Questions and Answers PDF 1/63

Thank You for your purchase

om
Cisco CCST-Networking Exam Question & Answers
Cisco Certified Support Technician (CCST) Networking

.c
Exam

ps
m
du
am
ex
id
al
.v
w
w
// w
s:
tp
ht

[Link]
Questions and Answers PDF 2/63

Product Questions: 40
Version: 4.0

om
.c
Question: 1

ps
m
du
What is the most compressed valid format of the IPv6 address 2001 :0db8:0000:0016:0000:001b:
am
2000:0056?
ex

A. [Link] : 16: : [Link]

id
al
.v

B. [Link] : 16: : 1b: 2000: 56

w
w
w

C. [Link] 16: :1b:2:56

//
s:
tp

D. [Link] [Link] :1b: 2000:56

ht

Answer: D
Explanation:

IPv6 addresses can be compressed by removing leading zeros and replacing consecutive groups of
zeros with a double colon (::). Here’s how to compress the address
[Link]

[Link]
Questions and Answers PDF 3/63

Remove leading zeros from each segment:

[Link] becomes [Link]

Replace the longest sequence of consecutive zeros with a double colon (::). In this case, the two
consecutive zeros between the 16 and 1b:

[Link]

Thus, the most compressed valid format of the IPv6 address is [Link].

Reference :=

om
Cisco Learning Network

.c
IPv6 Addressing (Cisco)

ps
m
Question: 2

du
am
HOTSPOT
ex
id

For each statement about bandwidth and throughput, select True or False.
al
.v
w

Note: You will receive partial credit for each correct selection.
w
// w
s:
tp
ht

Answer:

[Link]
Questions and Answers PDF 4/63

Explanation:

Statement 1: Low bandwidth can increase network latency.

True: Low bandwidth can result in increased network latency because the network may become
congested, leading to delays in data transmission.

Statement 2: High levels of network latency decrease network bandwidth.

False: High levels of network latency do not decrease the available network bandwidth, but they do

om
affect the perceived performance and throughput of the network.

Statement 3: You can increase throughput by decreasing network latency.

.c
ps
True: Decreasing network latency can increase throughput because data can be transmitted more
quickly and efficiently without delays.

m
du
am
Bandwidth vs. Latency: Bandwidth refers to the maximum rate at which data can be transferred over
a network path. Latency is the time it takes for a data packet to travel from the source to the
ex

destination.
id

Low bandwidth can cause network congestion, which can increase latency as packets wait to be
transmitted.
al
.v

High latency does not reduce the actual bandwidth but can affect the overall performance and
w

efficiency of data transmission.

w

Reducing latency can lead to higher throughput because the network can handle more data in a
w

given period without delays.

//
s:

Reference:
tp

Network Performance Metrics: Cisco Network Performance

ht

Understanding Bandwidth and Latency: Bandwidth vs. Latency

Question: 3
DRAG DROP

Move each protocol from the list on the left to its correct example on the right.

[Link]
Questions and Answers PDF 5/63

om
.c
Answer:

ps
Explanation:

m
du
The correct matching of the protocols to their examples is as follows:
am
DHCP: Assign the reserved IP address [Link] to a web server at your company.
ex

DNS: Perform a query to translate [Link] to an IP address.

id

ICMP: Perform a ping to ensure that a server is responding to network connections.

al
.v

Here’s how each protocol corresponds to its example:

w

DHCP (Dynamic Host Configuration Protocol) is used to assign IP addresses to devices on a network.
w

In this case, DHCP would be used to assign the reserved IP address [Link] to a web server.
// w

DNS (Domain Name System) is used to translate domain names into IP addresses. Therefore, to
s:

translate [Link] to an IP address, DNS would be utilized.

tp

ICMP (Internet Control Message Protocol) is used for sending error messages and operational
ht

information indicating success or failure when communicating with another IP address. An example
of this is using the ping command to check if a server is responding to network connections.

These protocols are essential for the smooth operation of networks and the internet.

Perform a query to translate [Link] to an IP address.

DNS (Domain Name System): DNS is used to resolve domain names to IP addresses.

Assign the reserved IP address [Link] to a web server at your company.

[Link]
Questions and Answers PDF 6/63

DHCP (Dynamic Host Configuration Protocol): DHCP is used to assign IP addresses to devices on a
network.

Perform a ping to ensure that a server is responding to network connections.

ICMP (Internet Control Message Protocol): ICMP is used by network devices to send error messages
and operational information, and it is the protocol used by the ping command.

DNS (Domain Name System): DNS translates human-friendly domain names like "[Link]"
into IP addresses that computers use to identify each other on the network.

om
DHCP (Dynamic Host Configuration Protocol): DHCP automatically assigns IP addresses to devices on

.c
a network, ensuring that no two devices have the same IP address.

ps
ICMP (Internet Control Message Protocol): ICMP is used for diagnostic or control purposes, and the

m
ping command uses ICMP to test the reachability of a host on an IP network.

du
Reference:
am
DNS Basics: What is DNS?
ex

DHCP Overview: What is DHCP?

id

ICMP and Ping: Understanding ICMP

al
.v

Question: 4
w
w
// w
s:
tp

Which protocol allows you to securely upload files to another computer on the internet?
ht

A. SFTP

B. ICMP

[Link]
Questions and Answers PDF 7/63

C. NTP

D. HTTP

Answer: A
Explanation:

om
.c
ps
SFTP, or Secure File Transfer Protocol, is a protocol that allows for secure file transfer capabilities

m
between networked hosts. It is a secure extension of the File Transfer Protocol (FTP). SFTP encrypts

du
both commands and data, preventing passwords and sensitive information from being transmitted
openly over the network. It is typically used for secure file transfers over the internet and is built on
am
the Secure Shell (SSH) protocol1.
ex

Reference :=
id

• What Is SFTP? (Secure File Transfer Protocol)

al

• How to Use SFTP to Safely Transfer Files: A Step-by-Step Guide

.v

• Secure File Transfers: Best Practices, Protocols And Tools

w
w
w

The Secure File Transfer Protocol (SFTP) is a secure version of the File Transfer Protocol (FTP) that
//

uses SSH (Secure Shell) to encrypt all commands and data. This ensures that sensitive information,
s:

such as usernames, passwords, and files being transferred, are securely transmitted over the
tp

network.
ht

• ICMP (Internet Control Message Protocol) is used for network diagnostics and is not
designed for file transfer.

• NTP (Network Time Protocol) is used to synchronize clocks between computer systems and is
not related to file transfer.

• HTTP (HyperText Transfer Protocol) is used for transmitting web pages over the internet and
does not inherently provide secure file transfer capabilities.

Thus, the correct protocol that allows secure uploading of files to another computer on the internet
is SFTP.

[Link]
Questions and Answers PDF 8/63

Reference :=

• Cisco Learning Network

• SFTP Overview (Cisco)

Question: 5

om
A local company requires two networks in two new buildings. The addresses used in these networks

.c
must be in the private network range.

ps
m
Which two address ranges should the company use? (Choose 2.)

du
am
Note: You will receive partial credit for each correct selection.
ex
id
al
.v
w

A. [Link] to [Link]
w
// w

B. [Link] to [Link]
s:
tp

C. [Link] to [Link]
ht

D. [Link] to [Link]

Answer: AD
Explanation:

[Link]
Questions and Answers PDF 9/63

The private IP address ranges that are set aside specifically for use within private networks and not
routable on the internet are as follows:

Class A: [Link] to [Link]

Class B: [Link] to [Link]

Class C: [Link] to [Link]

These ranges are defined by the Internet Assigned Numbers Authority (IANA) and are used for local
communications within a private network123.

om
Given the options: A. [Link] to [Link] falls within the Class B private range. B.

