200-301 Questions and Answers

enable secret

service password-encryption

username Cisco password encrypt

enable password

Clock timezone

Clock summer-time-recurring

Clock summer-time date

Clock set

There is a native VLAN mismatch

Access mode is configured on the switch ports.

The PCs are m the incorrect VLAN

All VLANs are not enabled on the trunk

different nonoverlapping channels

different overlapping channels

one overlapping channel

one nonoverlapping channel

Both have a 50 micron core diameter

Both have a 9 micron core diameter

Both have a 62.5 micron core diameter

Both have a 100 micron core diameter

RADIUS

TACACS+

SCP

Telnet

SSH

Data collection and analysis tools establish a baseline for the network

Artificial intelligence identifies and prevents potential design failures.

Machine learning minimizes the overall error rate when automating troubleshooting processes

New devices are onboarded with minimal effort

Proprietary Cisco APIs leverage multiple network management tools.

A network device has restarted

An ARP inspection has failed

A routing instance has flapped

A debug operation is running

virtual routing and forwarding

network port ID visualization

virtual device contexts

server visualization

It serves as the centralized management point of an SDN architecture.

It centralizes the data plane for the network.

It is the card on a core router that maintains all routing decisions for a campus.

It is a pair of core routers that maintain all routing decisions for a campus

It provides a summary of the top 10 global issues.

It provides detailed activity logging for the 10 devices and users on the network.

It summarizes the operational status of each wireless devise on the network.

It summarizes daily and weekly CPU usage for servers and workstations in the network.

CDP

SNMP

SMTP

ARP

read

create

replace

update

UCS-2

UTF-8

Hex

GB18030

clock summer-time recurring

clock timezone

clock summer-time date

clock set

the 10.0.0.0 network

a single destination address

the source 10.0.1.100

all hosts in the 10.0.1.0 subnet

floating static route

host route

default route

network route

10.10101

10.10.10.11

10.10.10.12

10.101014

external storage

hardware resources

network interfaces

backplane network

Option A

Option B

Option C

Option D

Configure the switchport trunk allowed vlan 300 command on SW1 port-channel 1

Configure the switchport trunk allowed vlan 300 command on interface Fa0/2 on SW1.

Configure the switchport trunk allowtd vlan add 300 command on interface FaO 2 on SW2.

Configure the switchport trunk allowtd vlan add 300 command on SW1 port-channel 1

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf network point-to-point

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf cost 5

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf 1 area 2

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf priority 1

out-of-band management

secure in-band connectivity for device administration

unencrypted in-band connectivity for file transfers

HTTP-based GUI connectivity

ipv6 route 2000::1/128 2012::1

ipv6 route 2000::1/128 2023::2 5

ipv6 route 2000::1/128 2012::1 5

ipv6 route 2000::1/128 2023::3 2

ipv6 route 2000::1/128 2012::2

implemented over a dedicated WAN

located in the same data center as the users

all hosted on physical servers

accessed over the Internet

255.255.248.0

255.255.254.0

255.255.255.192

255.255.240.0

switchport port-security mac-address abcd.abcd.abcd

switchport port-security mac-address abed.abed.abed vlan 4

switchport port-security mac-address sticky abcd.abcd.abcd vlan 4

switchport port-security mac-address abcd.abcd.abcd vlan voice

1000BASE-ZX is supported on links up to 1000km, and 1000BASE-LX/LH operates over links up to 70 km.

1000BASE-LX/LH interoperates with multimode and single-mode fiber, and 10008ASE-ZX needs a conditioning patch cable with a multimode.

1000BASE-LX/LH is supported on links up to 10km, and 1000BASE-ZX operates over links up to 70 km

1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP over multimode fiber, and 1000BASE-LX/LH supports only single-rate.

control and monitoring of resource consumption by the tenant

automatic adjustment of capacity based on need

pooling resources in a multitenant model based on need

self-service of computing resources by the tenant

Uncheck the Guest User check box

Check the Guest User Role check box

Set the Lifetime (seconds) value to 0

Clear the Lifetime (seconds) value

They are routed to 172.16.20.2.

