Home > Multiple Choice Questions

Multiple Choice Questions

May 8th, 2018 in TSHOOT v2 Go to comments

Question 1

Question 2

Question 3


All of these can be modified: protocol, IP destination address, repeat count, Datagram size, Timeout, source address/interface, type of service, DF bit, Validate reply data, Data pattern, Loose, Strict, Record, Timestamp, Verbose, Sweep range of sizes.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13730-ext-ping-trace.html

Question 4

Question 5

Question 6

Comments (39) Comments
Comment pages
1 38 39 40 707
  1. Anonymous
    October 11th, 2018

    We need an update since there are new questions.

  2. Yo studytime
    October 11th, 2018

    Regarding the VPN technology, I do agree with NetworkTUT. Answer should be D.

    GRE based VPN is the only option supporting non-IP Protocols.


  3. scared asf
    October 11th, 2018

    can someone please validate answers for october

    Q6: how is it radius? i thought it should be tacacs+

    Q7: i though this would be – MPP is not configured for telnet and not B.

  4. john
    October 11th, 2018

    Guys my exam is tomorrow i need all the support i can get as per latest Qs

  5. RAGHU
    October 11th, 2018

    Regd Debug crypto condition

    correct options should be

    1. ISAKMP profile
    2. front-door VRF (FVRF) instance ( simmilar to this , dont remember fully)

  6. diego
    October 11th, 2018

    Hi Networktut,

    I’m desagree with your answers:

    Q2. It’s needed to check two options
    – isakmp profile name
    – I think that there is an option about VRF name


    Q6. The output is similar than this:

    aaa new-model

    aaa authentication default group tacacs+ enable (this syntax is invalid, login after authentication is missed, please check it on cisco ios)
    aaa authentication login default ONLYLOCAL local (I didn´t saw the list ONLYLOCAL )
    aaa authentication pptp default radius local (this syntax is invalid (pptp don’t exist, only ppp), please check it on cisco ios)

    username xxx password xxx

    line vty 0 4
    password xxxxx

    possible answer are:


    The only sentence that coul be configurable in cisco ios is:

    aaa authentication login default ONLYLOCAL local. As ONLYLOCAL list is not configured, the next is local

    Q7. MPP can support Telnet

    Following are the management protocols that the MPP feature supports. These management protocols are also the only protocols affected when MPP is enabled.

    •Blocks Extensible Exchange Protocol (BEEP)
    •SSH, v1 and v2
    •SNMP, all versions

  7. nexus83
    October 11th, 2018

    Hi Diego, You are right – things are confusing regarding MPP.
    Here it states MPP supports FTP – https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mgmt_plane_prot.html
    and here NO FTP is mentioned among supported protocols – https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/security/configuration/guide/syssec_cg41crs_chapter7.html#con_1013398
    Last link is newer, dated 2011 and first 2008. I tend to belive that FTP is no longer supported by MPP.

  8. Freeman
    October 11th, 2018

    Wrong about ssh sequence
    Question 8:
    Drag and drop1: Sequence of configuring ssh
    Sequence 1: ip domain-name cisco.com
    Sequence 2: crypto-key generate rsa
    Sequence 3: ip ssh version 2
    Sequence 3: line vty 0 4
    Sequence 4: Transport input ssh

    you do not need to configure Sequence 3: ip ssh version 2 in order to have SSH operational. It will work as Version 1 as well.
    But you need to say transport input ssh under VTY lines.

  9. Anonymous
    October 12th, 2018


    for Q6 how is the first line invalid – aaa authentication default group tacacs+ enable???

    shouldn’t the answer for Q6 be tacacs+??

  10. Anonymous
    October 12th, 2018


    sorry i get it now. Q6

    yes i think you are correct :

    should be
    aaa authentication login default group tacacs+ enable

    aaa authentication default group tacacs+ enable

    With just “aaa new model” configured, local authentication is applied to all lines and interfaces (except console line con 0).

  11. Anonymous
    October 12th, 2018


    for Q7: B is correct

    “When you enable the feature, you must designate one or more interfaces as management interfaces and configure the management protocols that will be allowed on those interfaces. The feature does not provide a default management interface. ”

    “C” would have been correct if the answer said something like… management interface is not configured for telnet.

