CCNA 3 (Version 7.00) ENSA final exam Answers complete (2023)

[warning message]How to find:Press"Ctrl + F"in the browser and type the wording of the question to find that questionare two types of attacks used on open DNS resolvers? (Choosen/answer.[/alert-announce][alert-note]NOTE: If you have the new question for this test, please comment on the question and multiple choice list in the form below this article. We will update the answers for you in no time. Thank you very much! We really appreciate your contribution to the site.[/alert-note]

CCNA 3 final exam answers

1. What design feature limits the size of a fault domain in an enterprise network?

the purchase of corporate equipment designed for high traffic volumes
the installation of redundant power supplies
the use of a collapsed core design
the use of the building switch block approach

2. What two things should a network administrator change on a router to perform password recovery? (Choose two.)

the system image file
the NVRAM file system
the value of the configuration register
the startup configuration file
System-ROM

3. What type of network uses a common infrastructure to carry voice, data, and video signals?

limitless
converges
managed
switched

4. What are the three advantages of using private IP addresses and NAT? (Choose three.)

hides private LAN addressing from external devices connected to the Internet
enables LAN extension without additional public IP addresses
reduces CPU usage on customer routers
creates multiple public IP addresses
improves the performance of the router connected to the Internet
stores registered public IP addresses

5. Which two scenarios are examples of remote access VPNs? (Choose two.)

All users in a large branch office can access corporate resources through a single VPN connection.
A small branch office with three employees has a Cisco ASA that is used to establish a VPN connection to the head office.
A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
A mobile sales representative connects to the corporate network via a hotel's Internet connection.
An employee working from home uses VPN client software on a laptop to connect to the corporate network.

6. What three advantages does cloud computing offer? (Choose three.)

It uses end-user clients to perform a significant amount of data pre-processing and storage.
It uses open source software for distributed processing of large datasets.
It streamlines an organization's IT operations by only subscribing to needed services.
It enables access to organizational data anywhere and anytime.
It turns raw data into meaningful information by discovering patterns and relationships.
It eliminates or reduces the need for on-site IT equipment, maintenance and management.

7. What is a characteristic of a single area OSPF network?

All routers share a common forwarding database.
All routers have the same neighbor table.
All routers are located in the backbone area.
All routers have the same routing table.

8. What is a WAN?

a network infrastructure that spans a limited physical area such as a city
a network infrastructure that provides access to other networks over a large geographic area
a network infrastructure that allows access in a small geographic area
a network infrastructure to provide data storage, retrieval, and replication

9. A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator looks for a backup site for all data on the company servers. What service or technology would support this requirement?

data center
virtualization
dedicated servers
Software defined networking

10. What type of OSPF packet is used by a router to discover neighboring routers and establish neighboring neighbors?

Link-State-Update
Hallo
Database Description
Link State Request

11. Which two statements are characteristics of a virus? (Choose two.)

A virus has an enabling vulnerability, a propagation mechanism, and a payload.
A virus can be dormant and then become active at a specific time or date.
A virus provides the attacker with sensitive data such as passwords.
A virus replicates itself by independently exploiting vulnerabilities in networks.
A virus usually requires end-user activation.

Explanation:The type of end-user interaction required to start a virus is usually opening an application, opening a web page, or turning on the computer. Once activated, a virus can infect other files on the computer or other computers on the same network.

12. Which public WAN access technology uses copper telephone lines to provide access to subscribers multiplexed into a single T3 link connection?

ISDN
DSL
Cable
dial-in

13. A customer requires a metro-area WAN connection that provides dedicated high-speed bandwidth between two locations. What type of WAN connection would best meet this requirement?

packet switched network
Ethernet-WAN
circuit switched network
MPLS

14. A company has contracted with a network security company to help identify vulnerabilities in the company network. The company sends a team to conduct penetration tests on the company network. Why should the team use Debugger?

to detect installed tools in files and directories that allow threat actors remote access and control over a computer or network
for reverse engineering binaries when writing exploits and analyzing malware
to get specially designed operating systems preinstalled with tools optimized for hacking
to detect evidence of a hack or malware on a computer or network

15. Consider the following output for an ACL applied to a router using the access-class command. What can a network administrator determine from the displayed output?

R1#Default IP Access List 210 allowed 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)20 denied all (1 match)

Two devices connected to the router have the IP addresses 192.168.10. X .
Two devices could access the router via SSH or Telnet.
Traffic from a device was not allowed to come in on one router port and be routed out on another router port.
Traffic from two devices was allowed to enter one router port and exit to another router port.

Explanation:The access-class command is only used on VTY ports. VTY ports support Telnet and/or SSH traffic. The Match Allowed ACE indicates how many attempts were allowed using the VTY ports. The match-deny ACE shows that a device from a network other than 192.168.10.0 was not allowed to access the router through the VTY ports.

16. What command would be used as part of configuring NAT or PAT to delete dynamic entries before the timeout expires?

delete ip dhcp
clear ip nat translation
Clear access list counter
Finished the IP-Pat Statistics

17. What are two characteristics of video traffic? (Choose two.)

Video traffic consumes less network resources than voice traffic.
Video traffic latency should not exceed 400ms.
Video traffic is more resilient to loss than voice traffic.
Video traffic requires at least 30kb of bandwidth.
Video traffic is unpredictable and inconsistent.

18. Relate to the exhibition. A technician configures R2 for static NAT so the client can access the web server. What is a possible reason for the client PC not being able to access the web server?

The IP NAT instruction is wrong.
The Fa0/1 interface should be identified as an external NAT interface.
The S0/0/0 interface should be identified as an external NAT interface.
The configuration is missing a valid access control list.

Explanation:The S0/0/0 interface should be identified as an external NAT interface. The command to do this would be R2(config-if)# ip nat outside.

19. When setting up a small office network, the network administrator decides to dynamically assign private IP addresses to workstations and mobile devices. What feature needs to be enabled on the company router for office equipment to access the internet?

UPnP
MAC filtering
NAT
QoS

Explanation:Network Address Translation (NAT) is the process used to convert private addresses into Internet-routable addresses that allow office equipment to access the Internet.

20. A data center recently upgraded a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual separate server to each customer. Which networking trend is the data center implementing in this situation?

online collaboration
BYOD
virtualization
maintaining communication integrity

21. Relate to the exhibition. What address or addresses constitute the inner global address?

192.168.0.100
10.1.1.2
any address in the 10.1.1.0 network
209.165.20.25

22. Which two IPsec protocols are used to ensure data integrity?

MD5
DH
AES
SCHA
RSA

Explanation:The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure data is not intercepted and altered (data integrity) are MD5 and SHA. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm used for key exchange. RSA is an algorithm used for authentication.

23. If an external host does not have the Cisco AnyConnect client pre-installed, how would the host get access to the client image?

The Cisco AnyConnect client is installed by default on most major operating systems.
The host initiates a clientless VPN connection with a compatible web browser to download the client.
The host initiates a clientless connection to a TFTP server to download the client.
The host initiates a clientless connection to an FTP server to download the client.

Explanation:If a remote host does not have the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connection using a compatible web browser, and then download and install the AnyConnect client on the remote host.

24. A company is considering upgrading the campus WAN connection. Which two WAN options are examples of private WAN architecture? (Choose two.)

dedicated line
Cable
digital subscriber line
Ethernet-WAN
communal WiFi

25. What kind of QoS marking is applied to Ethernet frames?

IP precedence
DSCP
ToS
CoS

26. Relate to the exhibition. Routers R1 and R2 are connected via a serial connection. One router is configured as an NTP master, the other as an NTP client. What two pieces of information can be gleaned from the partial output of the show ntp Associations Detail command on R2? (Choose two.)

Both routers are configured to use NTPv2.
Router R1 is the master and R2 is the client
R2's IP address is 192 168.1.2.
Router R2 is the master and R1 is the client
R1's IP address is 192.168.1.2

Explanation:The show NTP Associations command specifies the IP address of the NTP master.

27. Relate to the exhibition. The network administrator with the IP address 10.0.70.23/25 must have access to the company's FTP server (10.0.54.5/28). The FTP server is also a web server that can be accessed by all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. What extended ACL would be used to filter this traffic and how would that ACL be applied? (Choose two.)

