You are on page 1of 152

Chapter 2 Exam switch V.

7
Question 1
1 / 1 pts
What plane on a network device is accessed using SSH or SNMP?
Correct!

management plane

control plane

forwarding plane

CAM

Question 2
1 / 1 pts
What feature of CEF allows for Layer 3 switches to use multiple paths?
Correct!

load-balancing

hardware based forwarding

route caching

Netflow LAN switching

Question 3
1 / 1 pts
Which statement is true about the CEF forwarding process?

The FIB table contains the Layer 2 rewrite information.

Adjacency table lookups use the closest Layer 3 prefix match.

The adjacency table eliminates the need for the ARP protocol.
Correct!

After an IP prefix match is made, the process determines the associated Layer 2 header
rewrite information from the adjacency table.
Refer to curriculum topic: 4.4.2

Question 4
0 / 1 pts
In terms of design, which layer of the hierarchical model is the most complex?

access Layer
Correct Answer

distribution Layer  Correct Answer

collapsed core Layer
You Answered

core Layer BAD

Refer to Chapter 2.

Question 5
1 / 1 pts
In its network design, a company lists this equipment :

Two Catalyst 4503 Layer 3 switches

One 5500 security appliance firewall

Two Catalyst 6509 switches

Two lightweight access points

Two Catalyst 2960 switches

Which two types of devices from the list would be appropriate to use at the access layer
to provide end-user connectivity? (Choose two.)

Catalyst 4503 switches

Cisco 5500 security appliance firewall

Catalyst 6509 switches
Correct!

lightweight access points
Correct!

Catalyst 2960 switches

Refer to curriculum topic: 1.1.3

Question 6
1 / 1 pts
Which layer 3 switching method used by Catalyst switches offers the greatest
performance?

process switching
Correct!

CEF

fast switching TCAM Refer to Chapter 2 of the Foundation Learning Guide Question 7 1 / 1 pts For what is the control plane on a catalyst switch responsible? the catalyst switch does not have a Control Plane. Which layer of the Cisco Hierarchical Network Model will process the traffic first? Correct! access core . it has a Management Plane control and remote management of the switch Correct! control of the routing protocols and processes running on the switch control of the layer 2 switching process used by the switch Refer to Chapter 2 of the Foundation Learning Guide Question 8 1 / 1 pts A user needs to access a file server that is located in another department.

distribution control Refer to curriculum topic: 1.--> Correct Answer You Answered It provides services and functionality to the core layer by grouping various components into a single component that is located in the access layer. corporate intranet. Question 10 1 / 1 pts Which two features are unavailable on a Layer 2 switch? (Choose two.5 Question 9 0 / 1 pts What is the purpose of the Cisco Enterprise Architecture and the hierarchical desgin? It replaces the three-layer hierarchical model with a flat network approach. and e-commerce routers in the same layer. the management server.1.  BAD It reduces overall network traffic by grouping server farms.) use of ASICs Internet Group Management Protocol (IGMP) snooping QoS marking Correct! . Correct Answer Each element in the hierarchy has a specific set of functions and services that it offers and specific role.

and ACL information. TCAM lookup tables are used only for the rapid processing of ACLs within CEF. . Correct! VLANs are terminated on the access layer devices. The access and distribution layers would not participate in the routing scheme. Correct! A single TCAM lookup provides Layer 2.4. Refer to curriculum topic: 4. Layer 3.2 Question 12 1 / 1 pts Why does extending layer 3 switching to the access layer improve scalability? VLANs are extended into the distribution layer. TCAM lookup tables are used only for the Layer 3 forwarding operation.Time to Live (TTL) decrementing Correct! rewrite of the source and destination MAC addresses Question 11 1 / 1 pts What is true about TCAM lookups that are associated with CEF switching? TCAM includes only Layer 3 lookup information.

Layer 3 switching in the access layer is a cheaper implementation option.) You Answered reduced cost  BAD Correct! Scalability  Correct less equipment required Correct Answer . Which two features of the hierarchical design make it the better choice? (Choose two. Refer to Chapter 2 of the Foundation Learning Guide Question 13 1 / 1 pts Which family of Cisco switches is specifically designed for data centers? Catalyst 6500 Catalyst 2000 Correct! Nexus 7000 Catalyst 4500 Question 14 0 / 1 pts A network designer must provide a rationale to a customer for a design that will move an enterprise from a flat network topology to a hierarchical network topology.

distribution and core layers Correct! run an IGP between the distribution and core layers and use static default routes at the access layer use static rotue from the access to the distribution layer.segmentation of broadcast domains  Correct Answer lower bandwidth requirements Question 15 1 / 1 pts What is the suggested solution for routing when Layer 3 routing is extended to the access layer? run an IGP at the access. use default static routes from the distribtuion to the core layer and use IGP amongst core layer devices run an IGP between distribution and core layers and rely on proxy ARP between the access and distribution layers Question 16 1 / 1 pts What type of specialized memory is used to facilitate high performance switching in Cisco multilayer switches? content-addressable memory (CAM) Correct! ternary content addressable memory (TCAM) address resolution protocol (ARP) memory .

Cisco Express Forwarding (CEF) memory Question 17 1 / 1 pts What are two responsibilities of devices that are located at the core layer of the hierarchical design model? (Choose two.) access list filtering packet manipulation Correct! high-speed backbone switching Correct! interconnection of distribution layer devices redundancy between the core devices only Question 18 1 / 1 pts At what layer of the hierarchical model are MAC-based security controls implemented? Correct! access layer distribution layer collapsed core layer core layer .

Refer to Chapter 2 of the Foundation Learning Guide Question 19 1 / 1 pts At what layer of the hierarchical design model would redistribution and summarization occur? core layer backbone layer access layer Correct! distribution layer Question 20 1 / 1 pts Which portion of the enterprise network provides access to network communication services for the end users and devices that are spread over a single geographic location? enterprise edge Correct! campus module WAN module Internet edge .

data center Refer to curriculum topic: 1. . Interfaces Fa0/13 and Fa0/14 are in an unspecified VLAN.) Eleven VLANs were manually configured on the switch. Which two statements are true about the switch CAT2? (Choose two.1. Interfaces Fa0/13 and Fa0/14 are in VLAN 1.1 Chapter 3 Exam Switch V.7 Question 1 1 / 1 pts Refer to the exhibit. Correct! Six VLANs were either manually configured on the switch or learned via VTP.

2. What is the problem between the connection on Switch1 and Switch2? encapsulation mismatch switchport mode mismatch . Switch1 and Switch2 are unable to establish an operational trunk connection.1 Question 2 1 / 1 pts Refer to the exhibit.VLAN 100 is in dynamic desirable mode. Refer to curriculum topic: 2. Correct! VLAN 100 has no active access ports.

MTU mismatch VTP mismatch DTP mismatch Correct! native VLAN mismatch Refer to curriculum topic: 2.2.1 Question 3 1 / 1 pts Which three effects does the interface command switchport host have when entered on a switch? (Choose three.) Correct! sets the switch port mode to access enables BPDU guard Correct! enables spanning tree PortFast enables root guard Correct! disables channel grouping enables BPDU filtering .

No more than three VLANs should be trunked to core layer switches.2. . which PAgP modes can be configured on the opposite end of the link in order to form an active channel? (Choose two.1 Question 4 1 / 1 pts When configuring an EtherChannel.) off on Correct! desirable Correct! auto Refer to curriculum topic: 2.3. given that one end of the link is configured with PAgP mode desirable.3 Question 5 1 / 1 pts What is a best practice for VLAN design? Correct! Local VLANs should not extend beyond the distribution layer. Place unused access ports in trunk mode and in a specific VLAN.Refer to curriculum topic: 2.

3 Question 6 1 / 1 pts Refer to the exhibit.1. which statement is true? Correct! LACP will form a channel between the switches." LACP will not form a channel between the switches.VLANs should be designed in a hierarchical fashion with access VLANs at the access layer and local server VLANs at the core layer. Because the port-channel numbers do not match. LACP will not form a channel between the switches. Because the channel-group commands on SW2 should be set to "on. Refer to curriculum topic: 2. Given the configuration information of the CAT1 and CAT2 switches. . LACP will form a 200-Mb/s channel between the switches.

3 Question 8 .2. Which option correctly describes the function of a switch that is configured in VTP transparent mode? option 1 option 2 option 3 Correct! option 4 option 5 Refer to curriculum topic: 2.Question 7 1 / 1 pts Refer to the exhibit.

It has the default administrative mode.2 Question 9 1 / 1 pts .1 / 1 pts Refer to the exhibit. Given that no VLANs have been deleted. It is shutdown.2. what can be concluded about interface Fa0/7? It is not configured. Refer to curriculum topic: 2. Correct! It is a trunk port.

Neither switch will initiate channeling negotiation but will form a channel between them. All switches in the VTP domain are new switches.Refer to the exhibit. Neither switch will initiate channeling negotiation and will not be able to form a channel between them. Which statement is true? Both switches will initiate channeling negotiation and will not be able to form a channel.1 Question 10 1 / 1 pts Refer to the exhibit. Refer to curriculum topic: 2. Correct! Both switches will initiate channeling negotiation and will form a channel between them. Both SW1 and SW2 are configured with the PAgP desirable mode.3. Which switch or switches will receive and maintain the list for all VLANs that are configured on the VTP server? SW2 .

Correct! Local VLANs are limited to the access and distribution layer.2.1 Question 12 1 / 1 pts . Layer 3 routing between VLANs can now be applied at the access layer.1. SW3. and SW4 Refer to curriculum topic: 2. High availability is made possible because local VLAN traffic on access switches can now be passed directly to the core switches across an alternate Layer 3 path.) A single VLAN can extend further than its associated distribution-layer switch. Refer to curriculum topic: 2.Correct! SW4 SW3 and SW4 SW2. Correct! Failures at Layer 2 are isolated to a small subset of users.3 Question 11 1 / 1 pts Which two items are benefits of implementing local VLANs within the Enterprise Architecture? (Choose two.

