Appendix A. Answers to the “Do I Know This Already?” Quiz Questions Q&A Questions
“Do I Know This Already?” Answers
Chapter 1
1. B. Private IPv4 address blocks are 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255.255, and 192.168.0.0 to 192.168.255.255.0.
2. B. There are 5 host bits: 25 − 2 = 30 hosts.
3. D. Loopback addresses should have a /32 mask so that address space is not wasted.
4. C. The precedence bits are located in the Type of Service field of the IPv4 header.
5. B. Multicast addresses range from 224.0.0.1 to 239.255.255.255.
6. D. The summary route summarizes subnetworks from 150.10.192.0/24 to 150.10.199.0/24. Answer D is the only one that includes them.
7. D. Point-to-point links need only two host addresses. They use a /30 mask, which provides 22 − 2 = 2 host addresses.
8. C. DHCP assigns IP addresses dynamically.
9. C. Static NAT is used to statically translate public IP addresses to private IP addresses.
10. C. The DS field allocates 6 bits in the ToS field, thus making it capable of 64 distinct codepoints.
Chapter 2
1. C. IPv6 uses 128 bits for addresses, and IPv4 uses 32 bits, so the difference is 96.
2. C. The IPv6 header is 40 bytes in length.
3. C. The defining first hexadecimal digits for link-local addresses are FE8.
4. D. IPv6 addresses can be unicast, anycast, or multicast.
5. B. Answers A and C are incorrect because you cannot use the double colons (::) twice. Answers C and D are also incorrect because you cannot reduce b100 to b1.
6. C. DNS64 is a DNS mechanism that synthesizes AAAA records from A records.
7. B. The IPv6 multicast address type handles broadcasts.
8. B. The IPv6 loopback address is ::1.
9. A. IPv4-compatible IPv6 addresses have the format ::d.d.d.d.
10. C. The DNS maps fully qualified domain names to IPv6 addresses using (AAAA) records.
11. B. IPv6 increases the address space, which allows globally unique IP addresses. Broadcasts are no longer used.
12. C.
13. D.
14. B. IP Migrate is not an IPv4-to-IPv6 migration strategy
Chapter 3
1. B. The default metric for interfaces for IS-IS is 10.
2. D. Both Level 2 and Level 1/2 routers are used to interconnect IS-IS areas.
3. A. RIPv2 is a classless distance-vector routing protocol.
4. B. Distance-vector routing protocols send periodic updates.
5. B. In IS-IS, every interface has a default metric of 10.
6. B. If bandwidth is used, the path with the highest bandwidth is selected. If cost is used, the path with the lowest cost is selected.
7. B. OSPF has an administrative distance of 110. EIGRP has an administrative distance of 90. The route with the lower administrative distance is selected: EIGRP.
8. B. The feasible successor satisfies the feasibility condition and is maintained as a backup route.
9. B. The default metrics for EIGRP are bandwidth and delay.
10. C. EIGRP implements DUAL.
Chapter 4
1. C. In OSPF, summarization of internal routes is performed on the ABRs.
2. D. Weight is assigned locally on a router to specify a preferred path if multiple paths exist out of a router for a destination.
3. B. OSPF defines the ASBR as the router that injects external routes into the OSPF autonomous system.
4. E. OSPFv2 Type 5 LSAs are autonomous system external LSAs.
5. C. OSPFv2 routers use 224.0.0.6 to communicate with DRs.
6. A. Type 1 LSAs (router LSAs) are forwarded to all routers within an OSPF area.
7. D. Intra-area-prefix LSAs carry IPv6 prefixes associated with a router, a stub network, or an associated transit network segment.
8. B. You use External Border Gateway Protocol (eBGP) to exchange routes between autonomous systems.
9. B. It is a best practice to summarize routes on the distribution routers toward the core.
10. A. The administrative distance of eBGP routes is 20. The administrative distance of Internal BGP (iBGP) routes is 200.
Chapter 5
1. B. You use IGMP between hosts and local routers to register with multicast groups.
2. B. The lower 23 bits of the IP multicast address are mapped to the last 23 bits of the Layer 2 MAC address.
3. C. SNMPv3 introduces authentication and encryption for SNMP.
4. A. Managed devices contain SNMP agents.
5. C. An OOB management network uses separate infrastructure.
6. C. SSM eliminates the RPs and shared trees and only builds a SPT.
7. C. The NMS manager uses the GetBulk operation to retrieve large blocks of data, such as multiple rows in a table.
8. A. RMON1 is focused on the data link and physical layers of the OSI model.
9. B. Community is not an SNMP operation.
10. A. Source trees are also called shortest-path trees (SPTs) because they create paths without having to go through a rendezvous point (RP).
Chapter 6
1. B. The core layer is responsible for fast transport.
2. C. The maximum distance for 100BASE-T is 100 meters.
3. C. The distribution layer is responsible for security filtering, address and area aggregation, and media translation.
4. C. Multimode fiber provide a cost-effective solution for that distance. Single-mode fiber is more expensive. UTP’s maximum distance is 100 meters.
5. C. PortFast bypasses the listening/learning phase for access ports and goes directly to the port-forwarding state.
6. C. The maximum power per PSE port for Cisco UPOE is 60W; for PoE it is 15.4W, for PoE+ it is 30W, and for Cisco UPOE+ it is 90W.
7. B. Wake on LAN (WoL) is a combination of hardware and software technologies to wake up sleeping systems. The WoL feature allows an administrator to remotely power up all sleeping machines so that they can receive updates.
8. D. The access layer functions are high availability, port security, rate limiting, ARP inspection, and trust classification.
