QUESTION 1

Refer to the exhibit. How does router R1 handle traffic to 192.168.10.16?

A. It selects the IS-IS route because it has the shortest prefix inclusive of the destination address
B. It selects the RIP route because it has the longest prefix inclusive of the destination address
C. It selects the OSPF route because it has the lowest cost
D. It selects the EIGRP route because it has the lowest administrative distance

QUESTION 2

Refer to the exhibit. A router received these five routes from different routing information sources. Which
two routes does the router install in its routing table? (Choose two)

A. OSPF route 10.0.0.0/30

B. IBGP route 10.0.0.0/30
C. OSPF route 10.0.0.0/16
D. EIGRP route 10.0.0.1/32
E. RIP route 10.0.0.0/30

QUESTION 3
A corporate office uses four floors in a building.

Floor 1 has 24 users.

Floor 2 has 29 users.
Floor 3 has 28 users.
Floor 4 has 22 users.

Which subnet summarizes and gives the most efficient distribution of IP addresses for the router
configuration?

A. 192.168.0.0/24 as summary and 192.168.0.0/28 for each floor

B. 192.168.0.0/23 as summary and 192.168.0.0/25 for each floor
C. 192.168.0.0/25 as summary and 192.168.0.0/27 for each floor
D. 192.168.0.0/26 as summary and 192.168.0.0/29 for each floor
QUESTION 4

Refer to the exhibit. To which device does Router1 send packets that are destined to host 10.10.13.165?

A. Router2
B. Router3
C. Router4
D. Router5

QUESTION 5
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

A. route with the next hop that has the highest IP

B. route with the lowest cost
C. route with the lowest administrative distance
D. route with the shortest prefix length

QUESTION 6
Which two minimum parameters must be configured on an active interface to enable OSPFV2 to operate?
(Choose two.)

A. OSPF process ID
B. OSPF MD5 authentication key
C. OSPF stub flag
D. IPv6 address
E. OSPF area
QUESTION 7
Refer to the exhibit. What commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for
VLAN 20, with IP address 10.20.20.1/24?

A. R1(config)#interface ethernet0/0
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
B. R1(config)#interface ethernet0/0.20
R1(config)#encapsulation dot1q 20
R1(config)#ip address 10.20.20.1 255.255.255.0
C. R1(config)#interface ethernet0/0.20
R1(config)#ip address 10.20.20.1 255.255.255.0
D. R1(config)#interface ethernet0/0
R1(config)#ip address 10.20.20.1 255.255.255.0

QUESTION 8
Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two.)

A. It supports protocol discovery.

B. It guarantees the delivery of high-priority packets.
C. It can identify different flows with a high level of granularity.
D. It can mitigate congestion by preventing the queue from filling up.
E. It drops lower-priority packets before it drops higher-priority packets.

QUESTION 9

Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is
correct. Which IP address is the source IP after the NAT has taken place?

A. 10.4.4.4
B. 10.4.4.5
C. 172.23.103.10
D. 172.23.104.4
QUESTION 10
If a notice-level message is sent to a syslog server, which event has occurred?

A. A network device has restarted.

B. A debug operation is running.
C. A routing instance has flapped.
D. An ARP inspection has failed.

QUESTION 11
DRAG DROP

Drag and drop the functions from the left onto the correct network components on the right.

Select and Place:

QUESTION 12
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network
device? (Choose two.)

A. Enable NTP authentication.

B. Verify the time zone.
C. Specify the IP address of the NTP server.
D. Set the NTP server private key.
E. Disable NTP broadcasts.

QUESTION 13
A network engineer must back up 20 network router configurations globally within a customer environment.
Which protocol allows the engineer to perform this function using the Cisco IOS MIB?

A. ARP
B. SNMP
C. SMTP
D. CDP
 QUESTION 14
DRAG DROP

Drag and drop the network protocols from the left onto the correct transport services on the right.

Select and Place:

QUESTION 15
Which command enables a router to become a DHCP client?

A. ip address dhcp
B. ip dhcp client
C. ip helper-address
D. ip dhcp pool

QUESTION 16
Which function does an SNMP agent perform?

