Sample questions
CompTIA Network+ N10-009 practice questions
Which layer of the OSI model is responsible for logical addressing and routing of packets between networks?
Trap 1: Data Link layer
The Data Link layer (Layer 2) is responsible for physical addressing (MAC) and framing.
Trap 2: Transport layer
The Transport layer (Layer 4) ensures reliable end-to-end communication and segmentation.
Trap 3: Application layer
The Application layer (Layer 7) provides network services to user applications.
- A
Data Link layer
Why wrong: The Data Link layer (Layer 2) is responsible for physical addressing (MAC) and framing.
- B
Network layer
The Network layer provides logical addressing and routing functions, enabling communication across different networks.
- C
Transport layer
Why wrong: The Transport layer (Layer 4) ensures reliable end-to-end communication and segmentation.
- D
Application layer
Why wrong: The Application layer (Layer 7) provides network services to user applications.
Users in VLAN 10 cannot obtain IP addresses from a DHCP server located in VLAN 20. The router has an ip helper-address configured on VLAN 10 interface pointing to the DHCP server. Users can ping the DHCP server IP from the router. However, users are receiving APIPA addresses. What is the most likely cause?
Trap 1: The DHCP server is not reachable from the router
The scenario states that users can ping the DHCP server from the router, so the server is reachable.
Trap 2: The router's ip helper-address is configured incorrectly
Ping success indicates the router can reach the server, so the helper address is likely correct. The issue is on the server side.
Trap 3: The switch ports are not configured for VLAN 10
If ports were in the wrong VLAN, clients would likely not even obtain APIPA addresses or communicate with the router at all.
- A
The DHCP server is not reachable from the router
Why wrong: The scenario states that users can ping the DHCP server from the router, so the server is reachable.
- B
The DHCP server scope does not include the VLAN 10 subnet
Even if the DHCP server receives the request, it will not offer an IP address if it has no scope configured for the subnet of the requesting client (VLAN 10).
- C
The router's ip helper-address is configured incorrectly
Why wrong: Ping success indicates the router can reach the server, so the helper address is likely correct. The issue is on the server side.
- D
The switch ports are not configured for VLAN 10
Why wrong: If ports were in the wrong VLAN, clients would likely not even obtain APIPA addresses or communicate with the router at all.
Which of the following is a characteristic of a Layer 2 network switch?
Trap 1: Makes forwarding decisions based on IP addresses
IP address forwarding is a Layer 3 function performed by routers and Layer 3 switches.
Trap 2: Can route traffic between different VLANs without a router
Routing between VLANs requires Layer 3 functionality. A pure Layer 2 switch cannot perform inter-VLAN routing.
Trap 3: Provides Network Address Translation (NAT)
NAT is a Layer 3 function typically performed by routers or firewalls.
- A
Makes forwarding decisions based on IP addresses
Why wrong: IP address forwarding is a Layer 3 function performed by routers and Layer 3 switches.
- B
Uses MAC addresses to make forwarding decisions
Layer 2 switches use MAC address tables to forward frames to the correct port based on the destination MAC address.
- C
Can route traffic between different VLANs without a router
Why wrong: Routing between VLANs requires Layer 3 functionality. A pure Layer 2 switch cannot perform inter-VLAN routing.
- D
Provides Network Address Translation (NAT)
Why wrong: NAT is a Layer 3 function typically performed by routers or firewalls.
Which of the following network devices operates primarily at Layer 2 of the OSI model and uses MAC addresses to forward data?
Trap 1: Hub
A hub operates at Layer 1 (physical layer) and blindly repeats signals to all ports.
Trap 2: Router
A router operates at Layer 3 (network layer) and forwards packets based on IP addresses.
Trap 3: Firewall
A firewall can operate at multiple layers, but its primary function is security filtering, not MAC-based forwarding.
- A
Hub
Why wrong: A hub operates at Layer 1 (physical layer) and blindly repeats signals to all ports.
