Cisco CCNP Exam Questions

Page 1 of 25

1.

Which of the following is not an example of an Ansible component?

  • Manifest

  • Playbook

  • Play

  • Task

Correct answer: Manifest

Manifests are code to make configuration changes in Puppet.

Playbooks, plays, and tasks are examples of Ansible components.

2.

Which of the following is the first of the BGP neighbor states?

  • Idle

  • Connect

  • Active

  • OpenSent

  • OpenConfirm

Correct answer: Idle

The Border Gateway Protocol (BGP) defines six neighbor states, including:

  1. Idle: Initial state of the BGP Finite State Machine (FSM), where the router sends Transport Control Protocol (TCP) connection requests and listens for connection requests from peers. If reentered due to error, resets ConnectRetryTimer to 60 and waits until it reaches 0 before trying again. Further failures cause the timer to double.
  2. Connect: Router initiates the TCP three-way handshake. If successful, sends an Open message to a neighbor, resets ConnectRetryTimer, and transitions to OpenSent. If ConnectRetryTimer expires, attempts a new TCP connection and will transition to Active if the connection fails or Idle if other errors occur.
  3. Active: Starts a new three-way TCP handshake. If successful, sends an Open message, sets hold timer to four minutes, and moves to OpenSent. If fails, reverts to Connect and resets ConnectRetryTimer.
  4. OpenSent: Originating router waiting for an Open message from receiving router. Once received, Open messages are checked for any errors. If no errors, hold time is negotiated, KEEPALIVE is sent, and moves to OpenConfirm. Errors cause a NOTIFICATION message and reversion to Idle state. TCP disconnect causes closed connection, reset ConnectRetryTimer, and move to Active. Other events cause reversion to Idle.
  5. OpenConfirm: Router waits for KEEPALIVE or NOTIFICATION. If KEEPALIVE receives, moves to Established. If an error occurs (hold timer expiration, stop event, or received NOTIFICATION message), it reverts to Idle.
  6. Established: BGP session established and neighbors exchange routes via UPDATE messages. UPDATEs and KEEPALIVES cause hold timer resets, and hold timer expiration causes error and reversion to Idle.

3.

Which of the following are valid OSPF area IDs? (Choose two.)

  • 129.168.0.1

  • 294,967,295

  • 01-23-45-67-89-AB

  • 2001:db8:3333:4444:5555:6666:7777:8888:

The Open Shortest Path First (OSPF) protocol uses the concept of areas, which are sets of networks and hosts grouped together. Areas are identified by a 32-bit area ID, which can be configured either in decimal (0 to 4,294,967,295) or dotted decimal (0.0.0.0 to 255.255.255.255). This makes 129.168.0.1 and 294,967,295 valid area IDs.

The other two values are valid Media Access Control (MAC) and Internet Protocol version six (IPv6) addresses.

4.

Which of the following uses Cisco's Locator/ID Separation Protocol (LISP)?

  • Control Plane

  • Data Plane

  • Policy Plane

  • Management Plane

Correct answer: Control Plane

Cisco's Software Defined (SD)-Access includes three different planes:

  • Control Plane: Uses the Locator/ID Separation Protocol (LISP), which uses a central Map Server (MS) to track remote destination data, enabling routers to only manage local routes and ask the MS for remote routes.
  • Data Plane: Uses Virtual Extensible Local Area Network (VXLAN) to encapsulate traffic and perform tunneling while preserving the original Ethernet packet header. This enables the protocol to support overlays at Layers 2 and 3 and work on Internet Protocol (IP)-based networks that incorporate network segmentation and group-based policy.
  • Policy Plane: Uses Cisco TrustSec Scalable Group Tags (SGTs) to encode information about groups, and these tags are used to apply corporate policies.

Cisco SD-Access doesn't have a management plane.

5.

Which of the following VXLAN control plane options are preferred for data centers and private clouds? (Choose two.)

  • VXLAN with MP-BGP EVPN control plane

  • VXLAN with Multicast underlay

  • VXLAN with static unicast VXLAN tunnels

  • VXLAN with LISP control plane

Cisco devices support four Virtual eXtensible Local Area Network (VXLAN) control planes:

  • VXLAN with Multicast underlay
  • VXLAN with static unicast VXLAN tunnels
  • VXLAN with Multiprotocol Border Gateway Protocol Ethernet Virtual Private Network (MP-BGP EVPN) control plane
  • VXLAN with Locator/ID Separation Protocol (LISP) control plane

SD-Access is VXLAN with LISP control plane (preferred for campus environments). Multicast and MP-BGP EVPN are preferred for data center and private cloud environments.

6.

Which of the following authentication protocols is configured using the Security->Layer 3 tab?

