CCNA Network Operations Questions

29 of 104 questions · Page 2/2 · Network Operations · Answers revealed

76
MCQmedium

A network administrator needs to replace a core switch that is nearing end-of-life. According to change management best practices, which step should the administrator perform FIRST?

A.A
B.B
C.C
D.D
AnswerD

Submitting a change request is the first step in the formal change management process.

Why this answer

Option D is correct because, according to change management best practices, the first step is to create a detailed change request or plan that documents the scope, risk assessment, rollback procedures, and approval requirements. This ensures all stakeholders review and authorize the replacement before any physical work begins, minimizing network downtime and operational impact.

Exam trap

The trap here is that candidates often confuse the urgency of replacing an end-of-life device with the need to bypass formal change management steps, assuming immediate action is required rather than following the documented approval process.

How to eliminate wrong answers

Option A is wrong because immediately notifying users of an outage before the change is approved violates change management procedures; notification should occur after the change is scheduled and approved. Option B is wrong because ordering the replacement switch before assessing compatibility, configuration requirements, and obtaining change approval can lead to procurement of incorrect hardware or unnecessary delays. Option C is wrong because physically installing the new switch without prior change approval, testing, and rollback planning bypasses the mandatory review and authorization steps, risking unplanned outages.

77
MCQmedium

A network administrator needs to monitor network devices using SNMP. The security policy requires that both authentication and data encryption must be enforced for all SNMP operations. Which SNMPv3 security level should be configured?

A.authPriv
B.noAuthNoPriv
C.authNoPriv
D.noAuthPriv
AnswerA

Correct. authPriv provides both authentication (HMAC-MD5 or HMAC-SHA) and encryption (CBC-DES or CFB-AES).

Why this answer

The authPriv security level is correct because it enforces both authentication (via HMAC-MD5 or HMAC-SHA) and data encryption (via DES or AES) for SNMPv3 operations, satisfying the security policy requirement. SNMPv3 defines three security levels: noAuthNoPriv, authNoPriv, and authPriv, with authPriv being the only one that provides both authentication and encryption.

Exam trap

The trap here is that candidates often confuse 'authNoPriv' as sufficient because they think authentication alone meets security requirements, or they invent 'noAuthPriv' as a plausible-sounding option, but SNMPv3 strictly requires authentication before encryption can be applied.

How to eliminate wrong answers

Option B (noAuthNoPriv) is wrong because it provides neither authentication nor encryption, which violates the requirement for both. Option C (authNoPriv) is wrong because it provides authentication but no encryption, failing the data encryption requirement. Option D (noAuthPriv) is wrong because it is not a valid SNMPv3 security level; SNMPv3 does not define a level with encryption without authentication.

78
MCQhard

A network administrator needs to analyze bandwidth usage on a WAN link to determine which applications are generating the most traffic. The administrator requires detailed flow-level data including source/destination IP, ports, and protocol. Which technology should be used to collect this information?

A.NetFlow
B.SNMP
C.Syslog
D.ICMP
AnswerA

Correct. NetFlow provides per-flow traffic statistics, enabling application-level bandwidth analysis.

Why this answer

NetFlow is the correct choice because it provides detailed flow-level data, including source and destination IP addresses, ports, and protocols, which is exactly what the administrator needs to analyze bandwidth usage per application on a WAN link. Unlike SNMP or Syslog, NetFlow captures per-flow metadata that allows identification of which applications are generating the most traffic.

Exam trap

The trap here is that candidates often confuse SNMP's interface utilization statistics with the detailed per-flow data that NetFlow provides, leading them to choose SNMP when the question explicitly asks for source/destination IP, ports, and protocol.

How to eliminate wrong answers

Option B (SNMP) is wrong because it provides aggregate interface statistics (e.g., total bytes in/out) and cannot reveal per-flow details like source/destination IP, ports, or protocol. Option C (Syslog) is wrong because it is used for logging system events and error messages, not for capturing network flow data or bandwidth usage by application. Option D (ICMP) is wrong because it is a diagnostic protocol used for error reporting and reachability testing (e.g., ping), and it does not provide any flow-level traffic analysis capabilities.

79
MCQmedium

A network administrator needs to collect traffic flow data from routers and switches to analyze bandwidth usage patterns. Which protocol should be implemented on the devices to export flow data to a collector?

A.SNMP
B.NetFlow
C.ICMP
D.LLDP
AnswerB

Correct. NetFlow is a protocol that captures and exports IP traffic flow information, including source/destination, ports, and byte counts, to a collector for analysis.

Why this answer

NetFlow (or its standards-based equivalent, IPFIX) is the correct protocol because it is specifically designed to export traffic flow metadata—such as source/destination IPs, ports, and byte counts—from routers and switches to a collector for bandwidth usage analysis. SNMP can poll interface counters but does not provide per-flow granularity, making NetFlow the appropriate choice for detailed traffic pattern analysis.

Exam trap

The trap here is that candidates often confuse SNMP's ability to poll interface bandwidth utilization with the need for per-flow granularity, leading them to choose SNMP instead of recognizing that NetFlow is the dedicated protocol for exporting flow data.