- B
Switch
A switch forwards frames based on MAC addresses, operating at the data link layer.
- C
Router
Why wrong: A router operates at Layer 3 (network layer) and forwards packets based on IP addresses.
- D
Firewall
Why wrong: A firewall can operate at multiple layers, but its primary function is security filtering, not MAC-based forwarding.
Which of the following is a characteristic of UDP when compared to TCP?
Trap 1: A) UDP uses sequence numbers for ordering
UDP does not use sequence numbers; TCP does to ensure ordered delivery.
Trap 2: B) UDP provides reliable data delivery
UDP is unreliable; it does not guarantee delivery. TCP provides reliability through acknowledgments and retransmissions.
Trap 3: D) UDP requires a three-way handshake to establish a connection
UDP is connectionless and does not use a handshake. TCP uses a three-way handshake (SYN, SYN-ACK, ACK) to establish a connection.
- A
A) UDP uses sequence numbers for ordering
Why wrong: UDP does not use sequence numbers; TCP does to ensure ordered delivery.
- B
B) UDP provides reliable data delivery
Why wrong: UDP is unreliable; it does not guarantee delivery. TCP provides reliability through acknowledgments and retransmissions.
- C
C) UDP has lower overhead due to minimal header
Correct. UDP has a smaller header (8 bytes) compared to TCP (20 bytes) and no connection setup, resulting in lower overhead.
- D
D) UDP requires a three-way handshake to establish a connection
Why wrong: UDP is connectionless and does not use a handshake. TCP uses a three-way handshake (SYN, SYN-ACK, ACK) to establish a connection.
Which of the following IPv6 addresses is a valid link-local address?
Trap 1: 2001:db8::1
2001:db8::/32 is reserved for documentation and is a global unicast address.
Trap 2: ff02::1
ff02::1 is the all-nodes multicast address, not a link-local unicast address.
Trap 3: 10.0.0.1
10.0.0.1 is an IPv4 address; it is not a valid IPv6 address.
- A
fe80::1
fe80::/10 is the prefix for link-local addresses; fe80::1 is a common link-local address.
- B
2001:db8::1
Why wrong: 2001:db8::/32 is reserved for documentation and is a global unicast address.
- C
ff02::1
Why wrong: ff02::1 is the all-nodes multicast address, not a link-local unicast address.
- D
10.0.0.1
Why wrong: 10.0.0.1 is an IPv4 address; it is not a valid IPv6 address.
Which of the following security mechanisms requires a user to authenticate before gaining access to the wired network at a switch port?
Trap 1: Port security
Port security limits based on MAC addresses but does not require authentication; MAC addresses can be spoofed.
Trap 2: ACL
Access control lists filter traffic after the connection is established, they do not authenticate the user before access.
Trap 3: MAC authentication
MAC authentication is a form of authentication based on the MAC address, but it is less secure than 802.1X and can be bypassed. 802.1X is the more robust standard.
- A
802.1X
802.1X is a Layer 2 protocol that blocks all traffic until the device authenticates, providing strong access control.
- B
Port security
Why wrong: Port security limits based on MAC addresses but does not require authentication; MAC addresses can be spoofed.
- C
ACL
Why wrong: Access control lists filter traffic after the connection is established, they do not authenticate the user before access.
- D
MAC authentication
Why wrong: MAC authentication is a form of authentication based on the MAC address, but it is less secure than 802.1X and can be bypassed. 802.1X is the more robust standard.
Which of the following network topologies provides the highest level of redundancy and fault tolerance?
Trap 1: Star
A star topology has a single point of failure at the central device.
Trap 2: Bus
A bus topology is susceptible to failures along the single cable and lacks redundancy.
Trap 3: Ring
A ring topology can provide redundancy with dual rings, but a single ring fails if one link breaks.
- A
Star
Why wrong: A star topology has a single point of failure at the central device.