.c
[Link] to [Link] is not a recognized private IP range. C. [Link] to [Link] is

ps
not a recognized private IP range. D. [Link] to [Link] falls within the Class C private
range.

m
Therefore, the correct selections that the company should use for their private networks are A and D.

Reference :=
du
am
Reserved IP addresses on Wikipedia
ex

Private IP Addresses in Networking - GeeksforGeeks

id

Understanding Private IP Ranges, Uses, Benefits, and Warnings

al
.v
w

Question: 6
w
// w
s:

A Cisco PoE switch is shown in the following image. Which type of port will provide both data
tp

connectivity and power to an IP phone?

ht

[Link]
Questions and Answers PDF 10/63

om
.c
ps
m
A. Port identified with number 2

du
am
B. Ports identified with numbers 3 and 4
ex
id

C. Ports identified with number 6

al
.v
w

D. Ports identified with number 7

w
// w

Answer: C
s:

Explanation:
tp
ht

In the provided image of the Cisco PoE switch, the ports identified with number 6 are the standard
RJ-45 Ethernet ports typically found on switches that provide both data connectivity and Power over
Ethernet (PoE). PoE ports are designed to supply power to devices such as IP phones, wireless access
points, and other PoE-enabled devices directly through the Ethernet cable.

Ports:

• 2: Console port (for management and configuration)

• 3 and 4: Specific function ports (often for management)

[Link]
Questions and Answers PDF 11/63

• 6: RJ-45 Ethernet ports (capable of providing PoE)

• 7: SFP ports (for fiber connections, typically do not provide PoE)

Thus, the correct answer is C. Ports identified with number 6.

Reference :=

• Cisco Catalyst 2960-L Series Switches Data Sheet

• Cisco PoE Overview

om
Question: 7

.c
ps
m
du
am
During the data encapsulation process, which OSI layer adds a header that contains MAC addressing
ex

information and a trailer used for error checking?

id
al

A. Network
.v
w
w

B. Transport
// w
s:

C. Data Link
tp
ht

D. Session

Answer: C
Explanation:

[Link]
Questions and Answers PDF 12/63

om
During the data encapsulation process, the Data Link layer of the OSI model is responsible for adding
a header that contains MAC addressing information and a trailer used for error checking. The header

.c
typically includes the source and destination MAC addresses, while the trailer contains a Frame

ps
Check Sequence (FCS) which is used for error detection1.

m
The Data Link layer ensures that messages are delivered to the proper device on a LAN using

du
hardware addresses and translates messages from the Network layer into bits for the Physical layer
to transmit. It also controls how data is placed onto the medium and is received from the medium
am
through the physical hardware.
ex

Reference :=
id

The OSI Model – The 7 Layers of Networking Explained in Plain English

al

OSI Model - Network Direction

.v
w

Which layer adds both header and trailer to the data?

w

What is OSI Model | 7 Layers Explained - GeeksforGeeks

// w
s:

Question: 8
tp
ht

What is the purpose of assigning an IP address to the management VLAN interface on a Layer 2
switch?

A. To enable the switch to act as a default gateway for the attached devices

[Link]
Questions and Answers PDF 13/63

B. To enable the switch to resolve URLs for the attached the devices

C. To enable the switch to provide DHCP services to other switches in the network

D. To enable access to the CLI on the switch through Telnet or SSH

om
.c
ps
Answer: D
Explanation:

m
du
am
The primary purpose of assigning an IP address to the management VLAN interface on a Layer 2
ex

switch is to facilitate remote management of the switch. By configuring an IP address on the

management VLAN, network administrators can access the switch’s Command Line Interface (CLI)
id

remotely using protocols such as Telnet or Secure Shell (SSH). This allows for convenient
al

configuration changes, monitoring, and troubleshooting without needing physical access to the
.v

switch1.
w

Reference :=
w
w

• Understanding the Management VLAN

//

• Cisco - VLAN Configuration Guide

s:
tp

• Remote Management of Switches

ht

Assigning an IP address to the management VLAN interface (often the VLAN 1 interface by default)
on a Layer 2 switch allows network administrators to remotely manage the switch using protocols
such as Telnet or SSH. This IP address does not affect the switch's ability to route traffic between
VLANs but provides a means to access and configure the switch through its Command Line Interface
(CLI).

• A: The switch does not act as a default gateway; this is typically a function of a Layer 3 device
like a router.

• B: The switch does not resolve URLs; this is typically a function of DNS servers.

[Link]
Questions and Answers PDF 14/63

• C: The switch can relay DHCP requests but does not typically provide DHCP services itself;
this is usually done by a dedicated DHCP server or router.

Thus, the correct answer is D. To enable access to the CLI on the switch through Telnet or SSH.

Reference :=

• Cisco VLAN Management Overview

• Cisco Catalyst Switch Management

om
Question: 9

.c
ps
m
Which standard contains the specifications for Wi-Fi networks?

du
am
ex
id

A. GSM
al
.v
w

B. LTE
w
// w

C. IEEE 802.11
s:
tp

D. IEEE 802.3
ht

E. EIA/TIA 568A

Answer: C
Explanation:

[Link]
Questions and Answers PDF 15/63

The IEEE 802.11 standard contains the specifications for Wi-Fi networks. It is a set of media access
control (MAC) and physical layer (PHY) specifications for implementing wireless local area network
(WLAN) computer communication in various frequencies, including but not limited to 2.4 GHz, 5
GHz, and 6 GHz1. This standard is maintained by the Institute of Electrical and Electronics Engineers
(IEEE) and is commonly referred to as Wi-Fi. The standard has evolved over time to include several
amendments that improve speed, range, and reliability of wireless networks.

om
Reference :=

• The Most Common Wi-Fi Standards and Types, Explained

.c
ps
• 802.11 Standards Explained: 802.11ax, 802.11ac, 802.11b/g/n, 802.11a

m
• Wi-Fi Standards Explained - GeeksforGeeks

du
=========================
am
ex

Question: 10
id
al
.v

You want to store files that will be accessible by every user on your network.
w
w
w

Which endpoint device do you need?

//
s:
tp

A. Access point
ht

B. Server

C. Hub

D. Switch

[Link]
Questions and Answers PDF 16/63

Answer: B
Explanation:

om
To store files that will be accessible by every user on a network, you would need a server. A server is
a computer system that provides data to other computers. It can serve data to systems on a local

.c
network (LAN) or a wide network (WAN) over the internet. In this context, a file server would be set

ps
up to store and manage files, allowing users on the network to access them from their own devices1.

m
Reference :=

du
What is a Server?
am
Understanding Servers and Their Functions
ex

A server is a computer designed to process requests and deliver data to other computers over a local
network or the internet. In this case, to store files that will be accessible by every user on the
id

network, a file server is the appropriate endpoint device. It provides a centralized location for storing
al

and managing files, allowing users to access and share files easily.
.v

A . Access point: Provides wireless connectivity to a network.

w
w

C . Hub: A basic networking device that connects multiple Ethernet devices together, making them
w

act as a single network segment.

//

D . Switch: A networking device that connects devices on a computer network by using packet
s:

switching to forward data to the destination device.

tp

Thus, the correct answer is B. Server.

ht

Reference :=

File Server Overview (Cisco)

Server Roles in Networking (Cisco)

Question: 11

[Link]
Questions and Answers PDF 17/63

HOTSPOT

Computers in a small office are unable to access [Link]. You run the ipconfig command on
one of the computers. The results are shown in the

exhibit.

