200-301 Questions and Answers

HTTPS

RADIUS

TACACS+

HTTP

R2 is using the passive-interface default command

R1 has an incorrect network command for interface Gi1/0

R2 should have its network command in area 1

R1 interface Gil/0 has a larger MTU size

host route

default route

floating static route

network route

Telnet

SSH

HTTP

HTTPS

TFTP

CAR

CBWFQ

PQ

PBR

FRTS

They support an inline optical attenuator to enhance signal strength

They provide minimal interruption to services by being hot-swappable

They offer reliable bandwidth up to 100 Mbps in half duplex mode

They accommodate single-mode and multi-mode in a single module

switch(config-line)#IIdp port-description

switch(config)#IIdp port-description

switch(config-if)#IIdp port-description

switch#IIdp port-description

Option A

Option B

Option C

Option D

The CAM table is empty until ingress traffic arrives at each port

Switches dynamically learn MAC addresses of each connecting CAM table.

The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses

It requires a minimum number of secure MAC addresses to be filled dynamically

The frame is processed in VLAN 5.

The frame is processed in VLAN 11

The frame is processed in VLAN 1

The frame is dropped

Enable NTP authentication.

Verify the time zone.

Disable NTP broadcasts

Specify the IP address of the NTP server

Set the NTP server private key

switchport trunk allowed vlan 10

switchport trunk native vlan 10

switchport mode trunk

switchport trunk encapsulation dot1q

reduced operational costs

reduced hardware footprint

faster changes with more reliable results

fewer network failures

increased network security

192.168.12.2

192.168.13.3

192.168.14.4

192.168.15.5

It selects the IS-IS route because it has the shortest prefix inclusive of the destination address.

It selects the EIGRP route because it has the lowest administrative distance.

It selects the OSPF route because it has the lowest cost.

It selects the RIP route because it has the longest prefix inclusive of the destination address.

Spanning tree may fail to detect a switching loop in the network that causes broadcast storms

VTP is allowed to propagate VLAN configuration information from switch to switch automatically.

Root port choice and spanning tree recalculation are accelerated when a switch link goes down

After spanning tree converges PortFast shuts down any port that receives BPDUs.

It omits supports auto-discovery of network elements in a greenfield deployment.

It modular design allows someone to implement different versions to meet the specific needs of an organization

It abstracts policy from the actual device configuration

It does not support high availability of management functions when operating in cluster mode

It can be hidden or broadcast in a WLAN

It uniquely identifies an access point in a WLAN

It uniquely identifies a client in a WLAN

It is at most 32 characters long.

IT provides secured access to a WLAN

The OSPF router IDs are mismatched.

Router2 is using the default hello timer.

The network statement on Router1 is misconfigured.

The OSPF process IDs are mismatched.

it sends information about MIB variables in response to requests from the NMS

it requests information from remote network nodes about catastrophic system events.

it manages routing between Layer 3 devices in a network

it coordinates user authentication between a network device and a TACACS+ or RADIUS server

The application requires an administrator password to reactivate after a configured Interval.

The application requires the user to enter a PIN before it provides the second factor.

The application challenges a user by requiring an administrator password to reactivate when the smartphone is rebooted.

The application verifies that the user is in a specific location before it provides the second factor.

enable the PortFast feature on ports

implement port-based authentication

configure static ARP entries

configure ports to a fixed speed

shut down unused ports

It transmits packets between hosts in the same broadcast domain.

It provides shared applications to end users.

It routes traffic between Layer 3 devices.

It Creates security zones between trusted and untrusted networks

Eliminating training needs

Increasing reliance on self-diagnostic and self-healing

Policy-derived provisioning of resources

Providing a ship entry point for resource provisioning

Reducing hardware footprint

switchport mode trunk

switchport mode dot1-tunnel

switchport mode dynamic auto

switchport mode dynamic desirable

The switch port interface trust state becomes untrusted

The switch port remains administratively down until the interface is connected to another switch

Dynamic ARP inspection is disabled because the ARP ACL is missing

The switch port remains down until it is configured to trust or untrust incoming packets

10.10.1.10

10.10.10.20

172.16.15.10

192.168.0.1

Option A

Option B

Option C

Option D

192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

192.168.0.0.24 as summary and 192.168.0.0/28 for each floor

192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor

Configure the version of SSH

Configure VTY access.

