×

Quiz Session - Attempts With Random Questions

Cisco CCNP Exam Questions

Page 9 of 25

161.

Which of the following is a superset of the others (meaning it is a general term where the others are specific protocols)?

  • FHRP

  • VRRP

  • HSRP

  • GLBP

  • NHRP

Correct answer: FHRP

First-Hop Redundancy Protocols (FHRP) help ensure network resiliency by creating a Virtual Internet Protocol (VIP) gateway linked to multiple physical gateways. If a gateway goes down, then the devices’s traffic will be sent via another gateway. The three main FHRPs include:

  • Hot Standby Router Protocol (HSRP): Protocol developed by Cisco that creates a virtual IP and Media Access Control (MAC) address usually held by the active router. If the active router fails, a standby router takes over these addresses and acts as the gateway.
  • Virtual Router Redundancy Protocol (VRRP): Industry standard protocol that operates similarly to HSRP but names the routers “master” and “backup”. This protocol allows preemption by default and uses a particular MAC address structure for the VIP gateway.
  • Gateway Load Balancing Protocol (GLBP): Offers both redundancy and load balancing. The network has up to four Active Virtual Forwarders (AVFs) responsible for forwarding traffic for their assigned hosts and a single Active Virtual Gateway (AVG) that responds to Address Resolution Protocol (ARP) requests with the virtual MAC of the assigned AVF. Failure of the AVG or an AVF causes another system to take over its role.

NHRP is a fabricated term.

162.

You've configured an EtherChannel using PAgP. Which of the following is the interface status code that you want to see when running a show etherchannel summary?

  • SU

  • SD

  • SM

  • RU

  • RD

Correct answer: SU

The show etherchannel summary command should display a status of SU, indicating that a Layer-2 link (S) is in use (U).

R indicates a Layer-3 link, D indicates that the link is down, and M indicates that a link is not in use because the minimum number of interfaces for an EtherChannel hasn't been met.

163.

Which of the following are valid examples of JSON objects? (Choose two.)

  • {"name": "John", "age":"25"}

  • {"name": "John", "pets":["dog":"Rover","cat":"Lynx"]}

  • ["name":"John","age":"25"]

  • {"name": "John", "pets":{"dog":"Rover","cat":"Lynx"}}

JavaScript Object Notation (JSON) uses curly braces, e.g. {}, to encapsulate objects and square braces, e.g. [], for arrays. {"name": "John", "age":"25"} is correct because it's a single object, and {"name": "John", "pets":["dog":"Rover","cat":"Lynx"]} is correct because the pets key's value is an array.

["name":"John","age":"25"] is incorrect because it uses square braces, not curly ones, and {"name": "John", "pets":{"dog":"Rover","cat":"Lynx"}} is incorrect because it uses curly braces for an array.

164.

Which of the following IGMP messages are sent by the server? (Choose two.)

  • General membership query

  • Group-specific query

  • Version 2 membership report

  • Version 1 membership report

  • Version 2 leave group

The Internet Group Management Protocol version 2 (IGMPv2) is common in multicast networks and is encapsulated in an Internet Protocol (IP) packet with an IP router alert set and a Time-To-Live (TTL) of 1. IGMP messages have five types:

  • Version 2 membership report (0x16): An IGMP join request used by a receiver to join a specified group or to answer a router’s membership query. This message states that a receiver still wants to receive messages from a group.
  • Version 1 membership report (0x12): Backward-compatible message to support IGMPv1.
  • Version 2 leave group (0x17): The receiver indicates that they want to leave the specified group.
  • General membership query (0x11): Sent by the server to an all-hosts group address (224.0.0.1) to check if the subnet contains any receivers. Uses a group address of 0.0.0.0. Each receiver will set random timers for each group and send a membership report for each assuming that they haven’t received a membership report for it from another receiver before the timer expires.
  • Group-specific query (0x11): Sent by the server to a group address after a receiver has asked to leave the group. Only sent if the receiver was the last one to respond to a general membership query. If no responses are received, then the router stops tracking and distributing that group’s messages.

165.

Which of the following is not one of the three key components of path selection?

  • Hop count

  • Prefix length

  • Administrative distance

  • Metrics

Correct answer: Hop count

Hop count is a metric used to choose paths in a distance vector routing algorithm.

Path selection chooses a path for a packet by looking at the Forwarding Information Base (FIB), which is programmed using the Routing Information Base (RIB), for the prefix length programmed there. Three key components of path selection include:

  • Prefix Length: The prefix length defines the range of Internet Protocol (IP) addresses that a path applies to, specified by the number of 1 bits in the subnet mask. The longer the prefix length (meaning the more specific the address), the more preferred the route.
  • Administrative Distance (AD): The AD defines how trustworthy the source of a route is. When choosing between equivalent routes (same prefix length) from different routing protocols, the AD is used to decide.
  • Metrics: Metrics are the basis for a routing protocol’s decision (path length, link state, etc.) and can vary from one algorithm to another.

