What is the function of a qos trust boundary
What is the function of a qos trust boundary
QoS trust boundary on Cisco Switches
When we configure QoS on our Cisco switches we need to think about our trust boundary. Simply said this basically means on which device are we going to trust the marking of the packets and Ethernet frames entering our network. If you are using IP phones you can use those for marking and configure the switch to trust the traffic from the IP phone. If you don’t have any IP phones or you don’t trust them, we can configure the switch to do marking as well. In this lesson I’ll show you how to do both! First let me show you the different QoS trust boundaries:
In the picture above the trust boundary is at the Cisco IP phone, this means that we won’t remark any packets or Ethernet frames anymore at the access layer switch. The IP phone will mark all traffic. Note that the computer is outside of the QoS trust boundary. This means that we don’t trust the marking of the computer. We can remark all its traffic on the IP phone if we want. Let’s take a look at another picture:
In the picture above we don’t trust whatever marking the IP phone sends to the access layer switch. This means we’ll do classification and marking on the access layer switches. I have one more example for you…
Above you can see that we don’t trust anything before the distribution layer switches. This is something you won’t see very often but it’s possible if you don’t trust your access layer switches. Maybe someone else does the management for the access layer switches and you want to prevent them to send packets or Ethernet frames that are marked towards your distribution layer switches.
Let’s take a look at a switch to see how we can configure this trust boundary. I have a Cisco Catalyst 3560 that I will use for these examples. Before you do anything with QoS, don’t forget to enable it globally on your switch first:
Something you need to be aware of is that as soon as you enable QoS on your switch it will erase the marking of all packets that are received! If you don’t want this to happen you can use the following command:
Let’s continue by looking at the first command. We can take a look at the QoS settings for the interface with the show mls qos interface command. This will show you if you trust the marking of your packets or frames:
Above you can see that we don’t trust anything at the moment. This is the default on Cisco switches. We can trust packets based on the DSCP value, frames on the CoS value or we can trust the IP phone. Here are some examples:
Just type mls qos trust cos to ensure the interface trusts the CoS value of all frames entering this interface. Let’s verify our configuration:
By default your switch will overwrite the DSCP value of the packet inside your frame according to the cos-to-dscp map. If you don’t want this you can use the following command:
The keyword pass-through will ensure that your switch won’t overwrite the DSCP value. Besides the CoS value we can also trust the DSCP value:
Quality of Service (QoS) Classification and Marking
Quality of Service (QoS) is a mechanism or technology that handles network traffic and allocates capacity to ensure the performance of critical applications. All QoS mechanisms are designed to resolve or reduce bandwidth overutilization, delay, flapping, and packet loss in a network. Some of the QoS tools are Classification and Marking, Queuing, Policing and Traffic Shaping, and Congestion Management.
QoS Classification
Before we can configure any QoS tools, like queuing, policing, or shaping, we have to look at the traffic that is coursing through our network device and identify it first. QoS classification refers to the process of classifying the type of IP packets or traffic. Traffic types can be data, video, or voice traffic. Traffic classes are the categories of traffic that are grouped based on their similarity.
QoS classification can be associated with a variety of match criteria such as:
Here are the CoS values (layer 2 header) and their applications:
| CoS | Application |
| 7 | Network Control |
| 6 | Internetwork Control |
| 5 | Voice |
| 4 | Video |
| 3 | Call Signaling |
| 2 | Transactional Data |
| 1 | Bulk Data |
| 0 | Best Effort |
QoS Marking
After classification of IP packet headers based on their contents, QoS Marking includes setting some bits inside a data link or network layer header, with the intention of letting other devices’ QoS tools classify traffic based on the marked values.
Marking can be done at different levels like Ethernet header (layer 2), MPLS label (layer 2.5), IP packet header (layer 3), Network Based Application Recognition (NBAR), and deep packet inspection (layer 7).
In other WAN technologies, we can use single-bit fields in Frame Relay and ATM networks to mark a frame for Layer 2 QoS. Frame Relay determines the discard eligibility (DE) bit setting, and ATM defines the cell loss priority (CLP) bit.
DSCP is the more preferred QoS tool because the router can quickly get information from a single byte on the IP header. Also, the IP header doesn’t change between source and destination addresses.
Here are the DSCP values (layer 3 header) and their equivalent applications:
| DSCP Value | Application |
| CS7 | Network Control |
| CS6 | Internetwork Control |
| EF | Voice |
| CS5 | Broadcast Video |
| AF4 | Multimedia Conferencing |
| CS4 | Realtime Interactive |
| AF3 | Multimedia Streaming |
| CS3 | Signaling |
| AF2 | Transactional Data |
| CS2 | OAM |
| AF1 | Bulk Data |
| CS1 | Scavenger |
| DF | Best Effort |
QoS Trust Boundary
The idea behind the QoS trust boundary is to avoid end devices manipulating traffic prioritization. Once we include a network device in the QoS trust boundary (preferably at the access layer), there’s no need to remark any packets, and this network device will handle QoS marking.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
What is the function of a qos trust boundary
These notes are prepared from the recommended CCIE books for QoS and Design:
What is QoS: The measure of a system’s service availability and transmission quality. It is as strong as the weakest link. This is a myth that the QoS is only applicable for slow network WAN – NO, delay sensitive apps suffer quality loss without QoS.
