You are on page 1of 11

Implementing Cisco IP Switched Networks - exam 300-115

1 of 11

‫ﺗﻤﺎس ﺑﺎ ﻣﺎ‬

‫درﺑﺎره ﻣﺎ‬

‫داﻧﻠﻮد ﮐﺘﺎب و ﻧﺮم اﻓﺰار‬


VoIP ‫ﻣﺤﺼﻮﻻت‬

‫ﻧﻤﻮﻧﻪ ﺳﻮاﻻت آزﻣﻮن‬
Implementing Cisco IP Switched Networks - exam 300-115



‫ﻧﻤﻮﻧﻪ ﺳﻮاﻻت آزﻣﻮن ھﺎی ﺳﯿﺴﮑﻮ‬
CCNA Routing & Switching - exam 200-120
Implementing Cisco IP Routing - exam 300-101

Topic 1, Layer 2 Technologies

Implementing Cisco IP Switched - exam 300-115
Troubleshooting Cisco Networks - exam 300-135


CCIE Written - exam 400-101

You have been asked to install and configure a new switch in a customer network. Use the console access to

CCNA Voice - exam 640-461

the existing and new switches to configure and verify correct device configuration.

‫ﻧﻤﻮﻧﻪ ﺳﻮاﻻت آزﻣﻮن ھﺎی ﻣﺎﯾﮑﺮوﺳﺎﻓﺖ‬
Configuring Windows Server 2012 - exam 70-410
Administering Windows Server 2012 - exam 70-411
Advanced Windows Server 2012 - exam 70-412
Designing a Server Infrastructure - exam 70-413
Implementing Server Infrastructure - exam 70-414

‫ ﺑﺮای‬.‫ ﺑﻪ زﺑﺎن ﻓﺎرﺳﯽ ﻣﻨﺘﺸﺮ ﺷﺪ‬CCNA Voice ‫اوﻟﯿﻦ ﮐﺘﺎب‬
You are connecting the New_Switch to the LAN topology; the switch has been partially configured and you

‫ ﺑﺮ روی ﻟﯿﻨﮏ‬,‫اطﻼﻋﺎت ﺑﯿﺸﺘﺮ و درﯾﺎﻓﺖ ﺑﺨﺸﯽ از ﮐﺘﺎب‬

need to complete the rest of configuration to enable PC1 communication with PC2. Which of the configuration

.‫ﮐﻠﯿﮏ ﮐﻨﯿﺪ‬

is correct?

9/4/2015 10:17 PM

. This leaves only choice D and E. so we know that this port must be an access port in VLAN 100. QUESTION NO: 102 You have been asked to install and configure a new switch in a customer network. Logging in to SW1 and using the “show vtp status” command we see this: So we know that the VTP domain must be CCNP. Note that the VTP versions supported in this network are Option C D. 2. the VTP domain name must match. Option B C. 9/4/2015 10:17 PM . leaving only choice D as correct. Option E Answer: D Explanation: Within any VTP. step one is to find the correct VTP name on the other switches. Use the console access to the existing and new switches to configure and verify correct device configuration.Implementing Cisco IP Switched Networks . Option A B. 3 so either VTP version 2 or 3 can be configured on the new switch. We also see from the topology diagram that eth 0/0 of the new switch connects to a PC in VLNA 100..exam 300-115 2 of 11 http://datis-arad. So. A. Option D E.

9/4/2015 10:17 PM . VLAN 40 E. Use the console access to the existing and new switches to configure and verify correct device configuration. VLAN 50 F. QUESTION NO: 103 You have been asked to install and configure a new switch in a customer network. VLAN 99 C. For which configured VLAN are untagged frames sent over trunk between SW1 and SW2? A. Refer to the configuration. By issuing the “show interface trunk” command on SW1 and SW2 we see the native VLAN is 99.Implementing Cisco IP Switched Networks . VLAN 300 Answer: B Explanation: The native VLAN is used for untagged frames sent along a VLAN 200 G. VLAN1 B. VLAN 999 D..exam 300-115 3 of 11 http://datis-arad.