They are routed to 192.168.100.2.

They are distributed sent round robin to interfaces SO/0/0 and SO/0/1.

They are routed to 10.0.0.2.

to enable the number of MAC addresses learned on the port to l

to protect the operation of the port from topology change processes

to enable the pod to enter the forwarding state immediately when the host boots up

to prevent the port from participating in Spanning Tree Protocol operations

to block another switch or host from communicating through the port

/64

/96

/124

/128

crypto key generate rsa general-keys modulus 1024

transport input all

crypto key generate rsa usage-keys

crypto key generate rsa modulus 2048

transport Input ssh

Client Exclusion and SSH

802.1x and the MAC address of the server

Network Access Control State and SSH

AAA Override and the IP address of the server

They use HTTP messages to communicate.

They enable communication between the controller and the network device.

They convey information from the controller to the SDN applications.

They communicate with the management plane.

Option A

Option B

Option C

Option D

Assign traffic from the backup servers to a dedicated switch.

Configure a dedicated circuit for the backup traffic.

Place the backup servers in a dedicated VLAN.

Advertise a more specific route for the backup traffic via the secondary circuit.

SW1

SW2

SW3

SW4

to increase security and encrypt management frames

to provide link redundancy and load balancing

to allow for stateful and link-state failover

to enable connected switch ports to failover and use different VLANs

makes forwarding decisions based on learned MAC addresses

serves as a controller within a controller-based network

integrates with a RADIUS server to enforce Layer 2 device authentication rules

correlates user activity with network events

weighted random early detection

traffic policing

traffic shaping

traffic prioritization

ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64

iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64

interface FastEthernet0/0ip helper-address 10.0.1.1iaccess-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

interface FastEthernot0/1ip helper-address 10.0.1.1!access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

interface FastEthernetO/0ip helper-address 10.0.1.1Iaccess-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

interface FastEthernet0/1ip helper-address 10.0.1.1!access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

different security settings

discontinuous frequency ranges

different transmission speeds

unique SSIDs

There is a duplex mismatch on the interface

There is an issue with the fiber on the switch interface.

There is a speed mismatch on the interface.

There is an interface type mismatch

GigabitEthernet0/0

GigabltEthornet0/1

GigabitEthernet0/2

GigabitEthernet0/3

interface vlan 2000ipv6 address ffc0:0000:aaaa::1234:2343/64

interface vlan 2000Ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64

interface vlan 2000ipv6 address fe80;0000:aaaa::1234:2343/64

interface vlan 2000ipv6 address fd00::1234:2343/64

Option A

Option B

Option C

Option D

preshared key that authenticates connections

RSA token

CA that grants certificates

clear-text password that authenticates connections

one or more CRLs

Option A

Option B

Option C

Option D

R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

A distributed management plane must be used.

Software upgrades are performed from a central controller

Complexity increases when new device configurations are added

Custom applications are needed to configure network devices

Add or remove an 802.1Q trunking header.

Make a configuration change from an incoming NETCONF RPC.

Run routing protocols.

Match the destination MAC address to the MAC address table.

Reply to an incoming ICMP echo request.

Option A

Option B

Option C

Option D

interface vlan 1234ip address 10.70.159.1 255.255.254.0

interface vlan 1148ip address 10.70.148.1 255.255.254.0

interface vlan 4722ip address 10.70.133.17 255.255.255.192

interface vlan 3002ip address 10.70.147.17 255.255.255.224

interface vlan 155ip address 10.70.155.65 255.255.255.224

nothing plugged into the port

link flapping

shutdown command issued on the port

latency

username CNAC secret R!41!4319115@

ip ssh version 2

line vty 0 4

crypto key generate rsa 1024

transport input ssh

int range g0/0-1channel-group 10 mode active

int range g0/0-1 chanm.l-group 10 mode desirable

int range g0/0-1channel-group 10 mode passive

int range g0/0-1 channel-group 10 mode auto

int range g0/0-1 channel-group 10 mode on

HTTPS

HTTP

Telnet

SSH

lp route 0.0.0.0 0.0.0.0 192.168.1.2

ip default-gateway 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

Configure the ip dhcp snooping trust command on the interlace that is connected to the DHCP client.

Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client.

Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server.

Configure the Ip dhcp relay information option command on the interface that is connected to the DHCP server.

Heavy usage is causing high latency.

An incorrect type of transceiver has been inserted into a device on the link.

physical network errors are being transmitted between the two sites.

The wrong cable type was used to make the connection.

to configure an Interface as a DHCP server

to configure an interface as a DHCP helper

to configure an interface as a DHCP relay

to configure an interface as a DHCP client

WLAN dynamic

management

trunk

access

As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer.

Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2.

Remark traffic as it traverses R1 and trust all markings at the access layer.

As traffic enters from the access layer on SW1 and SW2. trust all traffic markings.

offer compression

increase security by using a WEP connection

provide authentication

protect traffic on open networks

VLAN numbering

VLAN DSCP

VLAN tagging

VLAN marking

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

The controller must be rebooted after enabling or reconfiguring LAG.

The management interface must be reassigned if LAG disabled.

Multiple untagged interfaces on the same port must be supported.

disabled

listening

forwarding

learning

blocking

Option A

Option B

Option C

Option D

global unicast address

anycast address

multicast address

link-local address

192.168.0.7

192.168.0.4

192.168.0.40

192.168.3.5

172.16.0.0/16

192.168.2.0/24

207.165.200.0/24

192.168.1.0/24

transport input telnet

crypto key generate rsa

ip ssh pubkey-chain

login console

username cisco password 0 Cisco

Option A

Option B

Option C

Option D

authorized services

authenticator

username

password

password password

crypto key generate rsa modulus 1024

ip domain-name domain

ip ssh authentication-retries 2

ipv6 address 21:EB8:C1:2200:1::331/64

ipv6 address 2001:EB8:C1:22:1::331/64

ipv6 address 2001 :EB8:C 1:2200.1 ::331-64

ipv6 address 2001:EB8:C1:2200:1:0000:331/64

a lightweight access point

a firewall

a wireless LAN controller

a LAN switch

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)i=ip ospf priority 1

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 0

Option A

Option B

Option C

Option D

Option E

Configure the OSPF priority on router A with the lowest value between the three routers.

Configure router B and router C as OSPF neighbors of router A.

Configure the router A interfaces with the highest OSPF priority value within the area.

Configure router A with a fixed OSPF router ID

shaping

classification

policing

marking

R1 (config)# username engineer2 algorithm-type scrypt secret test2021

R1(config)# username engineer2 secret 5 password S1$b1Ju$kZbBS1Pyh4QzwXyZ

R1(config)# username engineer2 privilege 1 password 7 test2021

R1(config)# username englneer2 secret 4 S1Sb1Ju$kZbBS1Pyh4QzwXyZ

The interface is receiving excessive broadcast traffic.

The cable connection between the two devices is faulty.

The interface is operating at a different speed than the connected device.

The bandwidth setting of the interface is misconfigured

Define a NAT pool on the router.

Configure static NAT translations for VLAN 200.

Configure the ip nat outside command on another interface for VLAN 200.

Update the NAT INSIDF RANGFS ACL

multicast replication at the hardware level

fragmenting and reassembling packets

making routing decisions

forwarding packets

Configure the ip dhcp relay information command under interface Gi0/1.

