CCNA 3 v7.0 Final Exam Answers Full – Enterprise Networking, Security, and Automation

CCNA3 v7 – ENSA Final Exam Answers Full 100% 2020

Cisco Netacad ENSA Version 7.00 CCNA 3 v7 ENSA Final Exam Answers 2020 2021 – Enterprise Networking, Security, and Automation

  1. What functionality does mGRE provide to the DMVPN technology?

    • It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
    • It provides secure transport of private information over public networks, such as the Internet.
    • It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
    • It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
      Answers Explanation & Hints:

      DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub.

  2. Which statement accurately describes a characteristic of IPsec?

    • IPsec works at the transport layer and protects data at the network layer.
    • IPsec works at the application layer and protects all application data.
    • IPsec is a framework of open standards that relies on existing algorithms.
    • IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
    • IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
  3. Which type of API would be used to allow authorized salespeople of an organization access to internal sales data from their mobile devices?

    • public
    • open
    • private
    • partner
  4. Match the RESTful API method to CRUD function.

    CCNA3 v7 - ENSA Final Exam Answers 001

    CCNA3 v7 – ENSA Final Exam Answers 001

  5. What are two syntax rules for writing a JSON array? (Choose two.)

    • Each value in the array is separated by a comma.
    • A semicolon separates the key and list of values.
    • The array can include only one value type.
    • Values are enclosed in square brackets.
    • A space must separate each value in the array.
  6. Refer to the exhibit. An administrator is trying to configure PAT on R1, but PC-A is unable to access the Internet. The administrator tries to ping a server on the Internet from PC-A and collects the debugs that are shown in the exhibit. Based on this output, what is most likely the cause of the problem?

    CCNA3 v7 - ENSA Final Exam Answers 08

    CCNA3 v7 – ENSA Final Exam Answers 08

    • The address on Fa0/0 should be 64.100.0.1.
    • The inside and outside NAT interfaces have been configured backwards.
    • The inside global address is not on the same subnet as the ISP.
    • The NAT source access list matches the wrong address range.
      Answers Explanation & Hints:

      The output of debug ip nat shows each packet that is translated by the router. The “s” is the source IP address of the packet and the “d” is the destination. The address after the arrow (“->”) shows the translated address. In this case, the translated address is on the 209.165.201.0 subnet but the ISP facing interface is in the 209.165.200.224/27 subnet. The ISP may drop the incoming packets, or might be unable to route the return packets back to the host because the address is in an unknown subnet.

  7. Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?

    CCNA3 v7 - ENSA Final Exam Answers 02

    CCNA3 v7 – ENSA Final Exam Answers 02

    • Access-list 1 is misconfigured.
    • The NAT pool is incorrect.
    • NAT-POOL2 is not bound to ACL 1.
    • Interface Fa0/0 should be identified as an outside NAT interface.
      Answers Explanation & Hints:

      R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would enable the router to check for all interesting traffic and if it matches ACL 1 it would be translated by use of the addresses in NAT-POOL2.

  8. Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?

    CCNA3 v7 - ENSA Final Exam Answers 08

    CCNA3 v7 – ENSA Final Exam Answers 08

    • defines which addresses are assigned to a NAT pool
    • defines which addresses are allowed into the router
    • defines which addresses are allowed out of the router
    • defines which addresses can be translated
  9. A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)

    • Router(config)# access-list 95 permit any
    • Router(config)# access-list 95 host 172.16.0.0
    • Router(config)# access-list 95 172.16.0.0 255.255.255.255
    • Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
    • Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
    • Router(config)# access-list 95 deny any
      Answers Explanation & Hints:

      To deny traffic from the 172.16.0.0/16 network, the access-list 95 deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic, the access-list 95 permit any statement is added.

  10. Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?

    CCNA3 v7 - ENSA Final Exam Answers 07

    CCNA3 v7 – ENSA Final Exam Answers 07

    • 15 deny 172.23.16.0 0.0.15.255
    • 30 deny 172.23.16.0 0.0.15.255
    • 5 deny 172.23.16.0 0.0.255.255
    • 5 deny 172.23.16.0 0.0.15.255
      Answers Explanation & Hints:

      The only filtering criteria specified for a standard access list is the source IPv4 address. The wild card mask is written to identify what parts of the address to match, with a 0 bit, and what parts of the address should be ignored, which a 1 bit. The router will parse the ACE entries from lowest sequence number to highest. If an ACE must be added to an existing access list, the sequence number should be specified so that the ACE is in the correct place during the ACL evaluation process.

