200-125 Cisco Certified Network Associate (CCNA) Exam Set 3

A new security policy has been adopted by your company. One of its requirements is that only one host is permitted to attach dynamically to each switch port. The security settings on all of the ports have been altered from the default settings. You execute the following command on all switch ports of Switch A: SwitchA(config-if)# switchport port-security maximum 1 After executing the command, you discover that users in the Sales department are still successfully plugging a hub into a port and then plugging two or three laptops into the hub. What did you do wrong?


Options are :

  • The command should be executed as switchport port-security maximum 0
  • You also need to execute the switchport port-security violation shutdown command at the global prompt.
  • The command should be executed at the global prompt.
  • You also need to execute the switchport port-security violation shutdown command on each switch port. (Correct)

Answer : You also need to execute the switchport port-security violation shutdown command on each switch port.

Which two features do Cisco routers offer to mitigate distributed denial-of-service (DDoS) attacks? (Choose two.)


Options are :

  • Flow control
  • Access control lists (ACLs) (Correct)
  • Rate limiting (Correct)
  • Anti-DDoS guard
  • Scatter tracing

Answer : Access control lists (ACLs) Rate limiting

Which statement is TRUE regarding the switchport protected interface configuration command and its effects?


Options are :

  • A protected port can directly communicate with any other port on the same switch.
  • The command is used to configure private VLAN edge ports. (Correct)
  • All the traffic through protected port should go via a Layer 2 device such as switch.
  • The command enables the highest level switch port security.

Answer : The command is used to configure private VLAN edge ports.

Which two statements represent physical security guidelines that should be followed during Cisco security deployment? (Choose two.)


Options are :

  • The potential impact of stolen network resources and equipment should be assessed. (Correct)
  • Images should be managed using File Transfer Protocol (FTP) and Secure FTP (SFTP) instead of Trivial File Transfer Protocol (TFTP).
  • Network equipment should be accessed remotely with Secure Socket Layer (SSL) instead of Telnet.
  • Potential security breaches should be evaluated. (Correct)

Answer : The potential impact of stolen network resources and equipment should be assessed. Potential security breaches should be evaluated.

As part of a new initiative to tighten the security of your Cisco devices, you have configured the firewall to restrict access to the devices from the outside. What would be other recommended ways of protecting the integrity of the device configuration files on the devices while ensuring your continued ability to manage the devices remotely? (Choose all that apply.)


Options are :

  • use an encrypted password for VTY access (Correct)
  • use SSH to connect to the devices for management (Correct)
  • prevent the loss of administrator passwords by disabling their encryption
  • encrypt the configuration files
  • disable the VTY ports on the devices

Answer : use an encrypted password for VTY access use SSH to connect to the devices for management

Which statement correctly identifies a difference between Inter-Switch Link (ISL) and 802.1q?


Options are :

  • Cisco devices support only ISL.
  • ISL uses a 12-bit VLAN number field, and 802.1q does not.
  • ISL modifies the original Ethernet frame, while 802.1q encapsulates the original Ethernet frame.
  • 802.1q uses a native VLAN, ISL does not (Correct)

Answer : 802.1q uses a native VLAN, ISL does not

Which of the following is NOT true of APIC-EM?


Options are :

  • It provides a single point for network automation
  • It is open and programmable
  • It supports greenfield but not brownfield deployments (Correct)
  • It saves time and cost

Answer : It supports greenfield but not brownfield deployments

You are troubleshooting a problem with two routers configured in a HSRP group. You intended to configure the routers so that Router A and Router B would each track their respective Fa0/1 interfaces and decrement their priorities for several VLAN groups if the tracked interface went down. However, you find that Router A is not taking over as the active device for the HSRP group on VLAN 101 when the Fa0/1 interface on Router B fails. Which command would NOT be useful for discovering the problem?


Options are :

  • show standby brief
  • show vlans (Correct)
  • show standby
  • show running-configuration

Answer : show vlans

Which commands would be used to enable Enhanced Interior Gateway Routing Protocol (EIGRP) on a router, and configure the IP addresses 10.2.2.2 and 192.168.1.1 as a part of complete EIGRP configuration? (Choose three.)