Chapter 7
1. A. In the Layer 3 access layer, there is no need for an FHRP.
2. B and C. HSRP and VRRP provide default gateway redundancy.
3. B. 20% of traffic is local and 80% is external to the local LAN.
4. B. Routes are summarized at the distribution layer.
5. D. Use EtherChannel to merge the two physical units into one.
6. C. This is a peer-to-peer application.
7. C. Virtual Router Redundancy Protocol (VRRP) is an IETF standard.
8. D. Stacking switch technology allows you to increase the number of ports in the access layer while still using the same uplinks and ports in the distribution layer.
Chapter 8
1. C. Internet, remote-access DMZ, and service provider edge are the only modules or blocks used in the enterprise edge.
2. D. E-commerce and remote-access services use the DMZ in the enterprise edge.
3. C. 4G LTE Advanced download peak rates are up to 600 Mbps, and upload peak rates are up to 100 Mbps.
4. A and D. Both VPWS and VPLS are Layer 2 VPN technologies that service providers offer.
5. D. Multiprotocol Label Switching (MPLS) uses labels appended to IP packets or Layer 2 frames for the transport of data.
6. D. Dense wavelength-division multiplexing (DWDM) increases the bandwidth capabilities of fiber by using different wavelengths of light called channels over the same fiber strand.
7. A. GETVPN is not typically used on the Internet because NAT does not work due to the original IP addressing preservation.
8. D. VPWS provides a point-to-point WAN link between two sites over an MPLS provider backbone.
9. A. Dynamic Multipoint VPN (DMVPN) is a Cisco IOS solution for building IPsec over GRE VPNs in a dynamic and scalable manner.
10. D. MPLS labels can be used to implement traffic engineering by overriding the routing tables with specific paths through the network.
Chapter 9
1. C. Throughput is the measure of data transferred from one host to another in a given amount of time.
2. A. Modularity with additional devices, services, and technologies is a description of the key design principle scalability.
3. D. 8756 / 8760 × 100 yields the availability percentage, which is 99.95%.
4. C. The highest level of resiliency for services avoids single points of failures for both the router and the circuits by using dual routers with one circuit per router.
5. A. To eliminate single points of failures on both routers and circuits, you need dual routers with one circuit per router.
6. B. Adding a secondary WAN link makes the network more fault tolerant by allowing for both a backup link and load sharing.
7. D. Low-latency queuing (LLQ) adds a strict priority queue to CBWFQ.
8. A. Congestion management is a mechanism to handle traffic overflow using a queuing algorithm.
9. B. IntServ uses Resource Reservation Protocol (RSVP) to explicitly request QoS for the application along the end-to-end path through devices in the network.
10. A. The token bucket technique uses traffic shaping to release the packets into the output queue at a preconfigured rate.
Chapter 10
1. A. Automation, policy, and assurance are key benefits of SD-Access; compatibility is not.
2. A and C. The SD-Access fabric and Cisco DNA Center are two main components of SD-Access architecture.
3. D. The two main things that LISP keeps track of are the routing locator (RLOC) or router location and the endpoint identifier (EID), which is the IP address or MAC address.
4. C. Cisco ISE is tightly integrated with DNA Center through REST APIs to provide the SGT information needed to enforce policy.
5. B. With the over-the-top method of wireless integration with the SD-Access fabric, the control plane and data plane traffic from the APs use CAPWAP-based tunnels.
6. A. Microsegmentation enables data plane isolation and provides a simple way to manage group-based policies between groups of endpoints with a VN.
7. D. Medium sites can support up to 25,000 endpoints and up to 64 VNs.
8. D. Multicast Source Discovery Protocol (MSDP) can be used for RP redundancy.
9. A. There are 16 million VNI segments possible with VXLAN.
10. D. The fusion router fuses the SD-Access VNs into the organization’s GRT of the external network.
Chapter 11
1. B. vSmart is the brains of the SD-WAN architecture.
2. D. vBond performs the initial authentication of vEdge devices and orchestrates vSmart and vEdge connectivity.
3. B. With manual configuration, a site network administrator manually configures minimal information that allows a vEdge device to connect with the vBond orchestrator.
4. OMP advertises prefix, TLOC, and service routes.
5. D. VRRP is used for Layer 2 redundancy.
6. B. The BFD probes provide information about latency, jitter, and loss on all the transport links.
7. B. In the control plane, add a vSmart controller to increase capacity.
8. C. Cisco SD-WAN supports only PIM-SM.
Chapter 12
1. B. XML is the data encoding format that uses these tags.
2. D. RESTCONF is an HTTP-based protocol that provides a programmatic interface for accessing YANG data.
3. A. YANG is a data modeling language used to describe the data for network configuration protocols.
4. C. Containers are used to group related nodes in a YANG data model.
5. A. NETCONF is defined by the IETF and supports running, candidate, and startup configuration data stores.
6. D. RESTCONF uses HTTP operations to provide create, retrieve, update, and delete (CRUD) operations on a NETCONF data store.
7. B. The IETF is an Internet standards body that develops open standards using open processes and working groups.
8. D. OpenConfig is a group of network operators working on developing programmable interfaces and tools for managing networks in a vendor-neutral way.
9. A. Model-driven telemetry is a new concept for network monitoring in which data is streamed from network devices continuously to subscribers using NETCONF.
10. C. A periodic publication is a subscription that is useful for when a data value changes occasionally but the information needs to be sent in a timely manner.
Quiz Answers
Chapter 1
1. 10/8, 172.16/12 (172.16.0.0 to 172.31.255.255), and 192.168/16.
2. True. You can use DHCP to specify several host IP configuration parameters, including IP address, mask, default gateway, DNS servers, and TFTP server.