Configure the ip dhcp smart-relay command globally on the router

Configure the ip helper-address 172.16.2.2 command under interface Gi0/0

Configure the ip address dhcp command under interface Gi0/0

forwards traffic to the next hop

constructs a routing table based on a routing protocol

provides CLI access to the network device

looks up an egress interface in the forwarding information base

ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernetl/0

ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked

ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating

ip route 0.0.0.0 0.0.0.0 192.168.0.2

WPA3

WPA

WEP

WPA2

10.10.10.5

10.10.11.2

10.10.12.2

10.10.10.9

Option A

Option B

Option C

Option D

ip route 0.0.0.0 0.0.0.0 g0/1 1

ip route 0.0.0.0 0.0.0.0 209.165.201.5 10

ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

ip route 0,0.0.0 0.0.0.0 g0/1 6

Option A

Option B

Option C

Option D

IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration

IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration

An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of interfaces on multiple nodes.

Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes

user-activity logging

service limitations

consumption-based billing

identity verification

R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1

R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

R1(config > #ip route 172.16.2.0 255.255.255.0 192.168.1.15

R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5

unique local address

link-local address

aggregatable global address

IPv4-compatible IPv6 address

switchport trunk allowed vlan 100-104

switchport trunk allowed vlan add 104

switchport trunk allowed vlan all

switchport trunk allowed vlan 104

They enable automatic failover of the default gateway.

They allow multiple devices to serve as a single virtual gateway for clients in the network.

They are able to bundle multiple ports to increase bandwidth.

They prevent loops in the Layer 2 network.

They allow encrypted traffic.

via next-hop 10.0.1.5

via next-hop 10 0 1.4

via next-hop 10.0 1.50

via next-hop 10.0 1 100

Select the WPA Policy option with the CCKM option.

Disable AES encryption.

Enable Fast Transition and select the FT 802.1x option.

Enable Fast Transition and select the FT PSK option.

SSH

HTTPS

Telnet

console

Only traditional networks offer a centralized control plane

Only traditional networks natively support centralized management

Traditional and controller-based networks abstract policies from device configurations

Only controller-based networks decouple the control plane and the data plane

global unicast

unique local

link-local

multicast

SYIM flood

reflection

teardrop

amplification

It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points

It allows the administrator to assign channels on a per-device or per-interface basis.

It segregates devices from different manufacturers onto different channels.

It analyzes client load and background noise and dynamically assigns a channel.

207.165.200.246 via Serial0/1/0

207.165.200.254 via Serial0/0/1

207.165.200.254 via Serial0/0/0

207.165.200.250 via Serial/0/0/0

After the cable is connected, the interface uses the fastest speed setting available for that cable type

After the cable is connected, the interface is available faster to send and receive user data

The frames entering the interface are marked with higher priority and then processed faster by a switch.

Real-time voice and video frames entering the interface are processed faster

Option A

Option B

Option C

Option D

The switch must be running a k9 (crypto) IOS image

The Ip domain-name command must be configured on the switch

IP routing must be enabled on the switch

A console password must be configured on the switch

Telnet must be disabled on the switch

configure switchport nonegotiate

configure switchport mode dynamic desirable

configure switchport mode dynamic auto

configure switchport trunk dynamic desirable

It uses a route that is similar to the destination address

It discards the packets.

It floods packets to all learned next hops.

It Queues the packets waiting for the route to be learned.

cost

adminstrative distance

metric

as-path

access ports

Layer 3 main Interfaces

Layer 3 suninterfaces

trunk ports

It ignores the new static route until the existing OSPF default route is removed

It immediately replaces the existing OSPF route in the routing table with the newly configured static route

It starts load-balancing traffic between the two default routes

It starts sending traffic without a specific matching entry in the routing table to GigabitEthernet0/1

ipv6 route ::/0 Serial 0/0/1

ipv6 route 0/0 Serial 0/0/0

ipv6 route ::/0 Serial 0/0/0

ip route 0.0.0.0.0.0.0.0 Serial 0/0/0

ipv6 route ::/0 2000::2

0

110

38443

3184439

Eliminating training needs

Increasing reliance on self-diagnostic and self-healing

Policy-derived provisioning of resources

Providing a ship entry point for resource provisioning

Reducing hardware footprint

to automatically route traffic on a secondary path when the primary path goes down

to route traffic differently based on the source IP of the packet

to enable fallback static routing when the dynamic routing protocol fails

to support load balancing via static routing

to control the return path of traffic that is sent from the router

The interface is not participating in OSPF

A point-to-point network type is configured

The default Hello and Dead timers are in use

There are six OSPF neighbors on this interface

20

90

110

115

Configure the ipv6 route 2012::/126 2023::1 command on the Washington router.

Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router.

Configure the Ipv6 route 2012::/126 s0/0/0 command on the Atlanta router.

Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router.

Configure the ipv6 route 2012::/126 2023::2 command on the Washington router.

Router2

Router3

Router4

Router5

They prevent (oops in the Layer 2 network.

They allow encrypted traffic.

They are able to bundle muftlple ports to increase bandwidth

They enable automatic failover of the default gateway.

They allow multiple devices lo serve as a single virtual gateway for clients in the network

It processes VTP updates from any VTP clients on the network on its access ports.

It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports

It forwards only the VTP advertisements that it receives on its trunk ports.

It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports

IS-IS

RIP

Internal EIGRP

OSPF

sniffer

mesh

flexconnect

local

Branch-1

Branch-2

Branch-3

Branch-4

It transmits packets between hosts in the same broadcast domain.

It provides shared applications to end users.

It routes traffic between Layer 3 devices.

It Creates security zones between trusted and untrusted networks

0

2

4

6

to analyze traffic and drop unauthorized traffic from the Internet

to transmit wireless traffic between hosts

to pass traffic between different networks

forward traffic within the same broadcast domain

To pass client traffic two or more ports must be configured.

The EtherChannel must be configured in " mode active "

When enabled the WLC bandwidth drops to 500 Mbps

One functional physical port is needed to pass client traffic

The OSPF router IDs are mismatched.

Router2 is using the default hello timer.

The network statement on Router1 is misconfigured.

The OSPF process IDs are mismatched.

Telnet

SSH

HTTP

HTTPS

TFTP

Cisco DNA Center device management can deploy a network more quickly than traditional campus device management

Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management

Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options

Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management

Option A

Option B

Option C

Option D

Option E

large and requires a flexible, scalable network design

large and must minimize downtime when hardware fails

small and needs to reduce networking costs currently

small but is expected to grow dramatically in the near future

infrastructure-as-a-service.

Software-as-a-service

control and distribution of physical resources

services as a hardware controller.

Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.

Authentication identifies a user who is attempting to access a system, and authorization validates the users password

Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.

Authentication controls the system processes a user can access and authorization logs the activities the user initiates

R2 is using the passive-interface default command

R1 has an incorrect network command for interface Gi1/0

R2 should have its network command in area 1

R1 interface Gil/0 has a larger MTU size

It omits supports auto-discovery of network elements in a greenfield deployment.

It modular design allows someone to implement different versions to meet the specific needs of an organization

It abstracts policy from the actual device configuration

It does not support high availability of management functions when operating in cluster mode

The NMS software must be loaded with the MIB associated with the trap.

The NMS must be configured on the same router as the SNMP agent

The NMS must receive a trap and an inform message from the SNMP agent within a configured interval

The NMS must receive the same trap from two different SNMP agents to verify that it is reliable.

The router replaces the source and desinaoon labels wth the sending router uterface label as a source and the next hop router label as a desbnabon

The router encapsulates the source and destination IP addresses with the sending router P address as the source and the neighbor IP address as the destination

The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination

The router encapsulates the original packet and then includes a tag that identifies the source router MAC address and transmit transparently to the destination

The trunk does not form and the ports go into an err-disabled status.

The trunk forms but the mismatched native VLANs are merged into a single broadcast domain.

The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link.

The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state.

