×

Quiz Session - Attempts With Random Questions

Cisco CCNP Exam Questions

Page 8 of 25

141.

Which of the following types of passwords is created by the service password-encryption command?

  • Type 7

  • Type 0

  • Type 5

  • Type 8

  • Type 9

Correct answer: Type 7

The service password-encryption command is used to encrypt Type 0 passwords in configuration sessions and Telnet systems. It uses easily-breakable Type 7 encryption and shouldn’t be used.

Type 5 passwords are protected by a broken cipher, and Type 8 and 9 passwords use secure hash algorithms and are recommended options.

142.

Which of the following is an industry-standard alternative to a Cisco protocol that offers preemption by default and has a defined structure for VIP gateway MAC addresses?

  • VRRP

  • HSRP

  • FHRP

  • GLBP

  • NHRP

Correct answer: VRRP

First-Hop Redundancy Protocols (FHRP) help ensure network resiliency by creating a Virtual Internet Protocol (VIP) gateway linked to multiple physical gateways. If a gateway goes down, then the devices’s traffic will be sent via another gateway. The three main FHRPs include:

  • Hot Standby Router Protocol (HSRP): Protocol developed by Cisco that creates a virtual IP and Media Access Control (MAC) address usually held by the active router. If the active router fails, a standby router takes over these addresses and acts as the gateway.
  • Virtual Router Redundancy Protocol (VRRP): Industry standard protocol that operates similarly to HSRP but names the routers “master” and “backup”. This protocol allows preemption by default and uses a particular MAC address structure for the VIP gateway.
  • Gateway Load Balancing Protocol (GLBP): Offers both redundancy and load balancing. The network has up to four Active Virtual Forwarders (AVFs) responsible for forwarding traffic for their assigned hosts and a single Active Virtual Gateway (AVG) that responds to Address Resolution Protocol (ARP) requests with the virtual MAC of the assigned AVF. Failure of the AVG or an AVF causes another system to take over its role.

NHRP is a fabricated term.

143.

Which of the following REST API response codes are associated with errors in authentication or authorization? (Choose two.)

  • 401

  • 403

  • 400

  • 404

  • 200

401 Unauthorized indicates a failure to provide valid authentication credentials, and 403 Forbidden is the result when attempting to access a resource without proper authorization.

200 OK indicates a successful request.

400 Bad Request indicates a client-side issue with a request.

404 Page Not Found indicates that the requested page doesn't exist or is hidden.

144.

Which of the following network models are most dependent on network virtualization technology? (Choose two.)

  • Fabric

  • Cloud

  • Two-tier

  • Three-tier

Fabric and cloud environments are implemented using virtual overlays on physical networks. This implements network infrastructure in software rather than in hardware.

Two-tier and three-tier networks are usually built with physical appliances.

145.

In 802.1X, which of the following roles is initially denied the ability to communicate over the network?

  • Supplicant

  • Authenticator

  • AS

  • User

Correct answer: Supplicant

Three key roles in 802.1X are:

  • Supplicant: Device requesting network access, which is denied until authentication is complete.
  • Authenticator: Device providing access to the network, typically a Wireless Local Area Network (LAN) Controller (WLC).
  • Authentication Server (AS): Device that accepts client credentials and decides whether to grant network access based on user database and security policies. This is typically a Remote Authentication Dial-In User Service (RADIUS) server.

User is not a role in 802.1X.

146.

Which of the following can be used for route filtering within OSPF? (Choose two.)

  • Summarization

  • Areas

  • VLANs

  • IP ranges

Route filtering allows selective route identification and is generally performed at the Area Border Router (ABR) in the Open Shortest Path First (OSPF) protocol. Two route filtering techniques include:

  • Filtering with Summarization: When performing route summarization, the not-advertise option prevents any L3 Link-State Advertisements (LSAs) from exiting the area for the summarized routes, making them only visible internal to the area.
  • Area Filtering: Area filtering allows routes to be filtered as they enter/leave an area, allowing a route to be visible in some areas but not in others. It’s configured with the area area-id filter-list prefix prefix-list-name {in | out} command on an ABR.

Virtual Local Area Networks (VLANs) and Internet Protocol (IP) address ranges aren't used for OSPF route filtering.

147.

Which of the following are the benefits of VMs? (Choose three.)

  • Ability to host multiple VMs on a single system

  • Ability to easily migrate VMs between systems

  • Support for high-availability environments

  • Lower resource requirements than containers

Virtual Machines (VMs) allow multiple VMs to be hosted on a single system and to be migrated between systems. These help them to ensure the high availability of supported services.

However, VMs generally have higher resource requirements than containers.

148.

Which of the following are examples of a Type 2 hypervisor? (Choose two.)