Nature of Traffic:
| Data | Voice | Video |
| Smooth/Bursty | Smooth | Bursty |
| Benign/Greedy | Benign | Greedy |
| Largely drop insesitive | Sensitive | Sensitive |
| Delay insensitive | Sensitive | Sensitive |
| TCP re-transmits | UDP best priority | UDP Priority |
Definition of Network Quality for IT management (managers): Throughput, Usage, %age of loss, User complaints..
QoS Models:
IntServ: IntServ is the specification of the following:
3 main Classes of Services that an application can request:
Best Effort Services: No Service guarantee.
Disadvantages: No end to end BW reservation
CCNA 4 Final Exam V6.0 Answers
1. Refer to the exhibit. A network administrator is troubleshooting the OSPF network. The 10.10.0.0/16 network is not showing up in the routing table of Router1. What is the probable cause of this problem?
The serial interface on Router2 is down.
There is an incorrect wildcard mask statement for network 10.10.0.0/16 on Router2.
The OSPF process is configured incorrectly on Router1.
The OSPF process is not running on Router2.
2. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
3. Which three statements are true about PPP? (Choose three.)
PPP uses LCPs to establish, configure, and test the data-link connection.
PPP can use synchronous and asynchronous circuits.
PPP can only be used between two Cisco devices.
PPP uses LCPs to agree on format options such as authentication, compression, and error detection.
PPP carries packets from several network layer protocols in LCPs.
4. What protocol should be disabled to help mitigate VLAN attacks?
5. Refer to the exhibit. Which type of Layer 2 encapsulation used for connection D requires Cisco routers?
6. What is the purpose of the generic routing encapsulation tunneling protocol?
to provide packet level encryption of IP traffic between remote sites
to manage the transportation of IP multicast and multiprotocol traffic between remote sites
to provide fixed flow-control mechanisms with IP tunneling between remote sites
to support basic unencrypted IP tunneling using multivendor routers between remote sites
7. Which troubleshooting tool would a network administrator use to check the Layer 2 header of frames that are leaving a particular host?
8. Refer to the exhibit. A user turns on a PC after it is serviced and calls the help desk to report that the PC seems unable to reach the Internet. The technician asks the user to issue the arp –a and ipconfig commands. Based on the output, what are two possible causes of the problem? (Choose two.)
The default gateway device cannot be contacted.
The network cable is unplugged.
The DNS server address is not configured.
The subnet mask is configured incorrectly.
The IP configuration is incorrect.
9. Which two WAN technologies are more likely to be used by a business than by teleworkers or home users? (Choose two.)
10. Refer to the exhibit. A network administrator is configuring the PPP link between the routers R1 and R2. However, the link cannot be established. Based on the partial output of the show running-config command, what is the cause of the problem?
The usernames do not match each other.
The usernames do not match the host names.
The passwords for CHAP should be in lowercase.
The username r1 should be configured on the router R1 and the username r2 should be configured on the router R2.
11. What function is provided by Multilink PPP?
creating one logical link between two LAN switches via the use of multiple physical links
spreading traffic across multiple physical WAN links
enabling traffic from multiple VLANs to travel over a single Layer 2 link
dividing the bandwidth of a single link into separate time slots
12. What is the function of a QoS trust boundary?
A trust boundary identifies the location where traffic cannot be remarked.
A trust boundary only allows traffic to enter if it has previously been marked.
A trust boundary identifies which devices trust the marking on packets that enter a network.
A trust boundary only allows traffic from trusted endpoints to enter the network.
13. In the creation of an IPv6 ACL, what is the purpose of the implicit final command entries, permit icmp any any nd-na and permit icmp any any nd-ns?
to allow forwarding of IPv6 multicast packets
to allow automatic address configuration
to allow IPv6 to MAC address resolution
to allow forwarding of ICMPv6 packets
14. Which statement best describes a WAN?
A WAN is a LAN that is extended to provide secure remote network access.
A WAN is a public utility that enables access to the Internet.
WAN is another name for the Internet.
A WAN interconnects LANs over long distances.
15. Which statement describes a characteristic of dense wavelength division multiplexing (DWDM)?
It enables bidirectional communications over one pair of copper cables.
It supports the SONET standard, but not the SDH standard.
It assigns incoming electrical signals to specific frequencies.
It can be used in long-range communications, like connections between ISPs.
16. Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255?
172.16.2.0 to 172.16.3.255
172.16.2.1 to 172.16.255.255
172.16.2.0 to 172.16.2.255
172.16.2.1 to 172.16.3.254
17. Which feature sends simulated data across the network and measures performance between multiple network locations?
18. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)
cable type and identifier
19. Refer to the exhibit. A network administrator has configured routers RTA and RTB, but cannot ping from serial interface to serial interface. Which layer of the OSI model is the most likely cause of the problem?