How to eliminate wrong answers

Option A (SNMP) is wrong because SNMP is used for polling device statistics (e.g., interface utilization) and does not export flow-level data; it lacks the ability to report per-flow conversations. Option C (ICMP) is wrong because ICMP is a network-layer protocol for error reporting and diagnostics (e.g., ping/traceroute), not for exporting traffic flow records. Option D (LLDP) is wrong because LLDP is a link-layer discovery protocol used to advertise device identity and capabilities to neighbors, not to export flow data to a collector.

80
MCQeasy

A network administrator notices that log timestamps from different switches are inconsistent, making correlation of events difficult. Which protocol should be implemented to ensure all devices have the same time?

A.SNMP
B.NTP
C.SMTP
D.RIP
AnswerB

NTP synchronizes clocks across network devices, ensuring log timestamps are consistent.

Why this answer

NTP (Network Time Protocol) is the standard protocol used to synchronize clocks across network devices. By configuring all switches to use the same NTP server, timestamps in logs become consistent, enabling accurate correlation of events across the network.

Exam trap

Cisco often tests NTP as the solution for time synchronization, but the trap here is that candidates may confuse SNMP (which can retrieve system uptime or timeticks) as a method to synchronize clocks, whereas SNMP only reads or writes management information, not the system clock itself.

How to eliminate wrong answers

Option A (SNMP) is wrong because it is used for monitoring and managing network devices, not for time synchronization. Option C (SMTP) is wrong because it is a protocol for email transmission, not for clock synchronization. Option D (RIP) is wrong because it is a distance-vector routing protocol used to exchange routing information, not for time synchronization.

81
MCQmedium

A network administrator wants to monitor network devices using SNMP. The security policy requires both authentication and encryption of SNMP packets. Which SNMP version and security level should be configured?

A.SNMPv2c with a community string
B.SNMPv3 with authNoPriv
C.SNMPv3 with authPriv
D.SNMPv1 with a community string
AnswerC

authPriv provides both authentication (e.g., SHA) and encryption (e.g., AES), satisfying the policy.

Why this answer

SNMPv3 is the only version that supports both authentication and encryption. The security level 'authPriv' enables both authentication (via HMAC-MD5 or HMAC-SHA) and encryption (via CBC-DES or CFB128-AES), meeting the policy requirement. SNMPv1 and SNMPv2c use only plaintext community strings with no security, while 'authNoPriv' provides authentication without encryption.

Exam trap

The trap here is that candidates often confuse 'authNoPriv' with 'authPriv', assuming authentication alone satisfies security requirements, but the question explicitly demands both authentication and encryption.

How to eliminate wrong answers

Option A is wrong because SNMPv2c uses community strings transmitted in plaintext and provides no authentication or encryption. Option B is wrong because SNMPv3 with authNoPriv authenticates packets but does not encrypt them, failing the encryption requirement. Option D is wrong because SNMPv1 uses community strings in plaintext with no security mechanisms at all.

82
MCQeasy

Which SNMPv3 security level provides both authentication and encryption?

A.noAuthNoPriv
B.authNoPriv
C.authPriv
D.noAuthPriv
AnswerC

This level provides both authentication (using MD5 or SHA) and encryption (using DES or AES), ensuring data integrity and privacy.

Why this answer

Option C (authPriv) is correct because SNMPv3 defines three security levels: noAuthNoPriv, authNoPriv, and authPriv. The authPriv level provides both authentication (using HMAC-MD5 or HMAC-SHA) and encryption (using CBC-DES or AES) to ensure data integrity, origin verification, and confidentiality. This is the highest security level defined in RFC 3414.

Exam trap

The trap here is that candidates confuse the valid SNMPv3 security levels with the invalid 'noAuthPriv' option, which sounds plausible but is not defined in the standard—CompTIA often tests this by listing it as a distractor to catch those who haven't memorized the exact three levels.

How to eliminate wrong answers

Option A (noAuthNoPriv) is wrong because it provides neither authentication nor encryption, relying only on a community string for trivial access control. Option B (authNoPriv) is wrong because it provides authentication but no encryption, leaving the SNMP payload in cleartext and vulnerable to eavesdropping. Option D (noAuthPriv) is wrong because it is not a valid SNMPv3 security level; encryption without authentication is not defined in RFC 3414, as it would be insecure.

83
MCQmedium

A network administrator needs to perform a critical firmware upgrade on a core switch during a maintenance window. Which of the following should the administrator do FIRST before making the change?

A.Test the firmware in a lab environment
B.Notify all users of the planned outage
C.Create a backup of the current switch configuration
D.Submit a change request for approval
AnswerA

Testing in a lab ensures the firmware is compatible and stable before deployment on production hardware, reducing the risk of outages.

Why this answer

Before making any change to a production device, the firmware should first be tested in a lab environment that mirrors the production setup. This validates compatibility with existing hardware, software features, and configurations, preventing unexpected behavior such as boot loops, protocol failures, or hardware incompatibility that could cause extended outages.

Exam trap

CompTIA often tests the principle that testing in a lab environment is the first step in any change process, and the trap here is that candidates mistakenly choose creating a backup (Option C) as the first action, confusing a safety measure with the prerequisite validation step.