3. False. The bit-number representation of 255.255.255.248 is /29. /28 is the same mask as 255.255.255.240.
4. True.
5. 20 (bytes).
6. DSCP uses 6 bits, which provides 64 levels of classification.
7. True.
8. False. The header checksum field only includes a checksum of the IP header; it does not check the data portion.
9. The subnet is 172.56.4.0/22, the address range is from 172.56.4.1 to 172.56.7.254, and the subnet broadcast is 172.56.7.255.
10. The IP layer in the destination host.
11. B. DHCP configures the IP address, subnet mask, default gateway, and other optional parameters.
12. C. Class B networks have 16 bits for host addresses with the default mask: 216 − 2 = 65,534.
13. B. A /26 mask has 26 network bits and 6 host bits.
14. C. Network 192.170.20.16 with a prefix of /29 summarizes addresses from 192.170.20.16 to 192.170.20.23.
15. B. AF3 is backward compatible with IP precedence priority traffic with a binary of 011.
16. A. IPv4 packets can be fragmented by the sending host and routers.
17. B. Multicast addresses are received by a set of hosts subscribed to the multicast group.
18. B, D, and E. The three types of IPv4 address are unicast, broadcast, and multicast.
19. A, C, and D. End-user workstations, Cisco IP phones, and mobile devices should have their IP addresses assigned dynamically.
20. B. Dynamic name resolution reduces administrative overhead. Name-to-IP address tables do not need to be configured.
21. B. There are 4 bits to determine the number of host addresses: 24 − 2 = 16 − 2 = 14.
22. B. Answer B allows up to 6 hosts. Answer A allows only 2 hosts, which is too small. Answer C allows 14 hosts, which is larger than Answer B.
23. D, G, and I.
24. C. PAT.
25. C. RIPE.
26. B. VLSM.
27. C. The American Registry for Internet Numbers allocates IP address blocks for the United States, Canada, several parts of the Caribbean region, and Antarctica.
28. D. The Asia-Pacific Network Information Centre allocates IP address blocks for Asia, Australia, New Zealand, and neighboring counties.
29. C. Subnet 172.16.45.224.
30. B. The networks in Answer B provide 126 addresses for hosts in each LAN at Site B.
31. A. Network 192.168.15.0/25 provides 126 addresses for LAN 1, network 192.168.15.128/26 provides 62 addresses for LAN 2, and network 192.168.15.192/27 provides 30 addresses for LAN 3.
32. D. You need only two addresses for the WAN link, and the /30 mask provides only two.
33. A. Private addresses are not announced to Internet service providers.
34. B. NAT translates internal private addresses to public addresses.
35. D. VLSM provides the ability to use different masks throughout the network.
Chapter 2
1. False. OSPFv3 supports IPv6. OSPFv2 is used in IPv4 networks.
2. True.
3. ARP.
4. 16.
5. 0110. The first field of the IPv6 header is the Version field. It is set to binary 0110 (6).
6. False.
7. 0xFF (1111 1111 binary).
8. FE8/10.
9. True.
10. Version, Traffic Class, Flow Label, Payload Length, Next Header, Hop Limit, IPv6 Source Address, and IPv6 Destination Address.
11. B. IPv6 address types are unicast, anycast, and multicast.
12. False. The longer set of zeros should be compressed. The valid representation is 2001:0:0:1234::abcd.
13. 2001:1:0:ab0::/64.
14. 32.
15. It is a multicast address. All IPv6 multicast addresses begin with hexadecimal FF.
16. C. Answers A, B, and D are incorrect because 0100 does not compact to 01. Answer B is also incorrect because 0010 does not compact to 001.
17. A. The dual-stack backbone routers handle packets between IPv4 hosts and IPv6 hosts.
18. B. DNS indicates which stack to use. DNS A records return IPv4 addresses. DNS AAAA records return IPv6 addresses.
19. B.
20. A and D.
21. D. IPv4 packets can be fragmented by the sending host and routers. IPv6 packets are fragmented by the sending host only.
22. A. Anycast addresses reach the nearest destination in a group of hosts.
23. D.
24. D.
25. C and D.
26. A.
27. D.
28. C. Running dual-stack IPv4 and IPv6 on hosts and routers allows for full flexibility for communications for the corporation internally, with partners, and with the Internet.
29. B.
30. B.
31. A and C.
32. A.
33. C.
34. A.
35. D.
36. A. All the networks can be summarized with a 52-bit mask.
37. C. SLAAC is used first to assign the IPv6 address, and then DHCPv6 is used to assign additional options.
38. C. Link-local and site-local addresses are unicast addresses, and multicast addresses are sent to a group of hosts. Anycast addresses are routed to the nearest receiver from a group of hosts.
39. B. A packet with a link-local source address remains with the local link.
40. B and D. Only OSPF and IS-IS are link-state routing protocols.
41. A, C, and E. Dual-stack, tunneled, and translation are strategies for transitioning to IPv6.
42. B. ISATAP uses a well-defined IPv6 address format composed of any unicast prefix of 64 bits, which can be a link-local or global IPv6 unicast prefix. It then uses the 32 bits 0000:5EFE that define the ISATAP address ending with the 32-bit IPv4 address of the ISATAP link.
43. C. IPv6 multicast “all-nodes” addresses replace IPv4 broadcasts.
44. D. Unique local unicast IPv6 addresses use the FC00::/7 prefix.
45. C. NAT64 is a transition mechanism that does translation where the IPv6 client can reach IPv4-only servers.
46. D. 2001:4C::9A:0:0:1 is the correct representation since the first set of 16-bit pairs is the set that should be compressed.
