CCNA part: 2 Practice Exam Questions and Answers – Part 3/3

By /

CCNA part: 2 Practice Exam Questions and Answers – Part 3/3

Test your CCNA knowledge with 18 exam-style questions, clean answer reveals, and concise explanations. Topics include: A piece of software that can be used to crack a weak password is an example of what?. Follow @CertPunch and visit certpunch.com for more certification practice videos and study content.

Chapters:
00:00 Intro
00:29 Question 1 of 18
01:03 Question 2 of 18
01:41 Question 3 of 18
02:28 Question 4 of 18
03:11 Question 5 of 18
04:06 Question 6 of 18
04:39 Question 7 of 18
05:33 Question 8 of 18
06:10 Question 9 of 18
06:56 Question 10 of 18
08:11 Question 11 of 18
08:59 Question 12 of 18
10:04 Question 13 of 18
10:59 Question 14 of 18
11:43 Question 15 of 18
12:22 Question 16 of 18
13:16 Question 17 of 18
14:10 Question 18 of 18

What you will practice

  • A piece of software that can be used to crack a weak password is an example of what?
  • Which of the following features limits the reach of a broadcast frame?
  • You want to ensure that a switch port is disabled if it stops receiving BPDUs from its neighbor. Which comman…
  • Which layer of the SDN Architecture contains the fabric?
  • A router, a WLC, and several LWAPs are connected to SW1. ROAS is used for routing between subnets. FlexConnec…
  • You issue the following configurations: R1(config)# ip route 203.0.113.0 255.255.255.0 192.168.1.1 R1(config)…

Answers and explanations

Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.

Q1. A piece of software that can be used to crack a weak password is an example of what?

Answer: A. Exploit

An exploit is a tool used to take advantage of a vulnerability. The trap is confusing the tool with the weakness it targets.

Q2. Which of the following features limits the reach of a broadcast frame?

Answer: B. VLANs

VLANs segment a physical network into separate broadcast domains. The trap is subnetting, which affects Layer 3 forwarding, not broadcast domains.

Q3. You want to ensure that a switch port is disabled if it stops receiving BPDUs from its neighbor. Which command should you use to achieve this?

Answer: C. spanning-tree guard loop

The correct answer proves that Loop Guard disables a port upon BPDU loss to prevent Layer-2 loops. The distractor cue is recognizing that BPDU Filter prevents BPDUs from being sent, not received.

Q4. Which layer of the SDN Architecture contains the fabric?

Answer: B. Infrastructure

The answer proves the infrastructure layer is responsible for the physical and logical network fabric. The distractors describe other SDN layers like application or control.

Q5. A router, a WLC, and several LWAPs are connected to SW1. ROAS is used for routing between subnets. FlexConnect is enabled for some WLANs. Which of the following ports on SW1 should be trunk ports?

Answer: B. The ports connected to the router, WLC, and APs.

The answer proves that ports to the router, WLC, and APs must be trunks to carry multiple VLANs. The distractors incorrectly omit at least one device that requires trunking.

Q6. You issue the following configurations: R1(config)# ip route 203.0.113.0 255.255.255.0 192.168.1.1 R1(config)# ip route 203.0.113.0 255.255.255.0 192.168.2.1 R1(config)# ip route 203.0.113.0 255.255.255.0 192.168.3.1 2 R1(config)# ip route…

Answer: C. Three

The answer proves that only one route with the best administrative distance is added. The distractors fail to account for the tie between the three routes with an AD of 1.

Q7. Which of the following statements about MAC address learning and aging is true?

Answer: A. Dynamic entries are cleared from the MAC address table after 300 seconds of inactivity.

The correct answer proves that dynamic MAC entries age based on inactivity, not absolute time. Static entries never age, eliminating other options.

Q8. What does a Cisco router use to name its RSA keys by default?

Answer: A. FQDN

The correct answer proves that RSA keys are named using the router's FQDN. The trap is confusing the hostname-only naming with the full FQDN standard.

Q9. Which of the following provisioning and management tools is written in Go?

Answer: B. Terraform

The correct answer proves knowledge of a popular IaC tool's programming language. Puppet and Chef are Ruby-based, Ansible is Python-based, making them distinguishable distractors.

Q10. Examine the network below. You configure ACL 101 to prevent hosts in 10.0.0.0/24 and 172.16.0.0/24 from using HTTPS to access SRV1. You want to apply the ACL to a single interface to achieve this goal. Which interface should this ACL be ap…

Answer: A. Outbound on R1 G0/0

Applying the ACL outbound on R1's G0/0 interface filters traffic close to the source. The elimination cue is the rule that extended ACLs should be placed near the source.

Q11. Examine the diagram below. Which configuration on SW1 G0/0 allows PC1 (VLAN 10) and PH1 (VLAN 20) to be in separate VLANs without configuring G0/0 in trunk mode?

Answer: A. switchport access vlan 10

The correct answer proves that a voice VLAN can be assigned to an access port to carry a second tagged VLAN. The distractor cue is knowing that a standard access port can only be assigned a single access VLAN.

Q12. You want to activate OSPF on R1's G0/1 and G0/2 interfaces with a single command. The IP address of G0/1 is 172.21.31.28/25 and G0/2 is 172.21.34.29/30. Which of the following commands should you use on R1?

Answer: D. network 172.16.0.0 0.15.255.255 area 0

The answer proves the wildcard mask logic in an OSPF network command to match multiple subnets. The distractors use incorrect wildcard masks that fail to match both interface addresses.

Q13. You issue the switchport mode trunk command on an interface but receive an error message. Which of the following is the reason for this output?

Answer: C. The switch supports both ISL and 802.1Q.

The correct answer proves that a switch must manually configure trunk encapsulation when in auto mode and supports both ISL and 802.1Q. The trap is assuming modern switches that don't support ISL don't require this configuration.

Q14. In OAuth2.0, which party grants authorization to the client?

Answer: A. Resource owner

The correct answer identifies the OAuth2.0 role representing the end-user who has authority over the resource. The other options are server-side components and do not grant authorization.

Q15. Which of the following AP modes will tunnel user data traffic to a centralized controller?

Answer: A. Local

The correct answer proves that Local mode APs use CAPWAP to tunnel all data traffic to a controller. Other options like FlexConnect tunnel control but switch data locally.

Q16. Examine the network below: R1, R2, and R3 do not have any static routes configured. What is the minimum number of static routes that must be configured to allow PC1 and PC3 to communicate?

Answer: B. 4

The correct answer proves that each router needs a route to the destination network not directly connected. The distractor trap is counting routes to all intermediate networks instead of just the final destination networks.

Q17. How can network automation help reduce operational expenses (OpEx)?

Answer: A. Generating device configurations requires fewer man-hours.

The correct answer proves that automation reduces OpEx by minimizing man-hours for repetitive tasks like configuration changes. Other options confuse design or hardware effects.

Q18. You issue the following command on R1's G0/0 interface: ipv6 address 2001:db8:0:1::/64 eui-64. The MAC address of G0/0 is 962f.6d8a.8e27. What will be the IPv6 address of R1's G0/0 interface?

Answer: C. 2001:db8:0:1:942f:6dff:fe8a:8e27

The answer proves the correct EUI-64 process, which involves flipping the 7th bit of the MAC and inserting FFFE. The distractors incorrectly apply the bit-flip step, a common trap.

More CCNA part: 2 drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.

Scroll to Top
Privacy Terms Contact