Cisco CCNP Exam Questions

Page 2 of 25

21.

SSO is a protocol that allows synchronization between which of the following if a router contains multiple of them?

  • RP

  • RIB

  • FIB

  • FP

  • PIR

Correct answer: RP

Stateful Switchover (SSO) enables a router that has multiple Router Processors (RPs) to synchronize the router configuration, Layer 2 protocol state information, and line card operation from the active to the standby RP.

An RP is responsible for the routing table/Routing Information Base (RIB), control plane, and, in centralized forwarding architectures, the adjacency table and Forwarding Information Base (FIB).

FP and PIR are fabricated terms.

22.

Which of the following are examples of static Security Group Tag (SGT) mappings supported by TrustSec? (Choose three.)

  • IP-to-SGT

  • VLAN-to-SGT

  • Subnet-to-SGT

  • MAC-to-SGT

  • Protocol-to-SGT

In TrustSec, Security Group Tag (SGT) tags can be statically assigned to devices based on Internet Protocol (IP) address, subnet, Virtual Local Area Network (VLAN), Layer 2 interface, Layer 3 logical interface, port, or port profile.

Media Access Control (MAC)-to-SGT and Protocol-to-SGT are not valid mappings.

23.

Which of the following are types of memory specific to Cisco devices? (Choose two.)

  • CAM

  • TCAM

  • RAM

  • TRAM

Content Addressable Memory (CAM) holds the Media Access Control (MAC) address table and uses specialized search techniques to enable addresses to be found faster than with Random Access Memory (RAM).

Ternary Content Addressable Memory (TCAM) is memory on a Cisco switch that allows multiple different fields to be used to evaluate a packet. It’s used for Layer 2 and 3 searching and returns 0, 1, or X (don’t care).

RAM is a common type of memory, and TRAM is a fabricated term.

24.

Which of the following exists for containers but not VMs?

  • Runtime

  • OS

  • Applications

  • Binaries

  • Libraries

Correct answer: Runtime

Containers have a separate runtime and their own applications, binaries, and libraries.

Virtual Machines (VMs) have their own applications, binaries, libraries, and Operating System (OS). They don't have a runtime.

25.

Which of the following does a Cisco lightweight AP try first when looking for a WLC to connect to?

  • Broadcast a CAPWAP Discovery Request

  • Query the DHCP server

  • Query the DNS server

  • Use its list of preprimed WLC addresses

Correct answer: Broadcast a CAPWAP Discovery Request

After an Access Point (AP) boots, it needs to identify a Wireless LAN Controller (WLC) to join. It does so using the following steps:

  1. Broadcast a Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request on the local wired subnet to solicit local WLCs.
  2. Check a list of WLCs that it has in memory. An AP can be primed with up to three WLC addresses and can remember up to eight from its previous WLC connection (if applicable).
  3. Check Dynamic Host Configuration Protocol (DHCP) to identify potential controllers. DHCP option 43 can include a list of WLC addresses.
  4. Query DNS to resolve CISCO-CAPWAP-CONTROLLER.localdomain.
  5. Reboot and try again.

26.

Which of the following multicast addresses are associated with the Open Shortest Path First (OSPF) Protocol? (Choose two.)

  • 224.0.0.5

  • 224.0.0.6

  • 224.0.0.9

  • 224.0.010

  • 224.0.0.13

224.0.0.5 is all Open Shortest Path First (OSPF) routers, and 224.0.0.6 is all Designated Routers (DRs).

224.0.0.9 is all Routing Information Protocol Version 2 (RIPv2) routers.

224.0.0.10 is all Enhanced Interior Gateway Routing Protocol (EIGRP) routers.

224.0.0.13 is all Protocol Independent Multicast (PIM) routers.

27.

You mistyped the login credentials when attempting to authenticate to the Cisco vManage Authentication Application Programming Interface (API). Which of the following HTTP status codes should you receive?

  • 401

  • 403

  • 404

  • 200

  • 400

Correct answer: 401

401 Unauthorized indicates a failure to provide valid login credentials and should be the response in this scenario.

404 Page Not Found most likely indicates a typo in the request URL.

403 Forbidden indicates that you aren't authorized to access that page.

200 OK indicates that the request was completed successfully.

400 Bad Request indicates a client-side issue with the request.

28.

The ip ospf adj command is useful for debugging which of the following? (Choose two.)

