Answer Key to Practice Exam 1

Answers at a Glance to Practice Exam 1

1. B

2. 11

3. C

4. E

5. C

6. B

7. B

8. B

9. See the Hands-On Simulation Question 1 solution files.

10. 00:1b:77:12:34:56

11. C

12. D

13.

configure terminal
!
interface gi0/1
no shutdown
!
interface gi0/1.10
encapsulation dot1q 10
ip address 10.1.10.1 255.255.255.0
!
interface gi0/1.20
encapsulation dot1q 20
ip address 10.1.20.1 255.255.255.0

14. A

15.

access-list 101 permit tcp 10.10.10.0 0.0.0.255 eq 23 192.168.1.0 0.0.0.255

16. C

17. A

18. A

19. C

20. D

21. A, D

22. B, D

23. B

24. B

25. C

26. D

27. D

28.

router ospf 100 network 192.168.0.1 0.0.0.0 area 0

29. A

30. C

31. A

32. 172.16.31.254

33.

show controllers

34. B

35. D

36. D

37. A

38. B, D

39. B

40. A

41. B

42. C

43. B

44. D

45. A

46. C

47. C

48. See the Hands-On Simulation Question 2 solution files.

49. C

50. D

51. D

52. D

53. B

54. A

55. B

56. A

57. D

58. B

59. A, D

60. C, E

Answers with Explanations

1. Answer B is correct. There are two transport layer protocols listed here. Therefore, you should be able to narrow down this question to two options immediately: B (TCP) and C (UDP). Of these two, TCP provides reliability features such as sequencing of packets and synchronization. UDP does not.

2. 11 is correct. Every port on a Layer 2 switch creates a collision domain by default. Here we have 9 workstations connected, creating 9 collision domains, and we have a collision domain for each of the 2 interswitch links. This makes a total of 11 collision domains. This Layer 2 switch concept is often called microsegmentation. Keep in mind that the term microsegmentation also refers to other aspects of information technology. For example, the term is frequently used in security architectures and network fabric designs.

3. Answer C is correct. Notice that this is a default configuration of port security. Every value is set to the default. This means the default number of MAC addresses is one, and the default violation mode is Shutdown, which logs violations.

4. Answer E is correct. RSVP sends signals to reserve resources in the devices along a path.

5. Answer C is correct. The default administrative distance for routes learned by OSPF is 110. Contrast this to RIP’s default administrative distance of 120.

6. Answer B is correct. 224.0.0.0 to 239.255.255.255 is the IPv4 multicast address range. This range permits the sending of a single packet to a group of machines that “subscribe” to the traffic. This is unlike a broadcast, where a single packet is sent to all systems. In IPv6, broadcast traffic is eliminated in favor of multicast.

7. Answer B is correct. 802.11ac uses the 5 GHz band.

8. Answer B is correct. The username command defaults to privilege level 1 for the user when a level is not specified.

9. See the Hands-On Simulation Question 1 solution files.

10. 00:1b:77:12:34:56 is correct. The Layer 2 addressing information appears under the Ethernet II section. The output of the packet capture shown includes Src for Source and Dst for Destination.

11. Answer C is correct. This is an example of the JSON file format. Notice how much more readable it is compared to XML.

12. Answer D is correct. The FHRPs you should know are HSRP, VRRP, and GLBP. GLBP is a Cisco invention that automates load balancing with redundant gateways.

13. The following configuration is correct:

configure terminal
!
interface gi0/1
no shutdown
!
interface gi0/1.10
encapsulation dot1q 10
ip address 10.1.10.1 255.255.255.0
!
interface gi0/1.20
encapsulation dot1q 20
ip address 10.1.20.1 255.255.255.0

Notice that this configuration features no IP address on the physical interface and uses subinterfaces set for 802.1Q encapsulation and appropriate IP addresses for the different VLANs. Of course, any default configuration commands (such as ip routing) have not been included in this configuration.

14. Answer A is correct. Ansible playbooks are expressed in the YAML format, which was chosen, in part, for its readability. For more information, see https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html.

15. The correct answer is access-list 101 permit tcp 10.10.10.0 0.0.0.255 eq 23 192.168.1.0 0.0.0.255. This ACE meets the criteria given. In particular, this ACE would be an entry in an ACL that permits the traffic that is allowed to be leaving the server in the 10.10.10.0/24 subnet.

16. Answer C is correct. The overload keyword implies the use of Port Address Translation.

17. Answer A is correct. Syslog levels 0 through 7 are available on most Cisco devices.

18. Answer A is correct. WPA3 introduces many improvements over WPA2, including the replacement of the PSK authentication method.

19. Answer C is correct. There are two collision domains. The hub does not create collision domains off its ports. The bridge does. So there are two collision domains created by the bridge.

20. Answer D is correct. Secure Copy Protocol (SCP) relies on SSH technology for its operation. It is the only protocol listed here with security and encryption capabilities for file transfer.

21. Answers A and D are correct. The cabling and the hub are Layer 1 components. Bridges and switches are Layer 2 components. A router may be a Layer 2 or Layer 3 component.

22. Answers B and D are correct. Layer 2 access switches typically have IP addresses assigned for management purposes. A default gateway permits a managed switch to access remote networks, again for management purposes.

23. Answer B is correct. The dynamic ARP inspection security feature relies on DHCP snooping for its operation.

24. Answer B is correct. Port security can be used on configured access or trunk ports but not on a dynamic port. When used on a trunk, it is likely that many devices’ MAC addresses will cross the trunk, so the limit of two MAC addresses would likely be too restrictive.

25. Answer C is correct. SEND is not an HTTP method.

26. Answer D is correct. Here EIGRP is preferred due to its lower administrative distance.

27. Answer D is correct. A router at Layer 3 provides the inter-VLAN communication. Note that this routing function can also be implemented by a route processor inside a multilayer switch. Another way would be to implement a router-on-a-stick (ROAS) solution.