Question 13 1 / 1 pts Which two VTP parameters must be identical on all switches in the network in order to participate in the same VTP domain? (Choose two. Local VLANs should be created based upon the job function of the end user.) Correct! VTP domain name VTP revision number Correct! VTP domain password VTP server mode VTP client mode VTP transparent mode . Correct! Local VLANs do not extend beyond the building distribution layer.In the context of the Enterprise Composite Architecture. which statement is true about best-practice design of local VLANs? Local VLAN is a feature that has only local significance to the switch. Local VLANs should be advertised to all switches in the network.

3 Question 14 1 / 1 pts Refer to the exhibit.Refer to curriculum topic: 2.2.1Q trunking protocol. What statement is true about the switch port? Correct! The port is not in trunking mode. The port will be disabled if the current device is unplugged and a second device is attached. The port connects to a VoIP phone that has a PC attached. . The port can carry data from multiple VLANs if pruning is disabled. The port has manually been placed into trunking mode and is using the 802.

Question 15 1 / 1 pts Refer to the exhibit.2. The switch will operate as a VTP server and will delete the existing VLAN configuration in the domain.3 Question 16 0 / 1 pts . The switch will operate in a VTP transparent mode. Refer to curriculum topic: 2. Correct! The switch will operate as a VTP server but will not impact the existing VLAN configuration in the domain. What would be the result if a new switch with a default configuration is inserted in the existing VTP domain Lab_Network? The switch will operate as a VTP client.

--> Bad Refer to curriculum topic: 2. Correct Answer Switch SW2 will drop all VTP advertisements and will not propagate them through the VTP domain.) Correct! Untagged frames will be placed in the configured native VLAN of a port.2. Switch SW2 will automatically change to VTP server mode. Switch SW2 will delete all existing VLANs and introduce new VLANs in the VTP domain.Refer to the exhibit. . What will happen when switch SW2 is added to the network? Switch SW2 will change the VTP domain name to LAB1.--> Correct Answer You Answered Switch SW2 will include its own VLANs in the total number of VLANs configured in the VTP domain.3 Question 17 1 / 1 pts Which two statements are true about the 802.1Q trunking protocol? (Choose two.

the network administrator issued the show vtp status command as displayed in the exhibit. The SW2 port G0/1 is in access mode by mistake. What could be a possible reason for the problem? Switch SW2 is in the wrong VTP operating mode. Before the trunk link was connected between SW1 and SW2. Switch SW2 was tested in a lab environment and later inserted into the production network. all users lost connectivity to the network. . Immediately after the switches were interconnected. Question 18 1 / 1 pts Refer to the exhibit.It is a proprietary protocol that is supported on Cisco switches only. Correct! The native VLAN interface configurations must match at both ends of the link or frames could be dropped. Private VLAN configurations are not supported.

Correct! Switch SW2 has a higher VTP revision number. Switch SW2 should be configured with no VTP domain password. How should SW2 be configured in order to participate in the same VTP domain and populate the VLAN information across the domain? Switch SW2 should be configured as a VTP client. Correct! . which causes pruning of all VLANs.Switch SW2 has the pruning eligible parameter enabled. which causes deletion of the VLAN information in the VTP domain.2. Switch SW2 should be configured for VTP version 1. Refer to curriculum topic: 2.4 Question 19 1 / 1 pts Refer to the exhibit.

Chapter 4 Exam Question 1 1 / 1 pts . An access port should have the 802. The VLAN that the access port is assigned to will be automatically deleted if it does not exist in the VLAN database of the switch. Refer to curriculum topic: 2. Correct! An access port is created with the switchport mode access command and then associated with a VLAN with the switchport access vlan command.2. Correct! An access port is associated with a single VLAN.) Correct! A switch port can become an access port through static or dynamic configuration. An access port created with the switchport mode access command will send DTP frames by default.3 Question 20 1 / 1 pts What are three characteristics of a VLAN access port? (Choose three.1q encapsulation associated with it.Switch SW2 should be configured as a VTP server with a higher revision number.

Refer to the exhibit.2.1s PVRST+ Refer to curriculum topic: 3.2 Question 2 1 / 1 pts Which STP timer defines the length of time spent in the listening and learning states? hello time .w IEEE 802.1D IEEE 802. What implementation of spanning tree best describes the spanningtree operational mode of the switch? Correct! IEEE 802.

1. Verify that the management VLAN is properly configured on all root bridges. .forward aging Correct! forward delay max age max delay Refer to curriculum topic: 3.) Confirm MAC port security is enabled on all access switches. Which two actions will determine the existence of the bridging loop? (Choose two. Correct! Check the port utilization on devices and look for abnormal values. Ensure that the root guard and loop guard are properly configured on all distribution links.1 Question 3 1 / 1 pts Users complain that they lost connectivity to all resources in the network. A network administrator suspects the presence of a bridging loop as a root cause of the problem. Correct! Capture the traffic on the saturated link and verify if duplicate packets are seen.

Root guard should be configured on all ports on the desired root bridge to prevent another bridge from becoming the root. Correct! .2 Question 5 1 / 1 pts What effect does the global configuration command spanning-tree portfast bpdufilter default have when enabled on an access switch? All PortFast enabled ports become designated ports. If a root guard enabled port receives a inferior BPDU from a nonroot switch. All switch ports start filtering the superior BPDUs coming from other switches and the access switch becomes a root bridge.4. All PortFast enabled ports start participating in the spanning-tree calculations.Refer to curriculum topic: 3. Root guard requires that PortFast be enabled on a switch port. the port transitions to the blocking state to prevent a root bridge election.) Correct! Root guard is enabled on a per-port basis.2 Question 4 1 / 1 pts Which two statements are true about STP root guard? (Choose two.3. Refer to curriculum topic: 3. Correct! Root guard re-enables a switch port once it stops receiving superior BPDUs.

Refer to curriculum topic: 3.All PortFast enabled ports stop sending BPDUs. However. thereby disabling the BPDU filtering.6 Question 7 1 / 1 pts . Switch SW1 is receiving traffic from SW2.3 Question 6 1 / 1 pts Refer to the exhibit.3. but if a BPDU is received on the port. SW2 is not receiving traffic from SW1. Which STP feature should be implemented to prevent inadvertent loops in the network? Correct! UDLD PortFast BPDU guard BPDU filtering Refer to curriculum topic: 3.3. the port gets out of the PortFast state.

2.Refer to the exhibit. After the sequence of commands is entered.2 If you add up the VLANs on instance 0. how many VLANs will be assigned to the default instance? 4094 4064 4062 Correct! 4061 Refer to curriculum topic: 3. Question 8 1 / 1 pts . there are 4061.

what effect does the command spanning-tree mst 10 root primary have when entered on a single switch? . The command spanning-tree etherchannel guard misconfig was issued in interface configuration mode. What was done on the switch? The command no spanning-tree uplinkfast was issued in global configuration mode.3.2 Question 9 1 / 1 pts Assuming that all switches in a network have the default bridge priority for each MST instance. The command spanning-tree portfast bpduguard default was issued in interface configuration mode. The command no spanning-tree backbonefast was issued in global configuration mode. Correct! The command spanning-tree portfast bpduguard default was issued in global configuration mode. The configuration on the switch was changed between Output #1 and Output #2. Refer to curriculum topic: 3. The command spanning-tree etherchannel guard misconfig was issued in global configuration mode.Refer to the exhibit.

The port will be disabled and the administrator must re-enable it manually. so the concerns of the reviewer are met.1 Question 11 1 / 1 pts Which protocol extends the IEEE 802.sets the bridge priority on the switch to 24586 for MST instance 10 Correct! sets the bridge priority on the switch to 24576 for MST instance 10 sets the bridge priority on the switch to 28672 for MST instance 10 sets the bridge priority on the switch to 24582 for MST instance 10 Refer to curriculum topic: 3. Question 10 1 / 1 pts What will happen when a BPDU is received on a loop guard port that is in a loopinconsistent state? The port will transition to blocking state.3. Correct! The port will transition to the appropriate state as determined by the normal function of the spanning tree.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees? .2.4 4096 x 6 = 24576. Refer to curriculum topic: 3. The port will transition to forwarding state automatically.

1.4 Question 12 1 / 1 pts What three fields are included in a BPDU? (Choose three.1.STP RSTP+ CST Correct! MST Refer to curriculum topic: 3.1 .) Correct! bridge ID STP ID Correct! port ID link-state ID Correct! cost of path Refer to curriculum topic: 3.

The forward delay timer has been changed from the default value.1D behavior is shown.2 Question 14 1 / 1 pts .1w is enabled on VLAN 1. What conclusion does the output support? PortFast is enabled on interface Fa0/6. Refer to curriculum topic: 3.Question 13 1 / 1 pts Refer to the exhibit. Correct! Standard IEEE 802. IEEE 802.2.

2.2 Change option 1 to address comments. Interfaces Fa0/1 through Fa0/6 are trunk ports. Refer to curriculum topic: 3.1s on instance 1. Correct! DLS1 is the root bridge for instance 1. Question 15 1 / 1 pts What happens when a switch running IEEE 802.1D on instance 1.1D receives a topology change message from the root bridge? Correct! . What two conclusions does the output show to be true? (Choose two.) Correct! DLS1 is running IEEE 802. Interface Fa0/12 will move into the errdisable state if a BPDU is received. DLS1 is running IEEE 802.Refer to the exhibit.