20. What are two characteristics of video traffic? (Choose two.)
Video traffic requires a minimum of 30 kbs of bandwidth.
Video traffic latency should not exceed 400 ms.
Video traffic is more resilient to loss than voice traffic is.
Video traffic consumes less network resources than voice traffic consumes.
Video traffic is unpredictable and inconsistent.
21. In configuring SNMPv3, what is the purpose of creating an ACL?
to define the type of traffic that is allowed on the management network
to specify the source addresses allowed to access the SNMP agent
to define the protocols allowed to be used for authentication and encryption
to define the source traffic that is allowed to create a VPN tunnel
22. Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?
ICMPv6 packets that are destined to PC1
packets that are destined to PC1 on port 80
neighbor advertisements that are received from the ISP router
HTTPS packets to PC1
23. Connecting offices at different locations using the Internet can be economical for a business. What are two important business policy issues that should be addressed when using the Internet for this purpose? (Choose two.)
24. Refer to the exhibit. What is the network administrator verifying when issuing the show ip interface brief command on R1 in respect to the PPPoE connection to R2?
that the IP address on R1 G0/1 is in the same network range as the DSL modem
that the Dialer1 interface has been assigned an IP address by the ISP router
that the Dialer1 interface is up and up
that the Dialer1 interface has been manually assigned an IP address
25. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?
26. How many DS0 channels are bundled to produce a 1.544 Mbps T1 line?
27. Which technology requires the use of PPPoE to provide PPP connections to customers?
dialup analog modem
dialup ISDN modem
28. Which technology creates a mapping of public IP addresses for remote tunnel spokes in a DMVPN configuration?
29. Refer to the exhibit. A named access list called chemistry_block has been written to prevent users on the Chemistry Network and public Internet from access to Records Server. All other users within the school should have access to this server. The list contains the following statements:
deny 172.16.102.0 0.0.0.255 172.16.104.252 0.0.0.0
permit 172.16.0.0 0.0.255.255 172.16.104.252 0.0.0.0
Which command sequence will place this list to meet these requirements?
Athena(config)# interface fa0/0
Athena(config-if)# ip access-group chemistry_block out
Apollo(config)# interface s0/0/0
Apollo(config-if)# ip access-group chemistry_block out
Hera(config)# interface fa0/0
Hera(config-if)# ip access-group chemistry_block in
Hera(config)# interface s0/0/0
Hera(config-if)# ip access-group chemistry_block out
Apollo(config)# interface s0/0/1
Apollo(config-if)# ip access-group chemistry_block in
Athena(config)# interface s0/0/1
Athena(config-if)# ip access-group chemistry_block in
30. Match OoS techniques with the description. (Not all options are used.)
31. A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?
Maintaining communication integrity
32. Refer to the exhibit. All routers are successfully running the BGP routing protocol. How many routers must use EBGP in order to share routing information across the autonomous systems?
33. Which Cisco feature sends copies of frames entering one port to a different port on the same switch in order to perform traffic analysis?
34. Which network performance statistics should be measured in order to verify SLA compliance?
the number of error messages that are logged on the syslog server
latency, jitter, and packet loss
NAT translation statistics
device CPU and memory utilization
35. What is a disadvantage of a packet-switched network compared to a circuit-switched network?
36. Which Cloud computing service would be best for a new organization that cannot afford physical servers and networking equipment and must purchase network services on-demand?
37. Refer to the exhibit. What is used to exchange routing information between routers within each AS?
EGP routing protocols
IGP routing protocols
38. Refer to the exhibit. What feature does an SNMP manager need in order to be able to set a parameter on switch ACSw1?
a manager who is using an SNMP string of K44p0ut
a manager who is using authPriv
a manager who is using host 192.168.0.5
a manager who is using an Inform Request MIB
39. A network administrator is configuring a PPP link with the commands:
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70
What is the effect of these commands?
The PPP link will not be established if more than 30 percent of options cannot be accepted.
The NCP will send a message to the sending device if the link usage reaches 70 percent.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.
The PPP link will be closed down if the link quality drops below 70 percent.
40. Which term describes the role of a Cisco switch in the 802.1X port-based access control?
41. What advantage does DSL have compared to cable technology?
DSL has no distance limitations.
DSL upload and download speeds are always the same.
DSL is not a shared medium.
42. What is a secure configuration option for remote access to a network device?
Configure an ACL and apply it to the VTY lines.
43. Which broadband technology would be best for a user that needs remote access when traveling in mountains and at sea?
44. Which type of QoS marking is applied to Ethernet frames?
45. A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)
digital subscriber line
46. Which component of the ACI architecture translates application policies into network programming?
the Application Network Profile endpoints
the Application Policy Infrastructure Controller
the Nexus 9000 switch
47. Which pillar of the Cisco IoT System allows data to be analyzed and managed at the location where it is generated?
application enhancement platform
48. A corporation is searching for an easy and low cost solution to provide teleworkers with a secure connection to headquarters. Which solution should be selected?
remote access VPN over the Internet
site-to-site VPN over the Internet
leased line connection
49. A vibration sensor on an automated production line detects an unusual condition. The sensor communicates with a controller that automatically shuts down the line and activates an alarm. What type of communication does this scenario represent?