- B
Bus
Why wrong: A bus topology is susceptible to failures along the single cable and lacks redundancy.
- C
Ring
Why wrong: A ring topology can provide redundancy with dual rings, but a single ring fails if one link breaks.
- D
Mesh
A mesh topology offers multiple redundant paths, providing the highest fault tolerance.
Which of the following protocols is used to automatically assign IP addresses to devices on a network?
Trap 1: A) DNS
DNS (Domain Name System) translates domain names to IP addresses, not assign IP addresses.
Trap 2: C) ARP
ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses within a local network.
Trap 3: D) ICMP
ICMP (Internet Control Message Protocol) is used for error reporting and diagnostics (e.g., ping).
- A
A) DNS
Why wrong: DNS (Domain Name System) translates domain names to IP addresses, not assign IP addresses.
- B
B) DHCP
DHCP (Dynamic Host Configuration Protocol) is the correct protocol for automatic IP address assignment.
- C
C) ARP
Why wrong: ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses within a local network.
- D
D) ICMP
Why wrong: ICMP (Internet Control Message Protocol) is used for error reporting and diagnostics (e.g., ping).
An organization uses OSPF as its interior gateway protocol in a multi-area design. After a core router failure, the network takes several seconds to reconverge. Which technology can be implemented to improve convergence speed?
Trap 1: Implement LSA throttling
LSA throttling controls the rate at which LSAs are generated, which can prevent network flooding but does not speed up failure detection.
Trap 2: Enable OSPF fast hello timers
Fast hello timers reduce the hello interval, which can speed up neighbor loss detection, but BFD is usually faster and more consistent.
Trap 3: Convert all areas to stub areas
Stub areas reduce the types of LSAs but do not directly improve convergence speed after a failure.
- A
Implement LSA throttling
Why wrong: LSA throttling controls the rate at which LSAs are generated, which can prevent network flooding but does not speed up failure detection.
- B
Enable OSPF fast hello timers
Why wrong: Fast hello timers reduce the hello interval, which can speed up neighbor loss detection, but BFD is usually faster and more consistent.
- C
Configure BFD (Bidirectional Forwarding Detection)
BFD provides sub-second failure detection, allowing OSPF to converge much faster than with default timers.
- D
Convert all areas to stub areas
Why wrong: Stub areas reduce the types of LSAs but do not directly improve convergence speed after a failure.
A network engineer has successfully established an IPsec site-to-site VPN tunnel between a branch office (10.0.1.0/24) and the main office (192.168.1.0/24). The tunnel status shows as active, and both sides can ping each other's tunnel interface IP addresses. However, users at the branch office cannot ping the main office server at 192.168.1.10, and the main office cannot ping the branch office server at 10.0.1.10. The firewall rules on both sides permit IPsec traffic and all internal traffic. What should the engineer check NEXT?
Trap 1: Check the IPsec security associations for encryption algorithm…
If the tunnel is active and both sides can ping tunnel IPs, the IPsec parameters are correctly negotiated. An algorithm mismatch would prevent the tunnel from establishing.
Trap 2: Disable the firewall on the internal interfaces temporarily.
The firewall rules already permit traffic. Disabling firewalls is not a best practice and would not resolve a routing issue.
Trap 3: Regenerate the pre-shared key on both sides.
Regenerating the PSK is unnecessary because the tunnel is already established. The PSK is only used during initial authentication.
- A
Verify routing entries on both routers to ensure the remote internal subnets are reachable via the tunnel.
Both routers need to have routes pointing to the remote internal subnets (e.g., 192.168.1.0/24 and 10.0.1.0/24) with the tunnel interface as the next hop. Without these routes, traffic from internal hosts will not be directed into the tunnel.
- B
Check the IPsec security associations for encryption algorithm mismatch.
Why wrong: If the tunnel is active and both sides can ping tunnel IPs, the IPsec parameters are correctly negotiated. An algorithm mismatch would prevent the tunnel from establishing.