exam 300-115 4 of 11 http://datis-arad. 9/4/2015 10:17 PM .SW2 and SW4 E. Configure VLAN 500 and VLAN 600 on SW1 . You are adding new VLANs. but SW4 is a client. Answer: A Explanation: By issuing the “show vtp status command on so we will need to add both VLANs to SW1 and SW2. On SW2. SW2. Configure VLAN 500 and VLAN 600 on SW1 only C.Implementing Cisco IP Switched Networks . Which configuration step is valid? A. VLAN500 and VLAN600 to the topology in such way that you need to configure SW1 as primary root for VLAN 500 and secondary for VLAN 600 and SW2 as primary root for VLAN 600 and secondary for VLAN 500. configure vtp mode as off and configure VLAN 500 and VLAN 600.. and SW4 we see that both SW1 and SW2 are operating in VTP server mode. Configure VLAN 500 and VLAN 600 on SW2 only D. Configure VLAN 500 & VLAN 600 on both SW1 & SW2 B.. configure back to vtp server mode.

Use the console access to the existing and new switches to configure and verify correct device configuration.exam 300-115 5 of 11 http://datis-arad. QUESTION NO: 104 You have been asked to install and configure a new switch in a customer 9/4/2015 10:17 PM ..Implementing Cisco IP Switched Networks .

B. 5. You are required to configure private VLANs for a new server deployment connecting to the SW4 switch. By default. authorization B. Infrastructure Security QUESTION NO: 105 A Cisco Catalyst switch that is prone to reboots continues to rebuild the DHCP snooping database. Use IP Source Guard to protect the DHCP binding table entries from being lost upon rebooting. Which of the following configuration steps will allow creating private VLANs? A. 4. Disable VTP pruning on SW2. The protocol used for this port channel shows as LACP. Enable DHCP snooping on at least one VLAN. only SW4 will connect to servers in a private VLAN. Disable VTP pruning on SW4 only D. 3. 2. SW4 and New_Switch E.. you will need to only disable pruning on the switch that contains the private VLANs. auditing Answer: A Explanation: These three ports show that they are in Port Channel 1. This step ensures that database entries are restored after a restart or switchover.exam 300-115 6 of 11 http://datis-arad. Enable DHCP snooping for all VLANs that are associated with the switch. D. C. Topic 2. authentication C. In this case. Disable Option 82 for DHCP data insertion.Implementing Cisco IP Switched Networks .com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. By default. which is a standards based protocol. Disable VTP pruning on SW1 only B.. E. Answer: C Explanation: To create private VLANs. Answer: A Explanation: Minimum DHCP Snooping Configuration The minimum configuration steps for the DHCP snooping feature are as follows: 1. and the (SU) means they are in use and operating at layer 2. which is Cisco proprietary. Disable VTP pruning on New_Switch and SW4 only. Enable DHCP snooping globally. Examine the VTP configuration. Ensure that DHCP server is connected through a trusted interface. the trust state of all interfaces is untrusted. QUESTION NO: 106 Which portion of AAA looks at what a user has access to? A. 9/4/2015 10:17 PM . What is the solution to avoid the snooping database from being rebuilt after every device reboot? A. accounting D. Disable VTP pruning on SW2 only C. as opposed to PAgP. A DHCP snooping database agent should be configured. Define and configure the DHCP server. DHCP snooping is inactive on all VLANs. Configure the DHCP snooping database agent. Apply ip dhcp snooping trust on all interfaces with dynamic addresses.