50. Which WAN technology can serve as the underlying network to carry multiple types of network traffic such as IP, ATM, Ethernet, and DSL?
51. The security policy in a company specifies that the staff in the sales department must use a VPN to connect to the corporate network to access the sales data when they travel to meet customers. What component is needed by the sales staff to establish a remote VPN connection?
VPN client software
52. What guideline is generally followed about the placement of extended access control lists?
They should be placed as close as possible to the destination of the traffic to be denied.
They should be placed as close as possible to the source of the traffic to be denied.
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
53. What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?
the routing table
54. A network administrator is testing IPv6 connectivity to a web server. The network administrator does not want any other host to connect to the web server except for the one test computer. Which type of IPv6 ACL could be used for this situation?
a standard or extended ACL
only an extended ACL
only a named ACL
an extended, named, or numbered ACL
only a standard ACL
55. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used?
CCNA 4 Final Exam Answers 2019 (v5.0.3+v6.0)
April 16, 2020 by Scott
CCNA 4 Final Exam Answers 2019 (v5.0.3+v6.0)
Read Chapter wise CCNA 4 Exam Answers (v5.1 + v6.0)
CCNA 4 Final Exam Answers 2020
1. Which statement best describes a WAN?
2. Connecting offices at different locations using the Internet can be economical for a business. What are two important business policy issues that should be addressed when using the Internet for this purpose? (Choose two.)
3. What is a disadvafntage of a packet-switched network compared to a circuit-switched network?
4. A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)
5. Which statement describes a characteristic of dense wavelength division multiplexing (DWDM)?
6. Which WAN technology can serve as the underlying network to carry multiple types of network traffic such as IP, ATM, Ethernet, and DSL?
7. Which two WAN technologies are more likely to be used by a business than by teleworkers or home users? (Choose two.)
8. The security policy in a company specifies that the staff in the sales department must use a VPN to connect to the corporate network to access the sales data when they travel to meet customers. What component is needed by the sales staff to establish a remote VPN connection?
9. How many DS0 channels are bundled to produce a 1.544 Mbps T1 line?
10. What function is provided by Multilink PPP?
11. Refer to the exhibit. A network administrator is configuring the PPP link between the routers R1 and R2. However, the link cannot be established. Based on the partial output of the show running-config command, what is the cause of the problem? 
12. Refer to the exhibit. A network administrator has configured routers RTA and RTB, but cannot ping from serial interface to serial interface. Which layer of the OSI model is the most likely cause of the problem? 
13. What advantage does DSL have compared to cable technology?
14. Which broadband technology would be best for a user that needs remote access when traveling in mountains and at sea?
15. Which technology requires the use of PPPoE to provide PPP connections to customers?
16. Refer to the exhibit. What is the network administrator verifying when issuing the show ip interface brief command on R1 in respect to the PPPoE connection to R2? 
17. Which technology creates a mapping of public IP addresses for remote tunnel spokes in a DMVPN configuration?
18. What is the purpose of the generic routing encapsulation tunneling protocol?
19. Refer to the exhibit. What is used to exchange routing information between routers within each AS? 
20. Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255?
21. Refer to the exhibit. A named access list called chemistry_block has been written to prevent users on the Chemistry Network and public Internet from access to Records Server. All other users within the school should have access to this server. The list contains the following statements:deny 172.16.102.0 0.0.0.255 172.16.104.252 0.0.0.0
permit 172.16.0.0 0.0.255.255 172.16.104.252 0.0.0.0Which command sequence will place this list to meet these requirements? 
22. What guideline is generally followed about the placement of extended access control lists?
23. In the creation of an IPv6 ACL, what is the purpose of the implicit final command entries, permit icmp any any nd-na and permit icmp any any nd-ns?
24. A network administrator is testing IPv6 connectivity to a web server. The network administrator does not want any other host to connect to the web server except for the one test computer. Which type of IPv6 ACL could be used for this situation?
25. Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1? 
26. What is a secure configuration option for remote access to a network device?
27. What protocol should be disabled to help mitigate VLAN attacks?
28. Which term describes the role of a Cisco switch in the 802.1X port-based access control?
29. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
30. In configuring SNMPv3, what is the purpose of creating an ACL?
31. Refer to the exhibit. What feature does an SNMP manager need in order to be able to set a parameter on switch ACSw1? 
32. Which Cisco feature sends copies of frames entering one port to a different port on the same switch in order to perform traffic analysis?
33. What are two characteristics of video traffic? (Choose two.)
34. Which QoS mechanism allows delay-sensitive data, such as voice, to be sent first before packets in other queues are sent?
35. Refer to the exhibit. As traffic is forwarded out an egress interface with QoS treatment, which congestion avoidance technique is used? 
