Home > CCNAv3 – New Questions 3

CCNAv3 – New Questions 3

July 12th, 2019 Go to comments

Note: These questions have not been classified into specific topics so please learn them separately.

Premium Members: You can practice these questions first with our quizzes at:
+ CCNAv3 – New Questions 3 Part 1 (from question 1 to 15)
+ CCNAv3 – New Questions 3 Part 2 (from question 16 to 28)

Question 1

Which symbol in the APIC-EM Path Trace tool output indicates that an ACL is present and might deny packets?

A. icon_1.jpg
B. icon_2.jpg
C. icon_3.jpg
D. icon_4.jpg

 

Answer: C

Explanation

Icon icon_1.jpg means “there are ACLs that permit the traffic applied on the interface”.

Icon icon_2.jpg means “traffic may or may not be blocked. For example, if your traffic matches a deny access control entry (ACE), traffic is denied. However, if your traffic matches any other ACEs, it is permitted. You can get this type of results if you leave out the protocol, source port, or destination port when defining a path trace”.

Icon icon_3.jpg means “there is an ACL on the device or interface that is blocking the traffic on the path”.

Icon icon_4.jpgmeans “there are no ACLs applied on the interface”.

Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/path_trace/user-guide/b_Cisco_Path_Trace_User_Guide_1_5_0_x/b_Cisco_Path_Trace_User_Guide_1_5_0_x_chapter_0111.html

Question 2

Which two technologies can combine multiple physical switches into one logical switch? (Choose two)

A. HSRP
B. GLBP
C. StackWise
D. VRRP
E. VSS

 

Answer: C E

Explanation

The term chassis aggregation refers to Cisco technology that is used to make multiple switches operate as a single switch. Virtual Switching System (VSS) and Switch Stacking are two technologies to accomplish this task. So “VSS” is the correct answer here.

Note: StackWise is the technology provides chassis redundancy in a VSS environment.

The differences between VSS and StackWise technologies:

Virtual Switching System (VSS) is a chassis aggregation technology but it is dedicated for Cisco Catalyst 6500, 6800 or 4500 Series Switches. VSS does not use special cables but establishes a virtual switch link (VSL) between two switches using regular Ethernet cables (Gigabit, TenGigabit…). VSS is limited to two switches.

Stacking is something we do with 3850, 3750 and 3750x. It uses a special stack cable and is not limited to two switches (some models can stack up to 9 members). This is more of an access layer technology.

Question 3

Which two pieces of information can you determine from the output of the show ntp status command? (Choose two)

A. whether the NTP peer is statically configured
B. the IP address of the peer to which the clock is synchronized
C. the configured NTP servers
D. whether the clock is synchronized
E. the NTP version number of the peer

 

Answer: B D

Explanation

Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.

R1#show ntp status
Clock is synchronized, stratum 10, reference is 10.1.2.1
nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18
reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013)
clock offset is 15.4356 msec, root delay is 52.17 msec
root dispersion is 67.61 msec, peer dispersion is 28.12 msec

Question 4

Which two benefits are provided by cloud resources to an enterprise network? (Choose two)

A. full control of infrastructure
B. complexity at higher cost
C. flexibility
D. on-demand scalability
E. easy access with low security

 

Answer: C D

Explanation

Clouds provide a new level of flexibility in application and data delivery. Provisioning applications and services from a cloud can give you the operational benefits without the capital expenses of maintaining on-premises environments.

Scalability is the ability to expand and reduce resources according to your specific service requirement. For example, you may need a large number of server resources for the duration of a specific task. You can then release these server resources after you complete your task. Surely cloud services have this benefit.

Unfortunately cloud resources (services) do not give us full control of its infrastructure as the infrastructure belong to the cloud service providers. We only pay for what we use.

Question 5

Refer to the exhibit. Which two statements about router R1 are true? (Choose two)