For more protection against malicious attacks. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. (config)# aaa authentication login login radius local C. Disable VTP and manually assign VLANs. B.. the switch forwards the packet only if it is valid. If the ARP packet is received on a trusted interface. (config)# aaa authentication login radius local Answer: B Explanation: In the command “aaa authentication login login radius local” the second login is the name of the AAA method. B. Trust the interface that is connected to the server with the ip dhcp snooping trust command. Disable DHCP snooping information option.exam 300-115 7 of 11 http://datis-arad. C. Answer: C Explanation: You must configure VTP to transparent mode before you can create a private VLAN. and discards ARP packets with invalid IP-to-MAC address bindings. Configure a static DHCP snooping binding entry on the switch. Which solution ensures that the server maintains network reachability in the future? A. Private VLANs also carry TLVs that are not known to all types of Cisco switches. • Drops invalid ARP packets Dynamic ARP inspection determines the validity of an ARP packet based on valid IP-to MAC address bindings stored in a trusted database. (config)# aaa authentication login default local radius D. QUESTION NO: 110 A DHCP configured router is connected directly to a switch that has been provisioned with DHCP snooping. Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. It intercepts. This capability protects the network from certain man-in-the-middle attacks. QUESTION NO: 107 Which command creates a login authentication method named "login" that will primarily use RADIUS and fail over to the local user database? A. The switch performs these activities: • Intercepts all ARP requests and responses on untrusted ports • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination. C. (config)# aaa authentication login default radius local B. logs. Answer: B Explanation: Dynamic ARP inspection is a security feature that validates ARP packets in a network. It also lists radius first then local. the network team is considering enabling dynamic ARP inspection alongside DHCP snooping.Implementing Cisco IP Switched Networks . QUESTION NO: 109 A network engineer wants to ensure Layer 2 isolation of customer traffic using a private VLAN. On untrusted interfaces. Configure VTP Transparent Mode. Ensure all switches are configured as VTP server mode. IP 9/4/2015 10:17 PM . Private VLANs are configured in the context of a single switch and cannot have members on other switches. Enable VTP version 3. D. To ensure network reachability to the server. QUESTION NO: 108 A server with a statically assigned IP address is attached to a switch that is provisioned for DHCP snooping. Which configuration must be made before the private VLAN is configured? A. so it will primarily use RADIUS for authentication and fail over to the local user database only if the RADIUS server is unreachable. Verify the source MAC address of all untrusted interfaces with ip dhcp snooping verify macaddress command. the switch forwards the packet without any checks.. configure a static DHCP snooping binding entry on the switch. the DHCP snooping binding database.

exam 300-115 8 of 11 http://datis-arad. D. By default. The switch resumes forwarding broadcasts when they are below 65% of bandwidth. You can enable IP source guard when DHCP snooping is enabled on an untrusted interface.Implementing Cisco IP Switched Networks . The switch uses the IP source binding table only when IP source guard is enabled.. • (Optional) For level-low. QUESTION NO: 111 A switch is added into the production network to increase port capacity. A port access control list (ACL) is applied to the interface. Only broadcast traffic is limited by this particular storm control configuration. The MAC address of the DHCP client is learned as a secure address only when the switch receives non-DHCP data traffic.D. Which option is the cause of the problem? A. B. D. In which three ways does this command impact the traffic? (Choose three. • The MAC address in the DHCP packet is not learned as a secure address. Static DHCP bindings are not configured on the switch.) A. C. The port blocks traffic when the rising threshold is reached. there are two caveats: • The DHCP server must support option 82. The local DHCP server is disabled prior to enabling IP Source Guard. The configured SVIs on the switch have been removed for the associated interfaces. except for DHCP packets allowed by DHCP snooping. SNMP traps are sent by default when broadcast traffic reaches 65% of the lower-level threshold. F. clients are not receiving an IP address via the DHCP server. specify the falling threshold level as a percentage (up to two decimal places) of the 9/4/2015 10:17 PM .00 to 100. Answer: B Explanation: IP source guard is a security feature that restricts IP traffic on nonrouted. IP source guard is supported only on Layer 2 ports. The switchport is disabled when unicast traffic reaches 75% of the total interface bandwidth. No VLANs exist on the switch and/or the switch is configured in VTP transparent mode. DHCP snooping must be enabled on all VLANs..You can configure IP source guard with source IP address filtering or with source IP and MAC address filtering. multicast. The DHCP server does not support information option The interfaces are configured as Layer 3 using the no switchport command. B. multicast. The IP source binding table has bindings that are learned by DHCP snooping or are manually configured (static IP source bindings). The range is 0. E. Source Guard with the ip verify source port-security command is configured under the interfaces that connect to all DHCP clients on the switch. and its associated VLAN number. Answer: A Explanation: When you enable both IP Source Guard and Port Security. You can use IP source guard to prevent traffic attacks caused when a host tries to use the IP address of its neighbor. or unicast traffic as a percentage (up to two decimal places) of the bandwidth.F Explanation: storm-control{broadcast|multicast|unicast}level{level[level-low] |ppspps[pps-low]} Configure broadcast. The switch drops broadcasts when they reach 75% of bandwidth. or unicast storm control. including access and trunk ports. B. QUESTION NO: 112 The command storm-control broadcast level 75 65 is configured under the switch port connected to the corporate mail server. D. C. The keywords have these meanings: • For level. but is unable to configure ip verify source under several of the interfaces. Answer: C. The DHCP client interfaces have storm control configured. E. its associated MAC address. The port ACL allows only IP traffic with a source IP address in the IP source binding table and denies all other traffic. Layer 2 interfacesby filtering traffic based on the DHCP snooping binding database and on manually configured IP source bindings. or the client is not assigned an IP address. The switch is configured for sdm prefer routing as the switched database management template. However.00. using the ip verify source port-security interface configuration command. specify the rising threshold level for broadcast. the switch blocks all IP traffic received on the interface. Multicast traffic is dropped at 65% and broadcast traffic is dropped at 75% of the total interface bandwidth. even if they are not utilized for dynamic address allocation. C. A network engineer is configuring the switch for DHCP snooping and IP Source Guard. An entry in this table has an IP address. Which option is the cause of this issue? A. storm control is disabled. After IP source guard is enabled on an interface.