- C
Disable the firewall on the internal interfaces temporarily.
Why wrong: The firewall rules already permit traffic. Disabling firewalls is not a best practice and would not resolve a routing issue.
- D
Regenerate the pre-shared key on both sides.
Why wrong: Regenerating the PSK is unnecessary because the tunnel is already established. The PSK is only used during initial authentication.
A user reports slow network performance on their workstation. The technician checks the switch port and sees a high number of CRC errors. Which of the following is the MOST likely cause of this issue?
Trap 1: A faulty cable
A faulty cable can cause CRC errors, but it is less common than duplex mismatch in modern networks with auto-MDIX.
Trap 2: VLAN mismatch
VLAN mismatch prevents connectivity and causes the switch port to be in a non-forwarding state, not CRC errors.
Trap 3: Incorrect MTU setting
Incorrect MTU can cause packet fragmentation or drops, but CRC errors are usually not the direct result.
- A
A faulty cable
Why wrong: A faulty cable can cause CRC errors, but it is less common than duplex mismatch in modern networks with auto-MDIX.
- B
Duplex mismatch
A duplex mismatch occurs when one device is set to full duplex and the other to half duplex. This causes late collisions and CRC errors, leading to poor performance.
- C
VLAN mismatch
Why wrong: VLAN mismatch prevents connectivity and causes the switch port to be in a non-forwarding state, not CRC errors.
- D
Incorrect MTU setting
Why wrong: Incorrect MTU can cause packet fragmentation or drops, but CRC errors are usually not the direct result.
Which of the following network protocols operates at the Transport layer of the OSI model and provides connection-oriented, reliable data delivery?
Trap 1: UDP
UDP is a transport layer protocol, but it is connectionless and unreliable; it does not provide guaranteed delivery.
Trap 2: IP
IP operates at the Network layer (Layer 3) and handles logical addressing and routing, not reliable transport.
Trap 3: ARP
ARP maps IP addresses to MAC addresses and operates at Layer 2/3, not at the Transport layer.
- A
UDP
Why wrong: UDP is a transport layer protocol, but it is connectionless and unreliable; it does not provide guaranteed delivery.
- B
TCP
TCP provides connection-oriented, reliable data delivery with features like flow control, error checking, and retransmission of lost packets.
- C
IP
Why wrong: IP operates at the Network layer (Layer 3) and handles logical addressing and routing, not reliable transport.
- D
ARP
Why wrong: ARP maps IP addresses to MAC addresses and operates at Layer 2/3, not at the Transport layer.
A security engineer is configuring port security on a switch to prevent unauthorized devices from connecting. The requirement is that only the first device to connect to a port is allowed, and if a different device connects, the port should be disabled. Which port security violation mode should be configured?
Trap 1: Protect
Protect mode drops traffic from unauthorized MACs but does not disable the port or send a notification; it silently discards packets.
Trap 2: Restrict
Restrict mode drops traffic from unauthorized MACs and generates a log message or SNMP trap, but the port remains operational.
Trap 3: Sticky
Sticky is a learning method, not a violation mode. It dynamically learns MAC addresses and adds them to the configuration but does not define the action on a violation.
- A
Protect
Why wrong: Protect mode drops traffic from unauthorized MACs but does not disable the port or send a notification; it silently discards packets.
- B
Restrict
Why wrong: Restrict mode drops traffic from unauthorized MACs and generates a log message or SNMP trap, but the port remains operational.
- C
Shutdown
Shutdown mode (or 'shutdown' violation) disables the port when a violation occurs, which is the most secure response and meets the requirement.
- D
Sticky
Why wrong: Sticky is a learning method, not a violation mode. It dynamically learns MAC addresses and adds them to the configuration but does not define the action on a violation.