R1(config)# interface s0/0/0
R1 (config-if) # IP access group 105 off
R2(config)# Interface gi0/0
R2 (config-if) # IP access group 105 in

access list 105 allows tcp host 10.0.70.23 host 10.0.54.5 eq 20
access list 105 allows tcp host 10.0.70.23 host 10.0.54.5 eq 21
access list 105 permission tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 denies ip any host 10.0.54.5
Access List 105 IP Permission Any Any

Access list 105 allows IP host 10.0.70.23 host 10.0.54.5
access-list 105 allows tcp any host 10.0.54.5 eq www
Access List 105 IP Permission Any Any

R1(config)# interface gi0/0
R1 (config-if) # IP access group 105 off

access list 105 tcp host 10.0.54.5 allow any www
access list 105 allows tcp host 10.0.70.23 host 10.0.54.5 eq 20
access list 105 allows tcp host 10.0.70.23 host 10.0.54.5 eq 21

Explanation:The first two lines of the ACL allow host 10.0.70.23 FTP access to the server with IP address 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host whose IP address begins with the number 10. The fourth line of the ACL denies all other traffic to the server from any source IP address. The last line of the ACL allows everything else in case other servers or devices are added to the 10.0.54.0/28 network. Because traffic is filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server.

28. Relate to the exhibition. If the network administrator has created a default ACL that only allows devices connecting to the R2 G0/0 network to access the devices on the R1 G0/1 interface, how should the ACL be applied?

incoming on the R2 G0/0 interface
outgoing on the R1 G0/1 interface
incoming on the R1 G0/1 interface
outgoing on the R2 S0/0/1 interface

Explanation:Because standard access lists only filter by source IP address, they are usually placed closest to the destination network. In this example, the source packets come from the R2 G0/0 network. The destination is the network R1 G0/1. Proper ACL placement is on the R1 G0/1 interface.

29. What is a characteristic of a type 2 hypervisor?

requires no management console software
has direct access to server hardware resources
best suited for corporate environments
is installed directly on the hardware

30. What are the two types of VPN connections? (Choose two.)

PPPoE
Frame-Relay
side to side
remote access
dedicated line

Explanation:PPPoE, leased line, and frame relay are types of WAN technologies, not types of VPN connections.

31. Relate to the exhibition. What three conclusions can be drawn from the displayed output? (Choose three.)

The DR can be reached via the GigabitEthernet 0/0 interface.
9 seconds have passed since the last hello packet was sent.
This interface uses the default priority.
The router ID values were not the criteria used to select the DR and BDR.
The router ID on the DR router is 3.3.3.3
The BDR has three neighbors.

32. Relate to the exhibition. A network administrator configures an ACL to restrict connection to R1 VTY lines to only the IT group's workstations on the 192.168.22.0/28 network. The administrator verifies successful telnet connections from a workstation with IP 192.168.22.5 to R1 before applying the ACL. However, after the ACL is applied to the Fa0/0 interface, Telnet connections are denied. What is the cause of the connection error?

Password to enable secret password is not configured on R1.
The IT group's network is included in the Deny statement.
The approval ACE specifies an incorrect port number.
The approval ACE should specify protocol IP instead of TCP.
The login command was not entered for vty lines.

Explanation:The source IP range in the Deny ACE is 192.168.20.0 0.0.3.255, covering IP addresses from 192.168.20.0 to 192.168.23.255. The network of the IT group 192.168.22.0/28 is included in the network 192.168.20/22. Therefore, the connection is refused. To fix this, the order of the Deny and Allow ACE should be swapped.

33. What functionality does mGRE provide to DMVPN technology?

It allows the creation of dynamically assigned tunnels through a permanent tunnel source at the hub and dynamically assigned tunnel destinations at the spokes.
It provides secure transport of private information over public networks such as the Internet.
It is a Cisco software solution to create multiple VPNs easily, dynamically and scalably.
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.

Explanation:DMVPN is based on three protocols, NHRP, IPsec and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communication in VPN tunnels. The mGRE protocol allows for the dynamic creation of multiple spoke tunnels from a persistent VPN hub.

34. What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?

die FIB
the routing table
the ARP table
the DSP

35. What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?

show running configuration
View IP NAT statistics
Show IP Cache
show version

36. What is one purpose of creating a network baseline?

It provides a statistical average for network performance.
It creates a reference point for future network evaluations.
It manages the performance of network devices.
It checks the security configuration of network devices.

Explanation:A baseline is used to establish normal network or system performance. It can be used to compare with future network or system performance to detect abnormal situations.

37. Match the type of WAN device or service to the description. (Not all options are used.)

CPE —> Equipment and indoor cabling located at the enterprise edge and connected to a bearer link
DCE —>Devices that provide an interface for customers to connect to within the WAN cloud
DTE —>Customer devices that pass the data from a customer network for transmission over the WAN
Local Loop —>a physical connection from the customer to the service provider's POP

38. Which statement describes a property of standard IPv4 ACLs?

They only filter traffic based on source IP addresses.
They can be created with a number but not with a name.
They are configured in interface configuration mode.
They can be configured to filter traffic based on source IP addresses and source ports.

39. Relate to the exhibition. R1 is configured for NAT as shown. What is wrong with the configuration?

NAT-POOL2 is not bound to ACL 1.
The Fa0/0 interface should be identified as an external NAT interface.
The NAT pool is wrong.
Access list 1 is misconfigured.

Explanation:R1 must have NAT-POOL2 bound to ACL 1. This is achieved with the R1(config)#ip nat command within source list 1 pool NAT-POOL2. This would allow the router to check for any traffic of interest and if it matched ACL 1 it would be translated using the addresses in NAT-POOL2.

40. Relate to the exhibition. What method can be used to allow an OSPF router to advertise a default route to neighboring OSPF routers?

Use a static route pointing to the ISP and redistribute it.
Use the redistribute static command on R0-A.
Use the default-information origin command on the ISP.
Use the Default Information Origin command on R0-A.

41. A company has contracted with a network security company to help identify vulnerabilities in the company network. The company sends a team to conduct penetration tests on the company network. Why would the team use applications like John the Ripper, THC Hydra, RainbowCrack and Medusa?

for capturing and analyzing packets in conventional Ethernet LANs or WLANs
to examine and test the robustness of a firewall using specially crafted fake packets
guessing repeatedly to crack a password

42. What are two syntax rules for writing a JSON array? (Choose two.)

Each value in the array is separated by a comma.
The array can only contain one value type.
Each value in the array must be separated by a space.
A semicolon separates the key and the value list.
Values are enclosed in square brackets.

43. What is a characteristic of a Trojan horse in terms of network security?

An electronic dictionary is used to obtain a password used to infiltrate a key network device.
Malware is contained within what appears to be a legitimate executable program.
Extreme amounts of data are sent to a specific network device interface.
Too much information is destined for a given block of memory, causing additional memory areas to suffer

Explanation:A Trojan horse performs malicious operations under the guise of a legitimate program. Denial of service attacks send excessive amounts of data to a specific host or network device interface. Password attacks use electronic dictionaries to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable.

44. An attacker redirects traffic to a fake default gateway to intercept traffic on a switched network. What kind of attack could achieve this?

TCP SYN flood
DNS-Tunneling
DHCP-Spoofing
ARP-Cache-Poisoning

Explanation:In DHCP spoofing attacks, an attacker configures a spoofed DHCP server on the network to issue DHCP addresses to clients with the goal of forcing the clients to use a fake default gateway and other fake services. DHCP snooping is a Cisco switch feature that can mitigate DHCP attacks. MAC address starvation and MAC address snooping are not recognized security attacks. MAC address spoofing is a threat to network security.

45. A company develops a security policy for secure communications. When critical messages are exchanged between a head office and a branch office, a hash value should only be recalculated with a specified code in order to ensure the validity of the data source. Which aspect of secure communication is addressed?

data integrity
Nichtablehnung
origin authentication
data confidentiality

Explanation:Secure communication consists of four elements:
Data confidentiality - guarantees that only authorized users can read the message
Data integrity - guarantees that the message has not been altered
Origin authentication - guarantees that the message is not fake and actually comes from who it says it is
Data non-repudiation – guarantees that the sender cannot deny or refute the validity of a sent message

46. A company hired a network security firm to help identify the vulnerabilities of the company network. The company sends a team to conduct penetration tests on the company network. Why would the team use packet sniffers?

to detect installed tools in files and directories that allow threat actors remote access and control over a computer or network
to detect evidence of a hack or malware on a computer or network
to examine and test the robustness of a firewall using specially crafted fake packets
for capturing and analyzing packets in conventional Ethernet LANs or WLANs

47. An administrator configures single-area OSPF on a router. One of the networks to advertise is 172.20.0.0 255.255.252.0. What wildcard mask would the admin use in the OSPF net statement?

