Free and Premium Cisco 200-301 Dumps Questions Answers

AES256

AES

RC4

SHA

Option

Option

Option

Option

10.129.9.0/2310.139.2.0/3010.2.191.0/3010.129.9.0/25

10.129.9.0/2310.40.1.0/3010.2.191.0/3010.129.9.0/25

10.40.1.0/3010.139.2.0/3010.2.191.0/3010.129.9.0/25

10.129.9.0/2310.139.2.0/3010.129.9.0/2510.22.1.0/24

site-to-site VPN

DMVPN

GETVPN

IPsec remote access

clientless VPN

192.168.7.4

192.168.7.7

192.168.7.35

192.168.7.40

the 10.0.0.0 network

a single destination address

the source 10.0.1.100

all hosts in the 10.0.1.0 subnet

SNMP

FTP

NTP

NFS

/64

/96

/124

/128

It is when a new network vulnerability is discovered before a fix is available

It is when the perpetrator inserts itself in a conversation between two parties and captures or alters data.

It is when the network is saturated with malicious traffic that overloads resources and bandwidth

It is when an attacker inserts malicious code into a SOL server.

interface range gigabitethernet0/0/0-15 channel-group 1 mode on

interface range gigabitethernet0/0/0-15 channel-group 1 mode desirable

interface port-channel 1 channel-group 1 mode auto

interface port-channel 1 channel-group 1 mode passive

IPS

firewall

access point

switch

10.10.13.0/25 [108/0] via 10.10.10.10

10.10.13.0/25 [110/2] via 10.10.10.2

10.10.13.0/25 [110/2] via 10.10.10.6

10.10.13.0/25 [1/0] via 10.10.10.2

SNMP traps are used for proactive monitoring, and SNMP polling is used for reactive monitoring.

SNMP traps send periodic updates via the MIB, and SNMP polling sends data on demand.

SNMP traps are initiated by the network management system, and network devices initiate SNMP polling.

SNMP traps are initiated using a push model at the network device, and SNMP polling is initiated at the server.

console

Telnet

Bash

SSH

SW1#interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5interface Gi0/2switchport mode trunkswitchport trunk allowed vlan 5,7,9,108SW2#interface Gi0/1switchport mode accessswitchport access vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 7,9,108

SW1#interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5interface Gi0/2switchport mode accessswitchport trunk allowed vlan 7,9,108SW2#interface Gi0/1switchport mode accessno switchport access vlan 1switchport access vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 7,9,108switchport trunk native vlan 5

SW#1 -interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5interface Gi0/2switchport mode trunkswitchport trunk allowed vlan 5,7,9,108SW2#interface Gi0/1switchport mode accessswitchport access vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 5,7,9,108switchport trunk native vlan 5

SW1#interface Gi0/1switchport mode trunkswitchport trunk allowed vian 5,7,9,108interface Gi0/2switchport mode trunkswitchport trunk allowed vlan 7,9,108SW2#interface Gi0/1switchport mode trunkswitchport trunk allowed vlan 7interface Gi0/7switchport mode trunkswitchport trunk allowed vlan 5,7,9,108

It is a read-only operation.

It is a nonldempotent operation.

It replaces data at the destination.

It displays a web site.

192.168.20.1

10.10.10.5

192.168.30.1

10.10.10.6

key

array

Select PSK under Authentication Key Management

Select WPA+WPA2 on Layer 2 Security

Select Static-WEP + 802.1X on Layer 2 Security

Select WPA Policy with TKIP Encryption

Select 802.1X from under Authentication Key Management

Option A

Option B

Option C

Option D

2001 :db8::5000:0004:5678:0090/64

2001 :db8:4425:5400:77ft:fe07:/64

2001 :db8::5000:00ff:fe04 0000/64

2001 :db8::5200:00ff:fe04:0000/64

Client Exclusion and SSH

802.1x and the MAC address of the server

Network Access Control State and SSH

AAA Override and the IP address of the server

MDF-DC-4:08:E0:19: 08:B3:19

MDF-DC-3:08:0E:18::1A:3C:9D

MDF-DC-08:0E:18:22:05:97

MDF-DC-1:DB:E:44:02:54:79

via integrity checks to identify wireless forgery attacks in the frame

via specific ciphers to detect and prevent zero-day network attacks

via an algorithm to change wireless data so that only the access point and client understand it

via a policy to prevent unauthorized users from communicating on the wireless network

Cisco DNA Center leverages SNMPv3 tor encrypted management, and traditional campus management uses SNMPv2.

Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.

Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.

Cisco DNA Center automates SSH access for encrypted entry, and SSH Is absent from traditional campus management.

A point-to-point network type is configured.

The default Hello and Dead timers are in use.

There are six OSPF neighbors on this interface.

The interface is not participating in OSPF.

Is the internet reachable?

Is the default gateway reachable?

Is the DNS server reachable?

Use less than eight characters in length when passwords are complex.

Store passwords as contacts on a mobile device with single-factor authentication.

Include special characters and make passwords as long as allowed.

Share passwords with senior IT management to ensure proper oversight.