  11. If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

    • 6
    • 16
    • 8
    • 4
    • 12
      Answers Explanation & Hints:

      In calculating how many ACLs can be configured, use the rule of “three Ps”: one ACL per protocol, per direction, per interface. In this case, 2 interfaces x 2 protocols x 2 directions yields 8 possible ACLs.

  12. Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

    • For every inbound ACL placed on an interface, there should be a matching outbound ACL.
    • Place extended ACLs close to the source IP address of the traffic.
    • Place standard ACLs close to the destination IP address of the traffic.
    • Place standard ACLs close to the source IP address of the traffic.
    • Filter unwanted traffic before it travels onto a low-bandwidth link.
    • Place extended ACLs close to the destination IP address of the traffic.
      Answers Explanation & Hints:

      Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Placing a standard ACL close to the source may have the effect of filtering all traffic, and limiting services to other hosts. Filtering unwanted traffic before it enters low-bandwidth links preserves bandwidth and supports network functionality. Decisions on placing ACLs inbound or outbound are dependent on the requirements to be met.

  13. What is the main function of a hypervisor?

    • It is used by ISPs to monitor cloud computing resources.
    • It is a device that synchronizes a group of sensors.
    • It is software used to coordinate and prepare data for analysis.
    • It is a device that filters and checks security credentials.
    • It is used to create and manage multiple VM instances on a host machine.
  14. A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?

    • virtualization
    • maintaining communication integrity
    • BYOD
    • online collaboration
  15. What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?

    • the ARP table
    • the DSP
    • the FIB
    • the routing table
  16. Which step in the link-state routing process is described by a router building a link-state database based on received LSAs?

    • building the topology table
    • selecting the router ID
    • injecting the default route
    • exchanging link-state advertisements
  17. Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East?​

    CCNA3 v7 - ENSA Final Exam Answers 06

    CCNA3 v7 – ENSA Final Exam Answers 06

    • 782
    • 74
    • 128
    • 65
  18. A network engineer has noted that some expected network route entries are not displayed in the routing table. Which two commands will provide additional information about the state of router adjacencies, timer intervals, and the area ID? (Choose two.)

    • show running-configuration
    • show ip route ospf
    • show ip ospf interface
    • show ip protocols
    • show ip ospf neighbor
  19. What is the final operational state that will form between an OSPF DR and a DROTHER once the routers reach convergence?

    • full
    • loading
    • established
    • two-way
  20. What protocol allows the manager to poll agents to access information from the agent MIB?

    • SYSLOG
    • CBWFQ
    • SNMP
    • TFTP
  21. Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?

    • access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
      access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​
    • access-list 103 deny tcp host 192.168.10.0 any eq 23
      access-list 103 permit tcp host 192.168.10.1 eq 80
    • access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
      access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23
    • access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
      access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

      Answers Explanation & Hints:

      For an extended ACL to meet these requirements the following need to be included in the access control entries:identification number in the range 100-199 or 2000-2699
      permit or deny parameter

  22. Which two things should a network administrator modify on a router to perform password recovery? (Choose two.)

    • the startup configuration file
    • system ROM
    • the NVRAM file system
    • the system image file
    • the configuration register value
  23. Which statement describes a VPN?

    • VPNs use logical connections to create public networks through the Internet.
    • VPNs use dedicated physical connections to transfer data between remote users.
    • VPNs use open source virtualization software to create the tunnel through the Internet.
    • VPNs use virtual connections to create a private network through a public network.
      Answers Explanation & Hints:

      A VPN is a private network that is created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices.

  24. Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below.

    CCNA3 v7 - ENSA Final Exam Answers 04

    CCNA3 v7 – ENSA Final Exam Answers 04

    Router(config)# ip access-list extended 101
    Router(config-ext-nacl)# no 20
    Router(config-ext-nacl)# 5 permit tcp any any eq 22
    Router(config-ext-nacl)# 20 deny udp any any

    Which two conclusions can be drawn from this new configuration?​ (Choose two.)