How to eliminate wrong answers

Option B is wrong because notifying users of a planned outage is a communication step that should occur after the change is approved and scheduled, not before testing the firmware. Option C is wrong because creating a backup of the current switch configuration is a critical safety step, but it should be performed after testing the firmware in the lab and before applying the upgrade to production; testing first ensures the firmware itself is safe to use. Option D is wrong because submitting a change request for approval is part of the change management process, but the administrator must first validate the firmware in a lab to provide accurate risk assessment and technical details for the request.

84
MCQhard

A network administrator wants to ensure that a critical file server is always reachable via a single IP address, even if the server's NIC fails. The server has a single NIC. Which technique should be used to provide high availability for this IP address?

A.Configure a load balancer in front of multiple servers
B.Implement NIC teaming
C.Use VRRP to create a virtual IP address
D.Use DNS round robin
AnswerC

VRRP allows two devices to share a virtual IP, providing failover if the primary fails.

Why this answer

VRRP (Virtual Router Redundancy Protocol) allows multiple routers or servers to share a virtual IP address, with one acting as the active master and the others as backups. If the active device fails, a backup takes over the virtual IP, ensuring continuous reachability. Since the file server has only one NIC, VRRP can be configured on a pair of routers or Layer 3 switches to provide a virtual IP that points to the server's real IP, but more practically, VRRP is used on the server's default gateway to ensure the server can always reach the network; however, for the server itself to be reachable via a single IP despite NIC failure, you would typically use a load balancer or NIC teaming, but VRRP can also be used to create a virtual IP on a pair of firewalls or routers that forward traffic to the server, making the server appear reachable via that virtual IP even if one path fails.

Exam trap

The trap here is that candidates assume NIC teaming is the only way to provide NIC redundancy, but the question explicitly states the server has a single NIC, making teaming impossible; VRRP is the correct answer because it provides a virtual IP that can be failed over between redundant routers, ensuring the server remains reachable via that IP even if one router or path fails.

How to eliminate wrong answers

Option A is wrong because a load balancer distributes traffic across multiple servers, but the question specifies a single server with a single NIC; load balancing does not provide a single IP address for that one server if its NIC fails. Option B is wrong because NIC teaming requires multiple physical NICs in the server to aggregate or fail over, but the server has only one NIC, making teaming impossible.

85
MCQmedium

A network administrator needs to implement a solution that allows for centralized management of user authentication, authorization, and accounting for network device access. The solution must support encryption of the entire authentication process. Which protocol should be selected?

A.TACACS+
B.RADIUS
C.LDAP
D.Kerberos
AnswerA

TACACS+ encrypts the entire authentication packet (username, password, etc.) and is commonly used for AAA on network devices (routers/switches).

Why this answer

TACACS+ is the correct choice because it separates authentication, authorization, and accounting (AAA) into distinct processes and encrypts the entire authentication payload, including the username, password, and all other traffic between the client and the server. This full-packet encryption ensures that credentials and session details are protected during transit, meeting the requirement for centralized management with encrypted authentication.

Exam trap

Cisco often tests the misconception that RADIUS encrypts all traffic because it uses a shared secret, but the trap is that RADIUS only encrypts the password, not the entire packet, whereas TACACS+ encrypts the full authentication payload.

How to eliminate wrong answers

Option B (RADIUS) is wrong because it encrypts only the password in the Access-Request packet, leaving the username, accounting data, and other attributes in cleartext, which does not satisfy the requirement for encrypting the entire authentication process. Option C (LDAP) is wrong because it is a directory access protocol used for querying and modifying directory services (e.g., user attributes) and does not natively provide AAA functionality or encrypt the entire authentication process; while LDAPS can encrypt the session, it lacks the accounting and authorization separation required for network device access management.

86
MCQmedium

A network administrator is planning a maintenance window to upgrade the firmware on critical switches. Which step should the administrator perform first to ensure minimal downtime?

A.Download the firmware from the vendor website
B.Back up the current configuration and firmware image
C.Notify users of the upcoming maintenance
D.Test the new firmware in a lab environment
AnswerD

Testing in a lab first validates the firmware and reduces the chance of production issues.

Why this answer

Option D is correct because testing the new firmware in a lab environment first validates compatibility and stability without risking production network downtime. This step identifies potential issues such as configuration incompatibilities or hardware-specific bugs before the maintenance window, ensuring a smooth upgrade process.

Exam trap

The trap here is that candidates often choose 'Back up the current configuration and firmware image' as the first step, confusing a critical safety measure with the initial planning phase, but CompTIA emphasizes that validation through testing must precede any changes to production devices.

How to eliminate wrong answers

Option A is wrong because downloading firmware before testing it in a lab could lead to applying untested code directly to production switches, increasing the risk of unexpected failures. Option B is wrong while backing up configuration and firmware is critical, it should be performed after testing the new firmware to ensure the backup is taken from a stable, known-good state before the upgrade. Option C is wrong because notifying users is an operational step that should occur after the technical validation and planning are complete, not as the first step.

87
MCQeasy

A network administrator receives an automated alert from the network monitoring system indicating that the bandwidth utilization on a specific switch port has exceeded the threshold for the past 10 minutes. According to best practices for network operations, what should the administrator do FIRST?