36. Which type of QoS marking is applied to Ethernet frames?
37. What is the function of a QoS trust boundary?
38. A vibration sensor on an automated production line detects an unusual condition. The sensor communicates with a controller that automatically shuts down the line and activates an alarm. What type of communication does this scenario represent?
39. Which pillar of the Cisco IoT System allows data to be analyzed and managed at the location where it is generated?
40. Which Cloud computing service would be best for a new organization that cannot afford physical servers and networking equipment and must purchase network services on-demand?
41. A data center has recently updated a physical server to host multiple operating systems on a single CPU. The data center can now provide each customer with a separate web server without having to allocate an actual discrete server for each customer. What is the networking trend that is being implemented by the data center in this situation?
42. What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?
43. Which component of the ACI architecture translates application policies into network programming?
44. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)
45. Which network performance statistics should be measured in order to verify SLA compliance?
46. Which feature sends simulated data across the network and measures performance between multiple network locations?
47. Which troubleshooting tool would a network administrator use to check the Layer 2 header of frames that are leaving a particular host?
48. Refer to the exhibit. A network administrator is troubleshooting the OSPF network. The 10.10.0.0/16 network is not showing up in the routing table of Router1. What is the probable cause of this problem? 
49. Refer to the exhibit. A user turns on a PC after it is serviced and calls the help desk to report that the PC seems unable to reach the Internet. The technician asks the user to issue the arp –a and ipconfig commands. Based on the output, what are two possible causes of the problem? (Choose two.) 
50. Match OoS techniques with the description. (Not all options are used.)
51. What are two types of WAN providers? (Choose two.)
52. Which two types of devices are specific to WAN environments and are not found on a LAN? (Choose two.)
53. What is a feature of dense wavelength-division multiplexing (DWDM) technology?
54. What is a disadvantage of ATM compared to Frame Relay?
55. Which WAN solution uses labels to identify the path in sending packets through a provider network?
56. An intercity bus company wants to offer constant Internet connectivity to the users traveling on the buses. Which two types of WAN infrastructure would meet the requirements? (Choose two.)
57. What device is needed at a central office to aggregate many digital subscriber lines from customers?
58. A corporation is searching for an easy and low cost solution to provide teleworkers with a secure connection to headquarters. Which solution should be selected?
59. What is the maximum number of DS0 channels in a 1.544 Mbps T1 line?
60. Refer to the exhibit. What type of Layer 2 encapsulation will be used for RtrA connection D if it is left to the default and the router is a Cisco router? 
61. Which two functions are provided by the NCP during a PPP connection? (Choose two.)
62. What PPP information will be displayed if a network engineer issues the show ppp multilink command on Cisco router?
63. Refer to the exhibit. Which statement describes the status of the PPP connection? 
64. A network administrator is configuring a PPP link with the commands:
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 70
What is the effect of these commands?
65. How does virtualization help with disaster recovery within a data center?
66. Which broadband solution is appropriate for a home user who needs a wired connection not limited by distance?
67. What is the protocol that provides ISPs the ability to send PPP frames over DSL networks?
68. In software defined network architecture, what function is removed from network devices and performed by an SDN controller?
69. What would a network administrator expect the routing table of stub router R1 to look like if connectivity to the ISP was established via a PPPoE configuration?
70. What is a benefit of implementing a Dynamic Multipoint VPN network design?
71. Which remote access implementation scenario will support the use of generic routing encapsulation tunneling?
72. Refer to the exhibit. All routers are successfully running the BGP routing protocol. How many routers must use EBGP in order to share routing information across the autonomous systems? 
73. Which statement describes a characteristic of standard IPv4 ACLs?
74. Which three values or sets of values are included when creating an extended access control list entry? (Choose three.)
75. Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network? 
76. Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)
77. The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)
78. A network administrator is adding ACLs to a new IPv6 multirouter environment. Which IPv6 ACE is automatically added implicitly at the end of an ACL so that two adjacent routers can discover each other?
79. What would be the primary reason an attacker would launch a MAC address overflow attack?
80. What are three of the six core components in the Cisco IoT system? (Choose three.)
81. What security countermeasure is effective for preventing CAM table overflow attacks?
82. Which SNMP feature provides a solution to the main disadvantage of SNMP polling?
83. When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects?
84. What two are added in SNMPv3 to address the weaknesses of previous versions of SNMP? (Choose two.)
85. Which queuing mechanism supports user-defined traffic classes?
86. Which field is used to mark Layer 2 Ethernet frames for QoS treatment?
87. What is an example of cloud computing?
88. Which type of resources are required for a Type 1 hypervisor?
89. A network technician made a configuration change on the core router in order to solve a problem. However, the problem is not solved. Which step should the technician take next?
90. A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?
91. What is a primary function of the Cisco IOS IP Service Level Agreements feature?
92. Which IOS log message level indicates the highest severity level?
93. Which symptom is an example of network issues at the network layer?
94. Refer to the exhibit. H1 can only ping H2, H3, and the Fa0/0 interface of router R1. H2 and H3 can ping H4 and H5. Why might H1 not be able to successfully ping H4 and H5? 
