Cisco CCNA Exam Questions

Page 2 of 25

21.

Which two statements are true about VLAN 1 on a switch? (Chose two.)

  • It cannot be deleted

  • It is the default VLAN that interfaces are assigned to

  • It is named "fddi-default"

  • It is one of five default, usable access VLANs on a Cisco switch

VLAN 1 is one of the default VLANs on a switch. It cannot be removed and is the default VLAN that interfaces are assigned to. It is called "default," while VLAN 1002 is called "fddi-default." VLAN 1 is the only default, usable VLAN on a Cisco switch; VLANs 1002-1005 are default but unusable.

22.

Which route type has the lowest default AD?

  • Connected

  • Static

  • IS-IS

  • RIP

  • OSPF

A connected route has an administrative distance (AD) of 0. That gives it the best priority.

A static route has a default AD of 1. An IS-IS route has a default AD of 115. A RIP route has a default AD of 120. An OSPF route has a default AD of 110.

23.

Which two statements correctly describe policing in terms of QoS? (Choose two.)

  • It measures the traffic rate to compare it to a configured rate

  • It can allow bursts of data following periods of inactivity

  • It is only enabled on an interface for messages at ingress

  • Excess messages are permanently discarded

Policing is used to enforce traffic rates. It measures the traffic rate and compares it to what it has been configured to allow. Policers can allow for bursts of data after a period of inactivity.

It can be enabled on an interface in any direction, not just at ingress. They can also re-mark messages rather than just discard them.

24.

Which two hashing functions does IOS support to store passwords? (Choose two.)

  • MD5

  • SHA-256

  • bcrypt

  • SHA-1

  • MD4

IOS uses the MD5 and SHA-256 algorithms to store hashed passwords. When a user tries to authenticate, the password they enter will be hashed and compared to the hashed value that IOS has stored.

25.

Which routing protocol is considered a link-state protocol?

  • OSPF

  • BGP

  • EIGRP

  • RIPv1

  • RIPv2

Correct answer: OSFP

The Open Shortest Pathway First is considered to be a link-state protocol. That means it shares information with neighbors so they can calculate routes to other subnets. 

BGP, EIGRP, RIPv1, and RIPv2 use distance vector protocols.

26.

Which two of the following are AAA protocols? (Choose two.)

  • TACACS+

  • RADIUS

  • IPsec

  • IKE

  • ISAKMP

An authentication, authorization, and accounting (AAA) protocol is used for centralized user management. TACACS+ is Cisco proprietary and RADIUS is a standards-based protocol.

IPsec is used to authenticate and encrypt packets of data. Internet Key Exchange (IKE) is a key management protocol. Internet Security Association and Key Management (ISAKM) is a protocol for key associations.

27.

Which step happens first when a router receives a packet?

  • The router decides whether or not to process the frame

  • The router de-encapsulates the packet from inside the data-link frame

  • The router compares the packet's destination address to its routing table

  • The router forwards out the packet

  • The router transmits the frame out the outgoing interface

Correct answer: The router decides whether or not to process the frame

The first step a router has to do is decide if it should process it. It will process it if it has no errors and if the frame's destination data-link address is the same as the router's address.

The router de-encapsulates the packet from inside the data-link frame after it decides to process it. The router compares the packet's destination address to its routing table after it de-encapsulates the packet. The router forwards out the packet after it encapsulates it for the outgoing interface. The router transmits the frame out the outgoing interface as the final step.

28.

Which three of the following are additional requirements (beyond those required for a Layer 2) that must be configured before a port can be added to a Layer 3 EtherChannel? (Choose 3.)

  • Speed

  • Duplex

  • No switchport

  • Operational state

Layer 3 EtherChannels have some consistency checks before a port is added. These include speed, duplex, and having the PortChannel interface configured with the "no switchport" command. 

Operational state is checked for Layer 2 EtherChannels.

29.

Switch 1 (SW1) has interface G1/0/1 connected to a network with a trusted DHCP server and interface G1/0/2 connected to untrusted hosts. All ports are in VLAN 12. Which two commands should be included when configuring the switch for DHCP Snooping? (Choose two.)

  • ip dhcp snooping

  • ip dhcp snooping vlan 12

  • show ip dhcp snooping

  • err-disable recovery cause dhcp-rate-limit

  • switchport port-security

To use DHCP Snooping, it has to be configured for the VLAN. The first command to run is "ip dhcp snooping" and then "ip dhcp snooping vlan 12" to specify the VLAN. 

The "show ip dhcp snooping" command displays DHCP Snooping settings. The "err-disable recovery cause dhcp-rate-limit" command enables the switch to recover from an err-disable error. The "switchport port-security" command is used to enable switch port security. 

30.

Which two sentences describe link-local multicast addresses? (Choose two.)

  • They begin with FF02

  • They are an address that devices apply a link-local scope to

  • They begin with FE80

  • They exist in both IPv4 and IPv6

Link-local multicast addresses start with FF02 as the first quartet. They are a reserved multicast address that devices apply a link-local scope to. 