A.Immediately block the port to prevent potential network congestion from affecting other users.
B.Check the monitoring system logs to identify the traffic source and destination.
C.Reboot the switch to clear any temporary errors that might be causing the alert.
D.Increase the bandwidth on the port to accommodate the higher traffic load.
AnswerB

Reviewing logs provides context on what is causing the high utilization, enabling informed decision-making about subsequent actions.

Why this answer

Option B is correct because the first step in responding to a bandwidth utilization alert is to investigate the traffic causing the spike. Checking the monitoring system logs allows the administrator to identify the source and destination of the traffic, which is essential for determining whether the utilization is legitimate (e.g., a backup or large file transfer) or malicious (e.g., a DoS attack). This aligns with the network operations best practice of 'verify before acting' to avoid unnecessary disruptions.

Exam trap

The trap here is that candidates panic and choose 'immediately block the port' (Option A) thinking it's a proactive security measure, but Cisco tests the principle that network operations require analysis before action to avoid disrupting legitimate traffic.

How to eliminate wrong answers

Option A is wrong because immediately blocking the port violates the principle of least disruption and could interrupt legitimate business-critical traffic without any analysis; a better approach is to first identify the traffic and then apply ACLs or QoS if needed. Option C is wrong because rebooting the switch is a drastic, non-targeted action that clears all port statistics and active sessions, potentially losing forensic data and causing unnecessary downtime; the alert is about bandwidth utilization, not a hardware or software error that a reboot would fix.

88
MCQmedium

A network administrator is configuring a syslog server to receive logs from network devices. The administrator wants to capture all messages with a severity level of 'critical' (2) and higher (more severe). What severity threshold should be set on the devices?

A.0 (emergency)
B.1 (alert)
C.2 (critical)
D.3 (error)
AnswerC

By setting the threshold to 2/critical, the device will send all messages with severity 0 (emergency), 1 (alert), and 2 (critical).

Why this answer

Syslog severity levels are numbered 0 (most severe) through 7 (least severe). When you set a severity threshold on a device, it captures messages at that level and all lower-numbered (more severe) levels. To capture 'critical' (2) and higher (i.e., levels 0, 1, and 2), you must set the threshold to 2.

Option C is correct because level 2 includes itself and all more severe levels (0 and 1).

Exam trap

The trap here is that candidates often think setting a threshold of 2 captures only level 2 messages, but in syslog, the threshold includes all lower-numbered (more severe) levels as well.

How to eliminate wrong answers

Option A is wrong because setting a threshold of 0 (emergency) would only capture messages at level 0, missing critical (2) and alert (1) messages. Option B is wrong because setting a threshold of 1 (alert) would capture levels 0 and 1 but exclude level 2 (critical). Option D is wrong because setting a threshold of 3 (error) would capture levels 0–3, which includes less severe messages (error) than desired, and the question specifically requires only critical and higher.

89
MCQmedium

A network administrator needs to be notified immediately when a critical switch interface goes down. Which SNMP feature should be configured?

A.Polling
B.Traps
C.Informs
D.Set
AnswerB

Traps are event-driven notifications sent by the device to the management station, providing immediate alerting.

Why this answer

B is correct because SNMP traps are unsolicited messages sent from an SNMP agent to the network management system (NMS) to immediately notify the administrator of a critical event, such as a switch interface going down. Unlike polling, which requires the NMS to periodically request status information, traps provide real-time, event-driven alerts without delay, ensuring the administrator is notified as soon as the interface state changes.

Exam trap

Cisco often tests the distinction between traps and informs, where candidates mistakenly choose informs thinking they are more reliable for critical alerts, but the question emphasizes 'immediately notified,' making the unacknowledged, low-latency trap the correct choice.

How to eliminate wrong answers

Option A is wrong because SNMP polling is a request-response mechanism where the NMS periodically queries the agent for status information, which introduces latency and may not provide immediate notification of a critical interface down event. Option C is wrong because SNMP informs are similar to traps but require an acknowledgment from the NMS, adding overhead and potential delay; while they offer reliability, they are not the simplest or most immediate method for urgent notifications, and traps are the standard choice for critical alerts.

90
MCQmedium

A network administrator wants to be notified immediately when any interface on a core router goes down. The administrator has already configured SNMP community strings on the router. What additional configuration is necessary to receive these notifications?

A.Enable SNMP polling from the NMS at regular intervals.
B.Configure an SNMP trap receiver on the NMS and set the router to send traps to that receiver.
C.Set up syslog to forward log messages to a centralized server.
D.Configure an access control list to allow the NMS to poll the router.
AnswerB

Traps are generated by the device when an event occurs. The administrator must specify the trap destination (IP of the NMS) and enable the relevant traps (e.g., linkUp/linkDown). Without this, the router will not send trap messages.

Why this answer

SNMP traps are unsolicited notifications sent from a managed device (the router) to a Network Management System (NMS) when a specific event occurs, such as an interface going down. Since the administrator already configured SNMP community strings (which provide authentication for SNMP messages), the missing piece is configuring the router to send traps to a specific trap receiver (the NMS) and ensuring the NMS is set up to listen for those traps. Without this trap receiver configuration, the router will not generate or forward the event-driven alerts.