Refer to curriculum topic: 3. The switch uses the hello to age out entries in the MAC address table. The switch uses the max-age timer to age out entries in the MAC address table.1 Question 16 1 / 1 pts Which statement is true about the Spanning Tree Protocol (STP)? Each switch determines a designated port that provides the best path to the root switch. the STP algorithm is run on all switches that have a root port. Correct! The designated port will be on the switch with the best path to the root switch. A topology change will cause the switch where the change occurred to send messages about the change throughout the tree. With each network change. The switch uses the forward delay and the max-age timer to age out entries in the MAC address table.1.1 Question 17 1 / 1 pts Which interfaces should loop guard be enabled on? root ports .1. Refer to curriculum topic: 3.The switch uses the forward delay timer to age out entries in the MAC address table.

designated ports Correct! root port and alternate ports ports configured with PortFast root port and ports configured with PortFast Refer to curriculum topic: 3.3.2 Question 18 1 / 1 pts Which three parameters should match all switches within an MST region? (Choose three.) port costs on trunk ports Correct! configuration name Correct! revision number trunk encapsulation method bridge priority Correct! .

) UplinkFast must be configured on all designated switches.1. Correct! Switches must be connected by a point-to-point link.1Q (CST) Correct! IEEE 802.4 Question 19 1 / 1 pts Which protocol should an administrator recommend to manage bridged links when the customer requires a fully redundant network that can utilize load balancing technologies and reconverge on link failures in less than a second? IEEE 802.3 Question 20 1 / 1 pts Which two statements are true about the RSTP negotiations between switches? (Choose two.VLAN-to-instance mappings Refer to curriculum topic: 3.2. BackboneFast must be configured on all root switches.1s (MST) Cisco PVST+ IEEE 802. .1D(STP) Refer to curriculum topic: 3.

10.1.10. Based on the debug ip dhcp server packet output. The client sends a DHCPREQUEST that contains IP address 10.1. which statement is true? The client sends a DHCPDISCOVER that contains IP address 10.21 to the DHCP server.10. Question 2 .21 IP address. Correct! It greatly improves the restoration times for any VLAN that requires a topology convergence due to link up. Refer to curriculum topic: 3.1.21 to the DHCP server.All ports that are directly connected to end stations must be enabled as designated ports.3 Chapter 5 Exam Question 1 1 / 1 pts Refer to the exhibit. Correct! The client accepts the offer from the DHCP server for the 10.1. The client sends the BOOTREPLY broadcast message to inquire for a new IP address.

1. Host A is unable to obtain an IP address from the DHCP server.2.2.1. Question 3 1 / 1 pts . Use the command ip helper-address 10. Which procedure would solve this problem? Use the command ip helper-address 10.10 on interface Fa0/1 of router RTA. Use the command ip forward-protocol 67 on interface Fa0/0 of router RTA. Use the command ip forward-protocol 68 on interface Fa0/1 of router RTA. Use the command ip forward-protocol 67 on interface Fa0/1 of router RTA. Correct! Use the command ip helper-address 10.1.10 on interface Fa0/0 of router RTA.1 / 1 pts Refer to the exhibit.2.1 on interface Fa0/0 of router RTA.

RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces. All users can ping their gateways. A trunk should be configured between routers RTA and RTB. RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces. What should be done to solve the problem? Correct! A dynamic routing protocol or static routes should be configured on the routers.1Q encapsulation. each with ISL encapsulation.Refer to the exhibit and the partial configuration taken on routers RTA and RTB. but users on VLAN 5 and VLAN 10 cannot communicate with the users on VLAN 20. each with 802. Question 4 1 / 1 pts .

Refer to the exhibit.2. What additional configuration is required for host A to receive IP configuration from the DHCP server? The ip address dhcp command is required on interface Fa0/0.10.1. The ip forward-protocol 69 global configuration command is required to forward TFTP requests to IP address 10. Correct! The ip helper-address 10.10.10 command is required on interface Fa0/0.10.1.2. The ip dhcp information option command is required on interface Fa0/1.2.1. The ip forward-protocol 37 global configuration command is required to forward DNS requests to IP address 10.1. Question 5 1 / 1 pts .2. The ip forward-protocol 67 global configuration command is required to forward DHCP requests to IP address 10.

Question 6 1 / 1 pts What is an advantage to using a trunk link to connect a switch to an external router that is providing inter-VLAN routing? Correct! works with any switch that supports VLANs and trunking .Refer to the exhibit and the partial configuration taken on router RTA.10. The Fa0/0 interface should be configured with a primary IP address of 10.10.1/24. each pointing to each subnet.1/24 and a secondary IP address of 10. Correct! The subinterfaces of the router should be configured with 802.5. Two static routes should be configured on the router. What should be done to fix the problem? A dynamic routing protocol should be configured on the router.10.1Q encapsulation. Users on VLAN 5 cannot communicate with the users on VLAN 10.

timeout is 2 seconds: !!!!! Correct Answer Sending 5. 100-byte ICMP Echos to 172. 100-byte ICMP Echos to 172.16.20.16. timeout is 2 seconds: Correct Answer .16.1...1..20.1 from RouterA. A network administrator attempts to ping the IP address 172.20.. What will the router output be? You Answered Sending 5.lowers latency provides redundancy to the VLANs reduces CPU overhead Question 7 0 / 1 pts Refer to the exhibit. .

20. 100-byte ICMP Echos to 172. or protocol not running %Source quench: destination or port unreachable %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13.20. timeout is 2 seconds: !!!!! .16.Sending 5. What will the router output be? Sending 5. A network administrator attempts to ping the IP address 172. timeout is 2 seconds: U.16. 100-byte ICMP Echos to 172.1.U.1 from RouterA.U %Unrecognized host or address.16. changed state to down Question 8 0 / 1 pts Refer to the exhibit.20.1.

1.U. 100-byte ICMP Echos to 172... TTL exceeded You Answered %Unrecognized host or address.Correct Answer Sending 5. or protocol not running %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13.16. Sending 5. . timeout is 2 seconds: U.U %network or host unreachable. Correct! A routed port is not associated with a particular VLAN.1.16. 100-byte ICMP Echos to 172.. changed state to down Question 9 1 / 1 pts Which two statements are true about routed ports on a multilayer switch? (Choose two. A routed port is a physical switch port with Layer 2 capability.20.. timeout is 2 seconds: Correct Answer .20. Correct! To create a routed port requires removal of Layer 2 port functionality with the no switchport interface configuration command.) A routed port behaves like a regular router interface and supports VLAN subinterfaces.

11.0/8. Correct! It should contain routes to the 10. The router has been properly configured for the trunking interface.10. the routing table of the router will not show routes to either VLAN . .The interface vlan global configuration command is used to create a routed port.10. It will show one trunking route to 10.10.0.0/24 and the 10. Which statement is true about the routing table on the router? It will show a next hop address of the switch for both VLANs. Because the switch is not configured properly to trunk VLAN 1 and VLAN 2. Question 10 1 / 1 pts Refer to the exhibit.0/24 networks.0.

Correct! The default gateway for hosts on VLAN 10 should be the Fa0/0. . Which statement is true regarding the diagram and show ip route command output? Because no routing protocol has been configured. the routing table of the router will not show any routes. the router will not forward packets between workstations. Question 11 1 / 1 pts Refer to the exhibit.Because the switch port fa0/1 is in access mode. The default gateway for hosts on VLAN 10 should be the Fa0/0 IP address of the router.1 IP address of the router.

Correct! The router replaces the broadcast destination IP address of the DHCP request with the unicast IP address that is specified with the ip helper-address command. Which DHCP message to the client will provide the configuration parameters that include an IP address.2 IP address of the router. hosts on VLAN 10 do not need a default gateway. and a lease for the IP address? DHCPDISCOVER Correct! DHCPOFFER DHCPREQUEST DHCPACK Question 13 1 / 1 pts Which statement describes what occurs when a DHCP request is forwarded through a router that has been configured with the ip helper-address command? The router replaces the source MAC address included in the DHCP request with its own MAC address.The default gateway for hosts on VLAN 10 should be the Fa0/0. Because their packets are being trunked.2 Question 12 1 / 1 pts A client sends a request for an IP address to a DHCP server.1. a domain name. Refer to curriculum topic: 4. . The router replaces the source IP address of the DHCP request with the IP address that is specified with the ip helper-address command.

) A routed switch port is a physical device that is associated with several VLANs. Correct! A routed switch port is created by configuring a Layer 2 port with the no switchportinterface configuration command and assigning an IP address. Correct! A routed switch port provides an interface that may provide a Layer 3 connection to a next-hop router. A routed switch port is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch. Question 15 0 / 1 pts . Question 14 1 / 1 pts Which three statements about a routed port are true? (Choose three. Correct! A routed switch port can serve as a default gateway for devices. A routed switch port is created by entering VLAN interface configuration mode and assigning an IP address.The router replaces the unicast destination IP address of the DHCP request with the unicast IP address that is specified with the ip helper-address command.

1 applied to the Fa0/0 interface Correct Answer ip helper-address 10.3 applied to the Fa0/1 interface ip helper-address 192.10.3 applied to the Fa0/0 interface ip helper-address 192.168.1.1.1. Which configuration should be applied on router R1 in order for host 1 to receive its IP configuration from the DHCP server? ip helper-address 10.Refer to the exhibit.1.2 applied to the Fa0/0 interface You Answered ip helper-address 10.1 applied to the Fa0/1 interface Question 16 1 / 1 pts A DHCPREQUEST message has been sent from the client to the DHCP server.1 applied to the Fa0/1 interface- Correct Answer ip helper-address 10.1.1. What information is included in the message? initial message to locate a DHCP server Correct! formal request for the offered IP address confirmation that the IP address has been allocated to the client denial message to reject the first offer from the DHCP server UnansweredQuestion 17 0 / 1 pts .1.10.168.1.