  • MTU issues

  • Improperly configured network masks

  • Interface parameter mismatches

  • Unreachable remote hosts

Debugging provides deeper insight into what might be going wrong with protocols such as Open Shortest Path First (OSPF). Some examples of issues that can be fixed by debugging include:

  • Maximum Transmission Unit (MTU) Issues: The debug ip ospf adj command can be used to debug adjacency issues in OSPF.  This includes printing whether one interface on a link has a smaller MTU than the other.
  • Interface Parameter Mismatches: The debug ip ospf hello command can help to identify parameter mismatches in OSPF. These include the dead interval and the hello interval (which should be one-fourth of the dead interval). These values depend on the network type (broadcast, point-to-point, etc.)
  • Improperly Configured Network Masks: The debug ospf hello and debug ip ospf adj commands can help to diagnose mismatches between network masks on the local and remote interfaces.

Unreachable remote hosts are usually debugged using ping, traceroute, or similar tools.

29.

Which of the following commands are legitimate commands used to set up or test a GRE tunnel? (Choose two.)

  • traceroute

  • tunnel source

  • gre verify

  • tunnel create

The traceroute command can be used to verify that traffic is flowing over a Generic Routing Encapsulation (GRE) tunnel. To do so, specify the destination and source addresses (e.g. traceroute 10.0.2.1 source 10.1.2.1) and check that the Internet Protocol (IP) address of the tunnel is included in the list of hops.

The tunnel source command is used to define the local end of the tunnel.

The commands tunnel create and gre verify are fabricated.

30.

Which of the following performs a one-to-one, permanent mapping of an organization's private IP addresses to public IP addresses? (Choose two.)

  • Inside Static NAT

  • Outside Static NAT

  • Pooled NAT

  • PAT

The three main types of Network Address Translation (NAT) include:

  • Static NAT: A private address has a static one-to-one mapping to a public address. Static NAT is further broken up into inside and outside static NAT. Inside static NAT conceals an organization's private IP addresses, while outside static NAT conceals the IP addresses of a remote system.
  • Pooled NAT: Local Internet Protocol (IP) addresses are dynamically assigned one-to-one to a public address, which returns to the pool after a period of disuse.
  • Port Address Translation (PAT): Many local IP addresses are mapped to a single public IP address. Each internal IP/port combination in use is mapped to a different port on the public IP address.

31.

An organization is implementing a network that covers a single floor of one building. Which of the following layers of the three-tier network model are most likely to be consolidated into one? (Choose two.)

  • Distribution

  • Core

  • Access

  • Edge

The three-tier network design includes three layers:

  • Access Layer: Network edge where end-user devices (computers, IoT devices, mobile, etc.) are connected to the network.
  • Distribution Layer: A distribution layer switch connects to access-layer switches from a building, floor, etc. This layer creates a boundary between the access and core layers, creating a boundary for the Spanning Tree Protocol (STP) and a summarization point for Internet Protocol (IP) routing information.
  • Core Layer: Connects multiple distribution-layer switches together to support multi-site networks. This includes physically distributed sites or corporate networks with data centers, cloud deployments, etc.

The organization will likely consolidate the distribution and core layers since there are not multiple sites to consolidate.

Edge is not a layer in the three-tier network model.

32.

Which of the following are examples of omnidirectional antennas? (Choose two.)

  • Dipole

  • Integrated

  • Patch

  • Yagi-Uda

  • Parabolic dish

The two basic types of antennas are:

  • Omnidirectional: Radiates signals equally in all directions around a cylindrical antenna. Dipole antennas are a common type of omnidirectional antenna, where an Access Point (AP) has two antennas that radiate signal and have a gain of +2-5 dBi. Many routers have integrated antennas in which several antennas are hidden within a small case. They generally have a 2 dBi gain in the 2.4 GHz band and 5 dBI in the 5 GHz band.
  • Directional: Directional antennas focus the signal in a particular direction, making them a good fit for hallways or other long, thin spaces. Patch antennas are one example and have a flat, rectangular shape that creates a gain of 6-8 dBi and 7-10 dBi in the 2.4 and 5 GHz ranges in a particular direction. Yagi-Uda is another type of antenna where multiple parallel antennas are hidden in a thick cylinder (perpendicular to its length) and generate 10 to 14 dBi gain. Parabolic dish antennas collect signal in the dish and focus it to an antenna at the center, offering gains of 20-30 dBi.

33.

Which of the following QoS mechanisms uses buffering in an attempt to avoid dropping excess traffic?