0.0.15.255
0.0.3.255
0.0.7.255
0.0.1.255

48. Map the HTTP method to the RESTful operation.

POST ->> Create
GET ->> Read
PUT/PATCH –>> Update/Replace?Change
Delete –>> Delete

49. Relate to the exhibition. What is the OSPF cost to reach the west LAN 172.16.2.0/24 from the east?

50. What is a reason to use the ip ospf priority command when using the OSPF routing protocol?

to activate the OSPF neighbor process
Influencing the DR/BDR election process
to provide a backdoor for connectivity during the convergence process
to streamline and accelerate the convergence process

51. An ACL is applied inbound to a router interface. The ACL consists of a single entry:

Allow access list 210 TCP 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .

If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40 and a protocol of 21 is received on the interface, is the packet allowed or rejected?

permitted

52. What is a feature of the two-tier spine-leaf topology of the Cisco ACI Fabric architecture?

The spine and leaf switches are always connected through core switches.
The spine switches connect to the leaf switches and are tied together for redundancy.
The leaf switches are always attached to the spines and connected to each other by a trunk line.
The leaf switches always attach to the spines, but they never attach to each other.

53. What two scenarios would result in a duplex mismatch? (Choose two.)

Connecting a device with autonegotiation to another device that is manually set to full duplex
Starting and stopping a router interface during normal operation
Connect a device with a 100 Mbps interface to another device with a 1000 Mbps interface
misconfiguring dynamic routing
Manually setting the two connected devices to different duplex modes

54. A network engineer is configuring SNMPv3 and has set the security level to auth. What does this setting do?

authenticates a package by a string match of username or community string
authenticates a packet using either the HMAC with MD5 method or the SHA method
authenticates a packet using either the HMAC MD5 or 3.HMAC SHA algorithms and encrypts the packet using the DES, 3DES, or AES algorithms
authenticates a packet using only the SHA algorithm

Explanation:One of three security levels can be configured to enable SNMPv3:
1) no auth
2) author
3) priv
The configured security level determines which security algorithms are applied to SNMP packets. The authentication security level uses either HMAC with MD5 or SHA.

55. What two types of attacks are used on open DNS resolvers? (Choose two.)

amplification and reflection
resource usage
fast flow
ARP poisoning
damping

Explanation:Three types of open DNS resolver attacks are as follows: DNS cache poisoning – Attackers send fake, fake information to redirect users from legitimate websites to malicious websites
DNS Amplification and Reflection Attacks - Attackers send an increased volume of attacks to obfuscate the true source of the attack
DNS Resource Utilization Attacks – A Denial of Service (DoS) attack that consumes server resources

56. An ACL is applied inbound to a router interface. The ACL consists of a single entry:

access list 101 permission udp 192.168.100.0 0.0.2.255 64.100.40.0 0.0.0.15 eq telnet .

If a packet with a source address of 192.168.101.45, a destination address of 64.100.40.4 and a protocol of 23 is received on the interface, is the packet allowed or rejected?

denied
permitted

57. What kind of resources are required for a Type 1 hypervisor?

a dedicated VLAN
a management console
a host operating system

58. What is in square brackets [ ] in JSON?

nested values
key/value pairs
an object
an arrangement

59. What three components are used in the query part of a typical RESTful API request? (Choose three.)

resources
Protocol
API-Server
Format
Taste
Parameter

60. A user reports that when entering the company website URL in a web browser, an error message states that the page cannot be displayed. The helpdesk technician will ask the user to enter the IP address of the web server to see if the page can be displayed. What troubleshooting method does the technician use?

top down
Prost
divide and conquer
substitution

61. Which protocol provides authentication, integrity and confidentiality services and is a type of VPN?

MD5
AES
IPsec
ESP

62. Which statement describes a characteristic of Cisco Catalyst 2960 switches?

They are best used as distribution layer switches.
The new Cisco Catalyst 2960-C switches support PoE passthrough.
They are modular switches.
They do not support Active Switched Virtual Interface (SVI) with IOS versions earlier than 15.x.

63. Which component of the ACI architecture translates application policies into network programming?

der Hypervisor
der Application Policy Infrastructure Controller
der Nexus 9000-Switch
the endpoints of the application network profile

64. What two pieces of information should be included in a logical topology diagram of a network? (Choose two.)

device type
cable specification
interface identifier
OS/IOS-Version
connection type
cable type and identifier

65. Relate to the exhibition. A PC with the address 10.1.1.45 cannot access the Internet. What is the most likely cause of the problem?

The NAT pool is exhausted.
The wrong netmask was used in the NAT pool.
Access list 1 was not configured correctly.
The inner and outer interfaces have been configured backwards.

Explanation:The show ip nat statistics output shows that there are 2 addresses total and that 2 addresses have been allocated (100%). This indicates that the NAT pool has run out of global addresses to allocate new clients. Based on show ip nat translations, 10.1.1.33 and 10.1.1.123 PCs used the two available addresses to send ICMP messages to a host on the external network.

66. What are the two advantages of using SNMP traps? (Choose two.)

They eliminate the need for some periodic polling requirements.
They reduce the load on network and agent resources.
They limit access to management systems only.
You can provide statistics on TCP/IP packets flowing through Cisco devices.
You can passively listen to exported NetFlow datagrams.

67. Which statement describes a property of IPsec exactly?

IPsec works at the application layer and protects all application data.
IPsec is a standard framework developed by Cisco that is based on OSI algorithms.
IPsec is a framework of proprietary standards that depend on Cisco-specific algorithms.
IPsec works at the transport layer and protects data at the network layer.
IPsec is an open standards framework that relies on existing algorithms.

Explanation:IPsec can secure a path between two network devices. IPsec can provide the following security features:
Confidentiality - IPsec ensures confidentiality through encryption.
Integrity - IPsec uses a hash algorithm such as MD5 or SHA to ensure that data arrives at the destination unaltered.
Authentication - IPsec uses Internet Key Exchange (IKE) to authenticate users and devices that can communicate independently. IKE uses multiple types of authentication, including username and password, one-time password, biometrics, pre-shared keys (PSKs), and digital certificates.
Secure Key Exchange - IPsec uses the Diffie-Hellman (DH) algorithm to provide a public key exchange method for two peers to create a shared secret key.

68. In a large enterprise network, what two functions are performed by routers at the distribution level? (Choose two.)

Connect users to the network
Providing a high-speed network backbone
Connect remote networks
Providing Power over Ethernet to devices
Provide traffic security

69. Which two statements describe the use of asymmetric algorithms? (Choose two.)

Public and private keys can be used interchangeably.
If a public key is used to encrypt the data, a public key must be used to decrypt the data.
If a private key is used to encrypt the data, a public key must be used to decrypt the data.
If a public key is used to encrypt the data, a private key must be used to decrypt the data.
If a private key is used to encrypt the data, a private key must be used to decrypt the data.

Explanation:Asymmetric algorithms use two keys: a public key and a private key. Both keys are suitable for the encryption process, but the complementary matching key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. When a private key encrypts the data, the corresponding public key decrypts the data.

70. Relate to the exhibition. A network administrator has deployed QoS and configured the network to tag traffic on the VoIP phones and the Layer 2 and Layer 3 switches. Where should the initial mark be done to set the confidence limit?

confidence limit 4
confidence limit 3
Confidence limit 1
confidence limit 2

Explanation:Traffic should be classified and tagged as close to its source as possible. The trust boundary specifies on which device traffic tagged should be trusted. Traffic tagged on VoIP phones is considered trusted when it enters the corporate network.

71. What are the two benefits of extending access layer connectivity to users over a wireless medium? (Choose two.)

reduced costs
reduced number of critical failure points
increased flexibility
increased bandwidth availability
advanced network management options

72. What are the two purposes of launching a reconnaissance attack on a network? (Choose two.)

scan for accessibility
to retrieve and change data
to collect information about the network and devices
to prevent other users from accessing the system
escalate access rights

73. A group of users on the same network all complain that their computers are running slowly. After investigating, the technician discovers that these computers are part of a zombie network. What kind of malware is used to control these computers?