Exam trap

Cisco often tests the distinction between SNMP polling (get requests) and SNMP traps (unsolicited notifications), leading candidates to mistakenly think that enabling polling or syslog is sufficient for immediate event-driven alerts.

How to eliminate wrong answers

Option A is wrong because SNMP polling is a request-response mechanism where the NMS periodically queries the router for data; it does not provide immediate notification when an interface goes down, as the event would only be detected at the next polling interval. Option C is wrong because syslog is a separate logging protocol (UDP 514) used for forwarding system log messages, not SNMP traps; while syslog can indicate interface state changes, it requires different configuration and does not use SNMP community strings or trap receivers.

91
MCQeasy

A network administrator needs to generate a report of all MAC addresses learned on each switch port to assist with inventory management. Which command-line utility can be used to view the MAC address table on a switch?

A.show mac address-table
B.show running-config
C.show ip interface
D.show vlan
AnswerA

This command lists all dynamic MAC addresses learned on switch ports, along with VLAN and port information.

Why this answer

The 'show mac address-table' command displays the MAC address table (also known as the Content Addressable Memory or CAM table) on a Cisco switch. This table maps each learned MAC address to the specific switch port and VLAN, which is exactly what the administrator needs for inventory management of devices connected to each port.

Exam trap

Cisco often tests the distinction between configuration commands (like 'show running-config') and operational commands (like 'show mac address-table'), leading candidates to mistakenly choose a configuration display command when the question asks for learned MAC address data.

How to eliminate wrong answers

Option B is wrong because 'show running-config' displays the current active configuration of the switch (including VLANs, interfaces, and protocols), but it does not show the dynamically learned MAC address table entries. Option C is wrong because 'show ip interface' displays IP-related interface information such as IP address, subnet mask, and interface status, but it does not show MAC address-to-port mappings.

92
MCQmedium

A network administrator needs to monitor bandwidth utilization on a router interface in real time. Which of the following protocols is best suited for this purpose?

A.Syslog
B.SNMP polling
C.NetFlow
D.CDP
AnswerB

SNMP polling allows an NMS to query MIB objects like interface utilization counters at regular intervals, making it ideal for real-time bandwidth monitoring.

Why this answer

SNMP polling is the best choice for real-time bandwidth monitoring because it allows the network management system (NMS) to actively query the router's interface MIB (e.g., ifInOctets, ifOutOctets) at short intervals, calculating utilization from the delta between successive polls. This provides near-real-time data without waiting for unsolicited events, making it ideal for live dashboards and threshold alerts.

Exam trap

Cisco often tests SNMP polling vs. NetFlow by framing the question around 'real-time bandwidth utilization,' leading candidates to choose NetFlow because they confuse flow analysis with interface-level utilization, but NetFlow's export delay and flow-based aggregation make it unsuitable for instantaneous per-interface bandwidth monitoring.

How to eliminate wrong answers

Option A (Syslog) is wrong because Syslog is a logging protocol for event messages (e.g., interface up/down, errors) and does not provide periodic bandwidth utilization data; it is asynchronous and not designed for real-time performance monitoring. Option C (NetFlow) is wrong because NetFlow is primarily used for traffic flow analysis (source/destination, protocols, volumes) and not for real-time interface bandwidth utilization; it exports flow records on a per-flow basis with a delay, making it unsuitable for instantaneous utilization monitoring.

93
MCQeasy

A company has a change management policy that requires all network changes to be approved and documented. An administrator needs to replace a faulty switch in the core network. According to best practices, which step should be performed after the replacement is complete?

A.Update the network diagram.
B.Roll back to the previous switch.
C.Notify users of the change.
D.Submit a change request.
AnswerA

Documentation must be updated after any change to maintain accurate records for future troubleshooting and auditing.

Why this answer

Updating the network diagram is the correct step because it ensures that the documentation accurately reflects the new switch's location, model, firmware version, and connections. This aligns with change management best practices, which require that all network changes be documented to maintain an accurate source of truth for troubleshooting, capacity planning, and future changes. Without this update, the diagram becomes stale, leading to potential misconfigurations or delays during incident response.

Exam trap

The trap here is that candidates confuse the operational step of 'notifying users' (which is part of the change communication plan, not the post-implementation step) with the documentation requirement, leading them to select Option C instead of recognizing that updating the network diagram is the critical final step to close the change record.

How to eliminate wrong answers

Option B is wrong because rolling back to the previous switch contradicts the purpose of the replacement—the faulty switch has already been removed and replaced with a working unit; rolling back would reintroduce the fault and violate the change management policy that requires the approved change to be completed. Option C is wrong because notifying users of the change is typically performed before or during the maintenance window (as part of the change plan), not after the replacement is complete; post-replacement, the focus should be on updating documentation and verifying functionality, not user notification.

94
MCQeasy

A network administrator wants to ensure all network devices have synchronized time for accurate log correlation and security event analysis. Which protocol should be implemented?

A.SNMP
B.NTP
C.FTP
D.HTTP
AnswerB

NTP provides accurate time synchronization over a network, typically using a hierarchy of time servers.