A user reports intermittent inability to access websites. When the issue occurs, the user can ping external IP addresses (e.g., 8.8.8.8) but cannot ping domain names like google.com. The user's IP configuration shows a DNS server address of 8.8.8.8. What is the most likely cause?
Trap 1: The default gateway is down.
If the default gateway were down, the user would not be able to ping any external IP addresses. The fact that pinging 8.8.8.8 works rules this out.
Trap 2: The corporate firewall is blocking UDP port 53.
A firewall block on UDP port 53 would cause DNS failures consistently, not intermittently. The user would never be able to resolve domain names.
Trap 3: The user's machine has a corrupted DNS cache.
A corrupted DNS cache typically causes failures for specific cached entries, but the issue is described as intermittent and affects all domain names. Flushing the cache might resolve it, but the intermittent nature points more to server load.
- A
The DNS server is reachable but not responding due to high load.
Correct. If the DNS server is overloaded, it may drop queries intermittently. The user can still ping the server (ICMP is different from DNS), but DNS queries time out.
- B
The default gateway is down.
Why wrong: If the default gateway were down, the user would not be able to ping any external IP addresses. The fact that pinging 8.8.8.8 works rules this out.
- C
The corporate firewall is blocking UDP port 53.
Why wrong: A firewall block on UDP port 53 would cause DNS failures consistently, not intermittently. The user would never be able to resolve domain names.
- D
The user's machine has a corrupted DNS cache.
Why wrong: A corrupted DNS cache typically causes failures for specific cached entries, but the issue is described as intermittent and affects all domain names. Flushing the cache might resolve it, but the intermittent nature points more to server load.
Which of the following is a characteristic of a connectionless protocol at the transport layer?
Trap 1: It establishes a session before sending data
Establishing a session is a characteristic of connection-oriented protocols like TCP.
Trap 2: It guarantees delivery using acknowledgments
Acknowledgments and guaranteed delivery are features of reliable, connection-oriented protocols.
Trap 3: It retransmits lost segments
Retransmission of lost segments is performed by reliable protocols like TCP, not connectionless protocols.
- A
It establishes a session before sending data
Why wrong: Establishing a session is a characteristic of connection-oriented protocols like TCP.
- B
It guarantees delivery using acknowledgments
Why wrong: Acknowledgments and guaranteed delivery are features of reliable, connection-oriented protocols.
- C
It does not require a virtual circuit
Connectionless protocols send data independently without setting up a virtual circuit or logical connection.
- D
It retransmits lost segments
Why wrong: Retransmission of lost segments is performed by reliable protocols like TCP, not connectionless protocols.
Which of the following uniquely identifies a hardware network interface on a device?
Trap 1: IP address
An IP address identifies a device on a network but can change (DHCP) and does not uniquely identify the hardware interface.
Trap 2: Subnet mask
The subnet mask is used for network division, not for identifying a specific hardware interface.
Trap 3: Default gateway
The default gateway is the IP address of a router used to reach remote networks, not a hardware identifier.
- A
MAC address
A MAC address is a 48-bit hardware address assigned to each network interface card (NIC) for local network communications.
- B
IP address
Why wrong: An IP address identifies a device on a network but can change (DHCP) and does not uniquely identify the hardware interface.
- C
Subnet mask
Why wrong: The subnet mask is used for network division, not for identifying a specific hardware interface.
- D
Default gateway
Why wrong: The default gateway is the IP address of a router used to reach remote networks, not a hardware identifier.
A company wants to allow inbound HTTPS traffic to a web server located in the DMZ from the Internet. The firewall has three interfaces: Inside (corporate network), Outside (Internet), and DMZ (web server). Which of the following firewall rules is required?
Trap 1: Allow traffic from DMZ to Outside on port 443
This rule permits outbound traffic from the DMZ to the Internet, which would allow the web server to initiate outbound connections, but does not allow inbound HTTPS requests.