UCS-2

UTF-8

Hex

GB18030

ip route 10.80.65.10 255.255.255.254 10.80.65.1

ip route 10.8065.10 255.255.255.255 10.73.65.66

ip route 1073.65.65 255.0.0.0 10.80.65.10

ip route 10.73.65.66 0.0.0.255 10.80.65.10

forwards frames to a neighbor port using CDP

modifies frames that contain a known source VLAN

inspects and drops frames from unknown destinations

forwards known destinations to the destination port

Cloud-based mode APs are easy to deploy but harder to automate than APs in autonomous mode.

Autonomous mode APs are easy to deploy and automate than APs in cloud-based mode.

data center network pokey con

console server that permits secure access to all network devices

IP address cool distribution scheduler

software-defined controller for automaton of devices and services

applies 802.1x authentication

usesTKIP

employs PKI to identify access points

protects against brute force attacks

when the subnet must be available only within an organization

when the subnet does not need to be routable

when the addresses on the subnet must be equivalent to private IPv4 addresses

when the subnet must be routable over the internet

Subnet: 10.7.54.0Subnet mask: 255.255.254.0Broadcast address: 10.7.54.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Subnet: 10.7.54.0Subnet mask: 255.255.128.0Broadcast address: 10.7.55.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Subnet: 10.7.54.0Subnet mask: 255.255.255.0Broadcast address: 10.7.54.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Subnet: 10.7.54.0Subnet mask: 255.255.254.0Broadcast address: 10.7.55.255Usable IP address range: 10.7.54.1 - 10.7.55.254

It replaces the designated port when the designated port fails

It is the best path to the root from a nonroot switch.

It replaces the designated port when the root port fails.

It is administratively disabled until a failover occurs.

STP

port security

wrong cable type

shutdown command

R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.6R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.5

R1(config)#ip route 10.10.13.10 255.255.255.128 10.10.10.6R2(config)#lp route 192.168.0.100 255.255.255.0 10.10.10.5

R1(config)#ip route 10.10.13.10 255.255.255.252 10.10.10.6R2(config)#tp route 192.168.0.100 255.255.255.252 10.10.10.5

R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.2R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.1

when a gateway protocol is required that support more than two Cisco devices for redundancy

to enable normal operations to continue after a member failure without requiring a change In a host ARP cache

to ensure that the spanning-tree forwarding path to the gateway is loop-free

to interoperate normally with all vendors and provide additional security features for Cisco devices

It upgrades software and restores files.

It relies on global provisioning and configuration.

It supports distributed processing for configuration.

It provides a path between an SDN controller and network applications.

It exchanges topology information with other routers.

It forwards traffic to the next hop.

It looks up an egress interface in the forwarding information base.

It provides CLI access to the network device.

location of the virtual machines within the data center environment

whether to leverage VSM to map multiple virtual processors to two or more virtual machines

resource limitations, such as the number of CPU cores and the amount of memory

support for physical peripherals, such as monitors, keyboards, and mice

tunnel

Q-in-Q

SSL VPN

transport

FlexConnect

SE-Connect

bridge

local

longest prefix match

highest administrative distance

highest metric

lowest metric

lowest cost to reach the next hop

1

2

3

4

next-generation firewall to keep stateful packet inspection

multifactor authentication using two separate authentication sources

ACL to restrict incoming Telnet sessions " admin " accounts

IPS with a block list of known attack vectors

FlexConnect allows a personal SSID to be configured on the AP, and personal SSIDs are not supported with OfficeExtend.

OfficeExtend does not support DTLS tunneling of traffic to the WLC, and FlexConnect tunnels traffic to the WLC with DTLS.

OfficeExtend tunnels all traffic through the WLC, and FlexConnect terminates client traffic at the AP switch port.

FlexConnect must be deployed behind a router that NATs the client traffic, and OfficeExtend uses public IP sources.

The default gateway for site B is configured incorrectly

The lack of a default route prevents delivery of the traffic

The traffic is blocked by an implicit deny in an ACL on router2

The traffic to 192 168 010 requires a static route to be configured in router 1.

192.168.30.1

10.10 105

10.10.10.6

192.168.201

high bandwidth usage

a physical cable fault

a speed mismatch

a cable that is too long

ip route 0.0.0.0 0.0.0.0 192.168.1.2

ip default-gateway 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

The spanning-tree mode is Rapid PVST+.

This is a root bridge.

The root port is FastEthernet 2/1.

The designated port is FastEthernet 2/1.