Botnetz
Spyware
Virus
Rootkit

74. An ACL is applied inbound to a router interface. The ACL consists of a single entry:

access list 101 tcp allow 10.1.1.0 0.0.0.255 host 192.31.7.45 eq dns .

If a packet with a source address of 10.1.1.201, a destination address of 192.31.7.45 and a protocol of 23 is received on the interface, is the packet allowed or rejected?

permitted
denied

75. Relate to the exhibition. From what location did this router load the IOS?

Flash memory
NVRAM?
RAM
Rom
ein TFTP-Server?

76. Relate to the exhibition. What data format is used to represent the data for network automation applications?

XML
YAML
HTML
JSON

Explanation:The common data formats used in many applications including network automation and programmability are as follows:

JavaScript-Objektnotation (JSON)– In JSON, the data referred to as an object is one or more key/value pairs enclosed in braces { }. Keys must be strings enclosed in double quotes " ". Keys and values are separated by a colon.
eXtensible Markup Language (XML)– In XML, the data is enclosed in an associated set of <tag>data</tag> tags.
YAML is not a markup language (YAML)– In YAML, the data referred to as an object is one or more key-value pairs. Key-value pairs are separated by a colon without using quotation marks. YAML uses indentation to define its structure without using parentheses or commas.

77. What QoS step must be taken before packets can be tagged?

classify
layout
queue
police

78. What is the main function of a hypervisor?

It is used to create and manage multiple VM instances on a host machine.
It is a device that filters and verifies security credentials.
It's a device that synchronizes a group of sensors.
It is software used to coordinate and prepare data for analysis.
It is used by ISPs to monitor cloud computing resources.

79. A company must connect several branches in a metropolitan area. The network engineer is looking for a solution that will deliver converged high-speed traffic, including voice, video, and data, on the same network infrastructure. The company also wants easy integration into the existing LAN infrastructure at its office locations. Which technology do you recommend?

Frame-Relay
Ethernet-WAN
VSAT
ISDN

80. Relate to the exhibition. What congestion avoidance technique is used when traffic is routed through an egress interface with QoS treatment?

traffic shaping
weighted random early detection
Classification and Labeling
traffic police

Explanation:Traffic shaping buffers excess packets in a queue and then forwards traffic over time intervals, resulting in a smooth packet output rate. Traffic monitoring drops traffic when the amount of traffic reaches a configured maximum rate, resulting in an output rate that appears as a sawtooth with peaks and valleys.

81. An ACL is applied inbound to a router interface. The ACL consists of a single entry:

access list 101 permission tcp 10.1.1.0 0.0.0.255 host 10.1.3.8 eq dns .

If a packet with a source address of 10.1.3.8, a destination address of 10.10.3.8 and a protocol of 53 is received on the interface, is the packet allowed or rejected?

denied
permitted

82. Relate to the exhibition. What is the purpose of the command marked with an arrow in the partial configuration output of a Cisco broadband router?

defines which addresses are allowed in the router
defines which addresses can be translated
determines which addresses are assigned to a NAT pool
defines which addresses are allowed out of the router

83. If a router has two interfaces and routes both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

84. Relate to the exhibition. An administrator first configured an extended ACL, as shown in the output from the show access-lists command. The administrator then edits this access list by issuing the following commands.

Router(config)# IP access list extended 101 Router(config-ext-nacl)# no 20Router(config-ext-nacl)# 5 allows tcp any any eq 22Router(config-ext-nacl)# 20 denies udp any any

What two conclusions can be drawn from this new configuration? (Choose two.)

TFTP packets are allowed
Ping packets are allowed.
Telnet packets are allowed.
SSH packages are allowed.
All TCP and UDP packets are rejected

Explanation:After editing, the final configuration looks like this:
Router#View Access Lists
Extended IP access list 101
5 allow tcp any any eq ssh
10 refuse tcp all all
20 refuse udp all all
Allow 30 icmp any any
Therefore, only SSH packets and ICMP packets are allowed

85. Which troubleshooting approach is more appropriate for an experienced network administrator than for a less experienced network administrator?

a less structured approach based on educated guesswork
an approach that compares working and non-working components to identify significant differences
a structured approach that starts with the physical layer and moves through the layers of the OSI model until the root cause of the problem is identified
An approach that starts with the end-user applications and moves through the layers of the OSI model until the root cause of the problem is identified

86. Relate to the exhibition. Many employees waste company time accessing social media on their work computers. The company wants to prevent this access. What is the best ACL type and placement in this situation?

extended ACL from the R2 WAN interface to the Internet
Default ACL from the R2 WAN interface to the Internet
Default ACL outbound on R2 S0/0/0
extended ACLs incoming on R1 G0/0 and G0/1

87. Relate to the exhibition. An administrator tries to configure PAT on R1, but PC-A cannot access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debug errors shown in the exhibit. Based on this output, what is the most likely cause of the problem?

The inner and outer NAT interlaces have been configured backwards
The internal global address is not in the same subnet as the ISP
The address on Fa0/0 should be 64.100.0.1.
The NAT source access list matches the wrong address range.

Explanation:The debug ip nat output shows each packet translated by the router. The "s" is the source IP address of the packet and the "d" is the destination. The address after the arrow ("->") shows the translated address. In this case, the translated address is on the 209.165.201.0 subnet, but the interface facing the ISP is on the 209.165.200.224/27 subnet. The ISP may drop the incoming packets or not return the return packets to the host because the address is on an unknown subnet.

88. Why is QoS an important issue in a converged network combining voice, video and data communications?

Data communication must be given first priority.
Voice and video communications are more sensitive to latency.
Older devices cannot transmit voice and video without QoS.
Data communications are sensitive to jitter.

89. Which statement describes a VPN?

VPNs use logical connections to create public networks across the Internet.
VPNs use open source virtualization software to create the tunnel through the internet.
VPNs use dedicated physical connections to transfer data between remote users.
VPNs use virtual circuits to create a private network over a public network.

90. In which OSPF state will the DR/BDR election be held?

ExStart
inside
Two ways
Exchange

91. Two companies have just completed a merger. The network engineer was asked to connect the two company networks without the cost of leased lines. What solution would be the most cost-effective method to provide proper and secure connectivity between the two corporate networks?

Clientloses SSL-VPN von Cisco Secure Mobility
Frame-Relay
Remote access VPN with IPsec
Cisco AnyConnect Secure Mobility Client mit SSL
Site-to-Site-VPN

Explanation:The Site-to-Site VPN is an extension of a classic WAN network that offers a static connection of entire networks. Frame Relay would be a better choice than leased lines, but more expensive than implementing site-to-site VPNs. The other options relate to remote access VPNs, which are better suited to connecting users to the corporate network than connecting two or more networks together.

92. What is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?

Loading
founded
full
Two ways

93. Relate to the exhibition. If the switch reboots and all routers need to reestablish OSPF adjacencies, which routers will become the new DR and BDR?

Router R3 becomes the DR and router R1 becomes the BDR.
Router R4 becomes the DR and router R3 becomes the BDR.
Router R1 becomes the DR and router R2 becomes the BDR.
Router R3 becomes the DR and router R2 becomes the BDR.

Explanation:OSPF elections of a DR are based on the following order of precedence:

highest priority from 1 -255 (0 = never a DR)
highest router ID
highest IP address of a loopback or an active interface if there is no manually configured router ID. Loopback IP addresses take precedence over other interfaces.

In this case, routers R3 and R1 have the highest router priority. Between the two, R3 has the higher router ID. Therefore, R3 becomes DR and R1 becomes BDR.

94. What type of server would be used to keep a historical record of messages from monitored network devices?

DNS
press
DHCP
Syslog
authentication

95. If QoS is implemented in a converged network, what two factors can be controlled to improve network performance for real-time traffic? (Choose two.)

packet addressing
delay
Tremble
Packet-Routing
connection speed

96. In what step of collecting symptoms does the network engineer determine whether the problem is at the core, distribution, or access layer of the network?

determine ownership.
Determine the symptoms.
Limit the scope.
Document the symptoms.
Collect informations.

97. Which protocol periodically sends advertisements between connected Cisco devices to learn device name, IOS version, and number and type of interfaces?