Why this answer

NTP (Network Time Protocol) is the correct choice because it is specifically designed to synchronize clocks across network devices using a hierarchical system of time sources, ensuring millisecond-level accuracy. Accurate time synchronization is critical for correlating logs and security events across multiple devices, as timestamps must match to reconstruct attack timelines or diagnose faults.

Exam trap

Cisco often tests the distinction between NTP for time sync and SNMP for management, so candidates may mistakenly choose SNMP because they associate it with network monitoring and overlook that it does not synchronize clocks.

How to eliminate wrong answers

Option A (SNMP) is wrong because it is used for monitoring and managing network devices via MIBs and traps, not for time synchronization. Option C (FTP) is wrong because it is a file transfer protocol used to move files between hosts, not to synchronize system clocks. Option D (HTTP) is wrong because it is an application-layer protocol for transferring hypertext, and while it can carry time information via headers like Date, it lacks the precision and dedicated synchronization mechanisms of NTP.

95
MCQeasy

A network administrator needs to update the firmware on a critical core switch. According to change management best practices, which step should be completed FIRST?

A.Test the firmware update in a lab environment
B.Notify all users of a scheduled outage
C.Create a detailed rollback plan
D.Schedule the update during a maintenance window
AnswerA

Testing first ensures the firmware works correctly and any compatibility issues are discovered without affecting production operations.

Why this answer

Before any change is applied to a production network device, the firmware update must first be validated in a controlled lab environment that mirrors the production configuration. This step ensures that the new firmware does not introduce compatibility issues with existing protocols (e.g., spanning-tree, VLAN configurations, or routing protocols like OSPF) and that the update process itself does not cause unexpected behavior. Skipping lab validation risks an outage that could have been prevented, making it the foundational step in change management.

Exam trap

The trap here is that candidates often jump to scheduling the maintenance window (Option D) as the first step, confusing operational logistics with the critical prerequisite of validation, which Cisco emphasizes as the cornerstone of change management.

How to eliminate wrong answers

Option B is wrong because notifying users of a scheduled outage is a communication step that should occur after the update has been tested and approved, not before any validation. Option C is wrong because creating a detailed rollback plan is important but comes after understanding the update's behavior through testing; a rollback plan is useless if the update hasn't been verified to work correctly. Option D is wrong because scheduling the update during a maintenance window is a logistical step that assumes the update is safe to apply, which cannot be known without first testing it in a lab environment.

96
MCQmedium

A network administrator is configuring a new switch and needs to ensure that log messages are sent to a remote syslog server with a severity level of 'warning' (4) or higher. Which severity level should be set as the trap level on the switch?

A.3 (error)
B.4 (warning)
C.5 (notice)
D.7 (debug)
AnswerB

A trap level of 4 includes all messages with severity 0 through 4, which covers emergency, alert, critical, error, and warning.

Why this answer

Option B is correct because setting the trap level to 4 (warning) on a Cisco switch using the 'logging trap 4' command ensures that syslog messages with a severity of warning (4) and higher (i.e., emergency, alert, critical, error, and warning) are forwarded to the remote syslog server. The severity levels are defined in RFC 5424, where lower numbers indicate higher priority, so level 4 includes all messages from 0 through 4.

Exam trap

Cisco often tests the misconception that setting the trap level to the exact severity number (e.g., 4) means only that severity is sent, when in fact it sends that level and all higher-priority (lower-number) levels.

How to eliminate wrong answers

Option A is wrong because setting the trap level to 3 (error) would only send messages with severity 0 through 3 (emergency through error), which excludes warning (4) messages, failing the requirement to include severity 4. Option C is wrong because setting the trap level to 5 (notice) would send messages with severity 0 through 5, which includes warning (4) but also includes lower-priority notice messages, and more critically, it does not match the exact requirement to set the level to 4; the question asks for the severity level that should be set, not the range that includes it.

97
MCQmedium

A network administrator wants to implement a protocol to automatically assign IP addresses to devices on the network. Which of the following protocols is used for this purpose?

A.DNS
B.DHCP
C.ARP
D.ICMP
AnswerB

DHCP dynamically assigns IP addresses and other configuration parameters to clients.

Why this answer

DHCP (Dynamic Host Configuration Protocol) is the correct answer because it is specifically designed to automatically assign IP addresses and other network configuration parameters (such as subnet mask, default gateway, and DNS servers) to devices on a network. This eliminates the need for manual IP configuration, reducing administrative overhead and preventing address conflicts.

Exam trap

The trap here is that candidates often confuse DNS with DHCP because both are network services that involve IP addresses, but DNS resolves names to addresses while DHCP assigns the addresses themselves.

How to eliminate wrong answers

Option A (DNS) is wrong because DNS (Domain Name System) resolves human-readable domain names to IP addresses, it does not assign IP addresses. Option C (ARP) is wrong because ARP (Address Resolution Protocol) maps a known IP address to a MAC address on a local network, it does not provide automatic IP address assignment. Option D (ICMP) is wrong because ICMP (Internet Control Message Protocol) is used for error reporting and diagnostic functions (e.g., ping, traceroute), not for IP address allocation.