    MPP is management plane protection – just a feature.


  12. Morinho
    October 12th, 2018

    The dumps are valid. I passed this week. Please check the FAQ section 15 for the updated one.
    Thanks a lot.

  13. Diego
    October 12th, 2018

    Hi Anonymous,
    The output of the question is very similar to this:

    The configuration in this example shows MPP configured to allow SSH and SNMP to access the router only through the FastEthernet 0/0 interface. This configuration results in all protocols in the remaining subset of supported management protocols to be dropped on all interfaces unless explicitly permitted. BEEP, FTP, HTTP, HTTPS, Telnet, and TFTP will not be permitted to access the router through any interfaces, including FastEthernet 0/0. Additionally, SNMP and SSH will be dropped on all interfaces except FastEthernet 0/0, where it is explicitly allowed.
    To allow other supported management protocols to access the router, you must explicitly allow these protocols by adding them to the protocol list for the FastEthernet 0/0 interface or enabling additional management interfaces and protocols.
    Router# configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)# control-plane host
    Router(config-cp-host)# management-interface FastEthernet 0/0 allow ssh snmp
    .Aug 2 15:25:32.846: %CP-5-FEATURE: Management-Interface feature enabled on Control plane
    host path

    The following is output from the show management-interface command issued after configuring MPP in the previous example. The show management-interface command is useful for verifying your configuration.
    Router# show management-interface

    Management interface FastEthernet0/0
    Protocol Packets processed
    ssh 0
    snmp 0

  14. Diego
    October 12th, 2018

    I dont remember if there is an answer similar to “the interface is not configure…” if there is something similar to this… you are right. But remember that you enable telnet in a management interface when you configure MPP

  15. Tom
    October 14th, 2018

    is there someone pass this week? I fail 764

  16. To networktut
    October 14th, 2018

    To networktut,
    Do we paying money for Premium account to get questions and answers saying:
    (or something like this), answer may be different, (only guess), (maybe) or Question about.

  17. networktut
    October 14th, 2018

    @To networktut: The questions are not complete so that we don’t have the answers. We will update them soon when we get new information about them. We know it is not good but currently it is the best thing we can offer.

  18. networktut
    October 14th, 2018

    @Diego, @Anonymous: After the closer check, the correct answer for Q.7 should be C!

  19. fake
    October 14th, 2018

    Please update questions with right set of ans.

  20. read_before_answer
    October 14th, 2018

    Question: enable secret and enable password
    ref: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-sy/sec-usr-cfg-15-sy-book/sec-cfg-sec-4cli.html#GUID-1377EA5A-B953-4CAF-B41E-E2F8EB783175
    and read the reference folks!
    1)Cisco no longer recommends that you use the enable password command to configure a password for privileged EXEC mode.
    2)The password that you enter with the enable password command is stored as plain text in the configuration file of the networking device
    You can encrypt the password for the enable password command in the configuration file of the networking device using the service password-encryption command.
    However the encryption level used by the service password-encryption command can be decrypted using tools available on the Internet.
    3)Instead of using the enable password command, Cisco recommends using the enable secret command because it encrypts the password that you configure with strong encryption.
    4)If you have already configured a password for privileged EXEC mode using the enable secret command, that the password configured takes precedences over the password that you configure in this task using the enable password command.
    5)You cannot use the same password for the enable secretcommand and the enable password command.

    A. Enable secret and enable password can not be configured same time -> WRONG, they can be
    B. Enable password is difficult to decipher -> WRONG
    C. Enable secret is difficult to decipher -> CORRECT
    D. Enable password is more preferable than enable secret -> WRONG
    E. Enable secret is more preferable than enable password -> CORRECT

  21. TexOur
    October 14th, 2018

    Q: Which technology support dynamic routing and non-ip protocals?
    Answer: https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class-teleworker-ect-solution/prod_brochure0900aecd80582078.pdf

    You than see which tunneling technology support dynamic routing and non-ip protocol.

    Copy link refrence to cross-confirm your answer.
    To avoid mess do not comment anymore this GRE vs DMVPN question. Answer is here.