switch(config)# switchport port-security protect D. switch# show ip arp inspection E. switch# show ip verify source D. QUESTION NO: 113 After port security is deployed throughout an enterprise campus.exam 300-115 9 of 11 http://datis-arad.00 to 100. Storm control uses rising and falling thresholds to block and then restore the forwarding of broadcast. You can also set the switch to shut down the port when the rising threshold is reached. You can also customize the time to recover from the specified error disable cause (default is 300 seconds) by entering the errdisable recovery interval interval command. switch# show port-security C.. switch(config)# errdisable recovery interval 180 B. or unicast storm on a port. 9/4/2015 10:17 PM . In this case. By default. Dynamic ARP Inspection Answer: A Explanation: Storm control prevents traffic on a LAN from being disrupted by a broadcast. They decide to configure the network to automate the process of re-enabling user ports.00. switch(config)# switchport port-security aging type inactivity E.Implementing Cisco IP Switched Networks . switch(config)# errdisable recovery cause psecure-violation C. A LAN storm occurs when packets flood the LAN. creating excessive traffic and degrading network performance.. Cisco IOS parser D. If a port is in per-VLAN errdisable mode. or multicast packets. Errors in the protocol-stack implementation. you can also use clear errdisable interface name vlan range command to re-enable the VLAN on the port. the broadcast keyword was used so only broadcast traffic is limited. storm control B. unicast. This value must be less than or equal to the rising suppression value. If you do not configure a falling suppression level. multicast. The range is 0. storm control is disabled. the network team has been overwhelmed with port reset requests. a network engineer discovered an unusually high level of broadcast traffic coming from one of the switch Which two commands help trace this PC when the MAC address is known? (Choose two. you can bring it out of this state automatically by configuring the errdisable recovery cause psecure-violation global configuration command or you can manually reenable it by entering the shutdown and no shut down interface configuration commands. Which command accomplishes this task? A. switch# show mac address-table B. This is the default mode.) A. bandwidth. integrated routing and bridging E. Storm control is configured for the switch as a whole but operates on a per-port basis. switch(config)# errdisable recovery cause security-violation Answer: B Explanation: When a secure port is in the error-disabled state. Which option decreases consumption of bandwidth used by broadcast traffic? A. QUESTION NO: 114 The network monitoring application alerts a network engineer of a client PC that is acting as a rogue DHCP server. it is set to the rising suppression level. switch# show mac address-table address <mac address> Answer: A. or users issuing a denial-of-service attack can cause a storm.E Explanation: QUESTION NO: 115 While troubleshooting a network outage. The port forwards traffic when traffic drops below this level. SDM routing C. mistakes in network configuration.