You need to determine if you can reach the router.

om
.c
ps
m
du
am
ex
id
al
.v

Which command should you use? Complete the command by selecting the correct options from each
drop-down lists.
w
w
// w
s:
tp
ht

Answer:
Explanation:

[Link]
Questions and Answers PDF 18/63

To determine if you can reach the router, you should use the ping command followed by the IP
address of the router. The ping command is a network utility used to test the reachability of a host on
an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the
originating host to a destination computer.

The Default Gateway in the ipconfig results is typically the router’s IP address in a home or small
office network. In this case, the Default Gateway is [Link], which is the address you would ping
to check connectivity to the router.

Reference :=

om
How to Use the Ping Command

Testing Network Connectivity with the Ping Command

.c
ps
=========================

m
To determine if you can reach the router, you should use the ping command with the IP address of
the router.

Command: ping
du
am
Target: [Link]
ex

So, the completed command is:

id

ping [Link]
al
.v

Step by Step Comprehensive and Detailed Explanation:

w

ping: The ping command sends ICMP Echo Request messages to the target IP address and waits for
w

an Echo Reply. It is commonly used to test the reachability of a network device.

// w

[Link]: This is the IP address of the default gateway (the router) as shown in the ipconfig
s:

output. Pinging this address will help determine if the computer can communicate with the router.
tp

Reference:
ht

Using the ping Command: ping Command Guide

Question: 12

In the network shown in the following graphic, Switch1 is a Layer 2 switch.

[Link]
Questions and Answers PDF 19/63

om
.c
ps
m
du
am
ex

PC-A sends a frame to PC-C. Switch1 does not have a mapping entry for the MAC address of PC-C.
Which action does Switch1 take?
id
al
.v

A. Switch1 queries Switch2 for the MAC address of PC-C.

w
w
w

A. Switch1 drops the frame and sends an error message back to PC-A.
//
s:
tp

B. Switch1 floods the frame out all active ports except port G0/1.
ht

C. Switch1 sends an ARP request to obtain the MAC address of PC-C.

Answer: B
Explanation:

[Link]
Questions and Answers PDF 20/63

In a network, when a Layer 2 switch (like Switch1) receives a frame destined for a MAC address that
is not in its MAC address table, it performs a flooding operation. This means the switch will send the
frame out of all ports except the port on which the frame was received. This flooding ensures that if
the destination device is connected to one of the other ports, it will receive the frame and respond,
allowing the switch to learn its MAC address.

A . Switch1 queries Switch2 for the MAC address of PC-C: This does not happen in Layer 2 switches;
they do not query other switches for MAC addresses.

om
A . Switch1 drops the frame and sends an error message back to PC-A: This is not the default
behavior for unknown unicast frames.

.c
D . Switch1 sends an ARP request to obtain the MAC address of PC-C: ARP is used by devices to map

ps
IP addresses to MAC addresses, not by switches to find unknown MAC addresses.

m
Thus, the correct answer is B. Switch1 floods the frame out all active ports except port G0/1.

du
Reference :=
am
Cisco Layer 2 Switching Overview
ex

Switching Mechanisms (Cisco)

id
al

Question: 13
.v
w
w

HOTSPOT
// w
s:

You purchase a new Cisco switch, turn it on, and connect to its console port. You then run the
tp

following command:
ht

[Link]
Questions and Answers PDF 21/63

om
For each statement about the output, select True or False.

.c
ps
m
Note: You will receive partial credit for each correct selection.

du
am
ex
id
al
.v
w
w
w

Answer:
//

Explanation:
s:
tp
ht

The two interfaces are administratively shut down:

False: The output does not show any "shutdown" command under the interfaces, which would
indicate that they are administratively shut down. Therefore, they are likely in their default state,
which is administratively up.

The two interfaces have default IP addresses assigned:

False: The output does not show any IP address configuration. In the default state, interfaces do not
have IP addresses assigned unless explicitly configured.

The two interfaces can communicate over Layer 2:

[Link]
Questions and Answers PDF 22/63

True: By default, interfaces on a switch are Layer 2 interfaces capable of forwarding Ethernet frames.
As there is no configuration provided that changes this, it can be assumed they can communicate
over Layer 2.

Interface Status: The absence of the "shutdown" command means the interfaces are not
administratively shut down.

IP Address Assignment: There is no evidence in the output that IP addresses have been assigned to
the interfaces, which would typically be shown as "ip address" entries.

om
Layer 2 Communication: Switch interfaces in their default state operate at Layer 2, enabling them to
forward Ethernet frames and participate in Layer 2 communication.

.c
ps
Reference:

m
Cisco IOS Interface Configuration: Cisco Interface Configuration

du
Understanding Cisco Switch Interfaces: Cisco Switch Interfaces
am
ex

Question: 14
DRAG DROP
id
al
.v

Move the MFA factors from the list on the left to their correct examples on the right. You may use
w

each factor once, more than once, or not at all.

w
// w

Note: You will receive partial credit for each correct selection.
s:
tp
ht

Answer:
Explanation:

[Link]
Questions and Answers PDF 23/63

The correct matching of the MFA factors to their examples is as follows:

Entering a one-time security code sent to your device after logging in: Possession

Holding your phone to your face to be recognized: Inherence

Specifying your user name and password to log on to a service: Knowledge

Here’s why each factor matches the example:

Possession: This factor is something the user has, like a mobile device. A one-time security code sent

om
to this device falls under this category.

.c
Inherence: This factor is something the user is, such as a biometric characteristic. Facial recognition

ps
using a phone is an example of this factor.

m
Knowledge: This factor is something the user knows, like a password or PIN.

du
Multi-Factor Authentication (MFA) enhances security by requiring two or more of these factors to
am
verify a user’s identity before granting access.
ex

Entering a one-time security code sent to your device after logging in.
id
al

Factor: Possession
.v

Explanation: This factor relates to something you have, such as a device that receives a security code.
w

Holding your phone to your face to be recognized.

w
w

Factor: Inference (typically referred to as Inherence or Biometric)

//
s:

Explanation: This factor relates to something you are, such as biometric authentication like facial
recognition.
tp
ht

Specifying your username and password to log on to a service.

Factor: Knowledge

Explanation: This factor relates to something you know, such as a username and password.

Possession Factor: This involves something the user has in their possession. Receiving a one-time
security code on a device (e.g., phone) is an example of this.

Inference Factor (Inherence/Biometric): This involves something inherent to the user, such as

[Link]
Questions and Answers PDF 24/63

biometric verification (e.g., facial recognition or fingerprint scanning).

Knowledge Factor: This involves something the user knows, such as login credentials (username and
password).

Reference:

Multi-Factor Authentication (MFA) Explained: MFA Guide

Understanding Authentication Factors: Authentication Factors

om
Question: 15

.c
ps
A Cisco switch is not accessible from the network. You need to view its running configuration.

m
du
Which out-of-band method can you use to access it?
am
ex

A. SNMP
id
al

B. Console
.v
w
w

C. SSH
// w
s:

D. Telnet
tp
ht

Answer: B
Explanation:

[Link]
Questions and Answers PDF 25/63

om
.c
When a Cisco switch is not accessible from the network, the recommended out-of-band method to

ps
access its running configuration is through the console port. Out-of-band management involves
accessing the network device through a dedicated management channel that is not part of the data

m
network. The console port provides direct access to the switch’s Command Line Interface (CLI)

du
without using the network, which is essential when the switch cannot be accessed remotely via the
network12.
am
Reference :=
ex

Out-of-band (OOB) network interface configuration guidelines

id

Out of band management configuration

al
.v

=========================
w

If you have any more questions or need further assistance, feel free to ask!
w
// w

Question: 16
s:
tp
ht

Which command will display the following output?