    • Ping packets will be permitted.
    • TFTP packets will be permitted.​
    • Telnet packets will be permitted.
    • SSH packets will be permitted.
    • All TCP and UDP packets will be denied.​
      Answers Explanation & Hints:

      After the editing, the final configuration is as follows:
      Router# show access-lists
      Extended IP access list 101
      5 permit tcp any any eq ssh
      10 deny tcp any any
      20 deny udp any any
      30 permit icmp any any
      So, only SSH packets and ICMP packets will be permitted.​

  25. In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?

    • Narrow the scope.
    • Document the symptoms.
    • Gather information.
    • Determine the symptoms.
    • Determine ownership.
      Answers Explanation & Hints:

      In the “narrow the scope” step of gathering symptoms, a network engineer will determine if the network problem is at the core, distribution, or access layer of the network. Once this step is complete and the layer is identified, the network engineer can determine which pieces of equipment are the most likely cause.

  26. What type of network uses one common infrastructure to carry voice, data, and video signals?

    • switched
    • converged
    • borderless
    • managed
  27. What are three advantages of using private IP addresses and NAT? (Choose three.)

    • improves the performance of the router that is connected to the Internet
    • reduces CPU usage on customer routers
    • permits LAN expansion without additional public IP addresses
    • creates multiple public IP addresses
    • conserves registered public IP addresses
    • hides private LAN addressing from outside devices that are connected to the Internet
  28. What is a characteristic of a single-area OSPF network?

    • All routers have the same routing table.
    • All routers have the same neighbor table.
    • All routers share a common forwarding database.
    • All routers are in the backbone area.
  29. Which statement describes a characteristic of standard IPv4 ACLs?

    • They can be created with a number but not with a name.
    • They can be configured to filter traffic based on both source IP addresses and source ports.
    • They are configured in the interface configuration mode.
    • They filter traffic based on source IP addresses only.
      Answers Explanation & Hints:

      A standard IPv4 ACL can filter traffic based on source IP addresses only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports. However, both standard and extended ACLs can be identified with either a number or a name, and both are configured in global configuration mode.

  30. Which two statements are characteristics of a virus? (Choose two.)

    • A virus has an enabling vulnerability, a propagation mechanism, and a payload.
    • A virus typically requires end-user activation.
    • A virus replicates itself by independently exploiting vulnerabilities in networks.
    • A virus can be dormant and then activate at a specific time or date.
    • A virus provides the attacker with sensitive data, such as passwords.
      Answers Explanation & Hints:

      The type of end user interaction required to launch a virus is typically opening an application, opening a web page, or powering on the computer. Once activated, a virus may infect other files located on the computer or other computers on the same network.

  31. Refer to the exhibit. Which sequence of commands should be used to configure router A for OSPF?

    CCNA3 v7 - ENSA Final Exam Answers 10

    CCNA3 v7 – ENSA Final Exam Answers 10

    • router ospf 1
      network 192.168.10.64 0.0.0.63 area 0
      network 192.168.10.192 0.0.0.3 area 0
    • router ospf 1
      network 192.168.10.0
    • router ospf 1
      network 192.168.10.64 255.255.255.192
      network 192.168.10.192 255.255.255.252
    • router ospf 1
      network 192.168.10.0 area 0
  32. What are three benefits of cloud computing? (Choose three.)

    • It streamlines the IT operations of an organization by subscribing only to needed services.
    • It uses open-source software for distributed processing of large datasets.
    • It utilizes end-user clients to do a substantial amount of data preprocessing and storage.
    • It turns raw data into meaningful information by discovering patterns and relationships.
    • It eliminates or reduces the need for onsite IT equipment, maintenance, and management.
    • It enables access to organizational data anywhere and at any time.
  33. What is a WAN?

    • a network infrastructure that provides access in a small geographic area
    • a network infrastructure designed to provide data storage, retrieval, and replication
    • a network infrastructure that spans a limited physical area such as a city
    • a network infrastructure that provides access to other networks over a large geographic area
  34. Match the term to the web link http://www.buycarsfromus.com/2020models/ford/suv.html#Escape component. (Not all options are used.)

    CCNA3 v7 - ENSA Final Exam Answers 002

    CCNA3 v7 – ENSA Final Exam Answers 002

  35. Which two scenarios are examples of remote access VPNs? (Choose two.)

    • All users at a large branch office can access company resources through a single VPN connection.
    • An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
    • A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
    • A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
    • A mobile sales agent is connecting to the company network via the Internet connection at a hotel.
  36. What is a purpose of establishing a network baseline?

    • It creates a point of reference for future network evaluations.
    • It provides a statistical average for network performance.
    • It checks the security configuration of network devices.
    • It manages the performance of network devices.
      Answers Explanation & Hints:

      A baseline is used to establish normal network or system performance. It can be used to compare with future network or system performances in order to detect abnormal situations.