The spanning-tree mode is PVST+.

snmp-server host

snmp-server community

snmp-server enable traps

snmp-server user

Alert

Error

Emergency

Critical

Option A

Option B

Option C

Option D

6

8

12

18

to secure physical access to a data center

to scan a network and generate a Layer 2 network diagram

to securely manage and deploy network devices

to provide Layer 3 services to autonomous access points

In-band management via an asynchronous transport

out-of-band management via an IP transport

in-band management via an IP transport

out-of-band management via an asynchronous transport

R1(conftg)#lp route 10.10.10.0 255.255.255.0 192.168.0.2

R1(Config)#lp route 10.10.10.10 265.255.255.255 192 168.0.2

R1(config)#ip route 192.168.0.2 255.255.255.255 10.10.10.10

R1(config)3|p route 0.0.0.0 0.0 0.0 192 168.0.2

/25

/27

/28

/29

safeguards against brute force attacks with SAE

optional Protected Management Frame negotiation

backward compatibility with WPAand WPA2

increased security and requirement of a complex configuration

An ICMP connection has been built

A certificate has expired

An interface line has changed status

A TCP connection has been torn down

Option A

Option B

Option C

Option D

Configure the router A interfaces with the highest OSPF priority value within the area.

Configure router B and router C as OSPF neighbors of router A.

Configure the OSPF priority on router A with the lowest value between the three routers.

Configure router A with a fixed OSPF router ID.

Small frames less than 64 bytes are rejected due to size.

The receive buffer is full due to a broadcast storm.

Frames are discarded due to a half-duplex negotiation.

Broadcast packets are rejected because ARP timeout is enabled.

decreases network security against offline dictionary attacks and encourages easy access to the network

increases network security against offline dictionary attacks and discourages time-consuming brute force attacks

increases network security against man in the middle attacks and discourages denial of service attacks

decreases network security against air sniffing attacks and discourages the use of complex passwords

Re-Anchor Roamed Clients

OEAP Split Tunnel

11ac MU-MIMO

Client Band Select

SW1

SW2

SW3

SW4

Option A

Option B

Option C

Option D

R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

lt requires multiple links between core switches

It generates one spanning-tree instance for each VLAN

It maps multiple VLANs into the same spanning-tree instance

It uses multiple active paths between end stations.

F0/4

F0/0

F0/1

F0/3

Define a NAT pool on the router.

Configure static NAT translations for VLAN 200.

Configure the ip nat outside command on another interface for VLAN 200.

Update the NAT INSIDF RANGFS ACL

They enable automatic failover of the default gateway.

They allow multiple devices to serve as a single virtual gateway for clients in the network.

They are able to bundle multiple ports to increase bandwidth.

They prevent loops in the Layer 2 network.

They allow encrypted traffic.

Switch 1 (config-if)#channel-group 1 mode onSwrtch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode passiveSwitch2(config-if)#channel-group 1 mode active

Switch1{config-if)£channel-group 1 mode activeSwitch2(config-if)#channel-group 1 mode passive

Switch1(config-if)#channel-group 1 mode onSwitch2(config-if)#channel-group 1 mode active

R1 (config)# username engineer2 algorithm-type scrypt secret test2021

R1(config)# username engineer2 secret 5 password S1$b1Ju$kZbBS1Pyh4QzwXyZ

R1(config)# username engineer2 privilege 1 password 7 test2021

R1(config)# username englneer2 secret 4 S1Sb1Ju$kZbBS1Pyh4QzwXyZ

R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1

R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

R1(config > #ip route 172.16.2.0 255.255.255.0 192.168.1.15

R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5

Configure the OSPF priority on router A with the lowest value between the three routers.

Configure router B and router C as OSPF neighbors of router A.

Configure the router A interfaces with the highest OSPF priority value within the area.

Configure router A with a fixed OSPF router ID

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

Select the WPA Policy option with the CCKM option.

Disable AES encryption.

Enable Fast Transition and select the FT 802.1x option.

Enable Fast Transition and select the FT PSK option.

forwards traffic to the next hop

constructs a routing table based on a routing protocol

provides CLI access to the network device

looks up an egress interface in the forwarding information base

lp route 0.0.0.0 0.0.0.0 192.168.1.2

ip default-gateway 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

a lightweight access point

a firewall

a wireless LAN controller

a LAN switch

Option A

Option B

Option C

Option D

via next-hop 10.0.1.5

via next-hop 10 0 1.4

via next-hop 10.0 1.50

via next-hop 10.0 1 100

Heavy usage is causing high latency.

An incorrect type of transceiver has been inserted into a device on the link.

physical network errors are being transmitted between the two sites.

The wrong cable type was used to make the connection.

SYIM flood

reflection

teardrop

amplification

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf network broadcast

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf network point-to-point

router ospf 1network 192.168.1.1 0.0.0.0 area 0interface e1/1ip address 192.168.1.1 255.255.255.252ip ospf cost 0

router ospf 1network 192.168.1.1 0.0.0.0 area 0hello interval 15interface e1/1Ip address 192.168.1.1 255.255.255.252

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

Modify the configured number of the second access list.

Add either the ip nat {inside|outside} command under both interfaces.

Remove the overload keyword from the ip nat inside source command.

Change the ip nat inside source command to use interface GigabitEthernet0/0.

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)i=ip ospf priority 1

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 0

Option A

Option B

Option C

Option D

Option E

VLANID

SSID

RFID

WLANID

The interface is receiving excessive broadcast traffic.

The cable connection between the two devices is faulty.

The interface is operating at a different speed than the connected device.