[Link]
Questions and Answers PDF 26/63

om
.c
ps
A. show mac-address-table

m
B. show cdp neighbor du
am
ex

C. show inventory
id
al
.v

D. show ip interface
w
w
w

Answer: B
//

Explanation:
s:
tp
ht

The command that will display the output provided, which includes capability codes, local interface
details, device IDs, hold times, and platform port ID capabilities, is the show cdp neighbor command.
This command is used in Cisco devices to display current information about neighboring devices
detected by Cisco Discovery Protocol (CDP), which includes details such as the interface through
which the neighbor is connected, the type of device, and the port ID of the device1.

Reference :=

• Cisco - show cdp neighbors

[Link]
Questions and Answers PDF 27/63

The provided output is from the Cisco Discovery Protocol (CDP) neighbor table. The show cdp
neighbor command displays information about directly connected Cisco devices, including Device ID,
Local Interface, Holdtime, Capability, Platform, and Port ID.

• A. show mac-address-table: Displays the MAC address table on the switch.

• C. show inventory: Displays information about the hardware inventory of the device.

• D. show ip interface: Displays IP interface status and configuration.

Thus, the correct answer is B. show cdp neighbor.

om
Reference :=

• Cisco CDP Neighbor Command

.c
ps
• Understanding CDP

m
du
am
Question: 17
ex
id
al

A support technician examines the front panel of a Cisco switch and sees 4 Ethernet cables
.v

connected in the first four ports. Ports 1, 2, and 3 have a green

w

LED. Port 4 has a blinking green light.

w
// w

What is the state of the Port 4?

s:
tp
ht

A. Link is up with cable malfunctions.

B. Link is up and not stable.

C. Link is up and active.

[Link]
Questions and Answers PDF 28/63

D. Link is up and there is no activity.

Answer: C
Explanation:

om
On a Cisco switch, a port with a blinking green LED typically indicates that the port is up (active) and

.c
is currently transmitting or receiving data. This is a normal state indicating active traffic on the port.

ps
• A. Link is up with cable malfunctions: Usually indicated by an amber or blinking amber light.

m
• B. Link is up and not stable: Not typically indicated by a green blinking light.

du
• D. Link is up and there is no activity: Would be indicated by a solid green light without
am
blinking.

Thus, the correct answer is C. Link is up and active.

ex

Reference :=
id
al

• Cisco Switch LED Indicators

.v

• Cisco Ethernet Switch LED Patterns

w
w
w

Question: 18
//
s:
tp
ht

Which component of the AAA service security model provides identity verification?

A. Authorization

[Link]
Questions and Answers PDF 29/63

B. Auditing

C. Authentication

D. Accounting

om
Answer: C
Explanation:

.c
ps
The AAA service security model consists of three components: Authentication, Authorization, and

m
Accounting.

du
• Authentication: This is the process of verifying the identity of a user or device. It ensures that
am
only legitimate users can access the network or service.

• Authorization: This determines what an authenticated user is allowed to do or access within

ex

the network.
id

• Auditing/Accounting: This component tracks the actions of the user, including what
al

resources they access and what changes they make.

.v

Thus, the correct answer is C. Authentication.

w
w

Reference :=
w

• Cisco AAA Overview

//
s:

• Understanding AAA (Authentication, Authorization, and Accounting)

tp
ht

Question: 19

A help desk technician receives the four trouble tickets listed below. Which ticket should receive the
highest priority and be addressed first?

[Link]
Questions and Answers PDF 30/63

A. Ticket 1: A user requests relocation of a printer to a different network jack in the same office. The
jack must be patched and made active.

B. Ticket 2: An online webinar is taking place in the conference room. The video conferencing
equipment lost internet access.

om
C. Ticket 3: A user reports that response time for a cloud-based application is slower than usual.

.c
ps
m
D. Ticket 4: Two users report that wireless access in the cafeteria has been down for the last hour.

du
am
Answer: B
Explanation:
ex
id
al

When prioritizing trouble tickets, the most critical issues affecting business operations or high-impact
.v

activities should be addressed first. Here's a breakdown of the tickets:

w

Ticket 1: Relocation of a printer, while necessary, is not urgent and does not impact critical
w

operations.
w

Ticket 2: An ongoing webinar losing internet access is critical, especially if the webinar is time-
//

sensitive and involves multiple participants.

s:
tp

Ticket 3: Slower response time for a cloud-based application is important but typically not as urgent
as a complete loss of internet access for a live event.
ht

Ticket 4: Wireless access down in the cafeteria affects users but does not have the same immediate
impact as a live webinar losing connectivity.

Thus, the correct answer is B. Ticket 2: An online webinar is taking place in the conference room. The
video conferencing equipment lost internet access.

Reference :=

IT Help Desk Best Practices

[Link]
Questions and Answers PDF 31/63

Prioritizing IT Support Tickets

Question: 20

A user reports that a company website is not available. The help desk technician issues a tracert
command to determine if the server hosting the website is reachable over the network. The output
of the command is shown as follows:

om
.c
ps
m
du
am
ex
id
al

What can you tell from the command output?

.v
w
w
// w
s:

A. The router at hop 3 is not forwarding packets to the IP address [Link].

tp
ht

B. The server address [Link] is being blocked by a firewall on the router at hop 3.

C. The server with the address [Link] is reachable over the network.

D. Requests to the web server at [Link] are being delayed and time out.

[Link]
Questions and Answers PDF 32/63

Answer: C
Explanation:

The tracert command output shows the path taken to reach the destination IP address, [Link].
The command output indicates:

• Hops 1 and 2 are successfully reached.

• Hop 3 times out, meaning the router at hop 3 did not respond to the tracert request.
However, this does not necessarily indicate a problem with forwarding packets, as some routers may

om
be configured to block or not respond to ICMP requests.

.c
• Hops 4 and 5 are successfully reached, with hop 5 being the destination IP [Link],

ps
indicating that the server is reachable.

m
Thus, the correct answer is C. The server with the address [Link] is reachable over the

du
network. am
Reference :=

• Cisco Traceroute Command

ex

• Understanding Traceroute
id
al
.v

The tracert command output indicates that the server with the address [Link] is reachable
w

over the network. The asterisk (*) at hop 3 suggests that the probe sent to that hop did not return a
w

response, which could be due to a variety of reasons such as a firewall blocking ICMP packets or the
w

router at that hop being configured not to respond to ICMP requests. However, since the subsequent
hops (4 and 5) are showing response times, it means that the packets are indeed getting through and
//
s:

the server is reachable12.

tp

Reference :=
ht

• How to Use Traceroute Command to Read Its Results

• How to Use the Tracert Command in Windows

Question: 21

[Link]
Questions and Answers PDF 33/63

Which wireless security option uses a pre-shared key to authenticate clients?

A. WPA2-Personal

om
B. 802.1x

.c
ps
m
C. 802.1q

du
am
D. WPA2-Enterprise
ex
id

Answer: A
Explanation:
al
.v
w

WPA2-Personal, also known as WPA2-PSK (Pre-Shared Key), is the wireless security option that uses a
w

pre-shared key to authenticate clients. This method is designed for home and small office networks
w

and doesn’t require an authentication server. Instead, every user on the network uses the same key
//

or passphrase to connect1.
s:
tp

Reference :=
ht

• What is a Wi-Fi Protected Access Pre-Shared Key (WPA-PSK)?

