×

Quiz Session - Attempts With Random Questions

Cisco CCNP Exam Questions

Page 3 of 25

41.

A central Map Server (MS) is a critical component of which plane of Cisco SD-Access?

  • Control Plane

  • Data Plane

  • Policy Plane

  • Management Plane

  • Orchestration Plane

Correct answer: Control Plane

Cisco's Software-Defined Access (SD-Access) includes three different planes:

  • Control Plane: Uses the Locator/ID Separation Protocol (LISP), which uses a central Map Server (MS) to track remote destination data, enabling routers to only manage local routes and ask the MS for remote routes.
  • Data Plane: Uses Virtual Extensible Local Area Network (VXLAN) to encapsulate traffic and perform tunneling while preserving the original Ethernet packet header. This enables the protocol to support overlays at Layers 2 and 3 and work on Internet Protocol (IP)-based networks that incorporate network segmentation and group-based policy.
  • Policy Plane: Uses Cisco TrustSec Scalable Group Tags (SGTs) to encode information about groups, and these tags are used to apply corporate policies.

Management and orchestration are not valid planes for SD-Access.

42.

Which of the following are true? (Choose two.)

  • Containers and VMs both have their own binaries and libraries.

  • Containers and VMs both use their host's NICs.

  • Containers and VMs both have their own OS.

  • Containers are a type of VM.

Containers and Virtual Machines (VMs) both have their own binaries and libraries, and both have network access via their host's Network Interface Cards (NICs).

However, containers are not a type of VM and are dependent on the host's kernel and OS.

43.

Which of the following APIs are accessed via POST requests? (Choose two.)

  • Token API

  • Authentication API

  • Fabric Device API

  • Network Device API

POST requests are used to send data to an Application Programming Interface (API), which is necessary for authentication. Therefore, the Cisco DNA Center Token API and vManage Authentication APIs use POST requests.

The Fabric Device and Network Device APIs handle requests for data sent via a GET request.

44.

Which of the following commands correctly specifies the remote end of a GRE tunnel?

  • tunnel destination ip-address

  • tunnel source ip-address

  • gre destination ip-address

  • tunnel destination interface-id

  • gre source ip-address

Correct answer: tunnel destination ip-address

tunnel destination ip-address is the correct command to specify the remote end of a Generic Routing Encapsulation (GRE) tunnel. The source is the local end, and remote ends can't be specified using an interface-id.

The other answers are fabricated commands.

45.

Which of the following comes first in the WLC selection process?

  • Try to join a preprimed address

  • Attempt to discover a local WLC

  • Select the least-loaded WLC from discovered list

  • Attempt to enter autonomous mode

Correct answer: Try to join a preprimed address

After discovering potential Wireless Local Area Network (LAN) Controllers (WLCs), an Access Point (AP) should have a list of candidates to join. An AP makes the selection via the following process:

  1. Join a Preprimed WLC: If an AP has been primed with a primary, secondary, or tertiary controller, it tries to join each of them in order.
  2. WLC Discovery: Attempt to discover a local WLC. If it finds a controller configured as a master controller, that controller will respond.
  3. Load-Balance WLCs: When discovering WLCs, each WLC will report the ratio of how many APs it has connected vs. its capacity. With multiple WLCs to choose from, an AP will join the least loaded one.

Lightweight APs can't run without a WLC.

46.

Which of the following does a VM have that a container doesn't? (Choose two.)

  • Guest OS

  • Hypervisor

  • Runtime

  • Own Applications

  • Own binaries and libraries

A Virtual Machine (VM) has a guest Operating System (OS) and a hypervisor, while containers don't.

Both have their own applications, binaries, and libraries.

Containers have a runtime.

47.

In the Dynamic Trunking Protocol (DTP), which of the following combinations of switch port modes won't form a dynamic trunk?

  • Dynamic auto, dynamic auto

  • Dynamic auto, dynamic desirable

  • Trunk, dynamic auto

  • Trunk, dynamic dynamic

  • Dynamic desirable, dynamic desirable

Correct answer: Dynamic auto, dynamic auto

In the Dynamic Trunking Protocol (DTP), a switch port can be set to three different modes:

  • Trunk (switchport mode trunk): The switch port is statically configured as a trunk port and uses DTP advertisements to try to establish a dynamic trunk with the other end.
  • Dynamic Desirable (switchport mode dynamic desirable): By default the port acts as an access port, but it sends and listens for DTP advertisements to negotiate a dynamic trunk with the other end.
  • Dynamic Auto (switchport mode dynamic auto): The default setting on Catalyst switches where the port only listens for DTP packets and will become a trunk if it receives them and negotiates successfully with the other end.

Two dynamic auto ports can't form a dynamic trunk with one another, but any other pair can.