95. Refer to the exhibit. On the basis of the output, which two statements about network connectivity are correct? (Choose two.) 
96. Fill in the blanks. Use dotted decimal format.
The wildcard mask that is associated with 128.165.216.0/23 is 0.0.1.255
97. Match the characteristic to the appropriate authentication protocol. (Not all options are used.) 
98. Match the term to the description. (Not all options are used.) 
99. What is a primary difference between a company LAN and the WAN services that it uses?
100. To which two layers of the OSI model do WAN technologies provide services? (Choose two.)
101. Which two technologies are private WAN technologies? (Choose two.)
102. Which WAN technology can switch any type of payload based on labels?
103. What technology can be used to create a private WAN via satellite communications?
104. Which public WAN access technology utilizes copper telephone lines to provide access to subscribers that are multiplexed into a single T3 link connection?
105. How many DS0 channels are bounded to produce a 1.544 Mb/s DS1 line?
106. Refer to the exhibit. Communication between two peers has failed. Based on the output that is shown, what is the most likely cause? 
107. Refer to the exhibit. Which type of Layer 2 encapsulation used for connection D requires Cisco routers? 
108. Which three statements are true about PPP? (Choose three.)
109. A network administrator is evaluating authentication protocols for a PPP link. Which three factors might lead to the selection of CHAP over PAP as the authentication protocol? (Choose three.)
110. Which cellular or mobile wireless standard is considered a fourth generation technology?
111. A company is looking for the least expensive broadband solution that provides at least 10 Mb/s download speed. The company is located 5 miles from the nearest provider. Which broadband solution would be appropriate?
112. Which technology can ISPs use to periodically challenge broadband customers over DSL networks with PPPoE?
113. What are the three core components of the Cisco ACI architecture? (Choose three.)
114. Which statement describes a feature of site-to-site VPNs?
115. What are three features of a GRE tunnel? (Choose three.)
116. Refer to the exhibit. What two commands are needed to complete the GRE tunnel configuration on router R1? (Choose two.) 
117. What does BGP use to exchange routing updates with neighbors?
118. Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.) 
119. Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new statement to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network? 
120. Refer to the exhibit. What can be determined from this output? 
121. What is the only type of ACL available for IPv6?
122. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
123. Refer to the exhibit. Considering how packets are processed on a router that is configured with ACLs, what is the correct order of the statements? 
124. Which two hypervisors are suitable to support virtual machines in a data center? (Choose two.)
125. How can DHCP spoofing attacks be mitigated?
126. What action can a network administrator take to help mitigate the threat of VLAN attacks?
127. Which SNMP message type informs the network management system (NMS) immediately of certain specified events?
128. Refer to the exhibit. A SNMP manager is using the community string of snmpenable and is configured with the IP address 172.16.10.1. The SNMP manager is unable to read configuration variables on the R1 SNMP agent. What could be the problem? 
129. Refer to the exhibit. Which SNMP authentication password must be used by the member of the ADMIN group that is configured on router R1? 
130. A network administrator has noticed an unusual amount of traffic being received on a switch port that is connected to a college classroom computer. Which tool would the administrator use to make the suspicious traffic available for analysis at the college data center?
131. What network monitoring tool copies traffic moving through one switch port, and sends the copied traffic to another switch port for analysis?
132. Voice packets are being received in a continuous stream by an IP phone, but because of network congestion the delay between each packet varies and is causing broken conversations. What term describes the cause of this condition?
133. What mechanism compensates for jitter in an audio stream by buffering packets and then replaying them outbound in a steady stream?
134. Which type of network traffic cannot be managed using congestion avoidance tools?
135. A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet?
136. In which stage of the troubleshooting process would ownership be researched and documented?
137. Which troubleshooting approach is more appropriate for a seasoned network administrator rather than a less-experienced network administrator?
138. A router has been configured to use simulated network traffic in order to monitor the network performance between the router and a distant network device. Which command would display the results of this analysis?
139. Which type of tool would an administrator use to capture packets that are going to and from a particular device?
140. Refer to the exhibit. Which two statements describe the results of entering these commands? (Choose two.) 
141. Refer to the exhibit. A network administrator discovers that host A is having trouble with Internet connectivity, but the server farm has full connectivity. In addition, host A has full connectivity to the server farm. What is a possible cause of this problem? 
142. Match the operation to the appropriate QoS model. 
143. Match the cloud model with the description. 
144. Match the cloud model with the description. 
Older Version
145. Which two statements about DSL are true? (Choose two.)
146. Which two statements are true regarding a PPP connection between two Cisco routers? (Choose two.)
147. A network administrator is asked to design a system to allow simultaneous access to the Internet for 250 users. The ISP can only supply five public IP addresses for this network. What technology can the administrator use to accomplish this task?
148. Refer to the exhibit. An administrator is configuring NAT to provide Internet access to the inside network. After the configuration is completed, users are unable to access the Internet. What is the cause of the problem? 