Trap 2: Allow traffic from Inside to DMZ on port 443
This rule permits internal corporate users to access the web server, but not external users from the Internet.
Trap 3: Allow traffic from Outside to Inside on port 443
This would allow inbound traffic directly into the corporate network, bypassing the DMZ, which is not the intention and violates security best practices.
- A
Allow traffic from Outside to DMZ on port 443
This rule permits HTTPS traffic from the Internet (Outside) to the web server in the DMZ, which is the requirement.
- B
Allow traffic from DMZ to Outside on port 443
Why wrong: This rule permits outbound traffic from the DMZ to the Internet, which would allow the web server to initiate outbound connections, but does not allow inbound HTTPS requests.
- C
Allow traffic from Inside to DMZ on port 443
Why wrong: This rule permits internal corporate users to access the web server, but not external users from the Internet.
- D
Allow traffic from Outside to Inside on port 443
Why wrong: This would allow inbound traffic directly into the corporate network, bypassing the DMZ, which is not the intention and violates security best practices.
Which of the following network devices operates at Layer 1 of the OSI model and forwards all incoming electrical signals to all of its ports?
Trap 1: Router
A router operates at Layer 3 (Network layer) and makes forwarding decisions based on IP addresses, not Layer 1.
Trap 2: Switch
A switch operates at Layer 2 (Data Link layer) and forwards frames based on MAC addresses, not Layer 1.
Trap 3: Bridge
A bridge operates at Layer 2 and forwards frames based on MAC addresses, not Layer 1.
- A
Router
Why wrong: A router operates at Layer 3 (Network layer) and makes forwarding decisions based on IP addresses, not Layer 1.
- B
Switch
Why wrong: A switch operates at Layer 2 (Data Link layer) and forwards frames based on MAC addresses, not Layer 1.
- C
Hub
A hub is a Layer 1 device that repeats all incoming signals to all ports without any intelligence or filtering.
- D
Bridge
Why wrong: A bridge operates at Layer 2 and forwards frames based on MAC addresses, not Layer 1.
A network administrator is configuring OSPF on routers in a multi-area network. The administrator wants to ensure that a router in area 1 does not learn external routes (Type 5 LSAs) injected by an ASBR in area 0, but it must still learn inter-area routes (Type 3 LSAs). The administrator wants to reduce the routing table size. Which OSPF area type should be configured for area 1?
Trap 1: Totally stubby area
A totally stubby area blocks both Type 5 and Type 3 LSAs, replacing them with a default route. This would prevent learning inter-area routes, which the administrator wants.
Trap 2: Not-so-stubby-area (NSSA)
NSSA blocks Type 5 LSAs but allows Type 7 LSAs for external routes redistributed from within the area. It still allows Type 3 LSAs. However, the question does not mention redistributing external routes into area 1; a stub area is simpler.
Trap 3: Normal area
A normal area does not block any LSA types; it would receive both Type 3 and Type 5 LSAs, which does not meet the requirement to reduce routing table size by blocking Type 5 LSAs.
- A
Stub area
A stub area blocks Type 5 LSAs (external routes) but allows Type 3 LSAs (inter-area routes). It also uses a default route for external destinations.
- B
Totally stubby area
Why wrong: A totally stubby area blocks both Type 5 and Type 3 LSAs, replacing them with a default route. This would prevent learning inter-area routes, which the administrator wants.
- C
Not-so-stubby-area (NSSA)
Why wrong: NSSA blocks Type 5 LSAs but allows Type 7 LSAs for external routes redistributed from within the area. It still allows Type 3 LSAs. However, the question does not mention redistributing external routes into area 1; a stub area is simpler.
- D
Normal area
Why wrong: A normal area does not block any LSA types; it would receive both Type 3 and Type 5 LSAs, which does not meet the requirement to reduce routing table size by blocking Type 5 LSAs.