  37. Match the functions to the corresponding layers. (Not all options are used.)

    CCNA3 v7 – ENSA – Modules 9 – 12 Optimize, Monitor, and Troubleshoot Networks Exam Answers 001

    CCNA3 v7 – ENSA – Modules 9 – 12 Optimize, Monitor, and Troubleshoot Networks Exam Answers 001

  38. Why is QoS an important issue in a converged network that combines voice, video, and data communications?

    • Data communications are sensitive to jitter.
    • Data communications must be given the first priority.
    • Legacy equipment is unable to transmit voice and video without QoS.
    • Voice and video communications are more sensitive to latency.
      Answers Explanation & Hints:

      Without any QoS mechanisms in place, time-sensitive packets, such as voice and video, will be dropped with the same frequency as email and web browsing traffic.

  39. Refer to the exhibit. If no router ID was manually configured, what would router R1 use as its OSPF router ID?

    CCNA3 v7 - ENSA Final Exam Answers 05

    CCNA3 v7 – ENSA Final Exam Answers 05

    • 10.0.0.1
    • 10.1.0.1
    • 192.168.1.100
    • 209.165.201.1
  40. Which type of OSPF packet is used by a router to discover neighbor routers and establish neighbor adjacency?

    • link-state request
    • hello
    • database description
    • link-state update
  41. Which statement describes a characteristic of Cisco Catalyst 2960 switches?

    • They are modular switches.
    • New Cisco Catalyst 2960-C switches support PoE pass-through.
    • They do not support an active switched virtual interface (SVI) with IOS versions prior to 15.x.
    • They are best used as distribution layer switches.
  42. Refer to the exhibit. An administrator is trying to back up the current running configuration of the router to a USB drive, and enters the command copy usbflash0:/R1-config running-config on the router command line. After removing the USB drive and connecting it to a PC, the administrator discovers that the running configuration was not properly backed up to the R1-config file. What is the problem?

    CCNA3 v7 - ENSA Final Exam Answers 01

    CCNA3 v7 – ENSA Final Exam Answers 01

    • There is no space left on the USB drive.
    • The file already exists on the USB drive and cannot be overwritten.
    • The drive was not properly formatted with the FAT16 file system.
    • The USB drive is not recognized by the router.
    • The command that the administrator used was incorrect.
  43. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.)

    CCNA3 v7 - ENSA Final Exam Answers 09

    CCNA3 v7 – ENSA Final Exam Answers 09

    • The IP address of R1 is 192.168.1.2.
    • Both routers are configured to use NTPv2.
    • Router R2 is the master, and R1 is the client.
    • Router R1 is the master, and R2 is the client.
    • The IP address of R2 is 192.168.1.2.
      Answers Explanation & Hints:

      With the show NTP associations command, the IP address of the NTP master is given.

  44. What is a characteristic of a Trojan horse as it relates to network security?

    • An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
    • Extreme quantities of data are sent to a particular network device interface.
    • Too much information is destined for a particular memory block, causing additional memory areas to be affected.
    • Malware is contained in a seemingly legitimate executable program.
      Answers Explanation & Hints:

      A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable.

  45. An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?

    • DNS tunneling
    • DHCP spoofing
    • TCP SYN flood
    • ARP cache poisoning
  46. A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

    • origin authentication
    • data integrity
    • data confidentiality
    • non-repudiation
      Answers Explanation & Hints:

      Secure communications consists of four elements:
      Data confidentiality – guarantees that only authorized users can read the message
      Data integrity – guarantees that the message was not altered
      Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states
      Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent

  47. Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?

    • an approach comparing working and nonworking components to spot significant differences
    • a structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
    • a less-structured approach based on an educated guess
    • an approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
  48. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)

    • OS/IOS version
    • interface identifier
    • cable type and identifier
    • cable specification
    • device type
    • connection type
  49. What command would be used as part of configuring NAT or PAT to link the inside local addresses to the pool of addresses available for PAT translation?

    • ip nat inside source static 172.19.89.13 198.133.219.65
    • ip nat inside source list ACCTNG pool POOL-STAT
    • ip nat inside source list 14 pool POOL-STAT overload
    • ip nat translation timeout 36000
  50. Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?

    • cable
    • ISDN
    • dialup
    • DSL
  51. A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)

    • municipal Wi-Fi
    • digital subscriber line
    • Ethernet WAN
    • leased line
    • cable
  52. Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?

    • IPsec virtual tunnel interface
    • GRE over IPsec
    • dynamic multipoint VPN
    • MPLS VPN
  53. What type of traffic is described as requiring at least 384 Kbps of bandwidth?