Create a user with a password.

Assign a DNS domain name

10.10.10.0/28

10.10.13.0/25

10.10.13.144/28

10.10.13.208/29

802.1x

IP Source Guard

MAC Authentication Bypass

802.11n

Option A

Option B

Option C

Option D

action

management

control

data

DTP

FTP

SMTP

TFTP

IS-IS

RIP

Internal EIGRP

OSPF

The router calculates the reported distance by multiplying the delay on the exiting Interface by 256.

The router calculates the best backup path to the destination route and assigns it as the feasible successor.

The router calculates the feasible distance of all paths to the destination route

The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link

The router must use the advertised distance as the metric for any given route

The switch must be running a k9 (crypto) IOS image

The Ip domain-name command must be configured on the switch

IP routing must be enabled on the switch

A console password must be configured on the switch

Telnet must be disabled on the switch

TKiP encryption

AES encryption

scrambled encryption key

SAE encryption

It is owned and maintained by one party, but it is shared among multiple organizations.

It enables an organization to fully customize how It deploys network resources.

It provides services that are accessed over the Internet.

It Is a data center on the public Internet that maintains cloud services for only one company.

It supports network resources from a centralized third-party provider and privately-owned virtual resources

internal BGP route

/24 route of a locally configured IP

statically assigned route

route learned through EIGRP

Cisco DNA Center device management can deploy a network more quickly than traditional campus device management

Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management

Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options

Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management

backup

standby

listening

forwarding

Re- Anchor Roamed Clients

11ac MU-MIMO

OEAP Split Tunnel

Client Band Select

ipv6 address 2001:0db8::5: a: 4F 583B

ipv6 address 2001:db8::500:a:400F:583B

ipv6 address 2001 db8:0::500:a:4F:583B

ipv6 address 2001::db8:0000::500:a:400F:583B

It allows the traffic to pass through unchanged

It drops the traffic

It tags the traffic with the default VLAN

It tags the traffic with the native VLAN

ip route 10.10.1.0 255.255.255.240 10.10.255.1

ip route 10.10.1.16 255.255.255.252 10.10.255.1

ip route 10.10.1.20 255.255.255.252 10.10.255.1

ip route 10.10.1.20 255.255.255.254 10.10.255.1

Interface errors are incrementing

An incorrect SFP media type was used at SiteA

High usage is causing high latency

The sites were connected with the wrong cable type

enable AAA override

enable RX-SOP

enable DTIM

enable Band Select

The seventh bit of the original MAC address of the interface is inverted

The interface ID is configured as a random 64-bit value

The characters FE80 are inserted at the beginning of the MAC address of the interface

The MAC address of the interface is used as the interface ID without modification

The access point must directly connect to the WLC using a copper cable

The access point must not be connected to the wired network, as it would create a loop

The access point must be connected to the same switch as the WLC

The access point has the ability to link to any switch in the network, assuming connectivity to the WLC

R1(config)# interface fa0/0R1(config-if)# ip helper-address 198.51.100.100

R2(config)# interface gi0/0R2(config-if)# ip helper-address 198.51.100.100

R1(config)# interface fa0/0R1(config-if)# ip address dhcpR1(config-if)# no shutdown

R2(config)# interface gi0/0R2(config-if)# ip address dhcp

R1(config)# interface fa0/0R1(config-if)# ip helper-address 192.0.2.2

northbound API

REST API

SOAP API

southbound API

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

It multiple the active K value by 256 to calculate the route with the lowest metric.

For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth.

It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost.