166.

Which of the following Cisco wireless AP modes can be used to look for rogue devices connected to a network? (Choose three.)

  • Local

  • Rogue Detector

  • Monitor

  • FlexConnect

  • Bridge

Cisco Access Points (APs) can be configured to operate in a few different modes, including:

  • Local: This mode is designed to serve wireless clients by supporting multiple Basic Service Sets (BSSs) on a single channel. When not transmitting, the AP measures noise levels and interference and looks for rogue devices or Intrusion Detection System (IDS) events.
  • FlexConnect: The lightweight AP uses a Control and Provisioning of Wireless Access Points (CAPWAP) tunnel for control traffic but forwards data normally (not over tunnel). If the WAN link and CAPWAP tunnel go down, the AP is able to perform local traffic switching within a Service Set Identifier (SSID) and VLAN.
  • Monitor: The AP monitors for IDS events and rogue access points and uses location services to identify station locations. It doesn’t transmit any traffic.
  • Sniffer: The AP collects 802.11 traffic from other sources and forwards it to a PC to be analyzed using Wireshark or similar traffic analysis tools.
  • Rogue Detector: The AP attempts to identify rogue devices by matching MAC addresses on wired and wireless networks since only rogues will be on both.
  • Bridge: The AP is part of a pair or group designed to provide a wireless link between two wired, separated networks
  • Flex+Bridge: FlexConnect functionality is provided on a mesh AP.
  • SE-Connect: The AP performs spectrum analysis on all channels, which can be sent to a PC running Cisco Spectrum Expert or MetaGeek Chanalyzer to identify interference sources.

167.

Which of the following commands is only used when configuring RSPAN? (Choose two.)

  • vlan

  • name

  • source

  • ip address

  • no shutdown

Remote Switched Port Analyzer (RSPAN) requires a special Virtual Local Area Network (VLAN) named RSPAN VLAN to be configured with the vlan and name commands.

source, ip address, and no shutdown are used when configuring Encapsulated RSPAN (ERSPAN).

168.

Which of the following can be measured for a round-trip packet exchange with IP SLA?

  • Delay

  • Jitter

  • Packet loss

  • Connectivity

  • Path

Correct answer: Delay

Delay is measured either one-way or round-trip.

Jitter, packet loss, and connectivity are measured in one direction.

Path probes are on a per-hop basis.

169.

Which of the following are potential search results for TCAM? (Choose three.)

  • 0

  • 1

  • X

  • N/A

Ternary Content Addressable Memory (TCAM) is memory on a Cisco switch that allows multiple different fields to be used to evaluate a packet. It’s used for Layer 2 and 3 searching and returns 0, 1, or X (don’t care).

170.

When implementing ERSPAN on a trunk port, filtering is important on the source interface. Which of the following is not an option for doing so with the filter command in this scenario?

  • Interface ID

  • Standard access list

  • Expanded access list

  • ACL

  • VLAN ID

Correct answer: Interface ID

With Encapsulated Remote Switched Port Analyzer (ERSPAN), all traffic will likely be coming from the same remote interface.

Filtering using standard or expanded access lists, an Access Control List (ACL), or a Virtual Local Area Network (VLAN) ID is recommended.

171.

The match command in Flexible NetFlow is used to specify key fields in which of the following?

  • Flow record

  • Flow monitor

  • Flow exporter

  • Flow sampler

Correct answer: Flow record

Flexible NetFlow defines components. The four types include:

  • Flow Records: Include key and non-key fields. Combination of default and user-configured records. The match command selects key fields, and the collect command selects non-key fields.
  • Flow Monitors: Applied to a particular interface to monitor traffic.
  • Flow Exporters: Exports data from Flow Monitor cache in NetFlow Version 9 to a remote system.
  • Flow Samplers: Samples NetFlow data rather than analyzing all of it (with a tradeoff between resource utilization and accuracy).

172.

In the Spanning Tree Protocol (STP), when identifying which ports to block, which of the following comes second in the decision criteria?

  • Path cost

  • System priority

  • Root vs. designated port

  • MAC address

Correct answer: Path cost

If non-root switches are connected to one another via designated ports, a loop exists. The criteria of which to block are (in order of importance):

  1. Designated ports block, not root ports
  2. Switch with higher path cost blocks
  3. Switch with higher system priority blocks
  4. Switch with higher Media Access Control (MAC) address blocks

173.

Which of the following is not one of the three roles in 802.1X?

  • Controller

  • Authenticator

  • Authentication Server

  • Supplicant

Correct answer: Controller

Three key roles in 802.1X are:

  • Supplicant: Device requesting network access.
  • Authenticator: Device providing access to the network, typically a Wireless Local Area Network (LAN) Controller (WLC).
  • Authentication Server (AS): Device that accepts client credentials and decides whether to grant network access based on user database and security policies. This is typically a Remote Authentication Dial-In User Service (RADIUS) server.