  • VirtualBox

  • VMware Fusion

  • VMware vSphere

  • Red Hat KVM

A hypervisor is software that allows multiple Virtual Machines (VMs) to run on the same hardware. There are two types of hypervisors:

  • Type 1: A Type I, bare-metal, or native hypervisor runs directly on the device hardware with no operating system. Examples of Type 1 hypervisors include VMware vSphere, Citrix Hypervisor, and Red Hat Kernel-based Virtual Machine (KVM).
  • Type 2: Type 2 hypervisors are software that runs within a host operating system. VirtualBox and VMware Fusion are examples of Type 2 hypervisors, which are typically used by client machines.

149.

Which of the following methods of locating devices can't be used for devices outside of the organization's control but are connected to the network?

  • RFID tags

  • Interference detection

  • Measuring Wi-Fi probe requests

  • Measuring RSS

  • Signal triangulation

Correct answer: RFID Tags

Location services track device locations within a wireless network, which is useful for asset tracking. Some methods for implementing it include:

  • RFID Tags: Radio-Frequency Identifier (RFID) tags attached to devices can be used to map devices' locations as they attach to Wi-Fi or send out probe requests. If an organization doesn't control a device, it can't put an RFID tag on it.
  • Measuring Received Signal Strength: If a client is in an open space, measuring Received Signal Strength (RSS) from different Access Points (APs) can help to triangulate its location. Cisco devices use a Radio Frequency (RF) calibration template that is generated using an RF scanner and accurately measures attenuation and signal propagation within a space, enabling it to be used in other places than an empty room.
  • Probe Requests: Devices with Wi-Fi active will send out probe requests to APs on all supported wireless channels, enabling triangulation.
  • Interference Detection: Devices that create signal interference, such as cordless phones and wireless cameras, can be located via spectrum analysis and identifying locations experiencing interference.

Signal triangulation is part of measuring RSS or probe requests, making it a viable option.

150.

During which OSPF neighbor state would DR and BDR election occur if needed?

  • 2-Way

  • Init

  • ExStart

  • Exchange

  • Loading

Correct answer: 2-Way

2-Way is the Open Shortest Path First (OSPF) neighbor state where Designated Router (DR) and Backup Designated Router (BDR) elections would occur if needed.

This happens after the Init stage and is when bidirectional communication is first established.

Once a DR and BDR have been elected, the next steps are ExStart, Exchange, and Loading.

151.

Which of the following commands can be used to configure OSPF? (Choose two.)

  • network ip-address wildcard-mask area area-id

  • ip ospf process-id area area-id [secondaries none]

  • network ospf process-id area area-id

  • ip ip-address wildcard-mask ospf process-id

The Open Shortest Path First (OSPF) protocol can be configured in one of two ways:

  • OSPF Network Statement: The command network ip-address wildcard-mask area area-id enables OSPF on a router’s interfaces. The interfaces are advertised via a Link-State Advertisement (LSA) and added to the correct OSPF area within the OSPF Link-State Database (LSDB).
  • Interface-Specific Configuration: The command ip ospf process-id area area-id [secondaries none] configures OSPF on a specific interface. Secondary connected networks are also added unless the secondaries none option is included. This approach is more targeted but less scalable.

The other two commands are fabricated.

152.

Which of the following correctly describes VXLAN tunneling?

  • Layers 2 and 3 overlays tunneled over Layer-3 underlay

  • Layers 2 and 3 overlays tunneled over Layer-2 underlay

  • Layer 2 overlay tunneled over Layer-2 underlay

  • Layer 3 overlay tunneled over Layer-3 underlay

  • Layers 2 and 3 overlay tunneled over Layer 2 and 3 underlays

Correct answer: Layers 2 and 3 overlays tunneled over Layer-3 underlay

Virtual Extensible Local Area Network (VXLAN) is an overlay network that extends the functionality of the traditional virtual LAN. It tunnels Layer 2 and 3 overlay networks within Media Access Control (MAC)-Internet Protocol(IP)/User Datagram Protocol (UDP) tunneling over a Layer-3 underlay network.

The other answer options have the incorrect configuration of layers.

153.

Which of the following are common causes of issues with MST? (Choose two.)

  • VLAN assignment to the IST

  • Trunk link pruning

  • Failing to specify primary switch

  • Not creating an IST

Two common problems with the Multiple Spanning Tree (MST) protocol include:

  • VLAN Assignment to the IST: If a VLAN is assigned to the Internal Spanning Tree (IST), then some ports associated with it might be unintentionally blocked. The IST works on all ports in a switch, so if there are two links between a pair of switches, one must be blocked in the IST (even if a VLAN is mapped to it). Assigning the VLAN to a different MST Instance (MSTI) fixes this.
  • Trunk Link Pruning: Pruning VLANs on trunk links aids in load balancing, but it can cause issues if VLANs in the same MST are present on different network links. When pruning trunk links, all VLANs in the same MSTI should be pruned.