CDP
SNMP
NTP
LLDP

98. An administrator configures single-area OSPF on a router. One of the networks to advertise is 192.168.0.0 255.255.252.0. What wildcard mask would the admin use in the OSPF net statement?

0.0.0.127
0.0.0.31
0.0.3.255
0.0.0.63

99. See exhibition. An administrator configures the following ACL to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:

access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5access-list 100 allow ip any any

Where should the administrator place this ACL for the most efficient use of network resources?

incoming to router A Fa0/0
outgoing on router B Fa0/0
outgoing on router A Fa0/1
incoming to router B Fa0/1

100. What type of OSPFv2 packet is used to forward OSPF link change information?

Link State Confirmation
Link-State-Update
Hallo
Database Description

101. Which protocol synchronizes with a private master clock or with a publicly accessible server on the Internet?

MPLS
CBWFQ
TFTP
NTP

102. Which VPN type allows multicast and broadcast traffic over a secure site-to-site VPN?

dynamic multipoint VPN
SSL-VPN
Virtual IPsec tunnel interface
GRE over IPsec

103. An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16 and 10.2.0.0/16. What OSPF network command would advertise only the 10.1.0.0 network to neighbors?

router (configuration router) # network 10.1.0.0 0.0.255.255 area 0
router (configuration router) # network 10.1.0.0 0.0.15.255 area 0
Router (configuration router) # network 10.1.0.0 255.255.255.0 area 0
router (configuration router) # network 10.1.0.0 0.0.0.0 area 0

104. Relate to the exhibition. What command sequence should be used to configure Router A for OSPF?

CCNA 3 (Version 7.00) ENSA final exam Answers complete (23)

Router-OSPF 1
Network 192.168.10.0 area 0

Router-OSPF 1
Network 192.168.10.0

Router-OSPF 1
Network 192.168.10.64 255.255.255.192
Network 192.168.10.192 255.255.255.252

Router-OSPF 1
Network 192.168.10.64 0.0.0.63 area 0
Network 192.168.10.192 0.0.0.3 area 0

105. An administrator configures single-area OSPF on a router. One of the networks to advertise is 192.168.0.0 255.255.254.0. What wildcard mask would the admin use in the OSPF net statement?

0.0.7.255
0.0.1.255
0.0.3.255
0.0.15.255

106. How does virtualization help with disaster recovery in a data center?

improvement of business practices
Providing an even flow of air
Live migration support
Power guarantee

Explanation:Live migration allows moving a virtual server to another virtual server, which can be in another location that is some distance away from the original data center.

107. How does virtualization help with disaster recovery in a data center?

Hardware does not have to be identical.
(Different case) Hardware at the recovery site need not be identical to production equipment.
Electricity is always available.
Less energy is consumed.
Server deployment is faster.

Explanation:Disaster recovery is how an organization accesses applications, data, and the hardware that might be affected during a disaster. Virtualization provides hardware independence, meaning the disaster recovery site does not need to have exactly the same equipment as the production equipment. Server deployment is relevant when a server is first created. Although data centers have backup generators, the entire data center is designed for disaster recovery. A given data center could never guarantee that the data center itself would never be without power.

108. See exhibition. What devices are present in the fault domain when Switch S3 loses power?

S4 and PC_2
PC_3 and AP_2
AP_2 and AP_1
PC_3 and PC_2
S1 and S4

A fault domain is the area of a network that is affected when a critical device such as Switch S3 fails or experiences problems.

109. What set of access control entries would allow all users on network 192.168.10.0/24 to access a web server at 172.17.80.1 but not allow them to use telnet?

Access list 103 denied tcp host 192.168.10.0 all equations 23
Access list 103 allows TCP host 192.168.10.1 eq 80

access list 103 permission tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 denied tcp 192.168.10.0 0.0.0.255 any eq 23

access list 103 permission tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 denied tcp 192.168.10.0 0.0.0.255 all eq 23

Access List 103 Permission 192.168.10.0 0.0.0.255 Host 172.17.80.1
access-list 103 tcp deny 192.168.10.0 0.0.0.255 any eq telnet

For an extended ACL to meet these requirements, the following must be included in the access control entries:
Identification number in the range 100-199 or 2000-2699
Allow or deny parameters
Protocol
Source address and placeholder
Destination address and placeholder
port number or name

110. See exhibition. A network administrator must add an ACE to the TRAFFIC-CONTROL ACL that denies IP traffic from the 172.23.16.0/20 subnet. Which ACE meets this requirement?

5 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.255.255
15 deny 172.23.16.0 0.0.15.255
30 deny 172.23.16.0 0.0.15.255

111. What step in the link-state routing process does a router describe that builds a link-state database based on received LSAs?

Running the SPF algorithm
Creating the topology table
Selection of the router ID
declare a neighbor unreachable

112. What protocol do agents residing on managed devices use to collect and store information about the device and its operation?

SYSLOG
TFTP
CBWFQ
SNMP

113. An administrator configures single-area OSPF on a router. One of the networks to advertise is 10.27.27.0 255.255.255.0. What wildcard mask would the admin use in the OSPF net statement?

0.0.0.63
0.0.0.255
0.0.0.31
0.0.0.15

114. When does an OSPF-enabled router transition from the down state to the init state?

when an OSPF-enabled interface becomes active
as soon as the router starts
when the router receives a hello packet from a neighbor router
as soon as the DR/BDR dialing process is complete

115. What type of traffic has a high data volume per packet?

Data
Video
Voice

116. Which protocol is a vendor-neutral Layer 2 protocol that communicates the identity and capabilities of the host device to other connected network devices?

LLDP
NTP
TFTP
SNMP

117. Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination?

Creating the topology table
Selection of the router ID
declare a neighbor unreachable
Running the SPF algorithm

118. See exhibition. What conclusion can be drawn from this OSPF multiaccess network?

When the DR stops producing Hello packets, a BDR is elected and then it promotes itself to take over the role of DR
Choosing the DR reduces the number of neighborhoods from 6 to 3.*
When a DR is chosen, all other non-DR routers become DROTHER.
All DROTHER routers send LSAs to DR and BDR to multicast 224.0.0.5.

In OSPF multiple access networks, a DR is chosen as a collection and distribution point for sent and received LSAs. A BDR is also elected if the DR fails. All other non-DR or BDR routers become DROTHER. Instead of flooding LSAs to all routers in the network, DROTHERs only send their LSAs to DR and BDR via the multicast address 224.0.0.6. If there is no DR/BDR election, the number of neighborhoods required is n(n-1)/2 => 4(4-1)/2 = 6. With the election, this number reduces to 3

119. See exhibition. The network admin has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement in this situation?

extended ACL from the R2 WAN interface to the Internet
Default ACL inbound on R1 vty lines
extended ACLs incoming on R1 G0/0 and G0/1
extended ACL outbound on R2 S0/0/1

Explanation:Standard ACLs only allow or deny packets based on the source IPv4 address. Since all types of traffic are allowed or denied, default ACLs should be as close to the destination as possible.

Advanced ACLs allow or deny packets based on source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports, and more. Because extended ACL filtering is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Unsolicited traffic is denied close to the source network without crossing the network infrastructure.

120. What type of VPN connects with the Transport Layer Security (TLS) feature?

SSL-VPN
Virtual IPsec tunnel interface
GRE over IPsec
dynamic multipoint VPN

121. What set of APIs does an SDN controller use to communicate with different applications?

Eastbound-APIs
Westbound-APIs
Northbound-APIs
Southbound-APIs

122. A company has consolidated a number of servers and is looking for a program or firmware to create and control virtual machines that have access to all the hardware of the consolidated servers. What service or technology would support this requirement?

Cisco ACI
Software defined networking
Typ-1-Hypervisor
APIC-EM

123. What command would be used as part of configuring NAT or PAT to identify internal local addresses to be translated?

ip nat overloaded within the source list 24 serial port 0/1/0
ip nat within source list 14 pool POOL STAT overload
Access List 10 Permission 172.19.89.0 0.0.0.255
ip nat within source list ACCTNG Pool POOL-STAT

124. Every business has chosen to reduce its environmental footprint by reducing energy bills, moving to a smaller facility, and encouraging teleworking. What service or technology would support the requirements?

-Cloud-Services
data center
APIC-EM
Cisco ACI

125. See exhibition. An administrator attempts to back up the router's currently running configuration to a USB drive and enters the commandcopy usbflash0:/R1-config running-configin the router command line. After removing the USB drive and connecting it to a PC, the administrator finds that the running configuration was not properly backed up in the R1 configuration file. What is the problem?