Controller is not a role in 802.1X.

174.

Web application and server vulnerabilities are top threats for which of the following PINs in Cisco SAFE? (Choose two.)

  • Edge

  • Cloud

  • Data center

  • Campus

The Cisco Secure Architectural Framework (SAFE) helps with security design for certain Places In the Network (PINs), including:

  • Edge: Network edges are where traffic enters and leaves the Internet and is high-risk. Threats include data loss, Distributed Denial of Service (DDoS) attacks, Man-in-the-Middle (MitM) attacks, and web application and server vulnerabilities.
  • Cloud: Cloud security depends on service-level agreements and third-party audits of cloud providers. The top threats are web application and server vulnerabilities, data loss, malware, lost access, and MitM attacks.
  • Branch: Branch locations often have weaker security than the headquarters and are at risk of endpoint malware, rogue Access Points (APs) for MitM and DoS attacks, trust exploitation, and malicious/unauthorized client activity.
  • Campus: Campuses have many users and are prime targets for phishing, malware propagation, botnet infestations, unauthorized network access, and web-based attacks.
  • Data Center: Data centers contain many servers and hold the organization's most valuable data, applications, and other IT resources. Data exfiltration, unauthorized network access, malware propagation, botnet infestation, reconnaissance, and privilege escalation are top threats.
  • Wide Area Network (WAN): WANs link the various parts of the corporate network together. The top threats are unauthorized network access, malware propagation, MitM attacks, and WAN sniffing.

175.

An organization wishes to allow guests to access its network without the need to enter a password. Which of the following could allow this? (Choose two.)

  • Open Authentication

  • WebAuth

  • WPA PSK

  • EAP

  • WPA Enterprise

Open Authentication doesn't require a password, and WebAuth can be used with Open Authentication to show information about a network but does not require a password.

Wi-Fi Protected Access (WPA) Enterprise uses the Extensible Authentication Protocol (EAP) for authentication, and WPA Pre-Shared Key (PSK) uses a shared password.

176.

Which of the following are commonly used to define code blocks in Python? (Choose two.)

  • Newlines

  • Indentation

  • Curly braces/{}

  • Semicolons

Python uses whitespace, including newlines and indentation, to define code blocks.

While semicolons and curly braces can be used, they are optional and rarer.

177.

Traffic using Cisco’s Locator/ID Separation Protocol (LISP) from a non-LISP site to a LISP site requires which of the following?

  • PITR

  • PETR

  • ITR

  • ETR

Correct answer: PITR

A Proxy Ingress Tunnel Router (PITR) allows traffic from a non-LISP (Locator/ID Separation Protocol) site to a LISP site. A normal Ingress Tunnel Router (ITR) would use normal forwarding in this case.

An Egress Tunnel Router (ETR) or Proxy ETR (PETR) is for traffic originating within a LISP site.

178.

Which of the following are types of trees used in Protocol Independent Multicast (PIM)? (Choose two.)

  • Source trees

  • Shared trees

  • State trees

  • Spanning trees

Multicast routers create two different types of distribution trees to map the path IP multicast traffic takes to a receiver. These include:

  • Source Trees: Source trees or Shortest Path Trees (SPTs) are rooted at the source of multicast traffic and have branches pointing to receivers at the tree’s leaves. The notation for the forwarding state is (S,G), where S is the multicast source address, and G is the group address. Every unique multicast source needs its own SPT.
  • Shared Trees: Shared trees are rooted at a Rendezvous Point (RP), which is why they’re also known as Rendezvous Point Trees (RPTs). Traffic is forwarded down the tree based on the group address. The notation for the forwarding state is (*,G). Each group has its own RPT, even with multiple sources in the group.

Spanning trees are associated with the Spanning Tree Protocol (STP) for loop avoidance.

State trees is a fabricated term.

179.

Which of the following are the actions used by CoPP to decide what to do with traffic? (Choose three.)

  • conform

  • exceed

  • violate

  • comply

  • throttle

Control Plane Policing (CoPP) policies enable traffic to the control plane to be policed to a certain rate to protect the Central Processing Unit (CPU) against surges that could impact router stability. Traffic is placed into different classes based on type, and a CoPP policy implements rate limits for each class. The police command has the conform, exceed, and violate actions, which can be used to permit or drop traffic.

Comply and throttle are not CoPP actions.

180.

VXLAN network identifiers have how many bits?

  • 24

  • 12

  • 16

  • 32

Correct answer: 24

Virtual Extensible Local Area Network (VXLAN) uses a 24-bit VXLAN Network Identifier (VNI), compared to the 12-bit VLAN identifier. This provides support for many more VXLAN segments.

The other distractors are unrelated numbers.

×