  22. ccnpiloveit
    October 14th, 2018

    @diego. Topic aaa authentication
    I qupote you:
    “Q6. The output is similar than this (…)
    aaa authentication login default ONLYLOCAL local. As ONLYLOCAL list is not configured, the next is local”

    Not sure if i understood you correctly but the above sytnax seems to me does not have any sense.
    You can have 2 types of named lsit:
    – default -> apply to all interfaces
    – custom -> apply to your defined interface
    Now, in the example above you seems to create 2 named list:
    good but the correct syntax is

    aaa authentication login default whatever-authe.-method-youwant
    aaa authentication login ONLYLOCAL whatever-authe.-method-youwant
    and than if you do not want to apply the “default” to a specific interface you use the ONLYLOCAL list
    line vty 0 2
    login authentication ONLYLOCAL

    so i am not sure about the official question.

  23. juan
    October 15th, 2018

    Networktut please update this section with correct answers

  24. Anonymous
    October 15th, 2018

    please update if i dont take a exam in four day my ccna will be expried :(

  25. diego
    October 15th, 2018

    Sorry @ccnpiloveit

    there is a mistake when I wrote it. In the exam the syntaxis was:

    aaa authentication login ONLYLOCAL local (I didn´t saw the list ONLYLOCAL ).


  26. Dipz
    October 15th, 2018

    Passed today

    ticket 1, 4 (NAT Access-List), 6, 7, 8, 9, 11, 13, 14
    Simnet (HSRP and BGP)
    McQs 1, 2, 3, 4. 5, 6, 7b, 8 (only 1 choice), 9, 11.

  27. @Dipz
    October 15th, 2018

    where did your demo exam from, i fail last week

  28. Lance18
    October 16th, 2018

    Question 11

    How do you check the crypto public key?

    A. show crypto session
    B. show crypto map
    C. show crypto key rsa
    D. ?

    Ans. C

    Correction: Command should be “show crypto key mypubkey rsa”

  29. flocke
    October 16th, 2018

    McQs from here? The new ones or the old ones? Thanks

  30. Anonymous
    October 16th, 2018

    Question 8

    Which command will encrypt the enable password? (CHOSE TWO)?!?!
    A. enable secret
    B. service password-encryption

    Answer: B

    I’m not a detective but imho something wrong. :D

  31. Dipz
    October 16th, 2018


    All McQS from new 11 questions update from 11/10/2018

    Q8 ans B

    I passed with 945

  32. Anonymous
    October 16th, 2018

    How many questions has HSRP simlet, 4 or 5 ??

  33. Anonymous
    October 16th, 2018

    Question 9

    Question about authentication, TACAS/local, based on piece of configuration

    AAA and what will be the result with this configuration: it either checks the local database first or it only authenticate 2 listed users –

    A. It will check TACAS authentication but skip for the two users created locally
    B. aaa-new model not used and hence policy will not be applied.
    C. aaa- not used hence policy will not be applied
    D. Part of the script is reject
    and 1 more options


    1. aaa-new-model command is not there in the script ; hence the script will not work
    2. Part of the script is reject (as 2 local username and password are there)

    i don’t understand, the first answer isn’t in the questions, why?

  34. Dipz
    October 16th, 2018

    HSRP simlet = 4 questions. Ans for Q4 is DHCP and not OSPF

  35. Passed today
    October 16th, 2018

    All the questions are from the latest MCQ, no new questions. Not sure why I got 67% in VPN Technology and 75% in Infrastructure Security.

    I had the following question, I chose D instead of C.

    How do you check the crypto public key?

    A. show crypto session
    B. show crypto map
    C. show crypto key rsa
    D. show crypto key mypubkey rsa

  36. Anonymous
    October 17th, 2018

    To the people who already took the exam:

    Did you find any Drag and Drop? I’m asking this because in the last update, there are only questions and not DnD at all.

    Please answer!

  37. bIg
    October 17th, 2018

    I did examn
    today and Failed :-( was not my day, new Q all new ones, that are here, also new 4 tickets, no Drag end drop.

  38. NN_
    October 17th, 2018

    Failed today.

    new ticket, new questions. 812/1000 :(

  39. @NN_
    October 17th, 2018

    wats the new ticket questions?

Comment pages
1 38 39 40 707