47. D.::FFFF:0:0/96 addresses are IPv4-mapped IPv6 addresses. 2000::/3 addresses are global unicast addresses, FE80::/10 addresses are link local addresses, and 0000::/96 addresses were IPv4-compatible IPv6 addresses that have been deprecated.
48. C. Stateful NAT64.
49. B. 6RD tunnels allow an SP to provide unicast IPv6 service to its customers over its IPv4 network.
50. A. If an AAAA query is returned empty, the DNS64 server queries the IPv4 DNS authoritative server for an A record.
51. E. Both answers B and C are correct. The WKP 64:ff9b::/96 is not globally routable, and an NSP needs to be defined. 2001:FF9b::/96 is not a NAT64 WKP.
52. Implement a dual-stack backbone or implement IPv6 over IPv4 tunnels.
53. NAT64 is used to provide translation between IPv6 and IPv4 hosts.
54. If a dual-stack backbone is implemented, only the WAN routers require an IPv6/IPv4 dual stack. End hosts do not need a dual stack.
55. No. All WAN routers still run the IPv4 stack, with two exceptions: the WAN routers at Sites A and B. These routers speak IPv6 within their sites and speak IPv4 to the WAN.
Chapter 3
1. False. Distance-vector routing protocols send periodic routing updates.
2. True. The lowest cost is preferred.
3. True. The higher value for reliability is preferred.
4. False. The link with the lower load is preferred.
5. The EIGRP route. EIGRP routes have an administrative distance of 90, and OSPF routes have an administrative distance of 100. The lower administrative distance is preferred.
6. The IS-IS route. IS-IS routes have an administrative distance of 115, and RIP routes have an administrative distance of 120. The lower administrative distance is preferred.
7. The OSPF route is used to reach the destination because it is a more specific route.
8. A. The best reliability is 255/255 (100%), and the best load is 1/255 (approximately 0%).
9. C and E. IS-IS and OSPF permit an explicit hierarchical topology.
10. Delay is based on the amount of time it takes a packet to travel from one end to another in an internetwork.
11. i = C, ii = A, iii = D, iv = B.
12. B. OSPFv3 is the only standards-based routing protocol in the list that supports large networks. RIPng has limited scalability.
13. C, D, and E. Link-state routing protocols plus EIGRP’s hybrid characteristics converge faster.
14. C. EIGRP supports large networks and does not require a hierarchical network.
15. F. BGP is used to connect to ISPs.
16. D. OSPFv3 is the only correct answer. RIPv2 is for IPv4 networks. EIGRP is not a standards-based protocol. BGPv6 and RIPv3 do not exist.
17. B and C. IGPs converge faster than EGPs.
18. C. Faster routing convergence means more accurate information.
19. B and C. EIGRP uses DUAL for fast convergence and supports VLSMs.
20. i = D, ii = B, iii = A, iv = C.
21. i = B, ii = D, iii = A, iv = C.
22. i = C, ii = A, iii = D, iv = B.
23. B. The EIGRP route has a lower administrative distance.
24. D. IS-IS.
25. B. The default IS-IS cost metric for any interface type is 10.
26. D. IS-IS does not define BDRs.
27. C. EIGRP.
28. C. EIGRP.
29. C and E.
30. A, B, D, and F.
31. B and C.
32. A and C.
33. B and C.
34. C. EIGRP for IPv6.
35. C. 1900.6500.0001 is the system ID, 49 is the AFI, and 0001 is the area ID.
36. B. 2. The variance command configures EIGRP to accept unequal-cost routes with a metric of less than 2 × 20 = 40. The route with a metric of 35 is added.
37. A. Administrative distances are BGP = 20, EIGRP = 90, OSPF = 110, IS-IS = 115, and RIP = 120.
38. B. Administrative distances are EIGRP = 90, OSPF = 110, IS-IS = 115, RIP = 120, and iBGP = 200.
39. A is EIGRP for IPv6, B is OSPFv2, C is RIPv2, D is EIGRP for IPv4, and E is OSPFv3.
40. B. Path 2 has greater bandwidth.
41. C. Load sharing is enabled with the variance command.
42. B. By default, Path 2 has higher bandwidth and thus has the better metric.
43. A. IS-IS chooses Path 1 with a metric of 10 over Path 2 with a metric of 30.
44. D. The EIGRP successor is the path with the lowest metric.
45. C. The feasible successor is the backup route.
46. B. The EIGRP delay does not affect other routing protocols.
47. B. The passive route is stable.
48. D. IS-IS supports routing of OSI, IPv4, and IPv6 protocols.
Chapter 4
1. False. A router with one or more interfaces in Area 0 is considered an OSPF backbone router.
2. True.
3. 224.0.0.5 for ALLSPFRouters and 224.0.0.6 for ALLDRouters.
4. FF02::5 for ALLSPFRouters and FF02::6 for ALLDRouters.
5. The administrative distance of OSPF is 110.
6. OSPF ABRs generate the Type 3 summary LSA for ABRs.
7. OSPF DRs generate Type 2 network LSAs.
8. Included are the router’s links, interfaces, link states, and costs.
9. False. The router with the highest priority is selected as the OSPF designated router.
10. False. You use eBGP to exchange routes between different autonomous systems.
11. True.
12. 20, 200.
13. i = C, ii = B, iii = A, iv = D.
14. OSPF. Although RIPv2 and EIGRP support VLSM, RIPv2 is no longer recommended. EIGRP is not supported on non-Cisco routers.
15. You do not need to flood external LSAs into the stub area, and not doing this flooding reduces LSA traffic.
16. All traffic from one area must travel through Area 0 (the backbone) to get to another area.
17. OSPFv3 is identified as IPv6 Next Header 89.
18. F. EIGRP and OSPFv2 are recommended for large enterprise networks.
19. C. Link LSAs are flooded to the local link.
20. E. EIGRP and OSPFv2 have fast convergence.
21. F. EIGRP for IPv6 and OSPFv3 have fast convergence for IPv6 networks.
22. H. RIPv1 and RIPv2 generate periodic routing traffic. IS-IS is used in SP networks. BGP is used for external networks.