Option A

Option B

Option C

Option D

192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

192.168.0.0.24 as summary and 192.168.0.0/28 for each floor

192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor

longest prefix

metric

cost

administrative distance

array

string

object

Boolean

Option A

Option B

Option C

Option D

Enable Security Association Teardown Protection and set the SA Query timeout to 10

Enable MAC filtering and set the SA Query timeout to 10

Enable 802.1x Layer 2 security and set me Comeback timer to 10

Enable the Protected Management Frame service and set the Comeback timer to 10

point-to-multipoint

point-to-point

broadcast

nonbroadcast

host route

default route

floating static route

network route

192.168.1.17

192.168.1.61

192.168.1.64

192.168.1.127

192.168.1.254

Option A

Option B

Option C

Option D

TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.

TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks and UDP uses retransmissions only.

TCP uses checksum, parity checks, and retransmissions, and UDP uses acknowledgements only.

TCP uses retransmissions, acknowledgement and parity checks and UDP uses cyclic redundancy checks only.

Ansible

Python

Puppet

Chef

northbound API

REST API

SOAP API

southbound API

OpenFlow

Java

REST

XML

ntp authenticate

ntp server

ntp peer

ntp master

access-list 2699 permit udp 10.20.1.0 0.0.0.255

no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22

access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22

no access-list 2699 deny ip any 10.20.1.0 0.0.0.255

R1(config)#interface ethernet0/0R1(config)#encapsulation dot1q 20R1(config)#ip address 10.20.20.1 255.255.255.0

R1(config)#interface ethernet0/0.20R1(config)#encapsulation dot1q 20R1(config)#ip address 10.20.20.1 255.255.255.0

R1(config)#interface ethernet0/0.20R1(config)#ip address 10.20.20.1 255.255.255.0

R1(config)#interface ethernet0/0R1(config)#ip address 10.20.20.1 255.255.255.0

It allows directly connected neighbors to share configuration information.

It allows a router to use bridge priorities to create multiple loop-free paths to a single destination.

It reduces routing failures by allowing Layer 3 load balancing between OSPF neighbors that have the same link metric.

It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network.

action

management

control

data

The router calculates the reported distance by multiplying the delay on the exiting Interface by 256.

The router calculates the best backup path to the destination route and assigns it as the feasible successor.

The router calculates the feasible distance of all paths to the destination route

The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link

The router must use the advertised distance as the metric for any given route

Option A

Option B

Option C

Option D

Use the Ixml library to parse the data returned by the NETCONF server for the interface ' s configuration.

Create an XML filter as a string and pass it to get_config() method as an argument.

Create a JSON filter as a string and pass it to the get_config() method as an argument.

Use the JSON library to parse the data returned by the NETCONF server for the interface ' s configuration.

set the default network as 20.20.20.0/24

set the default gateway as 20.20.20.2

configure a static route with Fa0/1 as the egress interface to reach the 20.20.20.0/24 network

configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 network

192.168.12.2

192.168.13.3

192.168.14.4

192.168.15.5

The switch port interface trust state becomes untrusted

The switch port remains administratively down until the interface is connected to another switch

Dynamic ARP inspection is disabled because the ARP ACL is missing

The switch port remains down until it is configured to trust or untrust incoming packets

it sends information about MIB variables in response to requests from the NMS

it requests information from remote network nodes about catastrophic system events.

it manages routing between Layer 3 devices in a network

it coordinates user authentication between a network device and a TACACS+ or RADIUS server

wireless to an access point that is physically connected to the network

a cable connected to a physical switch on the network

a virtual switch that links to an access point that is physically connected to the network

a software switch on a hypervisor that is physically connected to the network

Add PC A to VLAN 10 and the File Server to VLAN 11 fa VLAN segmentation

Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation

Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing.

Add PC A to the same subnet as the Fie Server allowing for intra-VLAN communication.