The file already exists on the USB drive and cannot be overwritten.
The drive was not properly formatted with the FAT16 file system.
The USB drive is out of space.
The USB drive is not recognized by the router.
The command used by the administrator was wrong.

126. What three types of VPNs are examples of company-managed site-to-site VPNs? (Choose three.)

Layer-3-MPLS-VPN
IPsec-VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN
Clientloses SSL-VPN
Client-based IPsec VPN

127. See exhibition. Employees at 192.168.11.0/24 are working on critically sensitive information and cannot access outside of their network. What is the best ACL type and placement in this situation?

Default ACL inbound on R1 vty lines
extended ACL input on R1 G0/0
Default ACL incoming on R1 G0/1
extended ACL input on R3 S0/0/1

128. Which two statements describe the Link State Database (LSDB) in an OSPF network? (Choose two.)

It can be viewed by using theShow IP OSPF databaseCommand.
A neighbor table is created based on the LSDB.
It contains a list of only the best routes to a given network.
It contains a list of all neighboring routers with which a router has established bidirectional communication.
All routers within an area have an identical link state database.

129. What OSPF structure is used in an OSPF network to create the neighbor table on a router?

neighborhood database
Link State Database
routing table
forwarding database

130. What protocol is used in a system consisting of three elements - a manager, agents and an information database?

MPLS
SYSLOG
SNMP
TFTP

131. What type of traffic is described as non-resilient?

Data
Video
Voice

Explanation:Video traffic tends to be unpredictable, inconsistent and bursty compared to voice traffic. Compared to voice, video is less prone to loss and has a higher data volume per packet.

132. See exhibition. Router R1 is configured with static NAT. The addressing on the router and the web server are configured correctly, but there is no connection between the web server and users on the Internet. What is a possible reason for this lack of connectivity?

The Fa0/0 interface should be configured using the ip nat outside command.
The internal global address is wrong.
The router's NAT configuration has an incorrect internal local address.
The NAT configuration on the S0/0/1 interface is incorrect.

133. What type of API would be used to allow an organization's authorized sales representatives to access internal sales data from their mobile devices?

open
Partner
public
Private

134. See exhibition. What data format is used to represent the data for network automation applications?

XML
HTML
YAML
JSON

135. An ACL is applied inbound to a router interface. The ACL consists of a single entry:

access-list 101 zulassen udp 192.168.100.32 0.0.0.7 host 198.133.219.76 eq telnet .

If a packet with a source address of 198.133.219.100, a destination address of 198.133.219.170 and a protocol of 23 is received on the interface, is the packet allowed or rejected?

denied
permitted

136. See exhibition. If no router ID was manually configured, what would router R1 use as its OSPF router ID?

10.0.0.1
10.1.0.1
192.168.1.100
209.165.201.1

137. Which protocol is a vendor-neutral Layer 2 protocol that communicates the identity and capabilities of the host device to other connected network devices?

NTP
LLDP
SNMP
MPLS

138. Which VPN type uses a hub-and-spoke configuration to build a full mesh topology?

MPLS-VPN
GRE over IPsec
Virtual IPsec tunnel interface
dynamic multipoint VPN

139. What is a feature of the REST API?

A. evolved into SOAP
B. used to exchange XML-structured information via HTTP or SMTP
C. is considered slow, complex and rigid
D. Most widely used API for web services

140. In what step of collecting symptoms does the network engineer determine whether the problem is at the core, distribution, or access layer of the network?

Determine the symptoms.
determine ownership.
Collect informations.
Limit the scope.
Document the symptoms.

141. A student doing a summer semester abroad has taken hundreds of pictures with a smartphone and wants to save them in case of loss. What service or technology would support this requirement?

Cisco ACI
Cloud-Services
Software defined networking
dedicated servers

142. Consider the following access list, which allows transfer of IP phone configuration files from a specific host to a TFTP server:

R1(config)# access-list 105 udp host 10.0.70.23 host 10.0.54.5 range 1024 5000R1(config)# access-list 105 IP beliebig verweigernR1(config)# interface gi0/0R1(config-if)# ip access -Gruppe 105 aus

What method would allow the network admin to change the ACL to include FTP transfers from any source IP address?

R1(config)# interface gi0/0
R1 (config-if) # no ip access group 105 off
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 20
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 21
R1(config)# interface gi0/0
R1 (config-if) # IP access group 105 off

R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 20
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 21

R1(config)# interface gi0/0
R1 (config-if) # no ip access group 105 off
R1(config)# no access list 105
R1 (config) # access list 105 allowed udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 20
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 21
R1 (config) # access list 105 ip deny all all
R1(config)# interface gi0/0
R1 (config-if) # IP access group 105 off

R1 (config) # access list 105 allowed udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 20
R1 (config) # access list 105 allows tcp any host 10.0.54.5 eq 21
R1 (config) # access list 105 ip deny all all

143. What three statements are generally accepted as best practices when placing ACLs? (Choose three.)

Filter unwanted traffic before it hits a low-bandwidth connection.
Place default ACLs near the traffic's destination IP address.
Place default ACLs near the traffic source IP address.
Place extended ACLs near the traffic's destination IP address.
Place extended ACLs near the traffic source IP address.
For every inbound ACL placed on an interface, there should be a matching outbound ACL.

144. Match the term to the web link http://www.buycarsfromus.com/2020models/ford/suv.html#Escape component. (Not all options are used.)

HTTP —-> Protocol
buycarsfromus.com/2020models/ford/suv.html#Escape—->ballot boxes
http://www.buycarsfromus.com/2020models/ford/suv.html—->URL
http://www.buycarsfromus.com/2020models/ford/suv.html#Escape—->URI
#Flee—-Fragment

145. What command would be used as part of configuring NAT or PAT to show any static translations that were configured?

Show IP NAT translations
View IP Pat Translations
Show IP Cache
show running configuration

146. A network administrator modified an OSPF-enabled router to have a hello timer setting of 20 seconds. What is the new default dead interval time?

40 seconds
60 seconds
80 seconds
100 seconds

147. What type of VPN is the preferred choice for support and ease of deployment for remote access?

SSL-VPN
GRE over IPsec
dynamic multipoint VPN
Virtual IPsec tunnel interface

148. What type of traffic is described as predictable and smooth?

Video
Data
Voice

149. Which queuing mechanism does not provide prioritization or buffering, but simply forwards packets in the order in which they arrive?

FIFO
LLQ
CBWFQ
WFQ

150. See exhibition. A network administrator configured OSPFv2 on the two Cisco routers. The routers are not able to form a neighbor neighborhood. What should be done to fix the problem on Router R2?

Implement the no passive-interface Serial0/1 command.
Deploy the network 192.168.2.6 0.0.0.0 area 0 command to router R2.
Change the router ID of router R2 to 2.2.2.2.
Deploy the network 192.168.3.1 0.0.0.0 area 0 command to router R2.

151. A network administrator fixes an OSPF issue affecting neighboring neighbors. What should the admin do?

Make sure the router priority is unique on each router.
Make sure the DR/BDR election is complete.
Make sure the router ID is included in the hello packet.
Make sure the hello and dead interval timers are the same on all routers.

152. See exhibition. Internet privileges for an employee have been revoked due to abuse, but the employee still needs access to company resources. What is the best ACL type and placement in this situation?

CCNA 3 (Version 7.00) ENSA final exam Answers complete (35)

Default ACL inbound on the R2 WAN interface that is connected to the Internet
Default ACL from the R2 WAN interface to the Internet
Default ACL incoming on R1 G0/0
Default ACL based on R1 G0/0

Explanation:– Default ACLs only allow or deny packets based on source IPv4 address. Since all types of traffic are allowed or denied, default ACLs should be as close to the destination as possible.
- Advanced ACLs allow or deny packets based on source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports, and more. Because extended ACL filtering is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Unsolicited traffic is denied close to the source network without crossing the network infrastructure.

153. An ACL is applied inbound to a router interface. The ACL consists of a single entry:

access list 100 permission tcp 192.168.10.0 0.0.0.255 172.17.200.0 0.0.0.255 eq www .