149. What is the expected behavior of an ADSL service?
150. A network administrator is troubleshooting the dynamic NAT that is configured on router R2. Which command can the administrator use to see the total number of active NAT translations and the number of addresses that are allocated from the NAT pool?
151. Which type of traffic would most likely have problems when passing through a NAT device?
152. Refer to the exhibit. The inside local IP address of PC-A is 192.168.0.200. What will be the inside global address of packets from PC-A after they are translated by R1? 
153. Refer to the exhibit. What kind of NAT is being configured on R1? 
154. What benefit does NAT64 provide?
155. What are three benefits of using Frame Relay for WAN connectivity? (Choose three.)
156. The DLCI number assigned to a Frame Relay circuit is to be manually added on a point-to-point link. Which three subinterface commands could be used to complete the configuration? (Choose three.)
157. Which command can be used to check the information about congestion on a Frame Relay link?
158. Refer to the exhibit. A network administrator has implemented the configuration in the displayed output. What is missing from the configuration that would be preventing OSPF routing updates from passing to the Frame Relay service provider? 
159. What is a characteristic of Frame Relay that allows customer data transmissions to dynamically “burst” over their CIR for short periods of time?
160. Which broadband technology would be best for a small office that requires fast upstream connections?
161. Which technology requires the use of PPPoE to provide PPP connections to customers?
162. Why is it useful to categorize networks by size when discussing network design?
163. A company connects to one ISP via multiple connections. What is the name given to this type of connection?
164. What is one advantage to designing networks in building block fashion for large companies?
165. Which network module maintains the resources that employees, partners, and customers rely on to effectively create, collaborate, and interact with information?
166. A group of Windows PCs in a new subnet has been added to an Ethernet network. When testing the connectivity, a technician finds that these PCs can access local network resources but not the Internet resources. To troubleshoot the problem, the technician wants to initially confirm the IP address and DNS configurations on the PCs, and also verify connectivity to the local router. Which three Windows CLI commands and utilities will provide the necessary information? (Choose three.)
167. A team of engineers has identified a solution to a significant network problem. The proposed solution is likely to affect critical network infrastructure components. What should the team follow while implementing the solution to avoid interfering with other processes and infrastructure?
168. Which two specialized troubleshooting tools can monitor the amount of traffic that passes through a switch? (Choose two.)
169. Which statement is a characteristic of SNMP MIBs?
170. Refer to the exhibit. Router R1 was configured by a network administrator to use SNMP version 2. The following commands were issued:
R1(config)# snmp-server community batonaug ro SNMP_ACL
R1(config)# snmp-server contact Wayne World
R1(config)# snmp-server host 192.168.1.3 version 2c batonaug
R1(config)# ip access-list standard SNMP_ACL
R1(config-std-nacl)# permit 192.168.10.3
Why is the administrator not able to get any information from R1? 
171. What is used as the default event logging destination for Cisco routers and switches?
172. In the data gathering process, which type of device will listen for traffic, but only gather traffic statistics?
173. Which three flows associated with consumer applications are supported by NetFlow collectors? (Choose three.)
174. Which algorithm is considered insecure for use in IPsec encryption?
175. Two corporations have just completed a merger. The network engineer has been asked to connect the two corporate networks without the expense of leased lines. Which solution would be the most cost effective method of providing a proper and secure connection between the two corporate networks?
176. Refer to the exhibit. Which IP address is configured on the physical interface of the CORP router? 
177. What are three characteristics of the generic routing encapsulation (GRE) protocol? (Choose three.)
178. Which two statements describe remote access VPNs? (Choose two.)
179. Under which two categories of WAN connections does Frame Relay fit? (Choose two.)
180. What term is used to identify the point where the customer network ends and the service provider network begins?
181. Which two characteristics describe time-division multiplexing? (Choose two.)
182. A branch office uses a leased line to connect to the corporate network. The lead network engineer confirms connectivity between users in the branch office, but none of the users can access corporate headquarters. System logs indicate that nothing has changed in the branch office network. What should the engineer consider next to resolve this network outage?
183. Refer to the exhibit. Which three steps are required to configure Multilink PPP on the HQ router? (Choose three.) 
184. Refer to the exhibit. H1 can only ping H2, H3, and the Fa0/0 interface of router R1. H2 and H3 can ping H4 and H5. Why might H1 not be able to successfully ping H4 and H5? 
185. What is required for a host to use an SSL VPN to connect to a remote network device?
186. What type of information is collected by Cisco NetFlow?
187. Match the characteristic to the appropriate authentication protocol. (Not all options are used.)
188. What is a disadvantage of a packet-switched network compared to a circuit-switched network?
189. Which three parts of a Frame Relay Layer 2 PDU are used for congestion control? (Choose three.)
190. Which two statements correctly describe asymmetric encryption used with an IPsec VPN? (Choose two.)
191. What are two examples of network problems that are found at the data link layer? (Choose two.)
192. Which IEEE standard defines the WiMax technology? 
193. Place the options in the following order:
194. What is the default location for Cisco routers and switches to send critical logging events?
195. What is a type of VPN that is generally transparent to the end user?
196. Refer to the exhibit. Which three events will occur as a result of the configuration shown on R1? (Choose three.) 
197. Which two technologies are implemented by organizations to support teleworker remote connections? (Choose two.)
198. How many 64 kb/s voice channels are combined to produce a T1 line?
199. What is the purpose of a message hash in a VPN connection?
200. Users are reporting longer delays in authentication and in accessing network resources during certain time periods of the week. What kind of information should network engineers check to find out if this situation is part of a normal network behavior?