Which message will be sent back to the client by the DHCP server to confirm that the IP address has been allocated to the client? DHCPDISCOVER unicast DHCPDISCOVER broadcast DHCPOFFER unicast DHCPOFFER broadcast DHCPREQUEST unicast DHCPREQUEST broadcast Correct Answer DHCPACK unicast  Correct Answer Question 18 1 / 1 pts Which two statements are true about switched virtual interfaces (SVI) on a multilayer switch? (Choose two. . Correct! By default. An SVI is a physical switch port with Layer 3 capability.) An SVI behaves like a regular router interface but does not support VLAN subinterfaces. an SVI is created for the default VLAN (VLAN1).

To create an SVI requires removal of Layer 2 port functionality with the no switchportinterface configuration command. During the DHCP client configuration process.Correct! Only one SVI can be associated with a VLAN. Question 19 1 / 1 pts A client computer is set up for DHCP and needs an IP configuration. which response will enable the client to begin using the assigned address immediately? Correct! DHCPACK DHCPREQUEST DHCPOFFER DHCPDISCOVER UnansweredQuestion 20 0 / 1 pts How is the Layer 2 functionality restored to a port configured for Layer 3 operation? switchport access vlan switchport mode access no switchport Correct Answer .

) VRRP does not support preemption. Question 2 1 / 1 pts Which two statements about VRRP are true? (Choose two. The active virtual gateway (AVG) is the backup for the AVF. VRRP cannot track interfaces or objects.Switchport Correct Answer Chapter 6 Exam Question 1 1 / 1 pts What are two characteristics of Gateway Load Balancing Protocol (GLBP) operation? (Choose two. GLBP members communicate with each other through hello messages sent every 3 seconds to the multicast address 224.104. Correct! The active virtual forwarder (AVF) is assigned a virtual MAC address and forwards packets sent to that MAC address.) GLBP will attempt to balance traffic on a per-router basis by the use of the round-robin algorithm. Correct! .0.0. Correct! GLBP will attempt to balance traffic on a per-host basis by the use of the round-robin algorithm.

A VRRP group has one master router and one or more backup routers. The virtual IP address for the VRRP group must be different from active and standby IP addresses. Correct! VRRP provides redundancy for the IP address of a router or for a virtual IP address shared among the VRRP group members.) Correct! to monitor the operational status of the HSRP group to physically forward packets that are sent to the MAC address of the virtual router to reply with the virtual router MAC address in the event an ARP request is received Correct! to quickly assume packet-forwarding responsibility if the active router becomes inoperable to contend for the active router role with all other routers in the group in the event the active fails Question 4 1 / 1 pts Which of the following GLBP load-balancing options is configured if the host is guaranteed the use of the same virtual MAC address? Correct! . Question 3 1 / 1 pts What are two functions of the standby router in an HSRP group? (Choose two.

Switch DSw1 is the active virtual gateway (AVG) and DSw2 is an active virtual forwarder (AVF).host-dependent round-robin weighted load-balancing none Question 5 1 / 1 pts Refer to the exhibit. None of the switches have had their priority configured. Based on this information. . which two GLBP statements are true? (Choose two.) GLBP is a Cisco proprietary protocol and is supported on all Cisco Catalyst and Cisco router platforms.

. Question 6 1 / 1 pts Refer to the exhibit.1 on interface Serial0/0/0.Switch DSw1 assigns the virtual IP addresses to switch DSw2.10 to the IP address 192.31.21. When host A sends an ARP message for the gateway IP address. switch DSw1 returns the physical MAC address of switch DSw2. Correct! Two more multilayer switches could join this group.168.168. Correct! Switch DSw2 has been configured with the glbp 1 priority 95 command. What action does the command standby 1 track Serial0/0/0 on router R1 perform? It links the default gateway virtual address 192.

168. It tracks the state of the Fa0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down.21.168.2 on interface Serial0/0/0.42.It links the default gateway virtual address 192. Question 7 1 / 1 pts Which one of the following GLBP functions answers ARP requests? AVF Correct! AVG Active MVP Question 8 1 / 1 pts .10 to the IP address 192. Correct! It tracks the state of the Serial0/0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down.

The uplink between the access switches and the distribution switches should be trunk links. Question 9 1 / 1 pts Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two.) A router in the speak state sends periodic hello messages to all routers in the group to acquire a virtual IP address.Refer to the exhibit. Correct! . A Layer 2 access port should be placed between the access switches. Which statement is true about best practice and the exhibited network design? Correct! The Layer 2 VLAN number should be mapped to the Layer 3 subnet for ease of use and management. The HSRP active router for VLAN 55 and VLAN 60 should be the same switch.

A router in the standby state forwards packets that are sent to the group virtual MAC address. Question 10 1 / 1 pts Two routers are configured for an HSRP group. The router that is not the standby or active router will remain in the speak state.A router in the speak state sends periodic hello messages and actively participates in the election of the active or standby router. One router uses the default HSRP priority. What priority should be assigned to the other router to make it more likely to be the active router? 1 100 Correct! 200 500 Question 11 1 / 1 pts . Correct! The router in the standby state is a candidate to become the next active router.

Question 12 1 / 1 pts . This router is in the HSRP down state because its tracked interfaces are down. Correct! The router is currently forwarding packets. This router is tracking two properly operating interfaces.Refer to the exhibit. What statement is true about the output of the show standby command? The current priority of this router is 120.

Refer to the exhibit. Router RTA has been configured as the active HSRP router. Router
RTB is to be the standby HSRP router. However, once the indicated configuration was
applied to router RTB, the console began to display the message %HSRP-4-DIFFVIP1.
What is the cause of the message?

The command standby preempt should only be applied on the active router.

The subnet mask is missing from the standby 50 ip 10.1.1.10 command.

The group number is not the same as the active router.
Correct!

The virtual IP address is not the same as the active router.

The ports on the switch must be configured with the spanning-tree PortFast feature.

Question 13
1 / 1 pts
Which statement is true about the gateway redundancy protocols ?

GLBP allows multiple routers to participate in a virtual router group that is configured
with a virtual IP address. One member is elected to be the active router for the group and
the other routers are passive until the active router fails.
Correct!

By making use of a single virtual IP address and multiple virtual MAC addresses, GLBP
provides load balancing over multiple routers (gateways) . All routers in the virtual router
group participate in forwarding packets.

By making use of a single virtual IP address and multiple virtual MAC addresses, HSRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
group participate in forwarding packets.

By making use of a single virtual IP address and multiple virtual MAC addresses, VRRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
group participate in forwarding packets.

Question 14
1 / 1 pts
Which statement is true about Virtual Router Redundancy Protocol (VRRP)?

The priority value of 255 means the router is ineligible to become the master router for
the VRRP group.

The priority value of 255 means the router has stopped participating in the VRRP group.
Correct!

The priority value of 0 means the router has stopped participating in the VRRP group.

The priority value of 0 means the router is ineligible to become the master router for the
VRRP group.

Question 15
1 / 1 pts

Refer to the exhibit. Based on the provided configuration, which routers are the master
and the backup virtual routers for the hosts that are connected to the VRRP group 1?

Router R1 is the master for all hosts, and router R2 is the backup for all hosts in the
group.
Correct!

Router R1 is the master for Host1 and Host2. Router R2 is the master for Host3 and
Host4.

Router R1 is the master for Host3 and Host4. Router R2 is the backup for Host3 and
Host4.

Because of incorrect configuration of the default gateway on the hosts, none of the
routers is the master for the VRRP group.

Quiz Score:

15 out of 15

Chapter 7 Exam
Question 1
1 / 1 pts
Match the term with the correct definition.
Correct!
Authentication

Prevents unauthorized clients from connecting to a LAN through sw itch ports

Correct!
Authorization

Allow s for the control of the level of access that users have

Correct!
Accounting

Allow s for the collection of information concerning user activity

Other Incorrect Match Options:

Process of a identifying a user before the user is allowed to access a protected
resource

Question 2
1 / 1 pts
What is the command to configure a device to be an authoritative NTP server?

ntp server 172.16.1.1
Correct!

ntp master

ntp peer 172.16.1.1

12 key secret SW-1(config)# aaa authentication login default group radius enable local SW-1(config)# aaa new-model SW-1(config)# radius server host 10.10.10. Which configuration would create a default login authentication list that uses RADIUS as the first authentication method.16. Network policy dictates that security functions should be administered using AAA.ntp synchronize 172.10.12 key secret SW-1(config)# aaa authentication default group-radius enable local Correct! SW-1(config)# aaa new-model SW-1(config)# radius-server host 10.10.10.10. and the local database as the final method? SW-1(config)# aaa new-model SW-1(config)# radius-server host 10.10.10.12 key secret SW-1(config)# aaa authentication default group-radius local SW-1(config)# aaa new-model SW-1(config)# radius-server host 10.1.12 key secret SW-1(config)# aaa authentication login default group radius enable local none . the enable password as the second method.1 Question 3 1 / 1 pts Refer to the exhibit.

12 key secret SW-1(config)# aaa authentication login default group-radius enable local none Question 4 1 / 1 pts Which SNMP message is sent from the manager? get response inform request Correct! set request trap Question 5 1 / 1 pts Which SNMP version provides authentication and encryption for transmission of critical data between managed devices? SNMPV2 SNMPv3noAuthnoPriv Correct! SNMPv3authPriv SNMPv3 authNoPriv .10.10.SW-1(config)# aaa new-model SW-1(config)# radius server host 10.