The bandwidth setting of the interface is misconfigured

preshared key that authenticates connections

RSA token

CA that grants certificates

clear-text password that authenticates connections

one or more CRLs

router-id 10.0.0.15

neighbor 10.1.2.0 cost 180

ipospf priority 100

network 10.0.0.0 0.0.0.255 area 0

dynamic

static

active

auto

Add or remove an 802.1Q trunking header.

Make a configuration change from an incoming NETCONF RPC.

Run routing protocols.

Match the destination MAC address to the MAC address table.

Reply to an incoming ICMP echo request.

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

A distributed management plane must be used.

Software upgrades are performed from a central controller

Complexity increases when new device configurations are added

Custom applications are needed to configure network devices

forwards traffic between VLANs on a network

connects server and client devices to a network

allows users to record data and transmit to a tile server

provides wireless services to users in a building

ip route 0.0.0.0 0.0.0.0 g0/1 1

ip route 0.0.0.0 0.0.0.0 209.165.201.5 10

ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

ip route 0,0.0.0 0.0.0.0 g0/1 6

Configure the ip dhcp snooping trust command on the interlace that is connected to the DHCP client.

Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client.

Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server.

Configure the Ip dhcp relay information option command on the interface that is connected to the DHCP server.

ip route 172.21.34.0 255.255.255.192 10.73.65.65

ip route 172.21.34.0 255.255.255.0 10.73.65.65

ip route 172.21.34.0 255.255.128.0 10.73.65.64

ip route 172.21.34.0 255.255.255.128 10.73.65.66

shaping

classification

policing

marking

It drops the frame from the switch CAM table.

It floods the frame out of all ports except port Fa0/1.

It shuts down the port Fa0/1 and places it in err-disable mode.

It experiences a broadcast storm.

172.16.0.0/16

192.168.2.0/24

207.165.200.0/24

192.168.1.0/24

IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration

IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration

An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of interfaces on multiple nodes.

Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes

offer compression

increase security by using a WEP connection

provide authentication

protect traffic on open networks

WLAN dynamic

management

trunk

access

HTTP

SSH

HTTPS

Telnet

authorized services

authenticator

username

password

Change the channel-group mode on SW2 to auto

Change the channel-group mode on SW1 to desirable.

Configure the interface port-channel 1 command on both switches.

Change the channel-group mode on SW1 to active or passive.

F0/10

F0/11

F0/12

F0/13

Option A

Option B

Option C

Option D

int range g0/0-1channel-group 10 mode active

int range g0/0-1 chanm.l-group 10 mode desirable

int range g0/0-1channel-group 10 mode passive

int range g0/0-1 channel-group 10 mode auto

int range g0/0-1 channel-group 10 mode on

global unicast address

anycast address

multicast address

link-local address

ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64

iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64

VLAN numbering

VLAN DSCP

VLAN tagging

VLAN marking

WPA3

WPA

WEP

WPA2

unique local address

link-local address

aggregatable global address

IPv4-compatible IPv6 address

As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer.

Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2.

Remark traffic as it traverses R1 and trust all markings at the access layer.

As traffic enters from the access layer on SW1 and SW2. trust all traffic markings.

to increase security and encrypt management frames

to provide link redundancy and load balancing

to allow for stateful and link-state failover

to enable connected switch ports to failover and use different VLANs

Option A

Option B

Option C

Option D

user-activity logging

service limitations

consumption-based billing

identity verification

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

The controller must be rebooted after enabling or reconfiguring LAG.

The management interface must be reassigned if LAG disabled.

Multiple untagged interfaces on the same port must be supported.

There is a duplex mismatch on the interface

There is an issue with the fiber on the switch interface.

There is a speed mismatch on the interface.

There is an interface type mismatch

nothing plugged into the port

link flapping

shutdown command issued on the port

latency

GigabitEthernet0/0

GigabltEthornet0/1

GigabitEthernet0/2

GigabitEthernet0/3

transport input telnet

crypto key generate rsa

ip ssh pubkey-chain

login console

username cisco password 0 Cisco

HTTPS

HTTP

Telnet

SSH

interface FastEthernet0/0ip helper-address 10.0.1.1iaccess-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

interface FastEthernot0/1ip helper-address 10.0.1.1!access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

interface FastEthernetO/0ip helper-address 10.0.1.1Iaccess-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

interface FastEthernet0/1ip helper-address 10.0.1.1!access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

multicast replication at the hardware level

fragmenting and reassembling packets

making routing decisions

forwarding packets

Option A

Option B

Option C

Option D

ip route 172.21.34.0 255.255.255.192 10.73.65.65

ip route 172.21.34.0 255.255.255.0 10.73.65.65

ip route 172.21.34.0 255.255.255.128 10.73.65.66

ip route 172.21.34.0 255.255.128.0 10.73.65.64

They route traffic between devices in different VLANs.

They forward Ethernet frames between VLANs using only MAC addresses.

They move frames between endpoints limited to IP addresses.

They transmit broadcast traffic when operating in Layer 3 mode exclusively.

cost 20

cost 30

cost 40

cost 50

Virtual Route Forwarding

Virtual Switch System

IPsec Transport Mode

Time Division Multiplexer

Change the IP address to 172.16.1.6 and change the subnet mask to 255.255.255.248.

