a client
Selected Answer: BD
Question #: 954
Topic #: 1
A DHCP pool has been created with the name CONTROL. The pool uses the next to last usable IP address as the default gateway for the DHCP clients. The server is located at 172.16.32.15. What is the next step in the process for clients on the 192.168.52.0/24 subnet to reach the DHCP server?
A. ip helper-address 172.16.32.15
B. ip default-gateway 192.168.52.253
C. ip forward-protocol udp 137
D. ip detault-network 192.168.52.253
Selected Answer: A
Question #: 955
Topic #: 1
Which two transport layer protocols carry syslog messages? (Choose two.)
A. IP
B. RTP
C. TCP
D. UDP
E. ARP
Selected Answer: CD
Question #: 956
Topic #: 1
What is the purpose of classifying network traffic in QoS?
A. configures traffic-matching rules on network devices
B. services traffic according to its class
C. identifies the type of traffic that will receive a particular treatment
D. writes the class identifier of a packet to a dedicated field in the packet header
Selected Answer: B
Question #: 957
Topic #: 1
DRAG DROP
–
Drag and drop the Qos features from the left onto the corresponding statements on the right.
Suggestion Answer:
Question #: 958
Topic #: 1
Refer to the exhibit. Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R3?
A. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1
B. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq 67 host 10.148.2.1
C. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps
D. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1
Selected Answer: B
Question #: 959
Topic #: 1
DRAG DROP
–
Drag and drop the steps in a standard DNS lookup operation from the left into the order on the right.
Suggestion Answer:
Question #: 960
Topic #: 1
Which two features introduced in SNMPv2 provide the ability to retrieve large amounts of data in one request and acknowledge a trap using PDUs? (Choose two.)
A. Get
B. GetNext
C. Set
D. GetBulk
E. Inform
Selected Answer: DE
Question #: 961
Topic #: 1
DRAG DROP
–
Drag and drop the DNS commands from the left onto their effects on the right.
Suggestion Answer:
Question #: 962
Topic #: 1
What is the purpose of configuring different levels of syslog for different devices on the network?
A. to set the severity of syslog messages from each device
B. to control the number of syslog messages from different devices that are stored locally
C. to identify the source from which each syslog message originated
D. to rate-limit messages for different severity levels from each device
Selected Answer: B
Question #: 963
Topic #: 1
Refer to the exhibit. The DHCP server is configured with a DHCP pool for each of the subnets represented. Which command must be configured on switch SW1 to allow DHCP clients on VLAN 10 to receive dynamic IP addresses from the DHCP server?
A. SW1(config-if)#ip helper-address 192.168.10.1
B. SW1(config-if)#ip helper-address 192.168.20.1
C. SW1(config-if)#ip helper-address 192.168.20.2
D. SW1(config-if)#ip helper-address 192.168.10.2
Selected Answer: C
Question #: 964
Topic #: 1
DRAG DROP
–
Drag and drop the DNS lookup commands from the left onto the functions on the right.
Suggestion Answer:
Question #: 965
Topic #: 1
Refer to the exhibit. Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?
A. Router(config)#hostname R15 –
R15(config)#ip domain-name cisco.com
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config)#ip ssh version 2 –
R15(config-line)#line vty 0 15 –
R15(config-line)# transport input ssh
B. Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2 –
Router(config-line)#line vty 015
Router(config-line)# transport input ssh
Router(contig)#ip ssh logging events
R15(config)#ip ssh stricthostkeycheck
C. Router(config)#hostname R15 –
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config-line)#line vty 0 15 –
R15(config-line)# transport input ssh
R15(config)#ip ssh source-interface Fa0/0
R15(config)#ip ssh stricthostkeycheck
D. Router(config)#ip domain-name cisco.com
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(contig)#ip ssh version 2 –
Router(config-line)#line vty 0 15
Router(config-line)# transport input all
Router(config)#ip ssh logging events
Selected Answer: A
Question #: 966
Topic #: 1
hostname CPE
service password-encryption
ip domain name ccna.cisco.com
ip name-server 198.51.100.210
crypto key generate rsa modulus 1024
username admin privilege 15 secret s0m3s3cr3t
line vty 0 4
transport input ssh
login local
Refer to the exhibit. An engineer executed the script and added commands that were not necessary for SSH and now must remove the commands. Which two commands must be executed to correct the configuration? (Choose two.)