48.

monitor session 1 source interface g1/0/9 is a valid command to configure the source port on the source switch for which of the following protocols? (Choose two.)

  • SPAN

  • RSPAN

  • ERSPAN

  • ESPAN

The command monitor session 1 source interface g1/0/9 would work to configure the source port for the Switched Port Analyzer (SPAN) and Remote Switched Port Analyzer (RSPAN).

For Encapsulated RSPAN (ERSPAN), the commands are:

  • Source Port: monitor session span-session-number type erspan-source.
  • Source: source { interface type number | vlan vlan-ID } [ , | - | both | rx | tx ]

ESPAN is a fabricated protocol.

49.

By default, how many attempts will traceroute make to contact an unreachable host?

  • 30

  • 1

  • 5

  • 10

Correct answer: 30

The traceroute command maps the route that a packet takes between a source and destination, including the IP address or DNS name and latency of each hop along the way. By default, traceroute will try connecting 30 times before considering a destination unreachable.

50.

Which of the following are commands used to manage access to a vty line? (Choose two.)

  • access-class

  • transport input

  • access-list

  • aaa

  • restrict

In line configuration mode, the access-class {access-list-number|access-list-name} {in|out} command can be used to add an Access Control List (ACL) to restrict access to a vty line. Access to vty lines can also be managed by using the transport input {all | none | telnet | ssh} command.

The access-list and aaa commands are not used for this purpose.

The restrict command is fabricated.

51.

A wireless signal has a strength half that of the reference signal. What is its relative power?

  • -3 dB

  • 3 dB

  • 2 dB

  • -2 dB

  • -10 dB

Correct answer: -3 dB

Radio Frequency (RF) power is the strength of the signal. Absolute power is measured in watts (W). Differences can be calculated in decibels as dB = 10(log10(P2)-log10(P1)) = 10(log10(P2/P1)). Some key “laws” to remember:

  • 0 dB difference means that two signals have the same absolute power.
  • +/-3 dB means that the power level of interest has double/half the power of the reference value.
  • +/-10 dB means that the power level of interest has 10 times/one-tenth the power of the reference value.

52.

Which of the following types of PTPv2 messages include timestamps? (Choose two.)

  • Sync

  • Delay_Request

  • Delay_Response

  • Announce

  • Follow_Up

The Precision Time Protocol version 2 (PTPv2) has two different types of messages: General and Event.

Event messages (which are timestamped) include:

  • Sync: Sends time information.
  • Delay_Request: Used to estimate delay for downstream devices.
  • Pdelay_Request: Initiates the delay measurement process.
  • Pdelay_Response: Response to Pdelay_Request, used for delay measurement.

The General messages (which have no timestamps) include:

  • Announce: Used to pick the Best Master from among the Grand Masters, defining the network topology.
  • Follow_Up: Passes on the captured timestamp of a Sync message.
  • Delay_Response: Used to determine the delay between two IEEE 1588 devices.
  • Pdelay_Response_Follow_Up: Used to measure delay on incoming links by IEEE 1588 devices.
  • Management: Supports communication between clocks and management devices.
  • Signaling: Enables clocks to deliver how messages are sent.

53.

Which of the following is the correct command to create a GRE tunnel?

  • interface tunnel tunnel-number

  • tunnel create tunnel-number

  • tunnel gre tunnel-number

  • tunnel mode gre {ip | ipv6}

Correct answer: interface tunnel tunnel-number

Generic Routing Encapsulation (GRE) allows the creation of tunnels over Internet Protocol (IP) networks, which is useful for creating Virtual Private Networks (VPNs). GRE encapsulates an existing packet within a GRE packet, which includes an IP header that points to a remote endpoint where the packet will be de-encapsulated and forwarded to its destination.

GRE tunnels are defined using the following commands:

  • interface tunnel tunnel-number: Creates a new GRE tunnel.
  • tunnel source {ip-address|interface-id}: Identifies the local end of the GRE tunnel.
  • tunnel destination ip-address: Defines the remote end of the GRE tunnel.
  • ip address ip-address subnet-mask: Assigns an IP address to the tunnel.

The other commands are fabricated.

54.

When configuring a destination port for local SPAN, which of the following are the main options for the command? (Choose two.)

  • ingress

  • encapsulation

  • filter

  • egress

In the local Switch Port Analyzer (SPAN) protocol, you specify the destination port with monitor session session-id destination interface interface-id. Optionally you can choose to add the encapsulation or ingress options. The command encapsulation replicate includes 802.1Q Virtual Local Area Network (VLAN) tags and Layer 2 protocol data. The ingress option prevents the SPAN destination port from dropping ingress traffic (i.e. allowing it to receive normal traffic in addition to the SPAN traffic) and labels it with a specified VLAN ID.