  • Shaping

  • Marking

  • Policing

  • Congestion avoidance

Correct answer: Shaping

Quality of Service (QoS) provides priority to certain types of network traffic, reducing latency, jitter, and packet loss for them. Common components of QoS include:

  • Classification and Marking: Dividing network traffic into classes based on its purpose and importance to the business. After traffic is classified, it is marked to allow QoS policies to be applied to it.
  • Policing: Policing helps to enforce traffic rates by transmitting or remarking inbound or outbound traffic that complies with the rates and dropping or marking down traffic that exceeds it.
  • Shaping: Shaping implements a buffer for egress traffic that holds traffic exceeding the traffic rate until the rate drops to the defined level. If traffic is below the desired traffic rate, then egress traffic isn’t buffered.
  • Congestion Avoidance: Congestion avoidance attempts to proactively prevent network congestion by strategically dropping packets.

34.

Which of the following network protocols is used by RESTCONF?

  • HTTP

  • SSH

  • TLS

  • SOAP

  • UDP

Correct answer: HTTP

RESTCONF uses the Hypertext Transfer Protocol (HTTP).

The Network Configuration Protocol (NETCONF) can use Secure Shell (SSH), Transport Layer Security (TLS), or the Simple Object Access Protocol (SOAP).

The Simple Network Management Protocol (SNMP) uses the User Datagram Protocol (UDP).

35.

Which of the following are common mechanisms for ensuring the integrity of JWTs? (Choose two.)

  • Digital signatures

  • MACs

  • Checksums

  • Encryption

JSON Web Tokens (JWTs) encode a set of claims regarding a user that can be used to make access decisions. JWTs can use digital signatures (preferred) or Message Authentication Codes (MACs) to protect the integrity of the claims data.

Encryption protects data confidentiality, not integrity. Checksums aren't used for JWT integrity.

36.

In the Spanning Tree Protocol (STP), there may be two non-root switches connected to one another via designated ports. Which of the following is not a consideration when selecting which to block?

  • Interface priority

  • Path cost

  • System priority

  • MAC address

  • Root vs. designated port

Correct answer: Interface priority

All non-root ports are designated ports. If non-root switches are connected to one another via designated ports, a loop exists. The criteria of which to block are (in order of importance):

  • Designated ports block, not root ports
  • Switch with higher path cost blocks
  • Switch with higher system priority blocks
  • Switch with higher MAC address blocks

Interface priority is not a decision criterion.

37.

Which of the following status codes shown after running show etherchannel summary is specific to EtherChannels configured with LACP?

  • H

  • S

  • U

  • D

  • P

Correct answer: H

The H status code indicates that an interface is acting as a hot standby because it has an adjacency in place, but an EtherChannel already has the maximum number of permitted interfaces. This configuration is only possible with the Link Aggregation Control Protocol (LACP).

The S status code indicates that the EtherChannel is configured at Layer 2. The U or D status code indicates that the link is in use or down. The P status code indicates that an interface is participating in an EtherChannel.

38.

Using HTTPS, which is encrypted using TLS, is a best practice for RESTful APIs. Which of the following HTTP Security Headers helps to ensure this?

  • Strict-Transport-Security

  • X-Content-Type-Options

  • Content-Type

  • Content-Security-Policy

Correct Answer: Strict-Transport-Security

The Hypertext Transfer Protocol (HTTP) Strict-Transport-Security header specifies that all requests to an Application Programming Interface (API) should be made using HTTPS.

The other options are valid headers but perform other roles within a RESTful API.

39.

Which of the following HTTP methods is not supported by RESTCONF?

  • HEAD

  • GET

  • POST

  • PUT

Correct answer: HEAD

RESTCONF doesn't support the HEAD Hypertext Transfer Protocol (HTTP) method.

It does support GET, POST, PUT, DELETE, and OPTIONS.

40.

Which of the following commands are used when setting up a Flow Monitor in Flexible NetFlow? (Choose two.)

  • record name

  • cache timeout active 60

  • destination ip-address

  • export-protocol version

A flow monitor needs an associated flow record and exporter. It is configured via the following steps:

  1. Name the flow monitor (flow monitor name)
  2. Set a description (description description)
  3. Assign the flow record (record name)
  4. Set a cache timeout for active connections (cache timeout active 60)
  5. Assign the flow exporter (flow monitor name followed by exporter name)

The destination and export-protocol commands are used for Flow Exporters in Flexible NetFlow.