) Provides a secure means for NTP transmissions. Correct! Increased flexibility and control of access configuration Correct! Multiple backup systems Question 7 1 / 1 pts Which three are characteristics of the SNTP protocol? (Choose three. Correct! .) Offers automatic failover solutions for gateway redundancy Correct! Standardized authentication methods Faster convergence Username and passwords are stored in a local database for scalability. Correct! SNTP and NTP cannot coexist on the same device because they use the same port number.Question 6 1 / 1 pts What are three advantages of implementing the AAA framework model in a network? (Choose three.

SNTP provides complex filtering.1x port-based authentication and causes the port to allow normal traffic without authenticating the client enables 802.1x authentication on the port globally disables 802. what is the end result? forces all hosts that are attached to a port to authenticate before being allowed access to the network Correct! disables 802. SNTP can be used to provide time services to other systems.SNTP is a simplified.1x authentication Question 9 . Question 8 1 / 1 pts Refer to the exhibit. Correct! SNTP cannot be used to provide times services to other services. client-only version of the NTP. Given the configuration on the ALSwitch.

Question 10 1 / 1 pts What SNMP attribute provides the best security? authNoPriv Correct! authPriv community string noAuthNoPriv SNMPv2 . the authentication server queries the host for 802. When a host comes up that is attached to a switch port. If the host does not receive a response to a start frame. Correct! Authentication can be initiated by either the switch or the host. Authentication can only be initiated by the switch.1x port-based authentication? Authentication can only be initiated by the host.1 / 1 pts Which statement is true about 802.1x authentication information. it goes into the shutdown mode.

) Correct! ntp authenticate Correct! ntp authentication-key 1 md5 Correct! ntp trusted-key 1 ntp authentication ntp trusted-key authentication 1 ntp md5 authentication-key 1 Question 12 1 / 1 pts Refer to the exhibit.Question 11 1 / 1 pts Which three commands are necessary to configure NTP authentication between devices? (Choose three. Correct! .) The authentication login admin line console command is required. A switch is being configured to support AAA authentication on the console connection. which three statements are correct? (Choose three. Given the information in the exhibit.

the local username database as the second method. the local username database as the third method. Stratum numbers are directly related to the routing metric.The login authentication admin line console command is required. Correct! Stratum number represents the distance from a reference clock. The none keyword specifies that a user cannot log in if all other methods have failed. Question 13 1 / 1 pts Which two statements are true about NTP? (Choose two. Correct! The none keyword enables any user logging in to successfully authenticate if all other methods return an error. Correct! The configuration creates an authentication list that uses a TACACS+ server as the first authentication method. Higher stratum number always indicates greater quality and reliability. . and none as the last method. and none as the last method. a TACACS+ server as the second method. the enable password as the fourth method.) Correct! Stratum 1 devices have directly attached radio or atomic clock. Network devices will always synchronize with NTP server with the highest stratum number. the enable password as the third method. The configuration creates an authentication list that uses a named access list called group as the first authentication method.

Question 14
1 / 1 pts
In a AAA architecture, what is the name of the role given to the client running 802.1x
software?

AAA peer

authenticator

authentication server
Correct!

supplicant

Question 15
1 / 1 pts

Refer to the exhibit. Which feature does a SNMP manager need in order to set a
parameter on switch ACSW1?

a manager using an SNMP string of K44p0ut

a manager using host 172.16.128.50
Correct!

a manager using SNMPv1, 2, or 2c

a manager using authPriv

Quiz Score:

15 out of 15

Chapter 8 Exam
Question 1
1 / 1 pts
Which statement is true about UDLD?

It is automatically enabled.

It allows devices to transmit traffic one way.

It will disable an EtherChannel bundle if one link has failed.
Correct!

It allows a switch to detect a unidirectional link and shut down the affected interface.

Question 2
1 / 1 pts

Refer to the exhibit. Which statement is true about the VSPAN configuration on switch
SW1?

The VSPAN session that is configured on port Fa3/4 can monitor only the ingress traffic for
any of the VLANs.

The VSPAN session that is configured on port Fa3/4 can monitor only the egress traffic for
any of the VLANs.

Port Fa3/4 must be associated with VLAN 10 or VLAN 20 in order to monitor the traffic for
any of the VLANs.
Correct!

The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress
traffic for VLAN 20 out interface Fa3/4.

Question 3
1 / 1 pts

Refer to the exhibit. Which statement is true about the local SPAN configuration on switch
SW1?
Correct!

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1.

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1, but only if port Fa3/1 is configured in VLAN 10.

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1, but only if port Fa3/1 is configured as trunk.

The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that
is monitored on port Fa3/1. All multicast and BPDU frames will be excluded from the
monitoring process.

) full Correct! . A network technician is trying to resolve an execution problem with an IP SLA.6. IP SLAs are not supported on switch platforms. Question 5 1 / 1 pts What are the two modes of UDLD operation? (Choose two.Refer to curriculum topic: 6. Correct! The IP SLA test has not been scheduled to run. What is the problem? The IP SLA must be set up in conjunction with an ICMP echo reply.1 Question 4 1 / 1 pts Refer to the exhibit. ICMP-ECHO tests must have frequency schedules of less than 10 seconds.

normal bidirectional Correct! aggressive active Question 6 1 / 1 pts What is the command to view the SDM template settings? show sdm current show sdm template show platform tcam utilization Correct! show sdm prefer Question 7 1 / 1 pts What is a requirement for configuring an IP SLA to measure network performance? The frequency of the SLA test must be configured. Correct! .

LLDP operates in one of two modes: aggressive or normal.The required SLA operation type must be configured. Correct! To view LLDP neighbors. The communication protocol that is used for SLA communications must be configured. Correct! LLDP supports enabling or disabling either transmitting or receiving capabilities per port LLDP helps to detect unidirectional link activity.) LLDP helps to detect spanning-tree failures. LLDP is a Cisco Proprietary protocol. At least one IP SLA responder and one IP SLA monitor must be configured. . Correct! LLDP allows network management applications to automatically discover and learn about network devices. Question 8 1 / 1 pts What are three characteristics of LLDP? (Choose three. the show lldp neighbors command is used.

Correct! Modifying the SDM template requires a reload on the switch before the settings take effect. The current template can be viewed using the show platform tcam utilization command.3af and 802.3at. just in case a device that needs PoE will be connected. IEEE 802. Cisco Inline Power has the same method of negotiating power as both of the IEEE standards. the switch tries to detect the powered device by supplying a small voltage across the Ethernet cable.Question 9 1 / 1 pts Which statement is true about the PoE negotiation process? The PoE switch keeps the power on a disabled port up. Correct! They are used to allocate system resources. Question 10 1 / 1 pts Which two statements are true about SDM templates? (Choose two.3af power classes are numbered 1-5. Correct! With 802.) The show SDM version command is used to display the current SDM template. The default SDM template support IPV6 routing. .

What can be determined about this SLA monitor? Two SLA samples have been captured. The SLA measurement is being taken every 5 milliseconds.Question 11 1 / 1 pts Refer to the exhibit. Correct! There is one SLA monitor session operating on this switch. Correct! . Question 12 1 / 1 pts Which statement is true about a local SPAN configuration? A port can act as the destination port for all SPAN sessions configured on the switch. A port can be configured to act as a source and destination port for a single SPAN session. No more SLA information is being gathered.

IP SLA operation 99 has stopped monitoring the target device. Port channel interfaces (EtherChannel) can be configured as source and destination ports for a single SPAN session. . Correct! IP SLA operation 99 had 211 successful replies from the target device. Which IP SLA statement is true? IP SLA operation 99 has been incorrectly configured. IP SLA operation 100 has been incorrectly configured. Question 13 1 / 1 pts Refer to the exhibit.Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for a single SPAN session.

IP SLA operation 100 had 211 successful replies from the target device. Correct! No data is being sent from the session. SPAN session number 2 is being used. The session is only monitoring data sent out Fa0/1. What is the state of the monitoring session? This is a remote monitored session.IP SLA operation 100 has stopped monitoring the target device. . Question 14 1 / 1 pts Refer to the exhibit.

Question 15 1 / 1 pts Which SDM template should be enabled if you have a large number of VLANs to support? sdm prefer access Correct! sdm prefer VLANs sdm prefer dual-ipv4-and-ipv6 sdm prefer access Quiz Score: 15 out of 15 Chapter 9 exam sw Question 1 1 / 1 pts What is the expected failover time for SSO mode for Layer 2 switching on the Catalyst 4500 family of switches? Less than 3 seconds Correct! Subsecond 1 to 2 minutes None of the above .

only the control plan of one of the member's is active. 4500 or 6500 series switches into one virtual switch. Question 3 1 / 1 pts Which three redundancy modes are supported by Catalyst 6500 Series switches? (Choose three. VSS is a network system virutalization technology that combine a pair of Catalyst 3500. Correct! VSS increases system bandwidth capacity.Question 2 1 / 1 pts What are three characteristics of the VSS technology? (Choose three. Correct! Once the VSS is formed.) Correct! VSS combines a pair of physical switches into a virtual switch.) Correct! Route Processor Redundancy (RPR) Supervisor Engine 720 mirroring Supervisor Engine 720 load balancing Correct! Single Router Mode with Stateful Switchover (SRM with SSO) .

. What protocol is should the administrator avoid while designing the routing topology? BGP Correct! RIP OSPF EIGRP ISIS Question 5 1 / 1 pts What are three benefits of implementing VSS in a network? (Choose three.) Correct! Single management point VSS is implemented in the access layer which supports a more simplistic design.Manual Switchover Correct! Nonstop Forwarding (NSF) with SSO Question 4 1 / 1 pts A network administrator is designing a network with redundancy features such SSO with NSF.