98
MCQeasy

An organization wants to centrally manage and monitor network devices from a single interface. The solution should support auto-discovery, configuration management, and performance monitoring. Which type of system should be deployed?

A.AAA server
B.Network Management System (NMS)
C.SIEM
D.DHCP server
AnswerB

Correct. An NMS like SolarWinds or PRTG provides central monitoring, auto-discovery, configuration management, and performance monitoring for network devices.

Why this answer

A Network Management System (NMS) is the correct choice because it provides a centralized interface for auto-discovery (e.g., via SNMP or CDP/LLDP), configuration management (e.g., using NETCONF or CLI scripting), and performance monitoring (e.g., polling SNMP MIBs or streaming telemetry). This directly matches the requirement for a single-pane-of-glass solution for network device lifecycle management.

Exam trap

CompTIA often tests the distinction between an NMS and a SIEM, where candidates mistakenly choose SIEM because they think 'monitoring' includes security event monitoring, but the question explicitly asks for auto-discovery and configuration management, which are core NMS functions, not SIEM capabilities.

How to eliminate wrong answers

Option A is wrong because an AAA server (e.g., RADIUS or TACACS+) handles authentication, authorization, and accounting for user or device access, not centralized monitoring or configuration management of network devices. Option C is wrong because a SIEM (Security Information and Event Management) system aggregates and correlates security logs and events from multiple sources for threat detection and compliance, not for auto-discovery or performance monitoring of network devices. Option D is wrong because a DHCP server dynamically assigns IP addresses and other network parameters to clients; it does not perform device discovery, configuration management, or performance monitoring.

99
MCQeasy

A network administrator needs to remotely manage multiple routers and switches. The management traffic must be encrypted. Which protocol should be used for the remote terminal sessions?

A.Telnet
B.SSH
C.SNMP
D.HTTP
AnswerB

SSH (Secure Shell) encrypts all management traffic, providing secure remote command-line access.

Why this answer

SSH (Secure Shell) encrypts all traffic, including authentication credentials and session data, making it the correct choice for securely managing routers and switches over a network. Telnet transmits everything in plaintext, while SNMP and HTTP lack the interactive encrypted terminal session required for remote CLI management.

Exam trap

CompTIA often tests the distinction between Telnet and SSH by presenting a scenario that requires encryption, hoping candidates overlook that Telnet offers no security and default to it because of its simplicity or familiarity.

How to eliminate wrong answers

Option A is wrong because Telnet (RFC 854) transmits all data, including passwords, in cleartext, providing no encryption and exposing the session to eavesdropping. Option C is wrong because SNMP (Simple Network Management Protocol) is used for monitoring and collecting device statistics, not for interactive remote terminal sessions; SNMPv3 can encrypt but does not provide a CLI shell. Option D is wrong because HTTP (Hypertext Transfer Protocol) is a web protocol for transferring hypermedia, not for terminal access; HTTPS adds encryption but still does not offer a command-line interface for router/switch management.

100
MCQhard

A network administrator wants to ensure that SNMP traffic between the network monitoring server and managed devices is encrypted and provides authentication of the data origin. Which version of SNMP should be implemented?

A.A: SNMPv1
B.B: SNMPv2c
C.C: SNMPv3
D.D: SNMPv2
AnswerC

SNMPv3 provides both authentication and encryption, meeting the requirements.

Why this answer

SNMPv3 is the correct choice because it provides both encryption (via the AuthPriv security level) and data origin authentication (via the AuthNoPriv or AuthPriv levels). Unlike earlier versions, SNMPv3 includes a security model that ensures confidentiality, integrity, and authentication, meeting the administrator's requirements.

Exam trap

The trap here is that candidates often confuse SNMPv2c's improved efficiency and bulk retrieval (e.g., GetBulk) with security enhancements, but SNMPv2c still lacks encryption and authentication, making SNMPv3 the only viable option for secure SNMP traffic.

How to eliminate wrong answers

Option A is wrong because SNMPv1 uses community strings in plaintext and offers no encryption or authentication of data origin. Option B is wrong because SNMPv2c also relies on plaintext community strings and lacks any security features, despite improving protocol operations. Option D is wrong because SNMPv2 (the original version) was never widely deployed and, like v2c, provides no encryption or authentication; it is essentially a historical footnote.

101
MCQhard

A network administrator needs to automate the backup of router configuration files to a remote server over the internet. The backup must be encrypted and authenticated. Which protocol should the administrator use in the automated script?

A.TFTP
B.FTP
C.SCP
D.HTTP
AnswerC

SCP uses SSH for encryption and authentication, providing secure file transfer, and is commonly supported on network equipment for automated backups.

Why this answer

SCP (Secure Copy Protocol) is the correct choice because it provides both encryption and authentication by operating over SSH (Secure Shell), which encrypts the entire session and verifies the server's identity using public-key cryptography. This makes it suitable for automating secure backups of router configuration files to a remote server over the internet, as it supports scripting with tools like expect or SSH keys without interactive password prompts.

Exam trap

Cisco often tests the distinction between secure and insecure file transfer protocols, and the trap here is that candidates may confuse FTP with SFTP or FTPS, assuming FTP itself provides encryption, or they may choose TFTP because it is commonly used for router backups in lab environments, forgetting that the question specifies 'over the internet' and requires encryption and authentication.