55.

Which of the following are true of JSON? (Choose two.)

  • It uses curly braces for objects

  • All keys must be unique

  • It uses angle braces for arrays

  • All values must be unique

JavaScript Object Notation (JSON) uses curly braces for objects and square braces for arrays. All keys must be unique, but values can be repeated between keys.

56.

Which of the following was introduced in WPA3-Personal to protect against dictionary attacks?

  • SAE

  • PSK

  • EAP

  • WebAuth

Correct answer: SAE

An attacker eavesdropping on the Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK) four-way handshake could perform a dictionary attack to guess the PSK. WPA3-Personal addresses this by introducing Simultaneous Authentication of Equals (SAE), which performs equal authentication of the client and the server and offers forward secrecy, meaning that an attacker who learns the key can’t decrypt past sessions.

The Extensible Authentication Protocol (EAP) is used in WPA Enterprise

WebAuth is an alternative authentication method.

57.

When configuring ERSPAN, which of the following commands should be used in the destination subconfiguration mode? (Choose three.)

  • ip address

  • erspan-id

  • origin ip address

  • filter vlan

  • no shutdown

Some commands used during the process of configuring Encapsulated Remote Switched Port Analyzer (ERSPAN) include:

  • Specify Destination IP Address: ip address ip-address
  • Set Session ID: erspan-id erspan-ID
  • Set Source IP address: origin ip address ip-address command

58.

Which of the following elements of QoS uses traffic classifications to re-prioritize or drop traffic exceeding defined rates?

  • Policing

  • Shaping

  • Marking

  • Congestion Management

  • Classification

Correct answer: Policing

Quality of Service (QoS) provides priority to certain types of network traffic, reducing latency, jitter, and packet loss for them. Common components of QoS include:

  • Classification and Marking: Dividing network traffic into classes based on its purpose and importance to the business. After traffic is classified, it is marked to allow QoS policies to be applied to it.
  • Policing: Policing helps to enforce traffic rates by transmitting or remarking inbound or outbound traffic that complies with the rates and dropping or marking down traffic that exceeds it.
  • Shaping: Shaping implements a buffer for egress traffic that holds traffic exceeding the traffic rate until the rate drops to the defined level. If traffic is below the desired traffic rate, then egress traffic isn’t buffered.
  • Congestion Management: Congestion management buffers excess traffic, and then removes packets from the queue via various algorithms.
  • Congestion Avoidance: Congestion avoidance attempts to proactively prevent network congestion by proactively dropping packets.

59.

Which of the following Cisco AP modes sends only control traffic over a CAPWAP tunnel?

  • FlexConnect

  • Local

  • Monitor

  • Bridge

  • SE-Connect

Correct answer: FlexConnect

Cisco Access Points (APs) can be configured to operate in a few different modes, including:

  • FlexConnect: The lightweight AP uses a Control and Provisioning of Wireless Access Points (CAPWAP) tunnel for controlling traffic but forwards data normally (not over the tunnel). If the Wide Area Network (WAN) link and CAPWAP tunnel go down, the AP is able to perform local traffic switching within a Service Set Identifier (SSID) and Virtual Local Area Network.
  • Local: This mode is designed to serve wireless clients by supporting multiple Basic Service Sets (BSSs) on a single channel. When not transmitting, the AP measures noise levels and interference and looks for rogue devices or Intrusion Detection System (IDS) events.
  • Monitor: The AP monitors for IDS events and rogue access points and uses location services to identify station locations. It doesn’t transmit any traffic.
  • Sniffer: The AP collects 802.11 traffic from other sources and forwards it to a PC to be analyzed using Wireshark or similar traffic analysis tools.
  • Rogue Detector: The AP attempts to identify rogue devices by matching Media Access Control (MAC) addresses on wired and wireless networks since only rogues will be on both.
  • Bridge: The AP is part of a pair or group designed to provide a wireless link between two wired, separated networks.
  • Flex+Bridge: FlexConnect functionality is provided on a mesh AP.
  • SE-Connect: The AP performs spectrum analysis on all channels, which can be sent to a PC running Cisco Spectrum Expert or MetaGeek Chanalyzer to identify interference sources.

60.

Which of the following are valid JSON objects? (Choose three.)

  • {"name": "John"}

  • {"pets": ["cat":"Fluffy", "dog": "Rover"]}

  • {"ages":[21,25]}

  • {'name': 'John'}

  • ["ages":{"21","25"}]

In JavaScript Object Notation (JSON), objects are encapsulated in curly braces, keys and non-numeric values in double-quotes, and arrays in square braces. Arrays can contain values or other objects.

{'name': 'John'} is incorrect because it uses single quotes.

["ages":{"21","25"}] is incorrect because it uses square braces for an object and curly for an array.

×