• Exploring WPA-PSK and WiFi Security

=========================

• WPA2-Personal: This wireless security option uses a pre-shared key (PSK) for authentication.
Each client that connects to the network must use this key to gain access. It is designed for home and
small office networks where simplicity and ease of use are important.

• WPA2-Enterprise: Unlike WPA2-Personal, WPA2-Enterprise uses 802.1x authentication with

an authentication server (such as RADIUS) and does not rely on a pre-shared key.

[Link]
Questions and Answers PDF 34/63

• 802.1x: This is a network access control protocol for LANs, particularly wireless LANs. It
provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

• 802.1q: This is a networking standard that supports VLAN tagging on Ethernet networks and
is not related to wireless security.

Reference:

• Cisco Documentation on WPA2 Security: Cisco WPA2

• Understanding Wireless Security: Wireless Security Guide

om
Question: 22

.c
ps
m
du
am
Which information is included in the header of a UDP segment?
ex
id
al

A. IP addresses
.v
w
w

B. Sequence numbers
// w
s:

C. Port numbers
tp
ht

D. MAC addresses

Answer: C
Explanation:

The header of a UDP (User Datagram Protocol) segment includes port numbers. Specifically, it

[Link]
Questions and Answers PDF 35/63

contains the source port number and the destination port number, which are used to identify the
sending and receiving applications. UDP headers do not include IP addresses or MAC addresses, as
those are part of the IP and Ethernet frame headers, respectively. Additionally, UDP does not use
sequence numbers, which are a feature of TCP (Transmission Control Protocol) for ensuring reliable
delivery of data segments1.

Reference :=

Segmentation Explained with TCP and UDP Header

User Datagram Protocol (UDP) - GeeksforGeeks

om
Which three fields are used in a UDP segment header

.c
=========================

ps
UDP Header: The header of a UDP segment includes the following key fields:

m
Source Port: The port number of the sending application.

Destination Port: The port number of the receiving application.

du
am
Length: The length of the UDP header and data.
ex

Checksum: Used for error-checking the header and data.

id

IP Addresses: These are included in the IP header, not the UDP header.
al

Sequence Numbers: These are part of the TCP header, not UDP.
.v
w

MAC Addresses: These are part of the Ethernet frame header and are not included in the UDP
w

header.
w

Reference:
//
s:

RFC 768 - User Datagram Protocol: RFC 768

tp

Cisco Guide on UDP: Cisco UDP Guide

ht

Question: 23

DRAG DROP

Move the security options from the list on the left to its characteristic on the right. You may use each
security option once, more than once, or not at all.

[Link]
Questions and Answers PDF 36/63

Note: You will receive partial credit for each correct answer.

om
.c
ps
m
du Answer:
am
Explanation:
ex
id

The correct matching of the security options to their characteristics is as follows:

al

WPA2-Enterprise: Uses a RADIUS server for authentication

.v

WEP: Uses a minimum of 40 bits for encryption

w
w

WPA2-Personal: Uses AES and a pre-shared key for authentication

w

Here’s why each security option matches the characteristic:

//
s:

WPA2-Enterprise uses a RADIUS server for authentication, which provides centralized

tp

Authentication, Authorization, and Accounting (AAA) management for users who connect and use a
network service.
ht

WEP (Wired Equivalent Privacy) is an outdated security protocol that uses a minimum of 40 bits for
encryption (and up to 104 bits), which is relatively weak by today’s standards.

WPA2-Personal (Wi-Fi Protected Access 2 - Personal) uses the Advanced Encryption Standard (AES)
for encryption and a pre-shared key (PSK) for authentication, which is shared among users to access
the network.

These security options are essential for protecting wireless networks from unauthorized access and
ensuring data privacy.

[Link]
Questions and Answers PDF 37/63

Question: 24
HOTSPOT

You want to list the IPv4 addresses associated with the host name [Link].

Complete the command by selecting the correct option from each drop-down list.

om
.c
ps
m
du
am
ex
id
al
.v
w
w

Answer:
w

Explanation:
//
s:
tp

To list the IPv4 addresses associated with the host name [Link], you should use the
ht

following command:

nslookup [Link]

This command will query the DNS servers to find the IP address associated with the hostname
provided. If you want to ensure that it returns the IPv4 address, you can specify the -type=A option,
which stands for Address records that hold IPv4 addresses1. However, the nslookup command by
default should return the IPv4 address if available.

To list the IPv4 addresses associated with the host name [Link], you should use the
nslookup command.

[Link]
Questions and Answers PDF 38/63

Command: nslookup

Target: [Link]

So, the completed command is:

nslookup [Link]

nslookup: This command is used to query the Domain Name System (DNS) to obtain domain name or
IP address mapping or for any other specific DNS record.

om
[Link]: This is the domain name you want to query to obtain its associated IP
addresses.

.c
ps
Reference:

m
Using nslookup: nslookup Command Guide

du
am
Question: 25
HOTSPOT
ex
id
al

An app on a user's computer is having problems downloading dat

.v

a. The app uses the following URL to download data:

w
w
w

[Link]
//
s:
tp

You need to use Wireshark to capture packets sent to and received from that URL.
ht

Which Wireshark filter options would you use to filter the results? Complete the command by
selecting the correct option from each drop-down list.

Note: You will receive partial credit for each correct selection.

[Link]
Questions and Answers PDF 39/63

Answer:

om
Explanation:

.c
ps
To capture packets sent to and received from the URL [Link] using
Wireshark, you would use the following filter options:

m
du
Protocol: tcp am
Filter Type: port

Port Number: 7100

ex

This filter setup in Wireshark will display all TCP packets that are sent to or received from port 7100,
id

which is the port specified in the URL for the API service. Since HTTPS typically uses TCP as the
al

transport layer protocol, filtering by TCP and the specific port number will help isolate the relevant
.v

packets for troubleshooting the app’s data download issues.

w

cp: The app is using HTTPS, which relies on the TCP protocol for communication.
w
w

port: The specific port number used by the application, which in this case is 7100.
//

7100: This is the port specified in the URL ([Link]

s:
tp

This filter will capture all TCP traffic on port 7100, allowing you to analyze the packets related to the
application's data download.
ht

Reference:

Wireshark Filters: Wireshark Display Filters

Question: 26

[Link]
Questions and Answers PDF 40/63

An engineer configured a new VLAN named VLAN2 for the Data Center team. When the team tries to
ping addresses outside VLAN2 from a computer in

VLAN2, they are unable to reach them.

What should the engineer configure?

om
.c
A. Additional VLAN

ps
m
B. Default route

du
am
C. Default gateway
ex
id

D. Static route
al
.v
w

Answer: C
w

Explanation:
// w
s:
tp

When devices within a VLAN are unable to reach addresses outside their VLAN, it typically indicates
ht

that they do not have a configured path to external networks. The engineer should configure a
default gateway for VLAN2. The default gateway is the IP address of the router’s interface that is
connected to the VLAN, which will route traffic from the VLAN to other networks12.

Reference :=

• Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature

• VLAN 2 not able to ping gateway - Cisco Community

=========================

[Link]
Questions and Answers PDF 41/63

• VLANs: Virtual Local Area Networks (VLANs) logically segment network traffic to improve
security and performance. Devices within the same VLAN can communicate directly.

• Default Gateway: For devices in VLAN2 to communicate with devices outside their VLAN,
they need a default gateway configured. The default gateway is typically a router or Layer 3 switch
that routes traffic between different VLANs and subnets.

• Additional VLAN: Not needed in this scenario as the issue is related to routing traffic outside
VLAN2, not creating another VLAN.

