CCNA 3 v7.0 Final Exam Answers Full – Enterprise Networking, Security, and Automation PDF

Preview

Summary

CCNA 3 v7.0 Final Exam Answers Full - Enterprise Networking, Security, and Automation...

Description

CCNA 3 v7.0 Final Exam Answers Full – Enterprise Networking, Security, and Automation CCNA 3 Final Exam Answers 1. Which design feature will limit the size of a failure domain in an enterprise network? t hepur chaseofent er pr i seequi pmentt hati sdes i gnedf orl ar get r afficv ol ume t hei ns t al l at i onofr edundantpowers uppl i es t heus eofac ol l aps edc or edes i gn  the use of the building switch block approach 2. Which two things should a network administrator modify on a router to perform password recovery? (Choose two.) t hesy s t em i magefi l e t heNVRAM fi l es y s t em  the configuration register value  the startup configuration file s y st em ROM 3. What type of network uses one common infrastructure to carry voice, data, and video signals?  bor der l es s  converged  mana ged s wi t c hed 4. What are three advantages of using private IP addresses and NAT? (Choose three.)  hides private LAN addressing from outside devices that are connected to the Internet  permits LAN expansion without additional public IP addresses r educesCPUusageonc us t omerr out er s  cr eat esmul t i pl epubl i cI Paddr es ses i mpr ov est heper f or manc eoft her out ert hati sconnect edt ot heI nt er net  conserves registered public IP addresses 5. Which two scenarios are examples of remote access VPNs? (Choose two.)  Al l us er satal ar gebr anc hoffic ec anac ces scompanyr esour cest hr oughas i ngl eVPNc onnect i on.  Asmal lbr anchoffic ewi t ht hr eeempl o y eeshasaCi s c oASAt hati susedt ocr eat eaVPNconnec t i ont ot he HQ.  At oymanuf act ur erhasaper manentVPNconnect i ont ooneofi t spar t ss uppl i er s.  A mobile sales agent is connecting to the company network via the Internet connection at a hotel.  An employee who is working from home uses VPN client software on a laptop in order to connect to the company network. 6. What are three benefits of cloud computing? (Choose three.) I tut i l i z esendus erc l i ent st odoas ubs t ant i al amountofdat apr epr oces s i ngands t or age. I tus esopens our ces of t war ef ordi s t r i but edpr oc ess i ngofl ar gedat aset s .  It streamlines the IT operations of an organization by subscribing only to needed services.  It enables access to organizational data anywhere and at any time. I tt ur nsr awdat ai nt omeani ngf uli nf or mat i onbydi sc ov er i ngpat t er nsandr el at i ons hi ps .  It eliminates or reduces the need for onsite IT equipment, maintenance, and management. 7. What is a characteristic of a single-area OSPF network?  Al l r out er ss har eacommonf or war di ngdat abase.  Al l r out er shav et hes amenei ghbort abl e.  All routers are in the backbone area.  Al l r out er shav et hes amer out i ngt abl e. 8. What is a WAN?  anet wor ki nf r as t r uc t ur et hatspansal i mi t edphy s i c alar easuc hasaci t y  a network infrastructure that provides access to other networks over a large geographic area  anet wor ki nf r as t r uc t ur et hatpr ovi desacc es si nas mal l geogr aphi car ea

 anet wor ki nf r as t r uc t ur edes i gnedt opr o v i dedat as t or age,r et r i ev al ,andr epl i c at i on 9. A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?  data center  vi r t ual i zat i on  dedi c at edser v er s  sof t war edefinednet wor k i ng 10. Which type of OSPF packet is used by a router to discover neighbor routers and establish neighbor adjacency? l i nk s t at eupdat e  hello  dat abasedes cr i pt i on l i nk s t at er equest 11. Which two statements are characteristics of a virus? (Choose two.)  Avi r ushasanenabl i ngvul ner abi l i t y ,apr opagat i onmec hani sm,andapa y l oad.  A virus can be dormant and then activate at a specific time or date.  Avi r uspr ov i dest heat t ack erwi t hsensi t i v edat a,s uchaspass wor ds .  Avi r usr epl i cat esi t s el fbyi ndependent l ye xpl oi t i ngv ul ner abi l i t i esi nnet wor k s .  A virus typically requires end-user activation. Explanation: Thet y peofendus eri nt er act i onr equi r edt ol aunc havi r usi st y pi c al l yopeni nganappl i cat i on, openi ngawebpage,orpower i ngont hecomput er .Onceact i v at ed,av i r usmayi nf ectot herfi l esl o cat edont he c omput erorot herc omput er sont hes amenet wor k. 12. Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection? I SDN  DSL  cabl e  di al up 13. A customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?  pac k et s wi t c hednet wor k  Ethernet WAN  ci r c ui t swi t c hednet wor k  MPL S 14. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use debuggers? t odet ecti nst al l edt ool swi t hi nfi l esanddi r ect or i est hatpr o v i det hr eatact or sr emot eac ces sandcont r olov er acomput erornet wor k  to reverse engineer binary files when writing exploits and when analyzing malware t oobt ai ns pec i al l ydesi gnedoper at i ngs y s t emspr el oadedwi t ht ool sopt i mi z edf orhacki ng t odet ectanyevi denceofahackormal war ei nac omput erornet wor k 15. Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match)  Twodevi c esconnect edt ot her out erhav eI Paddr ess esof192. 168. 10.x.  Two devices were able to use SSH or Telnet to gain access to the router.