Supported on all platforms Correct! Neighbors see the VSS as a single switch VSS can logically combine up to 9 switches. Correct! Interchassis stateful failover Question 6 1 / 1 pts Which one is NOT a valid supervisor redundancy mode? RPR SSO RPR+ Correct! NSF Question 7 1 / 1 pts Which supervisor redundancy mode offers the fastest failover time? Correct! SSO .

RPR RPR+ NSF Question 8 1 / 1 pts Which two technologies can be used to reduce the number of logical network devices and simplify Layer 2 and Layer 3 network toplogies? (Choose two. which show command can be used? show virtual switch .) Correct! VSS TCAM NSF VRRP Correct! StackWise Question 9 1 / 1 pts To display configuration and status information for a VSS.

MAC address.show vss brief Correct! show switch virutal show virtual link Question 10 1 / 1 pts Which command can be used to verify StackWise configuration to include their stack number. stack role. Access switches should have a backup connection to at least one core device . hardware version and current state? show version show stack Correct! show switch show platform Question 11 1 / 1 pts What is considered a best practice for an optimal redundant network? Correct! Access switches should have redundant connections to redundant distribution switches. hardware priority.

Correct! Multiple switches can create an EtherChannel connection. Correct! Unites multiple access switches in the same rack. Question 12 1 / 1 pts What are two characteristics of the StackWise technology? (Choose two. The StackWise technology creates a virtual connection between the devices without additional cabling. as necessary. Reduces the number of Layer 3 routing neighbors Question 13 1 / 1 pts When using RPR.) Correct! clock synchronization failure between the Supervisor Engines loss of packets from the root bridge .) The stack can support up to 12 switches managed as a single unit. what two events can trigger a switchover from the active to the standby Supervisor Engine? (Choose two.Dual distribution switches should connect individually to separate core switches. Three distribution switches should be implemented so that the third switch can take the role of active or standby.

Correct! an RP or SP crash on the active Supervisor Engine frames received on a port that is in blocking mode port failure Question 14 1 / 1 pts What is the main purpose of implementing Cisco NSF? Correct! to continue forwarding IP packets following an RP switchover to forward all STP updates to all switches in the network to keep a backup copy of the latest MAC table in the event of RAM failure to move switch ports that are currently in blocking mode to forwarding mode with minimal packet loss Question 15 1 / 1 pts Which one of the following features provides the fastest failover for supervisor or route processor redundancy? RPR+ NSF .

) Correct! VSS combines a pair of physical switches into a virtual switch. . only the control plan of one of the member's is active. Correct! Once the VSS is formed.RPR Correct! SS0 Quiz Score: 15 out of 15 Question 1 1 / 1 pts What is the expected failover time for SSO mode for Layer 2 switching on the Catalyst 4500 family of switches? Less than 3 seconds Correct! Subsecond 1 to 2 minutes None of the above Question 2 1 / 1 pts What are three characteristics of the VSS technology? (Choose three.

Question 3 1 / 1 pts Which three redundancy modes are supported by Catalyst 6500 Series switches? (Choose three.) Correct! Route Processor Redundancy (RPR) Supervisor Engine 720 mirroring Supervisor Engine 720 load balancing Correct! Single Router Mode with Stateful Switchover (SRM with SSO) Manual Switchover Correct! Nonstop Forwarding (NSF) with SSO Question 4 1 / 1 pts A network administrator is designing a network with redundancy features such SSO with NSF. Correct! VSS increases system bandwidth capacity.VSS is a network system virutalization technology that combine a pair of Catalyst 3500. What protocol is should the administrator avoid while designing the routing topology? . 4500 or 6500 series switches into one virtual switch.

BGP Correct! RIP OSPF EIGRP ISIS Question 5 1 / 1 pts What are three benefits of implementing VSS in a network? (Choose three.) Correct! Single management point VSS is implemented in the access layer which supports a more simplistic design. . Supported on all platforms Correct! Neighbors see the VSS as a single switch VSS can logically combine up to 9 switches.

Correct! Interchassis stateful failover Question 6 1 / 1 pts Which one is NOT a valid supervisor redundancy mode? RPR SSO RPR+ Correct! NSF Question 7 1 / 1 pts Which supervisor redundancy mode offers the fastest failover time? Correct! SSO RPR RPR+ NSF .

which show command can be used? show virtual switch show vss brief Correct! show switch virutal show virtual link .Question 8 1 / 1 pts Which two technologies can be used to reduce the number of logical network devices and simplify Layer 2 and Layer 3 network toplogies? (Choose two.) Correct! VSS TCAM NSF VRRP Correct! StackWise Question 9 1 / 1 pts To display configuration and status information for a VSS.

hardware version and current state? show version show stack Correct! show switch show platform Question 11 1 / 1 pts What is considered a best practice for an optimal redundant network? Correct! Access switches should have redundant connections to redundant distribution switches. MAC address. hardware priority. Three distribution switches should be implemented so that the third switch can take the role of active or standby.) . Access switches should have a backup connection to at least one core device Dual distribution switches should connect individually to separate core switches.Question 10 1 / 1 pts Which command can be used to verify StackWise configuration to include their stack number. as necessary. stack role. Question 12 1 / 1 pts What are two characteristics of the StackWise technology? (Choose two.

The StackWise technology creates a virtual connection between the devices without additional cabling.) Correct! clock synchronization failure between the Supervisor Engines loss of packets from the root bridge Correct! an RP or SP crash on the active Supervisor Engine frames received on a port that is in blocking mode port failure . Reduces the number of Layer 3 routing neighbors Question 13 1 / 1 pts When using RPR.The stack can support up to 12 switches managed as a single unit. Correct! Unites multiple access switches in the same rack. Correct! Multiple switches can create an EtherChannel connection. what two events can trigger a switchover from the active to the standby Supervisor Engine? (Choose two.

Question 14 1 / 1 pts What is the main purpose of implementing Cisco NSF? Correct! to continue forwarding IP packets following an RP switchover to forward all STP updates to all switches in the network to keep a backup copy of the latest MAC table in the event of RAM failure to move switch ports that are currently in blocking mode to forwarding mode with minimal packet loss Question 15 1 / 1 pts Which one of the following features provides the fastest failover for supervisor or route processor redundancy? RPR+ NSF RPR Correct! SS0 Quiz Score: 15 out of 15 .

Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports. Fa3/34. The web servers WS_1 and WS_2 need to be accessed by external and internal users. and Fa3/35 on DSW1 will be defined as primary VLAN promiscuous ports. Both servers need to communicate with the data server that is located on the inside network. Fa3/2. the servers do not have to communicate with each other although they are located on the same subnet.Chapter 10 Exam Question 1 1 / 1 pts Refer to the exhibit. For security reasons. Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports. and Fa3/35 on DSW1 will be defined as primary VLAN community ports. Fa3/34. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports. Which configuration will isolate the servers from inside attacks? Ports Fa3/1. Correct! Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/1.5.2 Question 2 1 / 1 pts What is one way to mitigate ARP spoofing? Correct! . Refer to curriculum topic: 2. Fa3/2.

Refer to curriculum topic: 6.2 Question 4 1 / 1 pts .Enable dynamic ARP inspection.4. Implement private VLANs. Correct! It is meant to monitor VLAN 3 for DHCP attacks that will deplete the DHCP pool.1. Enable root guard. Refer to curriculum topic: 6. It is meant to disable any rogue DHCP servers that are attached to VLAN 3. It is meant to monitor VLAN 3 and disable any hosts that are using static IP addresses rather than DHCP addresses. Configure MAC address VLAN access maps.2 Question 3 1 / 1 pts Which statement describes the purpose of the configuration that is shown? Switch(config)# ip dhcp snooping Switch(config)# ip dhcp snooping vlan 3 Switch(config-if)# ip dhcp snooping trust Switch(config-if)# ip dhcp snooping limit rate 30 It is meant to disable any host that is configured to be in VLAN 3.

2. Correct! Specify the VLAN range on trunk links.What three steps should be implemented in the network to mitigate a VLAN hopping attack? (Choose three. Correct! Configure all unused ports as access ports. Refer to curriculum topic: 6.) Enable DTP on all access ports.1 Question 5 1 / 1 pts Which type of output would be produced on a switch after entering the command. Switch# show ip dhcp snooping binding? DHCP servers on the snooped network DHCP clients on all DHCP snooped switches on the network Correct! DHCP clients that are connected to DHCP snooped ports on the switch . Correct! Place all unused ports in the shutdown state. Configure VLAN 1 as the native VLAN for all trunks.

all active protocols on all DHCP clients that are connected to DHCP snooped ports on the switch Refer to curriculum topic: 6. The DNS servers DNS1 and DNS2 are redundant copies so they need to communicate with each other and to the Internet. The web and SMTP servers should be configured in a community VLAN. The DNS1 and DNS2 servers should be configured in an isolated VLAN. The web server and the SMTP server need to communicate with the Internet.2 Question 6 1 / 1 pts Refer to the exhibit. What private VLAN design should be implemented? All servers should be configured in separate isolated VLANs. All isolated VLANs should be in the same primary VLAN. Both the community and isolated VLANs should be in the same primary VLAN.5 Question 7 1 / 1 pts What can be used to mitigate MAC table flooding attacks? .2. Correct! The DNS1 and DNS2 servers should be configured in a community VLAN. All community VLANs should be in the same primary VLAN. The web and SMTP servers should be configured in an isolated VLAN. but for security purposes the web and the SMTP servers should not be reachable from the DNS servers.4. All servers should be configured in separate community VLANs. Refer to curriculum topic: 2. Both the community and isolated VLANs should be part of the primary VLAN.