• Default Route: While a default route on the router may be necessary, the primary issue for

om
devices within VLAN2 is to have a configured default gateway.

• Static Route: This is used on routers to manually specify routes to specific networks but does

.c
not address the need for a default gateway on the client devices.

ps
Reference:

m
• Cisco VLAN Configuration Guide: Cisco VLAN Configuration

• Understanding and Configuring VLANs: VLANs Guide

du
am
ex

Question: 27
id
al
.v
w
w
// w

A host is given the IP address [Link] and the subnet mask [Link].
s:
tp

What is the CIDR notation for this address?

ht

A. [Link] /23

B. [Link] /20

C. [Link] /21

[Link]
Questions and Answers PDF 42/63

D. [Link] /22

Answer: D
Explanation:

om
The CIDR (Classless Inter-Domain Routing) notation for the subnet mask [Link] is /22. This

.c
notation indicates that the first 22 bits of the IP address are used for network identification, and the
remaining bits are used for host addresses within the network1.

ps
Reference :=

m
du
• Subnet Cheat Sheet – 24 Subnet Mask, 30, 26, 27, 29, and other IP Address CIDR Network
Reference
am
=========================
ex

• Subnet Mask to CIDR Notation: The given subnet mask is [Link]. To convert this to
id

CIDR notation:
al

• Convert the subnet mask to binary: 11111111.11111111.11111100.00000000

.v

• Count the number of consecutive 1s in the binary form: There are 22 ones.
w
w

• Therefore, the CIDR notation is /22.

w

Reference:
//
s:

• Understanding Subnetting and CIDR: Cisco CIDR Guide

tp
ht

Question: 28

You need to connect a computer's network adapter to a switch using a 1000BASE-T cable.

Which connector should you use?

[Link]
Questions and Answers PDF 43/63

A. Coax

B. RJ-11

om
C. OS2 LC

.c
ps
m
D. RJ-45

du
am
Answer: D
Explanation:
ex
id

• 1000BASE-T Cable: This refers to Gigabit Ethernet over twisted-pair cables (Cat 5e or higher).
al
.v

• Connector: RJ-45 connectors are used for Ethernet cables, including those used for
w

1000BASE-T.
w

• Coax: Used for cable TV and older Ethernet standards like 10BASE2.
// w

• RJ-11: Used for telephone connections.

s:

• OS2 LC: Used for fiber optic connections.

tp

Reference:
ht

• Ethernet Standards and Cables: Ethernet Cable Guide

Question: 29

A user initiates a trouble ticket stating that an external web page is not loading. You determine that
other resources both internal and external are still reachable.

[Link]
Questions and Answers PDF 44/63

Which command can you use to help locate where the issue is in the network path to the external
web page?

A. ping -t

om
.c
B. tracert

ps
m
C. ipconfig/all

du
am
D. nslookup
ex
id

Answer: B
al

Explanation:
.v
w
w

The tracert command is used to determine the route taken by packets across an IP network. When a
w

user reports that an external web page is not loading, while other resources are accessible, it
//

suggests there might be an issue at a certain point in the network path to the specific web page. The
s:

tracert command helps to diagnose where the breakdown occurs by displaying a list of routers that
tp

the packets pass through on their way to the destination. It can identify the network segment where
the packets stop progressing, which is valuable for pinpointing where the connectivity issue lies.
ht

Reference := Cisco CCST Networking Certification FAQs – CISCONET Training Solutions, Command
Prompt (CMD): 10 network-related commands you should know, Network Troubleshooting
Commands Guide: Windows, Mac & Linux - Comparitech, How to Use the Traceroute and Ping
Commands to Troubleshoot Network, Network Troubleshooting Techniques: Ping, Traceroute,
PathPing.

• tracert Command: This command is used to determine the path packets take to reach a
destination. It lists all the hops (routers) along the way and can help identify where the delay or

[Link]
Questions and Answers PDF 45/63

failure occurs.

• ping -t: This command sends continuous ping requests and is useful for determining if a host
is reachable but does not provide path information.

• ipconfig /all: This command displays all current TCP/IP network configuration values and can
be used to verify network settings but not to trace a network path.

• nslookup: This command queries the DNS to obtain domain name or IP address mapping,
useful for DNS issues but not for tracing network paths.

Reference:

om
• Microsoft tracert Command: tracert Command Guide

.c
• Troubleshooting Network Issues with tracert: Network Troubleshooting Guide

ps
m
du
Question: 30
am
ex

Which two statements are true about the IPv4 address of the default gateway configured on a host?
id

(Choose 2.)
al
.v

Note: You will receive partial credit for each correct selection.
w
w
w

A. The IPv4 address of the default gateway must be the first host address in the subnet.
//
s:
tp

B. The same default gateway IPv4 address is configured on each host on the local network.
ht

C. The default gateway is the Loopback0 interface IPv4 address of the router connected to the same
local network as the host.

D. The default gateway is the IPv4 address of the router interface connected to the same local
network as the host.

[Link]
Questions and Answers PDF 46/63

E. Hosts learn the default gateway IPv4 address through router advertisement messages.

Answer: BD
Explanation:

om
• Statement B: "The same default gateway IPv4 address is configured on each host on the local

.c
network." This is true because all hosts on the same local network (subnet) use the same default
gateway IP address to send packets destined for other networks.

ps
• Statement D: "The default gateway is the IPv4 address of the router interface connected to

m
the same local network as the host." This is true because the default gateway is the IP address of the

du
router's interface that is directly connected to the local network.
am
• Statement A: "The IPv4 address of the default gateway must be the first host address in the
subnet." This is not necessarily true. The default gateway can be any address within the subnet
ex

range.
id

• Statement C: "The default gateway is the Loopback0 interface IPv4 address of the router
al

connected to the same local network as the host." This is not true; the default gateway is the IP
.v

address of the router's physical or logical interface connected to the local network.
w

• Statement E: "Hosts learn the default gateway IPv4 address through router advertisement
w

messages." This is generally true for IPv6 with Router Advertisement (RA) messages, but not typically
w

how IPv4 hosts learn the default gateway address.

//
s:

Reference:
tp

• Cisco Default Gateway Configuration: Cisco Default Gateway

ht

Question: 31

Which command will display all the current operational settings configured on a Cisco router?

[Link]
Questions and Answers PDF 47/63

A. show protocols

B. show startup-config

C. show version

om
.c
ps
D. show running-config

m
du
Answer: D
Explanation:
am
ex
id
al
.v
w
w
// w
s:
tp

The show running-config command is used on a Cisco router to display the current operational
settings that are actively configured in the router’s RAM. This command outputs all the
ht

configurations that are currently being executed by the router, which includes interface
configurations, routing protocols, access lists, and other settings. Unlike show startup-config, which
shows the saved configuration that the router will use on the next reboot, show running-config
reflects the live, current configuration in use.

Reference := The information is supported by multiple sources that detail the use of Cisco
commands, particularly the show running-config command as the standard for viewing the active
configuration on a Cisco device123.