     209.65.200.0/30 is subnetted, 2 subnets
R       209.65.200.240 [20/0] via 209.65.200.226, 01:01:41
C       209.65.200.224 is directly connected, Serial0/1
     10.0.0.0/8 is variably subnetted, 12 subnets, 4 masks
O IA    10.1.10.3/32 [110/129] via 10.82.4.42, 01:09:51, Serial0/0/0
O IA    10.1.1.8/30 [110/192] via 10.82.4.42, 01:09:51, Serial0/0/0
O       10.1.10.2/32 [110/65] via 10.82.4.42, 01:09:51, Serial0/0/0
O E2    10.1.10.4/32 [110/20] via 10.82.4.42, 01:09:39, Serial0/0/0
D EX    10.1.4.8/30 [110/20] via 10.82.4.42, 01:09:39, Serial0/0/0
O E2    10.2.0.0/16 [110/20] via 10.82.4.42, 01:09:39, Serial0/0/0
O E2    10.1.4.4/30 [110/20] via 10.82.4.42, 01:09:40, Serial0/0/0
O E2    10.1.21.128/27 [110/20] via 10.82.4.42, 01:09:40, Serial0/0/0
     192.168.1.0/32 is subnetted, 2 subnets
O E2    192.168.1.129 [110/20] via 10.82.4.42, 01:09:40, Serial0/0/0
O E2    192.168.1.130 [110/20] via 10.82.4.42, 01:09:40, Serial0/0/0

A. the router has two EIGRP neighbors and one OSPF neighbor
B. at least two IGP routing protocols are running on the router
C. at least three IGP routing protocols are running on the router
D. the router is learning external OSPF and EIGRP routes
E. the router has an OSPF Area 0 adjacency with the device at 10.82.4.42

 

Answer: C D

Question 6

Which feature or method can you use to isolate physical layer problems on a serial link?

A. loopback tests
B. autonegotiation
C. UDLD
D. protocol analyzer

 

Answer: A

Explanation

A loopback test is a test in which a signal in sent from a communications device and returned (looped back) to it as a way to determine whether the device is working right or as a way to pin down a failing node in a network. Loopback testing is a very effective way to isolate a failing T1 (or E1). Loopback testing includes soft loopback and hard loopback.

Soft loopback uses the configuration commands on the Cisco gateway for testing while hard loopback uses a special loopback plug to loop the traffic from the E1/T1 port back into the E1/T1 port.

Reference: https://www.cisco.com/c/en/us/support/docs/voice/device-signaling/116492-trouble-t1e1-00.html

Note: UDLD is a data link layer protocol and mostly used in fiber-optic networks only.

Question 7

Which switching method checks for CRC errors?

A. store-and-forward
B. cut-through
C. fragment-free
D. Layer 3

 

Answer: A

Explanation

Store-and-Forward: Store-and-Forward switching will wait until the entire frame has arrived prior to forwarding it. This method stores the entire frame in memory. Once the frame is in memory, the switch checks the destination address, source address, and the CRC. If no errors are present, the frame is forwarded to the appropriate port. This process ensures that the destination network is not affected by corrupted or truncated frames.

Cut-Through: Cut-Through switching will begin forwarding the frame as soon as the destination address is identified. The difference between this and Store-and-Forward is that Store-and-Forward receives the whole frame before forwarding.Since frame errors cannot be detected by reading only the destination address, Cut-Through may impact network performance by forwarding corrupted or truncated frames

Fragment-free switching works like cut-through switching with the exception that a switch in fragment-free mode stores the first 64 bytes of the frame before forwarding. Fragment-free switching can be viewed as a compromise between store-and-forward switching and cut-through switching. The reason fragment-free switching stores only the first 64 bytes of the frame is that most network errors and collisions occur during the first 64 bytes of a frame.

But fragment-free method does not check CRC errors as it does not have a full frame with CRC included to check. It only checks the size of the frame. If the switch receives a frame that is under 64 bytes in size (called runts), the frame is discarded. The problem with this method is that you can still receive frames with CRC errors because you can still receive frames 64 bytes in size but still be corrupted.

Question 8

Which two actions must you take to correctly configure PPPoE on a client? (Choose two)

A. Define a dialer interface
B. Create a dialer pool and bind it to the virtual template
C. Define a virtual template interface
D. Create a dialer pool and bind it to the physical interface.
E. Create a BBA group and link it to the dialer interface

 

Answer: A D

Explanation

The picture below shows all configuration needed for PPPoE. But please only pay attention to the PPPoE on the client:

PPPoE_Topology_with_config.jpg

From this configuration we see that we need to create a Dialer interface first (interface Dialer 2) and create a dialer pool (dialer pool 1) under it. Then bind this dialer pool to the physical E0/1 interface (with the command “pppoe-client dial-pool-number 1” command).

Question 9 (same as Q.12 of https://www.9tut.com/ospf-questions-2)

You have configured a router with an OSPF router ID, but its IP address still reflects the physical interface. Which action can you take to correct the problem in the least disruptive way?