 Tr afficf r om onedevi c ewasnotal l owedt ocomei nt ooner out erpor tandber out edout boundadi ffer ent r out erpor t .  Tr afficf r om t wodev i c eswasal l owedt oent eroner out erpor tandber out edout boundt oadi ffer entr out er por t . Explanation: Theac ces s c l as sc ommandi sus edonl yonVTYpor t s .VTYpor t ss uppor tTel netand/ orSSHt r affic . Themat chper mi tACEi showmanyat t empt swer eal l owedus i ngt heVTYpor t s.Themat chdenyACEs howst hata devi c ef r om anet wor kot hert han192. 168. 10. 0wasnotal l owedt oac ces st her out ert hr ought heVTYpor t s . 16. What command would be used as part of configuring NAT or PAT to clear dynamic entries before the timeout has expired?  cl eari pdhcp  clear ip nat translation  cl earacc es s l i s tc ount er s  cl eari ppats t at i s t i c s 17. What are two characteristics of video traffic? (Choose two.)  Vi deot r afficconsumesl essnet wor kr es our cest hanv oi cet r afficconsumes .  Video traffic latency should not exceed 400 ms.  Vi deot r affici smor er es i l i entt ol os st hanv oi cet r affici s .  Vi deot r afficr equi r esami ni mum of30k bsofbandwi dt h.  Video traffic is unpredictable and inconsistent. 18. Refer to the exhibit. A technician is configuring R2 for static NAT to allow the client to access the web server. What is a possible reason that the client PC cannot access the web server?

 TheI PNATst at ementi si ncor r ec t . I nt er f aceFa0/ 1s houl dbei dent i fi edast heout si deNATi nt er f ace.  Interface S0/0/0 should be identified as the outside NAT interface.  Thec onfi gur at i oni smi s si ngav al i dacc esscont r oll i s t . Explanation: I nt er f aceS0/ 0/ 0s houl dbei dent i fi edast heout s i deNATi nt er f ace.Thecommandt odot hi swoul dbe R2( confi gi f ) #i pnatout si de. 19. In setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?  UPnP  MACfi l t er i ng  NAT  QoS Explanation: Net wor kAddr essTr ans l at i on( NAT)i st hepr oc es sus edt oc onv er tpr i vat eaddr es s est oi nt er net r out abl eaddr ess est hatal l o woffic edev i c est oacc esst hei nt er net . 20. A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate

web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?  onl i necol l abor at i on  BYOD  virtualization  mai nt ai ni ngcommuni cat i oni nt egr i t y 21. Refer to the exhibit. Which address or addresses represent the inside global address?

 192. 168. 0. 100  10. 1. 1. 2  anyaddr essi nt he10. 1. 1. 0net wor k  209.165.20.25 22. Which two IPsec protocols are used to provide data integrity?  MD5  DH  AES  SHA  RSA Explanation: TheI Ps ecf r amewor kusesv ar i ouspr ot ocol sandal gor i t hmst opr ovi dedat aconfident i al i t y ,dat a i nt egr i t y ,aut hent i cat i on,ands ec ur ek eyex c hange.Twopopul aral gor i t hmsusedt oens ur et hatdat ai snoti nt er c ept ed andmodi fi ed( dat ai nt egr i t y )ar eMD5andSHA.AESi sanenc r ypt i onpr ot oc olandpr ovi desdat ac onfi dent i al i t y .DH ( Di ffieHel l man)i sanal gor i t hm us edf ork eyex change.RSAi sanal gor i t hm usedf oraut hent i c at i on. 23. If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?  TheCi sc oAn y Connectc l i enti si ns t al l edbydef aul tonmostmaj oroper at i ngs y s t ems.  The host initiates a clientless VPN connection using a compliant web browser to download the client.  Thehos ti ni t i at esacl i ent l es sconnect i ont oaTFTPs er v ert odownl oadt hecl i ent .  Thehos ti ni t i at esacl i ent l es sconnect i ont oanFTPser vert odownl oadt hec l i ent . Explanation: I fanout si dehostdoesnothav et heCi s coAny Connec tc l i entpr ei ns t al l ed,t her emot eusermus t i ni t i at eac l i ent l es sSSLVPNconnect i onv i aac ompl i antwebbr ows er ,andt hendownl oadandi ns t al lt heAny Connect c l i entont her emot ehos t . 24. A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)  leased line  cabl e  di gi t als ubs cr i berl i ne  Ethernet WAN  muni c i palWi Fi 25. Which type of QoS marking is applied to Ethernet frames? I Ppr ecedence  DSCP  ToS  CoS 26. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail

command on R2? (Choose two.)