[Link]
Questions and Answers PDF 48/63

show running-config: This command displays the current configuration running on the router. It
includes all the operational settings and configurations applied to the router.

show protocols: This command shows the status of configured protocols on the router but not the
entire configuration.

show startup-config: This command displays the configuration saved in NVRAM, which is used to
initialize the router on startup, but not necessarily the current running configuration.

show version: This command provides information about the router's software version, hardware
components, and uptime but does not display the running configuration.

om
Reference:

.c
Cisco IOS Commands: Cisco IOS Commands

ps
m
Question: 32

du
am
DRAG DROP
ex
id

Examine the connections shown in the following image. Move the cable types on the right to the
al

appropriate connection description on the left. You may

.v

use each cable type more than once or not at all.

w
w
// w
s:
tp
ht

[Link]
Questions and Answers PDF 49/63

om
Answer:

.c
Explanation:

ps
m
du
Based on the image description provided, here are the cable types matched with the appropriate
connection descriptions:
am
Connects Switch S1 to Router R1 Gi0/0/1 interface Cable Type: = Straight-through UTP Cable
ex

Connects Router R2 Gi0/0/0 to Router R3 Gi0/0/0 via underground conduit Cable Type: = Fiber Optic
id

Cable
al

Connects Router R1 Gi0/0/0 to Router R2 Gi0/0/1 Cable Type: = Crossover UTP Cable
.v

Connects Switch S3 to Server0 network interface card Cable Type: = Straight-through UTP Cable
w
w

The choices are based on standard networking practices where:

w

Straight-through UTP cables are typically used to connect a switch to a router or a network interface
//

card.
s:
tp

Fiber optic cables are ideal for long-distance, high-speed data transmission, such as connections
through an underground conduit.
ht

Crossover UTP cables are used to connect similar devices, such as router-to-router connections.

These matches are consistent with the color-coded cables in the image: green for switch
connections, yellow for router-to-router connections within the same rack, and blue for inter-rack
connections. The use of these cables follows the Ethernet cabling standards.

Connects Switch S1 to Router R1 Gi0/0/1 interface:

[Link]
Questions and Answers PDF 50/63

Cable Type: Straight-through UTP Cable

Explanation: A straight-through UTP cable is typically used to connect different types of devices, such
as a switch to a router.

Connects Router R2 Gi0/0/0 to Router R3 Gi0/0/0 via underground conduit:

Cable Type: Fiber Optic Cable

Explanation: Fiber optic cables are used for long-distance connections, such as those through an
underground conduit between buildings.

om
Connects Router R1 Gi0/0/0 to Router R2 Gi0/0/1:

Cable Type: Crossover UTP Cable

.c
ps
Explanation: A crossover UTP cable is typically used to connect similar devices directly, such as router
to router connections.

m
du
Connects Switch S3 to Server0 network interface card: am
Cable Type: Straight-through UTP Cable

Explanation: A straight-through UTP cable is typically used to connect a switch to an end device, such
ex

as a server.
id
al

Straight-through UTP Cable: Used to connect different devices (e.g., switch to router, switch to
.v

server).
w
w

Crossover UTP Cable: Used to connect similar devices directly (e.g., router to router, switch to
w

switch).
//

Fiber Optic Cable: Used for long-distance and high-speed connections, often between buildings or
s:

data centers.
tp

Reference:
ht

Network Cable Types and Uses: Cisco Network Cables

Understanding Ethernet Cabling: Ethernet Cable Guide

Question: 33
DRAG DROP

[Link]
Questions and Answers PDF 51/63

Move each cloud computing service model from the list on the left to the correct example on the
right

Note: You will receive partial credit for each correct answer.

om
.c
ps
m
du Answer:
am
Explanation:
ex

Three virtual machines are connected by a virtual network in the cloud.

id
al

Model: IaaS (Infrastructure as a Service)

.v

Explanation: IaaS provides virtualized computing resources over the internet, including virtual
w

machines, storage, and networks.

w

Users access a web-based graphics design application in the cloud for a monthly fee.
// w

Model: SaaS (Software as a Service)

s:
tp

Explanation: SaaS delivers software applications over the internet, typically on a subscription basis,
accessible via a web browser.
ht

A company develops applications using cloud-based resources and tools.

Model: PaaS (Platform as a Service)

Explanation: PaaS provides a platform allowing customers to develop, run, and manage applications
without dealing with the infrastructure.

IaaS (Infrastructure as a Service): Provides virtualized hardware resources that customers can use to
build their own computing environments.

[Link]
Questions and Answers PDF 52/63

PaaS (Platform as a Service): Offers a platform with tools and services to develop, test, and deploy
applications.

SaaS (Software as a Service): Delivers fully functional applications over the internet that users can
access and use without managing the underlying infrastructure.

Reference:

Cloud Service Models: Understanding IaaS, PaaS, SaaS

NIST Definition of Cloud Computing: NIST Cloud Computing

om
Question: 34

.c
ps
Examine the following output:

m
du
am
ex
id
al
.v
w
w
// w
s:
tp

Which two conclusions can you make from the output of the tracert command? (Choose 2.)
ht

Note: You will receive partial credit for each correct answer.

A. The trace successfully reached the [Link] server.

B. The trace failed after the fourth hop.

[Link]
Questions and Answers PDF 53/63

C. The IPv6 address associated with the [Link] server is [Link] c400: 38d: : b33.

D. The routers at hops 5 and 6 are offline.

E. The device sending the trace has IPv6 address [Link] :: b33.

om
.c
ps
m
Answer: AC

du
Explanation: am
• Statement A: "The trace successfully reached the [Link] server." This is true as
ex

indicated by the "Trace complete" message at the end, showing that the trace has reached its
destination.
id
al

• Statement C: "The IPv6 address associated with the [Link] server is

.v

[Link]." This is true because the final hop in the trace, which is the destination,
has this IPv6 address.
w
w

• Statement B: "The trace failed after the fourth hop." This is incorrect as the trace continues
w

beyond the fourth hop, despite some intermediate timeouts.

//

• Statement D: "The routers at hops 5 and 6 are offline." This is not necessarily true. The
s:

routers might be configured to not respond to traceroute requests.

tp

• Statement E: "The device sending the trace has IPv6 address [Link]." This
ht

is incorrect; this address belongs to the destination server, not the sender.

Reference:

• Understanding Traceroute: Traceroute Guide

Question: 35

[Link]
Questions and Answers PDF 54/63

Which two pieces of information should you include when you initially create a support ticket?
(Choose 2.)

A. A detailed description of the fault

om
.c
B. Details about the computers connected to the network

ps
m
C. A description of the conditions when the fault occurs

du
am
D. The actions taken to resolve the fault
ex
id

E. The description of the top-down fault-finding procedure

al
.v
w

Answer: AC
w

Explanation:
// w
s:

Statement A: "A detailed description of the fault." This is essential for support staff to understand the
tp

nature of the problem and begin troubleshooting effectively.

ht

Statement C: "A description of the conditions when the fault occurs." This helps in reproducing the
issue and identifying patterns that might indicate the cause of the fault.

Statement B: "Details about the computers connected to the network." While useful, this is not as
immediately critical as understanding the fault itself and the conditions under which it occurs.

Statement D: "The actions taken to resolve the fault." This is important but typically follows the initial
report.

Statement E: "The description of the top-down fault-finding procedure." This is more of a

troubleshooting methodology than information typically included in an initial support ticket.

[Link]
Questions and Answers PDF 55/63

Reference:

Best Practices for Submitting Support Tickets: Support Ticket Guidelines

Question: 36

DRAG DROP

om
Move each network type from the list on the left to the correct example on the right.

.c
ps
m
du
am
ex
id
al
.v
w
w

Answer:
w

Explanation:
//
s:
tp

Two home office computers are connected to a switch by Ethernet cables.

ht

Network Type: LAN (Local Area Network)

Explanation: A LAN connects devices within a limited area such as a home, office, or building, using
Ethernet cables or Wi-Fi.

Three government buildings in the same city connect to a cable company over coaxial cables.

Network Type: MAN (Metropolitan Area Network)

Explanation: A MAN connects networks across a city or campus, often using fiber optic or coaxial
cables.