A. Reload the OSPF process
B. Reload the router
C. Save the router configuration
D. Specify a loopback address

 

Answer: A

Question 10

Which two statements about an Ethernet frame source address are true? (Choose two)

A. The address is 4 bits long.
B. The leftmost bit is always 0.
C. The address is 6 bytes long.
D. The leftmost bit is always 1.
E. The address is 4 bytes long

 

Answer: B C

Explanation

The Ethernet frame source address is the hardware (MAC) address of the source network adapter.

Source addresses (SA): Consists of 6 bytes. The SA field identifies the sending station. The SA is always an individual address, and the leftmost bit in the SA field (called I/G bit) is always 0 (because the source address is always unicast). With multicast address, the I/G bit is set to 1.

For more information about Ethernet frame please visit http://www.ciscopress.com/articles/article.asp?p=2348264

Question 11

Which two features are compatible with port security? (Choose two)

A. SPAN destination port
B. voice VLAN
C. DTP
d. EtherChannel
E. SPAN source port

 

Answer: B E

Explanation

Some restrictions of port security are shown below:

+ Port security supports private VLAN (PVLAN) ports.
+ Port security supports IEEE 802.1Q tunnel ports.
+ Port security does not support Switch Port Analyzer (SPAN) destination ports.
+ Port security supports access and trunking EtherChannel port-channel interfaces.
+ You can configure port security and 802.1X port-based authentication on the same port.
+ Port security supports nonnegotiating trunks -> From this we can deduce Port security does not support DTP (nonnegotiating trunks)

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/port_security.html#49710

Although Port-security supports voice VLAN but we need additional command to make it works. This example shows how to designate a maximum of one MAC address for a voice VLAN (for a Cisco IP Phone, let’s say) and one MAC address for the data VLAN (for a PC, let’s say) on Fast Ethernet interface 5/1:

Switch(config)# interface fa5/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security maximum 1 vlan voice
Switch(config-if)# switchport port-security maximum 1 vlan access

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/port_sec.html#wp1134174

Question 12

After an FTP session to ftp.cisco.com fails, you attempt to ping the server. A ping to ftp.cisco.com also fails, but a ping to the IP address of the server is successful. What is reason for the failed FTP session?

A. The assigned DNS server is down
B. An ACL is blocking the FTP request
C. A firewall is blocking traffic from the FTP site
D. The internet connection is down

 

Answer: A

Question 13

Which two circumstances can prevent two routers from establishing an OSPF neighbor adjacency? (Choose two)

A. mismatched autonomous system numbers
B. an ACL blocking traffic from multicast address 224.0.0.10
C. mismatched process IDs
D. mismatched hello timers and dead timers
E. use of the same router ID on both devices

 

Answer: D E

Explanation

In order to become OSPF neighbor following values must be match on both routers:

+ Area ID
+ Authentication
+ Hello and Dead Intervals
+ Stub area Flag
+ MTU Size

OSPF uses multicast address of 224.0.0.5 to send Hello messages. Only EIGRP uses the multicast address 224.0.0.10 -> Answer B is not correct.

OSPF does not have autonomous system numbers -> Answer A is not correct.

The process IDs of OSPF is only locally significant so they can be the same or different between two OSPF routers -> Answer C is not correct.

If we configure the same router ID on two OSPF routers, for example:

router ospf 1
router-id 1.1.1.1

Then you will see such an error:
%OSPF-4-DUP_RTRID1: Detected router with duplicate router ID

Question 14

Which two facts must you take into account when you deploy PPPoE? (Choose two)

A. DDR idle timers must be configured to support VPDN login.
B. PPPoE supports a maximum of 10 clients per customer premises equipment
C. DDR is not supported
D. You must manually configure IP addresses on the PPPoE interface
E. An individual PVC can support one PPPoE client

 

Answer: B E

Explanation

The PPPoE Client DDR Idle Timer feature supports the dial-on-demand routing (DDR) interesting traffic control list functionality of the dialer interface with a PPP over Ethernet (PPPoE) client, but also keeps original functionality (PPPoE connection up and always on after configuration) for those PPPoE clients that require it.

Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/sbpecls.html

But it is just an optional feature and we don’t need DDR idle timers to be configured to support VPDN login -> Answer A is not correct.

According to this link: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/xe-3s/bba-pppoe-client.html

The PPPoE client does not support the following:
+ More than ten clients per customer premises equipment (CPE)-> This means a CPE can support up to 10 clients so answer B is correct.

DDR is support in PPPoE since IOS v12.2 -> Answer C is not correct.