 Bot hr out er sar ec onfi gur edt ous eNTPv 2.  Router R1 is the master, and R2 is the client  TheI Paddr es sofR2i s192168. 1. 2.  Rout erR2i st hemas t er ,andR1i st hec l i ent  The IP address of R1 is 192.168.1.2 Explanation: Wi t ht hes howNTPas soc i at i onscommand,t heI Paddr es soft heNTPmas t eri sgi v en. 27. Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)

R1( confi g) #i nt er f aces 0/ 0/ 0 R1( confi gi f ) #i pacces s gr oup105out R2( confi g) #i nt er f acegi 0/ 0 R2( confi gi f ) #i pacces s gr oup105i n access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any ac ces sl i st105per mi ti phos t10. 0. 70. 23hos t10. 0. 54. 5 ac ces sl i st105per mi tt cpanyhost10. 0. 54. 5eqwww ac ces sl i st105per mi ti panyany R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out ac ces sl i st105per mi tt cphos t10. 0. 54. 5anyeqwww ac ces sl i st105per mi tt cphos t10. 0. 70. 23hos t10. 0. 54. 5eq20 ac ces sl i st105per mi tt cphos t10. 0. 70. 23hos t10. 0. 54. 5eq21 Explanation: Thefi r s tt wol i nesoft heACLal l owhos t10. 0. 70. 23FTPacc es st ot heser v ert hathast heI Paddr es s of10. 0. 54. 5.Thenex tl i neoft heACLal l o wsHTTPacces st ot heser verf r om anyhos tt hathasanI Paddr es st hat s t ar t swi t ht henumber10.Thef our t hl i neoft heACLdeni esanyot hert y peoft r affict ot hes er v erf r om anys our c eI P addr ess .Thel as tl i neoft heACLper mi t sany t hi ngel sei ncas et her ear eot hers er v er sordevi c esaddedt ot he

10. 0. 54. 0/ 28net wor k.Be causet r affici sbei ngfi l t er edf r om al l ot herl o cat i onsandf ort he10. 0. 70. 23hos tdevi c e,t he bestpl acet oputt hi sACLi scl os es tt ot hes er v er . 28. Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?

i nboundont heR2G0/ 0i nt er f ace  outbound on the R1 G0/1 interface i nboundont heR1G0/ 1i nt er f ace  out boundont heR2S0/ 0/ 1i nt er f ace Explanation: Becausest andar dacc essl i s t sonl yfi l t eront hes our ceI Paddr ess ,t heyar ec ommonl ypl ac edc l os es t t ot hedes t i nat i onnet wor k.I nt hi sex ampl e,t hes our cepac k et swi l l bec omi ngf r om t heR2G0/ 0net wor k .The des t i nat i oni st heR1G0/ 1net wor k .Thepr operACLpl a cementi sout boundont heR1G0/ 1i nt er f ace. 29. Which is a characteristic of a Type 2 hypervisor?  does not require management console software  hasdi r ectacc es st oser verhar dwar er esour c es  bes ts ui t edf orent er pr i s eenv i r onment s i ns t al l sdi r ec t l yonhar dwar e 30. What are the two types of VPN connections? (Choose two.)  PPPoE  Fr ameRel ay  site-to-site  remote access l easedl i ne

31. Refer to the exhibit. What three conclusions can be drawn from the displayed output? (Choose three.)

 The DR can be reached through the GigabitEthernet 0/0 interface.  There have been 9 seconds since the last hello packet sent.  Thi si nt er f acei sus i ngt hedef aul tpr i or i t y .  The router ID values were not the criteria used to select the DR and the BDR.  Ther out erI Dont heDRr out eri s3. 3. 3. 3  TheBDRhast hr eenei ghbor s . 32. Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?

 Theenabl es ec r etpas swor di snotc onfi gur edonR1.  The IT group network is included in the deny statement.  Theper mi tACEs pec i fi esawr ongpor tnumber .  Theper mi tACEs houl ds pec i f ypr ot oc oli pi ns t eadoft cp.  Thel ogi ncommandhasnotbeenent er edf orv t yl i nes .