  • WebAuth

  • Open Authentication

  • EAP

  • 802.1X

  • WPA PSK

Correct answer: WebAuth

WebAuth is configured using the Security->Layer 3 tab.

Open Authentication, Extensible Authentication Protocol (EAP), 802.1X, and Wi-Fi Protected Access Pre-Shared Key (WPA PSK) are all set up at Layer 2.

7.

In Cisco's Locator/ID Separation Protocol (LISP), an xTR can fulfill the role of which of the following? (Choose two.)

  • ETR

  • ITR

  • PETR

  • PITR

  • MR

In the Locator/ID Separation Protocol (LISP), a Tunnel Router (xTR) acts as an Ingress and Egress Tunnel Router (ITR/ETR).

A Proxy xTR (PxTR) can act as a Proxy ITR (PITR) or Proxy ETR (PETR).

Neither can act as a Map Resolver (MR).

8.

Which of the following OSPF network types include the DR/BDR field in Hello packets? (Choose two.)

  • Broadcast

  • Non-Broadcast

  • Point-to-Point

  • Point-to-Multipoint

  • Loopback

In the Open Shortest Path First (OSPF) protocol, the broadcast and non-broadcast network types include the Designated Router (DR) and Backup DR (BDR) fields in their Hello packets.

The other three network types do not.

9.

When setting priority for a root bridge, an organization wants to ensure that certain switches are used as the primary and secondary switches. Which of the following correctly describes the values that should be used for them? (Choose two.)

  • Primary 0

  • Secondary 4096

  • Secondary 1

  • Primary 24576

  • Secondary 28672

A root bridge is designated by setting it to minimum priority, and a secondary root can be configured by setting its priority slightly higher. All other switches should have an even higher priority. These can be set by:

  • spanning-tree vlan vlan-id priority priority: Sets priority as a value between 0 and 61440, incremented by 4096. The best practice is to use 0 for the primary root and 4096 for the secondary root.
  • spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter]: Uses a script to set priority and timers (if diameter used). Primary is 24,576 by default (but will go lower if the other switch is already lower), and secondary is 28,672.

A value of 1 is always incorrect since priorities are incremented by 4096.

10.

Which of the following routing protocols makes routing decisions solely based on hop count?

  • RIPv2

  • EIGRP

  • OSPF

  • IS-IS

  • BGP

Correct answer: RIPv2

Distance vector routing protocols, such as the Routing Information Protocol version two (RIPv2), use vectors to specify the Internet Protocol (IP) address of the next hop to reach the destination. The distance can be measured as a hop count and is the metric for choosing a route. These protocols ignore link speeds and other factors.

Enhanced distance vector algorithms like the Diffusing Update Algorithm (DUAL) used by the Enhanced Interior Gateway Routing Protocol (EIGRP) can incorporate other metrics, such as bandwidth, reliability, delay, and load. It is also more efficient and allows traffic balancing across multiple routes.

Link state algorithms like Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) advertise link states and metrics for all connected links and directly connected routers to the entire network. With a complete map of the network, routers use Dijkstra’s Shortest Path First (SPF) algorithm to identify the best path to various destinations.

The Border Gateway Protocol (BGP) is a path vector protocol.

11.

A device with a private IP address is building a packet to be sent outside of an organization's network. Which of the following types of addresses would it put in the source field if the organization is using NAT?

  • Inside local

  • Inside global

  • Outside local

  • Outside global

Correct answer: Inside local

Network Address Translation (NAT) enables conversions between private Internet Protocol (IP) addresses and globally-routable public IP addresses. With NAT, there are four important types of IP addresses:

  • Inside Local: Private IP address used by the device on the local network. This would be the source address used by the device in this scenario.
  • Inside Global: Public IP address used by one or more inside local addresses on the outside network.
  • Outside Local: Apparent IP address of outside host from inside the local network. It is considered a private IP address and must be reachable from within the local network.
  • Outside Global: Public IP address assigned to an outside host on the outside network. Reachable on the outside network.

12.

Which of the following commands is used when setting up a Flow Exporter in Flexible NetFlow?

  • transport

  • match

  • collect

  • record

  • cache timeout

Correct answer: transport

When setting up a Flow Exporter in Flexible Netflow, follow these steps:

  1. Name the flow exporter (flow exporter name).
  2. Set a description (description description).
  3. Specify the destination to be used (destination ip-address).
  4. Specify the NetFlow version to export (export-protocol version).
  5. Specify the User Datagram Protocol (UDP) port to be used (transport udp port).

The match and collect commands are for Flow Records, and record and cache timeout are commands for Flow Monitors.

13.

After typing "crypto isakmp policy priority" which of the following are valid commands? (Choose three.)