We can assign IP addresses via DHCP on the PPPoE interface -> Answer D is not correct.

Prior to Cisco IOS Release 12.4(15)T, one ATM PVC supported one PPPoE client. With the introduction of the Multiple PPPoE Client feature in Cisco IOS Release 12.4(15)T, one ATM PVC supports multiple PPPoE clients, allowing second line connection and redundancy. Multiple PPPoE clients can run concurrently on different PVCs, but each PPPoE client must use a separate dialer interface and a separate dialer pool. Therefore answer E is still correct.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/15-mt/bba-15-mt-book/bba-ppoe-client.pdf

Question 15

Which circumstance is a common cause of late collisions?

A. native VLAN mismatch
B. overloaded hardware queues
C. duplex mismatch
D. software misconfiguration

 

Answer: C

Explanation

A late collision is defined as any collision that occurs after the first 512 bits of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-compliant number of hubs in the network, or a bad NIC.

Late collisions should never occur in a properly designed Ethernet network. They usually occur when Ethernet cables are too long or when there are too many repeaters in the network.

Reference: https://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1904.html

Question 16

Which two address spaces are valid Class B IPv4 ranges that are non-routable to the internet? (Choose two)

A. 10.0.0.0 through 10.0.255.255
B. 169.254.0.0 through 169.254.255.255
C. 172.16.0.0 through 172.31.255.255
D. 172.16.0.0 through 172.32.255.255
E. 192.168.0.0 through 192.168.255.255

 

Answer: B C

Explanation

When a host fails to dynamically acquire an address, it can optionally assign itself a link-local IPv4 address in accordance with RFC 3927. Microsoft’s term for this is Automatic Private Internet Protocol Addressing (APIPA), which ranges from 169.254.0.0 to 169.254.255.255 (169.254.0.0/16).

Addresses from 172.16.0.0 to 172.31.255.255 belong to the private IPv4 address range of class B.

Note: class B range: 128.0.0.0 – 191.255.255.255 (with default subnet mask of /16)

Question 17

Which access layer threat mitigation technique security by acting as a filter between trusted and untrusted traffic sources?

A. DHCP snooping
B. 802.1X
C. dynamic packet inspection
D. a nondefault native VLAN

 

Answer: B

Explanation

The IEEE 802.1x standard defines a client-server-based access control and authentication protocol that prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN. Until the client is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/metro/me3400e/software/release/12-2_58_se/configuration/guide/ME3400e_scg/sw8021x.pdf)

Question 18

Which two statements correctly describe the ping utility? (Choose two)

A. It uses ICMP
B. It can identify source of an ICMP “time exceeded”message
C. It can identify the path that a packet takes to a remote device
D. It can verify connectivity to a remote device without identifying the path
E. It use UDP

 

Answer: A D

Question 19 (posted at Q.1 https://www.9tut.com/dns-questions)

Which two server types are used to support DNS lookup? (Choose two)

A. web server
B. name resolver
C. authoritative name sever
D. ESX host
E. file transfer server

 

Answer: B C

Explanation

All DNS servers fall into one of four categories: Recursive resolvers, root name servers, TLD name servers, and authoritative name servers. In a typical DNS lookup (when there is no caching in play), these four DNS servers work together in harmony to complete the task of delivering the IP address for a specified domain to the client (the client is usually a stub resolver – a simple resolver built into an operating system).

Reference: https://www.cloudflare.com/learning/dns/dns-server-types/

Question 20

Which two functions can be performed by local DNS server? (Choose two)

A. copying updated IOS images to Cisco switches
B. resolving names locally
C. transferring split horizon traffic between zones
D. assigning IP addresses to local clients
E. forwarding name resolution requests to an external DNS server

 

Answer: B E

Question 21 (posted at https://www.9tut.com/cdp-lldp-questions)

Which command on a switch, to enable neighbor discovery in a multivendor environment?

A. cdp run
B. enable cdp
C. lldp run
D. enable lldp

 

Answer: C

Question 22 (posted at https://www.9tut.com/ip-routing-3)

Which two task does a router perform when it receives a packet that is being forwarded from one network to another? (Choose two)

A. It encapsulates the layer 2 packet
B. It examines the MAC address table for the forwarding interface
C. It removes the layer 2 frame header and trailer
D. It examines the routing table for the best path to the destination IP address of the packet
E. It removes the layer3 frame header and trailer

 

Answer: C D

Question 23

Which two approaches are common when troubleshooting network issues? (Choose two)

A. round-robin
B. divide and conquer
C. policing
D. top down
E. layer-by-layer

 

Answer: B D

Explanation

Commonly used troubleshooting approaches include the following:
+ The top-down approach
+ The bottom-up approach
+ The divide-and-conquer approach
+ The follow-the-path approach
+ The spot-the-differences approach
+ The move-the-problem approach

For more information about these approaches, please visit: http://www.ciscopress.com/articles/article.asp?p=2273070&seqNum=2

Question 24 (posted at https://www.9tut.com/aaa-questions)

Which three features are represented by the letter A in AAA? (Choose three)

A. authorization
B. accountability
C. authentication
D. authority
E. accessibility
F. accounting

 

Answer: A C F

Question 25 (posted at https://www.9tut.com/switch-questions)

Refer to the exhibit. What is the effect of the given configuration?

Switch#configuration terminal
Switch#interface VLAN 1
Switch(config-if)#ip address 192.168.2.2 255.255.255.0
Switch(config-if)#end

A. It configures an inactive switch virtual interface.
B. It configures an active management interface.
C. It configures the native VLAN.
D. It configures the default VLAN.

 

Answer: A

Explanation

In the configuration above, the “no shutdown” command was missing so interface Vlan 1 is still inactive. Notice that only the loopback command does not need the “no shutdown” command to work.

Question 26 (posted at https://www.9tut.com/etherchannel-questions)

Which two EtherChannel PAgP modes can you configure? (Choose two)

A. Auto
B. Desirable
C. Active
D. Passive
E. On

 

Answer: A B

Explanation

There are two PAgP modes:

Auto Responds to PAgP messages but does not aggressively negotiate a PAgP EtherChannel. A channel is formed only if the port on the other end is set to Desirable. This is the default mode.
Desirable Port actively negotiates channeling status with the interface on the other end of the link. A channel is formed if the other side is Auto or Desirable.

The table below lists if an EtherChannel will be formed or not for PAgP:

PAgP Desirable Auto
Desirable Yes Yes
Auto Yes No

Question 27

Drag and drop the STP features from the left onto the correct descriptions on the right.

STP_features.jpg

 

Answer:

+ data message that STP uses to prevent loops: BPDU
+ disables the sending and receiving of BPDUs: BPDU filter
+ enables a port to immediately transition to the forwarding state: PortFast
+ prevents a port from entering the blocking state: Root guard
+ prevents a port from receiving BPDUs: BPDU guard

Explanation

If a BPDU is received on a port where BPDU guard is configured, that port is put into errdisable state (nearly the same as shutdown state) immediately.

Root Guard ensures that the port on which root guard is enabled is the designated port. If the bridge receives superior BPDUs on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state (which is equal to STP listening state). No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

When BPDU filtering is enabled on a specific port, it prevents this port from sending or receiving BPDUs (so if BPDUs are seen, they will be dropped)

Question 28

Drag and drop each WAN design option on the left onto the correct description on the right.

WAN_design.jpg

Answer:

single-multihomed: one or more routers with connections to two or more ISPs
dual-multihomed: one or more routers with redundant connections to two or more ISPs
single-homed: one router with a connection to an ISP
dual-homed: one router with two connections to the same ISP

Explanation

Single Multihomed

The next design is called “single multihomed” refers to:
+ Having connections to multiple ISPs from one router at the company
+ Single link per ISP.

BGP_Single_MultiHomed.jpg

This design is good if we want to separate important traffic to a specific ISP while still has the other ISP as the fail over path.

Dual homed

The next design is called “dual homed”, in which the “dual” word refers to the designs with two links to the same router.

BGP_Dual_Homed.jpg

In this design we can use BGP to share the traffic between two routers of the company with our specific ratio (load balancing) or fail over. Of course this design is better in redundancy than the first one but it still has a “single point of failure” at the ISP router.

Dual Multihomed

And the last design is called “dual multihomed” refers to:
+ Multiple links per ISP
+ Multiple links to Company

BGP_Dual_MultiHomed.jpg

Comments (2) Comments
  1. KK
    July 12th, 2019

    Thank you so much :)

  2. Assis_BSB
    July 12th, 2019

    Fiz meu exame hoje, infelizmente não fui aprovado.
    Muitas questões novas sobre AAA, VLAN Nativa e etc, sugiro que estudem além do 9 TUT.
    Os Labs foram IPV6 OSPF e TS de Eigrp.

    Até o próximo.

Add a Comment