23. B. From Router A, the OSPF cost for Path 1 is 108 / 256 kbps = 390. The OSPF cost for Path 2 is (108 / 1536 kbps) + (108 / 1024 kbps) + (108 / 768 kbps) = 65 + 97 + 130 = 292. OSPF selects Path 2 because it has a lower cost.
24. Router A = internal; Router B = ABR; Router C = backbone; Router D = ASBR; Router E = ABR; Router F = internal.
25. i = B, ii = C, iii = D, iv = A.
26. Weight. Weight is configured locally and is not exchanged in BGP updates. On the other hand, the local preference attribute is exchanged between iBGP peers and is configured at the gateway router.
27. Route reflectors reduce the number of iBGP logical mesh connections.
28. External peers see the confederation ID. The internal private autonomous system numbers are used within the confederation.
29. BGP confederations, route reflectors.
30. B. The correct order of BGP path selection is weight, local preference, autonomous system path, origin, MED, and lowest IP address.
31. C.
32. C.
33. C.
34. D. BGP.
35. A and D.
36. B.
37. A.
38. C.
39. A and D.
40. D. R4.
41. B. BGP should be configured between AS 100 and AS 500.
42. C. Both Routers A and B perform the redistribution with route filters to prevent route feedback.
43. B. The OSPF routes are redistributed into EIGRP. Then you can redistribute EIGRP routes into BGP.
44. D. You should use filters on all routers performing redistribution.
45. D. Atomic aggregate and local preference are BGP well-known discretionary attributes.
46. A. AS_Path and next hop are BGP well-known discretionary BGP attributes. Origin is also a well-known discretionary BGP attribute, but MED is optional nontransitive.
47. C. Aggregator and community are BGP optional transitive attributes.
48. B. The IP address of the BGP peer might be in the OSPF routes and not in the eBGP routes.
49. B. When used within an AS, iBGP carries eBGP attributes that otherwise would be lost if eBGP were redistributed into an IGP.
50. D. OSPF metrics are not automatically converted into EIGRP metrics. If an EIGRP metric is not defined, then infinity is assigned to the redistributed routes, which are thus not injected into the routing table.
Chapter 5
1. True.
2. False. PIM does not have a hop count limit. DVMRP has a hop count limit of 32.
3. True.
4. i = D, ii = B, iii = A, iv = C.
5. i = E, ii = C, iii = A, iv = B, v = D.
6. D.
7. Data link layer.
8. Notice level.
9. False.
10. True.
11. Device ID, IP address, capabilities, OS version, model number, and port ID.
12. D. A trap message is sent by the agent when a significant event occurs.
13. A. The NMS manager uses the Get operation to retrieve the value-specific MIB variable from an agent.
14. B. The NMS manager uses the Set operation to set values of the object instance within an agent.
15. C. More than 500 syslog facilities can be configured on Cisco IOS.
16. B. At the authNoPriv level, authentication is provided, but encryption is not.
17. B. CBC-DES is the encryption algorithm used by SNMPv3.
18. B, C, and D.
19. D. RMON2 provides monitoring information from the network to the application layers.
20. A. The authPriv level provides authentication and encryption.
21. i = C, ii = A, iii = D, iv = B.
22. A. Syslog level 0 indicates an emergency and that the system is unusable.
23. B. RMON2 allows for Layer 4 monitoring. NetFlow is not a long-term trending solution.
24. C. NetFlow does network traffic analysis.
25. E. MIB is the database that stores information.
26. C. ASN.1 is used to define information being stored.
27. C. authNoPriv provides authentication and no encryption.
28. D. Community is not an SNMP operation.
29. E. Private MIBs can be used for vendor-specific information.
30. C. NetFlow allows for network planning, traffic engineering, usage-based network billing, accounting, denial-of-service monitoring, and application monitoring. One big benefit is that NetFlow provides the data necessary for billing of network usage.
31. C. NetFlow can be configured to provide timestamped data on multiple interfaces.
32. A, B, and D. NetFlow consists of three major components: NetFlow accounting, flow collector engines, and network data analyzers.
33. B. Multicast RPF is used to prevent forwarding loops.
34. C. The RP knows of all sources in the network.
35. C. (*,G) means any source to group G.
36. B. With BIDIR-PIM, the first packets from the source are not encapsulated, and there are no (S,G) states.
37. E. SSM is recommended for broadcast applications and well-known receivers.
38. C. MSDP is used to interconnect PIM-SM domains.
39. A. Network management traffic should be assigned CoS of 2.
40. B. SSM eliminates the RPs and shared trees of sparse mode and only builds an SPT.
Chapter 6
1. False
2. True
3. False. A full-mesh network increases costs.
4. Use n(n − 1)/2, where n = 6. 6(6 − 1)/2 = (6 × 5)/2 = 30/2 = 15.
5. Cost savings, ease of understanding, easy network growth (scalability), and improved fault isolation.
6. False. Small campus networks can have collapsed core and distribution layers and implement a two-layer design. Medium campus networks can have two-tier or three-tier designs.
7. Use the formula n(n − 1)/2, where n = 10. 10(10 − 1)/2 = 90/2 = 45 links.
8. B. The distribution layer provides routing between VLANs and security filtering.
9. D and E. The access layer concentrates user access and provides PoE to IP phones.
10. B and C. The distribution layer concentrates the network access switches and routers and applies network policies with access lists.
11. A and F. The core layer provides high-speed data transport without manipulating the data.
12. A and C.
13. B. Partial-mesh connectivity is best suited for the distribution layer.
14. A and B.
15. B. VSS allows a Catalyst switch pair to act as a single logical switch.
16. C, E, and F. Core, distribution, and access layers.
17. C. Build in triangles.
18. C.
19. B.
20. D.
21. C.
22. D.
23. A and B.
24. B.
25. C. Multimode fiber provides the necessary connectivity at the required distance. UTP can reach only 100 meters. Single-mode fiber is more expensive.
26. C. Disabling trunking on host ports and using RPVST+ are best practices at the access layer.
27. B. The use of HSRP and summarization of routes are best practices in the distribution layer.
28. A. Best practices for the core include the use of triangle connections to reduce switch peering and using routing to prevent network loops.
29. A. The core and the distribution layers should be connected using redundant Layer 3 triangular links.
30. A, B, G, and H.
31. A, C, and E.
32. A, E, and G.
33. C.
34. A.
35. A and E.
36. C.
37. B.
38. A.
39. B, C, and D.
40. C. The Spanning Tree Protocol root bridge and HSRP active router should match.
41. A = ii, B = i, C = iii, D = iv.
42. A and B.
43. C and D.
44. C. UPOE provides up to 51W to a powered device.
45. C. Wake on LAN.
46. B. Build triangles.
47. C. Category 6a.
48. A. Apply PortFast to all end-user ports. Apply RootGuard to all ports where a root is never expected.
Chapter 7
1. A. IP phone–to–IP phone communication is an example of peer-to-peer communication.
2. C. Create a data center server segment that enables the enforcement of security policies.
3. B. These are design considerations for the distribution layer.
4. D. All these are server connectivity options.
5. B. The building subnets are too large and should be further segmented to reduce the broadcast domain.
6. i = B, ii = A, iii = D, iv = C.
7. i = B, ii = A, iii = C, iv = D.
8. C.
9. C.
10. A. Use redundant triangle topology between the distribution and core layers.
11. B.
12. A.
13. A, B, G, and H.
14. A, C, and E.
15. C, D, F, and G.
16. A, E, and G.
17. C.
18. A.
19. D.
20. A.
21. B.
22. B. VTPv2 is the default version.
23. C. You can achieve subsecond failover with HSRP by setting the hello timer to 200 milliseconds and the dead timer to 750 milliseconds.
24. B. The default VRRP hello timer is 1 second, and the dead timer is 3 seconds.
25. A. The default HSRP timers are 3 seconds for hello and 10 seconds for the dead timer.
26. D. GLBP is a Cisco-proprietary FHRP that allows packet load sharing among a group of routers.
27. A. For distribution-to-core, the oversubscription recommendation is 4 to 1.
28. D. When implementing data oversubscription, the recommended practice is 20 to 1 oversubscription for access-to-distribution links.
29. C.
30. C. 10GBASE-LR is long-range single-mode fiber with a maximum distance of 10 kilometers.
31. D. 10GBASE-SR uses multimode fiber with a range of 400 meters.
32. A. 10BASE-T uses UTP with a range of 100 meters.
Chapter 8
1. B. The control plane builds and maintains the network topology and informs the data plane on where traffic flows by using the vSmart controller.
2. D. Remote-access VPN DMZ resides in the Enterprise Edge.
3. C. GETVPN forms tunnel-less VPNs over private WANs.
4. C and D. Internet and DMZ are two modules found in the enterprise edge.
5. C. GRE is a tunneling technology that lacks security and scalability.
6. D. MPLS is the most popular VPN technology that leverages BGP to distribute VPN-related information.
7. A. VPLS allows for connecting Layer 2 domains over an IP/MPLS network.
8. D. DMZ/e-commerce modules belong in the enterprise edge.
9. D. Service provider edge network modules connect to ISPs in the enterprise edge.
10. D. WAN edge network modules connect using MPLS connectivity.
11. B. WAN edge network modules connect using SD-WAN.
12. B. ESP, an IPsec protocol, is used to provide confidentiality, data origin authentication, connectionless integrity, and anti-replay services.
13. D. The WAN edge is a functional area that provides connectivity between the central site and remote sites.
14. D. Dark Fiber allows the enterprise to control framing.
15. C. LTE Advanced Pro is a 4G standard that is pushing download rates of 1 Gbps.
16. A. SONET/SDN is circuit based and delivers high-speed services using Optical Carrier rates.
17. C. 5G is an emerging wireless standard that uses sub-6 GHz and download rates of 20 Gbps.
18. DWDM improves the utilization of optical-fiber strands.
19. B. High security and transmission quality are advantages of private WAN links.
20. A and B. No need for new customer premises equipment and ease of integration with existing LAN equipment are benefits of Ethernet handoffs at the customer edge.
21. A. The data plane is responsible for forwarding packets with instructions from the control plane through vEdge routers.
22. D. Service providers use SLAs to define their network availability at different levels.
23. C. The management plane is responsible for centralized management and monitoring through the use of vManage.
24. B. CE router types handle the exchange of customer routing information with the service provider.
25. A, C, and D. A fully meshed WAN with PKI and certificate authentication are not objectives of an effective WAN design.
26. C. Key servers maintain the control plane and define the encryption policies that are pushed to IKE authenticated group members.
27. D. DMVPN uses a Multipoint GRE (mGRE) interface to provide support for multiple GRE and IPsec tunnels.
28. A. AH is used to provide integrity and data origin authentication.
29. D. HMAC provides protection from attacks such as man-in-the-middle, packet-replay, and data-integrity.
30. A. DPD detects the loss of a peer IPsec connection.
Chapter 9
1. A. Designing the topology is based on the availability of technology as well as the projected traffic patterns, technology performance, constraints, and reliability.