Change the IP address to 172.16.1.6 and change the DNS servers to 172.16.1.12 and 172.16.1.13.

Change the IP address to 172.16.1.9 and change the default gateway to 172.16.1.7.

Change the IP address to 172.16.1.9 and change the DNS server to 172.16.1.12 only.

Maintains stateful transaction information

Responsible for sending data in a particular sequence

Makes forwarding decisions based on MAC addresses

Filters based on a transport layer protocol

Option

Option

Option

Option

There is an extra layer of security that ensures only authorized devices with known MAC addresses connect to the network

There is strong mutual authentication used between NAC and the network devices using X.509 standard

All data frames exchanged between the client and the access point are encrypted

There is a Galcis cache algorithm configured that provides strong encryption and authentication

rewrites the source and destination MAC address

adds unknown source MAC addresses to the CAM table

sends the frame back to the source to verify availability

drops received MAC addresses not listed in the address table

router D

router B

router C

router A

It is a type of operating system virtualization that allows the host operating system to control the different CPU memory processes.

It emulates a physical computer and enables multiple machines to run with many operating systems on a physical machine.

It separates virtual machines from each other and allocates memory, processors, and storage to compute.

It contains a guest operating system and virtual partition of hardware for OS and requires application libraries.

Policing is not supported on subinterfaces.

Shaping and rate limiting have the same effect.

Shaping drops excessive traffic without adding traffic delay.

Shaping levels out traffic bursts by delaying excess traffic.

Policing is performed in the inbound and outbound directions.

SSL/TLS encryption

Challenge-response mechanism

Token-based authorization

Public key infrastructure

to Identify the closest hop to the default gateway In a LAN network

to provide load balancing over multiple gateways in a LAN network

to optimally route traffic based on the forwarding capacity of the edge routing devices in the LAN network

to ensure that user traffic in a LAN rapidly recovers from the failure of an edge routing device

FTP

TFTP

REST API

SMTP

EIGRP

OSPF

Local

RIP

Integrates with a RADIUS server to enforce Layer 2 device authentication rules

Serves as a controller within a controller-based network

Makes forwarding decisions based on learned MAC addresses

Correlates user activity with network events

A spine switch and a leaf switch are added with redundant connections between them.

A spine switch is added with at least 40 GB uplinks.

A leaf switch is added with a single connection to a core spine switch.

A leaf switch is added with connections to every spine switch.

to establish an encrypted tunnel between a remote user and a private network over the internet

to allow access to an enterprise network using any internet-enabled location via a web browser using SSL

to provide a secure link between an HTTPS server, authentication subsystem, and an end-user

to use cryptography for authentication between a device and user over a negotiated VPN gateway

Select the WPA2 Policy and AES check boxes

Select ASCII from the PSK Format drop-down list, enter the key, and leave the Auth Key Mgmt setting blank

Select the WPA2 Policy, AES, and TKIP check boxes

Select CCKM for the Auth Key Mgmt drop-down list, set the PSK Format to Hex, and enter the key

Select PSK from the Auth Key Mgmt drop-down list, set the PSK Format to ASCII, and enter the key

value

object

array

key

mesh

local

bridge

point-to-point

Local

EIGRP

OSPF

RIP

Enabled by default on all VLANs and interfaces

Forwards frames to a neighbor port using CDP

Overwrites the known source MAC address in the address table

Protects against denial of service attacks

LAG

default

trunk

Bopess

to Identify the closest hop to the default gateway In a LAN network

to provide load balancing over multiple gateways in a LAN network

to optimally route traffic based on the forwarding capacity of the edge routing devices in the LAN network

to ensure that user traffic in a LAN rapidly recovers from the failure of an edge routing device

duplex mismatch

bad NIC

high throughput

broadcast storm

Reduces the response time for specific requests to devices with many interfaces

Categorizes traffic and provides insights

Allows the controller to be vendor-agnostic

Streamlines monitoring using SNMP and other polling tools

Set the Layer 2 Security to 802.1X.

Enable TKIP and CCMP256 WPA2 Encryption.

Set the Layer 2 Security to None.

Enable the WPA Policy.

Containers

Cloud computing

Application hosting

Virtualization

Local

EIGRP

RIP

OSPF

0

192.168.10.2

24

1

Ri(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.62R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.5 2

Ri(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.6R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.5

Ri(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.6R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.5

Ri(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.2R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.1

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf network point-to-point

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf cost 5

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf 1 area 2

Router(config)#interface GigabitEthernet 0/0Router(config-if)#ip ospf priority 1

uses dynamic IP address assignment

allows two or more routers to act as a default gateway

uses a destination IP address 224.0.0.102 for router-to-router communication

uses Cisco-proprietary First Hop Redundancy Protocol

Writes the class identifier of a packet to a dedicated field in the packet header