If a packet with a source address of 192.168.10.244, a destination address of 172.17.200.56 and a protocol of 80 is received on the interface, is the packet allowed or rejected?

denied
permitted

154. A company has hired a network security firm to help identify vulnerabilities in the company network. The company sends a team to conduct penetration tests on the company network. Why would the team use applications like Nmap, SuperScan and Angry IP Scanner?

to detect installed tools in files and directories that allow threat actors remote access and control over a computer or network
to detect evidence of a hack or malware on a computer or network
for reverse engineering binaries when writing exploits and analyzing malware
to scan network devices, servers and hosts for open TCP or UDP ports

155. What command would be used as part of configuring NAT or PAT to display any dynamic PAT translations created by traffic?

View IP Pat Translations
Show IP Cache
show running configuration
Show IP NAT translations

156. An administrator configures single-area OSPF on a router. One of the networks to advertise is 172.16.91.0 255.255.255.192. What wildcard mask would the admin use in the OSPF net statement?

0.0.31.255
0.0.0.63
0.0.15.255
0.0.7.255

157. What type of traffic is described as requiring no more than 400 milliseconds (ms) latency?

Video
Data
Voice

158. See exhibition. What two configurations would be used to create and apply a default access list on R1 such that only the 10.0.70.0/25 network devices are allowed to access the internal database server? (Choose two.)

A.
R1(config)# Interface GigabitEthernet0/0
R1 (config-if) # IP access group 5 off
B.
R1(config)# access list 5 permission 10.0.54.0 0.0.1.255
C.
R1(config)# Interface Serial0/0/0
R1 (config-if) # IP access group 5 in
D.
R1(config)# access list 5 permission 10.0.70.0 0.0.0.127
E.
R1(config)# access-list 5 allows any

159. A network administrator writes a default ACL that denies all traffic from the 172.16.0.0/16 network but allows all other traffic. What two commands should be used? (Choose two.)

router (config) # deny access list 95 172.16.0.0 255.255.0.0
Router(config)# access-list 95 Allow any
router (config) # access list 95 host 172.16.0.0
router (config) # deny access list 95 172.16.0.0 0.0.255.255
router(config)# access list 95 172.16.0.0 255.255.255.255
Router(config)# access-list 95 deny all

Explanation:To deny traffic from the network 172.16.0.0/16, thedeny access list 95 172.16.0.0 0.0.255.255command is used. To allow all other traffic, theaccess-list 95 allow anyadded statement.

160. See exhibition. The company has decided that no traffic originating from any other existing or future network can be transferred to the research and development network. In addition, no traffic originating from the research and development network can be transferred to other existing or future networks in the company. The network administrator has decided that extended ACLs are a better fit for these needs. What will the network administrator do based on the information given?

An ACL is placed on the R1 Gi0/0 interface and an ACL is placed on the R2 Gi0/0 interface.
Only a numbered ACL will work in this situation.
One ACL is placed on the R2 Gi0/0 interface and one ACL is placed on the R2 S0/0/0 interface.
Two ACLs (one in each direction) are placed on the R2-Gi0/0 interface.

161. Which protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers?

TFTP
SYSLOG
NTP
MPLS

162. See exhibition. If no router ID was manually configured, what would router Branch1 use as its OSPF router ID?

10.0.0.1
10.1.0.1
192.168.1.100
209.165.201.1

Explanation:In OSPFv2, a Cisco router uses a three-step method to derive its router ID. The first choice is the manually configured router ID using the router-id command. If the router ID is not configured manually, the router chooses the highest IPv4 address of the configured loopback interfaces. Finally, if no loopback interfaces are configured, the router chooses the highest active IPv4 address on its physical interfaces.

163. Map the HTTP method to the RESTful operation.

164. See exhibition. A web designer calls to report that the web server web-s1.cisco.com is not reachable from a web browser. The technician uses command line utilities to verify the problem and begin troubleshooting. What two things can be ascertained about the problem? (Choose two.)

The web server at 192.168.0.10 is reachable from the source host.
The default gateway between the source host and the server at 192.168.0.10 is down.
There is a problem with the web server software on web-s1.cisco.com.
A router has failed between the source host and server web-s1.cisco.com.
DNS cannot resolve the IP address for the server web-s1.cisco.com.

165. What type of traffic is described as tending to be unpredictable, inconsistent and bursty?

Video
Voice
Data

166. Match the functions to the appropriate levels. (Not all options are used.)

167. What type of traffic is described as requiring higher priority traffic if it is interactive?

Voice
Data
Video

168. What type of VPN offers a flexible option to connect a central site to branch offices?

IPsec-VPN
Client-based IPsec VPN
Layer-3-MPLS-VPN
Clientloses SSL-VPN
Cisco Dynamic Multipoint VPN
GRE over IPsec VPN

169. A company has hired a network security firm to help identify vulnerabilities in the company network. The company sends a team to conduct penetration tests on the company network. Why would the team use fuzzer?

to discover security vulnerabilities in a computer
to detect evidence of a hack or malware on a computer or network
for reverse engineering binaries when writing exploits and analyzing malware
to detect installed tools in files and directories that allow threat actors remote access and control over a computer or network

170. See exhibition. A network administrator configured a default ACL to allow only the two LAN networks attached to R1 access to the network attached to R2's G0/1 interface, but not to the G0/0 interface. Following best practices, where should the default ACL be applied?

R1 S0/0/0 outgoing
R2 G0/0 outgoing
R2 S0/0/1 outgoing
R1 S0/0/0 incoming
R2 G0/1 incoming

171. Two OSPF-enabled routers are connected via a point-to-point connection. During the ExStart state, which router is chosen first to send DBD packets?

the router with the highest router ID
the router with the lowest IP address on the connection interface
the router with the highest IP address on the connection interface
the router with the lowest router ID

Explain:In the ExStart state, the two routers decide which router sends the DBD packets first. The router with the higher router ID is the first router to send DBD packets during the Exchange state

172. What step in the link-state routing process does a router that sends hello packets to all OSPF-enabled interfaces describe?

Exchange of link state indicators
Choosing the designated router
Injection of the default route
build neighborhood relationships

173. A company has hired a network security firm to help identify vulnerabilities in the company network. The company sends a team to conduct penetration tests on the company network. Why would the team use forensic tools?

to get specially designed operating systems preinstalled with tools optimized for hacking
to detect evidence of a hack or malware on a computer or network
to detect installed tools in files and directories that allow threat actors remote access and control over a computer or network
for reverse engineering binaries when writing exploits and analyzing malware

174. See exhibition. A network administrator has configured OSPFv2 on the two Cisco routers, but PC1 cannot connect to PC2. What is the most likely problem?

Interface Fa0/0 has not been enabled for OSPFv2 on router R2.
Interface Fa0/0 is configured as a passive interface on router R2.
The S0/0 interface is configured as a passive interface on router R2.
Interface s0/0 has not been enabled for OSPFv2 on router R2.

Explanation:If a LAN network is not advertised with OSPFv2, a remote network will not be reachable. The output indicates successful neighbor adjacency between routers R1 and R2 on the S0/0 interface of both routers.

175. ABCTech is investigating the use of automation for some of its products. To control and test these products, the programmers need Windows, Linux and MAC OS on their computers. What service or technology would support this requirement?

dedicated servers
Software defined networking
virtualization
Cisco ACI

176. A network engineer noticed that some expected network route entries do not appear in the routing table. Which two commands provide additional information about the status of router neighborhoods, timer intervals, and area ID? (Choose two.)

View IP logs
Show ip ospf neighbor
show running configuration
Show IP OSPF interface
Show IP route ospf

Explanation:The show ip ospf interface command displays routing table information that is already known. The show running-configuration and show ip protocols commands show aspects of the OSPF configuration on the router, but do not show details about the adjacency status or the timer interval.

177. What type of VPN involves routing traffic across the backbone using labels distributed across core routers?

MPLS-VPN
GRE over IPsec
Virtual IPsec tunnel interface
dynamic multipoint VPN

178. What type of VPN encapsulates an insecure tunneling protocol with IPsec?

SSL-VPN
dynamic multipoint VPN
GRE over IPsec
Virtual IPsec tunnel interface

179. A company has hired a network security firm to help identify vulnerabilities in the company network. The company sends a team to conduct penetration tests on the company network. Why would the team use hacking operating systems?

to detect evidence of a hack or malware on a computer or network
to get specially designed operating systems preinstalled with tools optimized for hacking
Encode data using algorithmic schemes to prevent unauthorized access to the encrypted data
for reverse engineering binaries when writing exploits and analyzing malware

180 What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network?

ip pat in
Access List 10 Permission 172.19.89.0 0.0.0.255
ip nat inside
ip nat outside

181. To avoid purchasing new hardware, a company wants to utilize idle system resources and consolidate the number of servers while enabling multiple operating systems on a single hardware platform. What service or technology would support this requirement?

data center
Cloud-Services
virtualization
dedicated servers

Explain:Server virtualization takes advantage of idle resources and consolidates the number of servers required. This also allows multiple operating systems to exist on a single hardware platform.