    • data
    • voice
    • video
  54. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.16.91.0 255.255.255.192. What wildcard mask would the administrator use in the OSPF network statement?

    • 0.0.0.15
    • 0.0.0.7
    • 0.0.0.3
    • 0.0.0.63
  55. Refer to the exhibit. Internet privileges for an employee have been revoked because of abuse but the employee still needs access to company resources. What is the best ACL type and placement to use in this situation?

    CCNA3 v7 - ENSA Final Exam Answers 11

    CCNA3 v7 – ENSA Final Exam Answers 11

    • standard ACL inbound on R1 G0/0
    • standard ACL outbound on R2 WAN interface towards the internet
    • standard ACL inbound on R2 WAN interface connecting to the internet
    • standard ACL outbound on R1 G0/0
      Answers Explanation & Hints:

      – Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible.
      – Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure.

  56. An ACL is applied inbound on a router interface. The ACL consists of a single entry:

    access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www .

    If a packet with a source address of 192.168.10.45, a destination address of 10.10.3.27, and a protocol of 80 is received on the interface, is the packet permitted or denied?

    • permitted
    • denied
  57. A network administrator modified an OSPF-enabled router to have a hello timer setting of 20 seconds. What is the new dead interval time setting by default?

    • 40 seconds
    • 60 seconds
    • 80 seconds
    • 100 seconds
  58. When will an OSPF-enabled router transition from the Down state to the Init state?

    • when the router receives a hello packet from a neighbor router
    • when an OSPF-enabled interface starts sending hello packets
    • as soon as the router starts
    • as soon as the DR/BDR election process is complete
  59. Which queuing mechanism has no provision for prioritizing or buffering but simply forwards packets in the order they arrive?

    • LLQ
    • CBWFQ
    • WFQ
    • FIFO
  60. ABCTech is investigating the use of automation for some of its products. In order to control and test these products, the programmers require Windows, Linux, and MAC OS on their computers. What service or technology would support this requirement?

    • software defined networking
    • dedicated servers
    • Cisco ACI
    • virtualization
  61. What command would be used as part of configuring NAT or PAT to display all static translations that have been configured?

    • show ip nat translations
    • show ip nat statistics
    • show ip interfaces
    • show ip route
  62. When QoS is implemented in a converged network, which two factors can be controlled to improve network performance for real-time traffic? (Choose two.)

    • jitter
    • packet routing
    • link speed
    • packet addressing
    • delay
      Answers Explanation & Hints:

      Delay is the latency between a sending and receiving device. Jitter is the variation in the delay of the received packets. Both delay and jitter need to be controlled in order to support real-time voice and video traffic.

  63. What type of traffic is described as predictable and smooth?

    • video
    • data
    • voice
  64. In an OSPF network which two statements describe the link-state database (LSDB)? (Choose two.)

    • It can be viewed by using the show ip ospf database command.
    • It contains a list of all neighbor routers to which a router has established bidirectional communication.
    • All routers within an area have an identical link-state database.
    • It contains a list of only the best routes to a particular network.
    • A neighbor table is created based on the LSDB.
  65. A network administrator is troubleshooting an OSPF problem that involves neighbor adjacency. What should the administrator do?

    • Make sure that the router ID is included in the hello packet.
    • Make sure that the hello and dead interval timers are the same on all routers.
    • Make sure that the router priority is unique on each router.
    • Make sure that the DR/BDR election is complete.
  66. Which group of APIs are used by an SDN controller to communicate with various applications?

    • westbound APIs
    • northbound APIs
    • southbound APIs
    • eastbound APIs
  67. Which is a characteristic of a Type 2 hypervisor?​

    • best suited for enterprise environments
    • does not require management console software
    • has direct access to server hardware resources
    • installs directly on hardware
  68. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers. The routers are unable to form a neighbor adjacency. What should be done to fix the problem on router R2?

    CCNA3 v7 - ENSA Final Exam Answers 16

    CCNA3 v7 – ENSA Final Exam Answers 16

    • Change the router-id of router R2 to 2.2.2.2.
    • Implement the command no passive-interface Serial0/1.
    • Implement the command network 192.168.2.6 0.0.0.0 area 0 on router R2.
    • Implement the command network 192.168.3.1 0.0.0.0 area 0 on router R2.
  69. An OSPF router has three directly connected networks; 10.0.0.0/16, 10.1.0.0/16, and 10.2.0.0/16. Which OSPF network command would advertise only the 10.1.0.0 network to neighbors?