IP mobile C.1x? A. associated with a specific privilege level. you are defining a particular list of authorization methods for the indicated authorization type. The authentication server validates the identity of the client and notifies the switch whether or not theclient is authorized to access the LAN and switch services.1x. A method list is simply a named list describing the authorization methods to be queried (such as RADIUS or TACACS+).com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. Method lists enable you to designate one or more security protocols to be used for authorization. Method lists are specific to the authorization type requested: • Auth-proxy—Applies specific security policies on a per-user basis. or ARAP connection. the authentication server—performs the actual authentication of the client.The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. SLIP. aaa new-model B. RADIUS with EAP Extension B. QUESTION NO: 119 Refer to the exhibit. RADIUS using VSA Answer: A Explanation: With 802.Implementing Cisco IP Switched Networks . enable AAA by using the aaa new-model global configuration command. QUESTION NO: 116 Which command globally enables AAA on a device? A. QUESTION NO: 118 Which authentication service is needed to configure 802... Because the switch acts as the proxy. or all methods defined are exhausted. EXEC D. • Commands—Applies to the EXEC mode commands a user issues. including global configuration commands. thus ensuring a backup system in case the initial method fails. • Reverse Access—Applies to reverse Telnet sessions. Cisco IOS software uses the first method listed to authorize users for specific network services. in sequence. When you create a named method list. For detailed information on the authentication proxy feature. and ARAP connections? A. This process continues until there is successful communication with a listed authorization method. aaa accounting Answer: A Explanation: To configure AAA authentication. SLIP. network B. RADIUS with CoA D. QUESTION NO: 117 Which AAA Authorization type includes PPP. • EXEC—Applies to the attributes associated with a user EXEC terminal session. auth-proxy Answer: A Explanation: Method lists for authorization define the ways that authorization will be performed and the sequence in which these methods will be performed. the Cisco IOS software selects the next method listed in the method list. AAA features are not available for use until you enable AAA globally by issuing the aaa new-model command. Command authorization attempts authorization for all EXEC mode commands. the authentication service is transparent to the client. refer to the chapter "Configuring Authentication Proxy" in the "Traffic Filtering and Firewalls" part of this book. This can include a PPP. if that method fails to respond. • Network—Applies to network connections. 9/4/2015 10:17 PM . aaa authentication C.exam 300-115 10 of 11 http://datis-arad. aaa authorization D. TACACS+ C.

if that fails use the line password.‫ ﺑﻼﻣﺎﻧﻊ ﻣﯿﺒﺎﺷﺪ‬. none required B. local username Answer: A Explanation: SSH sessions use the vty lines. QUESTION NO: 120 Refer to the exhibit. Which login credentials are required when connecting to the console port in this output? A. Line password.. RADIUS server D. login authentication default Answer: A Explanation: Here the console has been configured with the NO_AUTH name. .Implementing Cisco IP Switched Networks . meaning that credentials are not required and all sessions are allowed access which lists none as the authentication method. line password B. so here the “aaa authentication login default group radius local line” means to use RADIUS first. local username.” The AAA default login preference is stated in order from first to last. RADIUS server. username cisco with password cisco C. When a network administrator is attempting an SSH connection to the device. None means no authentication.exam 300-115 11 of 11 http://datis-arad. Line password. local username C. local username. RADIUS server. in which order does the device check the login credentials? A. RADIUS server.‫ﮐﻠﯿﻪ ﺣﻘﻮق ﻣﺎدی و ﻣﻌﻨﻮی اﯾﻦ ﺳﺎﯾﺖ ﻣﺮﺑﻮط ﺑﻪ ﺷﺮﮐﺖ داﺗﯿﺲ آراد ﺳﭙﻨﺘﺎ ﺑﻮده و ﺗﻨﮫﺎ ﮐﭙﯽ ﺑﺮداری از ﻣﻄﺎﻟﺐ آﻣﻮزﺷﯽ آن ﺑﺎ ذﮐﺮ ﻣﻨﺒﻊ‬ ‫ﺗﻤﺎس ﺑﺎ ﻣﺎ‬ ‫دﻋﻮت ﺑﻪ ھﻤﮑﺎری‬ ‫درﺑﺎره ﻣﺎ‬ ‫آﻣﻮزش‬ ‫راھﮑﺎرھﺎ‬ ‫ﺧﺎﻧﻪ‬ 9/4/2015 10:17 PM . where the configured authentication method is named “default. then if that fails use the local user database.. no username with password linepass D. line password. Finally.