It count the number of hops between the source router and the destination to determine the router with the lowest metric

ntp authenticate

ntp server

ntp peer

ntp master

192.168.1.17

192.168.1.61

192.168.1.64

192.168.1.127

192.168.1.254

Add PC A to VLAN 10 and the File Server to VLAN 11 fa VLAN segmentation

Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation

Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing.

Add PC A to the same subnet as the Fie Server allowing for intra-VLAN communication.

ip address 192.168.0.0 255.255.0.0

ip address 192.168.0.0 255.255.254.0

ip address 192.168.0.0 255.255.255.128

ip address 192.168.0.0 255.255.255.224

1,6,11

1,5,10

1,2,3

5,6,7

queuing

marking

shaping

policing

SW1

SW2

SW3

SW4

192.168.7.4

192.168.7.7

192.168.7.35

192.168.7.40

service

trunk

AP-manager

virtual AP connection

10.10.10.1

10.10.10.11

10.10.10.12

10.10.10.14

192.168.10/24

192.168.3.0/24

192.168.2.0/24

172.16 1.0/24

A point-to-point network type is configured.

The default Hello and Dead timers are in use.

There are six OSPF neighbors on this interface.

The interface is not participating in OSPF.

STP

port security

wrong cable type

shutdown command

Use less than eight characters in length when passwords are complex.

Store passwords as contacts on a mobile device with single-factor authentication.

Include special characters and make passwords as long as allowed.

Share passwords with senior IT management to ensure proper oversight.

Controller-based networks increase TCO for the company, and traditional networks require less investment.

Controller-based networks provide a framework for Innovation, and traditional networks create efficiency.

Controller-based networks are open for application requests, and traditional networks operate manually.

Controller-based networks are a closed ecosystem, and traditional networks take advantage of programmability.

FF00:1/12

2001:db8:0234:ca3e::1/128

2002:db84:3f37:ca98:be05:8/64

FE80::1/10

ipv6 address 2001:db8 :: 500:a:400F:583B

ipv6 address 2001:0db8 :: 5:a:4F:583B

ipv6 address 2001 :: db8:0000 :: 500:a:400F:583B

ipv6 address 2001:db8:0 :: 500:a:4F:583B

ipv6 route 2000::1/128 2012::2

ipv6 route 2000::1/128 2012::1

ipv6 route 2000:3 123 s0/0/0

ipv6 route 2000::3/128 2023::3

ipv6 route 2000::1/128 s0/0/1

multicast

private

loopback

public

Unlike lightweight access points, which require redundant WLCs to support firmware upgrades, autonomous access points require only one WLC.

Unlike autonomous access points, lightweight access points store a complete copy of the current firmware for backup.

Unlike lightweight access points, autonomous access points can recover automatically from a corrupt firmware update.

Unlike autonomous access points, lightweight access points require a WLC to implement remote firmware updates.

to reduce interference

to allow for channel bonding

to stabilize the RF environment

to increase bandwidth

It replaces the designated port when the designated port fails

It is the best path to the root from a nonroot switch.

It replaces the designated port when the root port fails.

It is administratively disabled until a failover occurs.

ip route 10.10.0.0 255.255.252.0 g0/0

ip route 10.0.0.0 255.0.0.0 g0/0

ip route 10.10.10.1 255.255.255.255 g0/0

ip route 10.10.10.0 255.255.255.240 g0/0

Ipv6 address 2001:dbB:d8d2:1008:4343:61:0010::/64

Ipv6 address autoconfig

Ipv6 address fe80::/10

Ipv6 address dhcp

A

MX

AAAA

CNAME

GigabitEthernet0/0

Loopback0

10.1.1.1

10.1.1.3

In the Management Software activation configuration, set the Clients value to 125.

In the Controller IPv6 configuration, set the Throttle value to 125.

In the WLAN configuration, set the Maximum Allowed Clients value to 125.