    • router(config-router)# network 10.1.0.0 0.0.255.255 area 0
    • router(config-router)# network 10.1.0.0 0.0.15.255 area 0
    • router(config-router)# network 10.1.0.0 255.255.255.0 area 0
    • router(config-router)# network 10.1.0.0 0.0.0.0 area 0
  70. What are two benefits of extending access layer connectivity to users through a wireless medium? (Choose two.)

    • increased network management options
    • increased flexibility
    • reduced costs
    • increased bandwidth availability
    • decreased number of critical points of failure
      Answers Explanation & Hints:

      Wireless connectivity at the access layer provides increased flexibility, reduced costs, and the ability to grow and adapt to changing business requirements. Utilizing wireless routers and access points can provide an increase in the number of central points of failure. Wireless routers and access points will not provide an increase in bandwidth availability.

  71. A student, doing a summer semester of study overseas, has taken hundreds of pictures on a smartphone and wants to back them up in case of loss. What service or technology would support this requirement?

    • dedicated servers
    • cloud services
    • Cisco ACI
    • software defined networking
  72. What are the two types of VPN connections? (Choose two.)

    • site-to-site
    • Frame Relay
    • PPPoE
    • leased line
    • remote access
  73. Which type of VPN connects using the Transport Layer Security (TLS) feature?

    • dynamic multipoint VPN
    • SSL VPN
    • IPsec virtual tunnel interface
    • GRE over IPsec
  74. Which two scenarios would result in a duplex mismatch? (Choose two.)

    • connecting a device with an interface running at 100 Mbps to another with an interface running at 1000 Mbps
    • manually setting the two connected devices to different duplex modes
    • connecting a device with autonegotiation to another that is manually set to full-duplex
    • starting and stopping a router interface during a normal operation
    • configuring dynamic routing incorrectly
  75. A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended?

    • ISDN
    • VSAT
    • Frame Relay
    • Ethernet WAN
  76. Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)

    CCNA3 v7 - ENSA Final Exam Answers 14

    CCNA3 v7 – ENSA Final Exam Answers 14

    • R2(config)# interface gi0/0
      R2(config-if)# ip access-group 105 in
    • access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
      access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
      access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
      access-list 105 deny ip any host 10.0.54.5
      access-list 105 permit ip any any
    • access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
      access-list 105 permit tcp any host 10.0.54.5 eq www
      access-list 105 permit ip any any
    • access-list 105 permit tcp host 10.0.54.5 any eq www
      access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
      access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
    • R1(config)# interface s0/0/0
      R1(config-if)# ip access-group 105 out
    • R1(config)# interface gi0/0
      R1(config-if)# ip access-group 105 out

      Answers Explanation & Hints:

      The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server.

  77. In JSON, what is held within square brackets [ ]?

    • an array
    • an object
    • key/value pairs
    • nested values
  78. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 192.168.0.0 255.255.254.0. What wildcard mask would the administrator use in the OSPF network statement?

    • 0.0.15.255
    • 0.0.3.255
    • 0.0.1.255
    • 0.0.7.255
  79. Refer to the exhibit. A network administrator has configured a standard ACL to permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. When following the best practices, in what location should the standard ACL be applied?

    CCNA3 v7 - ENSA Final Exam Answers 18

    CCNA3 v7 – ENSA Final Exam Answers 18

    • R2 G0/1 outbound
    • R2 G0/0 outbound
    • R2 S0/0/1 outbound
    • R2 G0/1 inbound
    • R1 S0/0/0 outbound
  80. What are two features to consider when creating a named ACL? (Choose two.)

    • Use a space for ease of reading to separate the name from the description.
    • Be descriptive when creating the ACL name.
    • Use alphanumeric characters if needed.
    • Modify the ACL using a text editor.
    • Use special characters, such as ! or * to show the importance of the ACL.
  81. What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

    • to escalate access privileges
    • to prevent other users from accessing the system
    • to scan for accessibility
    • to retrieve and modify data
    • to gather information about the network and devices
  82. Refer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation?

    CCNA3 v7 - ENSA Final Exam Answers 17

    CCNA3 v7 – ENSA Final Exam Answers 17

    • extended ACL inbound on R1 G0/0
    • standard ACL inbound on R1 vty lines
    • standard ACL inbound on R1 G0/1
    • extended ACL inbound on R3 G0/0
  83. An ACL is applied inbound on a router interface. The ACL consists of a single entry:

    access-list 210 permit tcp 172.18.20.0 0.0.0.31 172.18.20.32 0.0.0.31 eq ftp .

