×

Quiz Session - Attempts With Random Questions

Cisco CCNA Exam Questions

Page 5 of 25

81.

Which command can be used to verify a static host route in IPv6?

  • show ipv6 route static

  • ipv6 route show static

  • show ipv6 host route

  • show ip route

  • ip host route static

Correct answer: show ipv6 route static

The "show ipv6 route static" command will display static routes in IPv6, including host routes. A host route in IPv6 will have the subnet prefix /128.

82.

According to IEEE 802.11 terminology, what do you call a device connected to a wireless network?

  • STA

  • BSS

  • SSID

  • BSSID

Correct answer: STA

Any device capable of using the 802.11 wireless protocol is called a station (STA). This can include laptops, smartphones, and access points (APs). 

A basic service set (BSS) is a closed area including an AP and connected devices. A service set identifier (SSID) is the human-readable, non-unique name of a wireless network. A basic service set identifier (BSSID) is a unique identifier for an AP.

83.

What are three things that should be included in user training as part of a security program? (Choose three.)

  • Learning formal security policies

  • Training to recognize social engineering

  • Understanding password requirements

  • Incident response procedures

  • Malware identification and removal

A lack of user training is one of the most common causes of security incidents. A user training session should include topics such as learning about formal security procedures, recognizing social engineering, and understanding password requirements.

While incident response procedures and malware identification and removal are important, they are typically more specialized tasks not included in user training.

84.

Which two protocols are considered network administration protocols? (Choose two.)

  • ICMP

  • SNMP

  • SSL

  • TCP/IP

Network protocols can typically be divided into three categories: network administration, network safety, and communication over the internet. ICMP and SNMP are network administration protocols.

SSL is a network safety protocol. TCP/IP is a protocol for communication over the internet.

85.

Which access method is used to access a WLC's GUI?

  • HTTP/HTTPS

  • Telnet

  • Console

  • SSH

Correct answer: HTTP/HTTPS

HTTP and HTTPS are used with a browser to access a WLC's graphical user interface (GUI). HTTP is not encrypted and is disabled by default.

Telnet is an insecure method to get a remote terminal connection to a WLC. A console connection connects directly to a WLC's physical console port. SSH is a secure method to get a remote terminal connection to a WLC.

86.

Which statement best describes the underlay in Cisco Software-Defined Access?

  • The multi-layer switches and links that allow network device nodes to send IP packets

  • The functions that deliver endpoint packets across a network using tunnels between fabric nodes

  • All the features to deliver data across a network

  • The switches that connect to devices outside of an SDA's control

Correct answer: The multi-layer switches and links that allow network device nodes to send IP packets

Cisco Software-Defined Access (SDA) uses a controller with various APIs. The underlay includes the switches and cabling that allow network device nodes to send IP packets.

The overlay includes the functions that deliver endpoint packets across a network using tunnels between fabric nodes. The fabric is the combination of overlay and underlay which provides all features to deliver data across the network. A fabric border node is a switch that connects to devices outside of an SDA's control.

87.

What are three elements that should be included in an effective security program to educate users? (Choose three.)

  • User awareness

  • User training

  • Physical access control

  • Social engineering detection

  • Corporate security policies

Organizations should take the time to educate users through a security program. This includes user awareness, user training, and physical access control. User awareness involves teaching users about threats. User training involves participating in security practices. Physical access control involves securing locations like server rooms.

Social engineering detection is part of user awareness, and corporate security policies are an aspect of user training.

88.

Why are private IPv4 addresses needed?

  • Because there are not enough public IPv4 addresses

  • Because some network traffic shouldn't leave the corporate WAN

  • Because they define the difference between the corporate LAN and WAN

  • Because legacy systems can only handle private IPv4 addresses

Correct answer: Because there are not enough public IPv4 addresses

There are not enough IPv4 addresses to accommodate all the devices that connect to the Internet. Therefore, Network Address Translation (NAT) is used to allow for private networks to connect behind a single public IP address.

The other answer choices are not related to IP addressing.

89.

What are the four major actions of a REST API? (Choose four.)

  • Create

  • Read

  • Update

  • Delete

  • Transfer

The four major actions that an application performs are creating, reading, updating, and deleting. That spells the acronym CRUD.

Transferring is not a primary action.

90.

Which range of electromagnetic radiation is categorized as radio frequencies?

  • 3 kHz to 300 GHz

  • 0 hz to 20 hz

  • 20 hz to 20,000 Hz

  • 3 GHz to 400 THz

  • 1016 to 1020 Hz

Correct answer: 3 kHz to 300 GHz

The radio frequency range is 3 kHz to 300 GHz. It includes radio, microwave, radar, television, and wireless communications.

The subsonic range is 0 to 20 hz, while 20 hz to 20000 Hz is the audio frequency range, and 3 GHz to 400 THz is the infrared range. The X-ray range is 1016 to 1020 Hz.

91.

Which of the following is the part of software-defined architecture in which VXLAN tunnels are utilized to send traffic from one endpoint to another?

  • Overlay

  • Underlay

  • Fabric edge node

  • NBI

Correct answer: Overlay

In Cisco Software-Defined Access (SDA), the functions that deliver endpoint packets between fabric nodes are in the overlay. The overlay is where VXLAN tunnels are utilized to send data between endpoints.