Options are :

  • network 192.168.1.0 (Correct)
  • network 10.0.0.0 (Correct)
  • router eigrp
  • router eigrp 10 (Correct)
  • network 10.2.2.2

Answer : network 192.168.1.0 network 10.0.0.0 router eigrp 10

Router 5 has four interfaces. The networks hosted on each interface are as follows: Fa0/1 192.168.5.4/29 Fa0/2 192.168.6.0/24 Fa0/3 192.168.7.0/24 S0/0 172.16.5.0/24 You execute the following commands on the router: Router5(config)# router bgp 20 Router5(config-router)# network 192.168.5.0 Router5(config-router)# network 192.168.6.0 Router5(config-router)# network 192.168.7.0 Router5(config-router)# network 172.16.5.0 Router5(config-router)# neighbor 172.16.5.2 remote-as 50 Router5(config-router)# aggregate-address 192.168.5.0 255.255.252.0 After this command sequence is executed, what routes will be present in the routing table of the router at 172.16.5.2? (Choose all that apply.)


Options are :

  • 192.168.7.0/24 (Correct)
  • 192.168.6.0/24 (Correct)
  • none of these will be present
  • 192.168.5.4/29 (Correct)
  • 172.16.5.0/24 (Correct)
  • only network addresses beginning with 192 will be present

Answer : 192.168.7.0/24 192.168.6.0/24 192.168.5.4/29 172.16.5.0/24

Which Cisco Internetwork Operating System (IOS) command is used to encrypt passwords on Cisco routers?


Options are :

  • service password-encryption (Correct)
  • service encryption-password
  • enable password
  • password secure

Answer : service password-encryption

Which statements are TRUE regarding Internet Protocol version 6 (IPv6) addresses? (Choose three.)


Options are :

  • An IPv6 address is divided into eight 16-bit groups (Correct)
  • Leading zeros cannot be omitted in an IPv6 address.
  • IPv6 addresses are 196 bits in length.
  • A double colon (::) can only be used once in a single IPv6 address (Correct)
  • Groups with a value of 0 can be represented with a single 0 in IPv6 address. (Correct)

Answer : An IPv6 address is divided into eight 16-bit groups A double colon (::) can only be used once in a single IPv6 address Groups with a value of 0 can be represented with a single 0 in IPv6 address.

Which Cisco IOS interface configuration command is used to configure the private VLAN edge ports on a Cisco Catalyst 2950 switch?


Options are :

  • switchport port-security violation
  • .switchport port-vlan-edge
  • switchport port-security
  • switchport protected (Correct)

Answer : switchport protected

Which statements are NOT true regarding Virtual Local Area Networks (VLANs)? (Choose two.)


Options are :

  • VLANs are logical groups of hosts.
  • VLANs are limited to a single switch. (Correct)
  • VLANs define broadcast domains.
  • VLANs are location-dependent. (Correct)

Answer : VLANs are limited to a single switch. VLANs are location-dependent.

Which of the following technologies should be used to prevent a switching loop if a switch is connected to a port configured for PortFast?


Options are :

  • PVST
  • RSTP
  • BPDU Guard (Correct)
  • Root Guard

Answer : BPDU Guard

Router-A# show running-configuration s0/0 interface serial0/0 description connected to router A IP address 10.10.10.1 255.0.0.0 encapsulation frame-relay shutdown clock rate 64000 Based on the interface configuration provided, which two statements are TRUE? (Choose two.)


Options are :

  • The router's serial interface is connected using a DTE cable.
  • The router's serial interface is connected using a DCE cable (Correct)
  • The router's serial interface connects using the point-to-point protocol.
  • The router's serial interface is administratively down. (Correct)

Answer : The router's serial interface is connected using a DCE cable The router's serial interface is administratively down.

What will be the effect of executing the following command on port F0/1? switch(config-if)# switchport port-security mac-address 00C0.35F0.8301


Options are :

  • The command encrypts all traffic on the port from the MAC address of 00c0.35F0.8301.
  • The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. (Correct)
  • The command configures an inbound access control list on port F0/1 limiting traffic to the IP address of the host.
  • The command expressly prohibits the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.

Answer : The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.

Which metric does the Open Shortest Path First (OSPF) routing protocol use for optimal path calculation?