Services traffic according to its class

Configures traffic-matching rules on network devices

Identifies the type of traffic that will receive a particular treatment

via 10.0.4.2

via 10.0.0.2

via FastEthernet0/1

via FastEthernet1/1

ip nat pool NATPOOL 209.165.201.1 209.165.201.3 netmask 255.255.255.248  ip nat inside source list HQC pool NATPOOL overload

ip nat pool NATPOOL 209.165.201.1 209.165.201.248 netmask 255.255.255.248  ip nat outside source list HQC pool NATPOOL overload

ip nat pool NATPOOL 209.165.200.225 209.165.200.226 netmask 255.255.255.252  ip nat outside source list HQC pool NATPOOL overload

ip nat pool NATPOOL 209.165.201.1 209.165.201.5 netmask 255.255.255.248  ip nat inside source list HQC interface gigabitEthernet0/0 overload

ip route 10.0.2.0 255.255.255.240 10.0.0.7 92

ip route 10.0.2.0 255.255.255.248 10.0.0.6 91

ip route 10.0.2.0 256.255.255.240 10.0.0.6 91

ip route 10.0.2.0 255.255.255.248 null0 93

II exclusively predicts device malfunctions.

It enhances data packet delivery speeds.

It simplifies traffic route mapping.

It analyzes patterns for anomaly detection.

channel-group 1 mode desirable

channel-group 1 mode on

channel-group 1 mode auto

channel-group 1 mode active

rewrites the source and destination MAC address

adds unknown source MAC addresses to the CAM table

sends the frame back to the source to verify availability

drops received MAC addresses not listed in the address table

Default

Access

Trunk

LAG

ip nat pool NATPOOL 209.165.201.1 209.165.201.5 netmask 255.255.255.248ip nat inside source list HQC interface gigabitEthernet0/0 overload

ip nat pool NATPOOL 209.165.200.225 209.165.200.226 netmask 255.255.255.252ip nat outside source list HQC pool NATPOOL overload

ip nat pool NATPOOL 209.165.201.1 209.165.201.3 netmask 255.255.255.248ip nat inside source list HQC pool NATPOOL overload

ip nat pool NATPOOL 209.165.201.1 209.165.201.248 netmask 255.255.255.248ip nat outside source list HQC pool NATPOOL overload

WLCIP

gateway IP

autonomous AP IP

ACS IP

F0/8

FO/20

FO/12

FO/17

It analyzes patterns for anomaly detection.

It exclusively predicts device malfunctions.

It simplifies traffic route mapping.

It enhances data packet delivery speeds.

ip route 10.0.2.0 255.255.255.240 10.0.0.6 91

ip route 10.0.2.0 255.255.255.248 10.0.0.6 91

ip route 10.0.2.0 255.255.255.248 null0 93

ip route 10.0.2.0 255.255.255.240 10.0.0.7 92

G0/23

G0/3

G0/16

G0/6

EIGRP

OSPF

RIP

Local

16

32

48

64

configuring a password for the console port

configuring enable passwords on network devices

backing up syslogs at a remote location

setting up IP cameras to monitor key infrastructure

Reduces the forwarding table on network routers

Used on the external interface of a firewall

Used by ISPs when only one IP is needed to connect to the internet

Address space which is isolated from the internet

SSL/TLS encryption

Challenge-response mechanism

Token-based authorization

Public key infrastructure

Disable WPA Policy and WPA Encryption and then enable PSK using ASCII.

Enable PSK and FT PSK and then disable WPA Policy.

Disable WPA Encryption and then enable FT PSK.

Enable PSK using Hex format and then disable WPA Policy.

to specify the type of data format the client prefers to receive

to define the network path the API request should take

to encrypt data sent in the API request

to uniquely identify each client application

Change the IP address to 172.16.1.6 and change the subnet mask to 255.255.255.248.

Change the IP address to 172.16.1.9 and change the default gateway to 172.16.1.7.

Change the IP address to 172.16.1.9 and change the DNS server to 172.16.1.12 only.

Change the IP address to 172.16.1.6 and change the DNS servers to 172.18.1.12 and 172.16.1.13.

10.10.1.2

10.10.2.2

10.10.3.2

10.10.4.2

SW1#(config-line)#login local  SW1#(config-line)#exit  SW1(config)#crypto key generate rsa

SW1#(config-line)#login local  SW1#(config-line)#exit  SW1(config)#enable secret test!2E

SW1#(config-line)#transport input ssh  SW1#(config-line)#exit  SW1(config)#service password-encryption

SW1#(config-line)#exit  SW1(config)#aaa new-model

inserts MAC addresses dynamically into the CAM table

restricts ports to a maximum of 10 dynamically-learned addresses

protects against denial of service attacks

rewrites the source and destination MAC address

password of 8 to 15 characters and personal 12-diglt PIN

authorized USB dongle and mobile phone

fingerprint scanning and facial recognition

complex password and time-based one-time password

Shaping

Policing

Weighted fair queuing

FIFO

1

24

192.168.10.2

0

It ages out the frame until the MAC address becomes known.

It drops the frame to avoid unnecessary network congestion.

It switches the frame to a predetermined port based on settings.

It floods the frame to all ports except the incoming port.

B.

C.

D.