1.1.) to initiate a man-in-the-middle attack Correct! to initiate a denial of service (DoS) attack Correct! to capture data from the network to gather network topology information to exhaust the address space available to the DHCP Refer to curriculum topic: 6.DHCP snooping private VLANs Correct! port security root guard Refer to curriculum topic: 6.2 Question 9 .2 Question 8 1 / 1 pts What are two purposes for an attacker launching a MAC table flood? (Choose two.

5 Question 11 1 / 1 pts How does VLAN hopping cause a vulnerability in the network? . Refer to curriculum topic: 2. The traffic is forwarded from promiscuous ports to isolated and community ports in the same primary VLAN.1 Question 10 1 / 1 pts Which statement best describes how traffic is handled between different port types within a primary pVLAN? The traffic is forwarded from promiscuous ports to promiscuous ports in the same primary VLAN. community. and other promiscuous ports in the same primary VLAN.2.1 / 1 pts In which location or situation is a private VLAN appropriate? a DMZ segment ISP SOHO connections Correct! a web hosting environment at an ISP two recently merged companies that have overlapping IP addressing schemes Refer to curriculum topic: 2.5. The traffic is forwarded from promiscuous ports to community and promiscuous ports in the same primary VLAN. Correct! The traffic is forwarded from promiscuous ports to isolated.

Each server should only be allowed to communicate with the default gateway. causing legitimate frames to be forwarded out all ports and allowing unauthorized users to capture data. An attacking device can exhaust the address space available to the DHCP servers for a period of time or establish itself as a DHCP server in man-in-the-middle attacks. Refer to curriculum topic: 6.The CAM table will be full. Which type of pVLAN should be configured on the switch port that connects to a server? Correct! isolated promiscuous community secondary VLAN Refer to curriculum topic: 2.2. Information sent through CDP is transmitted in clear text and is unauthenticated.2 Question 12 1 / 1 pts A network administrator is tasked with protecting a server farm by implementing private VLANs.5 Question 13 1 / 1 pts . Correct! An attacking device can send or receive packets on various VLANs and bypass Layer 3 security measures.1. allowing it to be captured and to divulge network topology information.

6. Use the switchport mode trunk command in the interface configuration. Remove the switchport command from the interface configuration. What should be done to correct the issue? Correct! Add the switchport port-security mac-address sticky command to the interface configuration. After the configuration has been applied to ACSw22.Refer to the exhibit. based on the valid MAC-address-to-IP address bindings stored in a DHCP snooping database? DHCP spoofing Correct! dynamic ARP inspection CAM table inspection . frames that are bound for the node on port FastEthernet 0/1 are periodically being dropped. Change the port speed to speed auto with the interface configuration mode. Refer to curriculum topic: 6.2 Question 14 1 / 1 pts Which countermeasure can be implemented to determine the validity of an ARP packet.

MAC snooping Refer to curriculum topic: 6. An attacking device can exhaust the address space available to the DHCP servers for a period of time or establish itself as a DHCP server in man-in-the-middle attacks.2 Question 16 1 / 1 pts How does MAC address flooding cause a vulnerability in the network? Correct! The CAM table will be full. An attacking device can send or receive packets on various VLANs and bypass Layer 3 security measures. Refer to curriculum topic: 6.2. Correct! The capture port needs to be in the spanning-tree forwarding state for the VLAN.4.1 Question 15 1 / 1 pts Which configuration guideline applies to using the capture option in VACL? Capture ports transmit traffic that belongs to all VLANs. The capture port captures all packets that are received on the port. causing legitimate frames to be forwarded out all ports within the VLAN and allowing unauthorized users to capture data. . The switch has a restriction on the number of capture ports.

5.1. Refer to curriculum topic: 6. Which type of PVLAN should be configured on the switch ports that connect to the servers? isolated promiscuous secondary VLAN Correct! community Refer to curriculum topic: 2. allowing it to be captured and to divulge network topology information. A server is only allowed to communicate with its default gateway and other related servers.1 Question 18 1 / 1 pts .Information that is sent through CDP is transmitted in clear text and is unauthenticated.2 Question 17 1 / 1 pts A network administrator is tasked with protecting a server farm by implementing private VLANs (PVLANs).

5 Question 19 1 / 1 pts All access ports on a switch are configured with the administrative mode of dynamic auto. An attacker. What is the intent of the attacker? Correct! . Refer to curriculum topic: 2. The DNS servers DNS1 and DNS2 are redundant copies so they need to communicate with each other and to the Internet. The SMTP server should not be reachable from the DNS Servers. Community VLAN 100 will be created to host both DNS servers. Isolated VLAN 202 will be created to host both DNS servers. connected to one of the ports. and this VLAN will be associated with the primary VLAN 202. what private VLANs design will be implemented? Correct! Community VLAN 202 will be created to host both DNS servers. and this VLAN will be associated with the primary VLAN 202.Refer to the exhibit. and this VLAN will be associated with the primary VLAN 100. and this VLAN will be associated with the primary VLAN 100.2. sends a malicious DTP frame. Isolated VLAN 100 will be created to host both DNS servers. Based on the partial configuration that is provided.

1 Question 20 1 / 1 pts What technology can be used to help mitigate MAC address flooding attacks? root guard Private VLANs DHCP snooping Correct! VLAN access maps Dynamic ARP Inspection Refer to curriculum topic: 6.VLAN hopping DHCP spoofing attack MAC flooding attack ARP poisoning attack Refer to curriculum topic: 6.2.2 Quiz Score: 20 out of 20 .2.

However. what is the cause of the problem? The command standby preempt should only be applied on the active router.1.SWITCH Final Exam .CCNP SWITCH (Version 6.1.Take Assessment . the console message %IP-4DUPADDR started appearing almost immediately on the RTB router.1 command. The subnet mask is missing from the standby ip 10.0) 1 Refer to the exhibit. The indicated configuration was established on the HSRP standby router RTB. The group number 50 is missing in the Router RTB configuration commands. . Given the output of the show standby brief command on RTA.

0. 3 Refer to the exhibit. All intercepted packets that come from trusted ports are sent to untrusted ports only.5 a manager who is using authPriv 4 Which statement is true concerning the core layer within the hierarchical design model? Remote users are granted access to the network through the core. an ARP request is sent to the DHCP server for IP-to-MAC address resolution.168. The virtual IP address should be the same as the active router. What feature does an SNMP manager need to be able to set a parameter on ACSw1? a manager who is using an SNMP string of K44p0ut a manager who is using an Inform Request MIB a manager who is using host 192. . For all intercepted packets. The ports on the switch must be configured with the spanning-tree PortFast feature. 2 Which statement correctly explains the process of mitigating ARP attacks on a switch where dynamic ARP inspection (DAI) has been configured? All intercepted packets that come from untrusted ports are dropped. The intercepted packets are verified against the DHCP snooping binding table for valid IP-to-MAC bindings.The priority number 150 is missing in the Router RTB configuration commands.

or other packet manipulation at the core. which acts as the front door to a network. is designed to prevent unauthorized users from gaining entry. The core. . address translation.Routing should be configured without traffic filtering.

Disable Layer 2 functionality on interfaces that will be configured as routed ports. Assign IP addresses to routed ports.1 Q encapsulation on routed ports. and route maps. Disable all ports on the distribution switches and replace with new switches. 7 A bridging loop occurs in a network and disrupts user connectivity. Disable ports that should be in the forwarding state. Disable and re-enable all ports on the distribution switches.) using a non-trunk link to connect switches . What action should be taken by a network administrator to restore connectivity? Disable ports that should be in the blocking state. What port security mode is in effect? sticky shutdo wn restrict protect 6 Which three steps are required to configure interfaces as routed ports on a multilayer Catalyst switch? (Choose three.) Enable IP routing globally.The core provides an optimized and reliable transport structure by using a combination of route summaries. 8 Which three actions can cause problems with a VTP implementation? (Choose three. Disable Power over Ethernet (PoE) on the physical Layer 3 interfaces. distribution lists. the switch sends a syslog message but does not shut down the port. 5 When a port security violation occurs on a switch port. Configure 802. Configure SVI for each VLAN in the network.

using non-Cisco switches configuring all switches to be in VTP server mode not using any VTP passwords on any switches using lowercase on one switch and uppercase on another switch for domain names having a VTP transparent switch in between a VTP server switch and a VTP client switch (all switches in the same VTP domain) 9 Refer to the exhibit. What two conclusions can be made based on the output? (Choose two.) .

Interfaces Fa0/1 through Fa0/6 are trunk ports. low latency. and delay for voice traffic. The QoS requirements should accommodate the bursty nature of voice traffic. The QoS requirements should accommodate the smooth demand on bandwidth. What is the recommended solution? Use HSRP instead of GLBP. That Fa0/12 is displaying the alternate port role indicates that PVRST+ is enabled. Disable GLBP preemption on all route processors. The Cost column in the lower part of the exhibit is not the cumulative root path cost. The default spanning-tree timers have been adjusted. The QoS requirements should accommodate the intensive demand on bandwidth for voice traffic. Switch DLS1 is not the root bridge for VLAN 1. 11 When troubleshooting GLBP in an environment with a VLAN that spans multiple access layer switches. 12 . Adjust the GLBP timers. a network engineer discovers that suboptimal paths are being used for upstream traffic. Configure spanning tree so that the spanning-tree topology adjusts with the GLBP active virtual forwarder (AVF). 10 Which QoS requirement should be taken into account when implementing VoIP in a campus environment? The QoS requirements should accommodate the best effort delivery for voice traffic.

What happens if interface gigabitEthernet 5/1 on SwitchA stops receiving UDLD packets? UDLD stops trying to establish a connection with the neighbor.Refer to the exhibit. UDLD changes the port state to err-disable. .