Options are :

  • Hop count
  • Delay
  • Cost (Correct)
  • MTU

Answer : Cost

You are configuring a Cisco router. Which command would you use to convey a message regarding


Options are :

  • boot system
  • hostname
  • banner motd (Correct)
  • description

Answer : banner motd

You set up several routers in your lab. Two of them are connected back to back using Data Terminal Equipment (DTE)-to-Data Circuit-terminating Equipment (DCE) cable. You need to configure the clock rate. On which router would you configure the clock rate?


Options are :

  • The clock rate is set by default
  • the DCE (Correct)
  • The clock rate cannot be configured
  • the DTE

Answer : the DCE

As part of a new initiative to tighten the security of your Cisco devices, you have configured the firewall to restrict access to the devices from the outside. What would be other recommended ways of protecting the integrity of the device configuration files on the devices while ensuring your continued ability to manage the devices remotely? (Choose all that apply.)


Options are :

  • use an encrypted password for VTY access (Correct)
  • encrypt the configuration files
  • disable the VTY ports on the devices
  • prevent the loss of administrator passwords by disabling their encryption
  • use SSH to connect to the devices for management (Correct)

Answer : use an encrypted password for VTY access use SSH to connect to the devices for management

Which of the following are characteristics of Open Shortest Path First (OSPF)? (Choose three.)


Options are :

  • Administrative distance of OSPF is 110 (Correct)
  • Administrative distance of OSPF is 90
  • OSPF uses the Dijkstra algorithm to calculate the SPF tree (Correct)
  • OSPF uses 224.0.0.6 as multicast address for ALLDRouters (Correct)
  • OSPF uses 224.0.0.5 as multicast address for ALLDRouters
  • OSPF uses the Diffusing Update algorithm (DUAL) algorithm to calculate the SPF tree

Answer : Administrative distance of OSPF is 110 OSPF uses the Dijkstra algorithm to calculate the SPF tree OSPF uses 224.0.0.6 as multicast address for ALLDRouters

What switch security configuration requires AAA to be configured on the switch?


Options are :

  • VACL
  • port security
  • Private VLAN
  • 802.1x (Correct)

Answer : 802.1x

Which service is denoted by TCP/UDP port number 53?


Options are :

  • Domain Name Service (DNS) (Correct)
  • HTTP
  • File Transfer Protocol (FTP)
  • Telnet

Answer : Domain Name Service (DNS)

You are implementing IP SLA and would like to use it to measure hop-by-hop response time between a Cisco router and any IP device on the network. Which of the following IP SLA operations would you use for this?


Options are :

  • ICMP path echo operation (Correct)
  • UDP Jitter Operation
  • Internet Control Message Protocol Echo Operation
  • UDP Jitter Operation for VoIP

Answer : ICMP path echo operation

Which Cisco Internetwork Operating System (IOS) command is used to encrypt passwords on Cisco routers?


Options are :

  • service password-encryption (Correct)
  • service encryption-password
  • password secure
  • enable password

Answer : service password-encryption

Which Cisco Internetwork Operating System (IOS) command will you use to view the details of each interface on a router?


Options are :

  • show interfaces ethernet
  • show interfaces loopback
  • show ip interface brief (Correct)
  • show controllers

Answer : show ip interface brief

Which of the following cables would be used to connect a router to a switch?


Options are :

  • straight-through (Correct)
  • rollover
  • v.35
  • crossove

Answer : straight-through

You have implemented the following IP SLA configuration, as shown in the following partial output of the show run command: ip sla 1 dns cow.cisco.com name-server 10.52.128.30 ip sla schedule 1 start-time now Which of the following statements is true of this configuration?


Options are :

  • It will find the response time to connect to the DNS server at 10.52.128.30
  • It will find the response time to resolve the DNS name cow.cisco.com (Correct)
  • It will gather data from one minute
  • It will start in one minute

Answer : It will find the response time to resolve the DNS name cow.cisco.com

What command disables 802.1x authentication on a port and permits traffic without authentication?


Options are :

  • dot1x port-control disable
  • dot1x port-control force-authorized (Correct)
  • dot1x port-control force-unauthorized
  • dot1x port-control auto

Answer : dot1x port-control force-authorized

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions