17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8

C. autonomous
D. lightweight

Answer: D
Type text to search here...
Home > CCNA – New Questions Part 8 Explanation

Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight
CCNA – New Questions Part 8 + Autonomous: self-sufficient and standalone. Used for small wireless networks.
+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other
via a logical pair of CAPWAP tunnels.
June 4th, 2021 Go to comments
Question 5
Premium Members: You can practice these questions first via these links:
+ Question 1 to 17 Refer to the exhibit.
+ Question 18 to 25
+ Question 26 to 50
+ Question 51 to 75
+ Question 76 to 82

Question 1

Which communication interaction takes place when a southbound API is used?

A. between the SDN controller and PCs on the network

B. between the SDN controller and switches and routers on the network
C. between the SDN controller and services and applications on the network
D. between network applications and switches and routers on the network

Answer: B

Question 2

What is a similarly between 1000BASE-LX and 1000BASE-T standards?

A. Both use the same data-link header and trailer formats

B. Both cable types support LP connectors
C. Both cable types support RJ-45 connectors
D. Both support up to 550 meters between nodes

Answer: A Which change to the configuration on Switch2 allows the two switches to establish an EtherChannel?

Explanation A. Change the protocol to EtherChannel mode on

B. Change the LACP mode to active
1000BASE-T standard only supports up to 100 meters while 1000BASE-LX is a standard which uses a 1,270–1,355 nm laser for longer wavelength. It C. Change the LACP mode to desirable
has a distance capability of up to 5 kilometers over a Single-mode fiber -> Answer D is not correct. D. Change the protocol to PAgP and use auto mode

1000BASE-LX is an optical fiber Gigabit Ethernet standard so it does not support RJ-45 connectors directly -> Answer C is not correct.

1000BASE-LX only support LC connectors so answer B is not correct. Answer: B

Question 3 Question 6

How does WPA3 improve security? Where does wireless authentication happen?

A. It uses SAE for authentication. A. SSID

B. It uses a 4-way handshake for authentication. B. radio
C. It uses RC4 for encryption. C. band
D. It uses TKIP for encryption. D. Layer 2

Answer: A Answer: D

Explanation Question 7

WPA3 incorporates Simultaneous Authentication of Equals (SAE), a secure key establishment protocol between devices. By using a stronger What is the path for traffic sent from one user workstation to another workstation on a separate switch in a three-layer architecture model?
‘handshaking’ protocol, users should be protected from password guessing attempts. For home networks, that equates to password-based
authentication that’s more resilient, even if users choose unsophisticated passwords. A. access – core – distribution – access
B. access – distribution – distribution – access
Question 4 C. access – core – access
D. access -distribution – core – distribution – access
Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points
(CAPWAP) protocol?

A. bridge Answer: B
B. route

https://www.9tut.com/ccna-new-questions-part-8 1/42 https://www.9tut.com/ccna-new-questions-part-8 2/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Explanation

The Distribution Layer is located between the access and core layers. The purpose of this layer is to provide boundary definition by implementing
access lists and other filters. Therefore the Distribution Layer defines policy for the network. Distribution Layer include high-end layer 3 switches.
Distribution Layer ensures that packets are properly routed between subnets and VLANs in your enterprise.

Question 8

What are two benefits of FHRPs? (Choose two)

A. They prevent loops in the Layer 2 network.

B. They allow encrypted traffic.
C. They are able to bundle multiple ports to increase bandwidth
D. They enable automatic failover of the default gateway.
E. They allow multiple devices to serve as a single virtual gateway for clients in the network

Answer: D E

Question 9

What is the purpose of an SSID? Question 11

A. It provides network security In QoS, which prioritization method is appropriate for interactive voice and video?
B. It differentiates traffic entering access points
C. It identities an individual access point on a WLAN A. expedited forwarding
D. It identifies a WLAN B. traffic policing
C. round-robin scheduling
D. low-latency queuing

Answer: D

Explanation Answer: D

The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access point/bridges on a Explanation
network or sub-network can use the same SSID (-> Therefore answer C is not correct). SSIDs are case sensitive and can contain up to 32 alphanumeric
characters. Low Latency Queuing (LLQ) adds strict priority to the CBWFQ and allows delay sensitive data (Voice and Video) to be dequeued and sent before
lower priority packets. This practice gives delay sensitive data preferential treatment over other traffic.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1300/12-2_15_JA/configuration/guide/o13ssid.html
Note: The Expedited Forwarding (EF) model is used to provide resources to latency (delay) sensitive real-time, interactive traffic and it is suitable to
The SSID is a unique token that identifies an 802.11 wireless network. It is used by wireless devices to identify a network and to establish and use with voice and video traffic but it is not considered a “prioritization method”.
maintain wireless connectivity.
Question 12
Reference: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/ServiceSetID.html
An engineer is configuring data and voice services to pass through the same port. The designated switch interface fastethernet0/1 must transmit
Question 10 packets using the same priority for data when they are received from the access port of the IP phone. Which configuration must be used?

What are two characteristics of an SSID? (Choose two) A. interface fastethernet0/1

switchport priority extend cos 7
A. It can be hidden or broadcast in a WLAN
B. It uniquely identifies an access point in a WLAN B. interface fastethernet0/1
C. It uniquely identifies a client in a WLAN switchport voice vlan untagged
D. It is at most 32 characters long
E. It provides secured access to a WLAN C. interface fastethernet0/1
switchport voice vlan dot1p

D. interface fastethernet0/1
Answer: A D switchport priority extend trust

Explanation

The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. The SSID can consist of up to 32 Answer: D
alphanumeric, case-sensitive, characters.
Explanation
We can hide a SSID by choosing “Disabled” in the Basic Wireless Settings/Wireless/SSID Broadcast section.
The command “switchport priority extend cos 7” sets the IP phone port to override the priority received from the PC or the attached device (7 is the
highest priority).

The command “switchport priority extend trust” tells the Cisco IP Phone to trust the CoS value of the connected PC without remark all packets sent
form PC to CoS 0, by default.

Question 13

Which port type supports the spanning-tree portfast command without additional configuration?
https://www.9tut.com/ccna-new-questions-part-8 3/42 https://www.9tut.com/ccna-new-questions-part-8 4/42
17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
A. access ports =========================== New Questions (added on 31st-Jul-2021) ===========================
B. Layer 3 main interfaces
C. Layer 3 subinterfaces Question 18
D. trunk ports
What is a capability of FTP in network management operations?

A. uses separate control and data connections to move files between server and client
Answer: A B. devices are directly connected and use UDP to pass file information
C. encrypts data before sending between data resources
Question 14 D. offers proprietary support at the session layer when transferring data

What is a syslog facility?

A. host that is configured for the system to send log messages Answer: A
B. password that authenticates a Network Management System to receive log messages
C. group of log messages associated with the configured severity level Explanation
D. set of values that represent the processes that can generate a log message
There are actually two ports associated with FTP: TCP 20 and 21. FTP creates a virtual connection over TCP port 21 for control information, and then
it creates a separate TCP connection on port 20 for data transfers.

Answer: D Reference: Cisco Secure Internet Security Solutions Book

Explanation Question 19

System logs are the product of a communications protocol (RFC 5424) for transmitting event messages and alerts across an IP network. Facility is Refer to the exhibit.
defined by the syslog protocol, and provides a rough clue of where in a system the message originated.

Reference: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/security-analytics/8-2-
1/_reference_home/syslog.html

Question 15

What are two characteristics of a public cloud implementation? (Choose two)

A. It is owned and maintained by one party, but it is shared among multiple organizations
B. It enables an organization to fully customize how it deploys network resources
C. It provides services that are accessed over the Internet
D. It is a data center on the public Internet that maintains cloud services for only one company
E. It supports network resources from a centralized third-party provider and privately-owned virtual resources A network engineer is in the process of establishing IP connectivity between two sites. Routers R1 and R2 are partially configured with IP addressing.
Both routers have the ability to access devices on their respective LANs. Which command set configures the IP connectivity between devices located
on both LANs in each site?
Answer: A C A.
R1
Explanation
ip route 0.0.0.0 0.0.0.0 209.165.200.225
R2
Public clouds are managed by a third-party cloud provider. Public cloud computing resources are shared among multiple customers, unlike private
ip route 0.0.0.0 0.0.0.0 209.165.200.226
clouds.
B.
Question 16
R1
Which type of traffic is sent with pure IPsec? ip route 0.0.0.0 0.0.0.0 209.165.200.226
R2
A. broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites ip route 0.0.0.0 0.0.0.0 209.165.200.225
B. multicast traffic from a server at one site to hosts at another location
C. spanning-tree updates between switches that are at two different sites C.
D. unicast messages from a host at a remote site to a server at headquarters R1
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0
R2
ip route 10.1.1.1 255.255.255.0 GigabitEthernet0/0
Answer: D
D.
Explanation R1
ip route 192.168.1.1 255.255.255.0 GigabitEthernet0/1
Pure IPSec configuration (no GRE tunnel) does not support multicast or broadcast traffic. Spanning-tree updates use multicast too. -> Answer A, R2
answer B and answer C are not correct. ip route 10.1.1.1 255.255.255.0 GigabitEthernet0/1

Question 17

What prevents a workstation from receiving a DHCP address? Answer: B

A. DTP Explanation
B. STP
C. VTP On R1, by using the default route (“ip route 0.0.0.0 0.0.0.0 209.165.200.226”), we tell R1 to send all unknown destination packets to R2 so all packets
D. 802.10 with destination to 10.1.1.0/24 will be forwarded to R2. The same thing is configured on R2 so this configuration works well in this question.

We cannot type the command “ip route 10.1.1.1 255.255.255.0 …” which causes an “inconsistent mask and address” error as shown in the figure
below (while the command “ip route 10.1.1.0 255.255.255.0 …” is accepted):
Answer: B

Explanation

STP can prevent DHCP clients from getting an IP address because the port doesn’t start forwarding traffic until STP goes into the forwarding state.
https://www.9tut.com/ccna-new-questions-part-8 5/42 https://www.9tut.com/ccna-new-questions-part-8 6/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Question 20 ! ipv6 address 2001:DB8:2::201/64
interface FastEthernet1/0 !
Which type of organization should use a collapsed-core architecture? no ip address interface FastEthernet1/0
duplex auto no ip address
A. large and requires a flexible, scalable network design speed auto duplex auto
B. small and needs to reduce networking costs currently ipv6 address 2001:DB8:2::201/64 speed auto
C. large and must minimize downtime when hardware fails ! ipv6 address 2001:DB8:3::201/64
D. small but is expected to grow dramatically in the near future no cdp log mismatch duplex !
ipv6 route 2001:DB8:4::/64 2001:DB8:5::101 no cdp log mismatch duplex
ipv6 route 2001:DB8:4::/64 2001:DB8:4::302
Answer: B
A. Option A
Explanation
B. Option B
The three-tier hierarchical design maximizes performance, network availability, and the ability to scale the network design. Most small enterprise C. Option C
campus’ do not grow significantly larger over time, and most small enterprise campus are small enough to be well served by a two-tier hierarchical D. Option D
design, where the core and distribution layers are collapsed into one layer. The primary motivation for the collapsed core design is reducing network
cost, while maintaining most of the benefits of the three-tier hierarchical model.
Answer: A
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Small_Enterprise_Design_Profile/SEDP/chap2.html
Explanation
Question 21
First of all we have to enable IPv6 routing on a Cisco router using the ipv6 unicast-routing global configuration command. This command globally
Refer to the exhibit. enables IPv6 and must be the first command executed on the router -> Only option A and B are correct.

The difference between option A and B is the ipv6 route … command. To send packets from R17 to R18, we have to specify the next-hop-ipv6-
address in this command. In this case the next-hop-ipv6-address is the IPv6 on R18 (which is 2001:DB8:4::/64 2001:DB8:3::301), not R17 so only
answer A is correct.

Question 22

Drag and drop the lightweight access point operation modes from the left onto the descriptions on the right.

Which IPv6 configuration is required for R17 to successfully ping the WAN interface on R18?

Option A Option B

R17# R17#
! !
no ip domain lookup no ip domain lookup
ip cef ip cef
ipv6 unicast-routing ipv6 unicast-routing
! !
interface FastEthernet0/0 interface FastEthernet0/0 Answer:
no ip address no ip address
duplex auto duplex auto + allows for packet captures of wireless traffic: sniffer mode
speed auto speed auto + allows the access point to communicate with the WLC over a WAN link: Flexconnect mode
ipv6 address 2001:DB8:2::201/64 ipv6 address 2001:DB8:2::201/64 + receive only mode which acts as a dedicated sensor for RFID and IDS: monitor mode
! ! + preferred for connecting access points in a mesh environment: bridge mode
interface FastEthernet1/0 interface FastEthernet1/0 + transmits normally on one channel and monitors other channels for noise and interference: local mode
no ip address no ip address + monitor for rogue APs, does not handle data at all: rogue detector mode
duplex auto duplex auto
Explanation
speed auto speed auto
ipv6 address 2001:DB8:3::201/64 ipv6 address 2001:DB8:3::201/64
You can have the WLCs across the WAN from the APs. LWAPP/CAPWAP works over a WAN when the LAPs are configured in Remote Edge AP
! ! (REAP) or Hybrid Remote Edge AP(H-REAP) mode. Either of these modes allows the control of an AP by a remote controller that is connected via a
no cdp log mismatch duplex no cdp log mismatch duplex
WAN link. Traffic is bridged onto the LAN link locally, which avoids the need to unnecessarily send local traffic over the WAN link.
ipv6 route 2001:DB8:4::/64 2001:DB8:3::301 ipv6 route 2001:DB8:4::/64 2001:DB8:2::201
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/118833-wlc-design-ftrs-faq.html
Option C Option D Note: FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP).
R17# R17# When you configure the Bridge mode, the AP by default reboots as a Mesh AP (MAP) and tries to register to the WLC via the radio backhaul or the
! ! wired backhaul.
no ip domain lookup no ip domain lookup
ip cef ip cef Reference: CCIE Wireless v3 Study Guide
! ipv6 cef
interface FastEthernet0/0 ! Local mode (default mode): measures noise floor and interference, and scans for intrusion detection (IDS) events every 180 seconds on unused
no ip address interface FastEthernet0/0 channels
duplex auto no ip address
speed auto duplex auto Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to a remote machine where you can use protocol
ipv6 address 2001:DB8:3::201/64 speed auto analysis tool (Wireshark, Airopeek, etc) to review the packets and diagnose issues.
https://www.9tut.com/ccna-new-questions-part-8 7/42 https://www.9tut.com/ccna-new-questions-part-8 8/42
17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Monitor mode: does not transmit or serve clients at all. It acts like a dedicated sensor for location-based services (LBS), rogue AP detection, and C. wireless controller
Checks Intrusion Detection System (IDS). In this mode, AP will not broadcast an SSID so clients are unable to connect to it. D. firewall

Rogue detector mode: monitor for rogue APs. It does not handle data at all.

Question 23 Answer: D

Refer to the exhibit. Question 25

Drag the descriptions of device management from the left onto the types of device management on the right.

Between which zones do wireless users expect to experience intermittent connectivity? Answer:

A. between zones 1 and 2 Cisco DNA Center Device Management:

B. between zones 2 and 5 + uses machine learning to identify and resolve issues
C. between zones 3 and 4 + uses an inventory function to store device details in the database
D. between zones 3 and 6 + collects statistics and telemetry data from multiple network devices and provides a single view of network health and issues

Traditional Device Management:

+ requires manual troubleshooting
Answer: C + requires configuration on a device-by-device basis
+ networking functions are implemented primarily on dedicated devices
Explanation
Explanation
The 2.4 GHz band is subdivided into multiple channels each allotted 22 MHz bandwidth and separated from the next channel by 5 MHz.
-> A best practice for 802.11b/g/n WLANs requiring multiple APs is to use non-overlapping channels such as 1, 6, and 11. Unlike SDN, traditional networking has two main characteristics. First, traditional networking functions are mainly implemented in dedicated devices.
In this case, “dedicated devices” refer to one or more switches (e.g. 10gb switch), routers, and application delivery controllers. Second, most of the
functionality in traditional networking devices is implemented in dedicated hardware. ASIC (Application Specific Integrated Circuit) is commonly
used for this purpose. However, this traditional hardware-centric networking is accompanied by many limitations.

Reference: https://www.chinacablesbuy.com/sdn-vs-traditional-networking-which-leads-the-way.html

The Inventory function retrieves and saves details, such as host IP addresses, MAC addresses, and network attachment points about devices in its
database.
The Inventory feature can also work with the Device Controllability feature to configure the required network settings on devices, if these settings are
not already present on the device.

After the initial discovery, Cisco DNA Center maintains the inventory by polling the devices at regular intervals.

If you use channels that overlap, RF interference can occur. Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-1-
2/user_guide/b_cisco_dna_center_ug_2_1_2/b_cisco_dna_center_ug_2_1_1_chapter_011.html
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-connectivity.html
=========================== New Questions (added on 5th-Feb-2022) ===========================
If other Wi-Fi sources such as neighboring wireless access points are using the same wireless channel, this may cause intermittent connectivity issues.
Question 26
Reference: https://arris.secure.force.com/consumers/articles/General_FAQs/SBG8300-Troubleshooting-Intermittent-Wi-Fi-Connections/?
l=en_US&fs=RelatedArticle What is a function of a Layer 3 switch?

In this question, both Zone 3 & Zone 4 use Channel 11 so interference can occur. A. move frames between endpoints limited to IP addresses
B. transmit broadcast traffic when operating in Layer 3 mode exclusively
=========================== New Questions (added on 19th-Sep-2021) =========================== C. forward Ethernet frames between VLANs using only MAC addresses
D. flood broadcast traffic within a VLAN
Question 24

Which device permits or denies network traffic based on a set of rules?

Answer: A
A. access point
B. switch Question 27

https://www.9tut.com/ccna-new-questions-part-8 9/42 https://www.9tut.com/ccna-new-questions-part-8 10/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router and wants to
compress it for easier configuration. Which command must be issued on the router interface?

A. ipv6 address 2001:db8::700:3:400F:572B

B. ipv6 address 2001:db8:0::700:3:4F:572B
C. ipv6 address 2001:Odb8::7:3:4F:572B
For security reasons, automatic neighbor discovery must be disabled on the R5 Gi0/1 interface.
D. ipv6 address 2001::db8:0000::700:3:400F:572B
These tasks must be completed:
* Disable all neighbor discovery methods on R5 interface Gi0/1.
Answer: A * Permit neighbor discovery on R5 interface Gi0/2.
* Verify there are no dynamically learned neighbors on R5 interface Gi0/1.
Question 28 * Display the IP address of R6’s interface Gi0/2.

What is an appropriate use for private IPv4 addressing? Which configuration must be used?

A. on the public-facing interface of a firewall

B. to allow hosts inside to communicate in both directions with hosts outside the organization Option A Option B
C. on internal hosts that stream data solely to external resources
D. on hosts that communicates only with other internal hosts R5(config)#int Gi0/1 R5(config)#int Gi0/1
R5(config-if)#no cdp enable R5(config-if)#no cdp run
R5(config-if)#exit R5(config-if)#exit
R5(config)#lldp run R5(config)#lldp run
Answer: D R5(config)#no cdp run R5(config)#cdp enable
R5#sh cdp neighbor detail R5#sh cdp neighbor
Question 29 R5#sh lldp neighbor R5#sh lldp neighbor
Which 802.11 frame type is indicated by a probe response after a client sends a probe request?
Option C Option D
A. action
B. management R5(config)#int Gi0/1 R5(config)#int Gi0/1
C. control R5(config-if)#no cdp enable R5(config-if)#no cdp enable
D. data R5(config-if)#exit R5(config-if)#exit
R5(config)#no lldp run R5(config)#no lldp run
R5(config)#cdp run R5(config)#cdp run
Answer: B R5#sh cdp neighbor detail R5#sh cdp neighbor
R5#sh lldp neighbor R5#sh lldp neighbor
Explanation

There are three main types of 802.11 frames: the Data Frame, the Management Frame and the Control Frame. Association Response belongs to A. Option A
Management Frame. Association response is sent in response to an association request. B. Option B
C. Option C
Question 30 D. Option D

What is recommended for the wireless infrastructure design of an organization?

A. group access points together to increase throughput on a given channel Answer: C

B. configure the first three access points are configured to use channels 1, 6, and 11
C. include a least two access points on nonoverlapping channels to support load balancing Explanation
D. assign physically adjacent access points to the same Wi-Fi channel
Although CDP is a Layer 2 protocol but we can check the neighbor IP address with the “show cdp neighbor detail” command.

One of the task in this question is “display the IP address of R6’s interface Gi0/2” so we must use “show cdp neighbor detail” command -> Only
Answer: B Option A and Option C are correct.

Explanation If we want to disable LLDP on an interface we can use two commands under interface mode:
no lldp transmit: Disallows sending LLDP packets on the interface.
The 2.4 GHz band is subdivided into multiple channels each allotted 22 MHz bandwidth and separated from the next channel by 5 MHz. no lldp receive: Disallows receiving LLDP packets on the interface.
-> A best practice for 802.11b/g/n WLANs requiring multiple APs is to use non-overlapping channels such as 1, 6, and 11.
But these two commands are not used in this question so we have to disable LLDP globally (with command “no lldp run”) so that only CDP is enabled
on R5 interface Gi0/2 -> Only Option C is correct.

Question 32

Which type of API allows SDN controllers to dynamically make changes to the network?

A. northbound API
B. southbound API
C. SOAP API
D. REST API

If you use channels that overlap, RF interference can occur.

Answer: B
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-340-series/8117-connectivity.html
Question 33
Question 31
What is a DNS lookup operation?
Refer to the exhibit.
A. serves requests over destination port 53
B. DNS server pings the destination to verify that it is available

https://www.9tut.com/ccna-new-questions-part-8 11/42 https://www.9tut.com/ccna-new-questions-part-8 12/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
C. DNS server forwards the client to an alternate IP address when the primary IP is down TCP:
D. responds to a request for IP address to domain name resolution to the DNS server + SMTP
+ HTTP
+ Telnet

Answer: A UDP:
+ DNS
Explanation + SNMP
+ RTP
An example of DNS is described below:
When you attempt to go to a domain name such as 9tut.com, your browser will instruct your computer to do a DNS lookup on that domain name. This ================================== New Questions (added on 13th-Feb-2022) ==================================
DNS lookup will query a DNS resolver (for example Google at 8.8.8.8). Once the resolver responds, the computer will usually choose the first IP in
the response and use that for the connection. Question 36

The most frequently used port for DNS is UDP 53 but as time progresses, DNS will reply on TCP Port 53 more heavily. Refer to the exhibit.

Question 34

Refer to the exhibit.

The DHCP server and clients are connected to the same switch. What is the next step to complete the DHCP configuration to allow clients on VLAN 1
to receive addresses from the DHCP server?

A. Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server
B. Configure the ip dhcp relay information option command on the interface that is connected to the DHCP server
An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts. A Telnet attempt from PC-2 gives this C. Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client
message:”% Connection refused by remote host”. D. Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP client
Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?

A. Add the access-list 10 permit any command to the configuration Answer: A

B. Remove the access-class 10 in command from line vty 0 4.
C. Add the ip access-group 10 out command to interface g0/0. Explanation
D. Remove the password command from line vty 0 4.
We see from the output of the “show ip dhcp snooping statistics detail” command the packets “received on untrusted ports = 32” so maybe the
interface connected to DHCP Server is configured untrusted port. Therefore we have to configure the “ip dhcp snooping trust” command on this
interface.
Answer: A
Question 37
Question 35
Which two components comprise part of a PKI? (Choose two)
Drag and drop the TCP/IP protocols from the left onto their primary transmission protocols on the right.
A. RSA token
B. clear-text password that authenticates connections
C. one of more CRLs
D. preshared key that authenticates connections
E. CA that grants certificates

Answer: C E

Explanation

PKI (or Public Key Infrastructure) is the framework of encryption and cybersecurity that protects communications between the server (your website)
and the client (the users). Think about all the information, people, and services that your team communicates and works with. PKI is essential in
building a trusted and secure business environment by being able to verify and exchange data between various servers and users.

The components of a PKI include:

+ public key
+ private key
+ Certificate Authority (CA)
+ Certificate Store
+ Certificate Revocation List (CRL)
+ Hardware Security Module
Answer:

https://www.9tut.com/ccna-new-questions-part-8 13/42 https://www.9tut.com/ccna-new-questions-part-8 14/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Certificate Authority (CA) that it correctly uses R2 as a backup route, without changing the administrative distance configuration on the link to R3?
The CA generally handles all aspects of the certificate management for a PKI, including the phases of certificate lifecycle management.
A CA issues certificates to be used to confirm that the subject imprinted on the certificate is the owner of the public key. In a PKI system, the client A. ip route 0.0.0.0 0.0.0.0 g0/1 6
generates a public-private key pair. The public key and information to be imprinted on the certificate are sent to the CA. The CA then creates a digital B. ip route 0.0.0.0 0.0.0.0 g0/1 1
certificate consisting of the user’s public key and certificate attributes. The certificate is signed by the CA with its private key. C. ip route 0.0.0.0 0.0.0.0 209.165.201.5 10
D. ip route 0.0.0.0 0.0.0.0 209.165.200.226 1
Certificate Revocation List (CRL)
A CRL is a list of certificates that have been revoked by the CA that issued them before they were set to expire. This is a helpful security feature if a
device is stolen that contains a certificate. A RADIUS server only rejects a connection request from a device if the device’s certificate serial number is
contained in the CRL. The Certificate Authority is the one that maintains this list, and the RADIUS server periodically downloads this list by sending a Answer: A
query to the CA. There are two types of CRLs: A Delta CRL and a Base CRL.
Explanation
Reference: https://www.securew2.com/blog/public-key-infrastructure-explained
R1 uses R3 as the primary route to the Internet so it may use either of these commands:
Question 38
R1(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.5
A network administrator is setting up a new IPv6 network using the 64-bit address 2001:0EB8:00C1:2200:0001:0000:0000:0331/64. To simplify the OR
configuration, the administrator has decided to compress the address. Which IP address must the administrator configure? R1(config)#ip route 0.0.0.0 0.0.0.0 g0/2

A. ipv6 address 2001:EB8:C1:2200:1:0000:331/64 The administrative distance (AD) of the first command is 1 while that of the second command is 0. Therefore we have to choose a higher AD for our
B. ipv6 address 21:EB8:C1:2200:1::331/64 backup route. And the exit interface of the backup route is g0/1 or the next-hop is 209.165.200.230.
C. ipv6 address 2001:EB8:C1:22:1::331/64
D. ipv6 address 2001:EB8:C1:2200:1::331/64 Question 41

Refer to the exhibit.

Answer: D

Question 39

Refer to the exhibit.

An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the management network must be
blocked from pinging the default gateway of the new server. Which command must be configured on R1 to complete the task?

A. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.15

B. R1(config)#ip route 172.16.2.2 255.255.255.255 gi0/0
C. R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.1.5
Which command must be issued to enable a floating static default route on router A? D. R1(config)#ip route 172.16.2.2 255.255.255.248 gi0/1

A. ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

B. ip route 0.0.0.0 0.0.0.0 192.168.1.2
C. ip route 0.0.0.0 0.0.0.0 192.168.1.2 10 Answer: B
D. ip default-gateway 192.168.2.1
Explanation

By only configuring static route to the host New Server, we also don’t allow PC1 & PC2 ping to R2 Gi0/0 (default gateway of New Server).
Answer: C
Question 42
Question 40
Refer to the exhibit.
Refer to the exhibit.

Which plan must be implemented to ensure optimal QoS marking practices on this network?

Router R1 currently is configured to use R3 as the primary route to the Internet, and the route uses the default administrative distance settings. A A. As traffic enters from the access layer on SW1 and SW2, trust all traffic markings
network engineer must configure R1 so that it uses R2 as a backup, but only if R3 goes down. Which command must the engineer configure on R1 so B. Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2
https://www.9tut.com/ccna-new-questions-part-8 15/42 https://www.9tut.com/ccna-new-questions-part-8 16/42
17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
C. As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer state performs as follows:
D. Remark traffic as it traverses R1 and trust all markings at the access layer Forwards frames received from the attached segment.
Forwards frames switched from another port for forwarding.
Incorporates the end station location information into its address database.
Receives BPDUs and directs them to the system module.
Answer: B Processes BPDUs received from the system module.
Receives and responds to network management messages.
Explanation
Reference:
“Classify, mark, and police as close to the traffic-sources as possible.” -> Answer C is not correct. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/503_n1_1/Cisco_n5k_layer2_config_gd_rel_503_N1_1_chapter9.html
Reference: https://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd80295aa1.pdf The statement “BPDUs received from the system module are processed and transmitted” is not correct as Rapid PVST+ does not “transmit”, only
PVST does.
As a rule, it is not recommended to trust markings set by end users leveraging PCs or other endpoint devices. End users can intentionally or
unintentionally abuse QoS policies that trust markings of end devices. If users and unclassified applications take advantage of the configured QoS Question 44
policy as a result of trusting end devices, this can result in easily starving priority queues with nonpriority traffic, ruining quality of service for real-
time applications. Refer to the exhibit.
Reference: https://www.ciscopress.com/articles/article.asp?p=2756478&seqNum=2
interface FastEthernet0/10
-> Answer A and answer D are not correct. description WAN_INTERFACE
ip address 10.0.1.2 255.255.255.252
ip access-group 100 in
!
interface FastEthernet0/1
description LAN INTERFACE
ip address 10.148.2.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
access-list 100 permit tcp 10.149.3.0 0.0.0.255 host 10.0.1.2 eq 22
access-list 100 permit tcp any any eq 80
access-list 100 permit tcp any any eq 443
access-list 100 deny ip any any log

Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R4?

A. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

B. interface FastEthernet0/0
Question 43
ip helper-address 10.0.1.1
Drag and drop the Rapid PVST+ forwarding state actions from the left to the right. Not all actions are used. !
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

C. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

D. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

Answer: D

Explanation

The “ip helper-address” must be applied under the interface that receives the DHCP messages from the DHCP Client (LAN interface)
Answer:

BPDUs received are forwarded to the system module

The port in the forwarding state responds to network management messages
Switched frames received from other ports are advanced
Frames received from the attached segment are processed

Explanation

Forwarding State
A LAN port in the forwarding state forwards frames. The LAN port enters the forwarding state from the learning state. A LAN port in the forwarding

https://www.9tut.com/ccna-new-questions-part-8 17/42 https://www.9tut.com/ccna-new-questions-part-8 18/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
All DHCP packets are UDP so the ACL must allow UDP, not TCP so the ACL must be “access-list 100 permit udp …”. Explanation

Question 45 In Option A and Option D, the MTUs of two Fa0/0 interfaces are mismatched so they cannot form OSPF adjacency -> Option A and Option D are not
correct.
Refer to the exhibit.
DR and BDR serve as the central point for exchanging OSPF routing information so we must configure Fa0/0 interfaces in broadcast mode. In Option
B, R14 Fa0/0 interface is configured with OSPF priority 255 so surely it would become DR -> This is the best answer.

Note: An OSPF priority of 0 does not prevent the router from establishing OSPF adjacencies.
Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for exchanging OSPF information Question 46
between routers?
Which wireless security protocol relies on Perfect Forward Secrecy?

Option A Option B A. WPA

B. WPA3
R14# R14# C. WPA2
interface FastEthernet0/0 interface FastEthernet0/0 D. WEP
ip address 10.73.65.65 255.255.255.252 ip address 10.73.65.65 255.255.255.252
ip ospf network broadcast ip ospf network broadcast
ip ospf priority 0 ip ospf priority 255
ip mtu 1400 ip mtu 1500 Answer: B

router ospf 10 router ospf 10 Explanation

router-id 10.10.1.14 router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0 network 10.10.1.14 0.0.0.0 area 0 WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol designed to encrypt data using a frequent and automatic encryption type
network 10.73.65.64 0.0.0.3 area 0 network 10.73.65.64 0.0.0.3 area 0 called Perfect Forward Secrecy. It’s more secure than its predecessor, WPA2, but it hasn’t been widely adopted yet. Not all hardware supports WPA3
automatically, and using this protocol often requires costly upgrades.
R86# R86#
interface Loopback0 interface FastEthernet0/0 Reference: https://www.avast.com/c-wep-vs-wpa-or-wpa2
ip address 10.10.1.86 255.255.255.255 ip address 10.73.65.66 255.255.255.252
ip ospf network broadcast Question 47
interface FastEthernet0/0 ip mtu 1500
ip address 10.73.65.66 255.255.255.252 Refer to the exhibit.
ip ospf network broadcast router ospf 10
ip mtu 1500 router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
router ospf 10 network 10.73.65.64 0.0.0.3 area 0
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0

Option C Option D

R14# R14#
interface Loopback0 interface FastEthernet0/0 A network engineer must provide configured IP addressing details to investigate a firewall rule issue. Which subnet and mask identify what is
ip ospf 10 area 0 ip address 10.73.65.65 255.255.255.252 configured on the en0 interface?
ip ospf network broadcast
interface FastEthernet0/0 ip ospf priority 255 A. 10.8.0.0/16
ip address 10.73.65.65 255.255.255.252 ip mtu 1500 B. 10.8.64.0/18
ip ospf network broadcast C. 10.8.128.0/19
ip ospf 10 area 0 router ospf 10 D. 10.8.138.0/24
ip mtu 1500 router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0
router ospf 10 network 10.73.65.64 0.0.0.3 area 0
ip ospf priority 255 Answer: C
router-id 10.10.1.14 R86#
interface FastEthernet0/0 Explanation
R86# ip address 10.73.65.66 255.255.255.252
ip ospf network broadcast netmask 0xffffe000 means 255.255.224.0 or /19 (convert from hex to decimal) -> Answer C is correct. We also notice the broadcast address is
interface Loopback0 ip mtu 1400 10.8.159.255.
ip ospf 10 area 0
router ospf 10 Question 48
interface FastEthernet0/0 router-id 10.10.1.86
ip address 10.73.65.66 255.255.255.252 network 10.10.1.86 0.0.0.0 area 0 A network engineer must configure two new subnets using the address block 10.70.128.0/19 to meet these requirements:
ip ospf network broadcast network 10.73.65.64 0.0.0.3 area 0 * The first subnet must support 24 hosts.
ip ospf 10 area 0 * The second subnet must support 472 hosts
ip mtu 1500 * Both subnets must use the longest subnet mask possible from the address block
router ospf 10 Which two configurations must be used to configure the new subnets and meet a requirement to use the first available address in each subnet for the
router-id 10.10.1.86 router interfaces? (Choose two)

A. interface vlan 4722

A. Option A ip address 10.70.133.17 255.255.255.192
B. Option B B. interface vlan 3002
C. Option C ip address 10.70.147.17 255.255.255.224
D. Option D C. interface vlan 1148
ip address 10.70.148.1 255.255.254.0
D. interface vlan 1234
ip address 10.70.159.1 255.255.254.0
Answer: B
https://www.9tut.com/ccna-new-questions-part-8 19/42 https://www.9tut.com/ccna-new-questions-part-8 20/42
17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
E. interface vlan 155
ip address 10.70.155.65 255.255.255.224

Answer: C E

Explanation

In order to support 24 (<25) hosts we need 5 bits 0 in the subnet mask so the last octet of the subnet mask must be 1110 0000 -> 255.255.255.224. In
the answer above there are two IP address with subnet mask 255.255.255.224. They are:
+ 10.70.147.17 255.255.255.224: This IP address belongs to subnet 10.70.147.0/27 but 10.70.147.17 is not the first available address in this subnet
(the first available address in this subnet is 10.70.147.1)
+ 10.70.155.65 255.255.255.224: This IP address belongs to subnet 10.70.155.64/27 and 10.70.155.65 is the first available address in this subnet ->
Answer E is correct.

In order to support 472 (<512 = 29) hosts we need 9 bits 0 in the subnet mask -> 255.255.254.0. In the answer above there are two IP address with
subnet mask 255.255.254.0. They are: Traffic sourced from the loopback0 interface is trying to connect via ssh to the host at 10.0.1.15. What is the next hop to the destination address?
+ 10.70.148.1 255.255.254.0: This IP address belongs to subnet 10.70.148.0/23 and it is the first available IP address in this subnet
+ 10.70.159.1 255.255.254.0: This IP address belongs to subnet 10.70.158.0/23. It is not the first available IP address in this subnet (the first available A. 192.168.0.7
IP address is 10.70.158.1). B. 192.168.0.4
C. 192.168.0.40
-> Answer C is correct. D. 192.168.3.5
Question 49

Refer to the exhibit. Answer: A

Explanation

10.0.1.0/28 is always preferred over 10.0.1.0/24 because of longest prefix match. 10.0.0.15 belongs to 10.0.1.0/28 subnet so the next hop is
192.168.0.7 (learned via EIGRP).

Note: Although our destination IP is 10.0.0.1.15 which is the broadcast address of subnet 10.0.1.0/28 in the routing table and we may think that the
local router would not use this route but in fact the router still uses this route.

You can find a good discussion at: https://community.cisco.com/t5/switching/weird-routing-subnet-question/td-p/2362830

“The broadcast is really a concept that is relevant only to a router directly connected to the network whose broadcast address you are referring to.
Other routers do not care at all. As long as the destination IP address of a packet AND the netmask produces the network address in the respective row
of the routing table, the packet is destined for that network so let’s forward it there.”

Question 51

Refer to the exhibit.

An administrator must connect SW_1 and the printer to the network. SW_2 requires DTP to be used for the connection to SW_1. The printer is
configured as an access port with VLAN 5. Which set of commands completes the connectivity?

A. switchport mode trunk

switchport trunk pruning vlan add 5
SiteA#show interface TenGigabitEthernet0/1/0
B. switchport mode dynamic desirable TenGigabitEthernet0/1/0 is up, line protocol is up
switchport trunk allowed vlan add 5 Hardware is BUILT-IN-EPA-8x10G, address is aabb.cc00.0100 (bia aabb.cc00.0100)
C. switchport mode dynamic auto Description: Connection to SiteB
switchport private-vlan association host 5 Internet address is 10.10.10.1/30
D. switchport mode dynamic auto MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
switchport trunk encapsulation negotiate Full Duplex, 10000Mbps, link type is force-up, media type is SFP-SR
5 minute input rate 264797000 bits/sec, 26672 packets/sec
5 minute output rate 122464000 bits/sec, 15724 packets/sec

Answer: B SiteB#show interface TenGigabitEthernet0/1/0

TenGigabitEthernet0/1/0 is up, line protocol is up
Question 50 Hardware is BUILT-IN-EPA-8x10G, address is 0000.0c00.750c (bia 0000.0c00.750c)
Description: Connection to SiteA
Internet address is 10.10.10.2/30
Refer to the exhibit. MTU 8146 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Full Duplex, 10000Mbps, link type is force-up, media type is SFP-LR
5 minute input rate 123245000 bits/sec, 15343 packets/sec
5 minute output rate 265746000 bits/sec, 12453 packets/sec

Shortly after SiteA was connected to SiteB over a new single-mode fiber path, users at SiteA report intermittent connectivity issues with applications
hosted at SiteB. What is the cause of the intermittent connectivity issue?

A. An incorrect type of transceiver has been inserted into a device on the link.
B. The wrong cable type was used to make the connection.
C. Heavy usage is causing high latency.
D. Physical network errors are being transmitted between the two sites.

Answer: A
https://www.9tut.com/ccna-new-questions-part-8 21/42 https://www.9tut.com/ccna-new-questions-part-8 22/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Explanation Refer to the exhibit.

SR stands for Short Reach, and LR stands for Long Reach. SR supports 400metres while LR supports 10 kilometers. In this question, SiteA is using
SFP-SR so it is not suitable for 7KM distance.

Question 52

Refer to the exhibit.

An engineer has started to configure replacement switch SW1. To verify part of the configuration, the engineer issued the commands as shown and
noticed that the entry for PC2 is missing. Which change must be applied to SW1 so that PC1 and PC2 communicate normally?
Which action must be taken to ensure that router A is elected as the DR for OSPF area 0?
A. SW1(config)#interface fa0/2
A. Configure the OSPF priority on router A with the lowest value between the three routers SW1(config-if)#no switchport access vlan 2
B. Configure the router A interfaces with the highest OSPF priority value within the area. SW1(config-if)#no switchport trunk allowed vlan 3
C. Configure router A with a fixed OSPF router ID. SW1 (config-if)#switchport trunk allowed vlan 2
D. Configure router B and router C as OSPF neighbors of router A.
B. SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport trunk native vlan 2
Answer: B SW1(config-if)#switchport trunk allowed vlan 3

Explanation C. SW1(config-if)#interface fa0/2

SW1(config-if)#no switchport mode trunk
The router with the highest OSPF priority on a segment will become the DR for that segment SW1(config-if)#no switchport trunk allowed vlan 3
SW1(config-if)#switchport mode access
Question 53
D. SW1(config)#interface fa0/1
Refer to the exhibit. SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport access vlan 3
SW1(config-if)#switchport trunk allowed vlan 2

Answer: C

Question 55

Refer to the exhibit.

Host A sent a data frame destined for host D.

Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two)
What does the switch do when it receives the frame from host A?
A. It shuts down the port Fa0/1 and places it in err-disable mode. A. transport input telnet
B. It experiences a broadcast storm, B. username cisco password 0 cisco
C. It floods the frame out of all ports except port Fa0/1. C. login console
D. It drops the frame from the switch CAM table. D. ip ssh pubkey-chain
E. crypto key generate rsa

Answer: C
Answer: B E
Explanation
Explanation
When the switch receives a frame for a MAC destination address not listed in its address table, it floods the frame to all LAN ports of the same VLAN
except the port that received the frame. Steps to configure SSH:
1. Configure the router hostname using command “hostname”.
In this question, switch has not learned about host D yet so it floods the frame to all LAN ports of the same VLAN except Fa0/1 which it received 2. Configure the domain name using command “ip domain-name”.
frame from host A. 3. Generate public and private keys using command “crypto key generate rsa”.
4. Create a user in the local database using command “username…secret”.
Question 54 5. Allow only SSH access on VTY lines using command “transport input ssh”.
https://www.9tut.com/ccna-new-questions-part-8 23/42 https://www.9tut.com/ccna-new-questions-part-8 24/42
17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Reference: https://ipwithease.com/how-to-configure-ssh-version-2-on-cisco-router/ A. R1(config)# username engineer2 algorithm-type scrypt secret test2021
B. R1(config)# username engineer2 secret 5 password $1$bUu$kZbBS1Pyh4QzwXyZ
Note: We only use the “ip ssh pubkey-chain” to perform RSA-Based Authentication. C. R1(config)# username engineer2 privilege 1 password 7 test2021
D. R1(config)# username engineer2 secret 4 $1Sb1Ju$kZbBSlFyh4QxwXyZ
Question 56

Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two)
Answer: A
A. forwarding
B. blocking Explanation
C. disabled
D. learning Secret type 4 was determined to have a flaw and was removed in later versions of iOS. Type 4 Passwords should never be used!
E. listening Secret type 5 uses MD5 which is not secured.

Secret type 9 – Scrypt and PBKDF2 (which can be used with “algorithm-type sha256”, but it is just a small part of a much larger crypto algorithm) are
much slower to compute and take longer to brute force. Currently it is the strongest password configurable in Cisco devices.
Answer: D E
Question 60
Explanation
Refer to the exhibit.
Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state immediately or upon a linkup event, thus bypassing the
listening and learning states.

Question 57

What is a requirement when configuring or removing LAG on a WLC?

A. The incoming and outgoing ports for traffic flow must be specified if LAG is enabled.
B. The controller must be rebooted after enabling or reconfiguring LAG.
C. The management interface must be reassigned if LAG is disabled.
D. Multiple untagged interfaces on the same port must be supported.

Answer: B

Explanation

When you enable LAG or make any changes to the LAG configuration, you must immediately reboot the controller. Which configuration enables an EtherChannel to form dynamically between SW1 and SW2 by using an industry-standard protocol, and to support full
IP connectivity between all PCs?
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010100001.html
Option A Option B
Question 58
SW1# SW1#
What is a requirement for nonoverlapping WI-FI channels? interface Gi0/1 interface Gi0/1
switchport switchport
A. different security settings switchport mode trunk switchport mode trunk
B. different transmission speeds channel-group 1 mode on channel-group 1 mode auto
C. discontinuous frequency ranges ! !
D. unique SSIDs interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
Answer: C channel-group 1 mode auto channel-group 1 mode active

Explanation SW2# SW2#

interface Gi0/1 interface gi0/1
Each channel on the 2.4 GHz spectrum is 20 MHz wide. The channel centers are separated by 5 MHz, and the entire spectrum is only 100 MHz wide. switchport switchport
This means the 11 channels have to squeeze into the 100 MHz available, and in the end, overlap. Channels 1, 6, and 11, however, are far enough from switchport mode trunk switchport mode access
each other on the 2.4GHz band that they have sufficient space between their channel centers and do not overlap. channel-group 1 mode auto channel-group 1 mode desirable
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode on channel-group 1 mode desirable
interface port-channel 1
switchport
switchport mode trunk

Option C Option D

SW1# SW1#
Question 59 interface Gi0/1 interface Gi0/1
switchport switchport
An engineer must configure R1 for a new user account. The account must meet these requirements: switchport mode trunk switchport mode access
* It must be configured in the local database. channel-group 1 mode active channel-group 1 mode active
* The username is engineer2 ! !
* It must use the strongest password configurable. interface Gi0/2 interface Gi0/2
switchport switchport
Which command must the engineer configure on the router?

https://www.9tut.com/ccna-new-questions-part-8 25/42 https://www.9tut.com/ccna-new-questions-part-8 26/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
switchport mode trunk switchport mode access
channel-group 1 mode active channel-group 1 mode active

SW2# SW2#
interface Gi0/1 interface Gi0/1
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode passive channel-group 1 mode desirable
! !
interface Gi0/2 interface Gi0/2
switchport switchport
switchport mode trunk switchport mode access
channel-group 1 mode passive channel-group 1 mode desirable

A. Option A
B. Option B
C. Option C
D. Option D Answer:

TCP
+ used to reliably share files between devices
Answer: C + requires the client and the server to establish a connection before sending the packet
Explanation UDP
+ transmitted based on data contained in the packet without the need for a data channel
LACP is the IEEE Standard (IEEE 802.3ad) and is the most common dynamic ether-channel protocol, whereas PAgP is a Cisco proprietary protocol. + appropriate for streaming operations with minimal latency
Question 61 Question 63
Drag and drop the descriptions or AAA services from the left onto the corresponding services on the right. What is the function of the controller in a software-defined network?

A. forwarding packets
B. making routing decisions
C. multicast replication at the hardware level
D. fragmenting and reassembling packets

Answer: B

Question 64

Refer to the exhibit.

Answer:

Accounting
+ records user commands
+ logs session statistics

Authentication
+ secures access to routers
+ validates user credentials An IP subnet must be configured on each router that provides enough addresses for the number of assigned hosts and anticipates no more than 10%
growth for new hosts. Which configuration script must be used?
Authorization
+ limits the user’s access permissions
+ allows the user to change to enable mode Option A Option B
Question 62 R7# R7#
configure terminal configure terminal
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.
interface Fa1/0 interface Fa1/0
ip address 10.1.56.1 255.255.240.0 ip address 10.1.56.1 255.255.248.0
no shutdown no shutdown

R8# R8#
configure terminal configure terminal
interface Fa0/0 interface Fa0/0
ip address 10.9.32.1 255.255.224.0 ip address 10.9.32.1 255.255.254.0
no shutdown no shutdown
R9#
https://www.9tut.com/ccna-new-questions-part-8 27/42 https://www.9tut.com/ccna-new-questions-part-8 28/42
17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
configure terminal R9# Prefixes learned via EIGRP is started with letter “D”.
interface Fa1/1 configure terminal
ip address 10.23.96.1 255.255.192.0 interface Fa1/1 Question 66
no shutdown ip address 10.23.96.1 255.255.248.0
no shutdown Refer to the exhibit.

Option C
Option D
R7#
configure terminal R7#
interface Fa1/0 configure terminal
ip address 10.1.56.1 255.255.252.0 interface Fa1/0
no shutdown ip address 10.1.56.1 255.255.192.0
no shutdown
R8# R8#
configure terminal configure terminal
interface Fa0/0 interface Fa0/0
ip address 10.9.32.1 255.255.255.0 ip address 10.9.32.1 255.255.224.0
no shutdown no shutdown
R9#
R9# configure terminal
configure terminal interface Fa1/1
interface Fa1/1 ip address 10.23.96.1 255.255.128.0
ip address 10.23.96.1 255.255.240.0 no shutdown
no shutdown

A. Option A
B. Option B
C. Option C
D. Option D
An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work. Which additional
task allows the two switches to establish an LACP port channel?
Answer: C
A. Change the channel-group mode on SW1 to desirable.
Explanation B. Change the channel-group mode on SW1 to active or passive.
C. Change the channel-group mode on SW2 to auto.
R7 Fa1/0: 923 hosts + 10% * 923 = 1015 < 1024 = 2 10 hosts. The best subnet mask is /22 = 255.255.252.0 D. Configure the interface port-channel 1 command on both switches.
R8 Fa0/0: 225 hosts + 10% * 225 = 247 < 256 = 28 hosts. The best subnet mask is /24 = 255.255.255.0
R9 Fa1/1: 3641 hosts + 10% * 3641 = 4005 < 4096 = 212 hosts. The best subnet mask is /20 = 255.255.240.0
Answer: B
-> Option C is correct.
Question 67
In fact we don’t have to calculate subnet for R9 Fa1/1 because only Option C is suitable for R7 & R8 interfaces.
Refer to the exhibit.
Question 65

Refer to the exhibit.

A network engineer must update the configuration on Switch2 so that it sends LLDP packets every minute and the information sent via LLDP is
refreshed every 3 minutes. Which configuration must the engineer apply?

A. Switch2(config)#lldp timer 60
Switch2(config)# lldp tlv-select 180
B. Switch2(config)#lldp timer 60
Switch2(config)#lldp holdtime 180
C. Switch2(config)#lldp timer 1
Switch2(config)#lldp tlv-select 3
D. Switch2(config)#lldp timer 1
Switch2(config)#lldp holdtime 3

Which network prefix was learned via EIGRP?

Answer: B
A. 172.16.0.0/16
B. 207.165.200.0/24 Explanation
C. 192.168.2.0/24
+ lldp holdtime seconds: Specify the amount of time a receiving device should hold the information from your device before discarding it
D. 192.168.1.0/24
+ lldp timer rate: Set the sending frequency of LLDP updates in seconds
+ lldp tlv-select command. This will specify the LLDP TLVs to send or receive.

Answer: C Question 68

Explanation Refer to the exhibit.

https://www.9tut.com/ccna-new-questions-part-8 29/42 https://www.9tut.com/ccna-new-questions-part-8 30/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
R1#show run Question 70
!
router ospf 1 Which protocol is used for secure remote CLI access?
auto-cost reference-bandwidth 100000
! A. HTTP
interface GigabitEthernet0/0 B. Telnet
bandwidth 10000000 C. SSH
! D. HTTPS
interface GigabitEthernet0/1
bandwidth 100000000
!
Answer: C
interface GigabitEthernet0/2
ip ospf cost 100 Question 71
!
interface GigabitEthernet0/3 What is a characteristic or private IPv4 addressing?
ip ospf cost 1000
A. composed of up to 65,536 available addresses
Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to direct traffic, an engineer verified that B. issued by IANA in conjunction with an autonomous system number
each of the four Gigabit interfaces has the same route to 10.10.0.0/16. Which interface will R1 choose to send traffic to reach the route? C. used without tracking or registration
D. traverse the Internet when an outbound ACL is applied
A. GigabitEthernet0/0
B. GigabitEthernet0/1
C. GigabitEthernet0/2
D. GigabitEthernet0/3 Answer: C

Question 72

Answer: B What provides centralized control of authentication and roaming in an enterprise network?

Explanation A. a LAN switch

B. a firewall
The reference bandwidth in terms of Mbits per second so “auto-cost reference-bandwidth 100000” means 100Gbps or 10 11bps. The “bandwidth” C. a lightweight access point
under interface mode is configured in in kilobits. Therefore: D. a wireless LAN controller

+ Interface G0/0 (bandwidth 1010 bps): Cost = 1011 / 1010 = 10

+ Interface G0/1 (bandwidth 1011 bps): Cost = 1011 / 1011 = 1 Answer: D
+ Interface G0/2″ Cost = 100
+ Interface G0/3″ Cost = 1000 Question 73
-> R1 will choose the lowest cost path which is interface G0/1 A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a routable locally-unique unicast address that is
blocked from being advertised to the internet. Which configuration must the engineer apply?
Question 69
A. interface vlan 2000
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. ipv6 address ff00:0000:aaaa::1234:2343/64
Which configuration enables the traffic on the destination router? B. interlace vlan 2000
ipv6 address fd00::1234:2343/64
A. interface FastEthernet0/0 C. interface vlan 2000
ip address 10.122.49.1 255.255.255.252 ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64
ip access-group 10 in D. interface vlan 2000
! ipv6 address fe80:0000:aaaa::1234:2343/64
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22

B. line vty 0 15 Answer: B

access-class 120 in
! Explanation
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22 A unique local address (ULA) is an Internet Protocol version 6 (IPv6) address in the address range fc00::/7 -> The first octet can be FC or FD.
However when you implement this you have to set the L-bit (the right-most bit of the first octet) to 1 which means that the first two digits will be FD -
C. line vty 0 15 > The IPv6 address “fd00::1234:2343/64” is correct.
access-group 120 in
! Its purpose in IPv6 is analogous to IPv4 private network addressing. Unique local addresses may be used freely, without centralized registration, inside
ip access-list extended 120 a single site or organization or spanning a limited number of sites or organizations. They are routable only within the scope of such private networks,
permit tcp 10.139.58.0 0.0.0.15 any eq 22 but not in the global IPv6 Internet.

D. interface FastEthernet0/0 Note: Answer C is not correct as the IPv6 address only has 7 groups instead of 8.
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in Question 74
!
ip access-list standard 110 Refer to the exhibit.
permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1

Answer: B

Explanation

When applying access-list to line vty we must use “access-class”, not “access-group”. Subnet 10.139.58.0/28 converts to wildcard mask is 10.139.58.0
0.0.0.15. And we have to use port 22 as the destination port.

https://www.9tut.com/ccna-new-questions-part-8 31/42 https://www.9tut.com/ccna-new-questions-part-8 32/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8

All VLANs are present in the VLAN database. Which command sequence must be applied to complete the configuration?

A. interface FastEthernet0/1
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15
How should the configuration be updated to allow PC1 and PC2 access to the Internet? B. interface FastEthernet0/1
switchport mode trunk
A. Modify the configured number of the second access list switchport trunk allowed vlan 10,15
B. Remove the overload keyword from the ip nat inside source command C. interface FastEthernet0/1
C. Add either the ip nat {inside|outside} command under both interfaces switchport trunk allowed vlan add 10
D. Change the ip nat inside source command to use interface GtgabitEthernet0/0 vlan 10
private-vlan isolated
D. interface FastEthernet0/1
switchport mode access
Answer: C switchport voice vlan 10
Question 75

OSPF must be configured between routers R1 and R2. Which OSPF configuration must be applied to router R1 to avoid a DR/BDR election? Answer: D
A. router ospf 1 Explanation
network 192.168.1.1 0.0.0.0 area 0
interface e1/1 The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice
ip address 192.160.1.1 255.255.255.252 vlan …” command under interface mode. The full configuration is shown below:
ip ospf network broadcast
B. router ospf 1 Switch(config)#interface fastethernet0/1
network 192.168.1.1 0.0.0.0 area 0 Switch(config-if)#switchport mode access
interface e1/1 Switch(config-if)#switchport access vlan 15
ip address 192.168.1.1 255.255.255.252 Switch(config-if)#switchport voice vlan 10
ip ospf cost 0
C. router ospf 1 Question 77
network 192.168.1.1 0.0.0.0 area 0
hello interval 15 A Cisco engineer is configuring a factory-default router with these three passwords:
interface e1/1 * The user EXEC password for console access is p4ssw0rd1.
ip address 192.168.1.1 255.255.255.252 * The user EXEC password for Telnet access is s3cr3t2.
D. router ospf 1 * The password for privileged EXEC mode is priv4t3p4ss.
network 192.168.1.1 0.0.0.0 area 0 Which command sequence must the engineer configure?
interface e1/1
ip address 192.168.1.1 255.55.255.252
ip ospf network point-to-point Option A Option B

enable secret priv4t3p4ss enable secret privilege 15 priv4t3p4ss

! !
Answer: D line con 0 line con 0
password p4ssw0rd1 password p4ssw0rdi
Question 76
login login
! !
Refer to the exhibit.
line vty 0 15 line vty 0 15
password s3cr3t2 password s3cr3t2
login login

Option C Option D

enable secret priv413p4ss enable secret priv4t3p4ss

! !
line con 0 line con 0
password login p4ssw0rd1 password p4ssw0rd1
! !
line vty 0 15 line vty 0 15
password s3cr3t2

https://www.9tut.com/ccna-new-questions-part-8 33/42 https://www.9tut.com/ccna-new-questions-part-8 34/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
password login s3cr3t2 Drag and drop the statements about networking from the left onto the corresponding networking types on the right.
login

A. Option A
B. Option B
C. Option C
D. Option D

Answer: A

Explanation

There is no “enable secret privilege 15 …” command.

Answer:

Traditional Networking
+ New devices are configured using the physical infrastructure
+ This type requires a distributed control plane
If we enter the “enable secret privilege 15 priv4t3p4ss” command then the text “privilege 15 priv4t3p4ss” will be used as password. In both console
and vty line we should use the “login” command to enable password checking. Controller-Based Networking
+ This type provisions resources from a centralized location
Question 78 + This type allows better control over how networks work and how networks are configured
+ This type enables networks to integrate with applications through APIs.
Refer to the exhibit.
Question 82
EIGRP 10.10.10.0/24[90/1441] via F0/10
EIGRP 10.10.10.0/24[90/144] via F0/11 A network engineer is installing an IPv6-only capable device. The client has requested that the device IP address be reachable only from the internal
EIGRP 10.10.10.0/24[90/1441] via F0/12 network. Which type of IPv6 address must the engineer assign?
OSPF 10.10.10.0/24[110/20] via F0/13
OSPF 10.10.10.0/24[110/30] via F0/14 A. unique local address
B. link-local address
Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route is present within the routing table. Which interface C. IPv4-compatibie IPv6 address
is used to forward traffic with a destination IP of 10.10.10.24? D. aggregatable global address
A. F0/10
B. F0/11
C. F0/12 Answer: A
D. F0/13
Explanation

A unique local address is an IPv6 unicast address that is globally unique and is intended for local communications. It is not expected to be routable on
Answer: B the global Internet and is routable inside of a limited area, such as a site. It may also be routed between a limited set of sites.

Question 79 Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/15-mt/ip6b-15-mt-book/ip6-uni-routing.html

What is the purpose of the ip address dhcp command? Note: link-local address is not the correct answer. Link-local addresses can be used to reach the neighboring nodes attached to the same link. Routers
will not forward datagram using link-local addresses.
A. to configure an interface as a DHCP server Comments (27) Comments
B. to configure an interface as a DHCP relay Comment pages
C. to configure an interface as a DHCP helper « Previous 1 2 5902
D. to configure an interface as a DHCP client
1. Anonym
July 2nd, 2022
Answer: D Question 55 I think correct answers is B E, It doesnt said anything about Configuring the Cisco SSH Server to Perform RSA-Based User
Authentication to use ip ssh pubkey-chain. To connect to to router via ssh local username & password is must and of course to generate rsa keys
Explanation
2. Anonym
Use the ip address dhcp command to obtain IP address information for the configured interface. July 3rd, 2022
Question 80 @9tut Could you confirm or disaggree please ?
What is a function of an endpoint on a network? 3. 9tut
July 4th, 2022
A. allows users to record data and transmit to a file server
B. connects server and client devices to a network @Anonym: Yes, thanks for your information! We updated Q55!
C. provides wireless services to users in a building
D. forwards traffic between VLANs on a network 4. Anonym
July 4th, 2022

@9tut Could you confirm or disaggree please about Question 73?

Answer: A The correct answer cannot be B cause Ipv6 has eight groups, here we have seven
Answer B is Correct cause FD inculded in FC00::/7 cause FC = 1111 1100 and last bit can be 0 or 1 so and FD00 is correct prefix
Question 81

https://www.9tut.com/ccna-new-questions-part-8 35/42 https://www.9tut.com/ccna-new-questions-part-8 36/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
5. 9tut network 10.10.1.86 0.0.0.0 area 0
July 5th, 2022 network 10.73.65.64 0.0.0.3 area 0
14. 9tut
@Anonym: Thanks for your detection, we updated Q73! October 22nd, 2022

6. Anonym @JD: Thank you for your detection, we updated it!

July 5th, 2022
15. DonD
Question 58 October 29th, 2022
I believe the : uses an inventory function to store device details in the database its on DNA not for traditional networking
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-1- Hi @9tut. Pls check Question 14.
2/user_guide/b_cisco_dna_center_ug_2_1_2/b_cisco_dna_center_ug_2_1_1_chapter_011.html
So 356 for DNA and 124 for traditional networking >>
@9tut could you confirm it ? What is a syslog facility?

7. Anonym A. host that is configured for the system to send log messages
July 7th, 2022 B. password that authenticates a Network Management System to receive log messages
C. group of log messages associated with the configured severity level
Question 26 D. set of values that represent the processes that can generate a log message
What is a function of a Layer 3 switch?
Answer: C
A. move frames between endpoints limited to IP addresses <<
B. transmit broadcast traffic when operating in Layer 3 mode exclusively
C. forward Ethernet frames between VLANs using only MAC addresses I think the correct answer is D:
D. flood broadcast traffic within a VLAN "set of values that represent the processes that can generate a log message"

I think A is not correct because it does not only move frames limitied to IP addresses like routers, but make and Layer 2 functions ————————————————————-
So i believe correct answer is D flood broadcast traffic within a VLAN which is a function in Layer 2. "The facility value is used to determine which process of the machine created the message."
@9tut please aggree or disaggree with my statement https://support.solarwinds.com/SuccessCenter/s/article/Syslog-facilities?language=en_US

8. Anonymous 16. Anon 2

July 17th, 2022 November 18th, 2022

Hi @9tut , i think for question 50 , answer should be ‘B’ ie 192.168.0.4 because 10.0.1.15 is a broadcast address for 10.0.1.0/28 I think Q43 might be wrong your explanation states it.

9. AlKa “Forwards frames received from the attached segment.

September 22nd, 2022 Forwards frames switched from another port for forwarding.
Incorporates the end station location information into its address database.
Question 50 Receives BPDUs and directs them to the system module.
+1 to Anonymus Processes BPDUs received from the system module.
Receives and responds to network management messages.
10.0.1.15 is the broadcast address in 10.0.1.0/28 subnet. ”
one of the answers should be BPDUs received from the system module are processed and transmitted
And a little mistake in the Explanation: 10.0.0<–.15 I think “The port in the forwarding state responds to the network management messages” might be the wrong one?
I am not sure but going off the explanation this makes sense
10. Drake
September 24th, 2022 17. Rog
December 7th, 2022
@9tut,
Q33,What is a DNS lookup operation? The question is about DNS lookup operation. The explanation you have given itself says that “D” is Question 14 (The answer needs to be fixed soon as possible)
correct answer.
“D. responds to a request for IP address to domain name resolution to the DNS server” What is a syslog facility?

11. Rictorres333 A. host that is configured for the system to send log messages
September 27th, 2022 B. password that authenticates a Network Management System to receive log messages
C. group of log messages associated with the configured severity level
Q14 D. set of values that represent the processes that can generate a log message
https://success.trendmicro.com/dcx/s/solution/TP000086250?language=en_US Answer: C
Reading that links the correct answer is: Explanation
D. set of values that represent the processes that can generate a log message Facility levels and syslog levels are different. The purpose of using the facilities is to organize the syslog messages received on the Syslog server
from different sources. The default syslog facility setting is local7.
12. Rictorres333
September 30th, 2022 Reference: https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch18s08.html
Responding @Drake, can be trick in the word “to” intead of “from”, DNS Server responds to DNS clients, so A is de correct: “serves requests ———————————————————————————————————-
over destination port 53. DNS Server is listening by UDP 53 port. The Correct answer is D. The link below explain very clear what is a syslog facility.
13. JD D. set of values that represent the processes that can generate a log message
October 21st, 2022
https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/security-analytics/8-2-
question 45 1/_reference_home/syslog.html
R86#
interface FastEthernet0/0 18. Anonymous
ip address 10.73.65.66 256.255.255.252*****wrong mask January 3rd, 2023
ip ospf network broadcast
ip mtu 1500 In question 43 why is D not correct

router ospf 10 19. Anonymous

router-id 10.10.1.86 January 3rd, 2023

https://www.9tut.com/ccna-new-questions-part-8 37/42 https://www.9tut.com/ccna-new-questions-part-8 38/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8 17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Sorry I meant question 33 why is D not correct.
Isn’t the function of the DNS server to translate website requests into IP addresses
20. Dave D
January 8th, 2023

On question 44 how do we know that the DHCP server is has an IP of 10.0.1.1 and why doesn’t the ACL use

access-list 100 permit udp host 10.0.1.1 eq bootps 10.148.2.0 0.0.0.255

Be better allowing the LAN subnet Je ne suis pas un robot

Can you post an explanation for question 44 please reCAPTCHA
Con dentialité - Conditions

21. 9tut Submit Comment

January 9th, 2023 Subscribe to comments feed
CCNA – New Questions Part 8 Question 1 to 17 CCNAv7 (2020) – New Questions Part 7 Question 41 to End
@Dave D: This is the only IP address belongs to the WAN subnet so we can deduce it is assigned to the DHCP server.

All DHCP packets are UDP so the ACL must allow UDP, not TCP so the ACL must be “access-list 100 permit udp …”. Premium Member Zone
22. Jinbo Welcome JOYCE HILARRY TENEDJIO MBOUAPA!
January 15th, 2023

question 50 , i think answer should be 192.168.0.4 because 10.0.1.15 is a broadcast address for 10.0.1.0/28. And question also says “trying to Welcome Premium Member
connect via ssh to the host” so it should be host IP? CCNA – New Questions Part 5
CCNA – New Questions Part 6
23. 9tut CCNA – New Questions Part 7
January 16th, 2023 CCNA – New Questions Part 8
CCNA – New Questions Part 9
@Jinbo: We added more explanation for this question: CCNA – New Questions Part 10
CCNA – New Questions Part 11
Note: Although our destination IP is 10.0.0.1.15 which is the broadcast address of subnet 10.0.1.0/28 in the routing table and we may think that CCNA – New Questions Part 12
the local router would not use this route but in fact the router still uses this route. CCNA – New Questions Part 13
Composite Quizzes
You can find a good discussion at: https://community.cisco.com/t5/switching/weird-routing-subnet-question/td-p/2362830 IP Services Sim
IP Services Sim Version 2
“The broadcast is really a concept that is relevant only to a router directly connected to the network whose broadcast address you are referring Static Routing Configuration Sim
to. Other routers do not care at all. As long as the destination IP address of a packet AND the netmask produces the network address in the Static Routing Configuration Sim 2
respective row of the routing table, the packet is destined for that network so let’s forward it there.” OSPF Configuration Sim
LACP Configuration Sim
24. Jinbo Voice VLAN Configuration Sim
January 16th, 2023 VLAN and Trunking Configuration Sim
IPv4 and IPv6 Connectivity Sim
@9tut – awesome, thanks for the clarification Named Access-list & Port Security Sim
Named Access-list & DHCP Snooping Sim
25. Scott
VLAN and CDP Sim
February 12th, 2023
IPv4 and IPv6 Deployment Sim
Static Routing Configuration Sim 3
@9tut,
Logout
This question:

What is a function of a Layer 3 switch? CCNA 200-301

The wording of the chosen answer is strange, I think. It could mean there are endpoints which have only an IP address and no MAC address,
Basic Questions
which as far as I know that does not exist. It may not mean that, I am not sure. But even then, even when a Layer 3 switch is routing between
Topology Architecture Questions
endpoints, the frame still always includes the MAC addresses as well encapsulating the IP packet, so it’s not “limited to IP addresses” in that
Cloud & Virtualization Questions
sense either, correct? Like with a router, the MAC address of the destination endpoint is ultimately what will be used by the Layer 3 switch to
CDP & LLDP Questions
send the frame to the destination endpoint, not its IP address, correct?
Switch Questions
But I am sure that one function of a Layer 3 switch (and a Layer 2 switch, so maybe that is why you did not select this answer) is to flood VLAN & Trunking Questions
broadcast frames within a VLAN. VLAN & Trunking Questions 2
STP & VTP Questions
Sorry if I did not explain well! EtherChannel Questions
TCP & UDP Questions
26. Paul IP Address & Subnetting Questions
February 14th, 2023 IP Routing Questions
IP Routing Questions 2
Question 50: answer is 192.168.0.4 because the question refers to a host (we can assume that this is a single host address). OSPF Questions
Although 10.0.1.15 it it included in 10.0.1.0/28, this address (10.1.0.15) is clearly the BROADCAST address of the specific subnet and hence OSPF Questions 2
we can NOT use it to forward a request to a SINGLE host. EIGRP Questions
NAT Questions
27. Anonymous NTP Questions
August 2nd, 2023 Syslog Questions
HSRP Questions
Question 7 Access-list Questions
AAA Questions
Is Question 7 Answer B or D? Security Questions
Security Questions 2
Comment pages DAI Questions
« Previous 1 2 5902 IPv6 Questions
Add a Comment DNS Questions
Name QoS Questions

https://www.9tut.com/ccna-new-questions-part-8 39/42 https://www.9tut.com/ccna-new-questions-part-8 40/42

17/08/2023 18:22 CCNA Training » CCNA – New Questions Part 8
Port Security Questions
Wireless Questions
Wireless Questions 2
SDN Questions
DNA Center Questions
Drag Drop Questions
Drag Drop Questions 2
Drag Drop Questions 3
VPN Questions
DHCP Questions
Automation Questions
Miscellaneous Questions
CCNA FAQs & Tips
Share your CCNA Experience

CCNA Self-Study
Practice CCNA GNS3 Labs
CCNA Knowledge
CCNA Lab Challenges
Puppet Tutorial
Chef Tutorial
Ansible Tutorial
JSON Tutorial
Layer 2 Threats and Security Features
AAA TACACS+ and RADIUS Tutorial
STP Root Port Election Tutorial
GRE Tunnel Tutorial
Basic MPLS Tutorial
TCP and UDP Tutorial
Border Gateway Protocol BGP Tutorial
Point to Point Protocol (PPP) Tutorial
WAN Tutorial
DHCP Tutorial
Simple Network Management Protocol SNMP Tutorial
Syslog Tutorial
Gateway Load Balancing Protocol GLBP Tutorial
EtherChannel Tutorial
Hot Standby Router Protocol HSRP Tutorial
InterVLAN Routing Tutorial
Cisco Command Line Interface CLI
Cisco Router Boot Sequence Tutorial
OSI Model Tutorial
Subnetting Tutorial – Subnetting Made Easy
Frame Relay Tutorial
Wireless Tutorial
Virtual Local Area Network VLAN Tutorial
VLAN Trunking Protocol VTP Tutorial
IPv6 Tutorial
Rapid Spanning Tree Protocol RSTP Tutorial
Spanning Tree Protocol STP Tutorial
Network Address Translation NAT Tutorial
Access List Tutorial
RIP Tutorial
EIGRP Tutorial
OSPF Tutorial

Network Resources
Free Router Simulators
CCNA Website
ENCOR Website
ENSDWI Website
ENARSI Website
DevNet Website
CCIE R&S Website
Security Website
Wireless Website
Design Website
Data Center Website
Service Provider Website
Collaboration Website

Top

https://www.9tut.com/ccna-new-questions-part-8 41/42