Asset identification

User training

Physical access control

Vulnerability control

acts as a central point for association and authentication servers

selects the best route between networks on a WAN

moves packets within a VLAN

moves packets between different VLANs

makes forwarding decisions based on the MAC address of a packet

The floating static route must have a higher administrative distance than the primary route so it is used as a backup

The administrative distance must be higher on the primary route so that the backup route becomes secondary.

The floating static route must have a lower administrative distance than the primary route so it is used as a backup

The default-information originate command must be configured for the route to be installed into the routing table

on the public-facing interface of a firewall

to allow hosts inside to communicate in both directions with hosts outside the organization

on internal hosts that stream data solely to external resources

on hosts that communicates only with other internal hosts

act as routers to connect a user to the service prowler network

a threat to the network if they are compromised

support inter-VLAN connectivity

enforce policies for campus-wide traffic going to the internet

The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses

The DHCP client can request up to four DNS server addresses

The DHCP server assigns IP addresses without requiring the client to renew them

The DHCP server leases client IP addresses dynamically.

The DHCP client maintains a pool of IP addresses it can assign.

access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any anyinterface GigabitEthernet0/0 ip access-group 100 in

access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any anyline vty 0 15 ip access-group 100 in

access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any anyinterface GigabitEthernet0/0 ip access-group 100 in

access-list 100 deny tcp host 172.16.1.33 any eq 23 access-list 100 permit ip any anyline vty 0 15 ip access-group 100 in

expedited forwarding

traffic policing

round-robin scheduling

low-latency queuing

worm

malware

DDoS

man-in-the-middle

overlay

northbound

underlay

southbound

configure port in the native VLAN

configure ports in a black hole VLAN

configure in a nondefault native VLAN

configure ports as access ports

TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to ensure applications receive the data on the remote end.

UDP sets up a connection between both devices before transmitting data. TCP uses the three-way handshake to transmit data with a reliable connection.

UDP is used for multicast and broadcast communication. TCP is used for unicast communication and transmits data at a higher rate with error checking.

TCP requires the connection to be established before transmitting data. UDP transmits data at a higher rate without ensuring packet delivery.

Filter traffic based on destination IP addressing

Sends the default route to the hosts on a network

ensures a loop-free physical topology

forwards multicast hello messages between routers

a list of the available IP addresses in a pool

a list of public IP addresses and their corresponding names

usernames and passwords for the end users in a domain

a list of statically assigned MAC addresses

latency

port security violation

shutdown command issued on the port

nothing plugged into the port

BPDUfilter

PortFast

Backbonefast

BPDUguard

switchport access vlan 67

switchport trunk allowed vlan 67

switchport private-vlan association host 67

switchport trunk native vlan 67

Facilities communication between the controller and the applications

Facilities communication between the controller and the networking hardware

allows application developers to interact with the network

integrates a controller with other automation and orchestration tools.

A TCP connection has been torn down

An ICMP connection has been built

An interface line has changed status

A certificate has expired.

on the router closest to the server

on the router closest to the client

on every router along the path

on the switch trunk interface

Frames are sent to every port on the switch in the same VLAN except from the originating port

Frames are sent to every port on the switch that has a matching entry in the MAC address table.

Frames are sent to all ports, including those that are assigned to other VLANs.

Frames are sent to every port on the switch in the same VLAN.

relay agent information

database agent

address pool

smart-relay

manual bindings

It provides traffic load balancing to destinations that are more than two hops from the source.

It provides the default gateway redundancy on a LAN using two or more routers.

It allows neighbors to share routing table information between each other.

It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.

SMTP

SNMP

TCP

FTP

firewall

switch

access point

wireless controller

YAML

JSON

EBCDIC

SGML

XML

local port ID

lowest path cost to the root bridge

lowest neighbor ' s bridge ID

lowest neighbor ' s port ID

platform-as-a-service

software-as-a-service

network-as-a-service

infrastructure-as-a-service

reduced management overhead on network routers

balancing traffic across multiple gateways in proportion to their loads

higher degree of availability

reduced ARP traffic on the network

ipv6 address 2001:db8::700:3:400F:572B

ipv6 address 2001:db8:0::700:3:4F:572B

ipv6 address 2001:Odb8::7:3:4F:572B

ipv6 address 2001::db8:0000::700:3:400F:572B

communicates between the controller and the physical network hardware

reports device errors to a controller

generates statistics for network hardware and traffic

facilitates communication between the controller and the applications

local port ID

lowest path cost to the root bridge

lowest neighbor ' s bridge ID

lowest neighbor ' s port ID

intrusion detection

user awareness

physical access control

network authorization

relay agent information

database agent

address pool

smart-relay

manual bindings

209.165.200.0/27

10.10.10.0/28

0.0.0.0/0

10.10.13.0/24

sent to the port identified for the known MAC address

broadcast to all ports

forwarded to the first available port

flooded to all ports except the one from which it originated

Both have a 50 micron core diameter

Both have a 9 micron core diameter

Both have a 62.5 micron core diameter

Both have a 100 micron core diameter

separate from other VLANs within the administrative domain

give it a value in the private VLAN range

assign it as VLAN 1

configure it as a different VLAN ID on each end of the link

Central AP management requires more complex configurations

Unique SSIDs cannot use the same authentication method

It supports autonomous and lightweight APs

It eliminates the need to configure each access point individually

Option A

Option B

Option C

Option D

outside global

outsdwde local

inside global

insride local

outside public

inside public

spanning -tree vlan 200 priority 614440

spanning -tree vlan 200 priority 38572422

spanning -tree vlan 200 priority 0

spanning -tree vlan 200 root primary

There is a native VLAN mismatch

Access mode is configured on the switch ports.