The underlay is used to provide connectivity and support the creation of VXLAN tunnels. A fabric edge node is a switch that connects to endpoints. The northbound interface (NBI) is the interface from the controller to applications.

92.

Where should packets go if they are addressed to a network that is not explicitly included in the routing table?

  • Gateway of last resort

  • Route with shortest prefix length

  • Broadcast address

  • Out all interfaces

Correct answer: Gateway of last resort

A gateway of last resort is the default route where packets destined for a network not in the routing table are sent. It can be set with a command like "ip route 0.0.0.0 0.0.0.0 S0/1/0". 

The prefix length applies to routes that are explicitly defined in the routing table. If the router does not have a static default route set, then it will drop the packet, not send it to a broadcast address or out all interfaces.

93.

What three features are part of a Cisco NGIPS that are not part of a traditional IPS? (Choose three.)

  • AVC

  • Contextual awareness

  • Reputation-based filtering

  • Stateful packet inspection

  • Event logging

A Cisco next-generation intrusion protection system (NGIPS) has several features that address deficiencies of a traditional IPS. One feature is Application Visibility and Control (AVC), which looks into the application layer rather than just ports and addresses. Another feature is contextual awareness, which means it knows the operating systems, applications, and other details of hosts the NGIPS protects. Reputation-based filtering is another feature, and it considers the known reputation of domains and IP addresses that try to make connections. 

Stateful packet inspection and creating logs of events are parts of a traditional IPS.

94.

How many ports can be active on an EtherChannel?

  • 8

  • 16

  • 2

  • 4

  • 24

Correct answer: 8

EtherChannel combines multiple ports into one logical channel. With Link Aggregation Control Protocol (LACP), 8 ports can be actively used, and up to 16 can be included with others in case a link fails.

95.

What is the address range for the subnet/prefix 192.168.1.20/32?

  • Just 192.168.1.20

  • 192.168.1.0 - 192.168.1.32

  • 192.168.1.0 - 192.168.1.255

  • 192.168.1.1 - 192.168.1.20

  • 192.168.1.20 - 192.168.1.64

Correct answer: Just 192.168.1.20

If the prefix length is 32, then the subnet mask is 255.255.255.255, which would only put the 1 host on the subnet.

96.

Which three types of attacks target a system to try and exhaust its resources or crash it? (Choose three.)

  • Reflection

  • Amplification

  • DoS

  • Man-in-the-middle

Reflection, amplification, and denial-of-service (DoS) attacks target a system to bring it down. Reflection and amplification attacks also try to trick hosts into sending traffic to a target.

A man-in-the-middle attack tries to eavesdrop on traffic or modify it.

97.

A switch receives a frame from one of its interfaces that has a destination address, which is not in the switch's MAC address table. Subsequently, the switch forwards the frame to all other interfaces. Which process is being described in this situation?

  • Frame flooding

  • Frame switching

  • MAC learning

  • MAC aging

Correct answer: Frame flooding

In frame flooding, a frame is forwarded to all interfaces except for the originating one. This occurs with broadcast frames and unknown unicast frames. 

Frame switching involves sending a frame to a port based on its known address. MAC learning is the process of dynamically adding MAC addresses to the MAC address table based on the source address of a frame. MAC aging is the process of a MAC address expiring from a MAC address table.

98.

What is the maximum number of APs supported in a Mobility Express WLC deployment model?

  • 100

  • 200

  • 50

  • 10

Correct answer: 100

The Mobility Express WLC deployment model is ideal for small-scale environments. It supports up to 100 access points (APs) and 2000 clients.

An embedded WLC deployment supports up to 200 APs. A cloud-based WLC deployment supports up to 3,000 APs. A unified WLC deployment model supports up to 6,000 APs.

99.

Two switches (SW1 and SW2) have parts of VLAN 10 and VLAN 30 on them. There are two hosts in VLAN 10 on SW1 and three hosts in VLAN 10 on SW2. There are three hosts in VLAN 30 on SW1 and two hosts in VLAN 30 on SW2. The switches use a Gigabit Ethernet link between them for a trunk. Both switches are set to the default mode of dynamic auto. Which statement is true about the trunk?

  • The switches do not start trunking.

  • The switches will automatically start trunking at the same time.

  • SW1 will initiate trunking with SW2.

  • SW2 will initiate trunking with SW1.

Correct answer: The switches do not start trunking.

In dynamic auto mode, both switches are passively waiting for trunk negotiation messages. One switch will need to switch to dynamic desirable mode in order for trunking to start.

100.

Which command shows the most details about how port security is configured?

  • show port-security interface

  • show mac address-table secure

  • show running-config

  • switchport port-security violation

  • show interfaces status

Correct answer: show port-security interface

The "show port-security interface" command lists port security settings for an interface. It also lists information such as the number of security violations.

The "show mac address-table secure" command shows MAC addresses associated with ports that use port security. The "show running-config" command does not list detailed statistics about port security. The "switchport port-security violation" command configures how to act after a security violation. The "show interfaces status" command lists output about an interface including description, operating state, duplex, and speed. 

×