Configure traffic shaping QoS policy to guarantee minimum delay for the voice traffic.) wrong IP address or subnet mask ports in the wrong VLAN .UDLD changes the port to loop-inconsistent blocking state. Configure QoS policy to classify the voice traffic in the priority queue to guarantee reserved bandwidth allocation for the traffic. 13 How should a switch port be configured for a connection to a standalone wireless access point that provides multiple VLAN-separated SSIDs? as a trunk port as a routed port as an access port as a switched virtual interface 14 Which two procedures should be implemented and in place when deploying VoIP in a campus network? (Choose two. 15 What are three possible misconfigurations or indicators of misconfigurations on a Layer 3 interface? (Choose three.) Keep voice and data traffic in the same VLAN and mark the traffic for high priority treatment. Create voice VLANs to keep voice traffic separate from other data to ensure special handling of the traffic. UDLD sends hello messages to its neighbor at a rate of one per second to attempt to recover the connection. Configure the Weighted Random Early Detection (WRED) congestion avoidance mechanism to guarantee that the voice traffic will be placed in the priority queue.

mismatch between SVI and VLAN numbering disabled VTP pruning downed SVI ACL on wrong interface .

16 What type of queuing provides the best quality for voice applications? custom queuing FIFO queuing priority queuing weighted round robin (WRR) queuing .

What is the problem between the connection on Switch1 and Switch2? native VLAN mismatch .17 Refer to the exhibit.

encapsulation mismatch switchport mode mismatch VTP mismatch DTP mismatch hardware failure .

The exhibit contains the configuration for a Cisco access device. How will someone dialing in be authenticated? local username and password .18 Refer to the exhibit.

local username and password TACACS+ server TACACS+ server and. if that fails. if that fails.TACACS+ server RADIUS server and. local username and password RADIUS server and. if that fails. TACACS+ server 19 Which STP enhancement should be configured in the network to prevent a nondesignated port to transition to .

a forwarding state when a topology change occurs? .

Root guard should be implemented on the Layer 2 ports between the distribution switches. Loop guard should be implemented on the Layer 2 ports between DSW1 and DSW2 and on the uplink ports from the access switches to the distribution switches. 20 What are two actions a hacker may take in a VLAN hopping attack? (Choose two.) replying to ARP requests that are intended for other recipients sending malicious dynamic trunking protocol (DTP) frames replying to DHCP requests that are intended for a DHCP server sending a unicast flood of Ethernet frames with distinct source MAC addresses sending frames with two 802. BPDU guard should be implemented on the Layer 2 ports between DSW1 and DSW2 and on the uplink ports from the access switches to the distribution switches. PortFast should be implemented on the uplink ports from the access switches to the distribution switches.1Q headers .

21 A network administrator wants to implement inter-VLAN routing in the network. 3.) BPDU guard is enabled. 2. and 6 all interfaces between the distribution and the access switches 22 Which three actions are taken when the command switchport host is entered on a switch port? (Choose three. Cisco Discovery Protocol (CDP) is disabled. 2. Which interfaces should be configured as routed ports? all interfaces on links 5 and 6 all interfaces on links 1. and 4 all interfaces on links 1. 4. . 5. 3.

23 Which two statements are true about routed ports on a multilayer switch? (Choose two. A routed port is a physical switch port with Layer 2 capability.VLAN trunking protocol (VTP) is disabled. PortFast is enabled. . Channel group is disabled. The interface vlan global configuration command is used to create a routed port. A routed port is not associated with a particular VLAN. Trunking is disabled.) A routed port behaves like a regular router interface and supports VLAN subinterfaces. To create a routed port requires removal of Layer 2 port functionality with the no switchport interface configuration command.

MST will require fewer resources than PVST+ or PVRST+. All VLANs are mapped to MST instance 2. Assuming that the switch is running Multiple Spanning Tree (MST). PVST+ is still operating on switch DLS1. PVRST+ is still operating on switch DLS1. .24 Refer to the exhibit. which conclusion can be made based on the output? Spanning-tree load balancing is in effect.

. Assume both switches finish booting at the same time and HSRP is operating as expected.10.1. If the DSw1 switch is configured with the standby preempt command and DSw2 is not. On the basis of this information.10. If the DSw1 and DSw2 switches have been configured to preempt. then DSw1 will be the active router. Switches DSw1 and DSw2 are configured with the HSRP virtual IP address 10.25 Refer to the exhibit. which three HSRP statements are true? (Choose three. then DSw2 will be the active router.) Applying the standby 32 timers 10 30 command on the Gi0/2 interfaces of each switch would decrease the failover time. and standby priority is set to 100.

1. Virtual Router replies with the MAC address of the active router. When host A sends an ARP request for 10.The HSRP group number in this HSRP configuration is HSRP group number 50. 26 What is the recommended maximum one-way jitter when implementing video over IP for real-time video applications? 1 ms 2 ms 5 ms 10 ms . The standby track command is useful for tracking interfaces that are not configured for HSRP.10.10.

Ports Fa0/1. which statement is true? Only port Fa0/24 can send and receive all DHCP messages. Fa0/2. Ports Fa0/1. 28 Which two items in the TCAM table are referenced in the process of forwarding a packet? (Choose two. Only ports Fa0/1 and Fa0/2 can send and receive all DHCP messages.) . Based on the provided show ip dhcp snooping command.27 Refer to the exhibit. and Fa0/24 can send and receive all DHCP messages. Fa0/2. and Fa0/24 can send and receive only DHCP requests.

) Route Processor Redundancy+ (RPR+) distributed CEF (dCEF) Stateful Switchover (SSO) Resilient Packet Ring (RPR) Nonstop Forwarding (NSF) Per Line Card Traffic Policing .VLAN ID ACL information destination MAC address QoS information source MAC address hash key 29 Catalyst Catalyst 6500 switches support which three Supervisor Engine redundancy features? (Choose three.

30 Which two statements are true about the default operation of STP in a Layer 2 switched environment that has .

It is easier to filter and prioritize traffic to and from the data center. Nonroot switches each have only one root port. Server farms are not subject to denial of service attacks. Root switches have all ports set as root ports.) The root switch is the switch with the highest speed ports. All trunking ports are designated and not blocked.redundant connections between switches? (Choose two. Decisions on which port to block when two ports have equal cost depend on the port priority and index. Servers that are located in a data center require less bandwidth. . 31 Which benefit is provided by centralizing servers in a data center server farm? It keeps client-to-server traffic local to a single subnet.

The implementation of scalability that is required during future growth will be limited. What restriction will be presented in a campus enterprise network that is designed with four large distribution building blocks? The implementation of link aggregation will be limited.32 Refer to the exhibit. The implementation of IGP routing protocols will be limited. The implementation of EtherChannels on redundant links will exceed the bandwidth. .

) native VLAN mismatch unassigned management VLAN Layer 2 interface mode incompatibilities missing default VLAN mismatched trunk encapsulations PAgP not enabled .33 Which three issues can cause devices to become disconnected across a trunk link? (Choose three.

Configure interfaces Fa0/2 and Fa0/3 on SW1 as trunk links. What additional configuration is required in order for users in VLAN 10 to communicate with the users in VLAN 20? Configure interface Fa0/1 on SW1 as a trunk. Configure VLAN 100 as a data VLAN and VLAN 1 as the native VLAN. Remove the subinterfaces on R1 and configure interface Fa0/0 as a trunk.34 Refer to the exhibit. .

Interface Fa3/42 will not pass data traffic if it detects that it is part of a spanning-tree loop caused by unidirectional link failure. Given that interface Fa3/42 is an active trunk port. . data traffic will be blocked for all VLANs on interface Fa3/42. UDLD cannot be configured on interface Fa3/42. The difference in BPDUs sent and received indicates a loop caused by unidirectional link failure has been detected.35 Refer to the exhibit. If a spanning-tree loop is detected on VLAN 1. what two conclusions can be made based on the displayed output? (Choose two.) Root guard is not enabled on interface Fa3/42.

) retries hostname timeouts domain name keys routing protocol 38 The TCAM defines three different match options that correlate to which three specific match regions? (Choose . new communication services. such as security. regardless of its size or proximity to headquarters? Cisco Enterprise Campus Architecture Cisco Enterprise Data Center Architecture Cisco Enterprise Branch Architecture Cisco Enterprise Teleworker Architecture 37 Which three parameters must be configured in order to enable SSH? (Choose three.36 Which architecture enables enterprises to offer important network services. and improved application performance to every office.

) dictionary denial of service (DoS) replay MAC-address flooding password 40 What is a characteristic of a standalone WLAN solution? .) bifurcated match longest match second match exact match first match third match 39 Which two types of attacks can be mitigated by port security? (Choose two.three.

has no centralized monitoring
has no centralized management
has no centralized operational control
has no centralized access authentication
41

Refer to the exhibit. What configuration will be required on the DSW switch in order to
perform inter-VLAN routing for all VLANs that are configured on the access switches?
Configure the routing protocol.
Configure SVI for each VLAN in the network.
Configure the links between DSW and the access switches as access links.

Configure as routed ports the DSW interfaces that face the access switches.
42 How do FlexLink and STP operate together?
If an active STP port is blocked, the active FlexLink port will take over.
Both the active STP port and active FlexLink port can forward traffic simultaneously.
Both the active STP port and active FlexLink port can forward traffic simultaneously
but only for different VLANs.
STP can be active in the distribution layer, but is unaware of any FlexLink updates in
the access layer.

43

Refer to the exhibit. What two effects will occur when a fourth distribution module is
included in the campus enterprise network that is depicted in the exhibit? (Choose
two.)
The inclusion of the fourth module will increase the routing complexity.
It will limit the traffic flow in the network.
It will provide scalability for future growth.
It will impact the security of the traffic between the distribution switches.
It will increase the number of additional links that are required to provide

redundant connectivity. .