2. D. High availability is a design principle that involves redundancy through hardware, software, and connectivity.
3. B. Real-time voice is an application that requires round-trip times of less than 400 ms with low delay and jitter.
4. C. Reliability is a measure of a given application’s availability to its users.
5. C. Window size defines the upper limit of frames that can be transmitted without a return acknowledgment.
6. A. The availability target range for branch WAN high availability is 99.9900%.
7. A. MPLS WAN with dual routers is a deployment model that provides the best SLA guarantees.
8. C. Dual-router dual-homed Internet connectivity provides for the highest level of resiliency.
9. A. When designing Internet for remote sites, centralized Internet provides control for security services such as URL filtering, firewalling, and intrusion prevention.
10. A and B. Using a public BGP AS number for eBGP connections and provider-independent IP address space for advertisements to ISPs are two important design considerations for a high availability design.
11. A. Backup link for WAN backup provides for redundancy and additional bandwidth.
12. D. IPsec tunnel failover can be used to back up the primary MPLS WAN connection.
13. D. NSF is not a model for providing QoS. Best-effort, DiffServ, and IntServ are QoS models.
14. C. EF is the DSCP value for VoIP traffic.
15. D. LLQ uses a strict priority queue in addition to modular traffic classes.
16. A. Admission control is the function used to determine whether the requested flows can be accepted.
17. C. Shaping slows down the rate at which packets are sent out an interface (egress) by matching certain criteria.
18. B. Queuing is the buffering process that routers and switches use when they receive traffic faster than can be transmitted.
19. D. SLAs are used by service providers to define their service offerings at different levels.
20. C. Congestion management mechanisms handle traffic overflow using a queuing algorithm.
21. D. Classification and marking identifies and marks flows.
22. C. The cost design principle balances the amount of security and technologies with the budget.
23. B. Interactive data as an application type has requirements for low throughput and response time within a second.
24. C. LTE Advanced Pro has bandwidth capabilities of 1 Gbps to 10 Gbps.
25. C. Downtime at 99% equates to 3.65 days of availability per year.
26. D. With dual-router and dual-path availability models, 5 mins of downtime is expected per year.
27. A. The hybrid WAN deployment model has single routers or dual routers and uses both MPLS and an Internet VPN.
28. D. HSRP/GLBP or an IGP internally are design considerations for designing Internet with high availability.
29. B. MTU size is an important design consideration when using IPsec over GRE tunnels.
30. D. VoIP needs to be prioritized the most.
Chapter 10
1. A and C. SSM and PIM multicast protocols are supported with SD-Access.
2. C and D. VSS and Switch stacks are the preferred connectivity for WLCs.
3. A. A very small site in SD-Access supports up to 2000 endpoints and 8 VNs.
4. B. Assurance provides contextual insights for quick issue resolution and capacity planning.
5. A. OSPF is not a technology used to create overlay networks.
6. D. A Fusion router is used to allow endpoints in different VNs to communicate with each other.
7. A. Fabric mode APs use the INFRA VRF instance.
8. D. Edge and border nodes get SGACLs downloaded from ISE to enforce policy based on SGTs.
9. B. A small site in SD-Access supports up to 10,000 endpoints and 32 VNs.
10. C. 802.11ac Wave 1 is supported for fabric mode wireless in SD-Access.
11. D. Within a VXLAN header, 64,000 SGTs are supported in the Group ID section.
12. B. Cisco TrustSec is leveraged to enable SGT information to be inserted into the VXLAN headers in the data plane.
13. A. Data plane isolation with a VN using SGTs describes microsegmentation.
14. C. Fabric wireless uses VXLAN in the data plane.
15. D. The routing locator (RLOC) and the endpoint identifier are the two main things that LISP keeps track of.
16. B. The integration of ISE and DNA Center uses pxGRID services to establish trust through ISE.
17. D. Cisco DNA Center LAN automation uses IS-IS to deploy underlay routing configurations.
18. A. Integration is a key SD-Access benefit for open and programmable third-party integrated solutions.
19. C. The underlay is a collection of physical switches and routers running a dynamic Layer 3 routing protocol used for the transport in SD-Access.
20. A and D. Infoblox and BlueCat IPAM solutions can be integrated with Cisco DNA Center.
21. C. Policy is a key benefit of SD-Access that can be described as automated configurations that help enable group-based security policies and network segmentation.
22. B. LISP is used in the SD-Access control plane to handle the mapping and resolving of endpoint addresses.
23. C. Link state routing protocols use areas and advertise information about the network topology instead of advertising the complete routing table.
24. A. ISE supports AAA services, groups, policy, and endpoint profiling.
25. C. Fusion routers are the next hop after the border nodes to external networks.
26. A. A fabric data plane provides the logical overlay created by Virtual Extensible VLAN (VXLAN) packet encapsulation along with a Group Policy Object (GPO).
27. C. A virtual network is a separate routing and forwarding instance that provides isolation for host pools.
28. D. A large site in SD-Access supports up to 50,000 endpoints and 64 VNs.
29. D. The global and site settings underlay workflow provides a hierarchical structure for the management of network settings.
30. B. LISP moves the remote destination information to a centralized map database.
Chapter 11
1. A. vSmart controllers provide routing, enforce data plane policies, and enforce segmentation.
2. B. The management plane (vManage) is responsible for central configuration and monitoring.
3. B. The multicast stream is sent to the replicator in the SD-WAN network.
4. C. The control plane builds and maintains the network topology and makes decisions on where traffic flows.
5. D. vAnalytics, a component of vManage, provides end-to-end visibility of applications with real-time information.
6. C. Predefined public colors include 3g, biz, internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, public-internet, red, and silver.