In the Advanced configuration, set the DTIM value to 125.

a server that dynamically assigns IP addresses to hosts

a router that statically assigns IP addresses to hosts

a host that is configured to request an IP address automatically

a workstation that requests a domain name associated with its IP address

out-of-band management

secure in-band connectivity for device administration

unencrypted in-band connectivity for file transfers

HTTP-based GUI connectivity

ESX host

resolver

web

file transfer

authentication

forwarding mode and provides the lowest-cost path to the root bridge for each VLAN

learning mode and provides the shortest path toward the root bridge handling traffic away from the LAN

blocking mode and provides an alternate path toward the designated bridge

listening mode and provides an alternate path toward the root bridge

REST APIs that allow for external applications to interact natively

adapters that support all families of Cisco IOS software

SDKs that support interaction with third-party network equipment

customized versions for small, medium, and large enterprises

modular design that is upgradable as needed

source MAC address and aging time

destination MAC address and flush time

source MAC address and source port

destination MAC address and destination port

In-band management via an asynchronous transport

out-of-band management via an IP transport

in-band management via an IP transport

out-of-band management via an asynchronous transport

interface Gi0/1ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA02:/127

interface Gi0/0ipv6 address 2001:db8:1:AFFF::/64 eui-64

interface Gi0/1ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA00:/127

interface Gi0/0ipv6 address 2001:db8:0:AFFF::/64 eui-64

interface Gi0/0ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA03;/127

repeater mode

autonomous mode

bridge mode

lightweight mode

Reduce the risk of a network security breach

Comply with PCI regulations

Comply with local law

Reduce the size of the forwarding table on network routers

to protect against default gateway failures

to prevent loops in a network

to enable multiple switches to operate as a single unit

to provide load-sharing for a multilink segment

Option

Option

Option

Option

Option A

Option B

Option C

Option D

IS-IS

RIP

OSPF

Internal EIGRP

when a nonidempotent operation is needed

to update a DNS server

to display a web site

when a read-only operation it required

employs PKI and RADIUS to identify access points

applies 802.1x authentication and AES-128 encryption

uses TKIP and per-packet keying

defends against deauthentication and disassociation attacks

Reduce inconsistencies in the network configuration.

Enable "box by box" configuration and deployment.

Decipher simple password policies.

Increase recurrent management costs.

ip domain-name domain

password password

crypto key generate rsa modulus 1024

ip ssh authentication-retries 2

Change the EtherChannel mode on the neighboring interfaces to auto.

Configure the IP address of the neighboring device.

Bring up the neighboring interfaces using the no shutdown command.

Modify the static EtherChannel configuration of the device to passive mode.

It is less expensive when purchasing patch cables.

It has a greater sensitivity to changes in temperature and moisture.

It provides greater throughput options.

It carries signals for longer distances.

It carries electrical current further distances for PoE devices.

Ip route 10.10.2.1 255.255.255.255 192.168.1.4 115

Ip route 10.10.2.0 255.255.255.0 192.168.1.4 100

Ip route 10.10.2.0 255.255.255.0 192.168.1.4 115

Ip route 10.10.2.1 255.255.255.255 192.168.1.4 100

Configure the switchport trunk allowed vlan 300 command on SW1 port-channel 1

Configure the switchport trunk allowed vlan 300 command on interface Fa0/2 on SW1.

Configure the switchport trunk allowtd vlan add 300 command on interface FaO 2 on SW2.

Configure the switchport trunk allowtd vlan add 300 command on SW1 port-channel 1

10.1.40.0/25

10.1.40.0/24

10.1.40.0/23

10.1.41.0/25

0

1

2

32

Client Exclusion and SSH

802.1x and the MAC address of the server

Network Access Control State and SSH

AAA Override and the IP address of the server

CHANGE

UPDATE

POST

PUT

It needs a high MTU between sites.

It has a high implementation cost.

It must have point-to-point communication.

It requires complex configuration.

It works only with BGP between sites.

Option A

Option B

Option C

Option D

assigns DNS locally and then forwards request to DHCP server

permits one IP helper command under an individual Layer 3 interface

allows only MAC-to-IP reservations to determine the local subnet of a client

minimizes the necessary number of DHCP servers

configured under the Layer 3 interface of a router on the client subnet

SSH connection to the management IP of the AP

EolP connection via the parent WLC

CAPWAP/LWAPP connection via the parent WLC

HTTPS connection directly to the out-of-band address of the AP

They alleviate the shortage of public IPv4 addresses.