A link-local address starts with FE80. Link-local addresses are unique to IPv6.

31.

Which three statements are true about WPA3? (Choose three.)

  • It can handle authentication with pre-shared keys.

  • It supports authentication with 802.1x.

  • It uses encryption and MIC with AES and GCMP.

  • It utilizes CCMP.

  • It integrates encryption with TKIP.

Wi-Fi Protected Access 3 (WPA3) is the latest version of WPA. It improves upon WPA2 by using GCMP rather than CCMP and the deprecated TKIP. It supports two authentication methods: pre-shared keys and 802.1x.

32.

Which routing metric considers the time it takes for a router to process and send out a datagram?

  • Delay

  • Hop

  • Bandwidth

  • Reliability

Correct answer: Delay

The delay metric measures in microseconds the time it takes each router to process datagrams. The path that has the lowest cumulative delay considering all links will be chosen.

The hop metric chooses the shortest path. The bandwidth metric considers the data capacity of each link. The reliability metric considers the link failures on a path.

33.

What is the prefix length of the default route?

  • Zero

  • /16

  • /24

  • /32

Correct answer: Zero

The default route has a network address of 0.0.0.0 and a prefix length of zero. The subnet mask is 0.0.0.0 and the range is all addresses (0.0.0.0 - 255.255.255.255).

34.

Which combination of administrative modes should not be used on links between two switches, because it will cause problems?

  • Access and trunk

  • Access and access

  • Dynamic auto and dynamic desirable

  • Trunk and trunk

  • Trunk and dynamic auto

Correct answer: Access and trunk

One mode on the end of a link between switches should not be set to access while the other end is set to trunk. This will lead to unexpected results.

Both ends using access will result in an expected operation mode of access. One end using dynamic auto and the other using dynamic desirable will result in an operational mode of trunking. Both ends using trunk will result in an operation mode of trunking. One end using trunk and the other using dynamic auto will result in an operation mode of trunking.

35.

Router 1 (R1) and Router 2 (R2) are attached to the same VLAN with subnet 10.1.2.0/24. R1's address is 10.1.2.1 and R2's address is 10.1.2.2 and both are correctly configured to run FHRP.  Host 1 (H1) and host 2 (H2) are on the same subnet and configured correctly to use a default router with regards to FHRP. Which two sentences are true about this configuration? (Choose two.)

  • If only one router fails, the hosts can still send packets outside the network.

  • Neither router is a single point of failure.

  • If only one router fails, both hosts cannot send packets outside of the network.

  • Each router is a single point of failure.

First Hop Redundancy Protocols (FHRPs) are used to provide redundancy in routing. With two or more routers using FHRP on a subnet, and when correctly configured, they will remove each router as a single point of failure.

36.

Which command configures an IPv6 static network route?

  • ipv6 route 2020::2/64 2021::1

  • ipv6 route ::/0 2021::1

  • ip route 2020::2/64 2021::1

  • ip route ::/0 2021::1

Correct answer: ipv6 route 2020::2/64 2021::1

The command "ipv6 route 2020::2/64 2021::1" is used for a static network route with IPv6. The route includes the next-hop IPv6 address.

The command "ipv6 route ::/0 2021::1" is used for a default route. The "ip" command is used for IPv4 addresses.

37.

Which two of the following are components of PoE? (Choose two.)

  • PSE

  • PD

  • PCP

  • PAT

Power over Ethernet (PoE) requires Power Sourcing Equipment (PSE), such as a compatible LAN switch, and a Powered Device (PD) that connects to it. 

Priority Code Point (PCP) is part of an Ethernet header used with QoS. Port Address Translation (PAT) is used to map multiple devices to a single public IP address.

38.

Which command globally enables CDP?

  • cdp run

  • cdp enable

  • cdp start

  • cdp go

  • cdp init

Correct answer: cdp run

To enable the Cisco Discovery Protocol (CDP) globally, use the "cdp run" command. The "cdp enable" command is used to enable individual interfaces. 

39.

Which WLC controller port type is used to carry normal AP and management traffic?

  • Distribution system port

  • Service port

  • Console port

  • Redundancy port

Correct answer: Distribution system port

Distribution system ports carry data to and from the wireless LAN controller (WLC) to access points (APs), including management traffic such as SSH and SNMP. 

A service port does out-of-band management, system recovery, and initial boot functions.

A console port is a physical connection that gives a terminal connection.

A redundancy port is used to connect to peer controllers for high availability.

40.

On a host with several networked VMs, what does each vNIC typically connect to?

  • Virtual switch

  • NIC

  • Container

  • Router

  • Hypervisor

Correct answer: Virtual Switch

A virtual network interface card (vNIC) on a virtual machine (VM) that is in a virtual network within its host system will connect to a virtual switch. The virtual switch can then connect to the host's physical NIC.

The vNICs for the networked VMs will not connect directly with the NIC. A container is an application and its dependencies bundled together for easy deployment and scaling. A router is contacted when data needs to be forwarded to an external network. A hypervisor mangers the VMs.