How to eliminate wrong answers

Option A is wrong because TFTP (Trivial File Transfer Protocol) uses UDP port 69 and provides no encryption or authentication, making it insecure for transfers over the internet and typically restricted to local LAN environments for tasks like IOS image updates. Option B is wrong because FTP (File Transfer Protocol) transmits data and credentials in cleartext over TCP ports 20/21, offering no native encryption or authentication mechanisms, and while FTPS or SFTP add security, plain FTP does not meet the encrypted and authenticated requirement.

102
MCQeasy

A network administrator needs to ensure that in the event of a switch failure, the switch can be replaced and brought online with minimal downtime. Which of the following tasks should the administrator perform regularly?

A.Perform a firmware upgrade on all switches
B.Back up the configuration files of all switches
C.Monitor the switch's CPU utilization
D.Create a network performance baseline
AnswerB

Regular configuration backups allow the administrator to quickly restore the settings to a replacement switch.

Why this answer

Regularly backing up the configuration files of all switches ensures that when a failed switch is replaced, the exact configuration can be restored quickly, minimizing downtime. This is a core best practice in network operations because a replacement switch typically ships with factory defaults and requires the original configuration to resume normal operations. Without a recent backup, the administrator would have to reconfigure the switch manually, leading to extended outage and potential human error.

Exam trap

CompTIA often tests the distinction between proactive maintenance tasks (like firmware upgrades or monitoring) and disaster recovery tasks (like configuration backups), leading candidates to choose firmware upgrades because they associate 'minimizing downtime' with keeping software current, when in fact the backup directly enables rapid replacement.

How to eliminate wrong answers

Option A is wrong because performing firmware upgrades on all switches is a proactive maintenance task that can introduce new features or security patches, but it does not directly address the need to restore a failed switch's configuration; a firmware upgrade does not preserve or restore the switch's running configuration. Option C is wrong because monitoring the switch's CPU utilization is a performance monitoring task that helps detect issues like high traffic or control plane overload, but it does not provide any mechanism to restore configuration after a hardware failure. Option D is wrong because creating a network performance baseline establishes normal performance metrics for comparison, which is useful for troubleshooting performance degradation but does not enable rapid restoration of a failed switch's configuration.

103
MCQeasy

A network administrator is creating a standard operating procedure for firmware upgrades. Which step should be performed FIRST according to best practices?

A.Schedule the upgrade during a maintenance window
B.Back up the current configuration
C.Test the firmware in a lab environment
D.Notify users of the planned outage
AnswerC

Testing the firmware in a lab first helps identify issues before affecting the production environment.

Why this answer

According to best practices for firmware upgrades, the first step should always be to test the new firmware in a non-production lab environment that mirrors the production setup. This validates compatibility, identifies potential bugs, and ensures the upgrade process works without risking network downtime or data loss. Only after successful lab testing should you proceed to backup the current configuration and schedule the upgrade during a maintenance window.

Exam trap

Cisco often tests the misconception that backing up the configuration is the first step, but best practices dictate that testing in a lab environment takes precedence to avoid deploying untested firmware that could render the device inoperable.

How to eliminate wrong answers

Option A is wrong because scheduling the upgrade during a maintenance window is an operational step that should occur after the firmware has been validated in a lab; performing it first risks deploying untested firmware that could cause outages. Option B is wrong because backing up the current configuration is a critical safety step, but it should be done after lab testing and before the actual upgrade, not as the very first step—testing first prevents the need to restore from backup due to a failed upgrade.

104
MCQmedium

A network administrator is preparing documentation for a new branch office. The administrator needs a diagram that shows the logical relationships between network devices and how VLANs are trunked over inter-switch links. Which type of document should be created?

A.Network baseline
B.Wiring diagram
C.Physical topology diagram
D.Logical topology diagram
AnswerD

A logical topology diagram displays addressing, VLANs, and routing paths, making it ideal for showing trunk links and VLAN assignments.

Why this answer

A logical topology diagram is the correct choice because it illustrates how devices communicate across the network, including VLAN assignments and trunk links (e.g., 802.1Q tagging) between switches. This diagram abstracts physical locations to show Layer 2 and Layer 3 relationships, such as which VLANs traverse which inter-switch links, making it ideal for documenting VLAN trunking and logical connectivity.

Exam trap

The trap here is that candidates confuse 'physical topology' with 'logical topology,' assuming that a physical diagram can show VLAN trunking, but physical diagrams only depict hardware connections, not the logical VLAN paths or trunking relationships.

How to eliminate wrong answers

Option A is wrong because a network baseline is a performance benchmark (e.g., throughput, latency) used for comparison over time, not a diagram showing VLAN trunking relationships. Option B is wrong because a wiring diagram details physical cable runs, patch panel connections, and pinouts (e.g., T568A/B), not logical VLAN or trunking information. Option C is wrong because a physical topology diagram maps device locations, cable types, and port numbers, but it does not represent logical constructs like VLANs or trunking protocols (e.g., DTP or 802.1Q).

← PreviousPage 2 of 2 · 104 questions total

Ready to test yourself?

Try a timed practice session using only Network Operations questions.