They supply redundancy in the case of failure.

They offer Internet connectivity to endpoints on private networks.

They allow for Internet access from IoT devices.

They provide a layer of security from Internet threats.

B.

C.

D.

Cisco DNA Center leverages SNMPv3 tor encrypted management, and traditional campus management uses SNMPv2.

Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.

Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.

Cisco DNA Center automates SSH access for encrypted entry, and SSH Is absent from traditional campus management.

1

2

3

4

ip access-list extended Services35 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

no ip access-list extended Servicesip access-list extended Services30 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

ip access-list extended Servicespermit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

no ip access-list extended Servicesip access-list extended Servicespermit udp 10.0.0.0 0.255.255.255 any eq 53permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domaindeny ip any any log

Cloud-based mode APs relay on underlays and are more complex to maintain than APs in autonomous mode.

Cloud-based mode APs are easy to deploy but harder to automate than APs in autonomous mode.

Autonomous mode APs are easy to deploy and automate than APs in cloud-based mode.

It allows for seamless connectivity to virtual machines.

It supports complex and high-scale IP addressing schemes.

It enables configuration task automation.

It provides increased scalability and management options.

It increases security against denial-of-service attacks.

255.255.224.0

255.255.255.0

255.255.255.192

255.255.255.252

Option A

Option B

Option C

Option D

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf network broadcast

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf network point-to-point

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf cost 0

router ospf 1network 192.168.1.1 0.0.0.0 area 0hello interval 15interface e1/1Ip address 192.168.1.1 255.255.255.252

HTTP

SSH

HTTPS

Telnet

heavy traffic congestion

a duplex incompatibility

a speed conflict

queuing drops

interface vlan 1234ip address 10.70.159.1 255.255.254.0

interface vlan 1148ip address 10.70.148.1 255.255.254.0

interface vlan 4722ip address 10.70.133.17 255.255.255.192

interface vlan 3002ip address 10.70.147.17 255.255.255.224

interface vlan 155ip address 10.70.155.65 255.255.255.224

lt requires multiple links between core switches

It generates one spanning-tree instance for each VLAN

It maps multiple VLANs into the same spanning-tree instance

It uses multiple active paths between end stations.

Option A

Option B

Option C

Option D

F0/4

F0/0

F0/1

F0/3

SW1

SW2

SW3

SW4

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

The controller must be rebooted after enabling or reconfiguring LAG.

The management interface must be reassigned if LAG disabled.

Multiple untagged interfaces on the same port must be supported.

ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernetl/0

ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked

ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating

ip route 0.0.0.0 0.0.0.0 192.168.0.2

10.10.10.5

10.10.11.2

10.10.12.2

10.10.10.9

172.16.0.0/16

192.168.2.0/24

207.165.200.0/24

192.168.1.0/24

The interface is receiving excessive broadcast traffic.

The cable connection between the two devices is faulty.

The interface is operating at a different speed than the connected device.

The bandwidth setting of the interface is misconfigured

VLAN numbering

VLAN DSCP

VLAN tagging

VLAN marking

R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1

R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

R1(config>#ip route 172.16.2.0 255.255.255.0 192.168.1.15

R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5

A distributed management plane must be used.

Software upgrades are performed from a central controller

Complexity increases when new device configurations are added

Custom applications are needed to configure network devices

switchport trunk allowed vlan 100-104

switchport trunk allowed vlan add 104

switchport trunk allowed vlan all

switchport trunk allowed vlan 104

transport input telnet

crypto key generate rsa

ip ssh pubkey-chain

login console

username cisco password 0 Cisco

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

Option E

Select the WPA Policy option with the CCKM option.

Disable AES encryption.

Enable Fast Transition and select the FT 802.1x option.

Enable Fast Transition and select the FT PSK option.

disabled

listening

forwarding

learning

blocking

It drops the frame from the switch CAM table.