182. What type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?

MPLS-VPN
Virtual IPsec tunnel interface
dynamic multipoint VPN
GRE over IPsec

183. Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link?

Creating the topology table
Selection of the router ID
Exchange of link state indicators
Injection of the default route

184. Which type of traffic is described with either TCP or UDP, depending on the need for error recovery?

Video
Voice
Data

185. See exhibition. The company's CEO requires that an ACL be created to allow email traffic to the Internet and deny FTP access. What is the best ACL type and placement in this situation?

extended ACL from the R2 WAN interface to the Internet
Default ACL outbound on R2 S0/0/0
extended ACL input on R2 S0/0/0
Default ACL inbound on the R2 WAN interface that is connected to the Internet

186 What command would be used as part of configuring NAT or PAT to define a pool of addresses for translation?

ip nat inside static source 172.19.89.13 198.133.219.65
ip nat overloaded within the source list 24 serial port 0/1/0
ip nat pool POOL-STAT 64.100.14.17 64.100.14.30 Netzmaske 255.255.255.240
ip nat outside

187. What is the name of the layer in the Cisco Borderless Switched Network design that is considered the backbone for high-speed connectivity and fault isolation?

Data Connection
Access
Kern
network
network access

188. An ACL is applied inbound to the router interface. The ACL consists of a single entry:

Allow access list 210 tcp 172.18.20.0 0.0.0.47 any eq ftp

If a packet with a source address of 172.18.20.40, a destination address of 10.33.19.2 and a protocol of 21 is received on the interface, is the packet allowed or rejected?

permitted
denied

189. What type of traffic is considered de-priority traffic if it is not mission-critical?

Video
Data
Voice

190. Which OSPF table is the same on all converged routers within the same OSPF region?

Routing
Neighbor
neighborhood
Topology

191. An ACL is applied inbound to a router interface. The ACL consists of a single entry:
access list 100 permission tcp 192.168.10.0 0.0.0.255 any www .

If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27 and a protocol of 80 is received on the interface, is the packet allowed or rejected?

permitted
denied

192. Which protocol allows the manager to query agents to access information from the agent MIB?

CBWFQ
SYSLOG
TFTP
SNMP

193. Match each component of a WAN link to its description. (Not all options are used.)

194. What type of traffic is described as being able to tolerate a certain level of latency, jitter and loss without noticeable effects?

Voice
Video
Data

195. Which term describes adding a value to the packet header as close as possible to the source so that the packet conforms to a defined policy?

police
traffic marking
Weighted Random Early Detection (WRED)
traffic shaping
tail fall

196. Which three traffic-related factors would influence the selection of a specific WAN connection type? (Choose three.)

cost of the link
traffic volume
Distance between locations
reliability
security needs
type of traffic

Explanation:Traffic-related factors that influence the selection of a particular WAN connection type include the type of traffic, the amount of traffic, quality requirements, and security requirements. Quality requirements include ensuring that traffic that cannot tolerate delays and critical business transaction traffic are given priority.

197. What command would be used as part of configuring NAT or PAT to associate the internal local addresses with the pool of addresses available for PAT translation?

ip nat within source list ACCTNG Pool POOL-STAT
IP NAT translation timeout 36000
ip nat within source list 14 pool POOL STAT overload
ip nat inside static source 172.19.89.13 198.133.219.65

198. Which protocol is a vendor-neutral Layer 2 discovery protocol that needs to be configured separately to send and receive packets of information?

SNMP
MPLS
LLDP
NTP

199. An ACL is applied inbound to a router interface. The ACL consists of a single entry:
Allow access list 210 TCP 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .

If a packet with a source address of 172.18.20.55, a destination address of 172.18.20.3 and a protocol of 21 is received on the interface, is the packet allowed or rejected?

permitted
denied

200. See exhibition. Company policy requires that access to the server network be restricted to internal employees only. What is the best ACL type and placement in this situation?

CCNA 3 (Version 7.00) ENSA final exam Answers complete (46)

extended ACL outbound on R2 S0/0/1
Default ACL outbound on R2 S0/0/0
Default ACL inbound on the R2 WAN interface that is connected to the Internet
extended ACL input on R2 S0/0/0

201. A technician is working on a Layer 2 switch and notices that a %CDP-4 DUPLEX_MISMATCH message keeps appearing for port G0/5. What command should the technician issue on the switch to start the troubleshooting process?

Show cdp neighbors
Show a short description of the IP interface
Show interface g0/5
show cp

202. What virtual resource would be installed on a network server to provide direct access to hardware resources?

VMware-Fusion
a management console
a dedicated VLAN
a type 1 hypervisor

Explanation:Type 1 hypervisors, the hypervisor is installed directly on the server or network hardware. Then instances of an operating system are installed on the hypervisor as shown in the figure. Type 1 hypervisors have direct access to the hardware resources. Therefore, they are more efficient than hosted architectures. Type 1 hypervisors improve scalability, performance, and resiliency.

203. See exhibition. A network administrator has configured a default ACL to allow only the two LAN networks connected to R1 to access the network connected to R2's G0/1 interface. Following best practices, where should the default ACL be applied?

CCNA 3 (Version 7.00) ENSA final exam Answers complete (47)

R2 G0/1 incoming
R2 S0/0/1 outgoing
R1 S0/0/0 outgoing
R2 G0/1 outgoing
R2 G0/0 outgoing

204. Which OSPF database is the same on all converged routers within the same OSPF realm?

Neighbor
forwarding
connection status
neighborhood

Explanation:Regardless of what OSPF region a router is in, the adjacency database, routing table, and forwarding database are unique to each router. The Link State Database lists information about all other routers within an area and is identical for all OSPF routers participating in that area.

205. What are two features to consider when creating a named ACL? (Choose two.)

Use alphanumeric characters when necessary.
Use special characters like ! or * to indicate the importance of the ACL.
Modify the ACL with a text editor.
Be descriptive when creating the ACL name.
For readability, use a space to separate the name from the description

Explanation:The following summarizes the rules to follow for named ACLs:

Assign a name to identify the purpose of the ACL.
Names can contain alphanumeric characters.
Names cannot contain spaces or punctuation marks.
It is recommended to write the name in CAPITAL LETTERS.
Entries can be added or deleted within the ACL.

206. Adapt RESTful API method to CRUD function.

CCNA 3 (Version 7.00) ENSA final exam Answers complete (48)

207. What type of traffic is described as requiring at least 384 Kbps of bandwidth?

Voice
Data
Video

208. Which step in the link-state routing process is described by a router inserting the best paths into the routing table?

declare a neighbor unreachable
Running the SPF algorithm
Equal cost load balancing paths
Choosing the best route

209. Every company has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility and encouraging teleworking. What service or technology would support this requirement?

data center
virtualization
Cloud-Services
dedicated servers

210. Which QoS technique smooths the packet output rate?

police
layout
weighted random early detection
Integrated Services (IntServ)
mark

211. Refer to the exhibition. The company has provided IP phones to employees on the 192.168.10.0/24 network and voice traffic must take precedence over data traffic. What is the best ACL type and placement in this situation?

extended ACL input on R1 G0/0
extended ACL from the R2 WAN interface to the Internet
extended ACL outbound on R2 S0/0/1
extended ACLs incoming on R1 G0/0 and G0/1

212. A network engineer is configuring SNMPv3 and has set a security level of SNMPv3 authPriv. What is a feature when using this layer?

authenticates a packet using only the SHA algorithm
authenticates a package by a string match of username or community string
authenticates a packet using either the HMAC with MD5 method or the SHA method
authenticates a packet using either the HMAC MD5 or HMAC SHA algorithm and a username

CCNA 3 (Version 7.00) ENSA final exam Answers complete (2023)

CCNA 3 final exam answers

References