The PCs are m the incorrect VLAN

All VLANs are not enabled on the trunk

adminadmin123

default

testing 1234

cisco123

Provide uninterrupted forwarding service.

Police traffic that is sent to the edge of the network.

Provide direct connectivity for end user devices.

Ensure timely data transfer between layers.

Inspect packets for malicious activity.

builds a flat structure of DNS names for more efficient IP operations

encrypts network Traffic as it travels across a WAN by default

improves security by protecting IP addresses under Fully Qualified Domain Names (FQDNs)

enables applications to identify resources by name instead of IP address

allows a single host name to be shared across more than one IP address

ARP

DHCP

CDP

DNS

Each leaf switch is connected to one of the spine switches.

Each leaf switch is connected to two spine switches, making a loop.

Each leaf switch is connected to each spine switch.

Each leaf switch is connected to a central leaf switch, then uplinked to a core spine switch.

TCP is a connectionless protocol that does not provide reliable delivery of data, UDP is a connection-oriented protocol that uses sequencing to provide reliable delivery.

TCP does not guarantee delivery or error checking to ensure that there is no corruption of data UDP provides message acknowledgement and retransmits data if lost.

TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking for sequencing

TCP uses windowing to deliver packets reliably; UDP provides reliable message transfer between hosts by establishing a three-way handshake

A network device has restarted

An ARP inspection has failed

A routing instance has flapped

A debug operation is running

show ip route

show ip interface

show interface

show cdp neighbor

CPU ACL

TACACS

Flex ACL

RADIUS

Ipv6 route 2001:db8:23::/128 fd00:12::2

Ipv6 route 2001:db8:23::14/128 fd00:13::3

Ipv6 route 2001:db8:23::14/64 fd00:12::2

Ipv6 route 2001:db8:23::/64 fd00:12::2

Ipv6 route 2001:db8:23::14/64 fd00:12::2 200

wireless to an access point that is physically connected to the network

a cable connected to a physical switch on the network

a virtual switch that links to an access point that is physically connected to the network

a software switch on a hypervisor that is physically connected to the network

access-list 2699 permit udp 10.20.1.0 0.0.0.255

no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22

access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22

no access-list 2699 deny ip any 10.20.1.0 0.0.0.255

ipv6 address dhcp

ipv6 address 2001:DB8:5:112::/64 eui-64

ipv6 address autoconfig

ipv6 address 2001:DB8:5:112::2/64 link-local

uses predefined tags or angle brackets () to delimit markup text

used to describe structured data that includes arrays

used for storing information

similar to HTML, it is more verbose than XML

84

110

128

192

193

Clock timezone

Clock summer-time-recurring

Clock summer-time date

Clock set

configure IEEE 802.1p

configure IEEE 802.1q

configure ISL

configure DSCP

Enable the allow AAA Override

Enable the Even: Driven RRM.

Disable the LAG Mode or Next Reboot.

Enable the Authorized MIC APs against auth-list or AAA.

read

update

create

delete

Ansible

JSON

Chef

Puppet

It automatically provides a second authentication factor that is unknown to the original user.

It uses an internal firewall to protect the password repository from unauthorized access.

It protects against keystroke logging on a compromised device or web site.

It stores the password repository on the local workstation with built-in antivirus and anti-malware functionality

It encourages users to create stronger passwords.

disk

applications

VM configuration file

operating system

The frame has zero destination MAC addresses.

The source MAC address of the frame is unknown

The source and destination MAC addresses of the frame are the same

The destination MAC address of the frame is unknown.

Enable Security Association Teardown Protection and set the SA Query timeout to 10

Enable MAC filtering and set the SA Query timeout to 10

Enable 802.1x Layer 2 security and set me Comeback timer to 10

Enable the Protected Management Frame service and set the Comeback timer to 10

R2 is using the passive-interface default command

R1 has an incorrect network command for interface Gi1/0

R2 should have its network command in area 1

R1 interface Gil/0 has a larger MTU size

HTTPS

RADIUS

TACACS+

HTTP

Eliminating training needs

Increasing reliance on self-diagnostic and self-healing

Policy-derived provisioning of resources

Providing a ship entry point for resource provisioning

Reducing hardware footprint

No router ID is set, and the OSPF protocol does not run.

The highest up/up physical interface IP address is selected as the router ID.

The lowest IP address is incremented by 1 and selected as the router ID.

The router ID 0.0.0.0 is selected and placed in the OSPF process.

The trunk does not form and the ports go into an err-disabled status.