  • encryption

  • authentication

  • group

  • signature

  • exchange

The "crypto isakmp policy priority" command begins the creation of an Internet Security Association and Key Management Protocol (ISAKMP) policy. After this command, the encryption, hash, authentication, and group commands can be used to choose algorithms and settings for this.

Signature and exchange are not valid commands in this context.

14.

In YANG, which of the following data types would be most appropriate for storing a value of true or false?

  • boolean

  • bits

  • binary

  • string

  • int8

Correct answer: boolean

A boolean data type is specifically designed to hold values of true or false.

While bits, binary, or int8 could hold a value of 0/1 representing false/true, and a string could hold the words "true" or "false", they're not the best choice.

15.

Which of the following commands are used to configure line local password authentication? (Choose two.)

  • login

  • password

  • username

  • login local

Enabling line local password authentication (not recommended) requires the following commands in line configuration mode:

  • password password: Configures the password
  • login: Enables password checking at login

The username command in global configuration mode and the login local command are used to configure username and password authentication.

16.

Which of the following hypervisors needs to run on top of a client OS? (Choose two.)

  • VirtualBox

  • VMware Fusion

  • VMware vSphere

  • Citrix Hypervisor

  • Red Hat KVM

A hypervisor is software that allows multiple Virtual Machines (VMs) to run on the same hardware. There are two types of hypervisors:

  • Type 1: A Type I, bare-metal, or native hypervisor runs directly on the device hardware with no Operating System (OS). Examples of Type 1 hypervisors include VMware vSphere, Citrix Hypervisor, and Red Hat Kernel-based Virtual Machine (KVM).
  • Type 2: Type 2 hypervisors are software that runs within a host operating system. VirtualBox and VMware Fusion are examples of Type 2 hypervisors, which are typically used by client machines.

17.

Which of the following accurately describes the interactions between servers in the VLAN Trunking Protocol (VTP)?

  • Servers act as clients to each other's advertisements

  • There is always a primary server

  • There can only be a single server in a VTP domain

  • The server with the lowest MAC address is dominant

Correct answer: Servers act as clients to each other's advertisements

If a Virtual Local Area Network (VLAN) Trunking Protocol (VTP) domain has multiple servers, each acts as a client to the other’s advertisements. In VTP version 3, the primary VTP server is configured with the command vtp primary.

Only VTPv3 requires a primary server. There can be multiple servers in a VTP domain, and neither is dominant since they act as clients to one another.

18.

Which of the following commands is used to specify key fields within a Flexible NetFlow Flow Record?

  • match

  • collect

  • record

  • flow

  • field

Correct answer: match

The four steps to create a custom Flow Record in Flexible NetFlow are:

  1. Name the flow record (flow record name).
  2. Set a flow record description (description description).
  3. Specify key fields with the match command.
  4. Specify non-key fields with the collect command.

Field is a fabricated command.

19.

Which of the following is a Cisco-proprietary algorithm for selecting PIM Rendezvous Points (RPs)?

  • Auto-RP

  • Static RP

  • PIM Bootstrap Router (BSR)

  • RP-Select

Correct answer: Auto-RP

Rendezvous Points (RPs) are used as the route of a shared tree in Protocol Independent Multicast (PIM) used by several sources. There are a few different ways to select an RP, including:

  • Static RP: The address of the RP can be statically configured on every router within the multicast domain. This works for small networks but can be unscalable since changes involve reconfiguring every router since they all need to use the same RP for a group. Additionally, failure of the RP provides no option for failover.
  • Auto-RP: Auto-RP is an algorithm proprietary to Cisco that automates the process of mapping groups to RPs within a PIM network. It allows multiple RPs for different group ranges, load balancing between RPs, and RP backups in case of issues.
  • PIM Bootstrap Router (BSR): PIM BSR is a non-proprietary RP discovery and distribution algorithm. A BSR learns the RP set information (multicast group range, RP priority, RP address, hash mask length, and SM/Bidir flag) for all group prefixes and announces it to all routers in the PIM domain. Announcements are flooded out all PIM-enabled interfaces with PIM neighbors to the 224.0.0.13 address (all PIM routers).

RP-Select is a fabricated term.

20.

An EEM applet has actions numbered with each of the following. Which would be run second?

  • 10.0

  • 1.0

  • 3.0

  • 5.0

Correct answer: 10.0

An Embedded Event Manager (EEM) script can have multiple actions tied to an event. Actions are numbered, initially with integers (1.0, 2.0, etc.) to allow other actions to be inserted in between (1.5, etc.). Numbers are interpreted as strings, so 10.0 comes between 1.0 and 2.0, not after 9.0. Therefore, action 10.0 would be run second.