A. no ip name-serveer 198.51.100.210
B. no login local
C. no service password-encryption
D. no ip domain mame ccna.cisco.com
E. no hostname CPE
Selected Answer: AC
Question #: 967
Topic #: 1
Which two actions are taken as the result of traffic policing? (Choose two.)
A. bursting
B. dropping
C. remarking
D. fragmentation
E. buffering
Selected Answer: BC
Question #: 968
Topic #: 1
Which two server types support domain name to IP address resolution? (Choose two.)
A. authoritative
B. web
C. file transfer
D. resolver
E. ESX host
Selected Answer: AD
Question #: 969
Topic #: 1
What is a purpose of traffic shaping?
A. It enables policy-based routing.
B. It enables dynamic flow identification.
C. It provides best-effort service.
D. It limits bandwidth usage.
Selected Answer: D
Question #: 970
Topic #: 1
An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer configure to achieve the desired result?
A. logging trap 5
B. logging trap 2
C. logging trap 3
D. logging trap 4
Selected Answer: D
Question #: 971
Topic #: 1
DRAG DROP
–
Drag and drop the attack-mitigation techniques from the left onto the types of attack that they mitigate on the right.
Suggestion Answer:
Question #: 972
Topic #: 1
Which WLC management connection type is vulnerable to man-in-the-middle attacks?
A. console
B. Telnet
C. SSH
D. HTTPS
Selected Answer: B
Question #: 973
Topic #: 1
Refer to the exhibit. An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to global configuration mode via Telnet using a local username and password?
A. R1(config)#username admin –
R1(config-if)#line vty 0 4 –
R1(config-line)#password p@ss1234
R1(config-line)#transport input telnet
B. R1(config)#username admin privilege 15 secret p@ss1234
R1(config-if)#line vty 0 4 –
R1(config-line)#login local
C. R1(config)#username admin secret p@ss1234
R1(config-if)#line vty 0 4 –
R1(config-line)#login local –
R1(config)#enable secret p@ss1234
D. R1(config)#username admin –
R1(config-if)#line vty 0 4 –
R1(config-line)#password p@ss1234
Selected Answer: B
Question #: 974
Topic #: 1
Which type of encryption does WPA1 use for data protection?
A. PEAP
B. TKIP
C. AES
D. EAP
Selected Answer: B
Question #: 975
Topic #: 1
Refer to the exhibit. A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interface Serial0. What is the effect of the configuration as the administrator applies the command?
A. The router accepts all incoming traffic to Serial0 with the last octet of the source IP set to 0.
B. The permit command fails and returns an error code.
C. The router fails to apply the access list to the interface.
D. The sourced traffic from IP range 10.0.0.0 – 10.0.0.255 is allowed on Serial0.
Selected Answer: C
Question #: 976
Topic #: 1
DRAG DROP
–
Drag and drop the statements about AAA services from the left to the corresponding AAA services on the right. Not all options are used.
Suggestion Answer:
Question #: 977
Topic #: 1
A network engineer must configure an access list on a new Cisco IOS router. The access list must deny HTTP traffic to network 10.125.128.32/27 from the 192.168.240.0/20 network, but it must allow the 192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which configuration must the engineer apply?
A. ip access-list extended deny_outbound
10 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
30 permit ip any any
B. ip access-list extended deny_outbound
10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
30 deny ip any any log
C. ip access-list extended deny_outbound
10 deny tcp 10.125.128.32 255.255.255.224 192.168.240.0 255.255.240.0 eq 443
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
30 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
D. ip access-list extended deny_outbound
10 deny tcp 192.168.240.0 0.0.15.255 any eq 80
20 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
30 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
Selected Answer: B
Question #: 978
Topic #: 1
What is the definition of backdoor malware?
A. malicious code that is installed onto a computer to allow access by an unauthorized user
B. malicious program that is used to launch other malicious programs
C. malicious code that infects a user machine and then uses that machine to send spam
D. malicious code with the main purpose of downloading other malicious code
Selected Answer: A
Question #: 979
Topic #: 1
What does WPA3 provide in wireless networking?
A. backward compatibility with WPA and WPA2
B. safeguards against brute force attacks with SAE
C. increased security and requirement of a complex configuration
D. optional Protected Management Frame negotiation
Selected Answer: B
Question #: 980
Topic #: 1
Which global command encrypts all passwords in the running configuration?
A. service password-encryption
B. enable password-encryption
C. enable secret
D. password-encrypt
Selected Answer: A