MST doesn't require a primary switch to be specified.

The IST is created by default.

154.

In theory, which four of the following could all be involved while granting a user access to a wireless network? (Choose four.)

  • WebAuth

  • EAP

  • Open Authentication

  • 802.1X

  • WPA PSK

With Web Authentication (WebAuth), the client initially associates to a device using Open Authentication. WebAuth is also compatible with the Extensible Authentication Protocol (EAP), which can use 802.1X to block access to the network until authentication is complete.

Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK) is an EAP alternative that isn't compatible with 802.1X.

155.

A port has portfast enabled. Which mode of the STP will it start with when turned on?

  • Forwarding

  • Learning

  • Listening

  • Blocking

  • Disabled

Correct answer: Forwarding

Portfast is a Spanning Tree Protocol (STP) feature that prevents hosts from generating Topology Change Notifications (TCNs) since they only have one connection to the network anyway. These access ports skip the learning and listening states in 802.1D STP and immediately can forward traffic.

In 802.1D STP, a switch port can be in the following states:

  • Disabled: Turned off
  • Blocking: Port is turned on but doesn’t forward traffic to protect against loops. Receives Bridge Protocol Data Units (BPDUs) but doesn’t send or change the Media Access Control (MAC) address table.
  • Listening: Next state after blocking where port can send and receive BPDUs but can’t forward network traffic. Duration depends on STP forwarding time.
  • Learning: Can modify the MAC address table based on received traffic but still can’t forward traffic. Duration depends on STP forwarding time.
  • Forward: The Port can now forward traffic and can perform any updates to the MAC address table.
  • Broken: The Port has a configuration or operational issue and discards packets until this is corrected.

156.

Which type of Switched Port Analyzer (SPAN) uses Layer 3 protocols to send traffic to a remote switch?

  • ERSPAN

  • RSPAN

  • SPAN

  • ESPAN

Correct answer: ERSPAN

Switched Port Analyzer (SPAN) solutions send a copy of network traffic to another port for analysis of Layer 2 issues. Some techniques include:

  • Local SPAN: Capture traffic flowing over the local network on a switch and send to a port with a traffic analyzer attached.
  • Remote SPAN (RSPAN): Capture local traffic on a switch and send it to another switch via Layer 2 (switching) to a port on another switch with a traffic analyzer attached.
  • Encapsulated RSPAN (ERSPAN): Same as RSPAN but sending traffic over Layer 3 (routing) rather than Layer 2.

ESPAN is a fabricated term.

157.

Which of the following types of EAPOL keys are used to protect unicast traffic? (Choose two.)

  • PMK

  • PTK

  • GTK

  • GMK

Extensible Authentication Protocol Over LAN (EAPOL) includes four types of keys:

  • Pairwise Master Key (PMK): Used to derive the PTK and protect unicast traffic over the network. Created and shared during EAP authentication. For Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK), this is derived from the PSK.
  • Groupwise Master Key (GMK): Used to derive the GTK and protect broadcast and multicast traffic. Also created and shared during EAP authentication.
  • Pairwise Transient Key (PTK): Secures unicast traffic. Derived via the EAPOL four-step handshake.
  • Groupwise Transient Key (GTK): Secures multicast and broadcast traffic. Generated and shared by an Access Point (AP) and acknowledged by the client during EAPOL four-step handshake.

158.

Which of the following hypervisors are more common on user workstations than servers? (Choose two.)

  • VirtualBox

  • VMware Fusion

  • Citrix Hypervisor

  • Red Hat KVM

A hypervisor is software that allows multiple Virtual Machines (VMs) to run on the same hardware. There are two types of hypervisors:

  • Type 1: A Type 1, bare-metal, or native hypervisor runs directly on the device hardware with no operating system. Examples of Type 1 hypervisors include VMware vSphere, Citrix Hypervisor, and Red Hat Kernel-based Virtual Machine (KVM).
  • Type 2: Type 2 hypervisors are software that runs within a host operating system. VirtualBox and VMware Fusion are examples of Type 2 hypervisors, which are typically used by user workstations.

159.

Which of the following could be used to start a comment in Python? (Choose two.)

  • #

  • """

  • ;

  • "

The # character starts a single-line comment in Python, while tripe quotes (""") starts a multi-line one.

A single quote (") begins a Python string, and a semicolon can optionally be used to end a line of code.

160.

Which of the following automation tools uses YAML? (Choose two.)

  • Ansible

  • SaltStack

  • Puppet

  • Chef

  • NETCONF

Ansible and SaltStack use Yet Another Markup Language (YAML).

Puppet uses Puppet Domain-Specific Language (DSL) and Chef uses Ruby DSL.

NETCONF isn't an automation tool.

×