Shaping

Policing

Weighted fair queuing

FIFO

Reduces the response time for specific requests to devices with many interfaces

Categorizes traffic and provides insights

Allows the controller to be vendor-agnostic

Streamlines monitoring using SNMP and other polling tools

QinQ

ISL

PAgP

LAG

SW1

SW2

SW3

SW4

runts

giants

frame

CRC

input errors

intrusion detection

user awareness

physical access control

network authorization

performs packet fragmentation and reassembly

tracks the number of active TCP connections

provides a single broadcast domain for all connected devices

uses the data link layer for communications

switchport trunk allowed vlan 10

switchport trunk native vlan 10

switchport mode trunk

switchport trunk encapsulation dot1q

restricts unauthorized users from viewing clear-text passwords in the running configuration

encrypts the password exchange when a VPN tunnel is established

prevents network administrators from configuring clear-text passwords

protects the VLAN database from unauthorized PC connections on the switch

enable the PortFast feature on ports

implement port-based authentication

configure static ARP entries

configure ports to a fixed speed

shut down unused ports

ip route 0.0.0.0 0.0.0.0 209.165.202.131

ip route 209.165.201.0 255.255.255.224 209.165.202.130

ip route 0.0.0.0 0.0.0.0 209.165.200.224

ip route 209.165.200.224 255.255.255.224 209.165.202.129 254

collision

CRC

runt

late collision

802.1x

IP Source Guard

MAC Authentication Bypass

802.11n

The core and distribution layers perform the same functions

The access layer manages routing between devices in different domains

The network core is designed to maintain continuous connectivity when devices fail.

The core layer maintains wired connections for each host

The distribution layer runs Layer 2 and Layer 3 technologies

backup

standby

listening

forwarding

repeater mode

autonomous mode

bridge mode

lightweight mode

Bronze

Platinum

Silver

Gold

Switch(config)#spanning-tree vlan 750 priority 38003685

Switch(config)#spanning-tree vlan 750 root primary

Switch(config)#spanning-tree vlan 750 priority 614440

Switch(config)#spanning-tree vlan 750 priority 0

Central AP management requires more complex configurations

Unique SSIDs cannot use the same authentication method

It supports autonomous and lightweight APs

It eliminates the need to configure each access point individually

Enable the Aironet IE option.

Enable the Coverage Hole Detection option.

Set the MFP Client Protection option to Required

Enable the client band select option.

Enable the allow AAA Override option

duplex mismatch

queueing

bad NIC

broadcast storm

REST API

OpenFlow

Southbound API

NETCONF

Policing is not supported on subinterfaces.

Shaping and rate limiting have the same effect.

Shaping drops excessive traffic without adding traffic delay.

Shaping levels out traffic bursts by delaying excess traffic.

Policing is performed in the inbound and outbound directions.

Informational

debugging

alerts

notifications

There is a strong mutual authentication used between NAC and the network devices using x.509 standard.

There is an extra layer of security that ensures only authorized devices with known MAC addresses connect to the network.

There is a robust security mechanism configured to protect against various Layer 2 and Layer 3 attacks.

There is Galois cache algorithm configured that provides strong encryption and authentication.

to Identify the closest hop to the default gateway In a LAN network

to provide load balancing over multiple gateways in a LAN network

to optimally route traffic based on the forwarding capacity of the edge routing devices in the LAN network

to ensure that user traffic in a LAN rapidly recovers from the failure of an edge routing device

2

5

8

9

cost 20

cost 30

cost 40

cost 50

There is an extra layer of security that ensures only authorized devices with known MAC addresses connect to the network

There is strong mutual authentication used between NAC and the network devices using X.509 standard

All data frames exchanged between the client and the access point are encrypted

There is a Galcis cache algorithm configured that provides strong encryption and authentication

switchport mode trunk channel-group 1 mode active

no switchport channel-group 1 mode active

no switchport channel-group 1 mode on

switchport switchport mode trunk

It provides traffic load balancing to destinations that are more than two hops from the source.

It provides the default gateway redundancy on a LAN using two or more routers.

It allows neighbors to share routing table information between each other.