    If a packet with a source address of 172.18.20.14, a destination address of 172.18.20.40, and a protocol of 21 is received on the interface, is the packet permitted or denied?

    • permitted
    • denied
  84. Refer to the exhibit. Router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity?

    CCNA3 v7 - ENSA Final Exam Answers 13

    CCNA3 v7 – ENSA Final Exam Answers 13

    • The NAT configuration on interface S0/0/1 is incorrect.
    • Interface Fa0/0 should be configured with the command ip nat outside .
    • The inside global address is incorrect.
    • The router NAT configuration has an incorrect inside local address.
  85. Refer to the exhibit. Which address or addresses represent the inside global address?

    CCNA3 v7 - ENSA Final Exam Answers 15

    CCNA3 v7 – ENSA Final Exam Answers 15

    • 10.1.1.2
    • 192.168.0.100
    • 209.165.20.25
    • any address in the 10.1.1.0 network
  86. What are two benefits of using SNMP traps? (Choose two.)

    • They reduce the load on network and agent resources.
    • They limit access for management systems only.
    • They eliminate the need for some periodic polling requests.
    • They can passively listen for exported NetFlow datagrams.
    • They can provide statistics on TCP/IP packets that flow through Cisco devices.
  87. Refer to the exhibit. From which location did this router load the IOS?

    CCNA3 v7 - ENSA Final Exam Answers 12

    CCNA3 v7 – ENSA Final Exam Answers 12

    • a TFTP server​
    • flash memory
    • NVRAM​
    • RAM
    • ROM
  88. What protocol uses smaller stratum numbers to indicate that the server is closer to the authorized time source than larger stratum numbers?

    • NTP
    • SYSLOG
    • TFTP
    • MPLS
  89. Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link?

    • electing the designated router
    • exchanging link-state advertisements
    • injecting the default route
    • building the topology table
  90. How does virtualization help with disaster recovery within a data center?

    • Server provisioning is faster.
    • Power is always provided.
    • Less energy is consumed.
    • Hardware at the recovery site does not have to be identical to production equipment.*
  91. What is a characteristic of the REST API?

    • considered slow, complex, and rigid
    • used for exchanging XML structured information over HTTP or SMTP
    • evolved into what became SOAP
    • most widely used API for web services
  92. In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)

    • connect remote networks
    • provide Power over Ethernet to devices
    • provide data traffic security
    • connect users to the network
    • provide a high-speed network backbone
  93. A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

    • botnet
    • rootkit
    • spyware
    • virus
  94. What type of traffic is described as using either TCP or UDP depending on the need for error recovery?

    • video
    • voice
    • data
  95. Refer to the exhibit. Which conclusion can be drawn from this OSPF multiaccess network?​

    CCNA3 v7 - ENSA Final Exam Answers 21

    CCNA3 v7 – ENSA Final Exam Answers 21

    • ​All DROTHER routers will send LSAs to the DR and BDR to multicast 224.0.0.5.
    • ​When a DR is elected all other non-DR routers become DROTHER.
    • If the DR stops producing Hello packets, a BDR will be elected, and then it promotes itself to assume the role of DR.​
    • With an election of the DR, the number of adjacencies is reduced from 6 to 3.
      Answers Explanation & Hints:

      On OSPF multiaccess networks, a DR is elected to be the collection and distribution point for LSAs sent and received. A BDR is also elected in case the DR fails. All other non-DR or BDR routers become DROTHER. Instead of flooding LSAs to all routers in the network, DROTHERs only send their LSAs to the DR and BDR using the multicast address 224.0.0.6. If there is no DR/BDR election, the number of required adjacencies is n(n-1)/2 = > 4(4-1)/2 = 6. With the election, this number is reduced to 3.​

  96. In which OSPF state is the DR/BDR election conducted?

    • ExStart
    • Init
    • Exchange
    • Two-Way
  97. An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 10.27.27.0 255.255.255.0. What wildcard mask would the administrator use in the OSPF network statement?

    • 0.0.0.15
    • 0.0.0.31
    • 0.0.0.63
    • 0.0.0.255
  98. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

    • IPsec
    • ESP
    • MD5
    • AES
  99. What QoS step must occur before packets can be marked?