201. Which structured engineering desing principle ensures that the network reamins available even under abnormal conditions?
202. A team of engineers has identified a solution to a significant network problem. The proposed solution is likely to affect critical network infrastruture components. What should the team follow while implementing the solution to avoid interfering with other processes and infrastructure?
203. What is a Frame Relay feauture that supports the IP address-to-DLCI dynamic mapping?
204. A small remote office needs to connect to headquarters through a secure IPsec VPN connection. The company is implementing the Cisco Easy VPN solution. Which Cisco Easy VPN component needs to be added on the Cisco router at the remote office?
205. Which scenario would require the use of static NAT?
206. An organization has purchased a Frame Relay service from a provider. The service agreement specifies that the access rate is 512 kbps, the CIR is 384 kbps, and the Bc is 32 kbps. What will happen when the customer sends a short burst of frames above 450 kbps?
207. What is a Frame Relay feature that supports the IP address-to-DLCI dynamic mapping?
208. An administrator wants to configure a router so that users on the outside network can only establish HTTP connections to the internal web site by navigating to http://www.netacad.com:8888. Which feature would the administrator configure to accomplish this?
209. Which two components are needed to provide a DSL connection to a SOHO? (Choose two.)
210. A network engineer is troubleshooting an unsuccessful PPP multilink connection between two routers. That multilink interface has been created and assigned a number, the interface has been enabled for multilink PPP, and the interface has been assigned a multilink group number that matches the group assigned to the member physical serial interfaces. The physical serial interfaces have also been enabled for PPP multilink. Which additional command should to be issued on the multilink interface?
211. What is the international standard defining cable-related technologies?
212. Which three statements describe characteristics of converging corporate network architecture?
213. Which inefficient feature of time-division multiplexing does statistical TDM overcome?
214. What are three characteristics of SSL VPNs?
215. A network engineer is designing an IPsec VPN between Cisco routers for a national bank. Which algorithm assures the highest level of confidentiality for data crossing the VPN?
216. By the use of sequence numbers, which function of the IPsec security services prevents spoofing by verifying that each packet is non-duplicated and unique?
217. A small law firm wants to connect to the Internet at relatively high speed but with low cost. In addition, the firm prefers that the connection be through a dedicated link to the service provider. Which connection type should be selected?
218. How can an administrator configure a Cisco Easy VPN Server to enable the company to manage many remote VPN connections efficiently?
219. How does QoS improve the effectiveness of teleworking?
220. Which two networking technologies enable businesses to use the Internet, instead of an enterprise WAN, to securely interconnect their distributed networks? (Choose two.)
221. What are two benefits of using SNMP traps? (Choose two.)
They eliminate the need for some periodic polling requests.*
They reduce the load on network and agent resources.*
They can provide statistics on TCP/IP packets that flow through Cisco devices.
They can passively listen for exported NetFlow datagrams.
They limit access for management systems only.
222. A network engineer has issued the show interfaces serial 0/0/0 command on a router to examine the open NCPs on a PPP link to another router. The command output displays that the encapsulation is PPP and that the LCP is open. However, the IPV6CP NCP is not shown as open. What does the engineer need to configure to open the IPV6CP NCP on the link?
223. What address translation is performed by static NAT?
224. What are two advantages of using IPv4 NAT? (Choose two.)
225. Which network design module would not commonly connect to the service provider edge?
226. Whichtwo types of devices are specific to WAN environments and are not found ona LAN?(Choose two.)
227. What is a plausible reason that an employee would become a teleworker for a company?
228. Connecting offices at different locations using the Internet can be economical for a business. What are two important business policy issues that should be addressed when using the Internet for this purpose? (Choose two.)
229. A technician at a remote location is troubleshooting a router and has emailed partial debug command output to a network engineer at the central office. The message that is received by the engineer only contains a number of LCP messages that relate to a serial interface. Which WAN protocol is being used on the link?
230. What is a feature of physical point-to-point WAN links?
231. Which PPP protocol allows a device to specify an IP address for routing over the PPP link?
232. Which two statements describe benefits of NAT? (Choose two.)
233. What is one drawback to using the top-down method of troubleshooting?
234. What are three functions provided by syslog service? (Choose three.)
235. Which two types of equipment are needed to send digital modem signals upstream and downstream on a cable system? (Choose two.)
236. What two advantages are associated with Frame Relay WAN technology when compared with leased lines? (Choose two.)
237. Which statement describes an advantage of deploying the Cisco SSL VPN solution rather than the Cisco Easy VPN solution?