A network administrator is troubleshooting communication between two switches connected via a trunk port. The trunk link is up/up, but devices in VLAN 20 cannot communicate across the trunk. The administrator has verified that both switches have VLAN 20 created and that the access ports are configured correctly. Which command should the administrator run on each switch to verify the trunk's allowed VLAN list?
Trap 1: show vlan brief
This command shows VLAN information but does not display trunk-specific allowed VLAN lists for each trunk interface.
Trap 2: show running-config interface
While this shows the configuration, it may not show the default allowed VLAN list if not explicitly configured; 'show interfaces trunk' is more direct.
Trap 3: show mac address-table
This command shows MAC address table entries, not trunk configuration.
- A
show vlan brief
Why wrong: This command shows VLAN information but does not display trunk-specific allowed VLAN lists for each trunk interface.
- B
show interfaces trunk
Correct. This command displays detailed trunk status, including the allowed VLAN list, native VLAN, and trunking mode, helping to verify if VLAN 20 is allowed.
- C
show running-config interface
Why wrong: While this shows the configuration, it may not show the default allowed VLAN list if not explicitly configured; 'show interfaces trunk' is more direct.
- D
show mac address-table
Why wrong: This command shows MAC address table entries, not trunk configuration.
A network administrator wants to ensure that only authorized devices can access the network on a switch port. The administrator has a list of allowed MAC addresses. Which security feature should be enabled on the switch port?
Trap 1: 802.1X
802.1X is an authentication protocol that requires user credentials, not just MAC address filtering.
Trap 2: MAC address filtering
MAC address filtering is a general term; on switches it is implemented via port security.
Trap 3: VLAN hopping prevention
VLAN hopping prevention protects against VLAN attacks, not device authorization.
- A
802.1X
Why wrong: 802.1X is an authentication protocol that requires user credentials, not just MAC address filtering.
- B
MAC address filtering
Why wrong: MAC address filtering is a general term; on switches it is implemented via port security.
- C
Port security
Port security allows restricting access based on MAC addresses, preventing unauthorized devices.
- D
VLAN hopping prevention
Why wrong: VLAN hopping prevention protects against VLAN attacks, not device authorization.
A network administrator is configuring BGP between two autonomous systems. Which BGP attribute is primarily used to influence inbound traffic to a particular AS?
Trap 1: AS_PATH
AS_PATH influences outbound traffic by affecting path selection for routes advertised.
Trap 2: Next Hop
Next hop is used for reachability, not for inbound traffic influence.
Trap 3: Local Preference
Local preference influences outbound traffic selection from the router's AS.
- A
AS_PATH
Why wrong: AS_PATH influences outbound traffic by affecting path selection for routes advertised.
- B
Next Hop
Why wrong: Next hop is used for reachability, not for inbound traffic influence.
- C
Local Preference
Why wrong: Local preference influences outbound traffic selection from the router's AS.
- D
MED (Multi-Exit Discriminator)
The MED attribute is used to suggest to a neighboring AS the preferred path for inbound traffic when multiple entry points exist.
A network administrator needs to be notified immediately when the CPU utilization on a core router exceeds 90%. Which SNMP mechanism should be configured on the router?
Trap 1: SNMP get
SNMP get is a request initiated by the NMS to retrieve a value, not an unsolicited alert mechanism.
Trap 2: SNMP walk
SNMP walk is a method to traverse a set of OIDs, not an alert mechanism.
Trap 3: SNMP set
SNMP set is used to modify configuration parameters, not to send alerts.
- A
SNMP get
Why wrong: SNMP get is a request initiated by the NMS to retrieve a value, not an unsolicited alert mechanism.
- B
SNMP trap
Traps are sent by the device to the NMS when conditions such as high CPU utilization are met.
- C
SNMP walk
Why wrong: SNMP walk is a method to traverse a set of OIDs, not an alert mechanism.
- D
SNMP set
Why wrong: SNMP set is used to modify configuration parameters, not to send alerts.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.