[Link]
Questions and Answers PDF 56/63

A cell phone connects to a Bluetooth headset.

Network Type: PAN (Personal Area Network)

Explanation: A PAN connects devices within a personal workspace, typically using wireless
technologies like Bluetooth.

A financial institution connects its branches through a telecommunications service provider.

Network Type: WAN (Wide Area Network)

Explanation: A WAN connects multiple LANs over long distances, often using leased lines or satellite

om
links provided by telecommunications companies.

.c
ps
LAN (Local Area Network): Used for connecting devices within a small geographical area such as a
single building or home.

m
du
MAN (Metropolitan Area Network): Covers a larger geographical area than a LAN, typically a city or
campus.
am
PAN (Personal Area Network): Connects devices within the range of an individual person, such as
ex

connecting a phone to a Bluetooth headset.

id

WAN (Wide Area Network): Spans large geographical areas, connecting multiple LANs across cities,
countries, or continents.
al
.v

Reference:
w

Network Types Overview: Cisco Networking Basics

w
w

Understanding Different Network Types: Network Types Guide

//
s:
tp

Question: 37
HOTSPOT
ht

You plan to use a network firewall to protect computers at a small office.

For each statement about firewalls, select True or False.

Note: You will receive partial credit for each correct selection.

[Link]
Questions and Answers PDF 57/63

om
.c
ps
m
Answer:
Explanation:

du
am
A firewall can direct all web traffic to a specific IP address.
ex

True: Firewalls can be configured to perform Network Address Translation (NAT) and port forwarding,
id

which can direct all web traffic (typically on port 80 and 443) to a specific internal IP address.
al

A firewall can block traffic to specific ports on internal computers.

.v
w

True: Firewalls can be configured with access control lists (ACLs) or rules to block traffic to specific
w

ports on internal computers, enhancing security by restricting unwanted or harmful traffic.

w

A firewall can prevent specific apps from running on a computer.

//
s:

False: Firewalls typically control traffic flow and do not prevent specific applications from running on
tp

a computer. Application control is usually managed by endpoint security software or application

control systems.
ht

Directing Web Traffic: Firewalls can manage traffic redirection using NAT and port forwarding rules to
route web traffic to designated servers or devices within the network.

Blocking Specific Ports: Firewalls can enforce security policies by blocking or allowing traffic based on
port numbers, ensuring that only permitted traffic reaches internal systems.

Application Control: While firewalls manage network traffic, preventing applications from running
typically requires software specifically designed for endpoint protection and application

[Link]
Questions and Answers PDF 58/63

management.

Reference:

Understanding Firewalls: Firewall Capabilities

Network Security Best Practices: Network Security Guide

Question: 38
DRAG DROP

om
.c
Move each protocol from the list on the left to the correct TCP/IP model layer on the right.

ps
m
du
Note: You will receive partial credit for each correct match.
am
ex
id
al
.v
w
w
// w
s:
tp

Answer:
ht

Explanation:

Here’s how each protocol aligns with the correct TCP/IP model layer:

TCP (Transmission Control Protocol): This protocol belongs to the Transport layer, which is
responsible for providing communication between applications on different hosts1.

IP (Internet Protocol): IP is part of the Internetwork layer, which is tasked with routing packets across
network boundaries to their destination1.

[Link]
Questions and Answers PDF 59/63

FTP (File Transfer Protocol): FTP operates at the Application layer, which supports application and
end-user processes. It is used for transferring files over the network1.

Ethernet: While not a protocol within the TCP/IP stack, Ethernet is associated with the Network
Interface layer, which corresponds to the link layer of the TCP/IP model and is responsible for the
physical transmission of data1.

The TCP/IP model layers are designed to work collaboratively to transmit data from one layer to
another, with each layer having specific protocols that perform functions necessary for the data
transmission process1.

om
TCP:

.c
ps
TCP Model Layer: Transport

m
Explanation: The Transport layer is responsible for end-to-end communication and error handling.
TCP (Transmission Control Protocol) operates at this layer to provide reliable, ordered, and error-

du
checked delivery of data.
am
IP:
ex

TCP Model Layer: Internetwork

id

Explanation: The Internetwork layer, also known as the Internet layer, is responsible for logical
al

addressing and routing. IP (Internet Protocol) operates at this layer to route packets across networks.
.v

FTP:
w

TCP Model Layer: Application

w
w

Explanation: The Application layer provides network services to applications. FTP (File Transfer
//

Protocol) operates at this layer to transfer files between computers over a network.
s:

Ethernet:
tp
ht

TCP Model Layer: Network

Explanation: The Network layer, also known as the Link layer in the TCP/IP model, is responsible for
physical addressing and access to the physical medium. Ethernet operates at this layer to provide the
physical and data link functions.

Transport Layer: This layer is responsible for providing communication services directly to the
application processes running on different hosts. TCP is a core protocol in this layer.

Internetwork Layer: This layer is responsible for logical addressing, routing, and packet forwarding. IP

[Link]
Questions and Answers PDF 60/63

is the primary protocol for this layer.

Application Layer: This layer interfaces directly with application processes and provides common
network services. FTP is an example of a protocol operating in this layer.

Network Layer: In the TCP/IP model, this layer includes both the data link and physical layers of the
OSI model. Ethernet is a protocol used in this layer to define network standards and communication
protocols at the data link and physical levels.

Reference:

TCP/IP Model Overview: Cisco TCP/IP Model

om
Understanding the TCP/IP Model: TCP/IP Layers

.c
ps
Question: 39

m
Which address is included in the [Link]/24 network?
du
am
ex

A. [Link]
id
al
.v

B. [Link]
w
w

C. [Link]
// w
s:
tp

D. [Link]
ht

Answer: B
Explanation:

• [Link]/24 Network: This subnet includes all addresses from [Link] to

[Link]
Questions and Answers PDF 61/63

[Link]. The /24 indicates a subnet mask of [Link], which allows for 256 addresses.

• [Link]: This address is in the [Link]/24 subnet, not the [Link]/24

subnet.

• [Link]: This address is within the [Link]/24 subnet.

• [Link]: This address is in the [Link]/24 subnet, not the [Link]/24

subnet.

• [Link]: This address is in the [Link]/24 subnet, not the [Link]/24 subnet.

om
Reference:

• Subnetting Guide: Subnetting Basics

.c
ps
m
Question: 40

du
am
ex
id
al

Which device protects the network by permitting or denying traffic based on IP address, port
.v

number, or application?
w
w

A. Firewall
// w
s:
tp

B. Access point
ht

C. VPN gateway

D. Intrusion detection system

Answer: A
Explanation:

[Link]
Questions and Answers PDF 62/63

Firewall: A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. It permits or denies traffic based on IP
addresses, port numbers, or applications.

Access Point: This is a device that allows wireless devices to connect to a wired network using Wi-Fi.
It does not perform traffic filtering based on IP, port, or application.

VPN Gateway: This device allows for secure connections between networks over the internet, but it
is not primarily used for traffic filtering based on IP, port, or application.

om
Intrusion Detection System (IDS): This device monitors network traffic for suspicious activity and
policy violations, but it does not actively permit or deny traffic.

.c
ps
Reference:

m
Understanding Firewalls: Firewall Basics

du
am
ex
id
al
.v
w
w
// w
s:
tp
ht

[Link]
Questions and Answers PDF 63/63

Thank you for your visit.

To try more exams, please visit below link
[Link]

om
.c
ps
m
du
am
ex
id
al
.v
w
w
// w
s:
tp
ht

[Link]