It floods the frame out of all ports except port Fa0/1.

It shuts down the port Fa0/1 and places it in err-disable mode.

It experiences a broadcast storm.

Option A

Option B

Option C

Option D

Add or remove an 802.1Q trunking header.

Make a configuration change from an incoming NETCONF RPC.

Run routing protocols.

Match the destination MAC address to the MAC address table.

Reply to an incoming ICMP echo request.

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)i=ip ospf priority 1

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 0

Option A

Option B

Option C

Option D

different security settings

discontinuous frequency ranges

different transmission speeds

unique SSIDs

interface FastEthernet0/0ip helper-address 10.0.1.1iaccess-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

interface FastEthernot0/1ip helper-address 10.0.1.1!access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

interface FastEthernetO/0ip helper-address 10.0.1.1Iaccess-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

interface FastEthernet0/1ip helper-address 10.0.1.1!access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

ip route 0.0.0.0 0.0.0.0 g0/1 1

ip route 0.0.0.0 0.0.0.0 209.165.201.5 10

ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

ip route 0,0.0.0 0.0.0.0 g0/1 6

192.168.1.0/24 via 192.168.12.2

192.168.1.128/25 via 192.168.13.3

192.168.1.192/26 via 192.168.14.4

192.168.1.224/27 via 192.168.15.5

unique local address

link-local address

aggregatable global address

IPv4-compatible IPv6 address

SSH

HTTPS

Telnet

console

GigabitEthernet0/0

GigabltEthornet0/1

GigabitEthernet0/2

GigabitEthernet0/3

IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration

IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration

An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of interfaces on multiple nodes.

Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes

lp route 0.0.0.0 0.0.0.0 192.168.1.2

ip default-gateway 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

Modify the configured number of the second access list.

Add either the ip nat {inside|outside} command under both interfaces.

Remove the overload keyword from the ip nat inside source command.

Change the ip nat inside source command to use interface GigabitEthernet0/0.

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

Configure the ip dhcp relay information command under interface Gi0/1.

Configure the ip dhcp smart-relay command globally on the router

Configure the ip helper-address 172.16.2.2 command under interface Gi0/0

Configure the ip address dhcp command under interface Gi0/0

Configure the OSPF priority on router A with the lowest value between the three routers.

Configure router B and router C as OSPF neighbors of router A.

Configure the router A interfaces with the highest OSPF priority value within the area.

Configure router A with a fixed OSPF router ID

F0/10

F0/11

F0/12

F0/13

ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64

iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

to increase security and encrypt management frames

to provide link redundancy and load balancing

to allow for stateful and link-state failover

to enable connected switch ports to failover and use different VLANs

Option A

Option B

Option C

Option D

interface vlan 2000ipv6 address ffc0:0000:aaaa::1234:2343/64

interface vlan 2000Ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64

interface vlan 2000ipv6 address fe80;0000:aaaa::1234:2343/64

interface vlan 2000ipv6 address fd00::1234:2343/64

via next-hop 10.0.1.5

via next-hop 10 0 1.4

via next-hop 10.0 1.50

via next-hop 10.0 1 100

Layer 2 switch

load balancer

firewall

LAN controller

access-list 2699 permit udp 10.20.1.0 0.0.0.255

no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22

access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22

no access-list 2699 deny ip any 10.20.1.0 0.0.0.255

The designated port is FastEthernet 2/1

This is a root bridge

The spanning-tree mode is Rapid PVST+

The spanning-tree mode is PVST+

The root port is FastEthernet 2/1

1.544 Mbps

2.048 Mbps

34.368 Mbps

43.7 Mbps

disk

applications

VM configuration file

operating system

TKIP with RC4

RC4

AES-128

AES-256

Add a "permit ip any any" statement to the begining of ACL 101 for allowed traffic.

Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic

The source and destination IPs must be swapped in ACL 101

The ACL must be configured the Gi0/2 interface inbound on R1

The ACL must be moved to the Gi0/1 interface outbound on R2

A network device has restarted

An ARP inspection has failed

A routing instance has flapped

A debug operation is running

uses predefined tags or angle brackets () to delimit markup text

used to describe structured data that includes arrays

used for storing information

similar to HTML, it is more verbose than XML

dual algorithm

metric

administrative distance

hop count

Filter traffic based on destination IP addressing

Sends the default route to the hosts on a network

ensures a loop-free physical topology

forwards multicast hello messages between routers

There is a native VLAN mismatch

Access mode is configured on the switch ports.

The PCs are m the incorrect VLAN

All VLANs are not enabled on the trunk

Reassociation Request

Probe Request

Authentication Request

Association Request

management plane

control plane

policy plane

data plane

Switch 1

Switch 2

Switch 3

Switch 4

OpenFlow

REST API

NETCONF

Southbound API

outside global

outsdwde local

inside global

insride local

outside public

inside public

firewall

switch

access point

wireless controller

Switch(config)#spanning-tree vlan 750 priority 38003685

Switch(config)#spanning-tree vlan 750 root primary

Switch(config)#spanning-tree vlan 750 priority 614440

Switch(config)#spanning-tree vlan 750 priority 0

It automatically provides a second authentication factor that is unknown to the original user.

It uses an internal firewall to protect the password repository from unauthorized access.

It protects against keystroke logging on a compromised device or web site.

It stores the password repository on the local workstation with built-in antivirus and anti-malware functionality

It encourages users to create stronger passwords.

DHCP client

access point

router

PC

local port ID

lowest path cost to the root bridge

lowest neighbor's bridge ID

lowest neighbor's port ID

84

110

128

192

193

The wireless network becomes vulnerable to unauthorized access.

Wireless devices are unable to distinguish between different SSIDs

Users experience poor wireless network performance.

Network communications are open to eavesdropping.

ipv6 address dhcp

ipv6 address 2001:DB8:5:112::/64 eui-64

ipv6 address autoconfig

ipv6 address 2001:DB8:5:112::2/64 link-local

Data collection and analysis tools establish a baseline for the network

Artificial intelligence identifies and prevents potential design failures.

Machine learning minimizes the overall error rate when automating troubleshooting processes

New devices are onboarded with minimal effort

Proprietary Cisco APIs leverage multiple network management tools.

DHCP

STP

SNMP

DNS

It serves as the centralized management point of an SDN architecture.

It centralizes the data plane for the network.

It is the card on a core router that maintains all routing decisions for a campus.

It is a pair of core routers that maintain all routing decisions for a campus

asychronous routing

single-homed branches

dual-homed branches

static routing

dynamic routing

TACACS server

wireless access point

RADIUS server

wireless LAN controller

enable dynamic ARP inspection

manually implement trunk ports and disable DTP

activate all ports and place in the default VLAN

configure extended VLANs

a DHCP Relay Agent

DHCP Binding

a DHCP Pool

DHCP Snooping

OpenFlow

NETCONF

Thrift

CORBA

DSC

It provides a summary of the top 10 global issues.

It provides detailed activity logging for the 10 devices and users on the network.

It summarizes the operational status of each wireless devise on the network.

It summarizes daily and weekly CPU usage for servers and workstations in the network.

lt drops the frame immediately.

It forwards the frame back out of interface Fa0/1.

It floods the frame to all interfaces except Fa0/1.

It holds the frame until the MAC address timer expires and then drops the frame.

adminadmin123

default

testing 1234

cisco123

F0/8

FO/20

FO/12

FO/17

Option A

Option B

Option C

Option D

adapters that support all families of Cisco IOS software

SDKs that support interaction with third-party network equipment

customized versions for small, medium, and large enterprises

REST APIs that allow for external applications to interact natively with Cisco DNA Center

modular design that is upgradable as needed

A spine switch and a leaf switch can be added with redundant connections between them

A spine switch can be added with at least 40 GB uplinks

A leaf switch can be added with a single connection to a core spine switch.