A. It sends information about MIB variables in response to requests from the NMS
B. It manages routing between Layer 3 devices in a network
C. It coordinates user authentication between a network device and a TACACS+ or RADIUS server
D. It requests information from remote network nodes about catastrophic system events

QUESTION 17
What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two.)
A. The DHCP server assigns IP addresses without requiring the client to renew them.
B. The DHCP server leases client IP addresses dynamically.
C. The DHCP client can request up to four DNS server addresses.
D. The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses.
E. The DHCP client maintains a pool of IP addresses it can assign.
 QUESTION 18
Which command must be entered when a device is configured as an NTP server?

A. ntp peer
B. ntp master
C. ntp authenticate
D. ntp server

QUESTION 19
What event has occurred if a router sends a notice level message to a syslog server?

A. A certificate has expired

B. An interface line has changed status
C. A TCP connection has been torn down
D. An ICMP connection has been built

QUESTION 20

Refer to the exhibit. An engineer deploys a topology in which R1 obtains its IP configuration from DHCP. If
the switch and DHCP server configurations are complete and correct. Which two sets of commands must
be configured on R1 and R2 to complete the task? (Choose two)

A. R1(config)# interface fa0/0

R1(config-if)# ip helper-address 198.51.100.100
B. R2(config)# interface gi0/0
R2(config-if)# ip helper-address 198.51.100.100
C. R1(config)# interface fa0/0
R1(config-if)# ip address dhcp
R1(config-if)# no shutdown
D. R2(config)# interface gi0/0
R2(config-if)# ip address dhcp
E. R1(config)# interface fa0/0
R1(config-if)# ip helper-address 192.0.2.2

QUESTION 21

Refer to the exhibit. What is the effect of this configuration?

A. The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings.
B. All ARP packets are dropped by the switch.
C. Egress traffic is passed only if the destination is a DHCP server.
D. All ingress and egress traffic is dropped because the interface is untrusted.
 QUESTION 22
When a site-to-site VPN is used, which protocol is responsible for the transport of user data?

A. IPsec
B. IKEv1
C. MD5
D. IKEv2

QUESTION 23
Which type of wireless encryption is used for WPA2 in preshared key mode?

A. AES-128
B. TKIP with RC4
C. AES-256
D. RC4

QUESTION 24
DRAG DROP

Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate
on the right.

Select and Place:

QUESTION 25
Which command prevents passwords from being stored in the configuration as plain text on a router or
switch?
A. enable secret
B. enable password
C. service password-encryption
D. username cisco password encrypt
QUESTION 26

Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server
via HTTP. All other computers must be able to access the web server. Which configuration when applied to
switch A accomplishes the task?

A.

B.

C.

D.
QUESTION 27

Refer to the exhibit. What is the effect of this configuration?

A. The switch port remains administratively down until the interface is connected to another switch.
B. Dynamic ARP Inspection is disabled because the ARP ACL is missing.
C. The switch port interface trust state becomes untrusted.
D. The switch port remains down until it is configured to trust or untrust incoming packets.

QUESTION 28
What is the primary difference between AAA authentication and authorization?

A. Authentication identifies and verifies a user who is attempting to access a system, and authorization
controls the tasks the user can perform.
B. Authentication controls the system processes a user can access, and authorization logs the activities
the user initiates.
C. Authentication verifies a username and password, and authorization handles the communication
between the authentication agent and the user database.
D. Authentication identifies a user who is attempting to access a system, and authorization validates the
user’s password.

QUESTION 29
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats
are available to select? (Choose two.)

A. decimal
B. ASCII
C. hexadecimal
D. binary
E. base64

QUESTION 130
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which
two steps will fulfill the request? (Choose two.)
A. Configure the ports as trunk ports.
B. Enable the Cisco Discovery Protocol.
C. Configure the port type as access and place in VLAN 99.
D. Administratively shut down the ports.
E. Configure the ports in an EtherChannel.

QUESTION 31
An email user has been lured into clicking a link in an email sent by their company’s security organization.
The webpage that opens reports that it was safe, but the link could have contained malicious code.

Which type of security program is in place?

A. user awareness
B. brute force attack
C. physical access control
D. social engineering attack