7. A. When using a private color, the vEdge device is using a native private underlay IP.
8. B. Private colors include metro-ethernet, mpls, private1, private2, private3, private4, private5, and private6.
9. C. Service routes contain routes for services such as firewall, intrusion prevention, application optimization, and VPN labels.
10. A. OMP routes include prefixes learned at the local site, including static, OSPF, and BGP routes.
11. A. Transport location identifier, origin, preference, and site ID are attributes of OMP routes.
12. B. TLOC private address, carrier, encapsulation type, and weight attributes are part of TLOC routes.
13. A and B.
14. C and D.
15. D. The control plane uses the Zero Trust model.
16. A. The management plane uses role-based access control.
17. C. vManage predefined user groups are basic, operator, and netadmin.
18. A and C. SHA256 and AES-256-GCM are used.
19. B.
20. C. To increase the availability and redundancy of the orchestration, management, and control planes, you can implement horizontal solution scaling.
21. B. For Layer 2 LANs, failure of VRRP on one of the vEdge routers causes failover to the second vEdge router.
22. A. For Layer 3 LANs, failure of OSPF on one of the vEdge routers causes failover to the second vEdge router.
23. B. A VPN is assigned a number between 1 and 65,530, excluding 512.
24. B. Each VPN is assigned a value from 0 to 65,530.
25. C. VPN 512 is the management VPN.
26. B. Headers are appended as follows: IP-UDP-ESP-VPN-Packet.
27. D.
28. B.
29. A.
30. C.
31. B. BFD probes provide information about latency, jitter, and loss on all the transport links, enabling the determination of best paths.
32. C. Localized data policies allow you to configure how data traffic is handled at a specific site, such as through ACLs, QoS, mirroring, and policing.
33. B. Centralized data policies can be used in configuring application firewalls, service chaining, traffic engineering, and QoS.
34. A. Centralized control policies operate on the routing and TLOC information and allow for customization of routing decisions and determination of routing paths through the overlay network.
35. B. Application-aware routing selects the optimal path based on real-time path performance characteristics for different traffic types.
36. C. Queues 1 through 7 use Weighted Round Robin (WRR) for scheduling.
37. B. Queue 0 uses LLQ.
38. D. Tail drop is the congestion-avoidance algorithm used in queue 0.
39. A. Control and BFD traffic is marked as DSCP 48 decimal (CS6).
40. D. The vEdge replicator forwards streams to multicast receivers in the SD-WAN network.
41. A and C. Direct Internet Access (DIA) reduces bandwidth, latency, and cost on WAN links and improves branch office user experience.
Chapter 12
1. D. Simple Object Access Protocol (SOAP) uses HTTP to transport messages using XML-based syntax.
2. C. gRPC is an open-source framework project and is a functional subset of NETCONF with JSON representation.
3. A. JSON is a lightweight data-interchange text format that is fairly easy to read and write and easy for systems to understand.
4. D. NETCONF is a network management protocol that uses protocol operations that are defined as remote procedure calls (RPCs) for requests and replies in XML-based representation.
5. A. YANG is a data modeling language used to describe the data for network configuration protocols such as NETCONF and RESTCONF.
6. B and D. Layer 3 MPLS VPN and VRF are service data models.
7. A, C, and D. NETCONF uses running, candidate, and startup data stores.
8. B and C. A RESTCONF URI uses data and operations resource types.
9. C. A POST operation creates a resource or invokes an operation.
10. D. The OpenConfig group is focused on building consistent sets of vendor-neutral data models written in YANG to support operational needs and requirements from various network operators.
11. A. The RESTCONF protocol provides a programmatic interface for accessing YANG modeled data with either XML or JSON encoding.
12. C. Dial-out mode initiates the connection from the network device to start the TCP connection to the receiver.
13. A and C. IOS XR MDT RPC and OpenConfig RPC are methods used to request sensor paths with a dynamic subscription.
14. D. Periodic publications are subscriptions that are streamed out to the receivers at specified intervals such as 5 seconds.
15. A. Policy-based telemetry streams data to a receiver using a policy file that defines the data to stream and the frequency to get the data.
16. B. Model-driven telemetry is a new concept in network monitoring in which data is continuously streamed from network devices to subscribers using a push model, providing real-time configuration and state information.
17. C. A RESTCONF API call uses HTTP PUT, POST, UPDATE, or DELETE methods to edit data resources represented by YANG data models.
18. B. Both NETCONF and RESTCONF use the ietf-yang-library.
19. D. The YANG data model resides in the data portion of the TCP/IP network frame.
20. A. The GET CRUD operations get a resource.
21. C. The <get> NETCONF protocol operation retrieves all or part of a running configuration and device operational data.
22. B. Lists inside a YANG data model are used to identify nodes that are stored in a sequence.
23. D. The Open SDN Controller/OpenDaylight Cisco product supports NETCONF, YANG, and RESTCONF.
24. A. HTTP is a TCP transport protocol that RESTCONF and gRPC use.
25. C. REST is an API framework for simple web services that uses GET, POST, PUT, and DELETE methods.
26. D. XML is data wrapped in tags that is both human readable and system readable.
27. A. Inside a YANG data model, leafs are used inside lists to describe things like a name or a description.
28. D. The Cisco YANG model is a collection of Cisco native, IETF, and OpenConfig YANG models that can be used with Cisco-based platforms.
29. B. On-change publication streams out data only when a change in the data has occurred, such as when an interface or a neighbor relationship goes down.
30. A. Dial-in mode listens until the receiver sends the initial SYN packet to start the TCP connection.