28. The following configuration is correct:

router ospf 100
network 192.168.0.1 0.0.0.0 area 0

29. Answer A is correct. ICMP operates at the network layer of the OSI model. It is encapsulated directly in IP packets and does not rely on UDP or TCP for its operation. Note that ICMP has been assigned its own Internet Protocol number by IANA, just like OSPF and EIGRP, which also do not rely on TCP or UDP. ICMP is essentially a suite of services, some of which affect the routing of packets and some of which offer diagnostic and informational services. Since some ICMP services affect L3 forwarding, we often say that ICMP is an L3 protocol, comparable to OSPF, which populates the routing table and also affects L3 forwarding. On the other hand, other ICMP functions resemble application layer services more than L3 services. For example, the echo service could easily have been written as an L7 function, running over UDP, without any difference in behavior or appearance. So in this context, some ICMP functions are more comparable to those of an L7 application that runs directly (and relies) on the network layer.

30. Answer C is correct. A wireless access point (AP) is a device designed to connect users to the network. Modern APs are typically dual band, using both the 2.4 GHz and 5 GHz bands for access by several different 802.11 standards, including 802.11n, 802.11ac, and others.

31. Answer A is correct. Policy, Design, and Provision are all top-level menu options in Cisco DNA Center. Compliance is not one of them.

32. 172.16.31.254 is correct. There are 3 subnet bits. The increment is 32. The host range for this subnet is 172.16.0.1 to 172.16.31.254.

33. show controllers is correct. This is output from show controllers. Note the type of cable connected displayed is a serial cable, indicating a serial interface.

34. Answer B is correct. eBGP is an excellent choice for the underlay in this case.

35. Answer D is correct. The private IPv4 address ranges are 10.0.0.0: 10.255.255.255; 172.16.0.0: 172.31.255.255; and 192.168.0.0: 192.168.255.255.

36. Answer D is correct. Cisco routers are able to support IPv6 on interfaces by default. They cannot, however, route other devices’ IPv6 traffic without the global ipv6 unicast-routing command.

37. Answer A is correct. You use show ip ospf neighbor to quickly verify peer OSPF devices.

38. Answers B and D are correct. This issue is difficult to pinpoint because communication is intermittent or slow.

39. Answer B is correct. The show interface command is very valuable for troubleshooting issues such as collision and also for verifying the overall status of a switch or a router interface.

40. Answer A is correct. VLANs cannot be created on VTP client devices. If you attempt to create a VLAN on a VTP client device, you receive an error message.

41. Answer B is correct. The listening state does not exist in RSTP.

42. Answer C is correct. no cdp run is used to disable CDP globally on a device. To disable a CDP just on a single interface, use the no cdp enable command in interface configuration mode.

43. Answer B is correct. When you configure port security, the default violation mode is Shutdown.

44. Answer D is correct. The default admin distance for internal EIGRP is 90.

45. Answer A is correct. The architectural model Cisco ACI uses is the 2-tier spine-leaf. The leaf devices connect to all spine devices in a full mesh.

46. Answer C is correct. The static route is ip route 10.10.20.0 255.255. 255.0 172.16.1.1. The next hop is the last IP address shown in this command. On a point-to-point link, the local exit interface can be used as part of the command instead of the next-hop address of the next router in the path. The local exit interface can also be used in a multi-access scenario, but this use is discouraged in most cases due to the potential overhead of the Layer 2-to-Layer 3 name resolution that takes place.

47. Answer C is correct. Use show ip route ospf to see the OSPF routes in your local routing table.

48. See the Hands-On Simulation Question 2 solution files.

49. Answer C is correct. The nslookup tool is a common Windows utility for investigating DNS issues. The tool is excellent and displays information that you can use to diagnose Domain Name System (DNS) infrastructure problems and misconfigurations.

50. Answer D is correct. It is simple to configure a Cisco device to acquire an address via DHCP. Under interface configuration mode, after bringing up the interface, use the ip address dhcp command.

51. Answer D is correct. The show ip interface brief command provides a nice summary of the IP addresses assigned to interfaces and their status. It does so in an easy-to-read, table-like format. This command is often typed as simply sh ip int br. This command does not provide mask information, however. For that, you use show ip interface.

52. Answer D is correct. A stratum 1 device is the most authoritative time server on a network. When you use the command ntp master and do not specify the stratum, the default stratum is 8.

53. Answer B is correct. The order of access list statements is very important; they are processed from top to bottom. Here, the permit statement that begins the list permits all traffic before the deny statements are processed. On many IOS routers, the subsequent “deny” access control entries wouldn’t even be allowed and would generate a message indicating a conflict due to the permit any entry already being in place.

54. Answer A is correct. Dynamic NAT uses an ACL to identify the addresses to translate. The NAT commands also can include a pool to indicate the addresses that will be used for the translations.

55. Answer B is correct. SNMP relies on a Management Information Base (MIB) for storing variables and their values.

56. Answer A is correct. IPsec is often used with VPNs.

57. Answer D is correct. SSH is not enabled globally on the device in order to support it as part of the configuration.

58. Answer B is correct. Here the Telnet password will be ChEeEs&WiZ, but to access privileged mode, rtYHS3TTs is required.

59. Answers A and D are correct. When the Windows hosts send at least one frame into the network, the switch learns their respective MAC addresses. The switch can be configured with a management VLAN 1 IP address for the benefit of management of the switch. You can also choose another VLAN ID for your management network. A default gateway is also required for the switch to communicate back to the management computer if that management computer is not on the same IP subnet as the switch.

60. Answers C and E are correct. Here, a solution is to configure port security with a static port security MAC address assignment.