Explanation: Thesour c eI Pr angei nt hedenyACEi s192. 168. 20. 00. 0. 3. 255,whi chcov er sI Paddr es s esf r om 192. 168. 20. 0t o192. 168. 23. 255.TheI Tgr oupnet wor k192. 168. 22. 0/ 28i si nc l udedi nt he192. 168. 20/ 22net wor k . Ther ef or e,t hec onnec t i oni sdeni ed.Tofi xi t ,t heor deroft hedenyandper mi tACEshoul dbes wi t c hed. 33. What functionality does mGRE provide to the DMVPN technology?  It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes. I tpr ov i dessec ur et r ans por tofpr i v at ei nf or mat i onov erpubl i cnet wor ks ,s uc hast heI nt er net . I ti saCi sc os of t war esol ut i onf orbui l di ngmul t i pl eVPNsi naneasy ,dynami c ,ands c al abl emanner . I tc r eat esadi st r i but edmappi ngdat abas eofpubl i cI Paddr ess esf oral l VPNt unnel s pokes . Explanation: DMVPNi sbui l tont hr eepr ot ocol s ,NHRP,I Ps ec,andmGRE.NHRPi st hedi s t r i but edaddr es s mappi ngpr ot oc olf orVPNt unnel s .I Ps ecenc r y pt scommuni cat i onsonVPNt unnel s .ThemGREpr ot ocolal l owst he dy nami ccr eat i onofmul t i pl es pok et unnel sf r om oneper manentVPNhub. 34. What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets? t heFI B t her out i ngt abl e  the ARP table t heDSP 35. What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?  showr unni ngconfi g  show ip nat statistics  showi pcache  showv er si on 36. What is a purpose of establishing a network baseline? I tpr ov i desas t at i s t i cal av er agef ornet wor kper f or mance.  It creates a point of reference for future network evaluations. I tmanagest heper f or manceofnet wor kdevi c es . I tc hec kst hesec ur i t yc onfi gur at i onofnet wor kdev i c es . Explanation: Abas el i nei sus edt oes t abl i s hnor malnet wor kors ys t em per f or manc e.I tcanbeus edt oc ompar e wi t hf ut ur enet wor kors y s t em per f or manc esi nor dert odet ec tabnor mals i t uat i ons .

37. Match the type of WAN device or service to the description. (Not all options are used.)

CPE—>devi cesandi ns i dewi r i ngt hatar el ocat edont heent er pr i s eedgeandc onnec tt oac ar r i erl i nk DCE—>devi c est hatpr ovi deani nt er f acef orcus t omer st oc onnec tt owi t hi nt heWANc l oud DTE—>c ust omerdev i cest hatpas st hedat af r om ac ust omernet wor kf ort r ans mi s si onov ert heWAN l oc all oop—>aphy s i c alc onnec t i onf r om t hec ust omert ot hes er v i c epr ov i derPOP 38. Which statement describes a characteristic of standard IPv4 ACLs?  They filter traffic based on source IP addresses only.  Theycanbec r eat edwi t hanumberbutnotwi t haname.  Theyar ec onfi gur edi nt hei nt er f acec onfi gur at i onmode.  Theycanbec onfi gur edt ofi l t ert r afficbas edonbot hs our ceI Paddr es sesands our cepor t s . 39. Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?

 NAT-POOL2 is not bound to ACL 1. I nt er f aceFa0/ 0s houl dbei dent i fi edasanout si deNATi nt er f ace.  TheNATpool i si nc or r ect .  Acces sl i s t1i smi s configur ed. Explanation: R1hast ohaveNATPOOL2boundt oACL1.Thi si saccompl i s hedwi t ht hec ommandR1( c onfi g) #i p nati nsi des our cel i s t1poolNATPOOL2.Thi swoul denabl et her out ert ocheckf oral l i nt er est i ngt r afficandi fi t mat c hesACL1i twoul dbet r ans l at edbyus eoft headdr es s esi nNAT POOL2.

40. Refer to the exhibit. What method can be used to enable an OSPF router to advertise a default route to neighboring OSPF routers?

 Us eas t at i cr out epoi nt i ngt ot heI SPandr edi st r i but ei t .  Us et her edi s t r i but es t at i ccommandonR0A.  Us et hedef aul t i nf or mat i onor i gi nat ecommandonI SP .  Use the default-information originate command on R0-A. 41. A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa? t oc apt ur eandanal y z epack et swi t hi nt r adi t i onalEt her netLANsorWLANs t opr obeandt es tt her obus t nes sofafi r ewal lb yus i ngspeci al l ycr eat edf or gedpack et s  to make repeated guesses in order to crack a password 42. What are two syntax rules for writing a JSON array? (Choose two.)  Each value in the array is separated by a comma.  Thear r ayc ani nc l udeonl yonev al uet y...