A leaf switch can be added with connections to every spine switch

it uses the bandwidth and delay values of the path to calculate the route metric

it uses a default metric of 10 for all routes that are learned by the router

it uses a reference Bandwidth and the actual bandwidth of the connected link to calculate the route metric

it counts the number of hops between the receiving and destination routers and uses that value as the metric

Syslog defines the software or hardware component that triggered the message.

There are 16 different logging levels (0-15).

By default, all message levels are sent to the syslog server.

The logging level defines the severity of a particular message.

using the CLI via an out-of-band connection

using the WLC GUI via HTTPS

using the AP GUI via an in-band SSH connection

using the CLI via a virtual interface with SSH

To support DES 56-bit and 3DES (168-bit) ciphers

To enable secured access to the inbound management interface

To validate management access with username and domain name only

To allow passwords protected with HTTPS encryption to be sent

uses dynamic IP address assignment

allows two or more routers to act as a default gateway

uses a destination IP address 224.0.0.102 for router-to-router communication

uses Cisco-proprietary First Hop Redundancy Protocol

B.

C.

D.

G0/23

G0/3

G0/16

G0/6

interface GigabitEthernet0/0 ip address 10.10.2.10 255.255.252.0

interface GigabitEthernet0/0.3 encapsulation dot1Q 3 native ip address 10.10.2.10 255.255.252.0

interface GigabitEthernet0/0.10 encapsulation dot1Q 3

interface GigabitEthernet0/0.3 encapsulation dot1Q 10 ip address 10.10.2.10 255.255.252.0

It ages out the frame until the MAC address becomes known.

It drops the frame to avoid unnecessary network congestion.

It switches the frame to a predetermined port based on settings.

It floods the frame to all ports except the incoming port.

Option A

Option B

Option C

Option D

Heavy usage is causing high latency.

An incorrect type of transceiver has been inserted into a device on the link.

physical network errors are being transmitted between the two sites.

The wrong cable type was used to make the connection.

R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

They enable automatic failover of the default gateway.

They allow multiple devices to serve as a single virtual gateway for clients in the network.

They are able to bundle multiple ports to increase bandwidth.

They prevent loops in the Layer 2 network.

They allow encrypted traffic.

dynamic

static

active

auto

Switch 1 (config-if)#channel-group 1 mode onSwrtch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode passiveSwitch2(config-if)#channel-group 1 mode active

Switch1{config-if)£channel-group 1 mode activeSwitch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode onSwitch2(config-if)#channel-group 1 mode active

It identifies the wired network to which a network device is connected.

It identifies a wireless network for a mobile device to connect.

It identifies the wireless network to which an application must connect.

It identifies the wired network to which a user device is connected.

Enabled by default on all VLANs and interfaces

Forwards frames to a neighbor port using CDP

Overwrites the known source MAC address in the address table

Protects against denial of service attacks

ipv6 address 2001:db8:1:0FFA:0::/64

ipv6 address 2001:db8:0:0FFA::1/64

ipv6 address 2001:db8:0:0FFA::/64 eui-64

ipv6 address 2001:db8:0:0FFA::/64 anycast

to establish an encrypted tunnel between a remote user and a private network over the internet

to allow access to an enterprise network using any internet-enabled location via a web browser using SSL

to provide a secure link between an HTTPS server, authentication subsystem, and an end-user

to use cryptography for authentication between a device and user over a negotiated VPN gateway

PBR

FRTS

PQ

CBWFQ

CAR

via 10.0.4.2

via 10.0.0.2

via FastEthernet0/1

via FastEthernet1/1

HTTPS

HTTP

Telnet

SSH

global unicast address

anycast address

multicast address

link-local address

SYIM flood

reflection

teardrop

amplification

a lightweight access point

a firewall

a wireless LAN controller

a LAN switch

password password

crypto key generate rsa modulus 1024

ip domain-name domain

ip ssh authentication-retries 2

authorized services

authenticator

username

password

Layer 2 switch

Router

Load balancer

firewall