It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.

uses dynamic IP address assignment

allows two or more routers to act as a default gateway

uses a destination IP address 224.0.0.102 for router-to-router communication

uses Cisco-proprietary First Hop Redundancy Protocol

0.0.0.0

255.255.254.0

255.255.255.0

255.255.255.255

Enable dynamic ARP inspection

Configure an ACL to prevent traffic from changing VLANs

Change native VLAN to an unused VLAN ID

Implement port security on internet-facing VLANs

PortFast

BPDU guard

UplinkFast

BackboneFast

object

key

array

value

10.56.65.56

10.56.65.65

10.65.56.56

10.65.65.65

A spine switch and a leaf switch are added with redundant connections between them.

A spine switch is added with at least 40 GB uplinks.

A leaf switch is added with a single connection to a core spine switch.

A leaf switch is added with connections to every spine switch.

using the CLI via an out-of-band connection

using the WLC GUI via HTTPS

using the AP GUI via an in-band SSH connection

using the CLI via a virtual interface with SSH

inserts MAC addresses dynamically into the CAM table

restricts ports to a maximum of 10 dynamically-learned addresses

protects against denial of service attacks

rewrites the source and destination MAC address

Serial 0/0

FastEthernet 0/2

FastEthernet 0/0

FastEthernet 0/1

GigabitEthernet1/0

GigabitEthernet0/0

GigabitEthernet2/0

Null0

rewrites the source and destination MAC address

adds unknown source MAC addresses to the CAM table

sends the frame back to the source to verify availability

drops received MAC addresses not listed in the address table

Set the P2P Block Action to Drop.

Select a correctly configured Layer 2 ACL.

Set the Wi-Fi Direct Client Policy to Not-Allow.

Set the MFP Client Protection to Required.

B.

C.

D.

Informational

debugging

alerts

notifications

Shaping

Policing

Weighted fair queuing

FIFO

Local

EIGRP

RIP

OSPF

switchport mode dynamic desirable

switchport mode trunk

switchport nonegotiate

switchport mode dynamic auto

It ages out the frame until the MAC address becomes known.

It drops the frame to avoid unnecessary network congestion.

It switches the frame to a predetermined port based on settings.

It floods the frame to all ports except the incoming port.

ip route 172.21.34.0 255.255.255.192 10.73.65.65

ip route 172.21.34.0 255.255.255.0 10.73.65.65

ip route 172.21.34.0 255.255.255.128 10.73.65.66

ip route 172.21.34.0 255.255.128.0 10.73.65.64

Content-Type: application/json

Accept-Encoding: application/json

Accept: application/json

Accept-Language: application/json

TCP ensures ordered, reliable data delivery, and UDP offers low latency and high throughput.

TCP is used for transmitting data over the internet, and UDP is used for transmitting data over a local network.

TCP manages multicast and broadcast data transfers, and UDP only handles unicast communications.

TCP is used to ensure data integrity in a file transfer, and UDP is used to broadcast a message to multiple recipients.

Option

Option

Option

Option

PBR

FRTS

PQ

CBWFQ

CAR

16

32

48

64

OpenFlow

REST

OpFlex

SOAP

NETCONF

UDP

RTP

TCP

IP

ARP

Cost 20

Cost 30

Cost 40

Cost 50

Security is managed near the perimeter of the network with firewalls, VPNs, and IPS.

Devices communicate with each other to establish a security policy.

It creates a unified control point making security policies consistent across all devices.

It exposes an API to configure locally per device for security policies.

ipconfig /renew

ipconfig

ipconfig /all

ipconfig /displaydns

It drops lower-priority packets before it drops higher-priority packets

It can identify different flows with a high level of granularity

It guarantees the delivery of high-priority packets

It can mitigate congestion by preventing the queue from filling up

it supports protocol discovery

DNS server pings the destination to verify that it is available

serves requests over destination port 53

DNS server forwards the client to an alternate IP address when the primary IP is down

responds to a request for IP address to domain name resolution to the DNS server