    • queuing
    • shaping
    • policing
    • classifying
  100. Refer to the exhibit. An administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5:

    access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.1.1.5 
    access-list 100 permit ip any any

    Where should the administrator place this ACL for the most efficient use of network resources?

    CCNA3 v7 - ENSA Final Exam Answers 20

    CCNA3 v7 – ENSA Final Exam Answers 20

    • outbound on router A Fa0/1
    • outbound on router B Fa0/0
    • inbound on router A Fa0/0
    • inbound on router B Fa0/1
  101. Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?

    R1# <output omitted> 
    Standard IP access list 2 
    10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 
    20 deny any (1 match) 
    
    • Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
    • Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
    • Two devices connected to the router have IP addresses of 192.168.10. x .
    • Two devices were able to use SSH or Telnet to gain access to the router.
      Answers Explanation & Hints:

      The access-class command is used only on VTY ports. VTY ports support Telnet and/or SSH traffic. The match permit ACE is how many attempts were allowed using the VTY ports. The match deny ACE shows that a device from a network other than 192.168.10.0 was not allowed to access the router through the VTY ports.

  102. What protocol synchronizes with a private master clock or with a publicly available server on the internet?

    • TFTP
    • NTP
    • MPLS
    • CBWFQ
  103. Refer to the exhibit. A PC at address 10.1.1.45 is unable to access the Internet. What is the most likely cause of the problem?

    CCNA3 v7 - ENSA Final Exam Answers 19

    CCNA3 v7 – ENSA Final Exam Answers 19

    • The wrong netmask was used on the NAT pool.
    • The inside and outside interfaces have been configured backwards.
    • The NAT pool has been exhausted.
    • Access-list 1 has not been configured properly.
      Answers Explanation & Hints:

      The output of show ip nat statistics shows that there are 2 total addresses and that 2 addresses have been allocated (100%). This indicates that the NAT pool is out of global addresses to give new clients. Based on the show ip nat translations, PCs at 10.1.1.33 and 10.1.1.123 have used the two available addresses to send ICMP messages to a host on the outside network.

  104. In setting up a small office network, the network administrator decides to assign private IP addresses dynamically to workstations and mobile devices. Which feature must be enabled on the company router in order for office devices to access the internet?

    • MAC filtering
    • QoS
    • UPnP
    • NAT
      Answers Explanation & Hints:

      Network Address Translation (NAT) is the process used to convert private addresses to internet-routable addresses that allow office devices to access the internet.

  105. Refer to the exhibit. A network administrator has configured OSPFv2 on the two Cisco routers but PC1 is unable to connect to PC2. What is the most likely problem?

    CCNA3 v7 - ENSA Final Exam Answers 23

    CCNA3 v7 – ENSA Final Exam Answers 23

    • Interface Fa0/0 is configured as a passive-interface on router R2.
    • Interface s0/0 has not been activated for OSPFv2 on router R2.
    • Interface S0/0 is configured as a passive-interface on router R2.
    • Interface Fa0/0 has not been activated for OSPFv2 on router R2.
      Answers Explanation & Hints:

      If a LAN network is not advertised using OSPFv2, a remote network will not be reachable. The output displays a successful neighbor adjacency between router R1 and R2 on the interface S0/0 of both routers.

  106. What command would be used as part of configuring NAT or PAT to identify an interface as part of the external global network?

    • access-list 10 permit 172.19.89.0 0.0.0.255
    • ip pat inside
    • ip nat inside
    • ip nat outside
  107. Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?

    CCNA3 v7 - ENSA Final Exam Answers 24

    CCNA3 v7 – ENSA Final Exam Answers 24

    • standard ACL inbound on R1 vty lines
    • standard ACL inbound on R2 WAN interface connecting to the internet
    • extended ACL outbound on R2 S0/0/1
    • extended ACLs inbound on R1 G0/0 and G0/1
  108. A network administrator has been tasked with creating a disaster recovery plan. As part of this plan, the administrator is looking for a backup site for all of the data on the company servers. What service or technology would support this requirement?

    • virtualization
    • data center
    • software defined networking
    • dedicated servers
  109. Refer to the exhibit. What method can be used to enable an OSPF router to advertise a default route to neighboring OSPF routers?

    CCNA3 v7 - ENSA Final Exam Answers 22

    CCNA3 v7 – ENSA Final Exam Answers 22

    • Use a static route pointing to the ISP and redistribute it.
    • Use the default-information originate command on ISP.
    • Use the redistribute static command on R0-A.
    • Use the default-information originate command on R0-A.
    • Use the redistribute static command on ISP.